In this article Samuel Visner & Beth Musumeci discuss that the management of cyber security in organizations today are not able to keep up with zero-day vulnerabilities that can cripple them. With the increase of devices on the internet today more of an organization’s customer information is available to hackers to infiltrate. Over the past six years cyber terrorism has increased with hacks that included organizations like JPMorgan Chase, Adobe, Target and Walgreens. According to Gartner research “44% of reference customers for endpoint protection solutions have been successfully compromised.” This shows that even though security is present on an organization that new vulnerabilities play a major role. Visner & Musumeci propose that a new approach is the only way to prevent these vulnerabilities. They propose that white-listing certain “known good” applications is the only way to effectively protect against malware. Any untrusted or unknown applications are put in an isolated container away from the network and tested before being allowed on the network. A new model like this needs to be proposed among organizations to prevent such attacks from happening in the future.
Reader Interactions
Comments
Leave a Reply
You must be logged in to post a comment.
I agree that white listing is a more secure approach, but it is inherently more expensive to manage, especially for larger organizations whose number of applications seems to grow over time. You would also require a group of staff to manage, review, and test the isolated applications, thus creating more overhead. Overtime your whitelist will grow, but it doesn’t necessarily mean that the whitelisted applications won’t become infected or vulnerable over time. I think a combination of whitelisting and blacklisting would be best. For instance, you can whitelist servers, because you know exactly what the servers are suppose to do and what type of data is transmitted. If you try to white list say an end user desktop, I believe IT will be not have enough resources to continuously evaluate all the users’ needs to access certain applications and sites to perform their tasks.
I agree Loi. A combination of white/blacklisting is best. The company should know “what is bad”, and certainly should not allow ANY app on its networks. Whitelisting an app should not mean that no attention will be paid to it, I believe it still needs to undergo vulnerability scans and have logs checked every once in a while to insure it has not been compromised.
It is true that Cyber Security Management is in need of a fresh approach, I also believe so because of the rise of “The internet of things,” Artificial Intelligence (AI) and autonomous vehicle programs. Cyber Security methodologies should evolve as rapidly as the increase of smart devices; however, I am not sure white-listing is the only way to effectively protect against malware. Networks can also be designed is a way that are more security friendly as well.