Insights from the industry
Non-Microsoft Software Is Buggy Too
Are your systems updated with the most recent software patches? I don't mean
Microsoft patches—after all the focus on Microsoft security exposures
over the last several years, you probably have a plan in place for deploying
Microsoft's monthly fixes. I'm talking about patches for your other software.
Marc Maiffret, cofounder and chief hacking officer at eEye Digital Security
(http://www.eeye.com), says
many IT pros are "completely oblivious" to any security problems in their non-Microsoft
software. And the majority of patch-management software is targeted at fixing
vulnerabilities in Microsoft software, which exposes companies to attacks on
their machines' other software. "The easiest way to remotely compromise systems
in the last two months was [through] vulnerabilities in Symantec corporate antivirus
products and McAfee ePolicy Orchestrator,"-said Maiffret. "McAfee had actually
fixed its vulnerability five months ago. But many customers didn't have the
updated version."
Maiffret's research team works with software vendors to inform them about vulnerabilities
eEye has found in their products. "Companies will fix a specific bug," he says,
"but they're not interested in fixing the overall problem. And they downplay
bugs as much as possible," employing tactics such as releasing the news about
a new bug late in the day when the story is less likely to make a splash. The
result is that customers won't learn about a problem unless they're on the lookout
for news about the products they use.
Another indication that a software vendor isn't taking security problems seriously,
says Maiffret, is when the company rolls security fixes into product updates
that also deliver new features. " Customers look at an upgrade to Apple iTunes
or an Adobe product, and it's a 30MB download. They don't think they need the
new features, so they don't upgrade. They don't realize that they're missing
out on security patches." This practice of combining features and fixes in an
upgrade makes software-patch application much more difficult, if not impossible,
for patch-management products. "Microsoft only got better because it got punched
in the face every day. Other companies are still not taking vulnerabilities
seriously ... But the more Microsoft does right, the more non-Microsoft vulnerabilities
you'll see," says Maiffret.
- Renee Munshi
DataPreserve Truly Understands Its Customer
In the past, online remote-backup service providers might have seemed uninviting
to small-to-midsized businesses (SMBs) because of the price or hassle of working
with offsite vendors. DataPreserve (http://www.data
preserve.com) aims to change this view. I talked to Doug Bruhnke, vice president
of marketing, and learned that DataPreserve focuses extensively on SMBs and
truly knows its customer.
"SMBs buy a certain way, typically from people they know and trust," says Bruhnke.
"We've just launched nationally as a franchise and work with local IT professionals
across a number of cities to give SMBs a local, trusted advisor." Whether you
need to retrieve lost data or to meet at the local coffee shop to discuss backup
needs, DataPreserve can accommodate you. DataPreserve provides its service for
$14.95 for as much as 2GB of compressed data (roughly 4GB of uncompressed data).
- Blake Eno
Virtualization Technology for NAC
FireEye (http://www.fireeye.com)
calls its Fire-Eye 4200 "effortless NAC." The FireEye 4200 introduces virtualization
to Network Access Control (NAC). The solution stands apart from standard NAC
technologies, which typically employ hit-and-miss posture checks and complex
signature analysis. The FireEye 4200 uses a virtual "victim machine" as a sentinel
through which all network traffic can be mirrored, monitored, tested, and, if
necessary, quarantined. A two-step monitoring process ensures that the system
wholly eliminates false positives and keeps false negatives to a minimum.
Network administrators can deal with attacks on the victim machine in three ways: Send the offending traffic to a quarantined virtual LAN for remediation, block switch ports to isolate infected machines, and implement granular filtering on individual ports to ensure that traffic continues flowing. Ashar Aziz, CEO and founder of FireEye, and Chad Harrington, vice president of marketing, liken the victim machine's protection to royal food testers of antiquity: "If the king's food was poisoned, the tester died. But the king lived."
Conventionally, NAC technology considers machine infection a situation to avoid.
The FireEye 4200 redefines NAC protection by actively seeking infection and
sacrificing the health of virtual machines for the sake of the production network's
health.
- Sam Davenport