SP Networking

May 21, 2014

Thwarting Hackers After They Invade

My response when asked about an article posted in the Wall Street Journal: WSJ article: Thwarting Hackers After They Invade

I don’t believe our security environment has changed. The security of information networks continues to be a cat and mouse game. The tools get updated but the basic methods remain the same.

The article sounds more like an infomercial than a news article. One of lessons I’ve learned in sales(and refuse to do) is to create FUD(Fear, Uncertainty, and Doubt). FUD is exactly what this article is trying to create so that Symantec can sell their latest product.

Rather than fighting to keep the bad guys out, new technologies from an array of companies assume hackers get in so aim to spot them and minimize the damage.

That’s like saying you’re going to take the locks off your house and install security cameras and secret compartments to hide your valuables.

FireEye Inc. FEYE +0.73% created technology that scans networks for malicious-looking computer code that made it past the first line of defense.

Just sounds like using two antivirus programs instead of one. How about just getting a better antivirus software?

Symantec also is developing technology to look for more-advanced malicious software inside a network that mimics offerings from its rivals.

Or they could just use the same technology to make their anti-virus better.

Mr. Dye estimates antivirus now catches just 45% of cyberattacks.

Even comparison sites estimate the Norton catches around 76%(one of the lowest). This is an obvious attempt at FUD.

Ted Schlein, who helped create Symantec’s first antivirus product, describes such software as ‘necessary but insufficient.’

This is the caveat where they want to make sure everyone still buys their antivirus product. This is a true but misleading statement. It is correct that antivirus software alone is insufficient. That is why we have other security settings, firewalls, permission settings, passwords etc.

I believe Norton is merely taking advantage of our current computer security climate with the end of support for Windows XP machines, the Snowden NSA leaks which are revealing just how vulnerable all networks really are and the flood of credit card data breaches. They have used this environment to create and sale a new product.

The root of the product, in my opinion, will not be security but data collection. They want to monitor activity on your network and screen all of your internet activity(“a spam blocker and a tool that scans a user’s Facebook feed to guard against dangerous links.”). There is a large market for the data gathered. Norton would be able to monitor and collect user data on an even more direct level than Google, Facebook, Apple and the other large internet companies. This would even give them the ability to block the other companies and sell the information to them.

Our method of network security is tailored to our clients and uses many layers. The exact methods and tools are generally determined by the client’s want, budget and the value of the data/network we are defending. We use a combination of software, appliances, software update policies, computing best practices and monitoring(monitoring for our managed services clients only). We use a managed antivirus client with real time threat reporting which is monitored by SP Networking. We use a combination of hardware and software firewalls to block malicious/unwanted traffic. Software updates are applied regularly and monitored for success. Domain administration acccounts and external accounts use stricter password complexity requirements. Internal accounts use higher complexity requirements where feasible/allowed. Services and networks are monitored in real-time with configured alerts. Data loss is protected through onsite and offsite encrypted backups. It’s a combination of tools and methods that protect your network.

There is no guarantee against intrusions. If you want to prevent outside access you will have to disconnect from the internet. If you want to prevent inside access you need to shut down the computer and lock it in a vault. If your plan is “Thwarting Hackers After They Invade” then you have already lost.