Is Antivirus Software Still Necessary?

Robert McMillan from Wired recently published an article about the necessity of Antivirus Software in light of the ever changing and more sophisticated threat landscape. Here is an excerpt from the article and if you would like to read the whole thing (you should) click here.

"Dan Guido, the CEO of security startup Trail of Bits also doesn’t use AV. Some security pros use it because they’re in regulated industries, or because they work with customers who require it. “If it weren’t for that,” he says, “almost nobody in the security industry would run it.”

It’s a story we heard again and again at RSA this week. The pros are generally smart enough to avoid the things that will get them hacked — visiting malicious websites or opening documents from untrusted sources. But even if they get fooled, the odds are their antivirus software catching it are pretty low. But many of these pros also believe that antivirus isn’t always that useful to the average business either.

“Ten years ago if you were to ask someone the question, ‘Do you need antivirus?’ the overwhelming response would be, ‘Absolutely, my entire security strategy is based on endpoint antivirus,’” says Paul Carugati, a security architect with Motorola Solutions. “Today … I don’t want to downplay the need for it, but it has certainly lost its effectiveness.”

The problem is that most criminals are smart enough to test their attacks against popular antivirus products. There’s even a free website called Virus Total that lets you see whether any of the most popular malware scanning engines will spot your Trojan program or virus. So when new attacks pop up on the internet, it’s common for them to completely evade antivirus detection."

Stratfor Documents Obtained in December 2011 Breach - Released

The fallout from the December 2011 breach of Stratfor was not fully felt until today, when the website WikiLeaks released a statement that they would begin to publish "5 million e-mails from the private intelligence company Stratfor, starting with a company "glossary" that features unflattering descriptions of U.S. government agencies." 


Stratfor will not confirm nor deny the authenticity of the documents but they do make mention that the documents can now be easily edited by those who release the information.


Wikileaks has stated that the documents will be released through a network of more than 25 news outlets and activist groups in the coming weeks. The first document out was titled "The Stratfor Glossary of Useful, Baffling and Strange Intelligence Terms," featuring brief and sometimes humorous definitions and blunt assessments of U.S. intelligence and law enforcement.


To read more about Stratfor and Wikileaks click here
To read the full text of what was released click here

New Microsoft Windows Server 8 FCI Integrates Websense DLP Technology

Data breaches and theft can be detrimental to any company and preventing the accidental loss or misuse of sensitive documents is a major IT security concern. In this video demo, we explain how Microsoft has integrated Websense DLP technology into its File Classification Infrastructure to prevent these major data-stealing attacks.

Websense DLP technology is a key feature in the Websense® TRITON™ solution, which offers unified web, email, and data security. The TRITON modules are available separately or together, and can be deployed in enterprise-grade appliances, as cloud-based services (SaaS), and as powerful and efficient hybrids of on-premise and SaaS elements working together. Backed by Websense data classification expertise, the collaboration between Microsoft and Websense technologies allows organizations to accurately monitor, identify, categorize, and ensure protection and proper use of sensitive information— as it is being authored.

Web Security Company Mykonos Acquired by Juniper Networks

Juniper networks closed the 80 million dollar deal February 13th and has added Mykonos, a provider of website and web application security software, to their Security Business Unit. 

The idea behind the acquisition is that Juniper can use the technology to detect attacks before the attack is in progress. The Mykonos product uses predictive analysis and deception-based software that is able to catch an attack in progress, profile the attack, learn the behavior, and then using that behavior to thwart future attacks.

Citing data from a Verizon report, Juniper says web applications are among the largest unprotected attack surfaces and the frequency of attack is increasing.

Read more about this acquisition on Network World

Shameless Plug Tuesday!

One of our goals of DLP Digest is to keep the "sales pitch" out of our updates and provide a non-biased view of what is happening in the technology and security worlds. However, from time to time we can't help but promote some of the cool stuff we are doing with our education and training programs. We have just rolled out regional training dates for Websense DLP solutions and chances are we will be in a city near you very soon! So sign up and maximize your organization's investment! Attevo is proud to announce a Websense Authorized Training program designed to provide organizations with the knowledge and skills needed to confidently manage your Websense technology investment. Attevo Websense certified instructors provide classroom, on-premise, or customized training for the following technologies: Web Security Gateway Anywhere Email Security Gateway Data Security Suite Triton Enterprise Attevo offers formal classroom training in Cleveland, Ohio on a regular basis in addition, we currently have regional courses scheduled in the following cities: New York City:  April 16-19  Atlanta:           April 23-26 Chicago:          April 30-May 3 Dallas:             May 7-10 Los Angeles:     May 14-17 Seattle:           May 21-24 St. Louis:         June 4-7 Course Schedules and Course Outlines can be found using the OnCourse button or date links above.  We now return you to your regularly scheduled programming...

Cool Websense Security Survey Infographic

Content Security and Data Loss Prevention company, Websense in conjunction with independent research firm Dynamic Markets just released their "Security Pros & ‘Cons’" survey. IT managers and non-IT employees in the U.S., UK, Canada, and Australia where they asked about the latest threats to corporate and personal security, including modern malware and advanced persistent threats (APTs).

Websense has condensed the findings of the study into an easy to read infographic. The portion of the infographic below is one of the more interesting data points collected regarding a "false sense of security" that is felt by many IT managers. They know that they need to protect their organization against modern malware and web 2.0 threats, but 52% of IT managers do not protect their organization from confidential data being uploaded to the web.

Fortunately, help is on the horizon as headline-grabbing security incidents have promoted data security talks amongst top management and have driven focus on security, including the need for additional budget. Click here to download the full report 

Wall Street Journal: Chinese Hackers Suspected In Long-Term Nortel Breach

In an article in the Wall Street Journal by Siobhan Gorman it is speculated that the over decade long breach of the once massive telecommunications company Nortel  was the result of hackers based on China. The article goes on to detail recent U.S. intelligence reports that Chinese hackers are a threat to world networks and that "both government-affiliated and private-sector [Chinese Hackers]—are the world's most 'active and persistent' perpetrators of industrial spying."


While China has been a hot topic in security news for a while I think the most egregious offense is the negligence on the side of Nortel executives. It was reported in the article that nothing was done from a security standpoint after the breach was discovered other than changing the passwords that were used to gain access to the network.


Publicly traded Nortel did not disclose the breach and did not believe that they had to make investors aware because it was not considered a "material" risk or event. Late last year the SEC released a formal memo stating that cyber attacks can be "material" and that an organization must investigate all cyber attacks to determine if they are in fact "material".


In the meantime, Nortel was also in the process of selling portions of their business as a result of filing for bankruptcy. Even during this process executives did not disclose the breach to potential buyers. According to the article, former CEO of Nortel Mike Zafirovski believes, " People who looked at [the hacking] did not believe it was a real issue. This never came up like, 'We have a real issue and we need to disclose to potential buyers of businesses.' Mr. Zafirovski said he didn't believe the infiltrations could be passed on to acquiring companies. 'That's a real, real stretch'."

The article in the WSJ is a great comprehensive timeline of the Nortel breach and all of the factors at play in this complicated story. While outside hackers are a threat to networks, an even greater threat to world networks is a lack of security education, or in this case negligent organizations. Tell us what you think and be sure to check out the full WSJ article here: Chinese Hackers Suspected in Long-Term Nortel Breach