Growing up, I dreaded road trips. Beyond a proclivity to car sickness, I feared the inevitable onslaught of fussing directed at me and my older sister as we struggled to entertain ourselves on the 11 hours it took to get to our grandparents’ farm in the backseat of a giant 1970s station wagon.
Now a mom of two myself, I really do understand the desperation that makes a parent say the words “Let’s play the quiet game!” (In the spirit of full disclosure, I would have been a lot quieter if my sister had just stopped looking out of my window.)
Security Lessons From Mom
But what if we applied mom’s words of wisdom to our security practices? Playing the quiet game is a recipe for disaster when implemented into a security intelligence solution, raising the threshold for event notification so high that only the Kool-Aid Man bursting through a firewall would raise the flag.
Threats Are to Be Seen, Not Prevented
This little gem is a fairly horrible security posture. In a time when attackers sneak into networks and lurk for months undetected or employ advanced evasion techniques (AETs), it has even worse consequences.
While encryption can be helpful in protecting your banking information, it can also be employed by cybercriminals to hide their attacks on your network. With AETs employing packet fragmentation or protocol ambiguities to obfuscate attacks, it would seem that threats are neither seen nor prevented. It’s the worst of both worlds!
You’ll Shoot Your Perimeter Out
When Cisco disclosed its buffer overflow vulnerability earlier this year, there was a fairly low-key reaction to the potentially havoc-wreaking exploit. Devices like Cisco’s Adaptive Security Appliances are often the first line of defense in a network, and sometimes the only one. Even with a vendor-provided patch, the sheer number of these devices in a network often mean a delay in implementation given the operational requirements, leaving a hole in the perimeter.
As Long as You’re in My Network, You’ll Compute by My Rules
What good is a network perimeter defense if employees are free to connect to third-party cloud apps at will? Hopefully you at least have rules set up to govern cloud app access practices, but enforcing them is another matter.
Accessing third-party cloud apps with personal emails from company computers, reusing corporate login credentials or uploading company confidential documents to unauthorized cloud storage providers are all recipes for disaster. This is a great mom rule that’s not always executed as it should be.
If All Your Friends Named Their Vulnerabilities, Would You?
Hopefully the designer vulnerability fad has finally petered off in light of the recent Badlock bug. This particular vulnerability was pre-announced weeks ahead of full disclosure, complete with a website, a logo and an apparent marketing plan. When it was actually disclosed, Microsoft rated it as important rather than critical, bringing forth criticism about the predisclosure hype.
Don’t Make Me Come In There (With an Incident Response Team)
I like to imagine that every time the X-Force Incident Response Services emergency phone line rings, whoever is answering it sighs a little because it means there was a security breakdown somewhere that resulted in an incident.
No one in the security industry delights in hearing about the latest breach. Breaches mean either a collapse of security fundamentals, a new and wily attack method or plain old human error. None of these things are fun to deal with in the sober light of day. Any mom will tell you that “I told you so” is fun to say only for a fleeting moment — and then the hard work of rebuilding begins.
Market Segment Manager, IBM X-Force and Security Intelligence