I think the model is continuing towards hope that our several layers work well enough. The new corporate buzzword is productivity, and that translates to less people doing more work. In our case our routers and firewall is outsourced. Monitoring the AV/Malware stuff is based more on hope than diligence as headcount was cut.
From: Alan Davies [mailto:[email protected]] Sent: Tuesday, October 11, 2011 4:27 AM To: NT System Admin Issues Subject: RE: AV and malware protection? Agree wholeheartedly for the majority of threats. The only exception I'd make is for APT (sorry to mention buzzwords!!). Security through obscurity can be a very valid defence against undirected attacks (and probably most directed ones too), but a little social engineering, insider knowledge, etc. and it doesn't matter so much anymore. Stuxnet was a good example. What matters are the real controls in place, your people and your processes. On your last comment Marc, I do worry how we are ever going to get to a scenario where businesses in general are well protected since only very few, through either extraordinary diligence of their own doing, or through regulatory necessity, make that time or care about that level of knowledge (aka funds!). PCI perhaps is at least a start in terms of introducing some of these concepts to otherwise unregulated verticals. a _____ From: Marc Maiffret [mailto:[email protected]] Sent: 11 October 2011 01:28 To: NT System Admin Issues Subject: RE: AV and malware protection? The reality is that most IT environments are all using one of the 2-4 popular AV products. One of the 5-6 popular network firewalls. This makes it so that the ease at which an attacker can setup a test lab to mimic the average business and ensure their attack will be successful is a very easy thing. In order to be successful in todays IT security environment you need to customize security to your specific environment. If you spend even a reasonable amount of time customizing your security at the OS and network level you can prevent the vast majority of attacks. This is not opinion but fact. Problem is that most people in IT have not been given the time or education by management to be able to do this successfully so alas everyone just installs a product and hopes it works. Likewise the attacker installs the product, makes sure their exploit works, and does not abide by hope. Now of course you could have the time and knowledge and not a product that allows for customization. But that is a different thing all together. -Marc Signed, Marc Maiffret Founder/CTO eEye Digital Security WEB: http://www.eEye.com BLOG: http://blog.eeye.com TWITTER: http://twitter.com/#!/marcmaiffret From: Alan Davies [mailto:[email protected]] Sent: Monday, October 10, 2011 2:01 AM To: NT System Admin Issues Subject: RE: AV and malware protection? Huge +1 to that. Anyone who says product x is the best, is, at best, correct for a short period of time! All AV is poor - I seem to remember about 70% protection is as high as any product gets by some measurements. Why on earth would you encourage users not to use IE!? Again, FUD mostly - IE is one of, if not the most secure browser out there out of the box. Firefox not so great. Now I agree that you can add various addons to change the game, mostly at the expense of functionality, but these also require management and understanding - something that normal users will not have! Top browsers all managed well equal a fairly level playing ground. a _____ From: Mike Gill [mailto:[email protected]] Sent: 07 October 2011 19:50 To: NT System Admin Issues Subject: RE: AV and malware protection? I have seen exploits on systems with just about every (fully updated) AV product heard of. There is no product that will win every time playing this cat and mouse game. I run MSE on my personal systems. Vipre and Nod32 on client computers. I encourage users not to use IE. -- Mike From: Micheal Espinola Jr [mailto:[email protected]] Sent: Friday, October 07, 2011 11:26 AM To: NT System Admin Issues Subject: Re: AV and malware protection? Yep, the current version. From what I have seen done to it by web-based exploit infections, I would classify the product as "a joke". I thought it was decent before, but I currently have no faith in it. This being part of the scenario of users, using IE, getting hit with drive-by's, those drive-by's pulling down more crap, and ultimately owning the system with rootkits. IMO, MSE has been worthless in these situations. -- Espi **************************************************************************** ******** WARNING: The information in this email and any attachments is confidential and may be legally privileged. If you are not the named addressee, you must not use, copy or disclose this email (including any attachments) or the information in it save to the named addressee nor take any action in reliance on it. If you receive this email or any attachments in error, please notify the sender immediately and then delete the same and any copies. "CLS Services Ltd × Registered in England No 4132704 × Registered Office: Exchange Tower × One Harbour Exchange Square × London E14 9GE" ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
