Jump to content
Sign in to follow this  
turetzsr

Various Articles

Recommended Posts

  • Anti-Malware Effectiveness: The Truth Is out There
    Excerpts:
    One of the hardest things to do in security is to discover what really works. It's especially hard on the endpoint, given the explosion of malware and the growth of social-engineering driven attack vectors.
    <snip>
    If I'm an end user trying to decide between these products, I'm justifiably confused.
    <snip>
    In the end you will probably kick the tires yourself, pick a short list (2 or 3 packages) and run them side by side though a gauntlet of malware you've found in your organization.
  • ESF: Controls: Secure Configurations
    Excerpts:
    <snip>
    let's focus on the configurations of the endpoint devices that connect to our networks.
    <snip>
    To be clear, we need to balance security with usability and some of the configurations suggested in the benchmarks clearly impact usability. So it's about figuring out what will work in your environment, documenting those configurations, getting organizational buy-in, and then implementing.
    <snip>
    As you define your standard builds, at least on Windows, you should turn on anti-exploitation technologies.
  • ESF: Controls: Anti-Malware
    Excerpts:
    <snip>
    To state the obvious, over the past few years malware has dramatically changed. Not just the techniques used, but also the volume. It's typical for an anti-virus companies to identify 1-2 million new malware samples per month.
    <snip>
    what is really clear is how broken the old blacklist, signature-based model has gotten. With 2 million malware samples per month, there is no way keeping a list of bad stuff on each device remains feasible.
    <snip>
    We've harped on this throughout the series, relative to the importance of using other tactics on the endpoints (including running updated software and secure configurations) and within the network to compensate for the fact that anti-malware is an inexact science. And don't forget about the importance of monitoring everything, given that as much as we try to prevent, in many cases reacting faster is the only option we have.
  • Room for Improvement in E-Mail Opt-Outs
    Excerpts:
    Retail e-mail volume is up, with marketers sending record numbers of messages each month of 2009.
    <snip>
    While the vast majority of e-mail campaigns took only two clicks to unsubscribe in 2008, nearly four in 10 now require three or more clicks before users can opt out.
    <snip>
    According to data from the Messaging Anti-Abuse Working Group, 22% of US Internet users consider messages they once requested but no longer want to be spam. Opting out must be as easy as possible to avoid getting labeled as such.
    <snip>

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×