Friday, June 17, 2011

Security and firewall management blog at Tufin

Firewalls are the heart of every organization's security strategy. Every compmany has firewalls, with rule sets that have grown to be a big can of worms. Tufin has very interesting technology that helps meet the scary challenge of keeping firewall rules consistent across the company and consistent across multiple vendors. Not only that, but I am finding security and network admin teams efficiently sharing Tufin's products for a secure network.

Tufin is taking a leadership position by hosting a discussion on security and firewall management. There will be guest analysts, and I am pleased to be able to contribute. You can check it out here.

My new post on

It is important that application whitelist approaches make allowances for differences in individual PCs. Each device is slightly different – it is very unlikely that a “one size fits all” approach will be pragmatic.I mention this because I often hear the misperception that application whitelist vendors maintain a master list of every published software executable in the world, can query that database to validate the integrity of any given program, and that there is great value in this massive clearinghouse capability ...

You can read the entire post here.

Friday, June 3, 2011

Can SecurID be trusted?

RSA Security’s security problems, as evidenced by recent intrusions into defense contractor networks, are causing more than a few organizations to not only re-evaluate their commitment to SecurID authentication, but also to re-evaluate the role of authentication in their security programs. I have already heard of large companies that have embarked on a multi-year program to transition from premium-priced SecurID to cheaper alternatives.

RSA desperately needs to disclose more information about the nature of the breach, and what actions RSA customers should be taking to protect themselves. In the absence of information, security organizations should assume the worst – that their business is next in line for a breach – and should be prepared to detect and act upon an intrusion.

If you are a SecurID customer there are a few things that you may consider to help keep your business secure:

Add the device as part of the “something you have” authentication factor. Users would need SecurID from an approved device to gain access to applications and the network. This can be done either directly with PKI keys on the chip (e.g. Wave Systems using the TPM in Intel machines) or by evaluating the device (e.g. iovation assessing the machine fingerprint). Only a few users will ever need to access resources from unauthorized computers, so narrow this exposure by also authenticating the device.

Heighten efforts to detect APTs and intrusions. It is actually easier to avoid getting caught by launching a spear-phishing attack, penetrating corporate defenses with malware, and letting the APT deliver secrets than it is impersonating a user and bumbling around a network like Diogenes looking for secrets. Step up automated efforts to catch configuration drifts out of compliance and non-compliant network traffic – signs that you may be under attack.

With increased diligence, you can verify your trust in SecurID.