All the latest UK technology news, reviews and analysis
|
|
|
02 Mar 2010
The effectiveness of traditional anti-virus and encryption systems is failing, according to a panel of experts at the RSA 2010 conference in San Francisco.
Current successful detection rates for popular anti-virus packages are between 70 and 90 per cent of all samples, Ed Skoudis, co-founder of security consultants InGuardians, told delegates.
The increased use of heuristics and behavioural monitoring may be helping overall, but the outlook is not rosy, according to Skoudis. However, he urged companies to keep using such systems.
"Don't throw the baby out with the bathwater," he said. "Heuristics and behavioural monitoring helps to cut down some of the clutter, but we can't have that as a single point of protection any more."
The best defence from an IT administrator's perspective is vigilance, Skoudis said. Administrators should check outbound web proxies for excessive activity or suspicious connection points, and logs of DNS resolution failures are also a useful source.
Companies should also segment networks with internal firewalls to minimise the effect of any outbreaks.
Dr Johannes Ullrich, chief technology officer at the SANS Internet Storm Center, agreed, saying that network segmentation is vital to effective security. Computers that do not need internet access should be disconnected, he said.
Dr Ulrich also warned about an over-reliance on encryption and, in particular, Secure Sockets Layer (SSL).
"Do not rely on encryption," he said. "Encryption is becoming a losing battle. You have to overbuild on encryption now. Pick the strongest cypher you can and then re-encrypt with another package."
Dr Ulrich warned of increasing problems with SSL as an encryption tool. So-called man-in-the-middle attacks, where a hacker oversees an encrypted traffic stream, disrupts the connection and then reconnects with one side to harvest the data, are becoming increasingly common.
He also referred to the NULL character flaw revealed at last year's Black Hat conference.
Ultimately, however, the best protection for a network is the IT administrator, according to Skoudis.
"There is no silver bullet, except possibly you. Build your skills up. What if we are the defence we have all been waiting for?" he said.
Latest stories from Security
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Hands on with the highly anticipated Android 4.0 Ice Cream Sandwich hybrid tablet
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
/ Corporate Account Manager / Management Consultant...
Prince 2 Project Management Professional, Client Facing...
Solution Architect / Technical Project Manager / Corporate...
Solution Architect / Technical Project Manager / Corporate...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
Agree, totally..
It's funny how companies expect that with a couple of "tools" in place, the risk is transferred and everything is ok. Instead over- reliance on these tools blinds admins into what is really happenning on the wire or in memory, thus a great learning opportunity is lost. Because "x" or "y" applications don't see it and don't alert on it, does it mean it isn't happenning? Do you know what "normal" traffic looks like on your network? It takes all 5 senses to drive in bad weather; it takes a 6th sense to be succesful in InfoSec.
Posted by: manny2times 03 Mar 2010