Finding a Needle in a Haystack – Child’s Play!
“Finding a Needle in a Haystack” is without doubt one of the most overused analogies in IT security. After seeing it repeatedly at RSA I offer the following analysis of the analogy: Finding a needle...
View ArticleNeedle in a Haystack? How to Find an Unknown in an Ill-Defined, Shifting...
In the March 17,2011, post, I demolished the “Finding a Needle in a Haystack” analogy by pointing out that in IT Security we don’t know what we are looking for (the needle) and our haystack is not a...
View ArticleUSB Drives – Cool Tool or Malware Delivery Device
Behold the USB drive. Simple. Functional. Efficient. The USB device is also a symbol of all that makes IT security so difficult. But take heart, because the USB device is also illustrative of the...
View ArticleEinstein Could Smell the Coffee – Can You?
“We cannot solve our problems with the same thinking we used when we created them” Albert Einstein The past weeks have been on a Headline-per-day rate of high-profile hacks (today it is NATO). What...
View ArticleTime to Take an Open Minded Plunge
This blog entry is unique because it is the first one written on my new Apple MacBook Pro that I put into service yesterday. The move to the Mac is one of two personal paradigm shifts I have...
View ArticlePlan B Gets a Name: Rapid Detection and Response
I have been openly evangelizing for a Plan B for malware detection for three years. I have also been looking for a name for this approach, and today I saw an article that used a term that I have seen...
View ArticleMaking the Case for Rapid Detection and Response
In my post “You Need a Plan B for Security“, I cited two numbers from the Verizon Business 2011 Data Breach Investigations Report (published May 2011): 60 and 86. These two numbers jumped out at me...
View ArticleThe Emotional Barriers to Embracing the Presumption of Breach Doctrine
Every day, another breach. For every breach story we read, what would you guess is the number of known breaches that do net get reported? 1? 5? 100? Then there is the big unknown. The “you don’t...
View ArticleThe Reader’s Speak – the Top Ten Posts of 2011
The year is rolling to its inexorable end and it is time to look back fondly on the top blog posts from Exceptional Security in 2011. The selection process is generally scientific, using the site...
View ArticleDigitally Signed Malware Proves Again That Attacks Get Through Your Shields
So what, Triumfant guy, exactly gets through my shields? You tell me I will be breached and you give me statistics, but I have AV, whitelisting, deep packet inspection, and every other acronym and...
View Article
More Pages to Explore .....