Skip to main content

more-on-de-perimeterization

Having just posted on de-perimeterization, I thought that this quote from Scott Borg of the U.S. Cyber Consequences Unit on the consequences of breaches:

"We started seeing huge vulnerabilities," Borg said Wednesday at the GovSec conference in Washington, where the draft document was released. Most of the systems were compliant with current security checklists and best practices. "And portions of those systems were extraordinarily secure. But they were Maginot Lines," susceptible to being outflanked.

The problem is that existing best practices are static lists based on outdated data. The new USCCU list shifts the focus from perimeter security to monitoring and maintaining internal systems. The problem with perimeter security is that there is always some way to circumvent it, Borg said.

"We are way into diminishing returns on our investments in perimeter defense," he said. "To deal with it now, you have to think of the problem of cybersecurity not from a technical standpoint, but by focusing on what the systems do, what you could do with them and what … the consequences [would] be."

I think it means that companies should start shifting their focus from firewalls and IDS/IPS to two-factor authentication and database encryption.

Of course, I looked for a copy of the draft on their website. Let me know if you have better luck.

Currently unrated

Recent Posts

Archive

2021
2019
2018
2017
2016
2015
2014
2013
2012
2011
2010
2009
2008

Categories

Tags

Authors

Feeds

RSS / Atom