Misconfigured Security Appliances, Basic Missteps Central To Data Breaches: Experts

By Robert Westervelt
February 28, 2013 6:04 PM ET

Page 1 of 2

Misconfigured and poorly maintained firewalls, Intrusion Prevention Systems and other appliances are at least one of the many problems fueling most data breaches, according to a panel of security experts.

In a wide ranging discussion covering everything from threat intelligence and offensive security to basic defenses, software security and compliance, panelists told attendees at the RSA Conference 2013 that many weaknesses are due to the growing complex myriad of security systems deployed in organizations. Many of the systems are not properly tuned for the company's specific environment, they said.

"All the stuff in the enterprise probably works fine if it was implemented properly," Greg Hoglund, an independent consultant who was founder and CTO of HBGary, the firm that was the target of hacktivist group Anonymous in 2011. "In nearly every case, enterprises were not patched, and it was two-year-old exploits used to do the successful attacking."

Organizations are also failing to conduct a thorough risk assessment to determine the kinds of threats that are likely to target the business. Knowing whether financially motivated cybercriminals, hacktivists or targeted cyberespionage attacks can help companies deploy the proper defenses and allocate resources in the right places, said Joshua Corman, a longtime security expert.

"I want to see sanity and technical specificity," said Corman, director of security intelligence at Akamai Technologies, Inc. "We don't do a good job knowing who our adversary is; we've poorly optimized the basics."

Security professionals at the industry's largest security conference heard the message that big data security analytics could help provide deep intelligence for risk mitigation, attack detection and response. But, integrating massive analytics on top of systems containing gaping holes may not be the most prudent idea, said Corman, Hoglund and two other panelists, Chris Valasek, director of security intelligence at IOActive, and Brian Honan, of BH Consulting, Ltd. Cybercriminals are stepping up attacks, but the vast majority of the successful data breaches are done by non-sophisticated means.

NEXT: Attackers Gain Sophistication, Not Attacks

1 | 2 | Next >>

To continue reading this article, please download the free CRN Tech News app for your iPad or Windows 8 device.

Related: Videos | Slide Shows | Comments

SHARE THIS ARTICLE

More Security

Comments by Vanilla

Recent Articles

	Head-To-Head: Symantec Vs. McAfee In Endpoint Protection McAfee and Symantec are archrivals with a firm grip on the North American security market. CRN pits both vendors' endpoint security products against each other and names a winner.
	The 8 Steps Behind The Massive $45M Cyber Bank Heist More than $45 million was stolen from banks in the U.S. and 19 other countries in a scheme that law enforcement is calling an international conspiracy to drain millions from bank accounts using stolen debit cards and PIN numbers. Here's how they did it.
	Name Of The Game: Top 10 States For Identity Theft A Federal Trade Commission report provides statistics on identity theft and fraud complaints in 2012. Learn which state has the dubious distinction of having the most victims.
	More Slide Shows