Last week we discussed overestimated security technologies. This week we will focus on the other side of the coin. The following are technologies widely underestimated in the security industry today. Because some security professionals think that amazing tools may seem to be a waste of budget, it is not surprising that a technology appears on both overestimating and underestimating lists.
Whitelist
Application Security is an increasing concern of some enterprises, because the applications of enterprises and individuals are becoming more and more profitable. Whether it's online banking or popular game applications on social networks (such as Facebook), it's the target of hacking. Web application firewall is seen as a way to reduce such risks. The most undervalued technology of this product is the White List: only the technology that allows effective communication to pass through the gateway, so it can provide external input verification protection.
Andy willinham, E-chx senior engineer, believes that whitelist and URL filtering technologies are abandoned too quickly because they are too complex. "Most people think that limiting who can access and what they can access is not a simple task ." "Our current situation is that we cannot only let people do what they want," he said. Too many people advocate that if we want to seize and retain good employees, we must allow them to install programs and surf the Internet freely, but there is no other way, so we have to lock the system ."
Chris Young, an ISM company, said the biggest setback for this technology was its incompatibility with management, but it has been improving. "Our problem now is that we cannot add programs as a helper for security and control considerations ." He said: "In the end, the system cannot be locked because the user will not have any freedom, but it tells the administrator and the user to first check the downloaded items, it is safe and within the company's rules and regulations."
At the same time, he also said that the White List technology makes up for the protection of executable files due to bad behavior or unexpected vulnerabilities. "Aurora is a good example. The whitelist is a life-saving tool for people to accidentally click a bad link to open a bad website. It can completely prevent threats ." He said.
Readers say their biggest challenge is that they do not know how to properly protect the data that must be stored and destroy the data they no longer need. Among many security violations, the latter is the cause of illegal intrusion. For those digital data that cannot be eliminated, we should pay more attention to the role of data encryption. Physical records (disk drives are also included), and simple disservers are also underestimated.
"You need a shredder to securely process unnecessary or unscanned records or encrypted data to protect the security of scanned data ." Tony Goring, the owner of the South China survey, said.
CPU stress testing tool
Last year, Joanna Rutkowska, founder and CEO of the Invisible Things lab, published a file about how to use the Intel CPU cache mechanism, since then, the concept of CPU cache "poisoning" has attracted enough attention. One of the goals of this document is to clarify the current shortage of solid firmware in the security industry.
The file states that in other things, "the actual purpose of CPU cache poisoning is to read/write (or protect) SMRAM memory ." Invisible Things lab found two work vulnerabilities: "One is to pour out the content of SMRAM, and the other is to execute arbitrary code in SMRAM ." Criminals use these potential consequences to create more sinister rootkit, initiate administrative program attacks, or bypass the operating system kernel for defense.
"It seems that even a well-known intel manufacturer, its firmware security status is not satisfactory ." The final conclusion of the document is as follows.
Kandy Zabka, a botnet researcher and code writer at the Information Security Island Forum, said that the CPU pressure diagnostic tool is an "excellent" tool that clears the exact memory address used for CPU cache poisoning. "If an exception occurs after multiple operations, the precise block of the involved memory address can be revealed ." He said.
Firewall and av
Our conclusion last week was no. Security experts have been telling people over the years that anti-virus technology is growing, because security vendors cannot keep up with all the changes in av definitions and need to defeat every new malware. In fact, some security experts boast to abandon this technology completely.
However, just like any criticized technology, there are still some people standing up to name them. Firewalls and av may no longer be honored, but some people think they are an absolute part of the need for any network security situation.
"I think firewall, av, and patch solutions are still the most important technologies in enterprise IT security ." Mark Fullbrook, UK and Ireland head of Cyber-Ark software, said. However, he added: "Are these technologies Underestimated? How many enterprises are not using these technologies ?"