Critical Infrastructure Security, Incident Response, Malware, TDR

Happy New Year: Who are you?


We're off to another year. I read recently where one security maven is referring to 2014 as the “Year of Cryptolocker.” I certainly hope not. But that sentiment, at least, sends an important message: We are seeing – and have been seeing – security threats that really can have an impact. Over time, those of us who have been around a while have seen a few real show-stoppers, but overall very few single events stand out as having the potential to bring computing to a halt. Recently, though, we have begun to see attacks and malware that could have a devastating effect on the global computing infrastructure.

Part of that is because of the ability to weaponize malware and part of it is due to the ability to monetize crimeware. Five years ago I would not have taken seriously the notion of cyber criminals holding major banks or individuals in the hundreds of thousands at gunpoint. However, the collaboration between terrorists and cyber crooks has been a solid enabler, much to the disgust of the public in general and the burdens of security professionals in particular. Simply, there is a new element in cyber space and that element is the cyber mercenary. These folks will do anything to any organization or anyone if there is money in it. That spells bad news for us.

Keeping the bad guys out of our systems, too, has many elements. This month we deal with an important one: authentication. Experts have been predicting the death of passwords in favor of stronger authentication methods. We have some of those this month, of course. However, authentication management is at least as much of a challenge as the authentication methods themselves. To do the honors for this first Group Test of 2014 we call again on the reviews team from Norwich University. These upper class students apply their classroom and lab skills to beating on the products they review. I have often said that these students can break anything. If there is a weakness, they find it. I am pleased to report that, this month, nothing broke.

The other thing these students are known for is exercising the vendor's help desk. This month was no exception and, again, I'm pleased to report that the support folks came through with flying colors. So, overall, this was a banner month and I am sure that you'll enjoy this batch of reviews. While much of the test and review effort goes into finding flaws, there is at least as much that goes into determining usability. Even if there are no serious flaws in a product, if it does not function intuitively it will cost the user valuable time. The ability to keep a security tool current, well-configured and effective in a timely manner is as critical as the tool's ability to do its assigned job. This month's batch did quite well at both solid operation and usability. It was one of those months where it was hard to determine a clear winner.

Looking forward to the rest of the year, we will continue to cover the product types that you have asked for, as well as provide our First Looks. I'm always interested in hearing from you, the readers, on what you like and don't like about these pages. Feel free to email me at [email protected]. I always answer email.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.