Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Focus on ransomware, SDLC, and endpoints

Fahmida Y. Rashid | July 4, 2016
The noted web security guru worries that the key web and application threats aren't getting the right level of focus

This vendor-written piece has been edited by Executive Networks Media to eliminate product promotion, but readers should note it will likely favour the submitter's approach.

Grossman: Focus on ransomware, appropriate SDLC, and endpoints

With so many elements in information security -- application, network infrastructure, the endpoint, perimeter defenses, and data-centric approaches -- it's easy to fall in the trap of touting one as more important than the other.

But it's a mistake to consider information security as a series of silos when it's actually an intersection of different areas. That overlap is most evident with application and endpoint security.

For Jeremiah Grossman, the new chief security strategist at security vendor Sentinel One, application security and endpoint security are just different steps in the kill chain. As the founder and former CTO of the consultancy WhiteHat Security, Grossman has been the go-to-expert for web application security for years, and his new focus on endpoint security at Sentinel One does not mean that he has given up on securing web applications.

"From an adversary kill-chain perspective, if we can get the bad guys not to be able to break into the website, great, let's do that. But if we can't, let's makes sure that if the system gets compromised and malware is on it, we can detect it really, really quickly and stop it, or eradicate it," Grossman said.

Many of the latest data breaches began with the adversaries exploiting a vulnerability in a web application, and then pivoting in the network to find other vulnerabilities and weaknesses.

The web application is the doorway, but the actual attack happens on the endpoint, whether that's valuable data stored in a database or, in the case of ransomware, documents that could be locked up to demand ransom. Web application security and endpoint security are intricately tied up together, he said.

Back in 2001, when Grossman first started working on web application security, cross-site scripting flaws and SQL-injection errors were rampant, with pretty much every website affected.

Fast-forward to 2016, and such attacks are incredibly rare among major sites. Cross-site scripting and SQL injection still exist on many websites, but it's no longer as widespread.

App security still matters, but SDLC has to be done judiciously

Information security professionals frequently talk about inserting security throughout the SDLC (software development lifecycle): Developers adopt secure coding principles and perform regular testing to catch and fix bugs before the application goes to production. The SDLC is a good thing, and more organizations need to adopt the secure development mindset.

But it isn't practical to demand all existing applications be rewritten under the SDLC. Legacy software, which powers the majority of the web and is installed on billions of endpoints around the world, has vulnerabilities. Fixing those flaws is part of what Grossman calls "legacy janitorial work."

 

1  2  3  Next Page 

Sign up for MIS Asia eNewsletters.