informa
Commentary

Lowering Your Security Expectations

The security experts on a panel presented by the Secure Enterprise Network Consortium "painted a gloomy picture of the cybersecurity landscape," according to Federal Computer Week. The reason behind this is supposedly the ever-changing computing environment and threats that make it impossible for the best solutions to stay relevant. Instead, they are "likely to remain piecemeal and temporary."
The security experts on a panel presented by the Secure Enterprise Network Consortium "painted a gloomy picture of the cybersecurity landscape," according to Federal Computer Week. The reason behind this is supposedly the ever-changing computing environment and threats that make it impossible for the best solutions to stay relevant. Instead, they are "likely to remain piecemeal and temporary."

Haven't these people ever heard of "best-of-breed" and "unified threat management"?Just kidding -- that sounded much funnier in my head, but at least you can tick off a few more spaces on your buzzword bingo card. Seriously, I think you'll agree that it's disheartening to think what we do as security professionals is the equivalent of trying to plug a leaking dam. Eventually, we'll run out of fingers and toes to stick in the leaks, and everything will flood around us.

In the past I have written about the inevitability of failure, which is still an idea I subscribe to. There are enough determined attackers, malicious insiders, and malware out there that security efforts will fail. However, I'm not sure I'm ready to fall in line with what Terry Wallace said. "The lab assumes that its systems are compromised, and that its security is imperfect," the principal associate director for science, technology, and engineering at Los Alamos said in the FCW article.

Security is definitely imperfect, but how do you secure systems that are already compromised? If a system is compromised, isn't it time to seek and destroy? Seek out the compromise, destroy it, and eliminate the source of the compromise. Why accept the fact that a compromise exists and work around it? To me, that seems like it would make securing data infinitely harder and an effort in futility.

Are there other people out there who assume their systems are already compromised? Is that something you, as a security professional, believe, or do your C-level execs feel that way, too? Post a comment or e-mail me your thoughts.

John H. Sawyer is a senior security engineer on the IT Security Team at the University of Florida. The views and opinions expressed in this blog are his own and do not represent the views and opinions of the UF IT Security Team or the University of Florida. When John's not fighting flaming, malware-infested machines or performing autopsies on blitzed boxes, he can usually be found hanging with his family, bouncing a baby on one knee and balancing a laptop on the other. Special to Dark Reading.

Recommended Reading: