Recent Malware incursions
Well based on the news over the past few days with "Wannacry" it feels like we are back to the days of the early 2000's with flaws in systems being exposed and exploited at an alarming rate. The twist here is that the exploits look to be the output of work done by state actors with effectively unlimited resources to throw at the problem and that work leaking. I really hate to say this but what I think what is really being exposed here is the continued lack of fundamental investment by enterprises to get their houses in order and establish well-managed standardized environments that can effectively be keep current. I have discussed this topic is my previous posts that in my experience many environments today represent the layers of work by IT to enable functionality without taking the time to rationalize and standardize what they have.
I know this is hard, and the large ecosystem of vendors in a open technology world make it really hard, but organizations need to use this as an opportunity to get their houses in order fundamentally. I am sure there will be a wave of security vendors pitching the next layer of add-in to protect environments and while possibly great these solutions need to be considered just that another layer and not a solution to the root cause, lots of old technology hanging around. Having a standard simplified well managed environment will not only improve an organizations security posture it will enable easier adoption of new services which will be beneficial for the business. If these services are aaS based then you gain the benefit of leveraging the investments of those players in security as a force multiplier for internal efforts. Let me know your thoughts..
I am seeing the integration of "best of breed" solutions adding complexity and potentially reducing the effective security posture as organizations struggle to maintain the integration.
there is no silver bullet tool or vendor. Buying a collection of best of breed point products is not the answer, especially of those tools are not sharing threat intelligence across your environment. We all need to work together. Together is power!
Very true Greg. I actually wonder aloud about WCry being a POC or a test balloon for one of the groups who fed off the shadow brokers leak. The kill sweet tch, tiny ransomware demand, regional initial target set, relatively low injection rate, relative lack of hardening/stealth in the IOCs set, and relative lack of a wave 2 exploitation after the kill switch was published. Either reduced effectiveness group or one with alternative objectives. I'm betting the latter. This wave was the cattle prod our whole industry should use to ask ourselves difficult questions and do incident test or incident response post mortems.