InfoSec in flux, facing fads with FUD

InfoSec in flux, facing fads with FUD

Summary: Classic information security defences aren't up to the task of facing the latest fashions in attacks, according to Sourcefire founder and CTO Martin Roesch.

TOPICS: Security

"There are fads in attack, just like there are in any other world, and the current fad that nobody has a very good grip on is cyberwarfare, advanced persistent threats, persistent embedded malware, all that kind of stuff," Roesch tells this week's Patch Monday podcast.

"The defences that are out there, many of them are inadequate to the task. Classic defences of classic AV [antivirus], classic firewalling, and things like that don't do a whole lot versus these kinds of attacks," he said.

As a result, the industry is in a time of flux, and, if that wasn't confusing enough, Roesch believes that many vendors are spreading FUD — fear, uncertainty, and doubt.

"Vendors spend way too much time confusing the market these days ... there's so much FUD that's being blown out there by the vendors themselves that we're all doing each other a disservice by not talking about these problems rationally."

Roesch also tells the story of how Sourcefire grew from the Snort packet sniffer, a personal, free, open-source software project that he started in 1998, and which is still available for free today, to the US$1.4 billion company it is today.

"Today, we call this a freemium model. We're like business-model hipsters at Sourcefire. We did this stuff before it was cool," he said.

To leave an audio comment on the program, Skype to stilgherrian, or phone Sydney +61 2 8011 3733.

Running time: 47 minutes, 35 seconds

"Pigs" sound effect by Erdie, CC BY 3.0.

Topic: Security


Stilgherrian is a freelance journalist, commentator and podcaster interested in big-picture internet issues, especially security, cybercrime and hoovering up bulldust.

He studied computing science and linguistics before a wide-ranging media career and a stint at running an IT business. He can write iptables firewall rules, set a rabbit trap, clear a jam in an IBM model 026 card punch and mix a mean whiskey sour.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


1 comment
Log in or register to join the discussion
  • C2 by '92, B2 by '95 ??

    Hold on - just what are we talking about?

    Seems to be that we are asking users to secure systems that were never designed or developed with security as a key theme, particularly the critical operating system environment and sub-systems supporting all those apps. Most commercial OSes use that totally obsolete, mainframe days "discretionary access control (DAC)" model from the days when programming was mainly "in-house" and programs were tested before being "put into production".

    That was a world away!

    However, by the early 1980s the basic concepts of "mandatory access control (MAC)" had been developed and were later implemented in some systems, e.g. GEMINI's GEMSOS (using the 4-protection-ring and memory segment/capability structures of the Intel CPU chips, Trusted SOLARIS, SELinux, DEC's SEVMS, etc. The BASE problem today is that "trust" in an app, of any sort, from the Internet/WWW is just not possible. That environment was, however, the basis for the scientific and engineering concepts behind MAC, as described in such documents as the USA's "Orange Book (TCSEC)" of 1985.

    The science, technology, engineering and maths (STEM) hasn't changed. The scientific results are there and obvious.

    The real problem - education and training - those MAC concepts and systems were more complex for the CIO types but, actually, could simplify the security parameters (profiles) for the inexpert end-user.

    So - well - what?

    We need public sector leadership in the deployment and use of such MAC/FMAC based systems for critical information systems!

    Oh - well - a vain hope! BUT it is becoming - to quote Faulty Towers - "the bleeding obvious" that "hardening" at the base computer hardware / OS / sub-system level has to occur. It is simply impossible to predict ALL attacks that can occur nowadays.