|
Get to the root of security threats |
|
|
|
Source: InfoWorld - Posted by Alex
|
Great blog post by Roger Grimes. One of my clients was recently hit (again) by the Conficker worm. The company's systems were all fully patched, yet the malware still managed to infiltrate hundreds of machines. It was evident that worm was able to spread rapidly via a network share vector. But the real question remains: How did the worm infiltrate the network in the first place, given that all the systems were patched?
This scenario perfectly illustrates the importance of root-cause analysis -- that is, determining how your company can be most successfully attacked by malware and malicious hackers. While there's no single, general recipe for achieving this goal -- that requires full security review of your particular environment -- you need to perform a dollar-wise risk assessment, starting with a root-cause analysis.
In the case of the Conficker infestation, the client didn't share the modality, but often the culprit is an infected USB key. A user, often an IT employee, sticks the drive into a computer, which then autoruns the worm. Voila! The root cause for hundreds of PCs infected over the network isn't network drive shares; it's an infected USB drive. Don't get me wrong: Addressing the network drive share problem is important, but addressing the first vector, the root cause, is more important.
Read this full article at InfoWorld
Only registered users can write comments.
Please login or register. Powered by AkoComment! |
