It seems counterintuitive: how can it be that making software “stronger” (as in reducing vulnerabilities) can increase risk on the Internet (as in creating more incidents)? But it happens frequently. The trick to understanding this conundrum lay in thinking like…
Author Archive for Pete Lindstrom
Advanced Malware Protection Evaluation Criteria
by Pete Lindstrom • • Comments Off
[Pete Lindstrom is VP of Research at Spire Security, LLC and host of the AMP Firehose 1-day Workshop (vendor bakeoff) coming up in Chicago on 10/29. Register at www.regonline.com/AMPFirehoseCHI.] I believe the folks at Gartner put a lot of research…
AMP: Determining the value of whitelists, sandboxes, isolation, and active forensics
by Pete Lindstrom • • Comments Off
The most challenging thing about evaluating anti-malware solutions is the variety of architectures that can be employed to address the problem. Let’s look at three product categories and see how they might provide value to an organization: 1. Application Control…
Cost-Benefit Analysis for Anti-Malware Protection (AMP)
by Pete Lindstrom • • Comments Off
I recently wrote about key economic considerations for AMP. With those in mind, it is time to evaluate your existing anti-malware program and determine whether you should consider augmenting or otherwise addressing it. The first stage of this process is…
Do Enterprises Need AMP? An “Advanced Malware Protection” Market Assessment
by Pete Lindstrom • • Comments Off
Over the past few months I have been on an “advanced malware protection” (AMP) kick. I am fascinated by this topic because it ties together a set of market conditions that can be extremely challenging to navigate through, both for…
Do you need “Advanced Malware Protection” from 0days and the APT? Key Economic Considerations
by Pete Lindstrom • • Comments Off
Events over the past few years have heightened attention on attackers with more serious intentions than script kiddies or casual hackers. The “advanced persistent threat” has been outed, first generally by Google and RSA, then much more explicitly by Mandiant.…
New Workshop: Drinking from the Advanced Malware Protection Firehose
by Pete Lindstrom • • Comments Off
“Drinking from the Advanced Malware Protection (AMP) Firehose” is a workshop for information security architects, managers and tech-savvy executives to evaluate the ability of newer and evolving AMP solutions (whitelists, sandboxes, active forensics) to address the challenges of zero-day and…
Does “Risk = T * V * I? Notes on Pr(t) * Pr(v) = Pr(event)
by Pete Lindstrom • • 1 Comment
On the SIRA mailing list, we are discussing the age-old risk equation “Risk = Threats x Vulns x Impact (or Consequences).” A number of folks think it is nonsense. Here’s why I don’t. (Email to SIRA mailing list). Before I…