It seems counterintuitive: how can it be that making software “stronger” (as in reducing vulnerabilities) can increase risk on the Internet (as in creating more incidents)? But it happens frequently. The trick to understanding this conundrum lay in thinking like…
Economics and Risk
AMP: Determining the value of whitelists, sandboxes, isolation, and active forensics
by Pete Lindstrom • • Comments Off
The most challenging thing about evaluating anti-malware solutions is the variety of architectures that can be employed to address the problem. Let’s look at three product categories and see how they might provide value to an organization: 1. Application Control…
Cost-Benefit Analysis for Anti-Malware Protection (AMP)
by Pete Lindstrom • • Comments Off
I recently wrote about key economic considerations for AMP. With those in mind, it is time to evaluate your existing anti-malware program and determine whether you should consider augmenting or otherwise addressing it. The first stage of this process is…
Do Enterprises Need AMP? An “Advanced Malware Protection” Market Assessment
by Pete Lindstrom • • Comments Off
Over the past few months I have been on an “advanced malware protection” (AMP) kick. I am fascinated by this topic because it ties together a set of market conditions that can be extremely challenging to navigate through, both for…
Do you need “Advanced Malware Protection” from 0days and the APT? Key Economic Considerations
by Pete Lindstrom • • Comments Off
Events over the past few years have heightened attention on attackers with more serious intentions than script kiddies or casual hackers. The “advanced persistent threat” has been outed, first generally by Google and RSA, then much more explicitly by Mandiant.…
New Workshop: Drinking from the Advanced Malware Protection Firehose
by Pete Lindstrom • • Comments Off
“Drinking from the Advanced Malware Protection (AMP) Firehose” is a workshop for information security architects, managers and tech-savvy executives to evaluate the ability of newer and evolving AMP solutions (whitelists, sandboxes, active forensics) to address the challenges of zero-day and…
Does “Risk = T * V * I? Notes on Pr(t) * Pr(v) = Pr(event)
by Pete Lindstrom • • 1 Comment
On the SIRA mailing list, we are discussing the age-old risk equation “Risk = Threats x Vulns x Impact (or Consequences).” A number of folks think it is nonsense. Here’s why I don’t. (Email to SIRA mailing list). Before I…
Which is More Secure – Android or iOS?: Tale of the Tape
by Pete Lindstrom • • Comments Off
Tech risk professionals love to have debates about platform security, though it used to be Windows vs. Linux (really closed vs. open source) which morphed to Windows vs. Apple and is now Android vs. iOS. In any case, there are…