Thursday, February 16, 2006

What the heck is ZAP?

As if there weren't already too many three leter acronyms, Secure Computing goes and invents a new, apparently meaningless, TLA:

Secure Computing Releases Zero-hour Attack Protection (ZAP) Technology

16 February 2006

A major challenge facing the security industry today is defending against new zero-hour attacks and rapidly emerging attack variants that are continually released before patches or attack signatures are available.

Secure Computing Corporation has unveiled its Zero-hour Attack Protections (ZAP(tm)) security technology for the Sidewinder G2(r) Security Appliance. The latest release of the Sidewinder G2 Security Appliance is scheduled to ship in the first quarter of 2006, and differentiates Secure Computing from traditional firewall/UTM products by stopping zero-hour attacks automatically without waiting for anti-virus or IPS signature updates.

ZAP technology is based upon the positive security model, which allows only legitimate network traffic and denies everything else. "Negative model" security technologies like IPS gateways are extremely useful, but they allow everything through the gateway unless they recognize known viruses and attacks. The positive security model is therefore superior at preventing unknown attacks because it automatically eliminates exposure to many types of attacks-unknown as well as known. ZAP technology combines over 200,000 attack signatures with a positive security model for maximum protection.

Secure Computing's ZAP technology also includes other key defense-in-depth security techniques working simultaneously in the Sidewinder G2, including:

  • SecureOS(r) self-defending platforms with patented Type Enforcement(r) technology - a preeminent example of the positive security model

  • Event monitoring, analysis, and notification using the Sidewinder G2(r) dashboard and Security Reporter(tm)

  • Traditional signature-based attack protections, including over 200,000 threat signatures

"Even with recent technological advancements, negative-model countermeasures have significant limitations when it comes to preventing unknown attacks," said Mark Bouchard of Missing Link Security Services. "The approach of enumerating all legitimate traffic and then denying everything else dramatically reduces an organization's attack surface area by inherently eliminating exposure to all sorts of attacks- unknown as well as known."

T. Paul Thomas, senior vice president of marketing and corporate strategy at Secure Computing added "The only way to defend against this accelerating threat is to deploy products based on the positive model of threat mitigation."

And in English this means what exactly?

Thursday, February 02, 2006

"Management vs. IT staff" by Patrick M. Hausen

I found great wisdom in this post by Patrick M. Hausen
to firewall-wizards:

They prevent intrusions, don't they? No, I'm not blaming any CEO for not knowing better - with the notable exception of the CEOs of companies selling IT security products or services. Even VPs of IT or whatever they may be called need not know much technical detail if the company is big enough to justify several levels of management hierarchy.

But I do blame CEOs for making decisions on certain products a "strategic" issue and part of their domain at all!

IMHO this is one of the main reasons for many bad products in the field. Remember MS ads: "The network that doesn't need an admin ..."

Stuff like that makes me want to bang my head against a wall.

I'm not old enough to have real experience here, but my impression is that in-house expertise and knowledgeable employees were valued much higher 20 years ago than they are now.

Current management schools seem to focus on "processes" and "standard products" with the explicit goal of making employess replaceable. Once the processes are perfect, you might as well hire monkeys for the job.

There seems to be a deep distrust in the people that run the IT departments and their opinions on technical subjects.
In jumps salesrep of $VENDOR claiming "Box XY will solve all your problems automatically and think of all the money to save, when you are not dependent on expensive expert workers anymore".

IMNSHO specifically investing in human beings instead of products is the only way to save us in the long run. Not only in IT security, but many of the problems we are facing today in Western European societies are (again IMHO) a direct result of preferring automation and fancy technology over people. Politicians and managers alike seem to have a big fear of relying on somebody.

Make the streets safer? Don't buy surveillance cameras and face recognition software - hire more intelligent and motivated cops and treat and pay them well enough to stay motivated and not prone to bribing.
Problems with public education? Use computers at elementary school?
Bull! Hire motivated teachers.

'nuff said.

Kind regards,

Patrick M. Hausen
Leiter Netzwerke und Sicherheit