Control-as-a-Service (CaaS)

Anyone tired of hearing that the following architectures solve all the world's problems - SaaS, IaaS, Cloud?  Here's a novel concept, why don't we take "control" of our solutions, from a security perspective, and leave our fate in our own hands.  Case in point - MedStar Health:

- Per this Computerworld Article, MedStar was attacked over the weekend with the same ransomware that hit the Hollywood Presbyterian Medical Center in mid-February.  Per the report, the organization lost "control" of files and their system.  Does that sound like a potential HIPAA issue to you?

- Per this earlier ESPO Systems Blog, the Locky Ransomware is leveraging holes in our security controls.  To be precise, the malware authors know we dare not block Microsoft Attachments... even if they have malicious macros.  They also know AV Signatures are too slow to provide value.  As such, the only answer is Sandboxing... ala Forcepoint's Solution.

- So, you likely are asking, what does the MedStar Health Organization use to protect against these threats?  Well... they've bought into the Cloud Saves Everything dogma and have given "control" of their security to Google/Postini:

One final question, considering MedStar has given up "control" of their email security, is there much of a chance that outbound email is being monitored for PII or PHI?  It may be time to take back control of our security solutions.

Comprehensive Threat Protection?

With the RSA Security Conference coming to a close, we suspect a lot of Security Pros are asking the same questions as us regarding all the dollars thrown at marketing, "really"?  That's not to say this intangible expense isn't needed.  If the products perform as advertised... we need to get-the-word-out.  However, when the marketing is nothing other than an attempt to obfuscate what is happening in the real word, as is the case currently with McAfee, it is our obligation to shed light on this.  Case in point:

McAfee is proclaiming to the world that they provide "Comprehensive Threat Protection"

However, as is often the case, malware is currently propagating across the internet via Microsoft Word Documents with Malicious Macros in which McAfee is not providing the protection their Mkting Dept claims.  Per below, only 3 of 55 AV Engines currently find a problem with this file:

Need further proof that the file is indeed malicious?  Note that files are dropped locally, processes are affected and outbound HTTP calls to Mother Russia are occurring:

In summary, and as is often stated on this blog, AV is a commodity.  Improve your security posture by implementing Next Gen Solutions with the cost savings found by reducing your spend on AV.