Thursday, August 4, 2011

With Shady Rat, McAfee Indicts Itself As A Failed Company

Shady Rat is not about China, even though Dmitri Alperovitch and McAfee want it to be. Instead it is an indictment of McAfee as an Information Security company; utterly impotent to protect its clients against the very serious, ongoing theft of Intellectual Property by multiple state and non-state actors around the world. Regardless of what the billion dollar APT marketing machine wants you to believe, the Peoples Republic of China is not the only nation state that is leveraging cyberspace to acquire key technology. I can name at least a dozen, and that number will double by this time next year. The problem isn't with China or any other government involved in illegal technology transfer. Espionage must be the world's third oldest profession. The problem is that many of the targeted corporations at one point believe in the snake oil remedy sold to them by McAfee and others like them. But not any more. Bloomberg just posted an article about an hour ago - "Hacker ‘Armageddon’ Forces Symantec, McAfee to Seek Fixes".

There's no easy fix to this because it isn't a simple problem. Companies that fall victim to low level attacks like spear phishing and SQL injection have to shoulder some of the blame themselves. That's just poor security management on their part. In addition, all companies need to re-calibrate their security configuration from network-centric to data-centric. Here's the 50,000 foot view of what I recommend to Taia Global clients:

Identify - Isolate - Monitor - Terminate

1. Identify your most critical data, then isolate it from the rest of your network.
2. Identify who is permitted to access that data, establish norms of access for each individual, then monitor that access in real-time. 
3. When an authorized person breaks their norm of access, or when an un-authorized person gains access, it alerts to a security dashboard and the connection is temporarily terminated until verification can be made.

With this level of protection, it doesn't matter how the bad guys got in or where they're from. All that matters is that they aren't leaving with your data. Additionally, companies have to understand and have a strategy to mitigate the risks that they face from their overseas offices and vendors; particularly in those countries whose laws permit the government to monitor communications and review source code. 

Big InfoSec continues to push a failed model of information security and the Shady Rat report graphically displays why. Dmitry Alperovich neglected to mention that part in his white paper; probably because it's a lot easier to blame China than to acknowledge how you and your company have been profiting from a failed security model for all these years while hiding that fact from your customers.

UPDATE (06 AUG 11): Symantec and Kaspersky both took McAfee to task about its Shady Rat report. Symantec researchers actually found the same data that McAfee did and published it in greater detail and less hyperbole. Kaspersky basically called it a publicity stunt timed to take advantage of Black Hat 2011.

1 comment:

  1. This comment has been removed by a blog administrator.

    ReplyDelete