oldie but goldie
IT admins should focus on the fundamentals of network security, rather than worry about sophisticated state-sponsored zero-day attacks, mobile security expert Georgia Weidman told London's AppSec EU conference on Thursday. Weidman, founder and CTO of mobile security testing firm Shevirah, cut her teeth in the industry six …
Quite, it's amazing how often the basics are overlooked.
Too many breaches are down to the basics being messed as opposed to some amazingly complex hack, three simple rules to avoid the majority of problems -
1. It better to have an outage due to a patch than pay the fine for a data breach.
2. Trust nothing your systems are given until you've validated it on your systems.
3. Start by denying access then give when it's needed and revoking once it's no longer needed.
Way to put a lot of time restating keynote speeches given for the past 10 year; actually for the past 50. Don't forget the basics; we must get back to basics--maintain your foundation... blah blah. DUH! Sounds more like a speech given by a coach before a football match, than a well thought out technology briefing. Could also be the big all caps writing on a pamphlet.
BTW, those who aren't concentrating on the basics and shoring up their own networks... aren't worried about state sponsored attacks. They aren't worried about anything--because they're ignorant to begin with.
If I pay a lot of money to attend a conference, I don't want to hear ridiculous 'basic' crap from an individual who is on the cutting edge of information security. I can open up YouTube and search for this. Give me something new. Something I can't search for and find. Give me your best. YOUR BEST.
When I see crap like this, it makes me think the person giving the speech isn't really as smart as they let on about... it seems more likely it's the people they work with who are the intelligent ones, and they are the 'average' person riding on the coat tails of others.
"Weidman ran through enterprise-grade security controls available on the market – such as mobile threat defense and mobile application management"
How about making an enterprise-grade security switch on the underside of the phone, that renders it read-only when in the OFF position.
"Android is so fragmented that it's hard to develop reliable exploits, Weidman said during her presentation."
A novel concept .. maybe we should ban iOS and Android from the Intertubes and move to the industry standard :]