The Security Eunoia

Many are the articles suggesting ways by which departments can make the most of shrinking budgets in these hard times. If you are a small company, allocating funds for all the security resources you need can prove very challenging. You need to be smart about security spending. Therefore security tools that just do the work for as little as possible is a ‘must consider’.

Aiming to take the fight to the bot herders, a company - SRI International - has released a tool called BotHunter. It is free. The software works by monitoring the communication between compromised hosts on a corporate network and bot-herding computers also known as command & control centres.

BotHunter uses what sounds more like heuristic methods and processes (where detection is based on patterns) or than signatures (where detection is based on known attacks). This is how it works:

Symantec has published a survey - Underground Economy - detailing the activities of cyber criminals who through astute business models have managed to rake in hundreds of millions of dollars in a year. The cost to victims of these activities easily runs into billions of dollars. What do they sell?

Vulnerability disclosure has been raging for as long as it has been. While some support what is known as Full Disclosure, a practice of going public with full details of security vulnerabilities, what appears to be an industry norm these days is called Responsible Disclosure where the details of the vulnerability is first disclosed to the vendor. So why does there appear to be a rift between TrendMicro and ISS X-Force?