Like most people I expect, the notion of securing my laptop or workstation seems to be a simple thing; an automatic daily occurrence that just “happens” for the most part. And rarely do we see any indication that the security being administered is actually doing anything. But that’s the goal isn’t it? No news is good news? If the dashboard in my car shows “all clear” I reasonably presume everything is as it should be. No brake warning light shining means I must have functioning brakes to stop the car. Or, does it really mean that my brake warning indicator light may or may not be working, and that I actually may or may not have functioning brakes? Still… I get in the car and drive off feeling safe and confident. So, if I get no pop-ups on my screen telling me the website I just went to is trying to download something unexpected onto my laptop, I can presume no one is actually attempting anything nefarious? Given a few moments of thought, I come to the conclusion we often trust the simple $2 indicators (or lack of them) far more than we question whether the underlying complex mechanisms which use those indicators are in fact functioning. No news is still good news, yes? No, not really, but it is easier for most of us to handle. Soon, we depend on this being absolutely true that we no longer can envision how it might not be true; that the defenses around my computer systems, whether at home or in the largest corporate data centers, could ever be breached without my being made aware of the attack.
But as it turns out, defenses are not insurmountable nor ever totally repairable. Even the attempts at “air gapping” between networks can be overcome by a human and an USB thumb drive. This inescapable fact is at the very core nature of these battles around our data. Neither side ever keeps the “high ground” long before a new battlefield of submitting malware, viruses, and the programmatic vulnerabilities that allow them to enter a system is established. So we cloak our systems with ever more sophisticated software and analysts to work to stay one step ahead of the next attack or attempted violation of our data. But how do we effectively monitor our systems to know when a silent failure has occurred in this software we are entrusting to always work?
One basic thing you can do is ensure you in fact have the best technology in place to provide protections. After all, if we are going to end up assuming everything is working unless it isn’t, that software must be the strongest, most rugged, current protection available. We want the best insurance policy we can get. Note, that may also mean the best is not freeware either. Freeware will guard against some things, but it doesn’t necessarily have the engineering investment to keep it both current and increasingly sophisticated against the growing sophisticated attacks it is meant to defend against. After all, it only takes one clever bug to get past the “basic” protections of freeware to corrupt your enterprise. Better to pay for products from companies that do this sort of security for a living. And there are several out there. So which one is really going to be the best for your circumstances? You need to talk to the vendors specifically and ask the hard questions. Be certain you develop the highest confidence in not only what the vendor says they do, but in “how” they provide the protection, “how” they create and maintain the data and signatures to know when something bad is occurring. By learning the details of the software you are considering, you can build that needed level of confidence the likelihood of a silent failure will be virtually nil. Once you have your “short list” of products, construct the most evil scenarios you can devise and put the products through their paces. Test them extremely. In the end, the more ways you devise to break the software, and the more times the software rebuffs being broken, the higher degree of confidence you will gain for entrusting that software as the gate keeper of your systems.
Each of us owes it to ourselves and those whose data we are charged to protect to re-examine what the basis of our defenses are and really take the time to understand if we are as well protected as we hope we are. It is now time to discover if our “free or old” patching / compliance / Anti-virus / Anti-malware software products have been silently failing exposing our systems to unknown assailants allowing access to our most precious assets; our data.
