By Jim Reavis

I have had just a little while to reflect on what I heard from industry experts at last week’s security conference at eBay.  While I can’t share some of what I heard on this blog, I wanted to mention a few interesting insights on trends to think (i.e. worry) about in 2008:

DNS weaknesses.  Cricket Liu of Infoblox provided some excellent data for my expert predictions slidedeck.  There is plenty of reason to believe that DNS attacks, including but not limited to pharming, will be on the upswing this year.  A majority of the over 2 million DNS servers on the Internet have significant vulnerabilities.

Rootkits.  Several experts pointed out the trendline of malicious code getting pushed  lower and lower into the operating system - even below it.  Loading malicious code directly onto video card memory and other hardware is feasible.  Rootkits and other techniques for hiding malicious code make it that much more difficult to eradicate and signal the need to further shift our strategies.

Data Leakage.  The economics of massive portable storage seems to overwhelm preventative strategies.  Several experts discussed the needs for greater data governance - at least being able to identify sensitive data more readily.

Forensics.  A greater focus on logging, incident response and putting the bad guy behind bars was discussed.  If we can’t prevent, let’s detect and arrest. 

Related posts:

1. “It’s getting hot in here” - so turn off all your servers
2. Windows Vista Risks - “A Reality Check on PatchGuard”
3. Exposure Time - A Metric For Proactive Security Risk Management
4. Enterprise Data Protection Podcast
5. The Convention on Cybercrime: Why It Will Do Far More Harm Than Good

Posted by Jim.Reavis on Sunday, March 2nd, 2008, at 10:02 pm, and filed under Articles.

Follow any responses to this entry with the RSS 2.0 feed.

You can post a comment, or trackback from your site.