But Richard Rushing, senior director of information security for a large technology company, says the search for perfection distracts the community from a lot of tweaks it could be making to deal with targeted attacks more quickly and efficiently. At the , he outlined ways to do that in a talk called "Defending against targeted attacks using duck tape, popsicle sticks and Legos."
are now the focus at all levels of organization, industry, people, technology or third parties; stealing anything of value, he said. Companies spend six and seven figures a year to defend against it, to little avail. Rushing's goal was to show the value of security through imperfection by taking tools that are already in house or available in the open source community to achieve a faster, more agile defense.
He calls it the MacGyver approach. It's not perfect. But in some cases it might be better, he said.
"Working for a stalemate is the winning game right now," he said. "It's about common-sense security. There's no such thing as perfect."
First, he suggested adopting a few good habits to live by:
When Rushing says "real" he doesn't mean the biggest, most expensive technologies money can buy. In this case, real means that when the defenses are set up, the IT shop actually pays attention to the various devices and tools. Setting them up and walking away is the opposite of what should be done.
He pointed to patch management in particular as something many companies do wrong.
"Ninety percent of the world installs the patches right on Patch Tuesday," Rushing said. "The other 10 percent have a rigorous testing process that takes up to a week because they don't want the patches to break things. The proper approach is to realize things break and get good at unpatching quickly and effectively."
Learning to quickly uninstall patches that break things means you can shorten the patch deployment process considerably because you're not wasting days on the testing process, he said.
In summary, he said the idea of total protection is dead. Instead, companies should spend time, attention and money on faster ways to detect and seal the vulnerabilities that allow for targeted attacks, "because it will never be fully fixed."
in CSOonline's Network Security section.