In our third part of our multi-part series on security risks for the 21st century, we talk to Keatron Evans, Blink Digital Security LLC president and co-author of the book Chained Exploits: Advanced Hacking Attacks from Start to Finish. As a writer, professional speaker, trainer, coach and technologist, Keatron works to help businesses understand information security and how to use best practices and technology to meet information security requirements.
Bright Hub: Is network security going to keep pace with advances used by hackers?
Keatron Evans: The industry will keep up with most malicious hackers, yes. But not the very skilled ones. You have put into perspective the most companies are struggling to even patch and mitigate "known" attacks. For example, when a operating system vulnerability is discovered and a patch is issued for it, we're already behind the curve and playing catch up. Because of the fact that patches can break critical functionality, they can't just be blindly applied as we do on our home systems. At home you turn on automatic update and you automatically get patches as they are released. In enterprises it's not nearly as simple. Patches usually have to go through a test phase where they are deployed in a controlled test environment, approved, then deployed. This process can range from days to weeks and even longer. During this time, the enterprise is left vulnerable to "known" exploits. Also it should be understood that not all vulnerabilities are reported. We also have to remember that as more and more services, identities, and goods have moved to e-commerce, the malicious hacker community has grown tremendously. More hackers equal more innovation, and faster rate of new threat creation. The good news is the whole network security role is more defined, structured, and focused. This trend has lead to better "tooling” in the form of training, resources, and authority, which should lead to a better chance of keeping up.