As information security professionals, we encounter what is at times an overwhelming deluge of negativity in our line of work. This is perhaps best evident in the media’s love affair with crippling data breaches, cyber security skills shortages, and the discovery of new “critical” vulnerabilities. Each of those incidents ultimately helps the industry to mature and evolve, but every security event nonetheless demonstrates how much growth we still have ahead of us.
But not everything is doom and gloom in the field of information security. We have seen a significant shift in the way most companies view and treat security over the past year, an awareness which in part motivated businesses to participate in the Cyber Security Awareness Month this past October. Additionally, on a day-to-day basis, we have discovered, analyzed, and mitigated an ever-evolving slew of attack vectors, thereby helping to make our places of work more secure. These are no small accomplishments given the cyber threats about which we all know.
Today is Thanksgiving, a day when everyone gives thanks. In acknowledgment of this national holiday, we at Tripwire have asked a few professionals in the field what they are grateful for. Here is what they had to say.
Allan Pratt, Information Security and Cybersecurity Strategist, Accounting sector:
While security breaches have become newsworthy in the mainstream media, we should be thankful that their result has brought information security into the public discourse and into the C-Suite. Previously, information security professionals were the Rodney Dangerfield’s of the tech team. But that is no more.
Brian Thomas, Lead Information Security Analyst, Hoag Hospital in Orange County:
After last year’s Target credit card breach, I am grateful that some companies have started to take information security more seriously and that they have realized an ounce of prevention is worth more than a pound of cure when it comes to protecting data.
Also, with regards to critical vulnerabilities such as Heartbleed, Shellshock, and POODLE, I am thankful to the infosec community for using social media to assist each other in the discovery and mitigation of those vulnerabilities. It really shows how tight the community is and how we are all working together towards the same common goals.
Claus Houmann, Head of IT, A bank based in Luxembourg:
I am thankful for a number of tools available to information security professionals. First, I am thankful for the Enhanced Mitigation Experienced Toolkit. EMET is a free tool that works. Not all professionals deploy it, and like any tool, it’s not foolproof. But it does act as extra layer of protection that bad guys must peel away in the case of an attack.
Second, I am thankful for the Splunk Splice app. This particular tool promises great things for the future of threat intelligence automation!
With regards to threat prevention, the rise of micro-virtualization over the past year bodes well.
Ken Westin, Sr. Technical Marketing Manager and Security Analyst, Tripwire:
I am thankful for the security industry as a whole maturing. Although it may not seem like it from the headlines, worldwide we are becoming more secure with regards to technology. I am seeing amazing things with regards to collaboration and information sharing within industries, not to mention an awareness and demand for security and privacy from consumers, all of which is unprecedented.
I am incredibly hopeful and optimistic with regards to the future of security. There will be more breaches and exploits, and there will always be the criminal element. But given the rapid growth of technology, this is to be expected. With every vulnerability, breach, and new attack vector, we learn, adapt and innovate.
Check out Tripwire SecureScan™, a free, cloud-based vulnerability management service for up to 100 Internet Protocol (IP) addresses on internal networks. This new tool makes vulnerability management easily accessible to small and medium-sized businesses that may not have the resources for enterprise-grade security technology – and it detects the ShellShock and Heartbleed vulnerability.
The Executive’s Guide to the Top 20 Critical Security Controls
Tripwire has compiled an e-book, titled The Executive’s Guide to the Top 20 Critical Security Controls: Key Takeaways and Improvement Opportunities, which is available for download [registration form required].
Image header courtesy of ShutterStock.com.