1. Vendors that understand the value of accurate, timely communication about vulnerabilities, mitigation and patches
In the always-changing world of security planning and communication are the keys to staying sane. The worst thing that can happen is to be suddenly surprised by an unanticipated critical security patch.
This totally blows your plan for the day out of the water and requires recalculation of priorities and workloads. Software vendors know they are going to release patches in advance and could surprising the rest of the world.
Thankfully, more vendors are realizing the value of letting their customers know ahead of time about critical patches and deliver them with enough documentation to simplify the prioritization and patching process.
2. Software with auto update capability
I don’t know about you, but auto-update is probably the biggest risk-reducing innovation in the last few years. It helps everyone, from businesses to consumers and allows us all the luxury of a ‘set it and forget it’ mentality.
Let’s face it, people don’t want to be bothered with software updates. They just want the software to work. Automatic software updates help millions of computers improve their security, and that’s definitely something to be thankful for.
3. The default setting for auto-run is “off”
Just because I plug a disk into a computer or insert a CD doesn’t mean the computer should automatically execute a program.
In the bad old days autorun shipped with a default setting of “on” and it was a huge factor in the rapid spread of a cornucopia of malware. Thank you Microsoft (Adam Shostack) for finally turning auto-run off.
I think we can all agree that applications should not be allowed to access other applications or data beyond what is needed to run.
Sandboxing creates a sphere of security around an application, protecting the rest of the device and data from potential badness.
End users never see the result of sandboxing, but we should all be thankful that developers are building controls like sandboxing to contain risk.
5. Centralized configuration management
Times are tough in security. You’ll never have enough resources to do everything you want to do. Good centralized configuration management software allows one person to distribute a change to thousands of computers with just a few clicks.
Deploying software, making changes and mitigating configuration risks so easily is a huge win for every resource-starved security team, and it’s something we can all be grateful for.
- Wireless Pen Testing and Assessments
- Control and Capabilities Drive Enterprise Security Confidence
- Infosec Risk Management: Art, Science or Philosophy?
- Network Vulnerability Scanning in Today’s Networks
P.S. Have you met John Powers, supernatural CISO?
Title image courtesy of ShutterStock