If you have nothing to prevent that, they’ve already won. They’re establishing an outbound connection right back to their system which means you’re toast and your firewall means nothing.
Businesses who have recognized the death of security as they once knew it have kept their protection programs up-to-date by shifting focus on areas such as internal network security and monitoring, endpoint security and configuration management.
Most importantly, the most successful security practitioners have begun to supplement the old guard in technology with proactive security through whitelisting. Unlike the traditional method of blacklisting the “known bad” programs and application, whitelisting only lets the “known good” execute within the enterprise environment.
“Both the threat environment has changed and our priorities have changed so that we really need to get into protecting the information itself,” Mogull said. “So that’s where the concept of information-centric security comes from. Which is why people are saying ‘Why don’t we look at the tools and techniques we need to protect the data and not just protect our networks?’” - Rich Mogull, Securosis, from March 200 Baseline Magazine article.
vulNErAbIlITy mANAGEmENT IN A wEb 2.0 wOrld
Senior Director of Solutions and Strategy, Don Leatham, sits down to discuss Vulnerability Management challenges in a Web 2.0 world, and how to defend against these threats.