- Tools & Templates
- Security Jobs
- Data Protection
- Identity & Access
- Business Continuity
- Physical Security
- Security Leadership
Flame: The importance vs. the hype
The last two posts have focused on the Flame malware and whether it's as big a concern as security vendors are making it out to be. I didn't plan to revisit the issue today, but a comment from a trusted source and a zany press release from another vendor forced a change of mind.
Let's start with my trusted source: Jennifer Minella, a CISO, infrastructure security specialist, speaker and author. Many of you know her as a straight shooter who doesn't exaggerate. I've come to rely on her honest take on things, and I consider her a good friend. So when she posted the following comment in a previous post, I took notice:
"Flame is VERY different than Stuxnet and Duqu... much much larger, more sophisticated and modular. This time, it's not hype."
I will say that from the beginning, I recognized Flame as something significant. My problem is in how security vendors talk about it. Some stick with the details and play it straight, but others have gone off the deep end in hopes of getting in a news report. It's probably fair to say that the PR firms they work with are not serving them very well this time around.
Why is this important? Because overhyped PR pitches and news stories distract IT practitioners. They don't need more stories about the boogeyman. They need the basics: how Flame functions, how to see it coming based on network behavior, and how to make it less of a threat to the companies they work for.
The following PR pitch, which landed in my inbox yesterday afternoon, is an example of hype burying the useful, actionable detail:
It reads like an Avenger comic book or the next Bond film. Bigger than Stuxnet! Highly sophisticated! Predominantly used in data theft and cyberespionage! The widespread proliferation of malware infected systems and the toolkits hackers need to complete their latest espionage is indeed insidious.
(the vendor) is a recognized leader in providing solutions to defend against Advanced Persistent Threats (APTs). In order to address Flame, Deep Content Inspection (DCI) is a new approach to data inspection that incorporates thorough analysis that must be employed into the network. I wanted to connect you with (the vendor's CEO) as a resource to discuss the cause and effects of this malware. What is your availability to discuss the significance of Flame and how it could be avoided?
That's a lot of flash. If the press release gave me research gleaned from customers who use their DCI products, you'd be reading a much different post right now.
My goal here isn't to bash PR people and security vendors. I know it's my job to cut through the hype and clutter and get them to give me the simple facts. I also know after several years in this business that when the PR approach is loud and hyperbolic, the same kind of news coverage follows, especially if it's from the more mainstream press.
The contrast between Jen's comment and that press release illustrates another important point: Whenever I talk to the security practitioners in the trenches -- no matter the issue -- they always have a far more muted reaction to the supposedly big news of the day. It's not that they don't find newly-discovered malware, vulnerabilities and attack techniques important. Of course they do.
It's just that in the day-to-day process of mounting a defense, these things don't look anywhere near as exciting as we in the media sometimes make it out to be.
Granted, their lives do get exciting -- in a not-so-good way -- when these things result in a data breach. But the media hype isn't necessarily going to help them prevent the breach.
Thanks to cloud computing, your business data is everywhere and being accessed by everyone. Making the wrong decision to protect your data can result in high costs, increased risk and executive exposure. View this live webinar on cloud security and the evolving data center, and learn why a data-centric approach to security is the best bet for today's virtual environment.
- Redefine Business Portability
- Prevent Mobile Devices from Loading Dangerous Code
- Expanding Your Security Perimeter: Common Sense for Navigating Today's Threat Landscape
- Fighting Fraud Videos: IBM Intelligent Investigation Manager
- IBM Intelligent Investigation Manager: Online Product Demo
- Webinar: IBM IIM for Fraud, Abuse and Waste in Government