Myth  #4 -- Encryption as a primary effective control against data loss

Origin

This myth has a long history since encryption technology predates the digital era.  Encryption, as the first choice of protection measures against data loss is, almost a sacred cow of information security trade craft.  Most practitioners simply take it for granted that encryption (and for that matter DRM) are basic forms of protection that should be your first choice of technologies to help prevent the theft of data.

What we see

Obviously, a large number of basic applications of encryption are vital and necessary protection measures.  Automatic protection of content via encryption is a fundamental security protection with well-established value.  Whole-disk encryption of laptops, basic...

Myth  #2 -- The standard model of perimeter security protects the enterprise

Origin

In one sense, this is one of those myths that most practitioners already know to be false.  Wherever you look (practitioners working at large enterprises, activists like the New School gang or the Jericho crew, or nearly any security blog) it’s not hard to see consistent criticism of the current working model for security.  What's strange is that, in the face of this rough consensus of the failure of the standard model, why is there so little progress addressing the alarming acceleration of publicly reported breaches?

What we see

From our perspective, there’s pretty stark evidence that backs up the claim that the standard model is broken.  With...

Last time we took a look at some of the performance improvements we made in MR3 in the client towards our goal of "zero-impact security".  Now let's look at some of the changes we made in the management server itself.

One of the biggest improvements is a change we made in the LiveUpdate signature delta generator.  When LiveUpdate runs on the management server and downloads new virus and IPS signatures from the Symantec server, it creates deltas, so that minimal data is transmitted over your company's pipes when your clients request the latest virus and IPS signatures.  We completely redid the delta generator in MR3, resulting in an increase of 1000% in time to create the deltas!  Not only is this process unbelievably faster than before, but it also creates significantly smaller deltas.  The overall benefit is that the management server is more responsive than before, since it is no longer spending as much time creating deltas.

...

Our next major release, Brightmail Gateway 8.0, is coming soon andwith that, we are now open for applications to join our beta program.

Becausewe like to get as many customers and as diverse deployments involved as possible, itdoesn't matter if you have 50 people protected by Brightmail or 50,000.

In order to participate, you'll need to have either spareappliance hardware (for example, a retired 82xx series appliance thatyou have for a test environment) or access to VMWare virtualisationproducts in order to run the Brightmail Gateway Virtual Edition.  Thereis _some_ scope for us to provide you with a loaner HW appliance butthese are limited in number and first come first serve!

Ifyour company is interested in joining, get the ball rolling by droppingme an email to ian_mcshane@symantec.com with a few details such as:

STN Forum username (if applicable), actual name and job...