The Reader’s Speak – the Top Ten Posts of 2011

The year is rolling to its inexorable end and it is time to look back fondly on the top blog posts from Exceptional Security in 2011.  The selection process is generally scientific, using the site stats to gauge reader interest.  But personal bias and self-indulgence are also a factor.  At least I am honest, and I refrain from clichéd predictions.

Advanced Persistent Threat: Solution – No, Effective Detection – Yes.  This post was actually written in January of 2010 but has been the most-read post on the blog.  The post addresses the qualifications of Triumfant as a viable and effective tool for detecting targeting attacks, including APT.

The UC Berkeley Breach – You Don’t Know What You Don’t Know. Another post written before 2011 that continues to resonate.  In fact, this post is a very early expression of what I now call Rapid Detection and Response – the ability to quickly detect the attacks that evade preventative software and quickly respond to the breach.

Trojan Horses, Payloads and Flamethrowers.  This post turns the most overused cliché in IT security – the Trojan Horse – on its ear to illustrate rapid detection and response and the folly of relying solely on perimeter defenses.  Not to mention gross misuse of literary license as I insert flamethrowers into classical mythology.

Sayano-Shushenskaya Accident A Model for What a Duqu/Stuxnet Combo Could Mean.  This post uses the incident at a Russian hydroelectric facility to illustrate what kind of terrorism could be performed with a Stuxnet style attack.  The images from a 900 ton turbine unit tearing free of its moorings seemed to provide readers a visual reference point for the potential of such attacks.

Purely Commercial Espionage – The Advanced Persistent Threat Targets Businesses.  The exact definition of APT is hotly debated, but most see it as cyber warfare at the nation state level and not an issue of commerce.  Regardless of definitions, this post explores the burden that commercial organizations are bearing from targeted attacks that extract intellectual property from U.S. companies, negatively affecting the economy.

Certificate Authorities Hacked – So Who Can You Trust? This post speaks to the corruption of the chain of trust caused by the hacking of several certificate authorities.  The important takeaway is that prevention mechanisms can be fail along a variety of vectors, so adding rapid detection and response is necessary and prudent.

The Emotional Barriers to Embracing the Presumption of Breach Doctrine.  Why, in the face of all statistics and other forms of evidence to the contrary, do people cling to the notion of the 100% effective preventative shield?  This post looks at the emotional component that prevents highly rational people from admitting that they are getting breached and taking the appropriate action. I think it is a concept worth exploring more broadly.

Finding a Needle in a Haystack – Child’s Play! Another alternate take on a treasured IT security cliché – the needle in the haystack.  Specifically that finding a known thing – the needle – in a homogenous population – the haystack – was a far easier proposition than locating malware without a signature in the vast IT world. Too big to do in one post, it turned into a series of posts.

Virus Attacks U.S. Drone Fleet and the Need for Rapid Detection and Response.  Sometimes when you are trying to get some traction around a concept or term, the world throws you a bone.  As I was introducing the concept of Rapid Detection and Response, the story broke about the attacks on the C&C center for the U.S. drone fleet and how that was a perfect scenario for the concept.

Time to Put Your Antivirus Software on a Diet.  This was posted in late 2010 but got a lot of reader momentum in 2011.  The post is an answer to the question frequently asked when we present Triumfant: “Are you saying you replace antivirus tools?”.   As a bonus, it contains my favorite phrase of 2011: fusillade of FUD.

Well, that wraps 2011 for Exceptional Security unless something big happens that requires comment.  Otherwise, thank you for reading – it is always humbling to know that someone takes the time to read.

See you in 2012.