One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 1432924 |
| Date de publication | 2019-10-29 13:00:00 (vue: 2019-10-29 14:07:24) |
| Titre | Was the largest breach in history a misconfiguration problem? |
| Texte |
Earlier this week, I heard a fascinating interview with the former Chief Information Officer of Equifax, Graeme Payne. If you are unfamiliar with Graeme, he was the scapegoat for the Equifax breach; described in Congressional testimony as “the human error” that caused the breach. Graeme, however, is a true gentleman who is very gracious about his situation. He explained that the servers that were breached were “under his watch”, so it makes sense that he was the person who was ultimately held responsible for the breach.
In Graeme’s recently published a book, The New Era of Cybersecurity Breaches, Graeme describes the events of the Equifax breach and offers practical steps to secure a company from the same fate that was suffered by Equifax. The only reason I have not yet read the book is because I did not know it existed. Now, it is on my wish list, and, if the description lives up to the book contents, I anticipate an excellent read!
One item that struck me as peculiar during Graeme’s interview was that he stated, contrary to all the reports about the breach, that the breached server was patched against the Apache Struts. To be clear, all of the news reports indicated that Equifax received notice of the vulnerability, the available patch, yet did nothing to prevent it.
I asked the following question: Didn’t you scan the servers after the patches were applied? (It is excellent that BrightTalk offers interactive webcasts like this.) Graeme responded that they scanned the servers for vulnerabilities, and the patch was reported as successfully applied to the server. How is that possible?
A further discussion ensued, in which the importance of authenticated versus unauthenticated scans was mentioned. It even drifted into the idea that a company should use two different scanners! We are not all the size of an Equifax corporation. Running two scanners is simply unmanageable for many medium sized enterprises.
I posted a follow-up question: How did the vendor of the vulnerability scanner respond once the breach occurred. Unfortunately, Graeme was not at liberty to discuss that. (If you are unfamiliar with the legal system, it probably means that the terms of his dismissal are confidential, and he cannot discuss various topics, such as any impending action against a vendor.)
Whatever the vendor’s response, it doesn’t matter. What matters is that the largest breach in history (to date), may not have been the result of human error or negligence. It may have been just another case of a misconfiguration problem, this time, with a vulnerability scanner.
Given the recent breaches that have involved cloud misconfigurations, it is important to remember that these problems can still exist within the cozy confines of an organization.
Graeme seems to be doing fine in his new existence, not as a scapegoat, but as a Phoenix. I empathize with how he was treated, and I am confident that I speak for all the security community by saying, we wish him well.
  |
| Envoyé | Oui |
| Condensat | “the “under about action after against all another anticipate any apache applied are asked authenticated available because been book breach breach; breached breaches brighttalk but can cannot case caused chief clear cloud community company confident confidential confines congressional contents contrary corporation cozy cybersecurity date described describes description did didn’t different discuss discussion dismissal doesn’t doing drifted during earlier empathize ensued enterprises equifax era error error” even events excellent exist existed existence explained fascinating fate fine follow following former from further gentleman given gracious graeme graeme’s have heard held him his history how however human idea impending importance important indicated information interactive interview involved item just know largest legal liberty like list lives makes many matter matters may means medium mentioned misconfiguration misconfigurations negligence new news not nothing notice now occurred offers officer once one only organization patch patched patches payne peculiar person phoenix possible posted practical prevent probably problem problems published question: read reason received recent recently remember reported reports respond responded response responsible result running same saying scan scanned scanner scanners scans scapegoat secure security seems sense server servers should simply situation size sized speak stated steps struck struts successfully such suffered system terms testimony these time topics treated true two ultimately unauthenticated unfamiliar unfortunately unmanageable use various vendor vendor’s versus very vulnerabilities vulnerability watch” webcasts week well what whatever which who wish within yet |
| Tags | Vulnerability |
| Stories | Equifax |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.