- Related Stories
-
Flaw finders to software makers: It's payback time
August 17, 2006 -
The man behind Cisco's security
February 14, 2006 -
Kevin Mitnick on hacking's evolution
November 4, 2005 -
ISPs versus the zombies
July 19, 2005 -
Hacking for dollars
July 6, 2005
(continued from previous page)
Is your job ever going to change from being the fireman and putting out fires to building fire hydrants or sprinkler systems to prevent fires from occurring?
Stewart: I think it already has. We're still putting out fires, but three years ago where you never knew what was going to happen next, I was fighting the stomp and crush of finding the latest infected computer, finding whatever idiot did it, and shutting it down. That's firefighting; that's not my problem today.
Now I'm getting the sophisticated fires, not flash fires, not forest fires. I'm dealing with the sparkles, the ones that are designed to get at very sensitive data, and I'm not handling the massive outbreak, and I'm not even worried about the massive outbreak. So I don't feel like a firefighter.
Do you believe in things like whitelisting or blacklisting applications on desktops?
Stewart: To me, whitelisting is more important than blacklisting. Whitelisting is where you have a confidence factor..., not wholeheartedly, that the application is safe, but that you have a reasonable assertion that it was installed by somebody or something that is known, and that it came from a known vendor you look to if there is any issue.
Blacklisting, on the other hand, automatically shuns an application that (subsequently) never recovers from blacklisting. And I'd rather focus on an unknown application that is an anomaly--it can still be good, it can still be bad, but we scrutinize it differently.
Do you use any whitelisting tools or blacklisting tools?
Stewart: In some respects, Cisco Security Agent is a little bit like a whitelisting tool. It says that there are a certain number of actions and a certain number of applications that have received those actions that are allowed.
What do you think of data leak protection tools that are popping up everywhere to make sure sensitive data doesn't leave your enterprise?
Stewart: We've got a (variety) of issues around unstructured data leakage. It is a nascent and important market. I've watched this space for a while because, in the data center, for example, if you know that a structured set of data is supposed to leave, it is a great place to set a perimeter and protect.
Similarly... Connections between companies where you have a vehicle by which you feel confident what data is supposed to go between you and a partner, (are) a great place to determine it is only that data going between them.
Unstructured data is the single biggest risk to companies, bar none, and it's because it leaves in unorthodox ways. It leaves on USB keys, PDAs, iPods, CD writers, in electronic mails where you accidentally type the first couple of letters and then, oops, it gets sent it off to the wrong place.
And the solution to it is still to be determined?
Stewart: It's still to be determined and different companies can approach it different ways. One company might go back to the mainframe era where all data is in a controlled environment. Another company will look at it and say that data needs to be moved and manipulated, and assert that only the data can move in certain criteria.
If you could have one wish granted in terms of the security space and work that you do, what wish would that be?
Stewart: I would love to have an open standard, universally adopted data tagging mechanism. That mechanism could assert criteria about data as it's moving. Once that's done, every signaling system can look for those tags and you would know if data is in the wrong spot, you know how it is moving and you can redirect the data if it is going to the wrong place. You could, for example, assert on an endpoint that it can't get the data it's trying to get. You could have networks actually watch data in flight and watch not so much that data's contents, but its classification.
Does any of that exist at all?
Stewart: At a very basic level. The Microsoft team, the Adobe team, the Open Office guys, they've all worked at ideas, but they still haven't managed to make basic parts of this actually an open standard. 
See more CNET content tagged:
John Stewart, Cisco Systems Inc., bot, attacker, radar
Hackers who want to turn a profit will do so the easiest way possible. As for what the easiest way is... depends on the security and settings used by those whom they're hacking into.
If the hackers find one way more profitable than another... they'll switch to the more profitable method.
Bottom Line: Don't allow them to access/mimic/hack anything that they can make a profit on. And fine them way over and above what ever profits they could have made otherwise such that it's not profitable any more.
FWIW