Staying up to date on Information Security
A number of significant security vulnerabilities were exposed this past year. The ones with a catchy name and logo were highly publicized and created lots of conversation about information security. Unfortunately, much of that conversation has been misinformed. With that in mind, I wanted to share a candid account of how an information security team stays informed about the security threats you read about in the newspaper (as well as the ones you don’t).
Heartbleed and FREAK were both highly publicized vulnerabilities discovered in implementations of the 20-year-old SSL protocol. FREAK affected over 10% of the top 1 million sites on the web and Heartbleed affected well over 60% of active internet sites.
Heartbleed and FREAK are excellent examples of how a major focus of modern Information Security is fixing old mistakes. In fact, 9/10 actionable alerts come from 5+-year-old bugs in code that are now being discovered exploitable.
As these vulnerabilities are being discovered, it is our responsibilities to stay up to date and ensure our clients are protected as soon as patches and fixes are released.
As an organization, we have a balanced approach to security. We offer proactive services like Vulnerability Scans, Penetration Testing & Dos Mitigation. On top of that our security team is also constantly looking for and reacting to new information. Staying up to date is a massive effort, involving subscriptions to notifications and alerts from a long list technology providers including (but not limited to);
|HP||ISC – Internet Storm Center||Secunia||Apache|
These subscriptions alone amounts to between 30-50+ news alerts per day – with at least five actionable items on a daily basis. We review each alert and depending on its severity we may schedule a patch, escalate the remediation or even implement the Tenzing Emergency Patching Procedure. (For more about our Emergency Patching program check out our Heartbleed response timeline).
Beyond checking alerts from providers, our teams are engaged members of the Information Security community. That means we are spending the time reading and participating in posts and discussion on places like Reddit and Twitter, as well as using our monitoring systems to check logs for patterns and discrepancies regularly.
Although this summary is short and sweet, I hope it highlights the effort and expertise needed to stay on top of information security news and alerts. Our security team works diligently to stay informed and make sure our clients are protected and secure. The world of information security is fast moving and often overwhelming; a managed service provider like Tenzing can help retailers stay one step ahead. Contact us if you are interested in more information about our security processes and services.
Editors Note – Special Thanks to Jaime McDonald, Information Security Officer and Change Manager here at Tenzing for the insight into his world!