2008 Security Forecast: 'Least Privilege' Engineering Will Gain Momentum
Jan 9th, 00:53 UTC
Human error and evolving phishing attacks will compel organizations to tighten control over application access, not just user access.
FOR IMMEDIATE RELEASE:
Allendale, New Jersey, January 8th, 2008 - Guardian Digital, the open source security pioneer, forecasts an increased need for comprehensive control over Internet and employee resources with 'least privilege' engineering in 2008. "Most vendors don't stress least privilege enough in their development architecture, especially with the increasing threats from human error and employee liability" says CEO Dave Wreski. "Security in 2007 has shown just how effective attackers can be at gaining authorized access to corporate resources. One of the best ways to protect against this is to lock down application access, not just user access."
Analysts are in agreement that phishing attacks will increase to an unprecedented level in 2008, especially targeted attacks made possible from social networking sites.
As a result, Guardian Digital forecasts the new year will mark renewed buzz on the advantages of 'least privilege' in platform and application development.
Least privilege is the concept of giving access to applications based only on what is required for them to work, and no more. Pursuing this strategy can provide a tremendous benefit for security. Since application access is minimized, corporate resources remain much more secure, something that can be difficult when the platform and applications come from different vendors.
"The increased effectiveness of social engineering will propel least privilege back into the spotlight this year," Wreski continues. "The buzz on network security will
decrease as there is an increased focus on solutions that combine platform and application development to reduce the risk of successful phishing attacks."
One example is the danger from web services. Without least privilege engineering, a tricked employee could allow an attacker to run an exploit on an Apache web server through a browser. Robust development driven by 'least privilege' can restrict this from within the application architecture, not just based on the privilege of the exploited user. If done properly, the web application can be engineered to explicitly run only the processes necessary, and will "jail" the attackers exploit, stopping it dead.
This requires experienced engineering that comes from developing both the operating platform and the applications, and integrating security into both. "Vendors that develop both," says Wreski "will be in a better position to successfully integrate least privilege into the corporate environment. We are proud to have emphasized this
strategy with EnGarde Secure Linux since our founding in 1999 and will look to take advantage of the increased focus as the year progresses."
About Guardian Digital:
Leveraging the inherent benefits of open source architecture and the knowledge of security experts around the world, Guardian Digital has engineered the first, truly secure open source operating platform EnGarde Secure Linux. The secure Internet infrastructure of the award-winning EnGarde platform and its accompanying suite of applications guarantee online information assets remain protected even as Internet threats continue to evolve. Customized to meet the specific needs of any size
enterprise, Guardian Digital's solution portfolio includes intrusion detection, Web services, secure remote access, information privacy and robust Email spam and virus protection.
(Submitted by Ryan Berens of Guardian Digital)
| 
