Dr. InfoSec's Quotes of the Week (016)

Friday, April 01, 2011

Christophe Veltsos


On the State of Security

"We've approached security layer by layer. I have one tool for Web access, another tool for network access, another tool for e-mail. And yet I can't answer the basic question: Am I secure?" -- Bill Veghte, EVP of HP's software division

On Botnets & Legacy

"Botnets will be with us until the way computing works is fundamentally changed at the lowest level. Right now, we’re dealing with a legacy architecture that was invented back in the '70s. None of this was envisioned, so nobody designed any security into the lowest layers." -- Joe Stewart, director of Malware Research for Dell SecureWorks

On Custom Malware

"Every network we monitor, every large customer, has some kind of customized malware infiltrating data somewhere. I imagine anybody in the global 2,500 has this problem... It's fairly trivial to customize an exploit to bypass 70 percent of the time. I do it all of the time on engagements." -- Shawn Moyer, managing principal at security services firm Accuvant Labs


"The reality is that most CIOs have no idea what the Hell is on their network, not its provenance, what state it's in, let alone its state of vulnerability." -- Paul Simmonds, former AstraZeneca CISO, now with the Jericho Forum

On Social Networks

"The faith users put into social networks is providing an enormous universe of opportunity for nefarious actors." -- Anup Ghosh, Chief Scientist at Invincea

On Borderless Networks

"We've been working on an assumption that you need different levels of security for the internal network versus the external one, the Internet - the Big Bad World out there. That's been an incorrect assumption for at least ten years... Start designing everything now to be externalisable." -- Paul Simmonds, former AstraZeneca CISO, now with the Jericho Forum

Cross-posted from Dr. Infosec

Possibly Related Articles:
malware Botnets Social Media Security Legacy Systems
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.