The Key to Security: Understanding System Integrity
DATA SECURITY PODCAST
In a recent podcast interview with Steve Morgan, editor-in chief of Cybercrime Magazine, Robert E. Johnson, III, Cimcor CEO/President discusses the latest views on data security, and how businesses deal with ongoing data threats. The podcast can be listened to in it's entirety below.
Welcome to The Data Security Podcast is sponsored by Cimcor. Cimcor develops innovative, next-generation file integrity monitoring software. The CimTrak Integrity Suite monitors and protects a wide range of physical, network, cloud, and virtual IT assets in real time, while providing detailed forensic information about all changes. Securing your infrastructure with CimTrak helps you get compliant and stay that way. You can find out more about Cimcor and CimTrak on the web at cimcor.com/cimtrak.
Q: Joining us today is Cimcor's President and CEO Robert E. Johnson, III. Robert has been a pioneer in the development of next-gen system integrity monitoring, self-healing systems, and cyber security software. Rob, great to have you with us today.
A: Great to be back with you, Steve.
Q: So Rob. You're always a great source for me around data security, cyber security, and you know I'm puzzled. Why is this still such a big, on-going, growing problem?
A: You know, I think a lot of folks feel the same way. Why can't we get a handle on this? In fact, I was on a plane flying back from a trade show. There was a woman, probably in her 70s. She was asking me "Why can't you fix this"? And, I felt very bad for her, but right now, as much as it hurts to say it, the bad guys are winning.
We are spending about 9% compound annual growth rate of security-related spending over the last 10 years, where security breaches and incidents are beyond 30% compound annual growth over that same period in 10 years. So they're producing more.
Just a few years ago, we were looking at 78,000 new threats, or new incidents a day, or new variants of malware a day. In 2014, we were clocking in at about 300,000. Now we are 1.3 million new variants of malware per day. How do you keep up?
How do security vendors deal with this onslaught of threats? How do you deal with this continuously morphing set of malware? This whole ecosystem that is developing in the black market - how do you reduce the barriers of entry for people with malicious intent to infiltrate your systems, to get access to private data, and other things?
So we're kind of the underdog in this regard. I feel that some of the traditional methods that we've used in the past, anti-virus, firewalls, these traditional older technologies, are just becoming less and less effective because threats are becoming more and more sophisticated at a rate we just can't keep up with.
So we at Cimcor, feel that really the answer is to not try to jump into this rat-race where we're trying to chase 1.3 million new threats every day. In fact, we think it makes more sense to do exactly the opposite. Instead of worrying about those 1.3 million new threats, why not make sure we have a strong handle of exactly what's on your servers, exactly what your configurations are for your firewalls, exactly what privileges and rights are out there throughout all the systems on your infrastructure?
We're saying focus with that. And if you really understand your systems and integrity of all of your systems, then that's the key to a strong security strategy, in spite of the onslaught of threats occurring daily.
Q: So Robert, maybe you can give me a short answer on this one. You've been talking about this for the past few years and I concur with you. You've been a great source, you know, I read a lot of what you write.
Some people are listening to you, but I think most people aren't. Not to you directly, but just to that logic. Why? Why are we still in this place where CIOs/CISOs, or the people working for them, just don't have their arms around all of their assets and what that really looks like?
A: Well, you know, a lot of times we make our decisions based solely on the data we've received.
As security professionals, we receive a lot of data through marketing and you know what's always marketed--those brand new shiny objects out there, those brand new tools. Some of them are great, but you must focus on the basics. Your systems, and what is running on those systems, those are the basics.
Those are the fundamentals and ensuring the integrity of those items provides that foundation for all of these other pieces that you may want to put into place. So until we take a step back, it's not popular to worry about the integrity of your systems, but it is critical if you expect to survive in this new world.
Q: As always Robert, thank you so much for joining us today and we'll be back with you shortly.
To learn more about CimTrak and file and system integrity monitoring, download the CimTrak Technical Summary.
Since 1999, Jacqueline has written for corporate communications, MarCom agencies, higher education, and worked within the pharmacy, steel and retail industries. Since joining the tech industry, she has found her "home".