|| ||"Ryan Berens" <rberens-AT-guardiandigital.com>|
|| ||"PR " <pr-AT-lwn.net>|
|| ||Security Prediction for 2008: 'Least Privilege' Engineering Will Gain Momentum|
|| ||Tue, 8 Jan 2008 08:56:27 -0500 (EST)|
The concept of 'least privilege' has been discussed within the
security realm since its inception decades ago.
Defined as a system where a process "must be able to access only
such information and resources that are necessary to its legitimate
purpose," it has been largely under the radar in the commercial
security space as strategies like endpoint and network security have
taken its place.
Guardian Digital, the developer's behind EnGarde Secure Linux, the
worlds first open source security platform, are announcing today that
2008 will showcase a huge resurgence in the exposure and awareness of
'least privilege' engineering as a metric for vendor security. The
company states this future re-emphasis on application access is likely,
especially considering the increased effectiveness of targeted
phishing attacks made possible from social networking sites.
More information is available in the Press Release below.
If you would like to cover it, or have any questions or comments, please
feel to contact us.
- - - - - - - - - - - - - -
Marketing and Communications
Guardian Digital, Inc.
- - - - - - - - - - - - - -
2008 Security Forecast: 'Least Privilege' Engineering Will Gain Momentum
Human error and evolving phishing attacks will compel organizations to
tighten control over application access, not just user access
Allendale, New Jersey, January 8th, 2008 - Guardian Digital, the open
source security pioneer, forecasts an increased need for comprehensive
control over Internet and employee resources with 'least privilege'
engineering in 2008. "Most vendors don't stress least privilege enough
in their development architecture, especially with the increasing threats
from human error and employee liability" says CEO Dave Wreski. "Security
in 2007 has shown just how effective attackers can be at gaining authorized
access to corporate resources. One of the best ways to protect against this
is to lock down application access, not just user access."
Analysts are in agreement that phishing attacks will increase to an
unprecedented level in 2008, especially targeted attacks made possible from
social networking sites. As a result, Guardian Digital forecasts the new year
will mark renewed buzz on the advantages of 'least privilege' in platform and
Least privilege is the concept of giving access to applications based only on
what is required for them to work, and no more. Pursuing this strategy can
provide a tremendous benefit for security. Since application access is
minimized, corporate resources remain much more secure, something that can be
difficult when the platform and applications come from different vendors.
"The increased effectiveness of social engineering will propel least privilege
back into the spotlight this year," Wreski continues. "The buzz on network
security will decrease as there is an increased focus on solutions that combine
platform and application development to reduce the risk of successful phishing
One example is the danger from web services. Without least privilege engineering,
a tricked employee could allow an attacker to run an exploit on an Apache web
server through a browser. Robust development driven by 'least privilege' can
restrict this from within the application architecture, not just based on the
privilege of the exploited user. If done properly, the web application can be
engineered to explicitly run only the processes necessary, and will "jail" the
attackers exploit, stopping it dead. This requires experienced engineering that
comes from developing both the operating platform and the applications, and
integrating security into both. "Vendors that develop both," says Wreski "will
be in a better position to successfully integrate least privilege into the
corporate environment. We are proud to have emphasized this strategy with EnGarde
Secure Linux since our founding in 1999 and will look to take advantage of the
increased focus as the year progresses."
About Guardian Digital:
Leveraging the inherent benefits of open source architecture and the knowledge of
security experts around the world, Guardian Digital has engineered the first, truly
secure open source operating platform EnGarde Secure Linux. The secure Internet
infrastructure of the award-winning EnGarde platform and its accompanying suite of
applications guarantee online information assets remain protected even as Internet
threats continue to evolve. Customized to meet the specific needs of any size
enterprise, Guardian Digital's solution portfolio includes intrusion detection, Web
services, secure remote access, information privacy and robust Email spam and
to post comments)