Marcus Ranum on Today's Top Threats

Credit EligibleAs a HealthcareInfoSecurity.com annual member, this content can be used toward your membership credits and transcript tracking. Click For More Info

In part one of a two-part interview, Ranum, the CSO of Tenable Network Security, discusses:

• Why we're more at risk today than we were a year ago;
• Threats posed by social media and new portable devices;
• What we should learn from the recent iPad incident.

Ranum, since the late 1980s, has designed a number of groundbreaking security products including the DEC SEAL, the TIS firewall toolkit, the Gauntlet firewall and NFR's Network Flight Recorder intrusion detection system. He has been involved in every level of operations of a security product business, from developer, to founder and CEO of NFR. Marcus has served as a consultant to many FORTUNE 500 firms and national governments, as well as serving as a guest lecturer and instructor at numerous high-tech conferences. In 2001, he was awarded the TISC "Clue" award for service to the security community, and also holds the ISSA lifetime achievement award. In 2005 he was awarded Security Professional of the Year by Techno Security Conference.

TOM FIELD: What are the biggest security threats to consumers and businesses today? Hi, this is Tom Field, Editorial Director with Information Security Media Group. This is Part 1 of a two-part interview with Marcus Ranum, CSO of Tenable Network Security. In this part we talk about the biggest security threats today, including social media, portable technology and the recent iPad Breach and what that means. Marcus, we first talked sometime back in 2009. It is a pleasure to talk with you again today.

Click to Get Updates on the Latest Information Security News

Company* Title* Email* Subscription Type: HTML Text Healthcare Enews General Healthcare Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Government Enews General Government Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Banking Enews General Banking Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Credit Union Enews General Credit Union Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Need Help?

MARCUS RANUM: It's good to be back.

FIELD: We talked last time about security threats and what was current, and I guess to revisit the topic I want to paraphrase Ronald Reagan: "Are we safer online today than we were a year ago?"

RANUM: Well it's kind of hard to put that on a single axis, but I would say that the answer would have to be no, and the reason is because we've got this dynamic that we play out in internet technology, and I think in computing in general, where the security practitioners seem to constantly be running along behind whatever is the leading edge or the cutting edge, and kind of going "No, no, wait stop," and trying to fix things. So, what tends to happen is that the folks who are out designing stuff on the cutting edge are busy creating problems for us faster than we can fix them, so we're mostly trying to fix the old problems that they haven't managed to make worse yet.

FIELD: So, when you look around, what do you see as the biggest security threats to consumers and businesses today?

RANUM: Well, I think malware is a huge problem. It has been a huge problem for a long time, and I think a lot practitioners saw this threat kind of bearing down on us for almost a decade or so. I'm a little concerned about complacency in malware, because I think what is happening -- certainly on the consumer -- malware has gotten a lot better in the last five or six years. I think what has happened is people are kind of going, "Well, my computer is not blue-screening very much; I must not have malware anymore." And what is really happening is that they've got better stealthier more reliable malware that just doesn't blue-screen their computer.

FIELD: Marcus, I want to ask you about some specific threats that have come up in recent times and get your thoughts on them. Social media for one. Everybody is dabbling in social media. Some organizations have policies, some don't. What do you see as sort of the real threats and maybe the ones that aren't as real as we would like to think they are?

RANUM: Well, there are some real problems. I mean, one of the issues with social media, of course, is information control and the problem of information leaking out. Organizations that don't have a very tight grip on who is allowed to speak for the organization -- you know they're going to encounter problems when somebody starts a blog or somebody in the marketing department just starts twittering whatever they think they should be tweeting at any particular moment. So there's the issue of media control and corporate relations, and that's actually a pretty serious problem. There is also the other problem of information leakage, which that one kind of surprises me. And if we look at it from a corporate standpoint, if corporations are allowing people to go update their Facebook pages from inside the corporate perimeter and during office hours, of course information of what they are working on is going to leak out. That seems kind of obvious.