Share these talks and lectures with your colleagues
Invite colleaguesPractice paper
Is your information security ecosystem consuming poisonous information and putting your enterprise at risk?
Cyber Security: A Peer-Reviewed Journal,
1
(2),
116-126
(2017)
Abstract
Information security practices and technology are rapidly evolving. Security specialists are tasked to stay up to date on the current trends and to examine and implement integrated defences that require intelligence from different information security solutions in an effort to confirm that information assets are properly protected. In today’s security ecosystems, the challenge becomes greater because systems are integrated to process more information at a rapid pace in an effort to effectively protect organisations from cybercrime. This paper explores how most vulnerability management (VM) solutions that are central to every enterprise’s information security program may contain a serious hidden flaw that could result in highly inaccurate conclusions and even higher levels of security risk exposure. The flaw present within VM solutions is related to the challenge of correlating hosts, as scanned at one point in time, to their correct counterparts, as scanned at a different point in time. This paper details the issue, consequences of inaccurate correlation and recommendations to overcome this problem.
Keywords: vulnerability management; information security; risk assessment and management; vulnerability scanning solutions; information security ecosystem; network host discovery
The full article is available to subscribers to the journal.
Author's Biography
Gordon Mackay , CISSP, serves as Executive Vice President and Chief Technology Officer (CTO) for Digital Defense, Inc. (DDI). As CTO, MacKay applies mathematical modelling and engineering principles in investigating novel solutions to many of the technological challenges within the automated vulnerability management space. He leads the technology roadmap, has been responsible for achieving patent status for the company’s scanning technology, and developed a patented host reconciliation process. Prior to joining DDI, MacKay held several research and development leadership positions at Alcatel USA and led the Call Server Database Team with the inception and design of a real-time in-memory database used in the Alcatel Softswitch. MacKay has presented at numerous security-related conferences, including RSA, and his expertise has been featured by top national and international media outlets such as FOX Business, Softpedia, IT World Canada and others. He enjoys using creative real-world analogies, as well as using Star Trek references in the content of his presentations and communications. He holds a Bachelor’s degree in electrical engineering, computer engineering from McGill University, Montreal, Canada.
