Today's malware is increasingly hard to clean up. It seems those persistent attackers we hear so much about leave behind a lot of persistent malware. Regardless of your malware clean-up processes, there remains a high likelihood of re-infection. In many cases the only way to rid a device from the kinds of malicious code we see is to re-image the device. Basically just start over again. Hopefully all the user data is backed-up and salvageable, so the only cost is time. A lot of time. But that's really the only way to ensure you won't see the same malware over and over again.

Given the intense industry focus on cloud and virtualization and the perception that security is a huge impediment to adoption for both - let's take a look this month at the hype vs. the reality of the so-called VirtSec.

Since this is intelligentwhitelisting.com, we'll obviously look at VirtSec within the prism of application whitelisting. That means we won't discuss the impact of virtualization on network security, but remember that too is important because how you provision firewalls, IDS/IPS, and network monitoring must change in a virtualized data center.

No amount of scary headlines or warnings issued by security experts and government agencies has the impact of the sure knowledge that you have been targeted. Would you change your IT security posture if you knew someone or some organization was after your data?  In fifteen years of talking to people about improving their security, I repeatedly hear the response “but we are just a <insert benign industry here> who would want our data?”  Industry by industry, organizations have learned the hard way that their data is valuable to someone.

Over a period of many years, hackers intruded into more than 70 large organizations around the world in a campaign McAfee dubbed Operation Shady RAT. It has garnered many a sensational headline, but the actual hacks involved are more typical than sensational, and they are the type that would have been stopped by a well-implemented whitelisting system.