On the State of Security
"We've approached security layer by layer. I have one tool for Web access, another tool for network access, another tool for e-mail. And yet I can't answer the basic question: Am I secure?" -- Bill Veghte, EVP of HP's software division
On Botnets & Legacy
"Botnets will be with us until the way computing works is fundamentally changed at the lowest level. Right now, we’re dealing with a legacy architecture that was invented back in the '70s. None of this was envisioned, so nobody designed any security into the lowest layers." -- Joe Stewart, director of Malware Research for Dell SecureWorks
On Custom Malware
"Every network we monitor, every large customer, has some kind of customized malware infiltrating data somewhere. I imagine anybody in the global 2,500 has this problem... It's fairly trivial to customize an exploit to bypass 70 percent of the time. I do it all of the time on engagements." -- Shawn Moyer, managing principal at security services firm Accuvant Labs
On CIOs
"The reality is that most CIOs have no idea what the Hell is on their network, not its provenance, what state it's in, let alone its state of vulnerability." -- Paul Simmonds, former AstraZeneca CISO, now with the Jericho Forum
On Social Networks
"The faith users put into social networks is providing an enormous universe of opportunity for nefarious actors." -- Anup Ghosh, Chief Scientist at Invincea
On Borderless Networks
"We've been working on an assumption that you need different levels of security for the internal network versus the external one, the Internet - the Big Bad World out there. That's been an incorrect assumption for at least ten years... Start designing everything now to be externalisable." -- Paul Simmonds, former AstraZeneca CISO, now with the Jericho Forum
Cross-posted from Dr. Infosec