- Forrester Councils
- Councils Overview
- log in
Posted by Rick Holland on February 11, 2013
You are now no doubt aware that Boston-based security firm Bit9 suffered an alarming compromise, which resulted in attackers gaining access to code-signing certificates that were then used to sign malicious software. See Brian Kreb’s article for more details. (Symantec breathes a quiet sigh of relief to see a different security vendor in the headlines.)
The embarrassing breach comes at a time when the company has been seen as one of the security vendor landscape’s rising stars. Bit9 has actually been around for more than a decade, but the rise of targeted attacks and advanced malware has resulted in significant interest in Bit9’s technology. In late July, Bit9 secured $34.5 million in funding from Sequoia Capital. Bit9’s future was bright.
On Friday afternoon, Bit9 CEO Patrick Morley published a blog providing some initial details on the breach. A few of his comments stood out: “Due to an operational oversight within Bit9, we failed to install our own product on a handful of computers within our network … We simply did not follow the best practices we recommend to our customers by making certain our product was on all physical and virtual machines within Bit9."
Bit9 didn’t provide details on the operational oversight, but it certainly was the result of failed process, failed oversight, or both. A critical configuration management process didn’t exist, or wasn’t executed. An audit function to ensure compliance to security standards wasn’t in place or had not yet occurred.
The discouraging fact is that Bit9’s “operational oversight” is an operational reality for most companies. Ensuring ongoing compliance with security standards requires a significant investment in time and resources. Best practices are best efforts. When compared to most large enterprises, Bit9 is small, with significantly less complex operational challenges. The larger and more distributed the organization, the more challenging compliance becomes. If Bit9 could not avoid operational oversights, can you?
What's this mean for you?
Lead BT Transformation
Develop customer-obsessed strategies to drive growth »
Forrester's CX Index
Predict how actions to improve CX will affect revenue performance.
Measure the customer experiences that matter most »