I've been fascinated by the information that keeps coming out about last December's Target data breach. Recent revelations by some of the people who studied the actual malware code have described it as "absolutely unsophisticated and uninteresting -- almost amateurish." Others noted anti-malware software is available that could easily have stopped this attack before any damage was done.
Too bad Target didn't have it, right? But it did! Six months before the attack, Target had installed and tested software from FireEye (which the CIA also uses to protect its networks). In fact, Target had put in place 24-hour monitoring of the system to alert the monitoring team, who in turn would notify Target's Security Operations Center (SOC) in Minnesota.
So what happened? The alarm was raised, the monitors notified the SOC, and the SOC ... did nothing!
The FireEye software also has an option to automatically remove malware when it's detected. According to various reports, Target's security team had turned off that option. Is it any wonder that Target's CIO fell on her sword and resigned in the aftermath of this debacle?
For those of us not directly affected by the breach, the scenario as it played out is just one more example illustrating what I've tried to instill in my audiences for more than a decade: Technology is easy; it's people that are hard.
Read the rest of this article on Dark Reading.