Kenneth Bechtel Team Anti-Virus
download slides (PDF)
In the past I wrote a paper for the Secure Focus website on defence in depth. In that paper, the corporation was divided into 'zones'. This paper was referenced and leveraged in the Team Anti-Virus 'ABCs of Corporate Malware Protection Handbook', and integrated to the AVIEN corporate protection book published in August 2007.
With this paper we hope to answer the following questions: are the zones and presumptions that were identified still valid? What are new factors and variables that need to be integrated in the defence in depth model?
By reviewing and challenging existing perceptions, we will discuss what modifications need to be made to meet current threats. This concept will not be limited to putting scanners at choke points and desktops, but will include things like PMDF and website blocks, and other generic protective mechanisms. By looking at the mechanisms the malware authors use, and comparing them to defensive countermeasures put in place, I hope to be able to put in writing the current concept of best practices for a defence in depth model that can be communicated and implemented by corporate practitioners.