The Ashimmy Blog

I saw an interesting Google Alert in my mailbox today. Titled “Cybercriminals In The Cloud”, I thought it was going to be about how cybercriminals were now using cloud services to access confidential information.  So I bit and found myself at a “welcome screen” from Forbes.  Why call it a welcome screen, lets call it an ad page as that is the only thing on there and you can watch the ad or click thru. After clicking through I was greeted by an article by Charlotte Dunlop (nice picture Charlotte).  The gist of the article was that the big thing at RSA was how top tier security vendors were going to use reputation services to make IDS/IPS, UTM and other technologies better able to stop the new more sophisticated attacks that CIOs are dealing with.

I say poppycock! Yes reputation services in the cloud are great for picking up IPs that have been used as spam homes or spewing other malicious content, but in targeted attacks cybercriminals are smart enough to use fresh IPs, not ones that are already tainted.  If these bad guys are smart enough to devices the techniques they do to break in, lets not be naive enough to think that they are going to then go out and use the same old IP addresses to launch new targeted attacks.  Reputation type of defenses are great against mass market type activity, but for targeted exploits that CIOs reading Forbes are worried about I don’t think it offers much hope.  Sounds to me more like yet another person bought the security in the cloud story hook, line and sinker.