SBN

KISS: Keep IT Security Simple

The Bottle Opener: first patented in 1894 by William Painter1, is a simple and effective tool for, well, opening bottles. We all have one in a drawer, mounted on a wall, or attached to our keys. A bottle opener serves one and only one purpose — opening bottles. It is not trying to be a screwdriver, or hammer, or a light switch. It is dedicated solely to its function.

Bottle openers are often added to other products to increase value and convenience. Shoes have bottle openers embedded in their soles. Drink coolers have bottle openers attached to their sides. Rings on fingers have cutouts for opening bottles. There are even bottle openers for your wallet. 

The simplicity of the product, the bottle opener, allows it to work with other products seamlessly. And still bring value to those products. It is truly an Occam’s razor product. No complications, no moving parts, nothing unnecessary, adding value without adding complication

By now you may be asking, “what does this have to do with cybersecurity?” In short, Source Defense has created a purpose-engineered product to defeat Magecart which we call “VICE”. VICE is simple, friendly, effective, and dedicated to preventing Magecart attacks. Like the bottle opener, it is patented, works well with others, and brings value to your existing security products.

VICE is built on simplicity. VICE does not place an additional burden on your already over-taxed security team, nor is constant maintenance and upkeep required. Simply place our tags into your webpage, accept policy recommendations as necessary, and know that VICE is preventing magecart attacks. No remediation or additional hires necessary. VICE is the simplest solution to the Magecart problem — the Occam’s razor for Magecart.

Additionally, VICE works well with others. Whether you currently use a Web Application Firewall, content security policy, subresource integrity, or other web security technologies, VICE will provide a complimentary line of defense . The focus of VICE, and Source Defense as a whole, is to work with your existing security solutions to extend your security perimeter to the client. 

VICE is effective at, and dedicated to, preventing Magecart attacks. The web is full of security problems and security products, many of which are modified or adapted or stretched in an attempt to remove the threat posed by Magecart. One technology commonly applied to this threat is content security policy (CSP). The primary benefit of CSP is preventing the exploitation of cross-site scripting vulnerabilities2. However, recent discussions and briefs on CSP suggest that it can also now thwart Magecart attacks which is hopeful at best and misleading at worst. It has been rebranded to solve a problem it was not intended to solve. Source Defense has focused on creating solutions to solve specific problems. No rebranding required.

At the end of the day, a decision about what tool you use to solve your problem needs to be made; The patented technology to solve the problem at hand, or a rebranded off-the-shelf technology ill-suited to the task? Would you rather have a purpose built tool that will work every single time, or some flimsy metal bracket glued to the side of a promotional tchotchke?

If you’re interested in learning more about Source Defense, VICE, or our other solutions, please visit https://sourcedefense.com/request-a-demo. Or if you’d like to check your website exposure, please visit https://sourcedefense.com/check-your-exposure/ for a free risk report.

1) https://patents.google.com/patent/US514200A/en

2) https://csp.withgoogle.com/docs/why-csp.html

The post KISS: Keep IT Security Simple appeared first on Source Defence.


*** This is a Security Bloggers Network syndicated blog from Blog – Source Defence authored by Randy Paszek. Read the original post at: https://sourcedefense.com/resources/blog/kiss-keep-it-security-simple/