In the RSA 2007 conference titled Securing End Points with Network Solutions, Tipping Point's Senior Product Manager Robert Albach Sr. posed a real doozy of a question: "Would you rather have your company a) infected by a widespread, debilitating worm or b) lose critical data going out of the network?" Pretty much all the audience members that voted chose the worm. Albach pointed out that a worm could be more personally humiliating or cause more long hours, since it would be highly visible to coworkers and bosses. But a data loss had much more potential for regulatory and compliance problems that could cause the company bad press, lawsuits or fines. But where do corporations spend more money and time? Deploying and maintaining anti-virus, anti-spyware, IDS/IPS and behavioral defenses to combat the worm? Or deploying information leak prevention technologies -- either at the network (like Vontu) or at the endpoint (USB controls, mobile encryption or other info leak protections like Workshare Protect)? An interesting quandary, especially since it was posed by a man working for a company that defends against the former. Where do you stand? Which would you choose?
Pick Your Poison
As an IT or security officer, which would you choose: a debilitating worm or a data theft?