On March 12, 2014, the annual HP sponsored Pwn2Own hacking competition took place at the CanSecWest security conference in Vancouver, British Columbia.  During the two day hacking event 35 exploits were used to launch 12 successful attacks.  A major theme of the exploits was the limitation of sandboxing technology. Search Security reported:

Sandboxing isn’t a security cure-all, Dormann

[Will Dormann, vulnerability analyst with the Carnegie Mellon University Software Engineering Institute’s CERT Division] said, but a sandbox does significantly increase the difficulty of crafting a successful exploit…

“Nobody is using software that is flawless. If you have a significantly motivated attacker, they are probably going to figure out some way to compromise that software,” Dormann said. “… Your goal, in order to stay safe, is to make it as difficult as possible for an attacker to achieve their goal.”

Are you making it as difficult as possible for an attacker to acheive its goal?  The most reliable way to introduce an exploit into a system is spearphishing — Proofpoint estimates that a spearphishing attack of just 10 emails is guaranteed to elicit a compromising response.  Email is an infiltration superhighway in which users can be counted on to take the spearphishing bait.  You can make it harder to deceive email users into taking the  bait by using  SP Guard.  SP Guard lets IT give users simple visual indicators so that users can make better email processing decisions.

You can contact us at  408-727-6342,ext 3 or use our online form.