Some Thoughts on Who Should Pay the True Cost for Insecure Software

May 10, 2013 by Leave a comment

Paula Musich

Paula Musich

Summary Bullets:

  • A clear majority of cybercriminals share the same motivation as legal commercial enterprises: the drive for profits.
  • It is way too easy for cybercriminals to buy automated exploit kits and execute attacks for financial gain.

The recently released Verizon Data Breach Investigations Report shows that legitimate business has something in common with cybercrime: both are chiefly motivated by profits.  The report found that of the 92% of breaches it unearthed that were caused by external bad actors, 55% of those were linked to strictly profit-motivated cybercrime groups.  For legitimate business, the profit motive drives companies to focus on developing applications that either reduce the cost of doing business or add to top-line growth.  In either case, what is rewarded in application development is speed, functionality and increasingly a good user experience.  Secure coding and thorough testing that avoids common vulnerabilities is further down the priority list.  Read more of this post

Filed under Secure

Wired Authenticated Access is a Chicken and Egg Problem, and It’s Scrambled Up

May 3, 2013 by Leave a comment

Mike Fratto

Mike Fratto

Summary Bullets:

  • Strong wired authentication and access control is available using 802.1X, which is needlessly complex in wired networks and 802.1ae which is not widely available.
  • Lack of customer demand doesn’t give equipment vendors any inducement to simplify 802.1X wired functions or add 802.1ae to network equipment. You can change that.

Ever wonder why 802.1X and 802.11i is so well supported in wireless LANs—even consumer grade access points—yet is complex and fragile in wired ports? It’s not the technology or differences in the capability of wireless compared to wired equipment. The reason is customer demand. You. The average enterprise user hasn’t demanded the same level of functionality in the wired network as they did in the wireless. Read more of this post

Filed under Secure Tagged with , , , ,

Cyber-espionage: The Chinese Are Coming! The Chinese Are Coming!

April 26, 2013 by Leave a comment

Paula Musich

Paula Musich

Summary Bullets:

  • Is the Chinese cyber-espionage highlighted in the Verizon breach report escalating, or are we just getting a clearer picture of business as usual?
  • The larger threat still comes from within our own borders and from Eastern Europe.

The new Verizon Data Breach Investigations Report made for good headlines concerning an increase in what it says is cyber-espionage coming from China.  The one-two punch of the earlier Mandiant APT1 report, which offered evidence of the massive cyber-espionage effort conducted by Unit 61398 of China’s People’s Liberation Army, and the new Verizon report puts more pressure on the U.S. government to respond to this apparent increased threat; it also puts the onus on board members of publicly held companies that are targets of espionage to put more resources into the protection of intellectual property.  Just the phrase ‘Chinese cyber-espionage’ has very sinister connotations to it, conjuring up thoughts of attacks on infrastructure, or increasing competition with Chinese companies using stolen IP and cheap manufacturing as a competitive cudgel. Read more of this post

Filed under Secure

Practice Makes Perfect, or at Least Safer

April 16, 2013 by Leave a comment

Amy Larsen DeCarlo

Amy Larsen DeCarlo

Summary Bullets

  • Cybercriminals have become increasingly sophisticated in the methods they use to breach the enterprise, but the biggest risk may still be plain old human error.
  • Recent research shows that lost physical documents, missing memory devices, and misplaced laptops are the source of more breaches than online hacking attacks.

As an industry, we spend a considerable amount of time dissecting the latest cyber attacks and forecasting where the next source of trouble will be.  We advocate for enterprises to mount multi-layer defenses against a diverse set of threats leveled by an increasingly well organized contingent of hackers motivated by profit or ideology.  However, recent research serves as a clear reminder that the biggest threat posed to an organization’s data security may not be driven by malice or money.  In fact, the biggest threat may come from plain old fashioned human error. Read more of this post

Filed under Secure Tagged with , ,

Sandboxes and Silver Bullets: Vendors Promote New/Old Detection Techniques to Stop Zero-Day Threats

March 29, 2013 by Leave a comment

Paula Musich

Paula Musich

Summary Bullets:

  • Anti-malware vendors are falling over each other to emulate the success FireEye has seen with its particular update to the sandbox technique for detecting zero-day threats that evade existing defenses.
  • Prospective buyers should be thorough in their evaluation not only of effectiveness and false positives, but also costs to deploy and scale the technology for their own environments.

At this year’s RSA conference in San Francisco, a handful of anti-malware vendors resurrected an old malicious code detection technology with a new twist on it.  Sandboxing was promoted as the latest silver bullet to detect more sophisticated attacks that get past traditional defenses.  Vendors including McAfee, Trend Micro, Fortinet and sandbox veteran Norman Security all launched new sandbox initiatives, following the successful lead of niche player FireEye, which has seen significant growth as a result of its success using its Virtual Execution engine and Malware Analysis System to detect and shutdown malware infections that got past traditional defenses.  Other vendors also pursuing this new twist include Palo Alto Networks and Sourcefire.  Read more of this post

Filed under Secure

New Sandboxing Techniques a Silver Bullet for APTs? Not So Fast

March 15, 2013 by Leave a comment

Paula Musich

Paula Musich

Summary Bullets:

  • Sandboxing to discover malware is not new, so what makes these latest techniques more effective?
  • How well do these new sandboxing solutions avoid being detected by the malware sample?

The latest silver bullet aimed at shooting down those stealthy advanced persistent threats (APTs) or targeted attacks that make it past more traditional defenses, on display at the recent RSA conference, may or may not hit the mark.  Several anti-malware vendors announced new sandboxing technologies, despite the fact that sandboxing is not a new malware identification technique.  It is in fact at least 10 years old by Norman Data Defense Systems’ reckoning.  Norman claims it has a patent on the technique that dates back 10 years.  Of course, all the vendors jumping on this bandwagon, including McAfee, Fortinet, Check Point, and Trend Micro, are hoping to replicate some of the success that FireEye is seeing.  FireEye appears to be the latest hot independent security company; it markets an on-premises device that can examine e-mail attachments and content downloaded from a Web site.  Just last month, FireEye received a new $50 million venture funding injection (on top of an existing $55 million round), and former McAfee CEO Dave DeWalt has been hired to run the company, which appears to be angling for an IPO.  These latest sandboxing developments follow Palo Alto Network’s year-old cloud-based sandboxing service. Read more of this post

Filed under Secure

RSA 2013: Innovating for Better Risk Management

March 4, 2013 by Leave a comment

Amy Larsen DeCarlo

Amy Larsen DeCarlo

Summary Bullets:

  • Even with IT budgets extremely tight, security remains a funding priority for the enterprise in the face of a virulent threat environment, as was clear from the crowds at this year’s RSA Security Conference.
  • Security challenges associated with BYOD, virtualization, application layer attacks and the skills gap are driving organizations to focus on identifying vulnerabilities and prioritizing assets for better risk management.

Where there is a will, there seems to always be a way when it comes to IT security breaches.  At times, it seems as if the IT security industry and hackers are running on parallel tracks when it comes to innovating to prevent and launch attacks, with tenacious hackers too often getting the upper hand.  Yet, as the high attendance figures (approximately 24,000) at this year’s RSA Security Conference in San Francisco show, the enterprise is hardly ready to give up the fight.  Instead, vendors and managed security service providers (MSSPs) alike are continuing to come up with more advanced mechanisms to find and fix vulnerabilities and better mitigate risk to prevent exploits. Read more of this post

Filed under Secure Tagged with , , , , , ,

BYOD and Smartphones as POS Terminals Don’t Mix!

February 28, 2013 by Leave a comment

Paula Musich

Paula Musich

Summary Bullets:  

  • Retailers should resist the urge to have employees use their own smartphones or tablets as point of sales terminals for credit card transactions
  • Mobile malware has a fast growth trajectory, and retailers are a prime target for cybercrime

Here’s a really terrible idea: retailers allowing employees to use their personal smartphones or tablets to process credit card transactions on behalf of their employers. This caught my eye recently after the PCI Security Standards Council released its “PCI Mobile Payment Acceptance Security Guidelines for Merchants as End-Users” document, which does not recommend that activity as a best practice. Now there’s an understatement. Just because there’s an app for that doesn’t mean it’s a good idea to allow just any smartphone or tablet to act as a point of sale (POS) device in the retail world. The PCI Security Standards Council rightly pointed out to merchants that they have an end-to-end responsibility for the mobile app employed to process payments, the back-end processes and the security of a device that in this case they would not own. Read more of this post

Filed under Secure Tagged with ,

The Bamital Botnet Bust Takes an Interesting Turn

February 15, 2013 by Leave a comment

Amy Larsen DeCarlo

Amy Larsen DeCarlo

Summary Bullets:

  • Microsoft and Symantec disclosed that they have successfully (they believe) shut down the Bamital botnet, which was netting at least $1 million a year for the perpetrators.
  • The companies went beyond the usual legal and technical responses, employing the botnet’s own mechanisms to inform targeted users that their systems had been infected to carry out so-called ‘click fraud.’

Where there is a will, there always seems to be a way when it comes to hackers using new techniques and variations on old methods to breach systems for their own gain.  This is what makes the IT security discipline as relentlessly frustrating as it is endlessly challenging.  No matter how innovative IT security technologies become and practices evolve, determined cybercriminals seem to be finding new ways to penetrate even the best enterprise defenses.  Read more of this post

Filed under Secure Tagged with , , , , ,

In the Line of Fire: The Press Gets Hacked

February 4, 2013 by Leave a comment

Amy Larsen DeCarlo

Amy Larsen DeCarlo

Summary Bullets:

  • Press organizations, including The New York Times and The Wall Street Journal, strongly suspect that Chinese hackers infiltrated their networks looking for information on news sources and research.
  • These attacks – and private sector incidents – underscore the increasing prominence of politically, ideologically, and revenge-driven attacks in the threat environments.

2013 is starting where 2012 left off, with ideologically and politically motivated attacks making headlines, and in the case of a few recent high-profile breaches, making the news outlets that write those headlines extremely anxious.  The New York Times, The Wall Street Journal, and a number of other press organizations have publicized their own battles against what they suspect are politically backed hackers which have successfully breached their networks in search of data gathered on sources that exposed government scandals.  Though its government has denied any involvement, China specifically has been named for the role that attackers, suspected to be/accused of acting on its behalf, have played on hacking into journalist’s files in search of information used in articles on corruption and other political issues in China. Read more of this post

Filed under Secure Tagged with , ,

Older posts

Follow

Get every new post delivered to your Inbox.

Join 431 other followers