Security Wire Weekly

Costly business logic flaws require manual testing

Robert Westervelt — Tue, 08 May 2012 19:11:32 +0000

Business logic flaws are costly to detect but even more costly if they are exploited, says application security expert Dan Kuykendall, CTO of NTOBJECTives Inc. Manual testing can detect the issues before cybercriminals can take advantage of the flawed functionality.

2012 Verizon DBIR lessons overshadowed by hype

Robert Westervelt — Wed, 25 Apr 2012 20:40:57 +0000

In this edition of Security Squad, the editors discusses the 2012 Verizon DBIR findings that have been hyped and misconstrued and why only 8% of organizations make a breach discovery with internal technologies. Also, a discussion on how the message delivered at a recent conference by several security luminaries fell flat.

Mobile device security policy essential to BYOD security

Robert Westervelt — Thu, 12 Apr 2012 20:11:36 +0000

Do you think you need a mobile device management platform? Think again, said Darrin Reynolds, vice president of information security at Diversified Agency Services. A formal policy should come first. Reynolds explains that security essentials can be done with existing systems.

Expert advocates for more effective penetration tests

Robert Westervelt — Tue, 03 Apr 2012 12:47:43 +0000

Dave Kennedy, CSO of Diebold Inc. and a noted penetration tester talks about the need for enterprises to have more effective penetration tests and to stop buying the latest security technology. It doesn’t work, he told attendees at the 2012 InfoSec World Conference and Expo. Kennedy said businesses should base their pen testing requirements from the Penetration Testing Execution Standard (PTES) and hold pen testers responsible for meeting the standard.

Is your firm reviewing your logs? SIEM’s second life

Robert Westervelt — Thu, 29 Mar 2012 14:46:17 +0000

Chris Petersen founder and CTO of LogRhythm talks about the SIEM market, the challenges for enterprises to get beyond compliance and shares his thoughts on the future of SIEM with deeper analytics. The interview was conducted last month at RSA Conference 2012.

Verizon DBIR 2012 overview, attack mitigation strategies

Robert Westervelt — Thu, 22 Mar 2012 19:35:53 +0000

Christopher Porter of Verizon explains some of the findings from the Verizon 2012 Data Breach Investigations Report. This year, hacktivists had a big impact on the numbers. Attacks are mainly less sophisticated and more automated in nature, Porter said.

Big data or big security buzz word?

Robert Westervelt — Thu, 08 Mar 2012 13:10:50 +0000

Pete Lindstrom of Spire Security joins the editorial team in a discussion about the themes that emerged at RSA Conference 2012. Big data resonated at this year’s conference, but what does it mean? Also, the team talks about the specter of mobile security and whether application security gets overshadowed at the annual event.

RSA 2012 Andy Purdy on critical need to address SCADA woes

Robert Westervelt — Fri, 02 Mar 2012 08:39:08 +0000

Andy Purdy, chief cybersecurity strategist at CSC shares his views on SCADA vulnerabilities and sharing threat intelligence data at RSA Conference 2012. A member of the team that developed the U.S. National Strategy to Secure Cyberspace in 2003, Purdy later served as cybersecurity czar overseeing the NCSD in the Department of Homeland Security and the US-CERT.

RSA Preview - The Erosion of Digital Trust

Robert Westervelt — Wed, 15 Feb 2012 23:02:58 +0000

The SearchSecurity team previews the 2012 RSA Conference. Hacktivism and numerous high-profile attacks, including the RSA SecurID breach could take center stage at this year’s conference. Targeted attacks, SCADA system weaknesses and mobile security challenges are likely to be the emerging topics in San Francisco.

Sourcefire CTO Marty Roesch talks intrusion prevention, FireAMP

Robert Westervelt — Thu, 02 Feb 2012 15:01:15 +0000

Marty Roesch, founder and CTO of Sourcefire talks about the future of intrusion prevention systems and whether technologies like the RSA NetWitness network security monitoring platform pose a threat to the IPS business.

Roesch in his team recently introduced FireAMP, an integration of its $21 million acquisition of cloud-based antimalware vendor Immunet. FireAMP is an agent-based system that monitors end points and connects to Sourcefire’s servers, where the data is analyzed and shared with other users. Users of FireAMP will receive threat intelligence alerts on suspicious behavior and can block and remove malicious files, including malware that targets zero-day vulnerabilities.

The rise of high-profile data breaches associated with targeted attacks, such as the RSA SecurID breach in 2011, has put a renewed focus on the importance of Intelligence gathering technologies. RSA, which acquired NetWitness last year, is positioning the network security monitoring platform as an awareness system, rather than a system used by forensics teams during a post breach investigation. But Roesch doesn’t see a major threat posed by NetWitness’ capabilities. He said the system requires users to analyze massive volumes of data, asking questions to make sense of it all.

“That thing collects a lot of data and it’s pretty raw and in the past you needed to know what questions to ask the data to get anything out of it,” Roesch said. “I don’t see people putting IPS and IDS investments on hold because they’re looking at NetWitness. Since the acquisition happened they’ve been a lot quieter than when they were a private company. It will be interesting to see if their approach scales to solving the kind of problems we solve just knowing what I know about their sensing and collection infrastructure.”

In a meeting with invited media, RSA recently presented its plans for NetWitness. The company is working on improving analytics to make it more of a real-time platform. The company credits its NetWitness deployment for detecting the SecurID breach, although attackers still had time to gain access to its intellectual property. RSA executives said they are working on integrating its Archer governance, risk and compliance platform to provide NetWitness with easier to use reporting and dashboard capabilities.