Do you think you need a mobile device management platform? Think again, said Darrin Reynolds, vice president of information security at Diversified Agency Services. A formal policy should come first. Reynolds explains that security essentials can be done with existing systems.
Dave Kennedy, CSO of Diebold Inc. and a noted penetration tester talks about the need for enterprises to have more effective penetration tests and to stop buying the latest security technology. It doesn’t work, he told attendees at the 2012 InfoSec World Conference and Expo. Kennedy said businesses should base their pen testing requirements from the Penetration Testing Execution Standard (PTES) and hold pen testers responsible for meeting the standard.
Chris Petersen founder and CTO of LogRhythm talks about the SIEM market, the challenges for enterprises to get beyond compliance and shares his thoughts on the future of SIEM with deeper analytics. The interview was conducted last month at RSA Conference 2012.
Christopher Porter of Verizon explains some of the findings from the Verizon 2012 Data Breach Investigations Report. This year, hacktivists had a big impact on the numbers. Attacks are mainly less sophisticated and more automated in nature, Porter said.
Pete Lindstrom of Spire Security joins the editorial team in a discussion about the themes that emerged at RSA Conference 2012. Big data resonated at this year’s conference, but what does it mean? Also, the team talks about the specter of mobile security and whether application security gets overshadowed at the annual event.
Andy Purdy, chief cybersecurity strategist at CSC shares his views on SCADA vulnerabilities and sharing threat intelligence data at RSA Conference 2012. A member of the team that developed the U.S. National Strategy to Secure Cyberspace in 2003, Purdy later served as cybersecurity czar overseeing the NCSD in the Department of Homeland Security and the US-CERT.
The SearchSecurity team previews the 2012 RSA Conference. Hacktivism and numerous high-profile attacks, including the RSA SecurID breach could take center stage at this year’s conference. Targeted attacks, SCADA system weaknesses and mobile security challenges are likely to be the emerging topics in San Francisco.
Marty Roesch, founder and CTO of Sourcefire talks about the future of intrusion prevention systems and whether technologies like the RSA NetWitness network security monitoring platform pose a threat to the IPS business.
Roesch in his team recently introduced FireAMP, an integration of its $21 million acquisition of cloud-based antimalware vendor Immunet. FireAMP is an agent-based system that monitors end points and connects to Sourcefire’s servers, where the data is analyzed and shared with other users. Users of FireAMP will receive threat intelligence alerts on suspicious behavior and can block and remove malicious files, including malware that targets zero-day vulnerabilities.
The rise of high-profile data breaches associated with targeted attacks, such as the RSA SecurID breach in 2011, has put a renewed focus on the importance of Intelligence gathering technologies. RSA, which acquired NetWitness last year, is positioning the network security monitoring platform as an awareness system, rather than a system used by forensics teams during a post breach investigation. But Roesch doesn’t see a major threat posed by NetWitness’ capabilities. He said the system requires users to analyze massive volumes of data, asking questions to make sense of it all.
“That thing collects a lot of data and it’s pretty raw and in the past you needed to know what questions to ask the data to get anything out of it,” Roesch said. “I don’t see people putting IPS and IDS investments on hold because they’re looking at NetWitness. Since the acquisition happened they’ve been a lot quieter than when they were a private company. It will be interesting to see if their approach scales to solving the kind of problems we solve just knowing what I know about their sensing and collection infrastructure.”
In a meeting with invited media, RSA recently presented its plans for NetWitness. The company is working on improving analytics to make it more of a real-time platform. The company credits its NetWitness deployment for detecting the SecurID breach, although attackers still had time to gain access to its intellectual property. RSA executives said they are working on integrating its Archer governance, risk and compliance platform to provide NetWitness with easier to use reporting and dashboard capabilities.
Chris Larsen, a senior malware researcher with Blue Coat Systems explains how his research team maps malware networks to gain a better understanding of attack infrastructure.
Researchers at Blue Coat Systems Inc. have been mapping malware to better understand malware delivery. In the Blue Coat 2011 Mid-year report (.pdf), the company found a variety of websites and online forums consistently used by cybercriminals to spread malware.
The problem stems not only from websites dealing with pornographic and pirated material. Attackers are taking advantage of common website vulnerabilities on trusted and popular websites for use by cybercrime.
In an update provided recently, Larsen said poisoned search engine results are constantly being used to drive traffic to those malicious sites. While search engine providers are labeling suspicious sites, cybercriminals have an agile process in place. They can switch domains on the fly to maintain up-time and continue spreading malware, overseeing an ever increasing number of infected machines, Larsen told SearchSecurity.com.
In part two of this two-part podcast, special guest Andrew Jaquith of Perimeter E-Security joins the SearchSecurity editorial team in exploring the highs and lows of 2011 for the security industry.
Digital certificate breaches have fueled an erosion of trust online, according to the SearchSecurity editorial team. While researchers look for alternatives to the digital certificate system, it may not always be clear that the site you’re visiting is legitimate.
In this wide ranging discussion, SearchSecurity editors and special guest Andrew Jaquith of Perimeter E-Security, explore whether 2011 was a good year for the security industry or if the latest security incidents highlight many of the industry’s faults.
In addition to the digital certificate breaches, part two of this podcast explores the trend of companies increasingly studying the threat landscape to be better prepared for real world attacks. While many organizations fail at completing the most basic security tasks, others have applied the basics and are taking the next steps in understanding who their adversaries are and how to defend against them.
In addition, McAfee’s Operation ShadyRAT report may have come under intense criticism, but vendor research serves an important purpose, according to Jaquith. When taken into context, some research reports can be helpful when strategic planning.
Part 1 of Security Wins and Fails of 2011