Posts Tagged cybersecurity
Network security forensics is often overlooked or lightly regarded when composing an overall security strategy. Be it forecasting a budget for forensic tools, or planning of an all-new green-field environment, the protection that proper forensics strategy provides in an environment can save countless resources when it comes to restoring a stable state, ensuring integrity, analyzing an intrusion or outage event, and learning information that can be used in the future. Forensic concepts also aid in reinforcing that secure data remains confidential. Forensic tools buttress the elements of a network that ensure integrity and availability. Sometimes this means a secure chain of custody or access, touching on the administrative model, it is often affected or in compliance with legal assertions or mandate.
As we continue this journey into the age of big data, cloud, mobility, social media and so forth, vast amounts of data are being generated daily. The volume of digital information continues to grow with no end in sight. More and more, personal and company information are becoming more and more digitized, both in storage and transfer. Securing this information is a growing challenge, and is becoming more complex by the day. Protecting digital assets means utilizing the best of available technologies and methodologies to achieve security goals. Not only must they ensure that the quality and performance of the solution is maintained, they must also assure undoubtedly that the information they seek to protect stays uncompromised.
Malwarebytes is the company behind the most advanced anti-malware protection and removal software in the industry. This growing company has a unique story rooted in the experiences of founder and chief executive Marcin Kleczynski. As the story goes, Marcin’s own PC had gotten infected with malware and he turned to community resources to try and fix his machine. Frustrated with the amount of effort this had taken, Martin took to writing his own program known as Rogue Remover. This software was distributed to friends and colleagues and officially formed the company and product now known as Malwarebytes. Distributed by the “freemium” model, the company relies on the performance of its product as evidenced by its community ratings. This grass roots approach is what makes this company unique. Reputation and expert referral has led the company’s product to over 100 million downloads to date with no end in sight, adding users at a rate of a million each month.
Efforts to address and maintain industry compliance and regulatory mandates for your organization are a great first step on the road to security. The list of standards are long and there is no shortage of complications and effort in arriving at a compliance stage. Among these standards are well-known names such as HIPAA, PCI-DSS, ARRA, HITECH, FFIEC, JCAHO, GLBA, SEC and the list goes on. Depending on the organization, they may adhere to one, a few, or several such compliance standards. Compliance has become an extremely time consuming task for many organizations, creating a scenario where significant resources across the organization are dedicated to the various tasks. In order to tackle these challenges, a driven, clear mission and supporting strategies are required on several levels in order to not only come into compliance, but protect assets, and keep capital and operating costs within check. With all of these elements and the posture they provide to an organization, a contentious reality arises in that despite all these efforts, security compliance is a noble, but futile diversion to security practice and really just one component to the overall security picture. Compliance can create a false sense of security that seemingly tells people that all systems are fully protected, but this is far from the truth.
A recently announced recall of RSA’s SecurID product is causing waves across the industry. Navigating these events and considering the implications, we review some of the aspects and analyze where the industry stands in relation to these conditions.
The details on the various federal contractor breaches have continued to emerge in recent news. Anofficial recent announcement from RSA acknowledged the previously rumored link between the initial RSA incident to the Lockheed Martin intrusion. L-3 and Northrop Grumman are likely to have been attacked through the same vector. This alarming series of breaches has caught the attention of media and customers alike. Among other sources, China has been mentioned as a possible source for these attacks. Meanwhile, reports of major defense contractors replacing RSA SecurID tokens with other token technology have been seen.
The recent eruption of reporting on federal contractor organizations and recent compromises has certainly been alarming. As a result of this there have been a number of theories and conspiracies coming forward. At the root of these theories is a commonality derived from the RSA compromise where it is believed that the cryptographic keys for SecurID may have been taken. What these events mean to the enterprise however remains to be seen. With absolute certainty, federal institutions and their affiliates will be on watch for continued attacks, and if indeed RSA related, we can be sure that they are addressing deficiencies by all technological means possible.
The rash of significant security breeches including Sony, RSA, Lockheed Martin, Epsilon mark a watershed moment in cybersecurity. In general, most attacks of the past could be classified as being based on opportunity. Not anymore. These attacks were all specific targets that comprise espionage and malice of government and corporate institutions. They have become increasingly sophisticated in nature. In the case of Sony PSN, the compromise was known to have covered their tracks to evade detection. In the case of RSA and Lockheed Martin, the linking of these compromises signifies a directed campaign against these institutions. At a minimum it appears that in that case, the attack on Lockheed-Martin was executed by a group seeking to sell to or acted as an agent of a foreign agency of some type. Naturally Lockheed-Martin has not released specifics on the attack, but it is interesting that recent calls by U.S. officials have stated that all retaliatory options are on the table in the event of a “cyber incident”. With this RSA-Lockheed Martin event, there is a certainty that other federal contractors are locking down right now, and an almost certainty that another target will fall, be it corporate or federal in nature using a similar directed attack.