Posts Tagged Cybersecurity

The case for Network Security Forensics

Network security forensics is often overlooked or lightly regarded when composing an overall security strategy.  Be it forecasting a budget for forensic tools, or planning of an all-new green-field environment, the protection that proper forensics strategy provides in an environment can save countless resources when it comes to restoring a stable state, ensuring integrity, analyzing an intrusion or outage event, and learning information that can be used in the future.  Forensic concepts also aid in reinforcing that secure data remains confidential.  Forensic tools buttress the elements of a network that ensure integrity and availability.  Sometimes this means a secure chain of custody or access, touching on the administrative model, it is often affected or in compliance with legal assertions or mandate.

Share

,

No Comments

Making the case for Network Security

As we continue this journey into the age of big data, cloud, mobility, social media and so forth, vast amounts of data are being generated daily.  The volume of digital information continues to grow with no end in sight.  More and more, personal and company information are becoming more and more digitized, both in storage and transfer.  Securing this information is a growing challenge, and is becoming more complex by the day.  Protecting digital assets means utilizing the best of available technologies and methodologies to achieve security goals.  Not only must they ensure that the quality and performance of the solution is maintained, they must also assure undoubtedly that the information they seek to protect stays uncompromised.

Share

,

No Comments

Malwarebytes takes significant growth steps

Malwarebytes is the company behind the most advanced anti-malware protection and removal software in the industry.  This growing company has a unique story rooted in the experiences of founder and chief executive Marcin Kleczynski.  As the story goes, Marcin’s own PC had gotten infected with malware and he turned to community resources to try and fix his machine.  Frustrated with the amount of effort this had taken, Martin took to writing his own program known as Rogue Remover.  This software was distributed to friends and colleagues and officially formed the company and product now known as Malwarebytes.  Distributed by the “freemium” model, the company relies on the performance of its product as evidenced by its community ratings.  This grass roots approach is what makes this company unique.  Reputation and expert referral has led the company’s product to over 100 million downloads to date with no end in sight, adding users at a rate of a million each month.

Share

,

2 Comments

Security Compliance does not equal Security

Efforts to address and maintain industry compliance and regulatory mandates for your organization are a great first step on the road to security.  The list of standards are long and there is no shortage of complications and effort in arriving at a compliance stage.  Among these standards are well-known names such as HIPAA, PCI-DSS, ARRA, HITECH, FFIEC, JCAHO, GLBA, SEC and the list goes on.  Depending on the organization, they may adhere to one, a few, or several such compliance standards.  Compliance has become an extremely time consuming task for many organizations, creating a scenario where significant resources across the organization are dedicated to the various tasks.  In order to tackle these challenges, a driven, clear mission and supporting strategies are required on several levels in order to not only come into compliance, but protect assets, and keep capital and operating costs within check.   With all of these elements and the posture they provide to an organization, a contentious reality arises in that despite all these efforts, security compliance is a noble, but futile diversion to security practice and really just one component to the overall security picture.  Compliance can create a false sense of security that seemingly tells people that all systems are fully protected, but this is far from the truth.

Share

, ,

4 Comments

LulzSec should not die

As news gets out that notorious hacking group LulzSec has disbanded, an unfortunate missing element to these stories is that there are individual components of the notorious group and numerous other groups that have always existed, continue and will continue to emerge. The cat is out of the bag and many internet hackers are believed to be inspired to follow the LulzSec saga of publicity-driven breaches.  LulzSec’s history of exploiting known vulnerabilities and threats and subsequent public disclosure of the methods used during their escapades will and has likely inspired followers en masse.  The #antisec movement they have founded has already turned up a number of similar domestic and international efforts thus far.  In their final #antisec act, Lulzsec leaked documents belonging to Arizona’s Department of Public Safety.
Add to this the fact that for some time to come the compromised threat position of most of the internet and insecure websites is well and long proliferated.  In fact, massive breaches and vulnerabilities emerge daily and are regularly reported in certain circles, but rarely, if ever, see the light shone by the common major media outlets.  It will not be long before another group or factions of this group pop up elsewhere and perhaps try to capture that notoriety that LulzSec experienced.
In a bit of irony that was obviously forecast well ahead of time, it seems that the disbanding of LulzSec may have relation to continued investigative pressures to disclose their identities, including efforts from other hacking groups.  The very notoriety they sought caused them to become a target and culminated in release of reported chat logs and reported apprehension of potential associates of the group.  There are reports at this time that members of the group are joining forces with Anonymous.
LulzSec as a group may indeed have packed it up, but rest assured they will live on in some form, perhaps with a different name, and a renewed agenda.   This is hardly a time to rest easy as threats and malicious groups will continue to emerge.
Protect yourself, address your security now.  Get in compliance, hire a qualified pentester, and secure data.  Develop a comprehensive security plan.  Be aware that a good deal of data loss incidents happen from within your own organization.  Train your people on what the crown jewel assets of your organization are, confidential information, process, reputation.  Capture all of those things and proceed to boldly pursue technology to enable your organization with the best in functionality with the best possible approach to securing the information that is the lifeblood of the enterprise.  LulzSec as a group may be indeed forever disappearing, but their saga should not be forgotten.  The threats are real, the stakes are high, and there are many other entities out there with bad intentions.
Share

, ,

1 Comment

On the Heels of the RSA SecurID Recall

A recently announced recall of RSA’s SecurID  product is causing waves across the industry.  Navigating these events and considering the implications, we review some of the aspects and analyze where the industry stands in relation to these conditions.

Breaches

The details on the various federal contractor breaches have continued to emerge in recent news.  Anofficial recent announcement from RSA acknowledged the previously rumored link between the initial RSA incident to the Lockheed Martin intrusion.   L-3 and Northrop Grumman are likely to have been attacked through the same vector.  This alarming series of breaches has caught the attention of media and customers alike.  Among other sources, China has been mentioned as a possible source for these attacks.   Meanwhile, reports of major defense contractors replacing RSA SecurID tokens with other token technology have been seen.

Share

, ,

1 Comment

Conclusions from Federal, RSA hacks

The recent eruption of reporting on federal contractor organizations and recent compromises has certainly been alarming.  As a result of this there have been a number of theories and conspiracies coming forward.  At the root of these theories is a commonality derived from the RSA compromise where it is believed that the cryptographic keys for SecurID may have been taken.  What these events mean to the enterprise however remains to be seen.  With absolute certainty, federal institutions and their affiliates will be on watch for continued attacks, and if indeed RSA related, we can be sure that they are addressing deficiencies by all technological means possible.

Share

, , , ,

No Comments

Security compromises mark a season of change

The rash of significant security breeches including Sony, RSA, Lockheed Martin, Epsilon mark a watershed moment in cybersecurity.  In general, most attacks of the past could be classified as being based on opportunity.  Not anymore.  These attacks were all specific targets that comprise espionage and malice of government and corporate institutions.  They have become increasingly sophisticated in nature.  In the case of Sony PSN, the compromise was known to have covered their tracks to evade detection.  In the case of RSA and Lockheed Martin, the linking of these compromises signifies a directed campaign against these institutions.  At a minimum it appears that in that case, the attack on Lockheed-Martin was executed by a group seeking to sell to or acted as an agent of a foreign agency of some type.   Naturally Lockheed-Martin has not released specifics on the attack, but it is interesting that recent calls by U.S. officials have stated that all retaliatory options are on the table in the event of a “cyber incident”.   With this RSA-Lockheed Martin event, there is a certainty that other federal contractors are locking down right now, and an almost certainty that another target will fall, be it corporate or federal in nature using a similar directed attack.

Share

1 Comment