Posted by
Paul Hafen on Tue, Feb 07, 2012 @ 11:45 PM
Life is full of irony. That fact makes life interesting, but also unsettling. An anonymouse hacker made off with Symantec's pcAnywhere source code and held it for ransom before negotiations broke down. Once negotiations broke off, the hacker distributed the source code via peer-to-peer networks today.
I understand the code in question is really the 2006 edition that is hardly in use anymore. One can understand why Symantec and any other organization would still be concerned. WHAT IF THE NEXT TIME ITS THE CURRENT VERSION? Years ago I wrote an article for an industry magazine in which I mentioned that hacking and malware will become more and more a for-profit venture. As cyber criminals get more astute and the barriers drop..well, its scary to think of what the world could be like with all the IP out there. This particular crook was more savvy than the law enforcement that was called in to negotiate.
There is a principle in all this. Data Loss/Leak Prevention is necessary for any organization with unstructured intellectual property. And companies like Symantec need to have third parties evaluate their internal DLP situation(and they may already do that). For the rest of us, any solution we deploy is third party. Remember the DLP channels: Network, Endpoint, Encryption. For those companies with unstructured data, Discovery is all the more important.
Paul
Check out the Cyber Power Index released by the Economist Intelligence Unit. The index measures the ability of G20 countries to resist cyber attacks. In their own words, the Cyber Power Index is:
"The purpose of the Cyber Power Index is to benchmark the ability of the G20 countries to withstand cyber attacks and to deploy the digital infrastructure needed for a productive economy. In doing so, the index measures both the success of digital uptake and the degree to which the economic and regulatory environment promotes national cyber power.
The index is developed as an interactive quantitative and qualitative scoring model constructed from the following four categories:
- Legal and Regulatory Framework
- Economic and Social Context
- Technology Infrastructure
- Industry Application
Each category score is calculated from the weighted means of underlying indicators and scaled from 0-100, where 100=most favorable. Each country’s overall score is a weighted mean of its category scores."
While this may not help you to decide on what solutions can best help you resist cyber attacks, we thought it was a quick to read and interesting infographic tool.
If you do need expert advice on resisting cyber attacks through Intrusion Prevention Systems (IPS), Secure Web Gateway, or perhaps some advice on the best way to prevent sensitive data from leaving your organization with a good Data Loss Prevention solution, we'd love to help. Just click here to have us contact you for some expert advice on these areas.
Today, Actiance released their latest addition to their secure social media suite Socialite. Socialite Engage is a new piece of that platform that will allow organizations to aggregate the social media networks they engage in to allow a single point from which to publish regulatory compliant and pre-approved content.
Actiance is a leader in secure social media access and in application controls provided through their USG platform. The USG is their secure web gateway system that works in conjunction with the Socialite product to provide secure social media access.
The Socialite Engage platform aggregates Facebook, LinkedIn and Twitter accounts allowing users to work with them from a single managed dashboard. Users can then publish pre-approved content, analyze the effectiveness of the content, and adjust accordingly.
Many financial institutions are still very leary about engaging in social media. Socialite Engage will give those institutions what they need to not only measure the effectiveness of their social media campaigns, but will also ensure that all content released is regulatory compliant and secure.
Actiance is fast becoming a must have product for companies that face regulatory compliance issues when engaging in social media campaigns. Their application controls are also second to none and not even second to the next several competitors combined.
Please contact us if you have any questions about how Actiance would fit into your IT security framework and help your organization to both maintain regulatory compliance and a high level of security for your critical data, users, and your brand.
Researchers at M86 Security, formerly 8e6 Technologies, have uncovered a targeted attack campaign against websites using Wordpress 3.2.1. The attack uses the Phoenix exploit kit which was first spotted on the Internet in 2007 and has a long history of causing problems for IT security personnel.
Over 400 were compromised in this attack as reported by Daniel Chechik on the M86 Security blog. The compromising content is not uploaded to the homepage of the website and will not show up when users browser these websites.
Instead, the attackers sent thousands of malicious emails to lure unsuspecting users to the infected pages. It's apparent that the attackers motivation was to use legitimate websites to bypass URL filtering and reputation based filtering systems in order to compromise their victim's systems.
More detailed information on the attacks can be found here at the M86 Security Labs blog.
M86 Security provides Secure Web Gateway technology that protects users from exactly these types of attacks. It is the only vendor we are currently aware of that has the ability to use non-signature based methods for detecting attacks by opening up web pages in a virtual environment to see what the code does once it executes.
Based on our present knowledge, all other secure web gateway vendors currently used signature based detection of malware. Most only use virus and malware signature databases from vendors such as McAfee and Sophos while a few use zero day filtering which still relies on signatures.
The weakness with these techniques is that most exploits do not reuse previously detected code. Furthermore, most exploits that use renovated code also employ code obfuscation so that it is not comparable to the original code and virtually undetectable by signature or zero day scanning.
M86 Security acquired this technology from Finjan when that company was acquired by M86 in 2010. M86 Security also has industry leading web filtering and email or messaging security from 8e6 Technologies and Mail Marshal, the two companies that merged to form M86 Security in 2008.
Verdasys announced today that the will now be offering Data Loss Prevention solutions as a managed service. The full press release can be seen here at MarketWatch.com. Verdasys is a leading provider of global Enterprise Information Protection solutions.
The new offering will actually come in the form of two different services, Verdasys Managed Service for Information Protection (MSIP) and Verdasys Information Protection as a Service (IPaaS). Both provide businesses on-demand data protection technology hosted within Verdasys' secured facilities.
MSIP offers a fully-managed EIP solution hosted, supported, and maintained by in-house Verdasys experts; IPaaS allows end users to deploy and manage their own enterprise data policies with no additional setup or infrastructure costs. Both services are based on the Verdasys Digital Guardian platform.
Verdasys says that the idea to offer DLP as a managed service originated with a large customer of theirs that requested the service. It was implemented over four years ago and has been very successful and asked for by other Verdasys customers.
The Verdasys MSIP and IPaaS solutions are available immediately, with pricing for MSIP starting at $19/month per endpoint and IPaaS at $12/month per endpoint, based on volume.
Posted by
Paul Hafen on Wed, Jan 25, 2012 @ 07:39 AM
Symantec recently released the results of a study where IT security pros revealed their companies' level of security deployment. About 53 percent of the survey participants said that in the case of a cyber-incident, the organization suffered lost productivity and labor costs for the IT staff to resolve issues, revenue loss, lost data and brand damage. Cyber-incidents cost organizations $558,000 in revenue losses, $480,831 in brand damage, $366,301 due to compliance fines, and $174,309 in lost productivity, the survey found.
Symantec surveyed 1,425 professionals working in IT, of which one-third were C-level executives. Each respondent was scored based on their responses to what kind of protections the organization had deployed.
Organizations that employed Data Loss Prevention technologies in addition to Intrusion Prevention/Detection, SIEM and other, more traditional security methods were called "top tier" by the survey. Those that were much less vigilent were call "bottom tier" based on low levels on security deployment. The "top tier" organizations in the survey were 2.5 times less likely to experience a major cyber-attack, and 3.5 times less likely to experience downtime compared to other enterprises, according to Jason Nadeau, director of product management.
Bottom tier organizations suffered 2,765 hours in downtime, compared to the 588 hours suffered by the top-ranked organizations. Those organizations reported 859 hours downtime for mobile devices, 828 hours for desktops and notebooks, 241 hours for servers and 837 hours of "widespread downtime."
All of this is good ROI calculation data. Consider the costly damages to brand. Attacks where data is lost or compromised are usually the highest profile and most undermine the confidence of customers in the company affected. I think the awareness of these facts are the reason why so many of my customers are considering DLP in their near futures.
Paul
Posted by
Paul Hafen on Mon, Jan 23, 2012 @ 10:42 PM
All products on the United States Munitions List (USML) are regulated by ITAR or International Transfer in Arms Regulations. As far as IT goes, any endpoint device carrying information about products on the USML list, including laptops, that can be viewed or handled by foreign nationals, is considered a 'retransfer' of ITAR data. This retransfer is subject to legal, and criminal prosecution, up to and including imprisonment. the most likely punitive action is a fine and being forced to do an audit of prevention systems. I'm familiar with fines up to $100 million. Some individuals have been sentenced to decades in prision.
But still, some companies find their IT staff overwhelmed by the prospect of implementation of DLP because the intellectual property is unstructured data. It is true that creation of policy and creating a catalogue of it takes some work. It seems that many expect out-of-the-box policy enforcement to be available for proprietary, unstructured data as well.
The good news is that a full-bodied DLP solution will not only close up channels of leakage and loss, but they'll also do a discovery of network and endpoint data. After a hash is created from the existing unstructured IP, admins can use the on-solution copy to create policy. That is why discovery is so crucial as a component of DLP
Paul
Symantec Data Loss Prevention, a world leader in the DLP market, has recently released a version of their DLP product for tablets. Symantec Data Loss Prevention for Tablets will give organizations the ability to protect sensitive data on tablets it issues to employees as well as BYOD tablets that have access to the messenging services of the organization.
The new tablet focused solution will provide comprehensive, content-aware protection while still allowing users the freedom to access their applications and data from their tablets. The solution is available now for the Apple iPad with plans to support other tablet operating systems and platforms in the future.
The solution will run on what Symantec calls a Symantec Data Loss Prevention Tablet Prevent Server and will monitor outbound traffic via a proxy. The tablet users will have their network communications routed through a VPN that is monitored by the proxy.
Other key features include:
- Monitors messages and attachments sent over Microsoft Exchange ActiveSync
- Monitors messages and attachments sent from webmail like Gmail, Yahoo! Mail, and others running over HTTP and HTTPS
- Monitors web uploads and postings to sites like Dropbox, Twitter, Facebook, and others on both HTTP and HTTPS
- Exclusive enhanced web protection that seamlessly strips sensitive data from web posts
- Broad integration support for existing enterprise web proxies and gateways
- Agentless solution
- Fully integrated with the Symantec Enforce Platform for universal policies and reporting
- Compatible with mobile management solutions to configure and enforce the VPN configuration
- ICAP compliant for monitoring SSL encrypted traffic via a web proxy server
Symantec Data Loss Prevention for Tablets should prove to be an excellent tool for organizations to protect tablet users against the threat of sensitive data loss.
Everyone is in sales. Most of us don't even know it, but we are doing it everyday.
If you work in an IT security capacity, no doubt you are constantly pushing (selling) for improvements in technology, processes and policies that will help you to do your job more effectively. You've probably had your share of frustration in helping those executives or other personnel at your organization who manage the purse strings to understand the value that you are working to add.
Here are three tips that can help you to better communicate the challenges you are facing and assist you in showing the value you can add to your organization.
1. Show Them That IT Security Is Critical to the Success of the Core Business
BizTech magazine recently published an excellent article entitled Why Every Business Is in the Business of IT Security. In this article, the author uses a great example of how he got push back from execs when attempting to address glaring IT security needs. Management insisted that they were in the business of making widgets not the business of IT or security.
Last time I checked, Zappos was in the business of selling shoes and clothing. Do you think, after the recent compromise of their systems, that the execs at Zappos are telling their IT security people they're in the shoe business not the IT security business?
No way! Right now the execs at Zappos are getting a crash course in intrusion prevention, secure web gateway, data loss prevention, and other IT security solutions. Now would be a great time to use Zappos as a case study to show your execs how the business of your organization could be brought to a screaming halt due to weaknesses in your IT Security policies and systems.
2. Use Language that Will Help Them to Understand the Risks You Face Instead of Acronyms and IT Security Terms
Terms like DLP, FINRA, PCI DSS, SWG, and the like are not going to create the desired effect on most executives. Telling them that "we are at risk of having our intellectual property stolen" is going to spark a more productive conversation than telling them that "we need to put a DLP solution in place".
Telling them that you are not compliant with legal regulations that could allow the government or other governing bodies to shut down the business will go much farther than wading through the vagaries of IT specific jargon.
3. Use Real World Events (Especially Current Cases) to Build Solid Presentations of Plans to Mitigate Your Risks
Spend time to build intelligent presentations on your organizations risks and plans to address those risks. You will be taken much more serious if you present your case or findings in a more formal manner than by dropping by an executive office for an impromptu conversation.
Take time to gather examples from real world companies that have been compromised. Use that data to draw comparisons to risks that your organization has, and build a case for implementing the needed fixes in terms of hours and days of lost productivity or thousands and millions of lost dollars.
Even a small slide deck presentation with a half dozen slides will show that you have taken time to make an important point. Without going overboard, the effort you put into the presentation will lend credibility to your cause and cause others to take your proposal more seriously.
Bonus Tip
Call this a shameless plug, but realize that their are outside resources you can leverage to help you build your case. A good IT security solutions provider will be glad to engage and help you to gather data and build your proposal. They will see it as an opportunity to build rapport with you and earn your business by helping you to solve your problems.
A qualified IT security solutions provider will have experience gained from many other customer engagements that will help you to not only prepare your proposal, but help you to get the right solutions as well. There is value to be had from using the experience of others to avoid making mistakes that others have made. Take the time to consult with someone who has already been where you are going.
Sourcefire Founder and CTO Martin Roesch was recently involved in the Federal Executive Forum roundtable on Emerging Technologies on Federal News Radio.
Among things mentioned was the news that came out last October that the Air Force's UAV network had been compromised by malware.
In this three and a half minute video clip, Martin discusses the dynamic nature of these global networks and how they are built and torn down in a matter of days hours and minutes.
It is worth taking three minutes to watch and get some quick insights on how a leading provider of intursion prevention technology is working to meet the demands of these dynamic networks and battle the advanced persitent threats that even these highly secure networks are still very susceptible to.