Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Cyber Security Services
Showing posts in English
franklin-witter | 05 Feb 2013 | 0 comments

In part 1 of this series, we looked at three possible signs you may have been the victim of an APT and how to detect and defend against these activities:  1)Gaps in System and Security Logs; 2) Unexplained Changes in System Configurations; and 3) Anomalous Traffic. In this second installment of the “You Might Be an APT Victim if…” series, we’ll continue our look into signs of potential APT activity inside your networks and systems. 
 
Sign 4: Odd Activity Appearing in Application and/or Database Logs
 
The bad news is that attacks against web applications continue to be a favorite for unskilled and advanced attackers alike.  Unfortunately, as seen repeated again and again in headline news, this attack vector is often very successful.  While progress has been made in the realms of IPS and application level firewalls, these defenses are not bulletproof and can be evaded by skilled...

franklin-witter | 01 Feb 2013 | 1 comment

InfoWorld recently ran an interesting article discussing 5 signs that indicate you might be the victim of an Advanced Persistent Threat (http://images.infoworld.com/d/security/5-signs-youve-been-hit-advanced-persistent-threat-204941?page=0,0&source=rss_security). The signs outlined in the article are good, but I don’t think that the author intended for this to be a comprehensive list.  With that in mind, this blog series takes a look at some of the other signs you might be an APT victim.  Like the InfoWorld article, this series isn’t intended to be comprehensive; rather it will just provide more food for thought in the effort to detect and defend against advanced attackers.
 
Sign 1:  Gaps in System and Security Logs
 
Part of...

Phil Harris | 21 Jan 2013 | 1 comment

There's a growing buzz in the industry about "who" should be responsible for encryption in the cloud from a user perspective.  As usual, the technology to do this is not the hard part – crypto is crypto is crypto, etc.  It's really more of a privacy and legal issue; privacy from the perspective of preventing others from seeing your stuff in the cloud and legal from the perspective of who has control over that data that is secured in the cloud.  
 
I think we all get the idea of privacy of our data in the cloud.  For example, if you put your personal financial data in the cloud to either be stored and/or used by an application, you want to make sure the data is secure.  If it's just storage, then you can personally encrypt the data before you store it in the cloud using encryption solutions like PGP.  If you're lucky enough to have a cloud provider that encrypts it for you, but gives you complete...

LegalInfoSec | 27 Nov 2012 | 1 comment

Written by: Jamie Herman, C|CISO, CISM, CISSP

By now many of you have taken a stab at BYOD, IPS or IDS (or both), and have begun the journey into making the business more aware of their surroundings, from an information security perspective of course. Many have likely implemented some type of vulnerability management program, complete with a scanner and a few hundred page report on the risks present in your enterprise. But while this technical locomotive has been barreling forward into the underworld of granularity and over-analyzation, there might be some very basic opportunities right in front of our noses. Looking at how we manage business assets rather than how we protect them could ultimately improve our security posture, and offer a great deal of insight into managing vulnerabilities and evolving threat landscape surrounding some of the most frequently and widely exploited software today.

We have typically seen software such as Java, Flash, Adobe Acrobat, IE,...

uuallan | 26 Nov 2012 | 1 comment

On Tuesday, November 20th, routers, switches and servers across the Internet reset themselves (or attempted to reset themselves) back to the year 2000.  This sudden change was caused by a reboot of the time server at the US Naval Observatory.  Timing is extremely important to Internet communications, to that end most network devices use a protocol known as Network Time Protocol (NTP) to ensure they are running at the correct time.  NTP operates over UDP 123 and reaches out to a designated device to maintain time sync.  There are volunteer hosts throughout the Internet, such as the one at the US Naval Observatory, that make themselves available for network administrators to sync their servers.  When the reboot of the NTP server at the US Naval Observatory occurred the server set itself back to the year 2000 and when network devices across the Internet checked in for an NTP update the clocks tried adjust themselves back to the year 2000 (many devices will not...

SecurityHill | 26 Nov 2012 | 1 comment
If you have kids you know how much they like jelly beans.  Other than them being candy, I believe the multitude of colors and flavors greatly adds to their attraction.  So I find myself in a large retail chain the other day walking past the aisle with USB drives.  The store had all kind of USB drives in various colors, shapes and capacities, so I begin thinking of jelly beans.  We all know if we do not pay attention and let our kids eat too many jelly beans that they can become sick, so I believe we are well beyond that point with USB drives.  For our Enterprise organizations eating USB drives is most likely not an issue, but the public consumption / ownership of multiple drives is an issue.  I personally know that I have over eight lying around in my household alone.  Well I don’t believe the average consumer may have that many, however I would bet that most people own two or more.
This is where I believe the problem lies. ...
phlphrrs | 22 Nov 2012 | 1 comment
Continued from Part 1 where I discussed the issues surrounding DLP.  Part 2 covers Anti-Virus technologies.

Now when it comes to anti-virus, there’s a number of ways to look at this particular issue.  Yes, in fact, definitions-based anti-virus is fast-becoming a dinosaur of sorts.  The problem is that there’s so many new variants and new malware code being generated it’s just plain hard to keep up with that.  One day Symantec see’s a new virus and we write a signature, the next day McAfee see’s a new virus and writes that signature.  It just depends on which AV Vendor see’s that particular malware on a particular day.  Not a race, just reality. 

I kind of laugh when I hear about companies that complain about their AV vendor and say things like, “Your stuff couldn’t find this virus, but when I went out and bought an AV software from ElCheapoAV.com, they found it easily. Why did they find...

phlphrrs | 19 Nov 2012 | 1 comment

I’ve been hearing and reading about a lot of interesting comments made by various info sec professionals regarding whether or not DLP or anti-virus has outlived its usefulness.  Believe it or not, both of these important technologies are still viable protection mechanisms that must continue to be evolved.  Both are relevant especially in today’s fast-paced information and malware flows and attacks.

With Data Loss Prevention, you get a thorough understanding where your sensitive data (including Intellectual Property) is throughout your environment, being able to put it back where it belongs, and preventing it from moving to where you don’t want it.  But, the real value is in the intelligence you’ve gained from that effort. 

As security professionals we often complain about how the business doesn’t get involved in security, they don’t understand why they need security or they’re just see it as a roadblock...

SecurityHill | 12 Nov 2012 | 0 comments
So in Covering All Your Bases – Part 1, I discussed some of the possible risks to our organizations by not having a Supply Chain Risk Management process in place.  In this article I will cover some ideas and controls to manage your risk and exposure through the Supply Chain Process.
Using traditional Business Continuity Planning (BCP) an organization can begin to establish a beginning SCRM process.
  1. Identifying high risk Items
  2. Understand key processes and/or components
  3. Identify recovery time per process and/or component
  4. Audit processes and maintain reporting for baselines

To accomplish the first, establish a formalized SCRM team; do not rely on your Business Units to handle issues on an Ad-Hoc basis.  The group does not need to be large but should maintain the correct amount of personnel to influence and manage the process.  Hopefully you have buy in or a representative from the various Business Units...

SecurityHill | 07 Nov 2012 | 0 comments
In the public wave of attention to Stuxnet, we have seen the capability of how physical systems are impacted by malicious threats.  But threats to hardware are not limited to Industrial Controls Systems (ICS); other potential targets are networking equipment, computing hardware and telecom.  When protecting our organizations, we should always make sure we are covering all of our bases.  Sometimes this means protecting and auditing the hardware itself that is responsible for our communications and processing.  In recent years we have seen other examples of compromised hardware resulting from process or personnel within a supply chain.  Examples include; computing hardware being shipped with malware stored in nonvolatile memory.  Hardware that has covert secondary channels or devices to communicate or store confidential data or a device may contain something as simple as a backdoor login.  All of these examples are possibilities that can be...