Tuesday, 22 January 2013

BAE to Provide DISA Enterprise Email Hardware, Software


BAE Systems‘ information solutions business will provide the Defense Information Systems Agency hardware and software for enterprise email and Web services, theDefense Department said Wednesday.
Under a potential $8.2 million contract that includes four option years, the company will provide DISA its XTS Enterprise Guard, comprising of hardware, software and maintenance support.
DISA is initially obligating $3.2 million under fiscal year 2012 and fiscal 2013 procurement funds, as well as fiscal 2012 research, development, testing and evaluation funds.
Work under this contract action will occur between Jan. 1 and Dec. 31, 2013 in DISA’s lab building at Fort Meade, Md.
The Defense Information Technology Contracting Organization at Scott Air Force Base, Ill. is the contracting activity.
BAE is also working with the Defense Intelligence Agency to maintain information technology systems.
Posted by CMI at 06:09 0 comments

Tuesday, 13 November 2012

APTs and Acquisition


You’d have to be living under a rock to not have heard about the recent rise in targeted attacks. From oil operators in the Middle East to financial institutions in the U.S., advanced persistent threats, APTs, have grown exponentially. Yes, they are a problem for big, global brands but should smaller organizations concern themselves with the proliferation of these sophisticated attacks? In a word, yes.
Once targeted attacks are developed and executed, the details often become easily accessible to cyber criminals at-large online. Translation? They grab the code and use it to attack you. We recently completed our annual State of the Endpoint report and it would seem IT departments everywhere are paying attention. The report hasn’t been released however one interesting data point to call out is IT administrators now consider APTs their “biggest headache.” (Watch for the release of our new State of the Endpoint report, conducted by the Ponemon Institute, the first week of December.)
The rise in APTs and of course malware in general is a serious concern. We won’t sit idly by and I urge you not to either. Recently, Gartner projected 50 percent of companies will deploy “deny all” technologies by 2015. This is a very strong supporting point for our recent announcement – the November 5 acquisition of CoreTrace Corporation, an innovative, Austin, TX-based application control software provider. We understand the threat landscape has evolved greatly and it will continue to. While we can’t predict the future of cyber crime, we can help our customers and the industry be as prepared as possible. Layered defenses that include application control is a very strong starting point.
The asset acquisition of CoreTrace will enhance our capabilities, portfolio of patents and other IP. We are now working to integrate key aspects of CoreTrace technology into Lumension® Application Control which is available via the Lumension Endpoint Management and Security Suite. For you, our customers and the industry, this means improved, advanced persistent protection in the fight against even the most sophisticated cyber attacks.
by Pat Clawson
Posted by CMI at 09:10 0 comments

Security Metrics - Truth In Data


I am thrilled to share theThreatPost articleI wrote about the top ten tips security teams should consider as they evolve their metrics-driven practices. If video is your preferred format, I also shared details about these tips in this short piece.
These are not huge revelations or commandments - instead a set of principles proactive security teams should consider as they get serious about making the most of their event data.
I am passionate about this topic - as are many others in the security field. Without taking a more methodical and sustainable approach to analyzing our security posture, we will be in a constant knife-fight with cyber-criminals and we won’t win that one.
In fact, I will soon be sharing some details about some research we did that highlights the challenges faced by most security organizations. Some of the results were surprising, but my biggest take-away is that security teams are not armed with the right tools or processes to confidently stay ahead of threats.
Keep your eyes peeled for that report and let’s continue the dialog about improving our security posture with greater intelligence.
by Joe Gottlieb
Posted by CMI at 09:09 0 comments

Wednesday, 25 April 2012

The True Cost of Google Drive


Today Google announced the launch of Google Drive, a cloud-based file storage and synchronization solution touting 5GB of storage for free. Google Drive just compounded the IT security nightmare already created by free unmanaged consumer file sharing services such as Dropbox, iCloud etc.
Unmanaged file sharing in business environments is never a good idea because of the heightened risk of data loss and exposure. In the case of Google, a company that’s built its legacy on extensive search engine and targeted advertising capabilities, you also have to question Google’s intentions with storing business information. Just how equipped is Google to handle confidential business data?
If this latest Google Drive announcement is leaving you confused about what to do for business file sharing, you’re not alone.
To help you navigate your way, we’ve outlined six questions to ask when considering a file sharing and storage solution for business use:
  • Is this truly a solution for business? The rapid of adoption of free consumer file sharing services such as Dropbox and iCloud, by business users may have you wondering if the lunatics are running the asylum. But, your instincts are correct if you are wary of unmanaged cloud file storage for business use, If a file sharing solution doesn’t have IT administrative and management tools then it isn’t a business solution.
  • Am I being locked in? Is the file sharing solution from a company trying to carve out a proprietary niche, forcing you to use certain operating systems, devices, or applications? In the case of Google Drive it is part of Google Apps, but native applications are not available for  iOS devices like the iPad.
  • How will my information be used? Check the privacy terms carefully. Google must have a plan to make money from Google Drive customers somewhere, somehow, so carefully review Google’s privacy policy and their right to mine your valuable assets to their advantage.
  • Can I track and view all file activities? If your organization is subject to any type of compliance reulation such as HIPAA, GLBA, SOX then you need to know what’s happening with your organization’s files, otherwise how are you going to demonstrate compliance.
  • Can I set my own security and privacy standards? For business file sharing, you want to be able to establish customized policies and administrative controls related to file access, security, and storage – as strict or flexible as desired.
  • What mobile devices and apps are supported? From Androids to iPhones, make sure that files can be synced and accessed via any device.
While “free” is certainly appealing, in the case of file sharing it always comes at a cost. A security breach from business file sharing could mean exposure of confidential financial statements, upcoming product designs, or employee health information, with implications for privacy and compliance violations and fines, lost revenue, loss of competitive advantage and damage to a corporate brand. For confidential business information, using free consumer file storage and sharing can be a costly mistake.
by Ryan Swindall


Posted by CMI at 08:34 0 comments

Tuesday, 17 April 2012

IT-Thinking Twice About the Cost of Free Apps


Most people treat their mobile devices as an extension of themselves. People text, share, and play their way into two year relationships with the devices they use on a daily basis. In the typical mobile device “relationship,” individuals downloaded an estimated 83 apps in 2011, according to Piper Jaffray and analyst Gene Munster. While that number sounds high, it boils down to about 1.6 apps per week.
Many IT professionals have noticed this trend and are concerned about the use of free consumer apps in the work place. It’s hard to imagine that last week’s discovery of the security hole in Dropbox’s mobile app, by U.K.-based iOS app developer Gareth Wright, eased concerns about mobile security. Wright reported the security hole in Dropbox’s native mobile app that could be used to access personal information. PCWorld also confirmed that Facebook andLinkedIn mobile apps had the same core vulnerability. Widespread use, combined with security vulnerabilities, of consumer mobile apps have IT managers concerned.
Consumer mobile file sharing apps serve a purpose for users that want a quick and easy way to share and store things like family photos, recipes, and videos. However, these un-managed file sharing apps should not be used to send enterprise data of any kind. The security hole that Gareth Wright found in the Dropbox app is an unfortunate example that consumer mobile file sharing apps aren’t architected with the privacy and security measures necessary for an enterprise.
How can organizations prevent employees from using these consumer mobile file sharing apps? The answer is easy. Don’t give employees a reason to use these apps in the first place. Providing employees with an easy-to-use, secure file sharing and syncing alternative from the start is a great way to prevent the use of consumer file sharing apps. Employees should be able to send, share, and access files securely, while IT administrators ensure they’re protected from malicious content. Empowering employees with a safe and secure mobile application is the first step in the process.
by Ryan Swindall


Posted by CMI at 05:44 0 comments

Monday, 2 April 2012

Not waving but drowning

Last week, experts told the US Senate it was time to assume that American military networks have been breached and that ramping up traditional fortress features like firewalls, AV and gateway devices was effectively a waste of time. Dr. Kaigham Gabriel, head of the Defence Advanced Research Projects Agency, compared current information and network protection efforts to treading water in the open ocean; all that blocking and locking did was slightly delay the inevitable.
This reality check dovetailed rather nicely with the release of Verizon’s annual Data Breach Report for 2012, which found that hacking was linked to almost all of the 855 incidents and 174 million compromised records the company investigated in 2011. Malware featured in 95 per cent of all stolen data incidents.
Hacking and malware have been exchanging places in the top three causes of data breach for years now. While there are plenty of tools out there doing a fine job of removing known threats using established methodologies, it’s becoming abundantly clear that this, on its own, is not enough to protect valuable information assets from falling into the wrong hands.
The reality is that focusing on inbound threats is outdated. As Dr. James Peery, head of Information Systems Analysis Centre at the Sandia National Laboratories in the US puts it, “We’ve got the wrong mental model here.” It’s time to focus on the content, not the threat; controlling access is all well and good, but protecting information is paramount.
If there’s one thing that the Data Breach Report underlines, it’s the reality that data theft and leakage come in a variety of flavours and vectors. Traditional, threat-focused methods are the equivalent of shooting in the dark. In today’s environment, it makes far more sense to protect your content and monitor it in the context of how you need to do business.
Knowing where and how your information is used and understanding the context within which users communicate empowers you to extract maximum value without putting information at risk.
Letting AV and threat-detection policies define your information protection stance is not only outdated, as 2011’s data leakage statistics suggest, it cannot protect your data. It’s time to stop treading water and start swimming.
by Nick Peart


Posted by CMI at 06:11 1 comments

Thursday, 22 March 2012

Smart Mobile Devices — “Stress Test” for the WIPS of the Future


Traditionally, talking of wireless security in the enterprises we talked about embedded Centrio Wi-Fi, Linksys rogue APs, open source DoS tools, and compliance requirements (PCI, DoD, HIPAA). While these topics continue to be important today, the upcoming proliferation of the smart mobile devices is the new frontier for the enterprise wireless security to address. The inundation of smart mobile devices will result into new monitoring requirements, not hitherto discussed. These requirements would amount to ”stress test” for the WIPS and only the best of the breed can hold up. While the new monitoring requirements will be many and varied ranging from unauthorized BYOD to heightened rogue AP risk, in this post I wish to discuss some interesting and unique scenarios (numerous soft mobile hotspots, Nintendo chat blocking, wireless geo-fencing) I already encountered this year working with the customers.
Soft mobile hotspots in hundreds and thousands:
If the GoogleWiFi in the neighborhood of your office bothered you before as a network/security administrator because your employees could connect to it to bypass the Internet access policies; then there will be hundreds and thousands of GoogleWiFi’s soon on your premises. These are all the iPhones and Androids carried by your employees, which have mobile hotspot features in them. They can act as Wi-Fi access points and backhaul the traffic directly into 3G/4G network bypassing your enterprise firewall controls. To deal with them, your security system will need to have the following capabilities:
  • The WIPS now needs to support mobile hotspot detection on multiple platforms. Earlier it used to be mostly the Window 7 laptops, which included the first consumer grade virtual AP capability. Now Apple iOS and Androids also provide this capability. And in the future, Windows 7.5 and Blackberry will have it too.
  • The WIPS infrastructure will need to have capacity to address many simultaneous policy violations. This is  simply the effect of numbers, because order of magnitude increase in the triggers which catalyze policy violation means similar increase in the actual policy violations on a day to day basis.
Zero day scenarios requiring fast, automated response:
As Wi-Fi gets embedded in quite a variety of gadgets, some new and unique monitoring requirements will continuously emerge. I recently worked with an account which had such unique requirement: This was a rehabilitation and correctional facility, which wanted the WIPS to be able to block Nintendo chat. Nintendo devices support chatting application over Wi-Fi, with the proprietary modifications and optimizations to the 802.11 protocol to provide instant chatting. This was almost like a “zero day” policy enforcement requirement when I first examined it, because I realized Nintendo chat is not the standard .11 ad hoc network. Also, the chat uses just some bursts of packets, so quick blocking response was necessary (quite different from traditional connection blocking measures like “ping loss”). We put the AirTight SpectraGuard Enterprise WIPS up for this stress test. See the accompanying video to see for yourself how it fared in the test. While this may not be the mainstream or relevant monitoring requirement in many networks, it points to the real possibility of the emergence of the hitherto unknown (“zero day”) monitoring requirements in the future. To be future proof against the zero day scenarios, the security system will need to have strong foundations on the following fronts:
  • Strong behavioral analysis logic, since signatures and thresholds can’t catch up with the evolving monitoring scenarios.
  • Fast response time to threats, to tackle the new and optimized attack and policy violation triggers.
Wireless geo-fencing:
Empowered with Wi-Fi in the tablets and smart phones, people connect to networks from anywhere and everywhere. This presents a challenge in location based wireless policy enforcements. Earlier, it was as easy as turning off wireless on the machines which permanently resided in the no-wireless areas. Now smart mobile devices come in and go out. Recently, I worked with couple of customers intending to implement what they called “Wi-Fi geo fencing” (I like the term!). At the very basic, it means enforcing diverse Wi-Fi policies on the same wireless client depending on where the client is located. For example in one room, the client is allowed to connect to the guest AP, but the room next door can be strict no-Wi-Fi policy. So as the client moves from the first room to the second room, its Wi-Fi communication needs to block; but when it returns to the first room, it should be able to communicate over Wi-Fi. There are more scenarios like this, depending on the exact application. Faced with this application, I appreciated some unique strengths the security systems needs to exhibit to support such scenarios:
  • Strong foundation for auto-location tagging for devices and ability to quickly detect change of location is necessary to determine the governing policy at any instant.
  • Rich options for location based policy enforcement — in terms of device auto-classification and automatic prevention — are required to fine tune the Wi-Fi behavior to be enforced at each location.
  • Finally, a thorough predictive RF planning complemented with some on-site surveys can help tighten the location zone boundaries.
Above scenarios are simply some examples pointing to the fact that wireless monitoring scenarios will continue to evolve and change in the future, particularly driven by the commoditization of Wi-Fi and proliferation of the smart mobile devices. If the WIPS you choose today has solid foundations for detection, prevention and location; you can be future proof against the new requirements that will prop up in your own network settings. With these foundations in place you can be secure today, and also tomorrow!

by Hemant Chaskar
Posted by CMI at 11:28 0 comments
Subscribe to: Comments (Atom)