Tags Archivesadvanced threats

Intelligence-Driven Security standard

RSA released the ninth installment of the Security for Business Innovation Council report last week, and through a series of blog posts on Speaking on Security, we’re going to analyze the various areas highlighted in the findings. Today I’m going to explore the concept of Intelligence-Driven Security. In our world, intelligence-driven means that information coming in from all of our available sources will influence our actions—some of which will become automated over time. The report makes a pretty sad claim about the global state of information security, one that has been explored here in the past and largely derivative of the old subject of my blog. Security programs tend to be compliance driven, or even worse, simply optimized for compliance. ...

Continue Reading

We Must Hunt standard

Security people are often viewed as gatherers. We gather security event data, collect logs for review, build documentation based on information about our environment, and group informational assets in like-valued groups to focus our defenses. I think we’ve got the gathering part down. It’s similar to our propensity to react. We may not be great at reacting (or more likely, we’re great at reacting at only a few things), but we get plenty of exposure to it. You cannot be a successful security professional by only being a gatherer, and your team won’t be successful if you only hire and employ gatherers. Just like most societal norms that evolved over thousands of years, you need hunters to fill a need ...

Continue Reading

Contextual Deep Content Inspection for Security standard

It’s 2012 (didn’t I already say that on Wednesday?) and the reality of 2011’s shifting security landscape should have set in by now. As much as many of you may want to go back to the days of worrying about Anti-Virus definition files, basic patching, and a single border firewall as the makeup of your entire security posture, its time to take a serious look at how you will plan your defenses for 2012. One defensive technologies that is getting another look is Data-Loss Prevention (DLP)1. By itself, an implementation of DLP can go a long way to prevent serious issues in simple to moderately complex IT environments—but the bad guys are better than that. They know ways to hide ...

Continue Reading

DNS Query Logging—Looking for Fires standard

Yesterday morning I was catching up on some RSS feeds1 and came across this interesting post from Trevor at ThreatSim entitled Fighting The Advanced Attacker: 9 Security Controls You Should Add To Your Network Right Now. After reading it, I had one of those “Ah-ha” moments where I looked at one of the recommendations and asked myself, “Why am I not doing that?” For those of you who know me (or have ever had to get on my home WiFi), you know that I have made my home network entirely too complex for what I need it to be. Three different DMZs is a little insane, don’t you think? But I did it for a reason—so that I can talk ...

Continue Reading

Anatomy of an Attack Critical Security Checklist standard

If you have seen me speak over the last couple of months, there is a good chance you heard me talk about advanced threats, sometimes in the context of the RSA breach. Near the end of these talks I either flashed up a slide that had a checklist of things detailing changes we made, or people asked me specifically (like what happened at the Evanta CISO Summit in San Francisco on Monday) what things we did to bolster our security. For those of you who have asked for access to this slide, I’ve gotten permission to post our Security Practices – Critical Checklist here. Enjoy!

Continue Reading

To Win, you must Know Everything standard

I hate when people use the term “cyberwarefare” outside of its original context—a true war of nations trading bombs for bytes in the tubes. Sure, organizations are being attacked by nefarious groups that seem to be marching toward specific and fruitful goals, but is it really cyberwarfare? Regardless of what you want to call it, you still must act and react like someone is launching a digital missile campaign against your information. You can either sit and wait for someone else to tell you that you have been compromised, or you can take ownership of the problem and start up-leveling your intelligence gathering and analysis. It’s the Big Data problem of security. Your enemy is doing this, so why aren’t ...

Continue Reading

Living in a State of Compromise standard

Imagine for a second that your boss came up to you and said, “We’ve been compromised. Assume trust doesn’t exist. Now define our new security organization and architecture!” Unfortunately, it may take events like that to change our perceptions or actions when approaching securing our organizations. Depending on who you talk to, we already are living in a state of compromise. I prefer removing the element of trust form my strategy as much as I can, and focus on how I would secure a system, application, or network if I knew there were hostile elements in it. Changes your perspective a bit, doesn’t it? All of the sudden, those satellite locations start looking less like friends and more like foes. ...

Continue Reading

Attack the Humans First standard

Information security professionals live in exciting times. It’s a constant battle of escalations between the new ways technology can be used to conduct business, and the new ways the bad guys can incorporate technology in their overall strategy to steal information. But an interesting trend emerged this year that has always been around, but now is used in a much larger sense when going after data: Human hacking. The nice way to say it is “social engineering.” How do I convince Sally in Accounting to give me information that i can then use for my own personal financial gain? It’s not a new concept, and frankly tamer versions are used daily by politicians, sales professionals, and children. The challenge for ...

Continue Reading

Walls Aren’t Enough standard

The bad guys are getting smarter, more creative, and more persistent, so what are we doing in response? I can’t tell you how sad it is to hear things like this when I ask how companies are shifting their security programs in order to combat advanced threats: We’re upping our patch schedules from one month to two weeks. We’re deploying anti-virus signatures faster. We’re consolidating all of our user laptop images to a gold master. We’re deploying outbound content filtering. Sure, those things help. But individually they are largely ineffective in shifting the balance in your favor. Think about how IT evolves through bolted-on enhancements. What did day one of the business look like from an IT perspective? What does ...

Continue Reading

This is a unique website which will require a more modern browser to work!

Please upgrade today!