Say no to backdoor access…

I was reading an interesting open letter sent to President Obama by a big group of technology companies and technologists. In essence, the letter asks for the administration to reject any proposal/legislation that would require for U.S. companies to deliberately weaken the security of their products. This all comes as a result of recent activities by many…

More than Meets the Eye

In Arlington, VA, there is a center that focuses on cyber attack mitigation, where close to 100 specialists monitor what’s going on in the world. This is the Department of Homeland Security (DHS) cybersecurity center. It is located in a suburban area in a building with no government seals or signs. In short, it is…

An APT Case Study

The RSA IR team deals with APT actors on a daily basis on networks of various sizes. Regardless of the size of the network, or the number of advanced actors we find in them, one thing is paramount to both us and our customers during investigations: the ability to quickly scope severity of the intrusion. …

Cybercrime 2015: The Evolving Underground Marketplace

It’s not uncommon for a fledgling industry to move from its early, Wild West days populated by a few iconoclasts to a more mature, customer-focused cadence as adoption increases. We’ve seen this across many technology sectors, notably automobiles and computers (Henry Ford and Bill Gates had a lot in common – a topic worthy of…

Wolves Among Us: Abusing Trusted Providers for Malware Operations

Within the past year the RSA Incident Response (IR) team has worked multiple APT engagements where they’ve identified the adversary’s malware using a unique method of determining its Command and Control (C2) server. By leveraging trusted content providers, such as popular shopping sites and discussion forums, adversaries can perform operations within a network in plain…

Identity: The Keystone of Security

Okay, I’ve started this blog post with a deliberately controversial title, which truthfully is intended to be a bit of a thought experiment. Let’s suspend our disbelief, and think about the security landscape from this perspective for a few minutes. Really, this posting is intended to recap my thoughts and impressions from last month’s RSA…

Stop Them in their Tracks: A Cyber Kill Chain Approach

I first heard this concept at a cyber risk conference in New York…  A hacker entity has 1 shot to infiltrate your network, but you have 7 opportunities to stop them. Those seven opportunities refer to the Cyber Kill Chain. Patented by Lockheed Martin, the Cyber Kill Chain® is an intelligence-driven computer network defense framework…

End-to-End Message Encryption — Can it be done?

End-to-end (e2e) encryption for email is hard.  We know this from OpenPGP and S/MIME efforts with the main problem being around obtaining, installing, and exchanging keys.  While there are a number of positive efforts to fix e2e encryption for email, it may take a while for a viable easy to use solution to be deployed…

Identity Lifecycle Management—Closing the Gaps

The “lifecycle” part of identity management refers to the governance and administration needs related to managing identities. It encompasses all the processes needed for setting up identities and associated access rights, and for ensuring that entitlements are kept up to date. Management of the entire identity lifecycle is essential for achieving security and good governance.…

Compliance by Design

It’s not often that I get to share the stage with a legal expert. But at this year’s RSA Conference US, Hayden Delaney and I gave a session on Compliance by Design, exploring this emerging discipline that is becoming as important as Privacy by Design and Quality by Design. (image copyright ©2015 Havden Delaney. Used by…