Speaking of Security – The RSA Blog and Podcast

The SOC analysts’ goal is to hunt for malware, rogue insiders, misplaced sensitive data, advanced attacks, and other threats on a huge enterprise network terrain and help to guide-in colleagues to execute the digital hunt. Successful SOC analysts do this by leveraging their experience and their understanding of sensitive corporate systems and data, and by constantly surveying their environment, looking at tracks (logs), keeping in contact with the global security community (via various feeds and Websites), and even using a form of video surveillance (full network packet capture) to see where the “animals” are lurking, in as close to real-time as possible.

In my job, I get to think a lot about where things are going. I’m hearing day in and day out that security is a major stumbling block to fully virtualizing a datacenter and also for “cloud”. In the case of the virtualized datacenter, what many call Private Cloud, this stumble usually happens when the security guy is brought in after the ball is already in motion and promptly puts a stop to things “until it’s secure”.

In this modern world where information is one of the most, if not the most important assets an organization can have, CISOs are tasked with preventing attackers from coming into their networks and stealing sensitive data. In order to do that, they arm themselves with an assortment of security tools, products and services used to secure these networks, protect information and mitigate the various threats to it. However, while these solutions grow more sophisticated, so do the challenges of the modern world CISOs face.

Hospitality and transportation have amazing access to PII (Personally Identifiable Information) for wealthy individuals or at least people with sufficient savings to travel and also to lucrative, high-limit pockets of corporate cash. Given that most people who travel are by definition anomalous spenders (e.g. you spend $300 on a night in San Francisco and then $500 in Tokyo the next day), anomaly detection is typically not as effective as it could be and requires tuning and adjustment to a subset of the population rather than normalizing with the largely more sedentary population.

In this ZeusiLeaks file I’ll talk about how fraudsters tap the communications of a company’s executive board – the holy grail of inside info. Quick reminder: WikiLeaks, the largest leak of data the world has seen? Nonsense! Trojans like Zeus and SpyEye lurk on millions of personal, corporate and government PCs, stealing data 24 by [...]

RSA GUEST BLOG POST by RSA’s Ian Farquhar: Many years ago, I came across a comment in a support call log which concluded “Fault isolated in Layer 8.” I asked for clarification. “User error,” I was told smugly, by the call log’s author. I also remembered an old acronym from more than a decade before: PICNIC. “Problem In Chair, Not In Computer.”

Earlier this Fall, I was a panelist on a CFO Magazine webcast on “Data Security and Liability”. One of my colleagues on that panel, David Allred from Zurich Technology Insurance Services, remarked towards the end of the webcast that over the next 10 years, insurance policies against liabilities and losses resulting from a data breach will become as common as fire and other standard insurance offerings. That got me to thinking about the complementary and conflicting roles of insuring and ensuring against data breaches.

I had the pleasure of participating in the national launch of October 2010 as National Cyber Security Month in Seattle on October 4th in Seattle, Washington. Howard Schmidt, the President’s Cyber Coordinator and Department of Homeland Security Deputy Secretary Jane Holl Lute were the keynote speakers.

…corporate secrets comprise two-thirds of the value of a firms’ information portfolios. Despite increasing mandates, custodial data assets aren’t the most valuable in an enterprise. Proprietary knowledge or secrets are twice as valuable as custodial data, and its corporate secrets that help organizations generate revenue, increase profit and maintain a competitive edge. On the other hand custodial data is what is typically entrusted to an organization to protect and regulatory mandates apply to this type of data.

I was with a CISO of a major retailer in Europe a few days ago and we were discussing social networking and web 2.0 technologies. He’s been in the business for 24 years and as a CISO was used to saying ‘no’ to most requests if it meant that a new risk was introduced into his environment.