The level and sophistication of advanced threats is a constantly moving target pitting the advantages of smart and patient attackers against security teams that often times can’t possibly know what to look for when an attacker employs specialized techniques and tools designed to cloak their movements. What happens when an attacker doesn’t have to rely on malware to infiltrate their target or when an attacker is able to successfully blend in like a legitimate insider? In this edition of the Speaking of Security Podcast, Tom Chmielarski, Practice Lead in RSA’s Advanced Cyber Defense Services shares some of the attack techniques he’s seen used in real breach cases, along with best practices used in the detection and defense of these advanced attacks.
Cybersecurity has been visible in EMC keynotes before. Last year Pat Gelsinger spoke about the importance of security in VMware architecture, for example. But this year is the first time that security has taken center stage in the opening keynote.
I just returned from a weeklong trip to Europe, where I contributed my voice to the wildly successful series of RSA Security Summits. With near unanimity in London and Zurich the audience accepted our premise that as a result of the changing IT landscape – including cloud, mobile, big data, extended workforce, supply chains – and the realities of today’s sophisticated attackers, the approach to security in organizations needs to dramatically change. Furthermore there was also general agreement that today’s preventive security systems, that are largely perimeter and signature-based, no longer provide sufficient defenses, and that to compensate organizations must improve their detective and response focused security controls. This quickly led to the practical and real challenge of how organizations can best make those improvements. How in an environment of fixed security budgets can organizations invest to create or significantly enhance their monitoring and response capabilities?
In my earlier blogs on Transforming Security Analytics and Transforming Trust, I wrote about the strong focus we have on cybersecurity at this year’s EMCworld, previewing several of the sessions that will highlight security topics. In addition to those presentations, we’ll also once again have a Birds-of-a-Feather session, focused on Building your Trusted Cloud. It’ll [...]
This blog series examines response options to an enterprise intrusion of some sort, be it by “APT” or Hacktivists” or some other category involving a purpose-driven actor. I’ll refer to these as targeted attacks even though they are often not targeted too specifically, but that’s a different topic. These threats pose a risk to the organization that is, generally speaking, more severe than typical malware on a single system. A hactivist attempting to discredit your company will probably have more of a business impact than a single computer infected by the Zeus crimeware trojan. Of course, that “common” Zeus infection could happen to be on a system used by someone in finance who has access to company records, as seen in actual attacks, and may indicate a major threat to your organization.
When it comes to defending our networks we have to be right 100% of the time but a cybercriminal has to be right just once. We must shift this balance if we are ever going to be in a position to truly protect and defend our networks. In fact, defence is probably no longer appropriate [...]
The SBIC has produced a new report that is mobile centric called “Realizing the Mobile Enterprise.” The council builds on data. In this case, it builds on a fascinating series of online polls that show a rapid litmus-like test of the mobile landscape and, in particular, the degree to which “the enterprise” (an interesting notion [...]