Last week Mandiant produced their report entitled ‘Mandiant APT1 report’ that was widely covered by global media and essentially exposed a ring in China allegedly responsible for APT attacks. To many, this in itself is startling news and there have been many stories pointing the finger at hackers in China. However, on reading the report [...]
My blog today reflects on newly published research from Jon Olstik at ESG (from whom I borrowed the title of this blog), which covers the collision of advanced threats, security monitoring, SIEM, big data technologies and techniques, and organizational security maturity. In the paper Jon clearly brings forward his argument – with which I completely agree – that security threats have changed and thus the tools used and approaches for defense need to change significantly. I recognize this sounds a bit clichéd, but read the paper and you will see that there is a clear argument and evidence to back up this claim. One very obvious technical trend is that the flood of security data that is required to provide the visibility that is necessary to improve the organization’s defenses, have gone up — way, way up.
Every year we seem to have a new buzz term in security. As someone who lives in the security product marketing world I’ve seen trends come and go. Terminology that was once mandatory in every piece of collateral suddenly becomes stale and cringe-worthy (APT is becoming one of these). We’ve had a bunch of buzzwords and phrases; some were pretty good and some were really terrible. I should know I helped propagate some of these buzzwords.
The IODEF is a standing IETF RFC that is designed to address and define a data representation that provides a framework for sharing information commonly exchanged by Computer Security Incident Response Teams (CSIRTs) about computer security incidents. The basic premise is that organizations need help from third parties to mitigate malicious or nefarious activity targeting their hosts and networks. They need to gain additional (presumably absent) insight into these new and exotic threats. The coordination element of this communication seems to be less obvious and natural than one might think hence, the need for a standards-driven framework for coordinating this process.
Introduction In the first installment of this blog series we discussed several principle ideas and concepts necessary for security analysts as they seek to master an understanding of indicators of compromise (IOC). We discussed how IOCs relate to observables and how observables tie or relate to measurable events or stateful properties on a host. We [...]
War and Peace One of my favorite Latin sayings was one that was considered common during the height of the Roman Empire. In pace, ut sapiens, aptarit idonea bello or for those of you who do not speak Latin: In peace, like a wise man, he appropriately prepares for war. Many information security professionals laugh [...]
RSA’s Peter Tran talks to Speaking of Security about new Advanced Cyber Defense Services being offered to help orgnanizations in North America and Europe create proactive strategies for defending their digital assets against a wide range of threats, and provide incident response expertise designed to help customers react aggressively to active attacks and critical incidents.
As I mentioned in my last blog, one of the sessions I gave recently at RSA Conference China was a discussion of “Keys and Clouds”, exploring various models for key management and encryption in the cloud. It’s a topic that comes up often in my meetings with customers about private, public and hybrid cloud strategy. [...]
In my recent blog series, ‘learning to cook ’, I created the recipes required for protecting against Advanced Threats. Big data analytics plays a key role in this as we really need to collect all of the data in our environment. So ,where do we start with analyzing this data ? I see it as [...]
As more information about the attack on Saudi Aramco has emerged, such as in the article in Dark Reading last week, it increasingly appears to be an aggressive and significant attack, with one attacker claiming to have compromised 30,000 of the company’s clients and servers. As described in the Saudi Aramco press release, however, the [...]