Configuring the Human Firewall These days it seems every single attack out there is called an ‘APT’, but the truth is that ‘real’ APT attacks are actually much more rare and are generally not in the public domain. When planning an APT, social engineering is the most important tool in the cybercriminal toolbox. So how [...]
I had the opportunity recently to speak about “Advanced Security” at the Evanta CISO Executive Summit event in Houston. Just before going onstage for my presentation, I had a great conversation with David Frazier (Director of IT for Halliburton) about the approaches he’s taken not only in security strategy, but in discussing security with the [...]
A few months ago I had a conversation with a security professional working in a major US defense contractor. It was right after the attack on RSA. “Welcome to the club”, he said, “we’ve been hit by these APTs for years”.
So Ok, you think you know security. Riddle me this one… What does Jennifer Lopez and computer hackers who’ve attacked America’s defense establishment have in common? If you answered both are featured in this September’s issue of Vanity Fair magazine, you’d be right, and a true member of the all knowing security club.
In January 2010, at the turn of the decade, I wrote the following lines in my blog: “It will be an interesting decade from a cybercrime perspective. Employees are one of the weakest links in corporate security… The current defenses cannot suffice, and the industry must think of a new defense doctrine.” A lot of folks in the security space raised an eyebrow.
Building the right strategies and principles into any security program and, frankly, gaining awareness and building relationships at all levels and with all functions in a company or organization is critical to success. While confronting APTs will require giving up the idea that it is possible to protect everything, security teams will have to focus on protecting the organization’s most critical information and systems. Or even more strongly stated- they will get in – the goal is to detect them early and minimize the damage.
On the flight home from this year’s Gartner Security & Risk Management Summit, I reflected on some of the highlights of the trip. I look forward to this show every year due to the high level of customer engagement and great conversations. In looking for overall themes from the event I noticed, not surprisingly, a lot of emphasis around advanced persistent threats.
The question of “why” EMC has acquired NetWitness will no doubt come up (beyond the fact that they are the obvious market leader with awesome technology) and how do they fit? Over the next few months that will become increasingly clear and in fact obvious if it isn’t already, but I thought I’d start with a simple analogy that I will connect first with RSA enVision (i.e. with Security Information and Event Management or “SIEM”) and then with RSA Archer (i.e. with Governance Risk and Compliance or “GRC”).
I was on a tour in Asia Pacific when I first heard the news about the attack. The investigation into this attack continues but I’m eager to share some information with you about it. Let’s first make sure everyone is on the same page. The number of enterprises hit by APTs grows by the month; and the range of APT targets includes just about every industry. Unofficial tallies number dozens of mega corporations attacked; examples are in the press regularly, and some examples are here, and here.
This week’s Speaking of Security podcast reviews the key announcements from RSA at the recent RSA Conference.