More than a Balance: Privacy and Security as Partners in Trust

I was in Dublin recently to speak once again at the Secure Computing Forum. The theme this year was “Security and Privacy: Getting the Balance Right”, so I talked briefly about the KPMG report that I discussed in my 2013 blog on “Balancing Security and Privacy”, in particular the KPMG conclusion that “A balance can…

RSA Rises to the Challenge of APTs

Recent news around APT attacks have underscored the critical importance of improving our techniques for rapidly detecting, analyzing and responding to APTs. To foster research in this area, Los Alamos National Lab (LANL) recently released an anonymized dataset of DNS activity collected from their internal servers over a two months window (February and March 2013), overlaid with traffic from 20 simulated APT attacks during the month of March. LANL also issued a public challenge to the cybersecurity community to “develop techniques for detecting malicious externaldomains given the DNS logs for a site and to identify potentially infected hosts in the process.”

Five Common Corporate Pitfalls in Cyber Security Management

A fair percentage of clients that I have provided incident response services to over the last 12 months are operating without security or oversight on the Internet, meaning not a single person employed at that organization is solely dedicated to working on security issues. While this is common for small companies and startups, these clients matured over the years to the point where they had hundreds or thousands of employees and even more computing devices on the network. What had not occurred, however, was the investment in security commensurate with the growth of the company.

Security Monitoring Use Cases with RSA Authentication Manager

Organizations which deploy RSA Authentication Manager (SecurID) for enforcing two-factor authentication frequently think of their RSA SecurID solution only as an additional security control to enforce strong authentication to resources. However, by analyzing the wealth of log data that is generated by RSA Authentication Manager, organizations can gain valuable intelligence that can be useful to detect attacks and perhaps even predict new attacks.

The Top 10 Gaps in Breach Readiness

After having conducted a number of such Breach Readiness Assessments over the past year or so with customers in a variety of industry sectors – including, aerospace, financial, telecommunications device manufacturers, and health care technology – we’ve compiled a list of the Top 10 gaps that we’ve observed during these engagements. The following list is roughly ordered in frequency of occurrence (gaps at the top were seen at more customers than those further down the list), but all were observed at numerous customers.

An Intelligence-Driven SOC – Come See It

I just returned from a weeklong trip to Europe, where I contributed my voice to the wildly successful series of RSA Security Summits. With near unanimity in London and Zurich the audience accepted our premise that as a result of the changing IT landscape – including cloud, mobile, big data, extended workforce, supply chains – and the realities of today’s sophisticated attackers, the approach to security in organizations needs to dramatically change. Furthermore there was also general agreement that today’s preventive security systems, that are largely perimeter and signature-based, no longer provide sufficient defenses, and that to compensate organizations must improve their detective and response focused security controls. This quickly led to the practical and real challenge of how organizations can best make those improvements. How in an environment of fixed security budgets can organizations invest to create or significantly enhance their monitoring and response capabilities?

One Last Word: Next Generation Security Operations

Over the last few weeks I have outlined several elements of Security Operations that are bubbling to the surface in my blog series “Next Generation Security Operations”. The series really focused on the reactive side of security management and a key theme was the connection between nuts and bolts security with broader processes. A key point I wanted to communicate was not only the need for companies to remain vigilant and evaluate the detective side of security management but also look outside of the technical infrastructure for inputs to improve the reaction time within Security Operations. As most of my readers are GRC Practitioners, this connection stimulated some interesting conversations I had with customers from the GRC side of the house and I hope made some of the same connections from the security side.

Next Generation Security Operations: The Wrap-up

Over the last few blog entries, I outlined some of the dimensions that security operations need to think about during 2013 and beyond. In some respects, this is the tip of the iceberg – there is only so much you can cover in a blog. However, I think there are some important items to put on the radar.

Next Generation Security Operations: Flesh and Blood

Years ago, companies had to worry about the “brick and mortar” threats – physical theft, property destruction, natural disasters. Next, it was the “bits and bytes” threats – intellectual property theft, website defacement, denial of service attacks. Now, there is a new element to our threat landscape – the “flesh and blood” threats. I don’t mean personal physical attacks but rather attackers exploiting an individual for nefarious purposes.

Next Generation Security Operations: The Breach Escalated

To continue with my series on the Next Generation of Security Operations, I want to look at how well the operations are positioned for the be-all, end-all of security – the actual Security Breach. Security incidents have a life of their own. How it all turns out is very dependent on how soon the problem is detected. Initial detection and preventing an attack early in the ‘kill chain’ can minimize or even stop any issue from escalating. However, that is not always possible and security operations must be prepared to escalate throughout the entire process until closure. There are some traditional stages when it comes to Security Incident response.