14. February 2011 · Comments Off on YouTube – Seculert Cyber Threat Management · Categories: blog · Tags: , ,

YouTube – Seculert Cyber Threat Management.

Our partner Seculert has just published this video on YouTube, highlighting it’s ability to complement existing security controls to provide detailed information on systems compromised by botnets.

10. February 2011 · Comments Off on The Top 10 Security Questions Your CEO Should Ask — CIOUpdate.com · Categories: blog · Tags: , , , ,

The Top 10 Security Questions Your CEO Should Ask — CIOUpdate.com.

From PwC, here are the top 10 questions your CEO should be asking you:

  1. Who is accountable for protecting our critical information?
  2. How do we define our key security objectives to ensure they remain relevant?
  3. How do we evaluate the effectiveness of our security program?
  4. How do we monitor our systems and prevent breaches?
  5. What is our plan for responding to a security breach?
  6. How do we train employees to view security as their responsibility?
  7. How do we take advantage of cloud computing and still protect our information assets?
  8. Are we spending our money on the right things?
  9. How can we ensure that we comply with regulatory requirements and industry standards in the most cost-effective, efficient manner?
  10. How do we meet expectations regarding data privacy?

This article provides a paragraph or two on each one of these questions.

02. February 2011 · Comments Off on Seculert Research Lab: The New Trend in “Malware Evolution” · Categories: blog · Tags: , , ,

Seculert Research Lab: The New Trend in “Malware Evolution”.

This post by Seculert Research Labs provides an overview of the evolution of Carberp. Carberp is a relatively new botnet which is rapidly evolving into the one of the most sophisticated pieces of malware ever seen.

Some say it will be the successor to Zeus. Whether that happens remains to be seen, but its developers are surely competing for the cybercriminals’ software budget.

30. January 2011 · Comments Off on Schneier on Security: Whitelisting vs. Blacklisting · Categories: blog · Tags: , , ,

Schneier on Security: Whitelisting vs. Blacklisting.

Excellent discussion of whitelisting vs. blacklisting. In theory, it’s clear which approach is more appropriate for a given situation. For example:

Physical security works generally on a whitelist model: if you have a key, you can open the door; if you know the combination, you can open the lock. We do it this way not because it’s easier — although it is generally much easier to make a list of people who should be allowed through your office door than a list of people who shouldn’t–but because it’s a security system that can be implemented automatically, without people.

In corporate environments, application control, if done at all, has been done with blacklists, it seems to me, mainly because whitelisting was simply too difficult. In other words, in theory white listing is the right thing to do, but in practice the tools were simply not there.

However, this is changing. Next Generation Firewalls hold the promise of application whitelisting. If the NGFW can identify and classify all of the applications traversing the organization’s network, then you have the visibility to implement application whitelisting.

The advantage of network-based application whitelisting is that you get off the treadmill of needing to identify every new potentially malicious application and adding it to the blacklist.

The objective is that the last firewall policy rule is, “If application is unknown, then block.” At that point you have returned to the Positive Control Model for which firewalls were conceived.

25. January 2011 · Comments Off on SaaS Compliance solution from Navajo Systems · Categories: blog · Tags: , , , , , , ,

While there are many compelling benefits to Software-as-a-Service solutions like Salesforce, SuccessFactors, and Gmail, there are also privacy, security and compliance inhibitors which arise from the fact that SaaS application data is stored in clear text.

For many organizations, encrypting the communication between users and SaaS applications is simply not enough. Some large organizations have resorted to installing SaaS applications in their datacenters to meet privacy, security and compliance requirements. This way they get some of the SaaS application benefits but still must endure the real estate, power, hardware, communications, and associated administrative expenses themselves.

Some organizations have restricted the use of SaaS applications to those where clear-text data does not run afoul of regulatory issues.

The ideal solution would  be to encrypt data on the way into and back out of the SaaS applications. SaaS backup solutions, for example, have been doing this for years. The file metadata stays in clear text but the files themselves are encrypted. However, for data-oriented applications like Salesforce, SuccessFactors, and Gmail, standard data encryption does not work because once the data is encrypted, you cannot search or sort on it.

Finally, a solution has come to market – Navajo Systems – which allows you to meet regulatory compliance requirements for storing, for example, Personally Identifiable Information (PII) and Protected Health Information (PHI) in SaaS applications. Navajo’s breakthrough is an encryption algorithm which allows searching and sorting. In other words, data is encrypted before it leaves your organization and is stored in the SaaS application in that same encrypted form, yet can be searched and sorted in a way that is both transparent to the SaaS application and to the users!!

Only you have the encryption keys. No one at the SaaS vendor can read your data. Full disclosure, Cymbel is partnering with Navajo. We would be glad to show you exactly how this works.

Here are links to more information about SaaS Compliance and Navajo Systems.

24. January 2011 · Comments Off on Panda Security goes inside the web’s black market · Categories: blog · Tags: , , , ,

Panda Security Goes Inside Web’s Black Market

PandaLabs released 44 page report called, The Cyber-Crime Black Market: Uncovered. If you are not familiar with the subject, this report is very good. Here are some highlights:

The exponential growth of malware

Five years ago, there were only 92,000 strains of malware cataloged throughout the company’s 15-year history. This figure rose
to 14 million by 2008 and 60 million by 2010, which gives a good indication of the rate of growth.

At this rate is it reasonable to rely on a signature-based approach to malware detection? No mention is made of 0-day malware. We like FireEye‘s behavioral approach to complement a signature-based approach to anti-malware.

The cyber-crime professions

Panda quotes the FBI’s list of ten different professions that make up the cyber-crime black market – Programmers, Distributors, Tech Experts, Hackers, Fraudsters, Hosted systems providers, Cashiers, Money mules, Tellers, and Organization Leaders. This division of labor should give you some idea of the maturity of the cyber-crime underground.

The process

Panda does a fairly good job of documenting the process although this section of the report could have been better organized.

The black market at-a-glance

This section show just how sophisticated the black market ecosystem is. Just like the markets we engage in every day, there are promotion, try & buy offers, discounts for volume purchases, multiple payment options, and post-sale support services.

What to do and what not to do

The report closes with some common sense advice as to what to do and what not to do to minimize your risk of cyber-fraud.

24. January 2011 · Comments Off on Zeus evolves to target online payment providers · Categories: blog · Tags: , ,

Zeus Latest Evolution in Malware Trends – Targets Online Payment Providers.

Trusteer is reporting on the evolution of the Zeus malware. Originally it targeted users performing online bank transactions. It’s now targeting online payment providers like Money Bookers, Web Money, netSpend, and e-gold. These types of companies have millions of users. If one of these users has his or her account looted, what recourse does the person have? After all, these are not banks and are most probably not legally bound to make good to their abused clients.

24. January 2011 · Comments Off on Zscaler reports on ‘blackhat’ SEO numbers for December 2010 · Categories: blog · Tags: , , ,

Zscaler reports on ‘blackhat’ SEO numbers for December 2010.

One of the Social Engineering risks a user must cope with is malicious web page links that show up in Google searches. Google is aware of this problem and works to weed out the “blackhat” website pages that attempt to fool Google’s algorithms.

While Google’s efforts are improving, Zscaler is reporting that in December 2010, Google flagged only 44% of the “blackhat” links that Zscaler identified.

Full disclosure – Zscaler is a Cymbel partner.

23. January 2011 · Comments Off on Facebook scam: Guy that lives on my street killed his girlfriend today · Categories: blog · Tags: , ,

Facebook scam: Guy that lives in my street killed his girlfriend today.

Social Engineering creativity knows no bounds.

This one has been spreading for a couple of days, posing as a news story from one of your Facebook friends that someone who lives in their street has killed his girlfriend.

If you have been hit by scams like this on Facebook, and are struggling to clean-up your profile, here’s a YouTube video I made which describes what steps you need to take.

22. January 2011 · Comments Off on Cisco 2010 Annual Security Report – Cybercrime ROI Matrix · Categories: blog · Tags: , , , , ,

ReadWrite Enterprise has a nice summary of the Cisco 2010 Annual Security Report. Here are some of the key points.

Cisco goes MBA-ish with a quadrant to show trends in cybercriminals’ attack methods.

Social engineering continues as a key technique. Cisco highlights the seven weaknesses social engineers exploit: sex appeal, greed, vanity, trust, sloth, compassion, and urgency. Cisco recalls the Robin Sage fiasco.

Java has become the number one target for cybercriminals replacing PDF.

And of course, Cisco acknowledges Stuxnet and the “evil” cybercrime winner.