CSAW 2013 and Threads


This year’s CSAW and Threads events really show why NYU is a strong community for Cyber Security.  I was nothing but the best when it comes to the list of speakers.  Some of the key players expanded on their previous talks earlier in the year from Defcon, while others provided some sound interesting new ways to look at old security problems.  I especially enjoyed Hank Leininger’s password topology talk.

Threads Speakers

CSAW was also very impressive.  I had the privilege of seeing this event from the judges perspective for the High School Forensics (HSF) competition.  All I can say is that some of these contestants were simply impressive.  Not only was their forensic work top notch, but their reporting and quality of work performed was amazing for individuals with no professional experience.  The winners of this contest really do deserve the scholarships they are awarded and I’m sure many of them will continue to be key players in the security scene for years to come.  Congrats to all the teams especially The Cams Nugget and Electric Sheep.

CSAW 2013

CSAW High School Forensics (HSF)

Healthcare – The Next Major Cyber Attack Target


With all the healthcare industry regulations around data leakage there has been a decent effort put in place to protect individual records, however the healthcare organizations are still struggling to get this under control from both a physical and cyber perspective.

Even though the medical industry is still battling to protect sensitive records they are facing another more persistent problem.  These organizations are under attack because the adversary wants to understand the underlying business practices and to obtain important intellectual property. With the aging population and billions of dollars spent on research and development for drugs, these organizations have a good deal of market cap to lose.

The recent FireEye report shows that although Healthcare is not the top malware candidate it is continually targeted by these attacks.  Also notice that the energy sector which has been heavily targeted in the past few years is tracking less than the healthcare industry.

FireEye Stats

http://www2.fireeye.com/WEB2012ATR2H_advanced-threat-report-2h2012.html

 

To understand the extent of the threat another posting was released on March 14 titled “Medical Industry Under Attack by Chinese Hackers”.  Here is one of the key quotes from this article.

“Healthcare is listed as one of China’s priorities in its 15-year science and technology development strategy for 2006 to 2020“

“Many of these victims have technology or drugs that are a monopoly. If you are the first to market with some great new technology breakthrough or drug, and you get a profit from that research … it would definitely be an issue for the Chinese to target some of these“

http://www.darkreading.com/threat-intelligence/167901121/security/attacks-breaches/240150858/medical-industry-under-attack-by-chinese-hackers.html

 

As recent as March 20th an article in The Daily Briefing was posted stating:

“Rich Barger—chief intelligence officer for CyberSquared, a data security company—said his firm can confirm that at least three Chinese advanced persistent threat groups, or APT groups, have targeted medical organizations.”

http://www.advisory.com/Daily-Briefing/2013/03/20/Hackers-target-medical-organizations

 

As you can see the industry is definitely under attack and many healthcare organizations are more than likely compromised.  The unfortunate problem is that these companies are spending all their security money to focus on the leakage of personal and medical records, but they are still implementing the wrong controls to protect against a threat that impacts their entire business model.

If the healthcare industry does not shift its current security strategy and prioritize its spending on the right prevention controls then their data and business models will be complexly assimilated in the next decade.

7 Ways To Optimize Your Security Technology Investments


Security technology spending is at an all-time high.  Determining the right strategy to reduce cost is essential to security planning and any CISO’s agenda.  Consider implementing the 7 following ways to optimize new security technology investments.

  1. Consolidating security vendors for particular solutions will reduce cost as a result of volume discounts and costs associated with increased complexity, risk, down time and staff management.
  2. Reducing the number of endpoint agents will reduce cost by decreasing the complexity of the environment, testing cycles per agents, and administrative staff time required.
  3. Negotiating hardware and software licensing costs as well as security professional services for longer periods of time allows security vendors to reduce paperwork and management costs, which in turn can be provided back to the organization.
  4. Implementing adequate security protections can reduce costs associated with employee productivity loss, security breaches, as well as the IT labor costs associated with endpoint infections, managing signatures, false positives, tuning, etc.
  5. Using automated software to provide agent updates, tuning, patches, and signatures reduces costs associated with employee productivity loss and IT labor management.
  6. Reducing complexity of the environment by consolidating consoles for items such as endpoint and network technology, logging, or security configuration management provides faster access to relative data and possible security incidents.  Less complexity and faster access reduce costs by decreasing the infection rate and reducing the IT labor management.
  7. Focusing on the primary business while outsourcing certain security functions should be evaluated regularly.  Some costs may be reduced by avoiding security infrastructure and software costs as well as additional IT labor and training costs.

Building the Security Operations Center (SOC)


Whether defending against common malware or some determined Nation State, being able to proactively detect attacks and changes in the organization are required.  The past year I spent a large amount of time helping several organizations setup and put in place the right people, processes, and technology to help defend against increasing security threats.  Although many organizations spend millions of dollars on technology and hire staff to monitor security 24/7 the organizations were still lacking two fundamental items.

  1. The people although good at monitoring lacked the attack and threat mind set.  The staff was not able to figure out when an actual attack was happening.
  2. Second the organizations lacked the basic security operations processes required to keep track and make appropriate use of the vast amounts of data.

As a result I spent the past few months developing a whitepaper that specifically addresses the primary components of a SOC, which can be used to help organizations setup a centralized core and embark on developing the correct operational processes.  Although I don’t address item number one above, this paper explains in detail the following.

  • Defining the SOC
  • Determining the Processes
  • Understanding the Environment that needs protected
  • Identifying the SOC Customers
  • Staffing the SOC
  • Managing the Events
  • Leveraging ITIL compliance

Creating and Maintaining a SOC – The details behind successful Security Operations Centers

If your organization is under attack and you have invested in more people and technology be sure to implement the right processes and build a foundation for future defense.

Get Your Daily Security Feed


There has been a large amount of security information and recent attacks posted in the media.  We have Mandiant’s report on China as well as several issues concerning Java.  The pure volume of information over the past year has made it difficult to keep up without a combination sources.  As a result InfoSecAlways has done a few modifications to the site.  Please check out the new “Security Feeds” in the right column (4th Block Down).  This is a combination of about 20 different security RSS feeds piping into the blog now.  You can check the site daily to get the latest news and updates in the industry.

Also, check out the links page as there are several new Threat and Vulnerability links added.  These are great if you are looking for specific attacks, breaches, or threats.