Home Tags Security

Tag: security

Google plans to disable support for SSL 3.0 in an upcoming Chrome release. Mozilla has similar intentions. Google researchers first publicly disclosed a flaw dubbed "POODLE" in the SSL 3.0 protocol on Oct. 14. Though Google made a patch available for servers to help mitigate the risk, one of the best long-term solutions to the flaw is for browser vendors to drop support for SSL 3.0, which is now what Google is pledging to do for its Chrome browser. The POODLE, or Padding Oracle On Downgraded Legacy Encryption, vulnerability could potentially enable an attacker to access and read encrypted communications. SSL 3.0 is a legacy protocol that has been replaced by the newer TLS 1.2 although many browser and server vendors have still supported SSL 3.0 as a fallback mechanism. In a mailing list posting, Google developer Adam Langley wrote that for the upcoming Chrome 39 stable release, SSL 3.0 fallback will be disabled. "SSLv3 fallback is only needed to support buggy HTTPS servers," Langley wrote. "Servers that correctly support only SSLv3 will continue to work (for now), but some buggy servers may stop working." If a user hits a server or online application that doesn't work, due to the SSL 3.0 fallback removal, Chrome will show a yellow badge over the lock icon in the browser. By disabling the fallback and showing the yellow warning badge, Google is giving site owners a chance to update their sites before dropping SSL 3.0 entirely. The current plan is for Chrome 40 to completely disable SSL 3.0 support. Google isn't the only browser vendor to take steps to limit the risk of POODLE. The upcoming Mozilla Firefox 34 release is also set to remove support for SSL 3.0. Microsoft however is taking a slightly different tack for its Internet Explorer browser. There is now a "Fix it" tool from Microsoft to disable support for SSL 3.0. When POODLE was first reported on Oct. 14, Microsoft wrote in an advisory that, "considering the attack scenario, this vulnerability is not considered high risk to customers." Apple has also taken steps to limits its users' exposure to POODLE. In its Mac OS X operating systems, Apple has not entirely blocked SSL 3.0, but rather has disabled the use of CBC, or cipher block chaining, with Secure Sockets Layer (SSL), which is at the root cause of the POODLE flaw. Though the POODLE flaw was disclosed two weeks ago, to date there have been no public reports of any exploitation as a result of the vulnerability. In contrast, a SQL injection vulnerability reported in the open-source Drupal content management system on Oct. 15 was exploited by attackers within seven hours. The fact that POODLE has not been actively exploited is likely due to a number of factors, including very low usage of SSL 3.0. Mozilla noted when POODLE was first disclosed that SSL 3.0 only accounted for 0.3 percent of all HTTPS connections. Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.
NEWS ANALYSIS: Tests reveal that carriers may be including unique identifiers on your wireless data transmissions despite your efforts to opt out of advertising or tracking. Advertisers on the Internet know who you are; they know where you are with your mobile phone; and they can track your interests and send you advertising despite efforts on your part to avoid their attention. The good news is you can find out fairly easily if this tracking is taking place. The better news is that not every carrier inserts tracking codes in your data stream. The initial details of this practice were first revealed by the non-profit journalism group Pro Publica, which discovered that Twitter is making use of this information from Verizon wireless phones as a way to deliver advertising. AT&T is testing such a service, but has not deployed it commercially. The unique identifier, sometimes called a "perma-cookie," allows an internet site to track a specific phone and from that information build a database of information as to what the user of the phone is doing, such as looking for sports scores or searching for restaurants or shops. For the most part, the ID number does not specifically identify the person using the wireless device, but it can if the wireless company agrees to sell the information related to the device. Verizon, for example, has said that it makes such information available to its partners unless the device user specifically opts out of tracking. AT&T told eWEEK that the company is testing such a program. "AT&T does not currently have a mobile Relevant Advertising program," spokesman Mark Siegel told eWEEK. "We are considering such a program and any program we would offer would maintain our fundamental commitment to customer privacy." Siegel said that once the program goes live, customers can opt out of it completely, meaning that the unique identifier will not be inserted into the customer's data stream at all. Verizon, in contrast, lets customers opt out of providing information, but not out of the unique identifier itself. Verizon has acknowledged that the tracking code, which it calls a Unique Identifier Header, is present in all cases, even when the customer has opted out of advertising to their mobile device. The company provided an advance copy of a document explaining how it works to eWEEK. Verizon has two programs that use this information, Relevant Mobile Advertising and Verizon Selects. "When a customer opts out, our partners receive no information, anonymized or otherwise, about those customers," the document explains, but it also confirms that the UIDH remains. T-Mobile, on the other hand, says it does not engage in this sort of activity. "T-Mobile doesn’t use a 'perma cookie', like those other wireless providers are accused of using to track their customers," a senior executive in the company's corporate communications department told eWEEK. The privacy implications of this tracking are fairly obvious. But what's not so obvious are the risks that accompany the effort to grab those unique identification numbers. Some sites, for example, will instruct the mobile device to turn off its SSL encryption so that it has access to the information. While this may not matter, assuming it turns the encryption back on immediately, this does not necessarily happen.
Making seanse of the wealth of information sources in an enterprise can be challenging. BigPanda offers a SaaS model for helping enterprises understand IT incidents. Startup BigPanda emerged from stealth mode on Oct. 28, complete with funding and a cloud-based software-as-a-service model (SaaS) for helping enterprises understand IT incidents. BigPanda has raised $7 million in a Series A round of funding, which included the participation of Mayfield and Sequoia Capital. Including seed funding, the company has raised a total of $8.5 million to date. The basic promise behind BigPanda is to help organizations with the deluge of incident logs and data that is generated in a modern enterprise so that the information can be correlated and understood to help fix problems and improve efficiency. The idea of collecting events and logs and trying to make sense of them is sometimes the domain of security information and event management (SIEM) software, but that's not quite what BigPanda is aiming to deliver. Assaf Resnick, CEO of BigPanda, told eWEEK that a SIEM is somewhat parallel to what his company does. "We help IT teams make sense of the large volume of IT events that are happening across their production environment," Resnick said. "It's similar to what SIEM providers enable for security events, but we are focused on another market, IT incident management." That said, BigPanda can also consume security alerts from a wide range of security monitoring tools, Resnick said. That enables IT teams to see security events and issues alongside performance issues that are occurring throughout their production environments. Part of BigPanda's feature set is a clustering capability that enables users to map out all the different relationships between their enterprise systems. "We aggregate and normalize alerts from leading monitoring systems, such as New Relic, Nagios and Splunk, as well as home-built monitoring solutions," Resnick said. Then, by leveraging clustering and machine learning algorithms that BigPanda has developed, the technology is able to map out the topological and statistical relationships between alerts to determine relationships and commonality. Going a step further, understanding alerts is important, but so is the ability to act on alerts. To that end, there is an integration in BigPanda with deployment and configuration management systems, including support for Chef, Puppet, Ansible, Jenkins and Capistrano. The system is also extensible via BigPanda's API. "We also connect to ITSM [IT service management] and ticketing tools such as ServiceNow, Remedy, JIRA and Zendesk," Resnick said. The BigPanda technology includes some open-source elements around the front-end infrastructure, though Resnick commented that the core of the offering, including everything the company does around automation and data science, is entirely proprietary. From a deployment perspective, BigPanda is a SaaS solution that enables enterprises to consume the service from the cloud. BigPanda's cloud provider back-end is Amazon Web Services. Now that Big Panda is out of stealth, the focus is on growing the company and the technology. "The next step for the company is to grow the sales and marketing team and to continue to focus on technology innovation around expanding the use of our algorithmic platform to automate other additional areas of incident management," Resnick said. While the name BigPanda might seem somehow connected to the term "big data," Resnick said that that there is not much behind the name. "We were looking for a name that would stand out and that we could have fun with," he said. Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.
A researcher claims to have uncovered a major security flaw in the security solution following its approval by the NSA last week. By Duncan Macrae Samsung has smacked down claims that a major vulnerability has been discovered in Samsung KNOX security for Android, just days after it received approval from the U.S. government. Samsung KNOX is an Android-based solution specifically designed to enhance security of the current open-source Android platform. The NSA, under the agency's Commercial Solutions for Classified Program, recently approved the use of certain Samsung Galaxy devices within the agency. Classified Data The Samsung Galaxy 4, 5, Galaxy Note 3 and note 10.1 2014 Edition were all given the thumbs up and could be used by NSA staff to protect classified data. Samsung CEO JK Shin had stated that "the inclusion of Samsung mobile devices on the CSfC list proves the unmatched security of Samsung Galaxy devices supported by the KNOX platform." Samsung's KNOX technology allows for separate partitions on the Android devices in order to keep personal and business data separated. These partitions, sometimes referred to as containers, have their own encrypted file systems, which keep secured apps separate from applications outside the partition. However, an unnamed researcher last week published a report online detailing how phones using KNOX can easily be hacked—something Samsung has refuted. A PIN chosen by a user during setup of the KNOX App is stored in clear text on the device, the researcher claimed. Specifically, they said, a pin.xml file stored in the ContainerApp stored on the device during setup contains the unencrypted PIN number. The PIN can be used to retrieve a password hint, the report states. If a hacker has access to the phone and can retrieve the PIN, they could use a "Password forgotten?" field to obtain a password hint that turns out to be the first and last character of the supposed secret code, in addition to the exact length of the password. This Hangman style clue is just the beginning of the problem, according to the researcher, who added: "Now it is pretty obvious that Samsung KNOX is going to store your password somewhere on the device." The researcher even claims to have found the encryption key in a partition folder. Samsung, the report said, buried the manner in which KNOX creates the key deep inside myriad Java classes and proxies. The unique Android ID for each device is also used to derive the key, it added. The report reads: "Samsung really tried to hide the functionality to generate the key, following the security by obscurity rule. In the end, it just uses the Android ID together with a hardcoded string and mixes them for the encryption key. I would have expected from a product, called KNOX, a different approach." The researcher explained that the built-in Android encryption uses Password-Based Key Derivation Function (PBKDF2), which does not persist on the device. They say: "The fact that they are persisting the key just for the password hint functionality is compromising the security of that product completely. For such a product, the password should never be stored on the device. "There is no need for it, only if you forget your password. But then your data should be lost; otherwise they are not safe if there is some kind of recovery option." Samsung subsequently released a statement rubbishing the researcher's claims. Samsung said: "We analyzed these claims in detail and found the conclusions to be incorrect for KNOX enterprise solutions. We would like to reassure our customers that KNOX password and key management is implemented based on the best security practices. The security certifications awarded to KNOX devices provide independent validation of Samsung KNOX."
Admiral Michael Rogers is preparing a coalition of government, military and commercial interests to fight a global cyber war if necessary. BALTIMORE, Md. -- The chief warrior in the U.S. battle against the world's cyber-bad guys is just as worried about having his personal data breached as any of us. Also, like many of us, he admits to being a bit bewildered about how governments, enterprises and individuals can fend off insider attacks, DDoS event, zero-day exploits, malware and other security issues that have become as common as drinking water in this Age of Internet. But Admiral Michael S. Rogers (at left in photo with Jeffrey Wells), Chief of the U.S. Cyber Command and Director of the National Security Administration, is convinced that through effective working partnerships among government agencies, the military, law enforcement and key players in the private sector, long-term solutions will be found in the ongoing efforts to secure personal and business data and keep it out of the hands of cyber-criminals.  Rogers on Oct. 29 addressed attendees at the two-day Cyber Maryland Conference here at the Baltimore Convention Center. About 1,000 stakeholders were registered. eWEEK was on hand both to cover the event and to moderate a panel discussion on IoT security. Because more than 250 companies and service providers are located in the Maryland-Virginia-Washington D.C. region, it is fast becoming global Ground Zero for the cyber-security business. Cyber Maryland Initiative Providing Leadership in Security Sector Silicon Valley also has its indigenous security companies, but it also has so many other IT-related players that it simply cannot specialize the way Maryland can. Gov. Martin O'Malley, who also spoke at the Oct. 29-30 event, started the Cyber Maryland coalition initiative five years ago. Cyber Maryland promotes partnerships among government agencies, security software and services providers, educational institutions and security experts in an effort to drive innovation -- and create jobs -- in the sector. "Securing the IoT is a huge issue for all of us," Rogers said during a fireside-type chat with conference co-organizers Darin Andersen, founder and chairman of the San Diego-based CyberTECH, and Jeffrey Wells, Executive Director of Cyber Development in Maryland's Department of Business and Economic Development.  "Literally every person on earth is a sensor. We have billions of devices. It's a daunting task. "We talked about BYOD a year ago, and we're still talking about it. From a cybersecurity perspective, that's a fundamental challenge -- plus, it's a society issue. I don't think we fully understand this yet -- the second and third order of effects [of securing the IoT], involving all this connectivity, all those devices and the public and the private interests. It brings amazing opportunities but also potential tremendous vulnerability. We've got to work our way through this," Rogers said. Advantages of Having All Those Connected Devices Are Great None of us is going to walk away from the conveniences these devices provide, Rogers said. "People on average have 3 to 5 or more connected devices; we will see many more in the future. How are we going to make this work, how are we going to secure them all? That's for all of us to work toward," Rogers told the audience. As for the ever-present threats posed by numerous malevalent forces around the world, Rogers acknowledged that there is much more work yet to be done but that he believes the cyber force he is building at the federal and military levels is up to holding its own. Then he integrated into the talk a hot news issue -- the idea of the Ebola virus -- that provided more food for thought. "What if we had an Ebola-like challenge in the Internet?" Rogers said. "Not something actually infectious, but what if we had something equivalent to that in digital form, that could replicate on a global scale, with the potential ability to impact our information flow? That's pretty amazing to me but we've got to think about it."
The open-source content management system used by the White House issues a stern warning. Whenever a security exploit is fixed, users are advised to patch quickly to reduce the risk of attack. In the case of a recent open-source Drupal content management system (CMS) vulnerability, the window in which users needed to patch before being exploited has been quantified as being only seven hours. On Oct. 15, Drupal issued its SA-CORE-2014-005 advisory, warning of a highly critical SQL injection vulnerability that is also identified as CVE-2014-3704. Drupal is a widely deployed CMS that is used by the White House and the U.S. Federal Communications Commission (FCC), among other notable organizations. On Oct. 29, the Drupal project issued a follow-up warning that it was aware of public attacks against Drupal sites that had not patched for CVE-2014-3704. "You should proceed under the assumption that every Drupal 7 website was compromised unless updated or patched before Oct 15th, 11pm UTC, that is 7 hours after the announcement," the Drupal project warned. How the Drupal project was able to define the window of vulnerability is thanks in no small part to its community of hosting vendors. Greg Knaddison, director of engineering at Card.com and a member of the Drupal Security Team, explained to eWEEK that several companies that provide hosting focused on Drupal decided to create platform-level protection against this issue that not only mitigated the attacks, but also recorded data about them. "While the rate of sites upgrading for this release has been better than the historic rate, it's still not ideal," Knaddison said. "The statement is perhaps stern, but also realistic. Our goal is to encourage people to take action so that these compromised sites are cleaned up as soon as possible." While patching is what the Drupal project would prefer all administrators do, there is another mitigation that can help protect unpatched sites. "A well crafted WAF (Web Application Firewall) rule should be able to prevent this attack, and indeed CloudFlare had a rule running within hours of the release," Knaddison said. "They do still recommend upgrading sites as soon as possible, which I think is prudent." For the CVE-2014-3704 vulnerability, a Drupal administrator must go into the CMS and update, as there isn't currently an automated update mechanism for the core application.  Knaddison explained that Drupal has a system for installing and updating extensions (including modules and themes) but not for the core itself. "It does require a site admin to actually log in and click a few buttons," he said. "Some Drupal-focused hosting companies have tools that make updating the core a similarly simple login-click-click-click operation." Knaddison added that some Drupal hosting companies also offer more automated updates. The idea of automated CMS updates is one that is already being used by other projects. The open-source WordPress blogging and CMS platform introduced automatic updates for security issues starting with the WordPress 3.7 release in October 2013. Speaking about Drupal in particular, Knaddison noted that there's a risk to automated update systems in that they require configurations of the Webserver that put the system at risk in other situations. "Given that trade-off, there has always been lukewarm support for the idea of in-site and/or automated upgrades within the Drupal community," he said. Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.
Increasing evidence suggests that the time between the public disclosure of a security flaw and its widespread exploitation is shrinking. Recent incidents have highlighted that attackers are quickly turning public vulnerability information into exploits, leaving defenders with a shrinking window in which to patch software flaws. On Oct. 29, the security team for the popular content management system, Drupal, warned users that a SQL injection vulnerability disclosed on Oct. 15 was exploited so quickly that sites that haven't patched the flaw should assume that they are compromised. In early October, security firms warned that multiple attackers had begun using a previously unknown vulnerability in Windows first exploited in the so-called "Sandworm" campaign. The Sandworm vulnerability is expected to make its way into exploit kits and become more widely used. "Once the attack becomes well-known and publicized, then a lot of other groups start to look at it, and people who are selling exploit kits add it to their kits, and then everyone who buys the kits will be able to use it," Kevin Haley, director of Symantec Security Response, told eWEEK. While many vulnerability researchers have noted the seeming relationship between the disclosure and exploitation of vulnerabilities, the link has only occasionally been studied. In a paper published in 2012, Symantec researchers found that, soon after details of a zero-day vulnerability were disclosed to the public, the number of attacks using that security flaw skyrocketed—in some cases by a factor of 100,000. The researchers concluded that "the disclosure of zero-day vulnerabilities causes a significant risk for end-users." In a study of the vulnerabilities used in the Stuxnet cyber-attack on Iran's nuclear capability, researchers from Lancope and Microsoft found a similar relationship. A zero-day vulnerability in the handling of icons, known also as LNK files, used by Stuxnet made its way into a number of other attacks, according to a 2013 paper published in the Virus Bulletin. "Attackers are attracted to vulnerabilities that have successfully been used by other attackers," Microsoft's Holly Stewart and Lancope's Tom Cross wrote in the paper. "The knowledge that a particular vulnerability exists and has been targeted 'in the field' can indicate to attackers that it is worth their time and effort to investigate that vulnerability and reproduce a functional exploit or integrate a public one into their toolkit." While remotely exploitable attacks, such as the recent flaw in Drupal and the ShellShock vulnerability in the Bash shell popular on Linux and Unix systems, are the most popular attacks, file-based exploitation of common applications—such as Microsoft's Office, Oracle's Java or Adobe's Acrobat—also continues to be a major threat. The problem is not easily solved. Some security professionals prioritize patches based on the probability of the underlying vulnerability's exploitation. Other experts deploy software that can block malicious code, known as a virtual patch, to prevent exploitation until administrators have a chance to upgrade vulnerable software. Yet, it will always be a race between attackers and defenders, Symantec's Haley said. "The exploit-kit guys compete on having the newest exploits first," he said. "It's a competition to get the latest techniques in their software."  
Respondents to a Pew Internet study say a major cyber-attack by 2025 is likely. Security experts have ideas on how the risk might be mitigated. A majority of industry experts foresee a major cyber-attack by 2025 that will cause harm, according to the findings of a new study from the Pew Internet and American Life Project. The study, based on a poll of 1,642 experts in technology and other fields, found that 61 percent indicated they expect a major cyber-attack that would cause "widespread harm to a nation's security and capacity to defend itself and its people." The report also cited a number of key themes among respondents—for example, the fact that cyber-attacks are already happening, including infrastructure attacks like Stuxnet, which targeted Iran's nuclear program. While the Pew report warns that respondents anticipate an attack, security experts eWEEK contacted didn't necessarily think that all is bad in the state of online security. The Pew Research Survey raises some genuine concerns, Mike Fey, executive vice president, general manager of corporate products and CTO at Intel Security, told eWEEK. However, while a large attack is likely, there is a lot of work in the threat detection and threat intelligence sharing spaces, within and across industries, to hold these attacks at bay and minimize damage, Fey added.  "Like all the technology systems we rely on every day—the airline system, the electric grid—our electronic banking networks are very safe, and our industry is continuing to innovate to make them even safer," Fey said. Risks J.J. Thompson, CEO and managing director of Rook Security, does not think that the risk of a major cyber-attack by 2025 is like the folk tale of Chicken Little, who thinks that the sky is falling. "We are moving toward a connected world through not only the Internet of things, but through critical infrastructure," Thompson said. "In the absence of adequate security controls, the results can be catastrophic." Marc Maiffret, CTO of BeyondTrust, said that cyber-attacks are now likely part of normal military operations. "So yes, one should assume that if there is a major war between now and 2025 that the style of attacks will be a component of war just as any ground or air capabilities," Maiffret said. Although there is risk, there has also been much progress made to improve the security of systems, he added, pointing out that the popular attack surface of the last 10 to 15 years—Windows desktops and servers—has become increasingly hardened as Microsoft and other technology companies continue to pour a large amount of resources into protecting their ecosystems. The emerging Internet of things world, however, hasn't yet reached that level of security maturity. "I think the Internet of things world needs a major wake-up call, and in fact, it will probably be a major attack that is the wake-up call, but hopefully, that is more of a computer worm or mass infection-style attack, which ultimately can be more annoying than devastating," Maiffret said. Overall though, when it comes to limiting the risk of whatever cyber-attack may or may not occur by 2025 and whatever the attack vector is, collaboration and continued vigilance are the keys to defense. "Organizations are increasingly good at repelling low-level cyber-incursions against governments and private interests, and increasingly quick to address newly discovered vulnerabilities," Fey said. "Governments are learning a great deal from observing each other's cyber-practices and developing capabilities in cooperation, sharing lessons learned and training together." Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.  
Respondents to a Pew Internet study say a major cyber-attack by 2025 is likely. Security experts have ideas on how the risk might be mitigated. A majority of industry experts foresee a major cyber-attack by 2025 that will cause harm, according to the findings of a new study from the Pew Internet and American Life Project. The study, based on a poll of 1,642 experts in technology and other fields, found that 61 percent indicated they expect a major cyber-attack that would cause "widespread harm to a nation's security and capacity to defend itself and its people." The report also cited a number of key themes among respondents—for example, the fact that cyber-attacks are already happening, including infrastructure attacks like Stuxnet, which targeted Iran's nuclear program. While the Pew report warns that respondents anticipate an attack, security experts eWEEK contacted didn't necessarily think that all is bad in the state of online security. The Pew Research Survey raises some genuine concerns, Mike Fey, executive vice president, general manager of corporate products and CTO at Intel Security, told eWEEK. However, while a large attack is likely, there is a lot of work in the threat detection and threat intelligence sharing spaces, within and across industries, to hold these attacks at bay and minimize damage, Fey added.  "Like all the technology systems we rely on every day—the airline system, the electric grid—our electronic banking networks are very safe, and our industry is continuing to innovate to make them even safer," Fey said. Risks J.J. Thompson, CEO and managing director of Rook Security, does not think that the risk of a major cyber-attack by 2025 is like the folk tale of Chicken Little, who thinks that the sky is falling. "We are moving toward a connected world through not only the Internet of things, but through critical infrastructure," Thompson said. "In the absence of adequate security controls, the results can be catastrophic." Marc Maiffret, CTO of BeyondTrust, said that cyber-attacks are now likely part of normal military operations. "So yes, one should assume that if there is a major war between now and 2025 that the style of attacks will be a component of war just as any ground or air capabilities," Maiffret said. Although there is risk, there has also been much progress made to improve the security of systems, he added, pointing out that the popular attack surface of the last 10 to 15 years—Windows desktops and servers—has become increasingly hardened as Microsoft and other technology companies continue to pour a large amount of resources into protecting their ecosystems. The emerging Internet of things world, however, hasn't yet reached that level of security maturity. "I think the Internet of things world needs a major wake-up call, and in fact, it will probably be a major attack that is the wake-up call, but hopefully, that is more of a computer worm or mass infection-style attack, which ultimately can be more annoying than devastating," Maiffret said. Overall though, when it comes to limiting the risk of whatever cyber-attack may or may not occur by 2025 and whatever the attack vector is, collaboration and continued vigilance are the keys to defense. "Organizations are increasingly good at repelling low-level cyber-incursions against governments and private interests, and increasingly quick to address newly discovered vulnerabilities," Fey said. "Governments are learning a great deal from observing each other's cyber-practices and developing capabilities in cooperation, sharing lessons learned and training together." Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.  
Verizon is adding cyber-security tools from FireEye to its managed services portfolio to help enterprises maintain data and network security. Verizon is adding services from security vendor FireEye to its Verizon Enterprise Solutions offerings to provide increased cyber-security options to enterprises that want to better protect their data and IT systems. The two companies announced the addition of the FireEye advanced threat protection capabilities Oct. 29.  FireEye provides a virtual machine-based security platform that provides enterprise-class, real-time threat protection against a wide array of existing and still-developing cyber-attacks, according to the company. FireEye's Mobile Threat Prevention (MTP) platform provides real-time, dynamic threat protection without using signatures. The new fee-based services, which will be offered jointly by the two companies, will be available to enterprise users running Android or iOS devices beginning in the first quarter of 2015, according to the announcement. "From working with thousands of clients around the globe we know there's a need to update not only the security technology but how we think about combating today's ever-evolving threat landscape," Kathie Miley, executive director of global security solutions for Verizon Enterprise Solutions, said in a statement. "By teaming with FireEye, we're able to offer clients the technology for detecting advanced threats, as well as the intelligence to provide our customers with the insight into the nature of an attack and a path to remediate before a threat becomes significant." FireEye's MTP services are designed to provide near-real-time visibility into threats on mobile devices, which through the partnership will let Verizon clients gain enterprise-wide views into the security of their mobile device operations, according to the companies. The MTP system collects threat data intelligence through millions of FireEye virtual machines that are installed worldwide to help provide the latest threat information, the companies said. "This intelligence will enable security teams to identify, block and provide context around the nature of an attack and potential attack groups to inform a more strategic response and remediation strategy," according to Verizon. FireEye's monitoring tools allow enterprises to see where attacks originate, gauge the potential intent of the attackers and learn if attacks of all types have ever been seen before, as well as providing information on how such attacks can be prevented in the future, the companies said. Under the new services, Verizon security analysts will then correlate the FireEye-spotted events with system-wide security alerts to enhance the threat-detection process and help enterprises increase their protection. Verizon often works to increase its enterprise cyber-security product offerings for business customers. In June, Verizon expanded a partnership with virtualization and cloud infrastructure vendor VMware to include mobile security and enterprise mobility management (EMM) services, including an EMM platform, combined with endpoint security, telecom analytics and desktop virtualization. In April, Verizon's annual Data Breach Investigations Report (DBIR) concluded that cyber-attacks nowadays often differ widely and can vary in intensity and targets based on specific industry sectors. The 2014 DBIR received data from 63,437 security incidents of which 1,367 were confirmed data breaches. The attacks come through nine basic attack patterns that vary across industries, including point-of-sale (POS) intrusions, Web application attacks, insider misuse, theft and loss, miscellaneous errors, crimeware, payment-card skimmers, denial-of-service attacks and cyber-espionage. For example, in the accommodation industry, 75 percent of all attacks came from POS intrusion. In contrast, when it comes to the health care industry, theft and loss was the top attack pattern, representing 46 percent of all data breaches. In the financial services industry, Web application attacks represented 27 percent of all data breaches, and only 3 percent of breaches were the result of theft or loss. The 2014 DBIR found 198 total incidents during 2013 of POS-related data breaches, with the top affected industries being food services and retail.
The annual SecTor conference in Toronto has emerged as one of the larger security conferences in North America. This year's event covered a mix of topics, including management practices, security fundamentals and more involved technical discussions on ...
IBM's new i2 Enterprise Insight Analysis (EIA) solution put IBM's considerable analytics muscle to work fighting cybercrime. LAS VEGAS--IBM has announced new high-speed analysis and criminal investigation software designed to uncover hidden criminal threats buried deep inside massive volumes of disparate corporate data. The software, IBM i2 Enterprise Insight Analysis (EIA), can find non-obvious relationships masked within hundreds of terabytes of data and trillions of objects in just seconds, IBM said. By fusing together these multiple data sources, organizations can gain complete visibility into threats across the enterprise, giving companies the ability to transform how they protect themselves from increasingly sophisticated attacks. IBM announced the new software at its IBM Insight 2014 conference here. Organizations across industries face endless threats from cybercrime and other criminals in pursuit of private customer information, employee records, financial data and intellectual property. The Center for Strategic and International Studies (CSIS) estimates that cybercrime costs the global economy $445 billion each year. The proliferation of connected devices and machines – from mobile phones to smart cars to remote oil rigs – only compounds the problem by opening new avenues for criminals to penetrate the enterprise. Operating at high speeds and massive scale, i2 Enterprise Insight Analysis accelerates the data-to-decision process by uncovering new insights into criminal threats against the enterprise that intelligence and security analysts might otherwise not have realized for days, weeks or months later. EIA analyzes huge amounts of disparate data to discover weak-signal relationships that reveal the true nature and source of an attack. The solution unravels these hidden connections that can be divided by as many as six degrees of separation between disparate sources – from corporate records and social media chatter to data accessed by remote sensors and third-party applications. As developments unfold, EIA provides always-on recommendations that proactively alert analysts to new related abnormalities at the speed of attack. “The IBM solutions and services announced at Insight show the company moving rapidly toward what might be called 'personalized’ analytics solutions capable of parsing massive amounts of data down to the level of individual transactions and deriving insights and value from that information,” said Charles King, principal analyst with Pund-IT. “The company's new i2 Enterprise Insight Analysis technology is a prime example of that approach and demonstrates how the company plans to address one of the most pressing IT issues of our time - spiraling cybercrime - in ways that should help make the enterprises and individual consumers targeted by cyber criminals considerably more secure.” For example, consider a national retailer that has not yet realized hundreds of its customers’ credit card account numbers have been stolen and sold on the black market. Any illegal transactions can be easily lost in the noise of typical day-to-day activity – such as a transaction denial, a billing dispute or multiple purchases at the same store. But when connected together, EIA can immediately spot commonalities that reveal the specific store branches that were breached. This insight allows the retailer to take action before millions of accounts are compromised and any significant damage is done, IBM said. “Organizations can’t afford to take a reactive approach to cyber defense, nor can they do it alone. The speed of threat is too great, and today’s attackers are far more technically advanced, proficient and organized than ever,” said Maria Vello, president and CEO of The National Cyber-Forensics & Training Alliance (NCFTA), a non-profit role model organization for collaboration, information and resource sharing between public and private organizations in the fight against cybercrime, in a statement. “Threat analysts and investigators need the ability to look at every possible data set and relationship – no matter how distant or unrelated they may seem – and be able to make key associations and correlations in seconds. The new IBM i2 offering is an impressive tool in its ability to quickly analyze these massive data sets in near real time to paint a complete picture of the threat.” Built on IBM Power Systems, IBM i2 Enterprise Insight Analysis can complement existing security or fraud solutions. “While most organizations understand how big data can help prevent the ever increasing threat of cybercrime, they are so overwhelmed by massive data volumes that they can’t act fast enough to turn it into meaningful intelligence to stop criminals,” said Bob Griffin, general manager of i2, Threat and Counter Fraud at IBM, in a statement. “With IBM i2 Enterprise Insight Analysis, we’ve changed the ability of investigators to find that illusive needle in a haystack that helps them detect a cyber attack. This provides any organization with always-on analytics that turns massive amounts of data into real-time insights in a way that simply wasn’t possible before.”