RSA 2006 Day-1

The most noticeable trends I observed today at the Exhibition centre was Apple iPod giveaways and NAC appliances. And of course over 400 exhibitors and 14,000 conference attendees.

The keynotes were delivered by Bill Gates, Art Coviello and Scott McNealy. Gates took opportunity to demonstrate new security features in Vista and signalled the death of passwords as security measures. Nothing awe-inspiring from Microsoft, but perhaps a signal that their offerings were maturing. Art spent some time on the importance of digital identities and the role multi-factor authentication would play, whilst Scott spent a lot of humerous moments taking big digs at Microsoft.

The Cryptographers panel was interesting, most notably the announcement that serious RFID security vulnerabilities had just been exposed.

I attended the "Mobile device security" birds of feather and was surprised to see the extent of the hassles people were having with smartphones and portable devices wreaking security angst in their environments. The Palm Treo was fingered as the main culprit whilst RIM was pointed out for its security and control provided for the mobile workforce.

The exhibition hall was packed and it will probably take me a few days to trawl through everything but the stands that stood out for me today were Microsoft and of course Cisco. Every man and his dog was demonstrating NAC and/or NAP compatibility and/or gear and this market is sure to boom this year.

I sat through an entertaining "Economics of Security" by Bruce Schneir and "Hot topics in information security law" by the Amercian Bar Society as well as "Voice over IP security". I must have chosen well as these sessions were packed with standing room only.

In the evening some of my team were treated to a great dinner and excellent conversation by some Nokia execs.

CATEGORIES : 1rsa 2006, 1event commentary

SEM enters mainstream in 2006

Faced with regulatory compliance requirements and grueling audits, network managers are turning increasingly to security event management systems (SEM) to detect when policies have been breached.

SEM products - from e-Security, Network Intelligence, ScriptLogic, TriGeo and others - have data aggregation and event correlation features similar to those in network management software. These products automate the manual process of collecting event-log data from file systems, security appliances and other network devices such as firewalls, proxy servers, intrusion-detection systems, routers and switches, and anti-virus software. With upgraded releases, the vendors are separately augmenting their suites with advanced reporting, additional storage capacity and new form factors to enable smaller customers to roll out SEM tools.

"The learning curve for security management tools is so steep that these vendors will have to continue to broaden their reach with security controls and IT policies," says George Hamilton, director of enterprise computing and networking at The Yankee Group. Industry watchers speculate that SEM vendors and the IT duties the software performs will be absorbed eventually by larger management and security vendors - for example, IBM acquired Micromuse, which had earlier acquired GuardedNet. They also say that for the time being, specialized SEM vendors offer a much-needed technology. "Everyone is suffering from compliance fatigue right now, and it's driving SEM purchases, because people have the budget to address that immediate concern," Hamilton says.

CATEGORIES : 1sem, 1trends, 1compliance

NAC confusion reigns

Security products that perform health checks on desktop and laptop computers will be in abundance at this week's RSA Conference. But industry leaders Cisco Systems and Microsoft remain mum about a long-promised integration of their dominant network access control architectures, leaving IT managers wondering whether to go with one of the solutions that is already available or wait for an integrated offering that may never come.

Security industry mainstays and startups alike will unveil new NAC products and show off updates at the RSA Conference in San Jose, Calif. The show could serve as a launching point for rapid adoption of endpoint security products by enterprises in the coming year, experts say.Executives at Cisco and Microsoft still have little to say about how their endpoint security architectures will work together, almost 14 months after they pledged to cooperate.

"Everybody's heads are down, and we're working on collaboration," said Mike Schutz, group product manager in Microsoft's Security and Access Product Management group in Redmond, Wash. "Both companies feel like we're on track, but there's nothing new to report." In an interview with eWEEK, Jayshree Ullal, Cisco's senior vice president of Data Center, Switching, Security Technology and Application Networking Services, said the company had done internal testing of NAC technology with Microsoft and agreed to use a single client and the 802.11x protocol for policy enforcement. Beyond that, Cisco will wait until Vista ships to announce more plans, he said.

In the meantime, a slew of companies have jumped into the void created by Cisco and Microsoft and plan to use the stage at RSA to highlight their wares.
Most notably, the Trusted Computing Group plans to demonstrate new capabilities for its standards-based NAC architecture, called TNC (Trusted Network Connect), at RSA, said Brian Berger, marketing chairman of TCG, in Portland, Ore.

CATEGORIES : 1rsa2006, 1nac, 1endpoint security

Retailer in massive breach

A data security breach involving an undisclosed California retail company has prompted Bank of America to cancel the debit cards of numerous customers, a spokesman for the US' largest bank said on Tuesday.

Investigators have traced a recent rash of fraudulent debit-card transactions across the globe to the theft of as many as 200,000 debit records from an office-supply store in California, according to media reports. Both Washington Mutual and the Bank of America have canceled customers' debit cards because of the breach, but neither bank has disclosed the name of the retailer, except to say it is a big-box store, the reports stated.

CATEGORIES : 1breach, 1victims, 1id theft

French bank accounts hit by Russian virus gangs

Russian criminal gangs have used sophisticated virus programs to steal more than £600,000 from personal bank accounts across France.

The fraud was uncovered after police arrested a dozen Russian gang members and several Ukrainians in Moscow and St Petersburg, according to a report in the Guardian. Victims lost money after their computers became infected with a “sleeper virus" when they opened infected e-mails or visited infected web sites.

According to French police, the virus lies dormant until the user contacts their online bank. This activates the virus to record passwords and bank codes and forward the crucial data to the criminals. The gangs used the details to transfer funds to “mules” who allow the money to pass through their accounts in return for a commission of between 5% and 10%.

CATEGORIES : 1hack, 1idtheft, 1spyware, 1arrests, 1cybercrime

RSA Conference 2006

The security industry converges at the annual RSA Conference this week, an event that's moved far beyond its origins as a get-together for cryptogeeks and other insiders. Though still organized by RSA Security, a company with its roots in cryptography, the confab has developed into a showcase for security companies and an annual gathering for IT professionals. This year is the 15th anniversary of the event with over 275 exhibitors and several thousand attendees in San Jose.

I will be attending this event with six of Dimension Data's security practice leads and my global team. We are actually staying for a week after RSA to meet with vendor executives and of course hammer out our own course for 2006.

I will create a RSA 2006 landing page where I will collate posts of interesting observations I make during our two week stay

CATEGORIES : 1conference, 1rsa conference 2006

Virus Delays Stock Trading in Russia

MOSCOW - Trading was suspended for an hour at Russia's main stock exchange because of a computer virus, officials said Friday. Data processing at the Russian Trading Systems, or RTS, was paralyzed late Thursday as specialists rushed to localize the virus and switch off the infected computer, according to the exchange. No permanent damage was caused and no information was lost.

According to RTS vice president Dmitry Shatskoi, the virus entered the system via an Internet-connected computer used to test new software. "The infected computer began generating parasitic traffic in very large quantities that led to an overload of the RTS network's base routers," Shatskoi said in the statement. "As a result, the useful traffic — the data entering the system and leaving it — was not processed."

CATEGORIES : 1virus, 1victim, 1hack

Cartoon : Security Surge

Categories : 1cartoon

Cisco to grab broader security role

Interesting detailed article about Cisco's current status and plans for security. I will make a short summary here of interesting stats and quotes:

At next week's RSA Conference (thankfully I will be there with 12 of my team) Cisco plans to debut major security products to help bolster its already strong security portfolio. Security is categorized as one of the vendor's six Advanced Technologies and already brings in approximately $2 billion per year in revenue, though routing and switching still account for more than 60% of Cisco's revenue. The company has 1,500 engineers working solely on security products.

The company leads in worldwide sales and shipments for most major security product categories, including VPN equipment and appliances, firewalls, and IPS and IDS, according to Infonetics Research. (But its total share in any of these markets is less than 40%; a vast difference from its core routing and switching markets, where it holds 70% to 80% market share).

Through a series of acquisitions over the last two years, Cisco has spent over a half-billion dollars enhancing its product portfolio to address security in almost every area of a network. Before Cisco gets too far into next-generation security technology, some users of its products say there's plenty to improve upon in its current lines. Three areas in which Cisco security gear needs to improve are "integration, integration, integration," according to some quoted customers.

While Cisco tries to make advances on the security products front, it is kept busy by the growing number of reported hackable flaws and vulnerabilities in the very security products it pitches. The company has released eight new or updated product security advisories so far in 2006, affecting products ranging from its VPN 3000 and MARS to VoIP gear and IOS software. The Yankee Group quotes : "But while Cisco's strength is their installed base, it's their weakness regarding vulnerabilities. There are far more people that are going to try and hack into a Cisco router than" other" network products. "

Making it easier for users to quickly change, patch or fix flawed gear is another area in which Cisco could improve. "Cisco also needs to do a better job of educating customers on best practices for security on their devices,". "They have to come up with better configuration management tools and best practices to make sure that vulnerabilities are minimized."

In the emerging areas - such as SSL and IPS - Cisco is never going to be the industry trendsetter. Cisco can't maintain product leadership across all categories in all moments in time. Products from pure-security vendors such as Arbor Networks, Check Point, Cybershield, Internet Security Systems and Sourcefire are still held in higher esteem by some network security aficionados and experts than infrastructure-based offerings from Cisco and its ilk. Part of the reason Cisco will never dominate security the way it does routing and switching is that security technology is constantly evolving, observers say.

CATEGORIES : 1vendor analysis, 1ciscogate, 1vendor

Hidden risks show up in normal business processes

Incidents such as the data security breach disclosed last week by The Boston Globe and the Worcester Telegram & Gazette—which inadvertently attached the credit card numbers of more than 200,000 subscribers to newspaper bundles—highlight the unexpected ways in which sensitive information can leak out of companies.

The data exposure by the two newspapers hammered home yet again the need for businesses to implement comprehensive policies for securing their information assets and then apply the appropriate controls to mitigate the risk of accidental compromises, according to security analysts. IT and security managers need to start thinking beyond network and system defenses.

The Globe and the Telegram & Gazette, a sister publication in Worcester, Mass., announced that discarded internal reports containing the full credit card numbers of as many as 240,000 subscribers were reused to produce more than 9,000 routing slips for bundles of the Jan. 29 Worcester Sunday Telegram. The bank-routing information of about 1,100 Telegram & Gazette subscribers who pay by check may also have been exposed when the newspaper bundles were sent to retailers and carriers.

CATEGORIES : 1disclosure, 1victim, 1best practices

IBM Security Predictions 2006

More from the predictions 2006 department. IBM recorded more than 1 billion suspicious computer security events in 2005, despite a leveling off in the amount of spam e-mail and a decrease in major Internet worm and virus outbreaks.

Enterprises should expect to see the same level of malicious traffic in 2006, even as online criminal groups shift to stealth attacks and cyber-extortion instead of massive, global malicious code attacks, said David Mackey, director of security intelligence at IBM. The Armonk, New York, company has released its IBM Security Threats and Attack Trends report for 2005.

The report details the top threats of the last year, and makes predictions about prevalent security trends in 2006. Here is what they predict:

1. Windows holes will continue to be a top security concern in 2006, even though Windows XP Service Pack 2 has made it more difficult to launch massive, automated attacks on that system.
2. Online criminals will increasingly use focused stealth attacks on organizations and individuals. Cyber-extortion using threats of DoS (denial of service) attacks or the disclosure of sensitive data will increasingly be used in 2006.
3. Botnets will continue to be the tool of choice for online criminals and criminal groups, though some may begin using instant messaging networks, rather than the popular IRC (Internet Relay Chat) protocol to control their minions.
4. Companies will also have to improve internal monitoring to catch insiders who are leaking confidential information or engaging in corporate espionage.
5. Wireless security threats are a major concern, as companies use the technology to empower mobile workers.
6. Users of Apple Computer Inc.'s OS X operating system will have to contend with more vulnerabilities and the potential for more attacks, as Apple shifts to the popular Intel chip platform for its Mac systems.
7. However, other much-hyped security trends are unlikely to break out in 2006, including attacks on VOIP (voice-over-IP) systems and on mobile devices, the report said.

In general, enterprises need to be vigilant and watch for low-level attacks, even when no major security threat is dominating headlines, Mackey said. "A lot of this stuff is under everybody's radar. It's a lot more concerning in that regard," he said.

CATEGORIES: 12006 predictions, 1predictions, 1ibm, 1report, 1trends

InfoSec 'top priority' for EU financial institutions

The growing threat from hackers, new regulations, reputation issues and the growing importance of direct channel self-service banking are pushing IT security to the very top of the corporate agenda for Western European financial institutions, new research has revealed.

According to the report from IDC company Financial Insights, banking and finance firms are increasingly finding that their IT security is coming under pressure from both external hackers and ever-tightening corporate regulations.

CATEGORIES: 1regulations, 1 compliance , 1banking, 1trends, 1report, 1idc

Average laptop has $1M data

The average laptop could contain data worth almost $1 million,
according to new research. A report released Friday 27th January by security-software company Symantec suggests that an ordinary notebook holds content valued at 550,000 pounds ($972,000), and that some could store as much as 5 million pounds--or $8.8 million--in commercially sensitive data and intellectual property.

The same research, commissioned by Symantec, shows that only 42% of companies automatically back up employees' e-mails, where much of this critical data is stored, and 45 percent leave it to the individual to do so. "It's alarming that executives have mobile devices containing data of such financial value and that very little is being done to protect the information on them."


The threat of stolen laptops is a real concern. About 50 percent of respondents to an FBI computer crime survey said their organization had suffered theft of a notebook or other mobile gear in 2005. On Wednesday, investment consultancy Ameriprise Financial, an offshoot of American Express, said the theft of a company laptop had exposed sensitive data of about 230,000 customers and advisers.

The message to businesses is clear, Symantec said: Ensure all data is backed up regularly and that laptops out on the road are thoroughly secure and don't unnecessarily contain sensitive data. "It is critical that businesses start looking beyond just the price of the hardware and recognize that they also need to invest in protecting the data stored on these machines," Armstrong said.

Past research in the U.K. suggests that as many as 10,000 laptops are left in the backs of British taxis each year and civil servants are among the worst offenders.

CATEGORIES : 1mobility, 1laptops, 1datatheft, 1best practices, 1research, 1survey

Thief nabs backup data on 365,000 patients

About 365,000 hospice and home health care patients in Oregon and
Washington are being notified about the theft of computer backup data
disks and tapes late last month that included personal information and
confidential medical records.

In an announcement on January 25th, Providence Home Services, a division
of Seattle-based Providence Health Systems, said the records and other
data were on several disks and tapes stolen from the car of a Providence employee at his home. The tapes and disks were taken home by the employee as part of a backup protocol that sent them off-site to protect them against loss from fires or other disasters. That practice, which was only used by the home health care division of the hospital system, has since been stopped.

CATEGORIES : 1data theft, 1privacy, 1id theft, 1victims