Author Archives: AdminDCS

  • 0

Kevin Mandia, CEO of FireEye, Speaks at DoDIIS17 About Cybersecurity

Category : FireEye

Kevin Mandia, CEO of FireEye, talks about Russia, China, Iran, North Korea and cyber security at at DoDIIS17


  • 0

Notes From DODIIS 2017: Talking Cyber Espionage and Insider Threat

Category : Forcepoint

Read on for a sneak peek into some of the Insider Threats insights I will be sharing at DoDIIS today as part of the “Industry Perspective on Cyber Espionage and Insider Threat” panel.

Insider threat is both a very old concept and a new one. The cyclical nature of technology concepts is constant, with only the players and methods changing. However, the instruments of data movement are getting smaller. In the past a person had to literally carry reams of paper out of the building to do the same kind of damage a person with a cell phone camera, cloud storage account, or a USB drive can today. Additionally, interconnections within the growing technology-enabled physical world and the infinitely connected web have allowed for more esoteric ways of information movement and access through the average smart home thermostat or wifi-enabled light bulb.

This newfound ability to deal damage in small packages has created a secondary issue: the accident. When data was big, taking the form of paper, floppy disks, or CD-ROMs, it took physical media or a lot of upload time to cause widespread harm. Again, this isn’t a concept any reasonable security practitioner is unaware of. In fact, I’m counting on it. The issue is not that there is growing risk and the world is harsh place, or that people will forever try to gain an unfair edge, but the reality that the line between maliciousness and accidents is growing ever greyer.

The Grey Area between Accidents and Maliciousness

When exfiltration and infiltration methods were complex and incredibly risky (think Cold War spy tactics) an accident would be defined as taking a folder of documents home, leaving a laptop on a train or having your Blackberry stolen. Now it is as simple as an unnoticed incorrect autocomplete address in Outlook with a sensitive attachment, or a misunderstanding about sensitivity and upload to a cloud drive. A mistakenly clicked email about a fake password reset can risk a whole company, just ask a few retailers or Hollywood producers.

This creates several avenues of discussion mainly around training and awareness (do it), thoughtful and effective controls (get some), and security analysis and response (make it tougher). The issue with insider issues is that mindset is everything. The motivation and goal of the actor is what determines the real difference between a stern lecture, employment termination or law enforcement arrest. Did the person really mis-click that link in the email? Did they really not notice the other address? Actually, they probably didn’t notice and just thought they had to provide their password. Realistically, there are only a few real-life Jason Bourne or Ethan Hunt types in the world — and if those people were targeting you odds are you’d have little chance of stopping it.

We need to realize that people are people and not computers. If we approach insider threat analysis as a black and white issue like malware then we risk more than wasted time. If an analyst suspects a computer to be infected with malware, they can patch or re-image without a second thought. The computer won’t get offended or quit. But we all live in a world of greys, not black and white. The sooner we start to recognize that different tactics and analysis are needed to better assess activities to determine that mindset the better.

This isn’t about ignoring or discounting troubling events, it is about understanding context, asking questions and realizing that while we have machines learning how to identify malware patterns we just aren’t that good at people yet. A computer really can’t have good days and bad days, but people have every kind of day imaginable. Some end one day feeling like they need to take their traffic and coffee-fueled frustrations out on others and “get their due,” but go back home, have a Coke and a smile and then the next day is a bit brighter. Let’s look at insider threat as managing both the light and dark side of the human condition, and ensure that people are aware of the rules, we have good controls to help contain when they forget or break them, and analysis that isn’t based on “guilty before proven innocent.”

If you are in St. Louis attending DoDIIS today be sure to stop by Room 103 at 1:30 p.m. CT to hear more during the “Industry Perspective on Cyber Espionage and Insider Threat” panel.

Or, if you aren’t attending DoDIIS but would like to learn how you can “Operationalize a Practical Insider Threat Program” in your organization, view my webcast here.


Author: Brandon Swafford

  • 0

Gigamon IT Survey Highlights Lack of Visibility as a Leading Obstacle to Securing Enterprise and Hybrid Cloud Networks

Category : Gigamon

Over two thirds of IT decision-makers cite blind spots as a major obstacle to data protection

Gigamon, the industry leader in traffic visibility solutions, today announced the results of a commissioned survey, “Hide and Seek: Cybersecurity and the Cloud,” conducted by Vanson Bourne, an independent market research company. The survey polled information technology (IT) and security decision-makers in the U.S., the U.K., Germany and France about their cloud security preparedness and network visibility issues.

The results of this survey demonstrate that lack of visibility is leaving organizations struggling to identify network data and investigate suspicious network activity tied to malicious attacks. Sixty-seven percent of respondents cited network “blind spots” as a major obstacle to effective data protection while 50 percent of those, who do not have complete visibility of their network, reported that they lacked sufficient information to identify threats.

Survey findings pinpoint three root causes of data blindness that are posing network security risks:

  • The increasing speed and growth of network traffic stresses monitoring and security tools, which are not adept at handling large amounts of traffic. Seventy-two percent of respondents report that they have not scaled their monitoring and security infrastructure to meet the needs of increased data volume.
  • High value information is being migrated to the cloud, where visibility is limited and application data is not easily accessible. Eighty-four percent of respondents believe that cloud security is a concern holding their organization back from adopting the latest technologies. When asked what types of information they are moving to the cloud, 69 percent of respondents reported day-to-day work information and 56 percent cited critical and proprietary corporate information.
  • A large amount of network data remains hidden due to data and tools still being segmented by organizational boundaries. IT and security decision-makers are not able to quickly identify and address threats and security events. Seventy-eight percent of respondents report that because different network data is being utilized between NetOps and SecOps teams, there is no consistent way of accessing it nor understanding it. Forty-eight percent of respondents, who do not have complete visibility over their network, report they did not possess information on what is being encrypted in the network.

“Today’s attackers have the advantage as cybercrime is a thriving economy and attacks are focused on infiltrating the network and stealing important company information,” said Ananda Rajagopal, vice president of products at Gigamon. “It is imperative for enterprises to adopt a visibility platform that provides visibility and control of their network traffic, and one that’s integrated with their security tools to accelerate threat detection and improve efficiencies.”

The Gigamon Visibility Platform directly addresses network “blind spots” by offering:

  • The most scalable visibility platform with up to 800Gbps of processing capability per node and up to 25.6Tbps when clustered, to meet the latest demands of the network.
  • Cross-architecture deployments on premises, in remote offices and in the cloud to securely migrate high-value information to public clouds.
  • An end to siloed data and tools that are segmented. Monitoring and security tools access the same data, encrypted or not, so that network and security operators can consistently access and understand what matters.

Gigamon solves data blindness by providing security and network operations teams with the pervasive visibility and control to automate and accelerate threat detection for securing enterprises and hybrid clouds. Learn more about our Gigamon Visibility Platform and Gigamon Visibility Platform for AWS.

The independent survey was commissioned by Gigamon and administered by Vanson Bourne in May 2017. Respondents consisted of 500 IT and security decision-makers of organizations with over 1,000 employees. The regional representation of respondents includes 200 respondents in the U.S. and 100 respondents each in the U.K., France and Germany.

Additional Resources

  • Vanson Bourne survey overview page
  • “Hide and Seek: Cybersecurity and the Cloud” report presentation
  • “Hide and Seek: Cybersecurity and the Cloud” executive summary (U.S. results)
  • “Hide and Seek: Cybersecurity and the Cloud” executive summary (U.K. results)
  • “Leading Obstacle to Securing Enterprise and Hybrid Cloud Networks” instagraphic
  • Highlights of the Vanson Bourne survey blog


  • 0

Quantum Computing? Really?

Category : HP Security

We just had an interesting discussion here about quantum computing, quantum cryptography and post-quantum cryptographic algorithms. I’m afraid that I might have wasted a few people’s time with a rant about why I’m not impressed by the possibilities for quantum computing.

I started by noting my thoughts on how hard it is going to be to build a large-scale quantum computer. Keeping quantum coherence long enough to do significant calculations with quantum computers may turn out to be really hard. As in so hard that we’ll need to create a new level above NP-hard to describe how hard it is.

This thinking might be a bit out of date. I haven’t had a lab where I’ve had equipment that let me play with quantum effects for over 20 years. Things might have become much easier since then, but I still think that it’s going to turn out to be extremely hard to build large-scale quantum computers. Perhaps even impossible. If I had to bet, I’d bet on impossible.

But I also rambled on about why I think that quantum computers are incredibly sloppy because they might be able to accomplish so little with so much.

If you have a register comprising n classical bits, that register can hold any one of 2n possible values. If you replace those classical bits with quantum bits (qubits), that register can hold all possible 2nvalues at once. An eight-bit register can hold any one of 256 possible values, while a register of eight qubits can hold all 256 of them at once. A 64-bit register can hold any one of 264 possible values, while a register of 64 qubits can hold all 264 of those values at once.

If you’re going to use Shor’s algorithm to factor an n-bit RSA modulus, you roughly need a register comprising 2n qubits. Today, most RSA moduli are of the 2,048-bit variety, so to use Shor’s algorithm to factor one you’d need 4,096 qubits. That’s a lot. Those 4,096 qubits are holding 24,096 values at once. We have that 24,096 is about 101,233. In either form, that’s a very big number.

How big?

There are about 1080 atoms in the visible universe. You can get this number two ways. One involves a SWAG (Scientific-Sounding Guess) of the number of galaxies in the visible universe, the number of stars in the typical galaxy, the mass of a typical star, etc. Or you can derive the number from precise observations made by astronomers. The results are about the same.

I personally find this to be more than slightly annoying. It reminds me more than a little of when I used to work in finance, where we had roughly two types of analysts: quants and cowboys. The quants (like me) were generally introverts who favored their computers over people and who would spend weeks in dimly lit rooms carefully building mathematical models to use to value deals. The cowboys were generally extroverts who drank a lot and just used their intuition to value deals. Annoyingly, there seemed to be absolutely no difference in how well either type of analyst did. So in addition to learning a lot about finance in this particular job, I also learned that life isn’t even close to being fair.

In any event, if you had a quantum computer that holds way more states than the number of atoms in the visible universe, you could use it to crack a 2,048-bit RSA encryption key. You’d think that with that many states you could end hunger, cure cancer, reverse global warning and bring back the TV show Firefly. But you can’t. That’s why I’m not impressed.

End of rant.


Author: Luther Martin

  • 0

Cisco and IBM collaborate to increase security effectiveness

Category : Cisco

On May 30, 2017, Cisco and IBM Security announced a key relationship to address the rising tide of security threats and the need to respond rapidly. Cisco and IBM Security will work together to offer specific product integrations, a managed security service provider (MSSP) roadmap, and threat intelligence collaboration programs.

The relationship focuses on making security simpler and more effective and is a reflection of each company’s commitment to openness and interoperability. Together, Cisco and IBM are focused on reducing the time to detect and mitigate threats, giving you integrated tools to automate threat response with greater speed and accuracy.

What are the offerings?

Here’s a closer look at the three pillars of the relationship:

1. Product integrations

Both organizations are building integrations among the product portfolios. Cisco is building new apps for the IBM QRadar SIEM platform, which helps security teams understand and respond to advanced threats. A variety of Cisco® security solutionswill increase the effectiveness of IBM QRadar® over time, with data from networks, endpoints and the cloud. On the other hand, IBM is building extensions into Resilient and X-Force Exchange to include Cisco products and intelligence data.

The first three apps focus on integrations with Cisco Firepower® technologyCisco Threat Grid and Cisco Identity Services Engine (ISE), and will be available on the IBM Security App Exchange.

Meanwhile, IBM is building extensions into Resilient and X-Force Exchange to include Cisco products. Resilient and X-Force Exchange will be able to ingest Cisco Threat Grid content.

2. Services

The IBM End to End Outsourcing and Managed Security Services team is working with Cisco to deliver new services aimed at further reducing complexity. As enterprise customers manage their equipment on premise and in a datacenter, they are also looking to migrate their security infrastructure to public and private cloud providers. IBM Security will provide outsourcing and managed security services to support Cisco security platforms in leading public cloud services as well as legacy on premise and datacenter environments.

Cisco and IBM Security customers will be able to consume these solutions in a way that complements their existing architecture. Customers will be able to build and manage their own integration, working with a trusted channel partner common to both IBM and Cisco, as well as deploy a full turnkey managed solution supported by IBM Security Services.

3. X-Force and Talos research collaboration

We have also established a new relationship between the IBM X-Force and Cisco Talos security research teams, who now share threat intelligence research and coordinate around major cybersecurity incidents. Shared intelligence also means enhanced performance of security products, and richer outcomes such as reduced time to detect.

For example, Cisco and IBM threat research teams collaborated on defending against the WannaCry ransomware attack. IBM and Cisco researchers coordinated their actions and exchanged insights into how the malware was spreading. Afterward, they continued the joint investigation to provide clients and the industry with the most relevant information.

What’s new and what’s next?

Product integrations will become available in the coming weeks, starting with the Cisco Firepower NGIPS, NGFW and Threat Grid apps. The Cisco ISE app will follow in the late fall and additional apps will become available later in 2017 and beyond. We are excited that the IBM Security team is working closely with Cisco product teams, and we hope to highlight this collaboration in future promotions from both companies including blogs and webinars.

Another important announcement

Today, IBM announced its intention to stop selling its Intrusion Prevention System (IPS) solution, the IBM QRadar Network Security (XGS) product line. This decision will take effect on December 31, 2017. However, current customers will be supported for a full five years through December 31, 2022.

IBM’s decision was based on an analysis of market conditions, competitiveness, strategic fit and it also reflects IBM’s belief in the strength and value of our partnership. When IBM XGS customers look to refresh their network security defenses, IBM’s sales organizations will introduce Cisco’s Firepower NGIPS and Firepower NGFW solutions.

More information on the Cisco and IBM security alliance is coming soon.

Visit our Cisco Firepower page to learn more about Cisco’s industry leading NGIPS.


Author: Dov Yoran 

  • 0

The growing U.S. IT productivity gap

Category : Citrix

Productivity growth has slowed down despite our rising investment in IT. Learn the causes of the slowdown and how to close the gap and increase productivity.

Demo series

See how Citrix Workspace delivers an integrated digital workspace that’s streamlined for IT control and easily accessible for users.


  • 0

Locking Down the Remote Vendor Attack Pathway Through Privileged Account Security

Category : Cyber-Ark

Remote vendors are everywhere, and they’re not limited to help desk services, storage and application service providers or other IT-focused MSP’s. Let’s not forget about the other vendors a company typically works with – law firms, public relations firms, HVAC, trucking companies, supply chain vendors, services companies – the list goes on. Organizations both large and small grant third-party vendors with access to their network and applications as a necessary means to do business. However, in doing this, they also introduce a potential new pathway for cyber attacks.  This pathway can be especially vulnerable given that the security controls for third-party vendors are not typically held to the same standards as those followed internally by an organization.

Locking down privileged credentials for remote vendors is a critically important step in minimizing the attack surface. A recent report showed that 67 percent of organizations had experienced a data breach that somehow tied back to a third-party vendor. This is a clear indication that attackers continue to look at third parties as an easy way to gain a foothold into a network, move laterally, escalate privileges and eventually gain access to their target assets. Before engaging with third-party vendors, organizations should fully vet each one and consider the potential risks the vendor might introduce to their business.

Mitigating Risks Associated with Remote Vendors

The first step in mitigating risks associated with remote vendor access is an obvious one – identify all third parties that have access into your internal systems. This can represent a complex ecosystem for some organizations. The number of vendors given access to systems and applications continues to increase year-over-year widening the threat landscape for attacks – and somehow remote vendor access management is still not considered to be of high priority for many organizations. CyberArk has a free tool that discovers privileged user accounts and credentials provisioned by your organization as well as those created by third parties (that perhaps you didn’t even know existed).

Organizations should be able to safely provide their remote vendors with access to the resources they need without exposing any user credentials, and at the same time, without introducing too many hoops for them to jump through. Storing passwords, SSH keys and other associated credentials with your third-party privileged accounts in a single, secured vault is how you can provide the required level of access without burdening the end user. Keeping a close eye on all privileged activity within your environment is accomplished through session isolation, monitoring and recording.  Doing this both secures and assigns all internal and external users with a baseline-level of accountability. More importantly, by adding this separation layer between the end user and target systems, you enable your users to successfully complete their tasks without directly accessing critical systems. To the end user, everything appears to be totally normal, but if an attacker were to get into the network, they wouldn’t be able to move laterally across the environment or spread harmful malware to an organization’s systems.

Putting the Right Tools in Place

What about those regular and mundane manual tasks that can be inadvertently damaging to the business? Remember that recent public cloud outage where a routine debugging exercise went haywire leading to a six hour meltdown caused by one simple little typo? Automated privileged task management (both in the cloud and on-premises) safeguards your remote vendors and internal users alike by automating manual, sometimes critically sensitive privileged tasks while simultaneously improving workflow productivity. How would you respond to high-risk commands and tasks that can lead to a mix up like above example? With the right analytics tools in place, you can pre-define default, high-risk commands that are unique to your organization and automatically notify the necessary security teams to take action when those commands have been executed. Furthermore, these tools can help you to detect and even disrupt in-progress attacks through both heuristic and advanced behavioral-based threat detection capabilities.

The CyberArk Privileged Account Security Solution can help minimize the threat associated with third party vendor management. Controlling and auditing each vendor’s access can be resource-intensive, causing meaningful activities to get lost in the shuffle. Therefore, it’s recommended to start with the areas that have the highest risk, such as access, privileged access and critical assets. CyberArk enables organizations to securely lock down remote vendor access and put the necessary security controls in place to enable third parties to safely complete tasks.



  • 0

F5 on AWS: How MailControl Improved their Application Visibility and Security

Category : F5

Organizations like MailControl often discover they need to gain additional visibility into encrypted incoming and outgoing application traffic to detect potential threats or anomalies. F5 BIG-IP Virtual Edition (VE) on Amazon Web Services (AWS) delivers an advanced application delivery controller (ADC) that goes beyond balancing application loads, enabling inspection of inbound and outbound application traffic. Join our webinar with AWS to discover how F5 was able to help MailControl boost their visibility into the email traffic flowing through their application. By using virtualized F5 services on Amazon Web Services (AWS), the organization increased its application monitoring capabilities and improved security for its customers, while simultaneously automating processes to support its agile DevOps process.

Join us to Learn:

  • Best practices for implementing a full suite of application protection tools including WAF and DDoS to guard your valuable data
  • How to utilize enhanced identity and access management (IAM) policies to meet unique business needs
  • The importance of inspecting inbound and outbound application traffic for threats and anomalies
When: August 23, 2017 | 10 am PDT/1 pm EDT
Who Should Attend:

Technology Decision Makers, Cloud Architects, IT Managers, IT Security Professionals, Security Architects, Solutions Architects, Systems Engineers

AWS Speaker:  Matt Lewhess, Solution Architect

F5 Speaker:   Nathan McKay, Security Solution Engineer

Customer Speaker:  Corey Wagehoft, Director of Infrastructure, MailControl

  • 0

Interested in SD-WAN?

Category : Riverbed

Watch this video with SiliconANGLE to learn how to design and deploy distributed networks using Riverbed’s simple-to-use SD-WAN solution.

Riverbed’s acquisition of Xirrus expands their SD-WAN and cloud networking solution SteelConnect with a robust and proven suite of advanced, cloud-managed Wi-Fi solutions. In this SiliconAngle video episode — Extend SD-WAN to Wireless LAN — Riverbed shows us how easy and quick it is to provision, set up, monitor and optimize highly adaptive WiFI networks.

  • 0

How to Build Your Endpoint Security Blueprint

Category : Sentinel One

Date and time: August 23rd, 2017 at 10am PT | 1pm ET
Chris Sherman, Forrester Senior Security Analyst
Rajiv Raghunarayan, SentinelOne Vice President, Product Marketing
We’ve all heard of traditional endpoint models failing. And there is an overwhelming number of next generation technologies. As a customer how do you identify the right technology, the right approach to invest in?
Hear Guest Speaker Chris Sherman, Forrester Senior Security Analyst, and Rajiv Raghunarayan, SentinelOne VP of Product Marketing, talk about the top trends and approaches to safe guard your endpoints, users, and organization against the continued evolution of threat and business landscapes.  
Join the webinar to:
  • Understand the different approaches to endpoint security 
  • Select the best architectures for your business needs
  • Role of automation in powering your security strategy
  • The SentinelOne approach