Archive for the ‘security’ Category
You ever get one of those emails where there are two headlines that couldn’t have been more synchronous?
That’s what I got today in a Washington Post email newsletter:
“New malware is 20 times size of Stuxnet”
“Cybersecurity experts needed to meet growing demand”
Surely the Post newsletter editor at least chuckled when he put those two together.
I didn’t chuckle, however, when I started reading up on this new Internet security phenom.
Wired’s Threat Level blog led with this: “A massive, highly sophisticated piece of malware has been newly found infecting systems in Iran and elsewhere and is believed to be part of a well-coordinated, ongoing, state-run cyberespionage operation.”
Here was The New York Times lead on the story: The computers of high-ranking Iranian officials appear to have been penetrated by a data-mining virus called Flame, in what may be the most destructive cyberattack on Iran since the notorious Stuxnet virus, an Iranian cyberdefense organization confirmed on Thursday.
And, the Post led with: Researchers have identified a sophisticated new computer virus 20 times the size of Stuxnet, the malicious software the disabled centrifuges in an Iranian nuclear plant. But unlike Stuxnet, the new malware appears to be used solely for espionage.
The Post goes on to cite analysts who “suspect Israel and the United States, given the virus’s sophistication, among other things.”
Which is it, we need more cybersecurity experts in the U.S., or we’re the “nation-state” behind this latest cyber war virus?
Whatever the case, the BBC’s coverage included the following facts: Russian security firm Kaspersky Labs believed the malware had been operating since August 2010 and described Flame as “one of the most complex threats ever discovered.”
If you don’t remember Stuxnet, it was the alleged state-sponsored virus which wreaked havoc on Iran’s uranium centrifuges. This new malware, according to the BBC story, “appears not to cause physical damage,” but instead collects “huge amounts of sensitive information.”
Wired also adds to the story, reporting Flame was “written by different programmers, its complexity, the geographic scope of its infections and its behavior indicate strongly that a nation-state is behind Flame, rather than common cyber-criminals.”
Wired went on to report that “Early analysis of Flame by the Lab indicates that it’s designed primarily to spy on the users of infected computers and steal data from them, including documents, recorded conversations and keystrokes. It also opens a backdoor to infected systems to allow the attackers to tweak the toolkit and add new functionality.”
Yes, indeedy. According to Wired, one of the modules in Flame is “one that turns on the internal microphone of an infected machine to secretly record conversations that occur either over Skype or in the computer’s near vicinity.”
It also allegedly contains a module that turns “Bluetooth-enabled computers into a Bluetooth beacon,” scanning for other Bluetooth-enabled devices in order to “siphon names and phone numbers from their contacts folder.”
It can also store “frequent screenshots of activity on the machine,” screenshots that include everything from emeetings to instant messages, email….you get the picture. Literally.
I don’t know about you, but I sense a whole new genre of cyber espionage novels looming on the horizon.
I’m back from IBM Impact 2012…but my brain is still processing all the information I took in through all the interviews Scott and I conducted for ImpactTV and for all the sessions I attended…and I won’t mention all the cocktails in the evenings where I learned SO much from my industry peers.
I’ll be putting together a recap post of some of the major announcements, and I’ve still yet to transcribe my interview with Walter Isaacson, but first, I wanted to highlight an important new study from IBM on the security front.
For those of you who follow the Turbo blog, you know the issue of security (particularly cybersecurity) is one I take very seriously and that I follow closely, partially because of my longstanding interest in the topic, and partially because I recognize we live in an imperfect world using imperfect technology, created and used by imperfect humans.
But the promise and hope for security, fallible though it may sometimes be, is a worthy aspiration. There are ideas, assets, and often even lives at risk, and the more we move up the stack into an intellectual capital driven global economy, the more there is at stake and the more that will be needed to protect.
So, that’s a long way of saying expect to be hearing even more from me on this important topic.
Chief Security Officers: “We’ve Got Our CEO’s Attention”
To that end, now for the new information security study results. The new IBM study reveals a clear evolution in information security organizations and their leaders, with 25 percent of security chiefs surveyed shifting from a tech focus to one of a more strategic business leadership role.
In this first study of senior security executives, the IBM Center For Applied Insights interviewed more than 130 security leaders globally and discovered three types of leaders based on breach preparedness and overall security maturity.
Representing about a quarter of those interviewed, the “Influencer” senior security executives typically influenced business strategies of their firms and were more confident and prepared than their peers—the “Protectors” and “Responders.”
Overall, all security leaders today are under intense pressure, charged with protecting some of their firm’s most valuable assets – money, customer data, intellectual property and brand.
Nearly two-thirds of Chief Information Security Executives (CISOs) surveyed say their senior executives are paying more attention to security today than they were two years ago, with a series of high-profile hacking and data breaches convincing them of the key role that security has to play in the modern enterprise.
Emerging Security Issues: Mobile And A More Holistic Approach
More than half of respondents cited mobile security as a primary technology concern over the next two years. Nearly two-thirds of respondents expect information security spend to increase over the next two years and of those, 87 percent expect double-digit increases.
Rather than just reactively responding to security incidents, the CISO’s role is shifting more towards intelligent and holistic risk management– from fire-fighting to anticipating and mitigating fires before they start. Several characteristics emerged as notable features among the mature security practices of “Influencers” in a variety of organizations:
- Security seen as a business (versus technology) imperative: One of the chief attributes of a leading organization is having the attention of business leaders and their boards. Security is not an ad hoc topic, but rather a regular part of business discussions and, increasingly, the culture. In fact, 60 percent of the advanced organizations named security as a regular boardroom topic, compared to only 22 percent of the least advanced organizations. These leaders understand the need for more pervasive risk awareness – and are far more focused on enterprise-wide education, collaboration and communications. Forward-thinking security organizations are more likely to establish a security steering committee to encourage systemic approaches to security issues that span legal, business operations, finance, and human resources. Sixty-eight percent of advanced organizations had a risk committee, versus only 26percent in the least advanced group.
- Use of data-driven decision making and measurement: Leading organizations are twice as likely to use metrics to monitor progress, the assessment showed (59 percent v. 26 percent). Tracking user awareness, employee education, the ability to deal with future threats, and the integration of new technologies can help create a risk-aware culture. And automated monitoring of standardized metrics allows CISOs to dedicate more time to focusing on broader, more systemic risks.
- Shared budgetary responsibility with the C-suite: The assessment showed that within most organizations, CIOs typically have control over the information security budget. However, among highly ranked organizations, investment authority lies with business leaders more often. In the most advanced organizations, CEOs were just as likely as CIOs to be steering information security budgets. Lower ranking organizations often lacked a dedicated budget line item altogether, indicating a more tactical, fragmented approach to security. Seventy-one percent of advanced organizations had a dedicated security budget line item compared to 27 percent of the least mature group.
Recommendations to Evolve the Security Role in an Enterprise
To create a more confident and capable security organization, IBM recognizes that security leaders must construct an action plan based on their current capabilities and most pressing needs. The report offers prescriptive advice from its findings on how organizations can move forward based on their current maturity level.
For example, those “Responders” in the earliest stage of security maturity can move beyond their tactical focus by establishing a dedicated security leadership role (like a CISO); assembling a security and risk committee measuring progress; and automating routine security processes to devote more time and resources to security innovation.
About the Assessment
The IBM Center for Applied Insights study, “Finding a strategic voice: Insights from the 2012 IBM Chief Information Security Officer Assessment,” included organizations spanning a broad range of industries and seven countries.
During the first quarter of 2012, the Center conducted double-blind interviews with 138 senior business and IT executives responsible for information security in their enterprises. Nearly 20 percent of the respondents lead information security in enterprises with more than 10,000 employees; 55 percent are in enterprises with 1,000 to 9,999 employees.
Click here to access the full study.
Some veddy interesting news on the cybersecurity front has reared its ugly head the last couple days.
First, VMware confirmed via CRN yesterday that proprietary source code from its ESX server hypervisor (server virtualization software) had been posted online, but in a blog post about the incident, the director of VMware’s Security Response Center said the posted code was created sometime in 2003 and 2004.
That raises questions as to relevance, according to CRN, with VMware explaining that “the fact that it has been made public does not necessarily put VMware customers at risk.”
Yet given the large number of providers that run vSphere, it could have “a broad and widespread impact.”
Here’s the blog post from VMware — for those potentially impacted, one to keep an eye on.
This just as the Obama Administration comes out against the current House cybersecurity bill entitled the “Cyber Intelligence Sharing and Protection Act,” or “CISPA,” a law proposed last November by U.S. Rep. Michael Rogers (R-MI) and 111 co-sponsors that would allow the voluntary sharing of attack and threat information between the U.S. Government and security cleared technology and manufacturing companies to try and ensure the security of networks against patterns of attack.
CISPA was reported out of committee on December 1, 2011, but has yet to be debated or brought to a vote.
The Electronic Frontier Foundation has also come out against the bill, concerned that the bill’s broad warnings would leave little protection for individual consumers and not provide effective judicial oversight for the types of monitoring the bill would allow.
If, in the meantime, you’re looking for some industry thought leadership on the topic of security, IBM’s own Marc Van Zadelhoff, the director of strategy for IBM’s still relatively new Security Solutions Division, look no further than this podcast interview (MP3, 17:45 minutes, 10.2 MB) where Marc provides extensive insight into IBM’s approach to security intelligence and compliance. You can also read a transcript here. (36.4KB, PDF)
How ironic that here I am at Pulse 2012, where we’re talking about Internet and other related security matters, and then this headline: EXCLUSIVE: Infamous international hacking group LulzSec brought down by own leader.
Apparently, law enforcement agents on two continents arrested five members of the infamous hacking group, Anonymous, early this morning. Furthermore, they were apparently acting on information and evidence gathered by the organization’s leader, who apparently had been cooperating with the government for months.
Anonymous and its various offshoots — LulzSec, AntiSec, etc. — Are believed to have caused billions of dollars of damage to the government, banks, and corporations around the world.
The New York field office of the Federal Bureau of investigation released a press statement which indicated that five computer hackers in the United States and abroad were charged today, and six pled guilty, for computer hacking and other crimes.
The six hackers identified themselves as aligned with the group anonymous, which is a loose confederation of computer hackers and others, and/or offshoot groups related to Anonymous.
The now unsealed indictment revealed the perps were charged with hacks including of Fox Broadcasting Company, Sony Pictures Entertainment, and the Public Broadcasting Service. Included in the indictment were that of Hector Xavier Monsegur, aka “Sabu” and “Leon” and “Xavier DeLeon,” who pled guilty last August 15th to a 12-count information charging him with computer hacking conspiracies and other crimes, and who apparently has been cooperating with the government to bring several of the others to justice.
According to the New York Times’ coverage of the story, Mr. Monsegur ran his schemes out of a public housing project on the Lower East Side of Manhattan.
So was he the head of the Anonymous snake? Now that the indictments are out, I suspect we’ll be finding out very, very soon.
This morning’s keynote session at Pulse 2012 keyed in on several key themes critical to managing the world’s infrastructure. Opening musical act, Naturally Seven, lent their own seven cents, explaining through song and human-voice driven instruments that “I Built This Wall Around Me, I Built this Wall From The Ground, See.”
There’s a whole lot of building from the ground up that’s been going on with respect to some of the key areas the Tivoli portfolio focuses on. And IBM Tivoli customer Wellpoint joined the stage to discuss some of those changes in the healthcare industry.
George Zaruba, VP for Tech Strategy there, explained that Wellpoint is one of the U.S.’ largest healthcare benefits companies, with some 37,700 associates. Major industry shifts are requiring Wellpoint to reinvent itself and in its relationship with the end customer, and to be able to deliver services in ways its customers are used to and comfortable with. “Our delivery model needs to be secure and stable and reach users across a myriad of devices and platforms,” he explained.
Which means infrastructure needs to be everywhere, and which will allow Wellpoint to manage the effectiveness of their customers’ experience.
That’s why infrastructure needs to be everywhere, to have full visibility into core services. Zaruba explained “We’ve achieved this over the past several years with ITIL management and best practices, and virtualization of storage and services.”
That also led Wellpoint to its partnership with IBM Watson, which Wellpoint is currently working on as the first industry deployment of that important technology to “find the best answers to some very tough medical questions.”
Next up, IBM VP Scott Hebner joined the stage and explained there are “8,000 of you from 79 different countries.”
That’s some Pulse!
Hebner explained IBM is “obsessed about learning from our clients, and this conference is a reflection of our obsession, which focuses on real-world experiences and bottom line results.”
Hebner explained the opportunities are vast and unprecedented, and yet “the opportunity highway has ditches on both sides of the road.” The implication being, try and stay out of the ditch!
Hebner shared some factoids: 80% of CEOs surveyed by IBM anticipate turbulent changes and bold moves, and 64% of CIOs work as senior business execs in their orgs to drive innovation.
And yet, still, there’s a 3X gap increase between the desired needs and the actual outcomes.
Red meat to this gathering of IT gurus, Hebner also explained jobs related to technology are forecasted to be the fastest growing segment through 2018, with cloud jobs increasing 60%, and mobility, 50%.
But, the planet on which we operate is rapidly changing thanks to the proliferation of lower-cost technologies. People, systems, and objects can interact with one another in entirely new ways, and that creates new opportunities and expectations.
Infrastructure is now everywhere, he explained, across every industry. Where does my business infrastructure begin and end these days? How do I turn this new reality into an advantage.
Business without limits, is what Hebner explained this as. The smarter approach turns data into insights in real time, at the point of interaction — it must, as we can now instrument everything, from the devices in the home to the processes themselves, giving us millions of data points.
To help explain this opportunity, IBM senior VP Robert Leblanc joined the stage and suggested there’s no escaping all this change, and that technology was a key enabler, according the IBM CEO study stretching back to 2004. Beyond “market forces,” technology is considered a requirement by CEOs to enable their businesses to adapt to all this change.=
“How do you drive the speed that the business needs to adapt to its markets?” Leblanc inquired. The answer, simple to say, harder to do: Focus on fundamental business imperatives: 1) Build 2) Reinvent, 3) Uncover.
That is, create operating dexterity while creating new customer relationships and uncovering new profit streams.
Most clients want to reinvent around their customer relationships, Leblanc explained, and if you look back 25 years ago, those that lead the industries are different from the leaders today. The CEO is making it clear: I need change, and IT has to change with it.
Leblanc then shared some data as to what is driving an unprecedented shift in technology: Analytics, 83%. Followed by Mobility, 75%. And virtualization, 68%.
Insight. Everywhere. No matter where.
Implicit to all this, underlying concerns about security, and a focus on achieving all these desired business outcomes through “visibility,” “control,” and “automation.”
To have full visibility of the span of your infrastructure, you must have and assert control, and in order to be able to focus on new value added initiatives, you must automate the more mundane but critical capabilities.
Some examples, Leblanc explained: China Great Wall improved server utilization by 30%. BlueCrossBlueShield of North Carolina saved 5,000 hours of staff time by automating security processes. SunTrust improved productivity by automating 50% of manual processes.
Finally, it was Tivoli General Manager Danny Sabbah’s time to speak, and Danny explained how all of these changes and trends are re-orienting Tivoli customers’ outlooks and the things they specifically need to be focused on.
He explained that “our world is changing drastically whether we like it or not,” and that “simply put, we’re being forced to rethink the way we run our businesses.”
We find ourselves at the vortex of three dominant transformations taking place in IT: Mobility, Smarter phsyical infrastructures, and security.
Mobility, he explained, is nearly ubiquitous, and now accounts for 40% of the total number of devices accessing business applications.
We’re seeing embedded intelligence and resultant smarter physical infrastructures where previously passive devices are now equipped with sensors and RFID tags and other tracking capabilities. Companies are now building applications to exploit the data gathered from these smart devices to better understand and run their operations.
And thirdly, security threats have become an integral part of this much larger montage. The more embedded intelligence, the more mobility, the more ways we execute commerce, social collaboration, and so on. So, security must become part of everything we do.
This intersection, then, has spawned an even greater degree of complexity across business infrastructures, and the environment we find ourselves in has become more interconnected, moresusceptible to threats and even more difficult to manage.
Utilizing the power of cloud computing, IBM is tackling these issues head on with its customers. But if you want hype and marketing, Sabbah concluded, you’ll have to go somewhere else because “this conference is about solving real problems in the real world.”
If you’ve been concerned about the security of your corporate data with respect to the ever-burgeoning number of mobile devices, IBM may have a solution to your problem.
Increasingly, businesses want to provide employees the option of using a personal device as a way to reduce cost and allow them to work wherever or whenever they need to, but doing so requires diligence in protecting corporate data.
In this era of “Bring Your Own Device” (BYOD), with employees using their own mobile devices for business and personal activity, organizations are now tasked with supporting the new social, virtual, and mobile employee and the applications they access. With mobile threats on the rise, complex IT environments, security risks, maintaining policies, and helping companies control cost are top of mind concerns for many CIOs and security and risk professionals.
Today, IBM unveiled a new service to help businesses secure the exploding number of mobile devices with access to corporate data, the IBM Hosted Mobile Device Security Management service.
This solution extends a company’s existing mobility portfolio to include a security application for smartphones and tablets, along with managed services including policy management and user compliance monitoring.
It helps organizations protect against data loss and other risks caused by device theft, unauthorized access, malware, spyware, and inappropriate applications.
The solution is designed to help mitigate security risks associated with the increasing number of employee-owned and corporate-liable mobile devices accessing sensitive business data. Delivered as a hosted, managed service, clients can put these controls into action without the need to deploy and manage systems or to make a major investment of in-house personnel and technology.
With this new service, IBM provides security controls and ongoing monitoring for each device as a managed service, allowing IT departments to support a broad range of personal devices. Unlike other services focused on device management or unmanaged technology, IBM is focused on the protection of the device, regardless of the business applications used by employees today or in the future.
Capabilities in the new mobile device security management service include:
- Configuring employee devices to comply with security policies and actively monitoring to help ensure compliance over time
- Securing data in the event that a device is lost or stolen
- Helping to find a lost or stolen device – wherever it is
- Protecting against spyware and viruses
- Detecting and removing malicious and unapproved applications
- Monitoring and tracking user activity
- Enabling more secure connectivity
The company is working with Juniper Networks on this mobile security service for the underlying protection and device management technology for leading platforms such as Apple iOS, Google Android, BlackBerry, Symbian and Microsoft Windows Mobile through the Juniper Networks Junos Pulse Mobile Security Suite.
IBM operates the world’s broadest security research and development organization, comprising nine security operations centers, nine IBM Research centers, 11 software security development labs and an Institute for Advanced Security, with chapters in the United States, Europe and Asia Pacific. It employs thousands of security experts globally such as security operations analysts, consultants, sales and tech specialists, and strategic outsourcing delivery professionals.
IBM monitors 13 billion security events per day in more than 130 countries and holds 3,000 security patents. It has been in the security business for nearly 50 years dating back to the security innovation in its mainframe systems.
You can learn more about this new solution here.
IBM has announced a definitive agreement to acquire privately held Q1 Labs, a Waltham, Massachusetts-based provider of security intelligence software.
The move aims to accelerate IBM’s efforts to help clients more intelligently secure their enterprises by applying analytics to correlate information from key security domains and creating security dashboards for their organizations.
Financial terms were not disclosed.
Following the close of the acquisition, Q1 Labs will join the newly-formed IBM Security Systems division, representing the world’s most comprehensive security portfolio. After the close, IBM intends the new division to be led by Brendan Hannigan, CEO of Q1 Labs.
The new division will target a $94 billion opportunity in security software and services, which has a nearly 12 percent compound annual growth rate, according to IBM estimates.
Q1 Labs will join the more than 10 strategic security acquisitions IBM has made in the last decade and the more than 25 analytics-related purchases, including the recently announced acquisition of security analytics software firm, i2.
Organizations face a landscape with high-impact corporate breaches, growing mobile security concerns and advanced security threats, as highlighted in last week’s IBM X-Force Mid-Year Trend and Risk Report.
Firms must be equipped to identify threats, detect insider fraud, predict business risk and address regulatory mandates. Three quarters of firms feel cyberattacks are hard to detect and their effectiveness would increase with end-to-end solutions, according to a recent industry report.
Q1 Labs’ advanced analytics and correlation capabilities can automatically detect and flag actions across an enterprise that deviate from prescribed policies and typical behavior to help prevent breaches, such as an employee accessing unauthorized information.
“Since perimeter defense alone is no longer capable of thwarting all threats, IBM is in a unique position to shift security thinking to an integrated, predictive approach,” said Brendan Hannigan, CEO of Q1 Labs. “Q1 Labs’ security analytics will add greater intelligence to IBM’s security portfolio and continue to distinguish IBM from competitors.”
IBM operates the world’s broadest security research and development organization, comprising nine security operations centers, nine IBM Research centers, 11 software security development labs and three Institutes for Advanced Security.
It employs thousands of security experts globally such as security operations analysts, consultants, sales and tech specialists, and strategic outsourcing delivery professionals. IBM monitors 12 billion security events per day in more than 130 countries and holds 3,000 security patents. IBM has been in the security business for nearly 50 years dating back to the security innovation in its mainframe systems.
You can learn more about IBM’s security offerings here.