Do you ever look at your To Do list and feel like you want to just run away and hide? Me too. I talk a lot about consistent effort and not trying to hit home runs, but working for a bunch of singles and doubles. That works great for run rate activities like writing the Incite and my blog series. But I am struggling to move forward on a couple very important projects that are bigger than a breadbox and critical to the business. It is annoying the crap out of me, and I figure publicly airing my…
In hindsight we should have seen this coming. I mean it’s not like McAfee even showed up for the most recent NSS Labs next-generation firewall (NGFW) test. They made noise about evolving their IPS, I mean Network Security Platform, to offer integrated firewall capabilities. But evidently it was either too hard or would have taken too long (or both) to provide a competitive product. So McAfee solved the problem by writing a $389MM check for Stonesoft.
Dennis Fisher writes in Finger-Pointing on Cyberespionage does little good without a plan:
The acknowledgement from the Pentagon, in truth, feels fairly anticlimactic. It’s the equivalent of Mark McGwire admitting to using steroids-10 years after every fan in the country had already accepted that fact. At some point it becomes sort of silly to even mention it. Water is wet, ice cream is delicious and China is attacking our networks. It just is.
Sorry, but the title is a bit of a bait and switch. Before we get into object storage encryption we need to cover using proxies for volume encryption.
Japanese Coast Guard ship (indirectly) sold to North Korea:
“The vessel was sold in a state in which information regarding operational patterns of the patrol vessel could have been obtained by some party,” an official told the paper. “We were on low security alert at that time.” That is certainly not the case these days, with heightened tensions on the Korean peninsula and the Japanese coast guard regularly involved in patrols around the disputed Diaoyu (Senkaku) islands.
The tactics we have described so far are very useful for detecting and disrupting advanced attackers – even if used only in one-off situations. But you can and should establish a more structured and repeatable process – especially if you expect to be an ongoing target of advanced attackers. So you need to evolve your existing security program, including incident response capabilities. But what exactly does that mean?
The arms race goes on and on. The folks at Trusteer recently found an evolved type of malware designed to game financial institutions’ two-factor authentication (2FA) mechanisms on compromised devices. This is Darwin at work, folks – why should attackers try to rob banks, when they can mug everyone who comes out with money? Whatever gun you have, they come back with a bigger one. This is fun, right?
Okay, it is entirely possible he paid for it, but HOW DO WE KNOW?
In our last post in the CISO’s Guide to Advanced Attacks, you verified the alert, so it’s time to spring into action. This is what you get paid for – and to be candid your longevity in the CISO role directly correlates to your ability to contain the damage and recover from the attacks as quickly and efficiently as possible. But no pressure, right? So let’s work through the steps involved in breaking the kill chain, disrupting the attackers, taking counter measures, and/or getting law enforcement…
I was weirdly interested in Paul Miller’s year off the Internet. Paul is a writer for The Verge, and they actually paid him to keep writing (offline) through the year instead of kicking him to the curb like most publications would have.