Tangled Web

The Journey to RSA

The countdown is on for RSA 2012 and in a few weeks, thousands of people will descend on Moscone Center for educational sessions, new product launches and discussions on next-generation cyber threats.

Vendors have many wonderful opportunities at the show to meet with influential journalists, industry analysts and other IT security experts as the show ‘unofficially’ kicks off a busy year in marketing, sales and public relations for many technology companies.

Being practical and creative is the best way make an impact at the show.

Schwartz MSL’s ‘Road to RSA’ provides pointers on how to make a marketing and public relations impact at the show.  Enjoy!

Tags: cyber security, it security, Moscone Center, road to rsa, rsa, rsa Conference 2012, San Francisco, security, security public relations, technology

By Bill Keeler on February 3, 2012 11:14 AM Permalink

B-Sides A Go During RSA

For those people that heard the recent rumors about the demise of Security B-Sides, it is being reported that the event will go on during the RSA Conference 2012 after all.

This year, RSA Conference organizers denied sponsors of their show the chance to sponsor another event within close proximity to Moscone Center.  With plummeting sponsor dollars B-Sides was likely to close the doors on this year’s event. But because of a generous sponsor the show will go on.

Read more of Steve Ragan’s coverage below:

http://www.thetechherald.com/articles/RSA-Conference-denies-bullying-B-Sides-San-Francisco/16142/

Tags: B-sides, it security, Moscone Center, RSA, San Francisco, security

By Bill Keeler on January 31, 2012 12:54 PM Permalink

"HIMSS - IT Security Companies Ask: What's in it for us?"

Schwartz MSL’s IT Security clients often ask if attending HIMSS is worth their time and investment. Though many of these technology vendors often have customers in the healthcare vertical, they aren’t delivering pure-play HCIT products like EMRs, clinical decision support tools or healthcare billing platforms. Although HIMSS is the largest and most well-attended show dedicated to HCIT, the answer for IT Security companies and general tech companies, for that matter, isn’t so clear cut.

When discussing with clients the decision to attend or plan a larger presence through exhibiting or sponsorship at HIMSS, we pose the following questions:

What do you want to get out of the conference? In the past, even some of the largest HCIT vendors have commented that lead generation at previous HIMSS events has been moderate. Though the event attracts technology buying decision makers, the show is ‘noisy’ with hundreds of companies competing for booth traffic and general awareness. Typically, attendees are looking for specific HCIT solutions and may not yet be thinking about technology investments they should make to support a HCIT deployment. Where HIMSS may not always deliver in leads, it does provide a fertile environment for vendor networking. Dozens of companies announce partnerships and plant seeds for many more. A trip to Vegas may be a cost-effective way for your company to get some face time with bigger HCIT players.

One constant at HIMSS is the strong media presence. For companies that are new to the healthcare industry, there is a good opportunity to schedule introductory briefings with editors and analysts to educate them on how your technology fits into the HCIT landscape. As with any media outreach, they will be most interested in news, learning about your company’s overarching strategy and roadmap, and hearing about your customers.

How advanced is your healthcare messaging? The healthcare industry is experiencing dramatic changes in terms of payment and care delivery models. HCIT will play a big role in supporting new models, such as pay-for-performance and ACOs. The industry recognizes a huge potential for support technology – particularly storage and security components that will be critical as more healthcare organizations digitize their records while working to comply with regulations, and IT consulting and integration to optimize IT investments and manage complex IT networks. Technology companies that want to succeed in the healthcare vertical must clearly articulate and illustrate their value proposition for their product and services within the healthcare market and be prepared to relay those messages to many audiences at the show, namely vendors, analysts, media and attendees. Schwartz MSL leverages our healthcare experience to help clients craft healthcare-specific messaging.

Can you tell a customer story? One of the best ways to advance your healthcare-specific messaging is to use a healthcare customer. Inviting a customer to join you at HIMSS – whether at a booth or on the show floor – is a great draw for media. Reporters and editors want to hear firsthand how your customers use your technology to meet their needs.

Here is a strategy that worked well for Schwartz MSL client Circadence, a company that provides WAN and network optimization solutions, at HIMSS 2011. Although they didn’t have a customer on hand, Circadence executives met with key reporters, including Jim Knaub at Radiology Today, and shared the experience of their customer Imaging Associates of North Mississippi Magnolia (IANMM), which uses Circadence MVO to ensure rapid, reliable and secure delivery of large image transfers. The executives recounted the customer’s process from evaluation through implementation while communicating clear, quantitative ROI. The result: a follow-up conversation between the customer and editor after the show, translating to a cover story. To view that story, visit Radiology Today. Since the story ran, Circadence has expanded its presence in healthcare, providing WAN and network optimization for images, electronic health records and now the ability to access critical healthcare information on any mobile device.

After reviewing these questions, consider dipping your toe in the HIMSS pool by sending a few executives as attendees. Investing in attendee passes is much less expensive than sponsoring a booth, plus it gives executives the time to walk the show floor and network with other vendors, potential partners and the media. Register before January 23 for the standard rate.

Schwartz MSL has had a long-standing presence at HIMSS and will have HCIT practice group members at the 2012 show. We’re less than eight weeks away, but there’s still time to plan and make a significant impact.  For further advice or information on how Schwartz MSL can partner with you, please contact Bill Keeler in our Boston Office at 781-684-0770, or send an email to bkeeler@schwartzmsl.com.

Tags: 2012, ACO, HCIT, healthcare IT, HIMSS, HIMSS 2012, it security, Las Vegas, security, technology PR

By Bill Keeler on January 11, 2012 9:15 AM Permalink

Time to Protect Your Web Applications

The last in our series of 2012 prediction posts is from Edward Roberts, director of marketing at Mykonos.

Edward Roberts, director of marketing at Mykonos

Mykonos Software CEO, David Koretz, stated that 2011 was the year “when sophisticated Web application attacks came of age.” But have companies started to grow up? Sony was the victim of multiple web attacks and lost over 100 Million records, closed down PlayStation network for 23 days at a cost of $171M, and will deal with many class action lawsuits for years to come. Now if a large technology corporation like Sony suffered this web attack rite of passage, surely every other company must be equally as concerned to avoid being the next victim?
 
It’s seems not. While most hackers acknowledge that web applications are easy to attack, and data can be stolen in a matter of minutes from a vulnerable site, the majority of companies have ‘nothing’ protecting their web applications. Let me repeat, ‘nothing.’ Many are even under the misguided impression that their network firewall or IPS is protecting their web apps.
 
And to exacerbate the problem, the minority of companies’ that deploy some form of security at the web layer do so only out of deference to compliance requirements and leave them as passive monitoring devices, rather than active preventative security solutions.
 
Today, the Web layer is largely undefended and as companies rush to build more web applications and move customer processes on-line, there will be continued growth in the millions of Web sites collecting and sharing data. With this comes increasing exposure to hackers who are probing the web every day looking for the next vulnerable company.
 
So the prediction for 2012 is simple, companies will look to protect their websites and deploy Web Intrusion Prevention Systems.

If they don’t, ask Sony what coming of age feels like.

Tags: 2012, it security, mykonos, predictions, security, web application security

By Bill Keeler on January 5, 2012 8:56 AM Permalink

Why Cloud Computing Security Will Affect You In 2012

Happy New Year and welcome back to Tangled Web! Our first post of 2012 comes to you from Bit9’s Director of Security Research, Dan Brown.
 

Bit9’s Director of Security Research, Dan Brown

It’s that time of year again: time for technology prediction blogs.

The common perception among those only vaguely familiar with cloud computing is that it’s a fringe technology – affecting only technologists and large corporations.  The truth is that cloud computing is invading virtually everyone’s life whether they know it or not.

Do you own an iPhone or Android device?  How about a Kindle or Nook?  Soon even our cars will not be immune from the cloud invasion.

Don’t misunderstand me.  There are lots of benefits to cloud computing.  Siri’s magic is enabled by the cloud – your handheld device doesn’t have the compute power to do all that niftiness, and so all that speech recognition wizardry has to be offloaded to the almighty server across the Net.  But what happens so often, is that this niftiness overtakes our better security judgment.  Sometimes we need to step back and take stock of it.

The “cloud” is not an enigma to malicious attackers.  Increasingly that façade is being broken down to its component servers.  If you think corporate environments are rich targets, imagine all of the mobile apps and outsourced IT that are being hosted out there.

This post’s prediction dovetails with another recent prediction of mine.  There I spoke about data being stolen from corporate environments by using data mules to walk it out the door – bypassing corporate security measures.  But much of the same data might also be stolen these days by compromising the cloud.  In the coming year we will see a significant increase in attacks on the cloud that will parallel the increasing use of the cloud in our daily lives.  Security rule #1:  if it’s an attractive target, it will be targeted.

Tags: 2012, Bit9, cloud computing, it security, predictions, security

By Bill Keeler on January 4, 2012 9:46 AM Permalink

The Threat Landscape for Small-to-Medium Sized Businesses in 2012

Up next in our security predictions series is Austin-based Quarri. VP of Marketing Laurie Coffin discusses the threats SMB’s may face in 2012.

Quarri's VP of Marketing, Laurie Coffin

Today’s threat landscape is constantly evolving and 2011 has been a year many won’t soon forget after some of the biggest companies in the world disclosed breaches to critical data residing on their networks.

And it’s not just the big companies being targeted any longer. Small-to-medium sized businesses are increasingly being targeted. They are typically focused on growing their business, and as a result, rarely have a full IT staff that can effectively manage the information security of the entire organization, especially as it relates to data protection. These issues are compounded when you consider the use of mobile devices, growth in cloud computing and Consumerization of IT, also known as the ‘Bring Your Own Device’ phenomenon.

Cybercriminals also have a treasure trove of proprietary consumer information available in a few short clicks via social networking sites like Facebook, LinkedIn and Twitter. Spear phishing campaigns, “likejacking” on Facebook and shortened URLs are just some of the techniques we’ve seen over the past year and we can expect these approaches to get more sophisticated as we enter 2012.

To avoid becoming the next data breach headline, organizations of all sizes need to remember that the end user is one of the weakest links when it comes to information security. And not all attacks are external; a malicious or careless employee can cause significant damage to an organization if security precautions are not in place to prevent replication of your confidential information.

In 2012, vigilance is important as attacks to networks and mobile devices will grow in number and sophistication.
 

Tags: 2012, breach, cyberattack, it security, mobile, predictions, Quarri, SMBs

By Bill Keeler on December 19, 2011 2:05 PM Permalink

I'm Dreaming of a White 2012 Security Landscape

Monday's 2012 prediction post is a look at the year ahead from Mike Paquette, IT security thought-leader and Corero Network Security’s chief strategy officer.

Chief Strategy Officer Mike Paquette, Corero Network Security

While waiting for our 2nd New England snowfall of this season, I’ve given a little thought to a couple of trends that I’ve been starting to hear about as I deliver network-security presentations around the US.  As background, it seems likely that in 2012, IT security issues, such as data breaches and DDoS attacks, will permeate mainstream media with increased attention on DDoS attacks as a means of crime, protest and political activism.

IT professionals will continue to maintain a “healthy paranoia” regarding the threats posed to their organizations by cyber-attacks of one form or another. Amongst IT Security professionals who focus specifically on cyber threats, we may see attitudes migrating from “healthy paranoia” to “siege mentality,” as targeted cyber-attacks continue to assault organization’s IT infrastructure, customer data, intellectual property and employee information. I think we’ll see a couple of interesting trends amongst IT security pros in 2012.

The Move toward Application Whitelisting

Application Whitelisting will gain traction in 2012 as a tool for managing risks associated with end-point malware. While not a new technology, adoption of restrictions on which files can execute on an endpoint device (desktop, laptop, tablet or Smartphone) will become more common.

The concept of application whitelisting promises virtually malware-free computing environments, but comes at a cost of inflexibility and would seem to fly in the face of the Web 2.0 usage model. In practice, several vendors have developed software solutions that utilize an application whitelist, but still allow flexible and Web 2.0-enabled Internet use. A nice article including a vendor list can be found on the SANS Reading Room.

The Shift to Whitelisting the Internet

Traditional approaches to promoting safe Internet browsing involve characterizing the “bad sites” on the Internet, either through content categorizing (rating sites for hate, porn, gambling, games, shopping, etc.) or IP Address reputation (rating IP addresses based on whether they have been observed hosting malware, being associated with phishing attacks, or participating in Botnets), and then blocking attempts to visit web sites that are listed on these blacklists.

In 2012, we will see the start of a trend toward whitelisting the Internet. That is, limiting Internet access of an organizations members to “highly trusted” web sites. You’ll notice that I did not say “known to be good” web sites, since it is common today that web sites of legitimate organizations are often compromised or infected without the site owner’s knowledge.

The challenge with this approach is even more obvious than with the application whitelisting: How do you get a reliable whitelist of URL’s while still allowing even basic use of the Internet, including search engines?

Early adopters of this technology will implement what might be called “whitelist-augmented” web access policies, usually in conjunction with other technologies such as Google’s Safe Browsing service, to allow basic search engine functionality. There is no doubt that using these approaches will cause disruption amongst the user base, as it may radically restrict Internet access.

The good news is that this kind of whitelisting shrinks the aperture through which malware can infect an organization’s computers and can indeed assist employers with managing productivity.

The bad news is that this technique will not eliminate the need to continue to use other defensive technologies like end-point anti-malware and network intrusion prevention technology.  

How about a show of hands – anyone you know going to attempt this in 2012?

Tags: 2012 predictions, breach, Corero, DDoS, it security, malware, mobile, security, whitelisting

By Bill Keeler on December 15, 2011 2:00 PM Permalink

2012 Security Predictions from Damballa

Thursday’s Tangled Web posting comes from Gunter Ollmann, Damballa’s vice president of research and one of the foremost experts on the IT security industry. Ollmann shares his 2012 security predictions through Damballa’s popular blog The Day Before Zero.
 

Gunter Ollmann, VP of research at Damballa

As the weeks remaining in 2011 dwindle and 2012 peeks out from behind the last page of the calendar, it must once again be that time of year for purposeful reflection and prediction. Or is that navel gazing and star gazing?

The year still has a couple of weeks to rock on before we can comprehensively summarize the events and trends of 2011. I’m sure there will be a bunch of annual threat reports preempting the end of year – extrapolating trends etc. in order to get the jump on reports that use real data. At the highest level of navel gazing you could probably sum up 2011 with one word – “More.” The bad guys got richer, more successful, invented a few new attack vectors, and generally grew in numbers; meanwhile the good guys got more efficient at causing the bad guys pain, but continued to be outspent by the bad guys.

But let’s put that aside for now. What does 2012 hold in stall for us?

It’s easy enough to predict the future when you’re merely commenting upon the trends of past years and projecting “more” of the same. While I can offer no shortage of meaningful predictions for 2012 across a broad range of threat and security categories, I thought it would be fun to pick three topics that stole much of the limelight of 2011 – APT’s, mobile malware and botnet takedowns.

So, without further ado, here are a handful of predictions for 2012.

APT Bonanza

The volume of persistent attacks directed at large corporations will continue to increase and the victims will continue to feel as though they have been specifically targeted. There will thus be a presumption of sophistication to successful penetrations, which will lead to more organizations concluding that they have been the victim of an APT – which, after more detailed analysis and external input, will increasingly be revealed as false claims.

•    More attacks will be labeled as APT’s due to misunderstanding by the victims, or because of an implied “get out of jail” tactic when public disclosure of the breach is mandated by law.

•    External analysts and security firms will dedicate more time and resources to analyzing breaches that are disclosed as “APT’s”, and will be more vocal in correcting false claims.

•    A growing unease will be attributed to the “cry wolf” mentality of labeling breaches as APT’s throughout the year.

•    Real APT attacks will increasingly be lost in the noise of falsely-claimed APT’s, and the sophisticated attackers will be able to further obfuscate the intent of their attacks.

Mobile Malware threats will continue to be misunderstood

Mobile malware will divide into two streams – Smartphone malware and tablet crimeware. Both mobile malware streams will be similarly unimpressive from a threat sophistication perspective, however their criminal intent will direct their evolutionary changes. Tablet crimeware will develop at a faster pace than Smartphone malware in 2012 as the opportunities to defraud potential victims on tablet systems grow quicker.

•    The hype around mobile malware will continue to exceed the threat and the cybercriminals capabilities in 2012 – but the cybercriminals and security researchers will strive to meet that hype.

•    As mobile systems become more usable for day-to-day financial transactions and online stores tune their shopping portals for larger-screened mobile devices, cybercriminals will increasingly target these platforms. This crimeware (and injection vectors) will be more “traditional” and a closer facsimile of current generation PC-based crimeware capabilities than many have projected in the past.

•    Smartphones, long seen as “the” mobile threat vector and with the longest history of malware abuse (e.g. Symbian-based malware and premium-rate fraud), will technically be susceptible to the same malware as that affecting tablet systems – but will not be the primary target of attack.

•    Cybercriminals that develop malware specifically for Smartphones will increasingly target the devices for propagation purposes – seeking to infect other (traditional) corporate systems and to breach corporate VPN’s.

•    In the corporate realm, the Bring-Your-Own-Device (BYOD) consumerization of IT will entice cybercriminals that target enterprise networks to innovate new attack and propagation vectors. Throughout 2012 new vectors will be theorized and may be developed as proof-of-concept tools, but the hype will be bigger than reality because there are technical hurdles within the operating systems of the mobile devices that have yet to be overcome.

•    Security conferences of a Black Hat ilk throughout 2012 will uncover and illustrate new vectors that subvert the underlying mobile device operating systems that will be leveraged in the 2013 timeframe for the targeted propagation of crimeware via BYOD.

•    The traditional invasive and “scary” mobile malware capabilities (e.g. eavesdropping on the victims’ calls, tracking the device owner, etc.) will not advance in 2012 and will continue to be potential capabilities rather than primary objectives for attackers.

•    The first generation of commercial “DIY” mobile crimeware construction and attack tools will be developed and sold by enterprising cybercriminals.

•    Large scale botnets will not exist on the mobile platforms in 2012. There will be several “proof-of-concept” botnet implementations and theoretical attacks but, from an overall global threat perspective, they will be insignificant.

Botnet takedowns will be ineffective

Despite a number of public and media-hyped botnet takedowns in 2011, and the prospect of increased takedowns in 2012, the overall impact on cyber-criminal operations will decrease. In response to the 2011 takedowns, cybercriminals will change some of their management tactics, further distribute their command-and-control (C&C) infrastructure, and invest in improved and more diverse infection vector operations.

•    Professional criminals who build and monetize botnets will invest in more robust crimeware distribution technologies and services. The capability to infect 10,000+ computers per day will be more important than the marginal loss of 3-year old botnets with only a few hundred thousand infected devices.

•    Botnet C&C infrastructure will continue to become more agile – flitting between domain names, IP addresses and physical locations at an increasing pace. In 2011 this agility was measured in weeks; by the end of 2012 it will be measured in hours.

•    Botnet operators will add more layers between themselves and their victims. In 2011 cybercriminals increasingly adopted the use of commercial anonymous VPN services to connect to their C&C servers, and deployed C&C proxies between the botnet victims and the real C&C servers. In 2012 we can expect this trend to continue and there is a high probability that multiple layers of C&C proxies will be adopted to further protect the cybercriminals C&C investment.

•    Noisy botnets (i.e. Spam botnets and DDoS) will continue to be the focus of legal botnet takedowns. In response, cybercriminals will in most cases reduce the noise of their botnets and will also further segment their botnets to ensure that the entire botnet is not lost in a single takedown operation.

•    Botnet takedown attempts will become more “risky” as the takedown entities become more comfortable with the process. Risk will be introduced as the entities pursue remote clean-up and remediation of victim devices.

•    “Good guy” botnet remediation services will become a commercial reality in 2012. As multiple security vendors and academic institutions focus upon the botnet menace they will uncover more vulnerabilities lying within the heart of both the botnet malware and the C&C portal software. There will be growing pressure to exploit these vulnerabilities for the purpose of usurping control of the botnet from the cybercriminals hands and to issue appropriate shutdown and uninstall commands directly from the compromised C&C servers.

I wonder how many of these predictions will come to fruition? I guess we’ll find out in 380 days.

Tags: 2012 security predictions, botnets, crimeware, Damballa, it security, malware

By Bill Keeler on December 14, 2011 3:02 PM Permalink

Mobile Messaging Security Issues Forecast For 2012

Up next in our security predictions series is San Francisco-based Cloudmark. CTO Jamie de Guerre outlines the mobile messaging security threats that are on the horizon for 2012. 

Tags: 2012, Cloudmark, forecasts, it security, mobile, predictions, security

By Bill Keeler on December 13, 2011 4:20 PM Permalink

Security Threats of 2012: Consumerization of IT

The next in our series of prediction posts comes from Addison, Texas. Read on to see what Credant Technologies CEO & Founder Bob Heard has to say about IT security trends in 2012.

Bob Heard, CEO and Founder of Credant Technologies

It is an undeniable reality, today, that we live, work and play in a data-centric world. And the demand for access to data – anytime, anywhere and on any type of computer or device – has increased significantly and it will continue to increase significantly. Adding to this reality, though, is the trend of consumerization of IT – also known somewhat as BYOD or “Bring Your Own Device” – as it has been described.

People are bringing every conceivable type of device. Probably like you, I use a laptop, a tablet, a smartphone – and I am typically carrying anywhere from two to six USB drives at any point in time. And I use these drives in a homogenous fashion – they are all interdependent with one another. But what I think is more important than the quantity and types of different devices is the data itself – and the fact that this data is in high demand. By fulfilling this demand, we are able to transform data into information, and information into intelligence. If utilized properly, this presents the opportunity to significantly improve workforce productivity and overall business performance.

Forrester has predicted that up to 60 percent or more of our workforce will be working outside the office in a mobile environment this year. IDC predicts that on a worldwide basis, over 1.2 billion people will be working outside of the office by 2013. Your business – like mine – is probably embracing these trends: encouraging employees to take advantage of mobility and access to data from a wireless device to increase productivity while also potentially reducing our cost.

But while BYOD might increase productivity and reduce cost, it could also potentially be every IT security team’s worst nightmare – to manage all of this. I think that as security professionals we need to face the fact that it’s happening, and evolve our thinking and strategy for how we protect data on these types of devices.

Tags: 2012, Bob Heard, consumerization, Credant, it security, security

By Bill Keeler on December 13, 2011 11:22 AM Permalink