February 2011

RSA Vlog: Threat Trends #2

What with Stuxnet, the recent NASDAQ breach and the 2010 Aurora incident, there’s no shortage of cyber threat nightmares out there to keep even the most confident security minded executive up at night. Schwartz digital marketing services team talks with Mykonos Software CEO David Koretz, Xceedium’s  CEO Glenn Hazard, and ESET’s Vice President of Marketing, Dan Clark, about outgunned white hats, the increasing rise and risk posed by compromised company insiders, and the dark side of social media.

Posted by Dara Sklar on February 18, 2011 at 3:05 PM
| TrackBack (0)

RSA Day 5

Everywhere you turn, someone is using his or her smartphone. Whether you’re addicted to your BlackBerry or you can’t live without your iPhone, smartphones are taking over the mobile world. Browsing through mobile applications has become part of the smartphone culture; we look for an app that will make doing XYZ a little easier in our lives. However, unsuspecting consumers need to realize that mobile applications are one of the greatest threat vectors for smartphones.

“Smartphones are appealing to cybercriminals because they contain vast amounts of data and are always connected to the Internet,” said RSA panelist Joseph Opacki during one of the conference's Wednesday discussions on mobile security. While the smartphone works to make our lives easier, it’s also coincidentally making the life of a hacker easier, too. Mobile devices are garnering momentous attention from the cybercriminal community and now security experts understand why.

A director of cyber security intelligence at an IT services and solutions consulting firm, Adam Meyers, agreed that mobile web browsers and operating systems contain vulnerabilities that could be exploited for malicious purposes. Users may begin to encounter malware that exploits these weaknesses via drive-by-download on mobile web sites.

Among other things, one of the main reasons consumers are so addicted to their smartphones is unlimited accessibility to email. This is certainly something to think about the next time you’re scrolling through your inbox and see an email from an unknown sender. During a cyber espionage session at RSA on Thursday, Mikko Hypponen told audience members that, “Almost all targeted attacks happen via email, though some occur during the use of online chat services or web-based exploits. These emails are actually created and sent by attacks; they contain code to trigger exploits that open backdoors on affected systems.”

McAfee CTO George Kurtz made a valid point during his keynote while discussing malicious codes and whether security checkpoints will always stop them before any real damage is made. “If you download something from an app store, are you assuming it is okay? When do Apple or Google have time to go over three million apps with a fine tooth comb?” Based on these ideas, can we start see the world of mobile app scanning take off? Is this really the next step in the fight against targeted attacks?  

Posted by Katerina Korfias on at 12:59 PM
| TrackBack (0)

Schwartz IT Security PR Team

Part of the Schwartz team on the ground at RSA Conference 2011 this week.

From left to right: Nicole Solera, Laurie Falconer, Jill Reed, Kristin Allaben, Alexis Laliberte, Bryan Scanlon, Dan O'Mahony, Bill Keeler, Ross Levanto, Tommy Owens, Heather Craft, Matt Grant, Sam Sok, Tim Galbreath, Lauren Pitcher.

Photo Credit: William Reber

Posted by Ross Levanto on February 17, 2011 at 7:46 PM
| TrackBack (0)

RSA 2011: Day 4

WikiLeaks – It happened, now what? During yesterday’s “WikiLeaks: The Aftermath” panel, former Black Hat hacker and senior editor at Wired.com Kevin Poulsen claimed that WikiLeaks-style copy-cat sites are on the rise, but they’re taking a new direction. According to Poulsen, "Founder of WikiLeaks Julian Assange made exposing secret documents sexy.” Assange showed us just how much attention a disgruntled employee can cause and now organizations other than WikiLeaks are springing up to support the release of sensitive data.

Take, for example, the recent HBGary debacle. HBGary Federal was hacked by group Anonymous, which ended up publishing thousands of emails belong to company executives. But these aren’t just copying WikiLeaks--these are organizations that are developing technology to make their job easier by better transferring secured data.

When discussing WikiLeaks, the notion of a “cyber war” frequently comes into mind. Many are categorizing this recent attack as the leader that paved the way for a new era of cyber attacks to come in and cause massive damage to critical infrastructure. However, security experts debated this issue during a keynote yesterday. According to these experts, the public needs to fully understand what cyber war is and what it isn’t; the subject matter is perceived as black or white, with no room for gray in between.

Former U.S. Secretary of Homeland Security Michael Chertoff states, “I would consider something that destroys major systems an act of cyber warfare.” He also claimed that the U.S. government needs to work on establishing a more efficient structure of response to cyber attacks. In turn, this would require an increase in government IT security. “If people inside the government see something they don’t like, there needs to be a process for whistle blowing that protects the information in the right way,” said a former member of the U.S. National Security Council staff, Roger Cressey. 

The WikiLeaks attacks are not just something of the past; hackers have seen the damage that was caused and that's only adding fuel to their fire. Groups are searching for ways to make their next big hit, especially on an organization that has no infrastructure and no funding. It’s a battle of the fittest, with the strong exploiting on the weak.

Posted by Katerina Korfias on at 11:38 AM
| TrackBack (0)

Staying in the Center of the Action

Last year I made the comment to my taxi driver on the way to the airport that during the week of RSA Conference, I stay within a San Francisco bubble that extends maybe a half mile from the Moscone Center.

It's holding true this year as well, though that's not necessarily a bad thing. San Francisco is a great host for the RSA Conference. Within a few blocks of the Moscone Center, there are several restaurants and lounges for informal meetings and private receptions. [In an hour or two, I am off to one such location, Jillian's, for the Securosis Recovery Breakfast.]

A huge plus for Schwartz's IT security PR practice is that our San Francisco office isn't far from the action. We're at the corner of Market and 2nd Streets, a mere five-minute walk from the convention center. It is essentially the center of operations for the agency's activities during RSA.

Posted by Ross Levanto on at 9:29 AM
| TrackBack (0)

RSA 2011: Day 3

As we trek into the third day of RSA, we’re already noticing that many of our pre-RSA predictions are holding true – guess it’s our "sixth sense" for security trends. In an earlier post, my colleague Kristin Allaben suggested that in addition to cloud security, top themes at this year’s conference would include trends in government security and cyber warfare.

Yesterday’s highly anticipated Symantec keynote delivered by president and CEO Enrique Salem warned his audience that the worst of targeted cyber attacks is yet to come.  A statement made by Salem left us, and surely the rest of the audience, feeling slightly unsettled referred to a recent, highly publicized targeted malware attack. “Stuxnet was the attack that moved the game from espionage to sabotage.” It seems as though the safety of our critical security infrastructure is at stake, especially with recent movements to the cloud and the replacing of PCs with smart devices. Is our growing adoption of virtualized environments ultimately letting down our protective barriers?

Art Coviello, EVP of EMC and president of RSA, doesn’t seem to think so and remains fairly optimistic. During his presentation, he claimed that virtualization is the silver lining in the cloud. Due in large part to a growing business demand, organizations are rapidly adopting cloud technologies. While this is great for the cloud industry, Coviello stated that it is causing growing concern for security practitioners who are in charge of governing and managing data in the cloud. Automation has become an essential part of enabling security in virtualized environments.

Rest assured though, there is light at the end of the tunnel. Coviello told audience members that the vendor community has been working to apply security principles to their solutions that will enable a secure, trusted cloud. Interestingly enough, we can expect to see predictive analytics being deployed in trusted cloud environments based on an understanding of normal states, user behaviors and transaction patterns.

Check back here tomorrow for additional coverage and highlights of this year’s RSA Conference. We’re interested to see if discussion will continue around security in the cloud or if something new will pop up.

Posted by Katerina Korfias on February 16, 2011 at 12:13 PM
| TrackBack (0)

Any RSA 2011 Surprises?: Vlogging from Moscone

With Schwartz representing almost two dozen security companies at RSA this year, we thought who would be better than our clients to share the latest security trends at the conference. Members of our digital marketing services team (which is already off to a highly successful year) spent the day at Moscone interviewing the brightest executives on the show floor. The results revealed that as we predicted cloud and mobile security are top of mind as companies explore new ways to control today’s blurry perimeter, but also uncovered a few surprising themes too….take a look.

Posted by Dara Sklar on at 11:33 AM
| TrackBack (0)

Some RSA Innovations Are Simple

Sometimes the hardest part about being on a tradeshow floor is finding a booth. The organizers at RSA Conference 2011 are doing something very simple that is making life a lot easier for IT Security PR pros like me.

Above each aisle on the show floor is a sign telling what vendors are in a given row. Brilliant! Why was this not incorporated a long time ago?

Posted by Ross Levanto on at 9:39 AM
| TrackBack (0)

RSA 2011: Day 2

Yesterday there was a lot of interest in the Cloud Security Alliance Summit, especially since cloud security is still an unresolved security topic. Just take a look at this line waiting to get in!

The big news that came from this session surrounded the government’s plans to spend $20 billion on cloud security, at least according to the 2012 budget. Also from this discussion, there were four key areas identified as lacking in clarity when it comes to cloud adoption:

• Security
• Standards
• Procurement
• Governance

With these four areas in mind, cloud security has the appearance of remaining a consistent concern, especially when companies consider moving mission-critical applications to the cloud. To try to ease this fear, RSA announced that its Cloud Trust Authority would launch the beta of a cloud security platform later this year. The beta will offer combined identity management and compliance offerings, with the goal of providing a single, comprehensive set of protections for multiple cloud computing services.

Based on all the news we’ve heard surrounding the cloud, some key terms you will most definitely hear in presentations this week addressing this topic include:

• Government
• Trust
• Risk
• Security
• Concern
• Compliance
• Regulation
• Hesitation
• Privacy
• Data security
• Mission-critical applications
• Delivery methods
• Confusion
• Hack
• Forensics
• Malware

Cyber war is another hot topic and one with many concerns, especially since WikiLeaks and Stuxnet are fresh in our minds. There is a seemingly continuous stream of potential cyber war threats, though many people are unaware of how to define this phrase. To illustrate just how serious this concern is, RSA has attracted a number of high-level government representatives to speak. This year, Deputy Defense Secretary William Lynn III is presenting an opening-day keynote on the Pentagon’s cyber strategy.

Taking a quick look at new products, something to keep our eye on is the MasterCard “Display Card.” Although it looks and works the same as any other credit card, it is described as having a built-in display to enable cardholders to create a one-time password to enhance authentication. So we have to ask: is this going to protect cardholders from having their credit card information stolen when shopping online?

With keynotes and panel sessions ramping up today, be sure to check back here tomorrow for a recap on some of the hot discussion topics.

Posted by Kristin Forte Allaben on February 15, 2011 at 10:00 AM
| TrackBack (0)

Unique Angles For RSA Coverage

While most security companies are pushing new products on the eve of RSA, the Schwartz Communications team took a different approach to secure coverage for Cryptography Research. We pitched reporters for pre-show conversations to discuss the show and learn about CRI’s business, focusing on hiring challenges, and how this represents a significant issue for the security industry overall.

The strategy resulted in the following coverage, which ran yesterday on the front page of the San Francisco Chronicle’s Business Section.

The timing was great, and CRI now has a great piece to show off all week at RSA.

Posted by Dan O'Mahony on February 14, 2011 at 1:42 PM
| TrackBack (0)

A Rock Concert? No, The Cloud Security Alliance Meeting

Fellow Schwartz IT Security PR pro Heather Craft snapped a photo from her smart phone of the line at this morning's Cloud Security Alliance (CSA) Summit. Without question, cloud security stands out as one of the hot topics as RSA Conference 2011 kicks off today in San Francisco. Schwartz has heard that upwards of two dozen journalists and analysts are expected to attend the CSA meeting. We hope Heather is wearing comfortable shoes!

Posted by Ross Levanto on at 10:52 AM
| TrackBack (0)

RSA 2011 Kickoff: Day 1

And so it begins--RSA 2011 officially kicks off today. With a “Giants Among Us” theme, the 20th Anniversary of RSA is dedicated to celebrating the industry’s pioneers. This includes a look at the legacy of the RSA algorithm, the history of cryptography and computer security, and a look ahead to the future of the industry.

We’ve highlighted some of the key themes we expect to see come from RSA, some of which seem to be a repeat from last year. Just taking a look at the keynote session titles, anyone can see that cloud security still reigns as an unresolved security topic from RSA 2010. And with Stuxnet making such a splash, especially with the latest news of Anonymous claiming control of the Stuxnet virus, government IT security will once again be a primary topic.

Some additional things to keep our eyes on over the course of the week include:

• Government Information Security Today survey—Officials in local, state and federal governments who are charged with safeguarding IT were polled to determine their attitude when it comes to IT security leadership, vulnerabilities, regulations, budget challenges, skills and cloud computing. Data will be announced on Thursday in the session is entitled “Government Security: The State of the Union.”
• Collective Defense for Internet Health—Described as a new type of computer “check-up,” Microsoft's corporate vice president for trustworthy computing, Scott Charney, has challenged users worldwide to develop collective defenses to help protect Internet citizens from online threats. He presented the idea that the approach to handling online security issues should be modeled after the one used to address sickness in humans. More information on this idea is outlined in Charney’s whitepaper. This idea is likely to be carried into discussions specific to government IT security.
• Organization for the Advancement of Structured Information Standards (OASIS)—OASIS will be holding a KMIP Interoperability Demonstration, touching on policy-based centralized control in order to better manage cryptographic keys. In a recent article, managing encryption keys was described as “the Achilles’ heel of cryptography.”

Regarding specific items in the news, we've already seen a significant number of new product announcements.

Keep an eye on the Schwartz security practice's Tangled Web for a recap of news to come from RSA 2011.

Posted by Kristin Forte Allaben on at 10:28 AM
| TrackBack (0)

What These IT Security PR Pros Are Looking For at RSA

More than a dozen Schwartz IT Security PR pros will descend on the Moscone Center in San Francisco this coming week for RSA Conference 2011. Some of us are veterans who have attended the conference many times in the past. One or two are looking forward to marching across the RSA trade show floor for the first time. Regardless, our expectations meet reality in just a two short days. And here's what we are looking out for next week:

"I’m always interested in checking out cool new security products and seeing what my clients’ competition is up to. It would be cool to catch a glimpse of Bill Clinton in person, but that’s probably unlikely. I’ve heard his 'Embracing our Common Humanity’ talk before, but it was via satellite. Finally, I am curious to see what Alice & Bob will be up to at the event and how they will be depicted." -- Jill Reed, director (Editor's Note: Alice & Bob are the key figures in the RSA Conference theme this year.)

"I’m looking for companies to be discussing their strategies for cloud and mobile security as the proliferation of smart phones and mobile devices on the network and the expansion of the mobile workforce present new challenges for IT administrators in 2011. Globally, criminals are being well funded, they are patient and they will continue targeted attacks about gov’t agencies, blue-chip corporations and the vast majority of the Global 2,000 companies." Bill Keeler, vice president

"I will be on the lookout for the most unique and creative swag at all of the vendor booths. Note: Then I plan to write a blog about what I find, and if their marketing was effective." -- Nicole Solera, assistant account executive

"I’m interested in taking a look at over 350 vendors in the Expo as well as meeting with security influencers and media about what they’re seeing as this year’s industry trends." -- Matt Grant, senior media strategist

“At RSA 2011, I’m on the lookout for ideas that are beyond the everyday norm. One such idea is that of the psychology of forensic investigations. I’m looking forward to the keynote exploring this topic since I’m particularly interested in psychology and am always on the lookout for a new book. Perhaps Michael Capuzzo could appear on my ‘new authors to read’ list.” -- Kristin Allaben, senior account executive (Editor's Note: Micahel Capuzzo is one of the keynotes at the conference.)

"I always love to witness creative booth activity, especially activity that is strategic to a given client's technology or solution. I know from personal experience participating in numerous brainstorm sessions that corporate marketing teams invest quite a bit of creative energy into their booth designs and tradeshow activity." -- Ross Levanto, senior vice president

Posted by Ross Levanto on February 12, 2011 at 6:55 PM
| TrackBack (0)

RSA 2011 - Trends to Watch

RSA is literally days away and as companies prepare for the week-long event, we figured now would be a good time to touch upon some of the key trends we expect to see come from the show. This is based on an evaluation by Schwartz's IT Securty PR Practice Group.

Hacktivism—As this buzz word has essentially been thrown around since the Stuxnet attack, this is nothing new. Described as a technical attack coordinated by a third party, attackers are getting better at their means of attacks, for sure, and it generally seems to be politically motivated. Great example is what’s happening in Egypt. There was a call to action via Facebook and other social networking sites. This leads perfectly to the next idea: personalization of attacks.

Personalization of Attacks—We’ve heard it time and time again: People have a false sense of security when it comes to using social networking sites. This generally results in sharing too much personal information online. As 2011 progresses, we can expect an increase in personalization of attacks as a result of data mining via social networks.

Privacy—Perhaps not surprisingly, privacy was one of the most popular topics for RSA submissions this year. People are curious as to what their cloud providers are doing to ensure the privacy and security of their data. People want to know how secure/private their personal information is when accessing their bank accounts on their mobile devices. It all comes down to this: Despite an information overshare on social networking sites, people want their privacy, and they want it to be protected and respected. It’s possible that we could see some discussions regarding legislation focused on privacy controls and policies this year.

Cloud Security—Oh, the cloud. Between commercials that tout it as something all consumers should use and privacy concerns on the enterprise side, cloud security is not something that will take a back burner any time soon. We saw this at RSA last year; cloud security was by far one of the most frequent topics discussed. It will be interesting to see what the Cloud Security Alliance (CSA) has planned for us this year. They are meeting Monday (Schwartz IT security practice group member Heather Craft is attending).

Mobile Security—The proliferation of mobile devices has created a new target for the bad guys. Everyone seemingly has a smartphone and, let’s face it, the security of those devices is less than ideal. With more people utilizing these devices to bank online or to conduct various business matters, privacy and security become key issues (and when we look to the financial industry, in particular, compliance is introduced as another issue). We can expect lots of buzz around the emerging threats to mobile devices.

Cyber warfare—Similar to hacktivism, cyber warfare and cyberwar have risen as buzz words, frequently used with little to no understanding of what they really mean. It’s been used so frequently, in fact, that my parents have been using both of these phrases, and I wouldn’t classify them as “up with the latest technology.” With this in mind, we can expect discussions surrounding the definition of this phrase, as well as a getting a picture, so to speak, of what a real cyberwar would entail.

There is much confusion about many of these terms, for both the general public and the security industry as a whole. Of these terms, only a few have a clear definition, an issue that the cloud has struggled with since its inception (or at least since the introduction to the mainstream media). It will be interesting to see what companies will announce and promote while at RSA this year.

Keep your eye on the Tangled Web (@tangledweb) blog and be sure to check here first for a recap of news to come. I will be joined by colleague Nina Korfias in providing regular acconts of activity from the show.

Posted by Kristin Forte Allaben on February 11, 2011 at 8:15 AM
| TrackBack (0)

February Wednesday Wrap-Up (on a Thursday...): Patch Tuesday in a Nutshell

February is frequently associated with Valentine’s Day, making it seem like a romantic time of year, one that is seemingly filled with sugar, spice and everything nice. But the bad guys have other plans, forcing Microsoft to issue a decent group of patches. This month, Microsoft issued 12 patches, targeting 22 vulnerabilities.

Summary

• Twelve patches were released this month, three of which ranked “Critical,” the other nine ranked “Important.”
• One of the critical patches is a cumulative update for IE, though it does not include a fix for the previously reported bug.
• Two zero-day flaws are addressed this month, both of which have been present for the last few weeks.

MHTML still unpatched
Although Microsoft issued a cumulative patch for IE resolving four vulnerabilities, including a CSS bug, the MHTML hole remains open. What makes this potentially worse is that this hole impacts all versions of the browser. Basically, with this vulnerability, a victim can be infected by simply clicking on a malicious link that leads to a HTML document. Although some believe that this vulnerability is somewhat limited compared to other zero-day execution vulnerabilities, it was reported in SearchSecurity that, as a result of this unpatched flaw, March is expected to have an equally disruptive Patch Tuesday.

Booby-traps
A double entendre, perhaps, but it’s no joke when it comes to a Windows graphics rendering flaw. If exploited, an attacker could plant a booby-trapped thumbnail image on a website or include in a Word or PowerPoint attachment. If exploited, the attacker can give him or herself equal user rights.

Are you having fun yet?
For many, Patch Tuesday is a cycle we accept. We know that on the second Tuesday of every month, there will be a security update for us. It may require us to restart our computers, it may not take effect until days or weeks later, pending the internal IT teams decisions to implement patches.

For some, this is getting out of hand.

According to client Anup Ghosh of Invincea, this penetrate-and-patch cycle is outdated. In a recent blog post, he calls the security industry to action, encouraging them to be fight back and innovate, staying one step ahead of the bad guys.

How do you think we can reverse this cycle?

Posted by Kristin Forte Allaben on February 10, 2011 at 4:56 PM
| TrackBack (0)

Schwartz IT Security PR Practice Sponsors SC Mag Awards Dinner

For the second year in a row, Schwartz's IT security PR practice is sponsoring the SC Mag Awards dinner. Held each year, typically the Tuesday evening of RSA week, the dinner is a showcase of the IT security industry's leaders and innovators. The prizes are the unofficial "show awards" for the RSA Conference. This year, the awards dinner is scheduled for Tuesday, February 15 at 6:30 p.m. at the Intercontinental Hotel.

Schwartz's sponsorship is just part of a series of planned activities at RSA. A dozen or so Schwartz staffers will be on the show floor coordinating meetings for the companies we represent. In addition, a few of our practice members will be writing for this blog about trends from the conference.

Schwartz is also sponsoring the Securosis Recovery Breakfast, scheduled for Thursday morning of the RSA show week (Feb. 17) at Jillian's from 8-11 a.m.

If you are at RSA, no doubt you will see a Schwartz security PR pro in your travels!

Posted by Ross Levanto on February 3, 2011 at 1:48 PM
| TrackBack (0)