I’ve been pretty forthcoming in sharing my belief that the security industry in general continues to struggle to transition from old ways to new, and that in today’s day and age we have to adapt quickly. The rise of mobile computing and communications (users, data, services) combined with increasing volumes of cloud services data traffic (from, to, and via) intersecting with the hacking community’s ever-increasing capabilities, all have made me more than a bit on edge.
I recently participated in an on-line webinar, teaming up with a cloud services provider and a cloud security solutions vendor. It would be indiscreet for me to name the companies in this blog or signal any kind of Cisco “endorsement,” but speaking personally, they are on the right track in a number of ways.
Read More »
Tags: Cisco Cloud Services, cloud, Cloud Computing, cloud security, cloud services, security
Mobile security is a top concern for IT and business leaders. This blog series with Dimension Data explores how organizational leaders can work together to mitigate concern and implement clearly defined policies and mobility goals. This blog will address the opportunities and risk of secure mobility from the top down. The first blog in this series discussing how concerns outweigh actions when it comes to mobility security can be found here. The second blog in this series highlighting how IT and business leaders can work together to develop secure mobility policies can be found here. The third blog in this series discussing how to close the gap between vision and real-world implementation can be found here.
Throughout this blog series, we’ve discussed several key aspects of implementing secure mobility policies and programs to ensure organizations can reap the benefits of mobility now and in the future. It’s clear that mobility is a top priority for IT and business leaders and most have a clear vision of the role mobility can and will play in their organization. Overall, they see both the risks and the rewards.
That said, responses gathered in the recent Dimension Data Secure Mobility Global Survey point to a gap between that overall vision and the likely real-world outcomes organizations will face – given that a number of crucial initial steps can ultimately save time, reduce costs, and, most importantly, ensure appropriate security controls are in place.
In this post, I’ll highlight the real opportunities and risk regarding mobility and security – and how business leaders can address the disparity between vision and actual deployment now and for years to come.
Understanding the Opportunity and the Real Risk
The threat to an organization’s proprietary information is certainly foremost in the minds of IT and security leaders. Interestingly, 71% of respondents of the recent Dimension Data survey indicated that their business leaders view employee utilization of personal mobile devices as potentially dangerous, costly and not business critical.
IT concerns about secure enterprise mobility risk are many. These include the introduction of malware into the environment from largely unmanaged devices or devices that organizations have little to no control over and the data leakage challenges by allowing users to have various parts of data outside of the network. In addition, many IT leaders ask:
- “How are we actually going to deploy mobility security?”
- “How are we going to support the users?”
- “Will our IT help desk be able to meet the around-the-clock requests that today’s users demand?”
Read More »
Tags: dimension data, mobile security, mobility, security
This post is co-authored by Martin Lee, Armin Pelkmann, and Preetham Raghunanda.
Cyber security analysts tend to redundantly perform the same attack queries with different input data. Unfortunately, the search for useful meta-data correlation across proprietary and open source data sets may be laborious and time consuming with relational databases as multiple tables are joined, queried, and the results inevitably take too long to return. Enter the graph database, a fundamentally improved database technology for specific threat analysis functions. Representing information as a graph allows the discovery of associations and connection that are otherwise not immediately apparent.
Within basic security analysis, we represent domains, IP addresses, and DNS information as nodes, and represent the relationships between them as edges connecting the nodes. In the following example, domains A and B are connected through a shared name server and MX record despite being hosted on different servers. Domain C is linked to domain B through a shared host, but has no direct association with domain A.
This ability to quickly identify domain-host associations brings attention to further network assets that may have been compromised, or assets that will be used in future attacks.
Read More »
Tags: analysis, Big Data, correlation, D3, Domain, edge, fast, Graph, Gremlin, IE, Intelligence, internet explorer, IP address, name server, node, relationships, research, threat, Titan, TRAC, vertex, visual, zero-day
It is not uncommon to see an anti-spam system catch >99% of the spam passing through it. Most of the best anti-spam systems catch >99.9% of spam. In this environment, spammers try just about anything to evade spam filters. Some spammers believe that blasting at high volume is the key to success. Others believe complete randomization of the message headers will confuse the anti-spam system. Still others take a minimalist approach, sending only a URL in the body. As anti-spam systems close gaps in their coverage, spammers are forced to find new tricks (or resort to variations on old tricks). It’s an arms race.
One spam technique in particular is attracting more and more spammers. This technique is known in the email industry as “snowshoe” spam. Snowshoes are footwear that allows a person to walk over deep snow by distributing their weight over a larger surface area, thus preventing the wearer’s foot from sinking. But what do snowshoes have to do with unsolicited bulk email? In the email world “snowshoe” spam is unsolicited bulk email that is sent using a large number of IP addresses, and at a low message volume per IP address.
Cisco’s worldwide sensor network records details about a substantial quantity of spam. We analyze this large dataset for trends among senders. Below is a breakdown of spam by sender type. Note that the volume of snowshoe spam has more than doubled since November 2013.
Spam broken down by Sender Type
Read More »
Tags: spam, SpamCop, spamtrap, TRAC
News agencies like ABC News, CNN, and others have run stories on the FBI sting operation against more than 100 hackers who were involved in using and/or distributing the Blackshades RAT (articles in the hyperlinks for reference). For a mere US$40, a novice computer user can become a hacker and gain access to anyone’s computer, including gaining control over their video camera. If this novice hacker in the making needs help operating the RAT, many video instructions can be found on YouTube. This would be a form of free technical support. With over an estimated 500,000 computers infected, that leaves behind a serious footprint of compromised devices. As Marty Roesch, Cisco VP, Security Architect would say, “If you knew you were going to be compromised, would you do security differently?”
With over a half a million computers compromised from a single remote access toolkit, it is reasonable to think that a high percentage of those compromised computers would unknowingly be brought back to work and connected to the corporate network. Although inexpensive, the Blackshades RAT has an extensive set of capabilities such as keystroke logger, web cam control, full file access, etc. More than enough for the cyber attacker to assume the full identity of the owner of the compromised computer to allow them easy access to the business critical servers inside the data center as depicted in the diagram.
Read More »
Tags: #CLUS14, Blackshades, cisco live, cybersecurity, data center, malware, RAT