Overall the security conference seems to be more mature, and people are more interested in networking, talking and sharing.
This might be one of the better years for the RSA security conferences.

As mentioned, there are reasons as to why organizations fail to keep adequate logs: expense, resources, etc.  However, logs of any kind can be useful in security analysis, and are invaluable to reconstructing the events of an intrusion.

While there are limits to how long logs should be kept for legal reasons, legal counsel can help you determine what is appropriate.  Maintaining logs is an important step in regulatory and standards compliance.

For example, the HIPAA Security Rules require covered entities to regularly review information system activity through records such as audit logs, access reports and security incident tracking reports.

Logs won?t tell you directly that you?ve had a breach, but unusual or abnormal occurrences within the log activity will.  That is, abnormalities in log entries that could reveal an intrusion or unauthorized use of data.

Inadequate or nonexistent logging may contribute to the need to notify in the event of an intrusion.  You would never think of not logging your company expenses, lest you become the subject of an IRS audit.

http://www.net-security.org/secworld.php?id=12469

In addition to application control, features in the latest NGIPS release include FireSIGHT™ contextual awareness and automation .The ability to easily create tailored reports by providing input modifiers to report templates at run time to drill down on subsets of data.

“The battle for network security is based on the concept of information superiority, in which two of the most critical tenets are visibility and control,” said Martin Roesch, founder and CTO of Sourcefire. “A significant obstacle to establishing information superiority is the rapid pace of change – both within the IT environment and the broader threat landscape… While other vendors have a framework, our real-world solution has multiple components that work in tandem to allow us to first ‘see it’ and then ‘control it’ – and by so doing, gain the information superiority advantage.”

http://www.sourcewire.com/releases/rel_display.php?relid=70430

Malnets are distributed network infrastructures within the Internet that are built, managed and maintained by cybercriminals for the purpose of launching a variety of attacks against unsuspecting users over extended periods of time.

The Blue Coat 2012 Web Security Report details the strategies and tactics that malnet operators deploy to snare users and funnel them to dynamic malware payloads, or software which surreptitiously installs on users computers designed for malicious or criminal purposes.

“With the average business now facing 5,000 threats per month, identifying and tracking malnets to block attacks at the source before they are launched is the most effective protection.

According to the report, the most common entry point into these malicious infrastructures rely on the path of least resistance, utilizing entry points that are easy to exploit, such as search engines/portals and email, or are utilized by large, diverse populations of users.

The 2012 Web Security Report examines the malnet ecosystem in depth, examining user behavior, malnet strategies and tactics, as well as highlighting the best defenses against these aggressive infrastructures.

WebPulse is a cloud-based, real-time analysis and ratings service that unites users in a common defense.

Delivered via Blue Coat ProxySG® appliances and the Blue Coat Cloud Service, WebPulse receives one billion Web requests each day from 75 million globally diverse users.

http://www.it-analysis.com/technology/security/news_release.php?rel=29754

The exploit kit market has shifted dramatically toward the Blackhole exploit kit, which has the capability to update frequently and rapidly to take advantage of application vulnerabilities.

Even though there has been a precipitous drop in spam volumes, more spam messages are likely to contain malicious links or attachments.

There has been a significant increase in fraud and malware proliferation using social networks as a conduit.  While targeted attacks are not new, the serious growth in incidents during the second half of 2011 is real cause for concern, not just for companies but for entire countries.

According to the report, targeted attacks became sophisticated and pursued a wider range of organizations, including commercial, national critical infrastructure and military targets.

One of the new attack vectors researchers identified is the use of fraudulent digital certificates.  The report indicates the DigiNotar intrusion resulted in the “fraudulent issuance of hundreds of digital certificates for a number of domains, including Google, Yahoo!, Facebook, and even for some intelligence agencies, such as the CIA, the British MI6 and the Israeli Mossad.”

M86 Security stresses that organizations must plan and deploy a multi-layered security policy to minimize risks of a successful targeted attack. The exploits monitored during the second half of the year targeted a variety of products, including Microsoft Internet Explorer, Oracle Java, Microsoft Office products and, quite commonly, Adobe Reader and Adobe Flash.

What’s really astonishing is that some of the top vulnerabilities that criminals continue to exploit have not only been known for years, but fixes have also been available for years. For example, M86 found that the most exploited Web-based vulnerability is Microsoft Internet Explorer RDS ActiveX, which was both discovered and patched in 2006.  Here we are, six years later, and this vulnerability still affects 17.7% of the pages that contain Web exploits as observed by M86 Secure Web Gateway.

The M86 report states the obvious: “Many users and organizations do not patch all their installed software in a timely manner, and attackers leverage this weakness to their advantage.”

The report also indicates that exploits shifted focus from malicious attachments to malicious links that led to exploit kits, in particular, the Blackhole exploit kit.

There’s good news and bad news in the spam observations.  By the end of 2011, 5% to 10% of all spam contained links or attachments which redirected users to malicious or compromised sites that delivered a malware payload.

A troubling trend is cybercriminals exploiting the popularity of social media and the apparent blind trust of the users by duping them with fake (and infected) notification messages to “Friend Me” on Facebook or inviting them to join a LinkedIn network.  For instance, a campaign last August led people to a fake Facebook login page and ultimately to the Blackhole exploit kit and a Zbot Trojan.

Source: http://www.networkworld.com/newsletters/techexec/2012/021012bestpractices.html

http://gov.ulitzer.com/node/2158615

To put that into context, the U.S.‘s largest utility, Southern Company (NYSE:SO), only made around $277 million in profit last year.  Nationwide, the U.S. would need to spend a total of $46.6 billion to prevent 95% of all attacks.  Given how vital our infrastructure is to national security and under-funded nature of the sector, cybersecurity will undoubtedly get a larger share of the shrinking defense budget.

With cyber threats continuing to mount and the reliance on computer networks growing, adding an IT security component to a portfolio makes sense.  Both the PowerShares Aerospace & Defense (ARCA:PPA) and iShares Dow Jones US Aerospace (ARCA:ITA) follow some of the largest defense contractors and could be used as proxy for the defense sector.

Communications defense contractor Harris (NYSE:HRS) has been increasing its security offerings in the space and could be great way to play the need for secured data systems.

http://stocks.investopedia.com/stock-analysis/2012/Cybersecurity-Is-The-Way-To-Play-Defense-Spending-SO-ITA-PPA-PCP0209.aspx?partner=YahooSA#axzz1lzqFqWJl

To put that into context, the U.S.‘s largest utility, Southern Company (NYSE:SO), only made around $277 million in profit last year.  Nationwide, the U.S. would need to spend a total of $46.6 billion to prevent 95% of all attacks.  Given how vital our infrastructure is to national security and under-funded nature of the sector, cybersecurity will undoubtedly get a larger share of the shrinking defense budget.

With cyber threats continuing to mount and the reliance on computer networks growing, adding an IT security component to a portfolio makes sense.  Both the PowerShares Aerospace & Defense (ARCA:PPA) and iShares Dow Jones US Aerospace (ARCA:ITA) follow some of the largest defense contractors and could be used as proxy for the defense sector.

Communications defense contractor Harris (NYSE:HRS) has been increasing its security offerings in the space and could be great way to play the need for secured data systems.

http://stocks.investopedia.com/stock-analysis/2012/Cybersecurity-Is-The-Way-To-Play-Defense-Spending-SO-ITA-PPA-PCP0209.aspx?partner=YahooSA#axzz1lzqFqWJl

However, there has been a significant increase in large flood-based attacks in excess of 10 Gbps, constituting “an extremely serious threat to network infrastructure and ancillary support services such as DNS, not to mention end-customer properties.”

Two things that might surprise network customers are the providers’ concern over the effectiveness of stateful firewalls, IPS and load-balancing devices in the face of DDoS attacks, and what Arbor describes as the “perennial disengagement of most network operators from law enforcement.”

On law enforcement, network operators lack confidence in LEA’s ability and willingness to investigate online attacks, and “evince strong dissatisfaction with current governmental efforts to protect critical infrastructure.”

The hackers “zeroed in on offices on Toronto’s Bay Street, home of the Canadian law firms handling the deal.” According to the article:

http://www.hahnloeser.com/tradesecretlitigator/post/2012/02/03/Is-Your-Lawyer-the-Weakest-Link-Hackers-Are-Targeting-Law-Firms-to-Get-Secret-Deal-Data.aspx