September 2009 – CyberSecurity Institute

U.S. Secret Service Joins TSCP

Posted on September 22, 2009December 30, 2021 by admini

High-profile attacks, such as GhostNet and the U.S. electrical grid infiltration, create the imperative for government agencies and private industry to work together on viable and robust solutions that protect electronic information regardless of where it resides.

The U.S. Secret Service joins the U.S. Department of Defense (DoD), U.S. General Services Administration (GSA), U.K. Ministry of Defence, Netherlands Ministry of Defence, and France’s Network and Information Security Agency (ANSSI), to provide critical insight into the real-world applications of solutions and processes that can protect mission-critical information and intellectual property from theft by politically motivated cyber criminals.

TSCP is the only government-industry partnership dedicated to helping member organizations equip themselves with the necessary means to combat computer-related crimes.

As a member of TSCP, the U.S. Secret Service adds to its already formidable portfolio of cyber defense initiatives, including an Electronic Crimes Task Force and Electronic Crimes Special Agent Program.

“Membership, on both the Governance Board and the Executive Committee of TSCP, is an honor, and the Secret Service is looking forward to becoming a trusted partner with all TSCP members.”

Membership with TSCP offers an extension of resources, expertise, and capabilities, creating a global network of government agencies, aerospace and defense (A&D) companies, and software vendors who unite under the TSCP mantle to collaboratively address the most critical issues in cyber security today.

“Our mission is to foster secure collaboration through federation so that information can be protected while being shared in a global environment.

“The U.S. Secret Service is a welcome addition to this effort, bringing additional expertise and insight into best-practices for defending against the growth of sophisticated cyber attacks.”

http://news.prnewswire.com/ViewContent.aspx?ACCT=109&STORY=/www/story/09-22-2009/0005098525&EDATE=

Five Ways To Meet Compliance In A Virtualized Environment

Posted on September 3, 2009December 30, 2021 by admini

“It’s a good idea to talk about the intersection between compliance and security…. A lot of compliance regulations are written assuming the systems are physical — and that only certain administrators have rights to physical systems,” says Jon Oltsik, senior analyst at Enterprise Strategy Group.

“What if financial information sits on a virtual system and on a system with other [applications running on it]? If a financial application runs as a VM on a physical system, where do the access controls need to be? How are the regulations going to change to accommodate that?”

And compliance doesn’t always equal security — just take a look at some of the biggest data breaches of late. Virtualization adds another dimension to that problem. “You can have compliance without security and security without compliance,” Oltsik says.

Configure the virtualization platform, both the hypervisor and administrative layer, with secure settings, eliminate unused components, and keep up-to-date on patches. Virtualization vendors have their own hardening guidelines, as does the Center for Internet Security and the Defense Information Systems Agency, according to RSA and VMware.

“Virtualization infrastructure also includes virtual networks with virtual switches connecting the virtual machines. All of these components, which, in previous systems, used to be physical devices are now implemented via software,” states the RSA and VMware best practices guidelines. Extend your current change and configuration management processes and tools to the virtual environment, as well.

Server administrators should have control over virtual servers and network administrators, over virtual networks, and these admins need to be trained in virtualization software in order to avoid misconfiguration of systems. “Careful separation of duties and management of privileges is an important part of mitigating the risk of administrators gaining unauthorized access either maliciously or inadvertently.”

Deploy virtual switches and virtual firewalls to segment virtual networks, and use your physical network controls in the virtual networks as well as change management systems.

Monitor virtual infrastructure logs and correlate those logs across the physical infrastructure, as well, to get a full picture of vulnerabilities and risks.

http://www.darkreading.com/security/management/showArticle.jhtml;jsessionid=HQVORXCLBU4A3QE1GHRSKHWATMY32JVN?articleID=219501096

LogLogic Simplifies Security Change Management

Posted on September 2, 2009December 30, 2021 by admini

LogLogic’s unique multi-vendor solution leads the industry’s move towards consolidating security event and change management giving customers better security through improved IT infrastructure visibility and control across collaborating teams.

LogLogic’s Security Change Manager is designed to benefit medium to large enterprises, MSSP, ISP and service providers who need to automate security policy management and change management across large or complex networks of routers, firewalls, switches, VPNs and IPSs in homogenous or heterogeneous vendor environments, including Checkpoint, Cisco, Fortinet and Juniper. A single console can automate the design and implementation of rules for large networks or small networks with complex policies and frequent changes.

“While it is good to identify security incidents using correlation of LogLogic Security Event Manager, it is even better to respond to security incidents and prevent future attacks by rolling out firewall policy changes through pre-defined response plans with LogLogic Security Change Manager,” said Dominique Levin, EVP of Marketing and Strategy, LogLogic.

Research shows that organizations experience more security breaches because of manual errors in routine daily networking management tasks than from any external threat. LogLogic Security Change Manager automates the often time-consuming and error-prone manual process of designing and generating network security rule changes.

According to Forrester Research’s July 2009 report titled “TechRadar For Security & Risk Professionals: Network Threat Mitigation, Q3 2009”: “PCI DSS Requirement 1.1.6 mandates that firewall and router configurations be reviewed at least every six months.

The latest release of LogLogic Security Change Manager simplifies and improves email notification integration with any third party CRM or ticketing solution, enabling visibility to multi-tiered approval, change request approval and deployment status.

According to Forrester Research’s July 2009 report titled “Market Overview: Firewall Auditing Tools”: “With its acquisition of Exaprotect, LogLogic is the first vendor to directly tie firewall auditing capability into its SIM technology.

LogLogic’s open log management platform enables customers to collect, search and store massive amounts of IT log data from a myriad list of devices and applications for a comprehensive fingerprint of past and current activity, through one convenient, easy-to-use web-based user console.

http://www.darkreading.com/security/management/showArticle.jhtml;jsessionid=HQVORXCLBU4A3QE1GHRSKHWATMY32JVN?articleID=219501102