Author: admini

Two-thirds of banks suffered a DDoS attack in 2012

Posted on by admini

Banks are still predominately relying on previously deployed traditional technology, in particular firewalls (35%), to protect their organisation from today’s sophisticated attacks according to the survey, further raising concerns about the extent of board-level buy-in.

Morgan Chase & Co., Bank of America and Wells Fargo were just a few high-profile victims of cyber attacks in 2012 – a year which raised serious concerns regarding the safety of financial institutions – and Meyer says this is prompting banks into action. “We are seeing a tonne of activity in terms of engagement of the number of banks who are searching for information about DDoS mitigation, so I actually think there is going to be a ramped amount of spending in 2013,” he said.

We have met with a few banks already this year and all of them have a budget for DDoS, and many of them for on-premise DDoS.”

Link: http://www.insurancetimes.co.uk/two-thirds-of-banks-suffered-a-ddos-attack-in-2012/1400637.article

Read more

Lack of abuse detection allows cloud computing instances to be used like botnets, study says

Posted on by admini

In a different experiment, the targeted test server was set up inside a separate cloud instance from the same provider in order to test if the provider would detect malicious traffic sent over its own internal network. A third experiment involved the targeted server running inside a cloud instance at a different cloud provider in order to test how that provider would deal with incoming malicious traffic.

The experiments involved sending malformed network packets and performing aggressive port scanning; sending malware to the victim host via a reverse shell; performing a denial of service attack against a Web server running on the targeted host, performing a brute-force FTP password cracking attack; launching SQL injection, cross-site scripting, path traversal and other attacks against popular Web applications running on the targeted host; and sending known exploit payloads to various services running on the host.

In one experiment, some types of malicious activity, like port scanning, were executed for 48 hours in order to see if a large traffic volume and longer attack duration would trigger a response from the cloud provider.

“The results of the experiment showed that no connections were reset or terminated when transmitting inbound and outbound malicious traffic, no alerts were raised to the owner of the accounts, and no restrictions were placed on the Cloud instances,” Stratsec senior consultant Pedram Hayati said Monday in a blog post [http://stratsec.blogspot.com.au].

“Computing is becoming cheaper and cheaper and for something like $10 one can buy enough computing power to take down a small website for a few hours,” Costin Raiu, director of the Global Research & Analysis Team at antivirus vendor Kaspersky Lab, said Tuesday via email. “The experiment suggests that providers BAE looked at may not be prioritizing monitoring for malicious traffic and the sound implementation of security measures that you’d expect to be implemented on a corporate network,” David Harley, a senior research fellow at antivirus vendor ESET, said Tuesday via email.

http://www.arnnet.com.au/article/440522/lack_abuse_detection_allows_cloud_computing_instances_used_like_botnets_study_says/

Read more

Key challenges in proactive threat management

Posted on by admini

“Given the responses highlighting the need for better data access, and revealing inconsistent measurement and process improvements, this year’s respondents appear to be much more honest, realistic and self-aware. This is a significant change compared to previous years, as professionals are becoming more vocal about their dissatisfaction with traditional security practices’ inability to provide the intelligence necessary to counter evolving threats and address organizations’ changing requirements.”

When studying responses stating that professionals had “inconsistent” and “consistent” measurements and comparing them year over year, Sensage discovered that, while slightly more than 50% of the respondents felt they were inconsistently measuring in 2010 and 2011, 61% shared that challenge in 2012.

While responses in 2010 and 2011 reflected a close split between those who consider their processes coordinated and those that don’t, that was not the case in 2012, where 66% of respondents felt that they were resorting to reactive triage or had no coordination at all.

The bad news: A massive drop — from 18% in 2010 to 5% in 2012 — of those who felt they had a consistent and adequately staffed process improvement program.

More bad news: When comparing respondents who maintain consistent process improvement, there was a significant drop, from 65% in 2011 to 40% in 2012.

The bad news: A massive drop — from 18% in 2010 to 5% in 2012 — of those who felt they had a consistent and adequately staffed process improvement program.

More bad news: When comparing respondents who maintain consistent process improvement, there was a significant drop, from 65% in 2011 to 40% in 2012.

Worse news: 96% of 2012 respondents had no process, inconsistent process or consistent process that was understaffed.

For more information: http://www.net-security.org/secworld.php?id=13499

Read more

Fidelis Security joining General Dynamics

Posted on by admini

The acquisition of Fidelis Security Systems allows General Dynamics to continue to deliver relevant and innovative cybersecurity solutions that help customers maintain the edge to successfully address and respond to dynamic cyber-threats,” said Lou Von Thaer, president of General Dynamics Advanced Information Systems.

Fidelis Security Systems has offices in Maryland and Massachusetts. Its network security solutions help stop advanced threats and prevent data breaches by exposing malicious content in network layers in real-time.

“The combination of Fidelis Security Systems’ products and General Dynamics’ cyber services and incident response capabilities will strengthen our customers’ ability to achieve situational awareness to protect and defend their networks.”

Read more

RSA Conference Trending List

Posted on by admini

No 1 – Android malware, everyone seems to bring it up and everyone else seems to beam with excitement
No 2 – Malware feeds, and the challenge of how existing investments and security awareness needs to be improved
No 3 – Cloud, no longer the threat of the unknown but now something that is accepted and even leveraged to provide better security

Overall the security conference seems to be more mature, and people are more interested in networking, talking and sharing.
This might be one of the better years for the RSA security conferences.

Read more

SOURCEFIRE FIRST TO PROVIDE NEXT-GENERATION IPS WITH INTEGRATED APPLICATION CONTROL

Posted on by admini

With application detection and control in a universal NGIPS platform, Sourcefire customers can easily construct integrated security policies that balance access controls with robust threat prevention to comprehensively address application-layer risks.

In addition to application control, features in the latest NGIPS release include FireSIGHT™ contextual awareness and automation .The ability to easily create tailored reports by providing input modifiers to report templates at run time to drill down on subsets of data.

“The battle for network security is based on the concept of information superiority, in which two of the most critical tenets are visibility and control,” said Martin Roesch, founder and CTO of Sourcefire. “A significant obstacle to establishing information superiority is the rapid pace of change – both within the IT environment and the broader threat landscape… While other vendors have a framework, our real-world solution has multiple components that work in tandem to allow us to first ‘see it’ and then ‘control it’ – and by so doing, gain the information superiority advantage.”

http://www.sourcewire.com/releases/rel_display.php?relid=70430

Read more