Category: News

SIM equipment can centralize event and log management information from security devices and computers, but the drawbacks to its use include up-front costs, complex installations and hiring the expertise to manage it.

SIM as a managed service only started to gain momentum within the past two years, largely due to compliance mandates such as the Payment Card Industry (PCI) data security requirements, says Gartner analyst Kelly Kavanagh. Managed SIM options range from as simple as centralizing log collection and reporting, to as complex as event correlation and round-the-clock security-event monitoring.

Occasionally SIM as a managed service will entail “complex correlation, perhaps related to network alerts from firewalls and switches, information that may seem to be related,” he notes, and a service might provide an analyst to monitor events round the clock. The company directly manages IT for more than 100 of its corporate restaurants, plus keeps track of PCI-related compliance matters for about 160 franchises which operate more independently. Not only did the up-front costs of doing it in-house seem high — SIM equipment can easily reach into the half-million dollar range — but also Fuddruckers realized it would have to hire SIM experts to make it all work.

Largely based on information gleaned from conversations with peers, just over a year ago Pumphrey decided to try SIM as a managed service, selecting Trustwave to monitor about 500 log files at least once daily on behalf of Fuddruckers, triggering an alarm if suspicious events arise.

“We see ourselves as a managed alternative to what customers might want to do themselves with ArcSight or Q1 Labs,” says Dan Schleifer, senior product manager for managed security services at Trustwave, referring to two well-known SIM product vendors.

That’s the approach that service provider FishNet is taking, according to CEO Gary Fish.

Tom Turner, vice president of marketing and sales at Q1 Labs, says it’s comfortable partnering with a managed service provider such as FishNet, viewing the relationship “as potentially offering us a broader market.”

SecureWorks is regarded by Gartner as a “pure play” SIM managed service provider, as opposed to a global service provider that offers SIM among a wider menu of services. The security firm is a veteran in the business, having started about a decade ago.

http://www.csoonline.com/article/print/521466

One development that occurred this year is the release of VMware’s security APIs. After talking up the idea since February 2008, VMware in April 2009 finally released its VMsafe APIs intended to help security vendors build products to work with its platform.

“We’re not using the VMware APIs today due to performance,” says Richard Park, senior product manager at Sourcefire, which in early December shipped its first virtualized sensor and management console for VMware ESX and vSphere4. Sourcefire’s traditional physical appliances are network sensors that can do both intrusion-detection monitoring and intrusion-prevention blocking. But at this point, the Virtual 3D Sensor and Virtual Defense Center will only provide monitoring visibility into VMware’s ESX hosts, not blocking of attacks.

At the Gartner ITExpo in October, Gartner Vice President Neil MacDonald publicly excoriated some security vendors for not moving more rapidly to come up with software-based virtual appliances, insinuating they would rather stick to their old ways of selling expensive hardware boxes. Enterprise customers are rapidly virtualizing their IT environments and often unwittingly creating less-secure results even as they reap the many benefits of virtualization, MacDonald says. Roping off virtualized servers with virtual LANs alone — a common practice — “is not sufficient for security separation,” MacDonald says. MacDonald says virtualization is causing some “business-model disruption” in security and praised the efforts of some vendors, including Trend Micro, to leap in with new offerings to take on the virtualization challenge.

Trend Micro’s Core Protection for Virtual Machines, antimalware software that was designed for use with VMware, was released in the third quarter. According to Bill McGee, senior director of product marketing at Trend Micro, both products make some use of tools in VMsafe. VMware has been among the most aggressive of the virtualization software vendors to open up their technology to optimize security functions, he says, while so far the actions of Citrix and Microsoft seem “more limited” in this area.

For its part, VMware says it’s glad to see a number of vendors, including Altor Networks, Reflex, ISS IBM and Trend Micro, adopting the VMsafe technology.

According to Forrester Research, adding hypervisor technology (Citrix Xen, VMware vSphere and Microsoft Hyper-V) “does add some marginal risk to IT environments, because it layers additional software on top of existing operating systems.

According to Jacquith, one disappointment remains VMware’s Live Migration feature for configuring VMs so that they automatically migrate from one farm host to another, for purposes of fault tolerance and business continuity.

http://www.computerworld.com.au/article/330761/virtualization_security_remains_work_progress/?fp=16&fpid=1

1. Social engineering attacks will continue to predominate, while attacks based on operating system vulnerabilities will continue to decline as more people move to more secure operating systems.
2. Hot topical issues will be used as hooks on which to hang social engineering attacks.
3. Increased probing of mobile devices.
4. Increasing emphasis on the isolation of the owners of infected systems.
5. Data breaches will continue to grow in importance
6. More use of rogue software to extort money
7. Malware as a Service will, more and more, reflect the models of cooperation between specialists seen in the legitimate business world.
8. There is likely to be more use of high-level languages (especially scripting languages) so as to re-purpose malicious code across multiple platforms.
9. Social networks will be targeted
10. There will be further research into and attacks on virtualised environments,
11. Phishing and related attacks on online gamers will continue to be big business, though attacks on gaming consoles are likely to be meet with limited success.
12. Attacks that manipulate wireless connections will continue.
13. Criminals and legitimate businesses will mine data from a widening range of resources, exploiting interoperability between social networking providers.
14. Crimeware will be the most common and successful.
15. The subversion of legitimate web sites and social networks as an attack vector will continue to be a highly successful criminal activity.
16. Targeted attacks can be expected

http://irishdev.com/Home/News/816-Cybercrime-.html

The CSA’s guidance, which dozens of contributors helped develop, outlines key issues and provides advice across 13 domains, including incident response, encryption and key management, identity and access management, and legal and electronic discovery.

It’s designed to help organizations understand what questions to ask cloud providers, current recommended practices, and pitfalls to avoid.

In its first year, the CSA expanded its membership and now counts 23 corporate members, including heavyweights Microsoft, Cisco Systems Inc. and Hewlett-Packard Co. SearchSecurity radio:

http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1377211,00.html

The Homeland Security Department has also stopped posting documents with security information, either in full or in part, on the Internet until the TSA review is complete, Mr. Heyman told the Senate Homeland Security and Governmental Affairs committee.

Among many sensitive sections, the document outlines who is exempt from certain additional screening measures, including U.S. armed forces members, governors and lieutenant governors, the Washington, D.C., mayor and their immediate families.

It also offers examples of identification documents that screeners accept, including congressional, federal air marshal and CIA ID cards; and it explains that diplomatic pouches and certain foreign dignitaries with law enforcement escorts are not subjected to any screening at all.

http://www.post-gazette.com/pg/09344/1019885-84.stm

BSI explained the plan at the Information Technology Summit, an annual meeting between industry chiefs and Chancellor Angela Merkel.

The survey offered a ranking of 15 nations’ competitiveness in the overall information and communications technology field, awarding the United States the top score.

Even more damning were the judgements of Chinese and US experts asked to say where they had noticed excellence in Germany.

http://in.news.yahoo.com/43/20091208/838/tbs-germany-plans-internet-virus-phoneca.html