Category: Trends

Auditing woes mostly stem from improperly securing user machines and servers, according to the council’s findings. “The problems being flagged in audits are in user and access controls on PCs and laptops, audit reporting and problems in configuration change management,” Hurley says.

Those with poor audits are spending 43 percent of their IT budget on security equipment and software for IT compliance and those with successful audits, 52 percent. “They are taking money out of labor and putting it into automating the processes” such as measurement and monitoring IT compliance across the board, Hurley says.

“The organizations [surveyed] doing continuous monitoring had the least number of audit deficiencies.”

Meanwhile, security firms that perform vulnerability assessments and penetration testing say regulatory compliance is driving much of their business today. Steve Stasiukonis, vice president and founder of Secure Network Technologies, says regulatory compliance pressures from SOX and HIPAA, for instance, are one of the main reasons his clients hire him.

http://www.darkreading.com/document.asp?doc_id=103041&WT.svl=news2_5

“It gave you a device to protect your vulnerable systems behind the network from SQL Slammer, Blaster, etc.,” says Richard Stiennon, president of IT-Harvest. But major worm infestations aren’t the problem any more: “The trouble is what we’ve really been doing for the last four years is vulnerability and patch management. “The driver for IPS hasn’t really been there.”

In some cases, the technology is being integrated into hardware and services; in other cases, it is evolving to offer new capabilities.

Arbor Networks’ Morville says service providers and managed security service providers meanwhile are already delivering firewall and IPS-based services, and that trend of blended security services will “accelerate” over the next few years.

Switches, too, are already coming with some IPS technology: Cisco, for instance, sells blades for its Catalyst switches with IPS functionality.

What about the signature-based limitations of IPSes? IPS will also converge with anomaly detection and other features that expand its inspection capabilities beyond known threats, experts say. Rate-based anomaly detection, such as spotting a traffic flood, makes sense at the perimeter, Morville says. And behavioral anomaly detection — where you’re looking for individual people or hosts acting outside the norm — is best for the internal network, he says.

Some experts envision IPSes deploying virtual machine technology — as FireEye’s does with its network access control (NAC) appliance –where virtual machines run copies of incoming traffic to see if it’s legit, rather than just using signatures. The trick with a beefed-up IPS is getting good performance, though: Hardware would have to catch up to make it viable, especially if virtual machine-based features are added, says John Pescatore, a vice president with Gartner.

http://www.darkreading.com/document.asp?doc_id=102608&WT.svl=news1_3

“It’s a great alarm system — there are no false positives with honeypots.

Honeypots have long been used in research networks, federal government agencies (especially the Department of Defense), and law enforcement for tracking potential attacks, attackers, or perpetrators. One such application would be for detecting an internal user’s suspicious activity on the network, or if an outsider was poking around the network from the inside, says Logan. “Most times attackers will use an [enterprise’s] server or end-user PC to further explore the enterprise, so you could have an employee unwittingly being used.”

But once you put up that sexy honeypot and attackers start buzzing around, you’ve exposed yourself, critics say. Thomas Ptacek, a researcher with Matasano Security, says honeypots not only invite trouble, but they also generate operational overhead that most organizations don’t have the manpower to handle. Arbor Networks has a “dark IP” monitoring feature that uses unused IP addresses within an organization for the honeypot machines, so it’s obvious when an attacker is knocking. It used to run honeypots on its DMZs, says Mark Butler, manager of security and compliance services for H&R Block. The devices detect an attacker’s reconnaissance behavior and respond with “fake” information using ForeScout’s proprietary honeynet technology. “It gives me trends, such as what type of behavior is going on,” and if connections are coming from Russia, for example, and at what frequency, says Butler, who acknowledges it doesn’t catch everything.

“Once you turn on a honeypot in your network, you’ve created something to keep you up at night,” says Jeff Nathan, software and security engineer for Arbor Networks.

http://www.darkreading.com/document.asp?doc_id=102139&WT.svl=news1_2

Firstly, RuSpy.A is a Trojan that obtains user names and passwords for a range of programs including ICQ, Internet Explorer, Mozilla, Outlook and The Bat! This information is then sent to the creator in an email message. To avoid detection, it tries to terminate several processes belonging to security tools (antivirus programs and files).

Another widespread fraud technique is to hijack computers. This is what the Tervserv.A backdoor Trojan does.

Finally, this week’s report looks at Banker.DZO. This is a Trojan that monitors Internet traffic generated when a user accesses the web pages of Banco de Brasil, Bradesco, CEF, GERENCIADOR, Itau and Brad.Juridico.

http://www.it-observer.com/news/6645/weekly_report_viruses_intruders/

This year’s report was sponsored by Aruba Wireless Networks. Wi-Fi, it turns out, is high on the “clout” list in enterprises. It tied with VPNs as the network technology (both wired and wireless) of top importance to enterprises over the next 18 months, both garnering a 5.6 aggregate score of importance out of a possible 7.

Wi-Fi has been now deployed in user offices and cubicles in 62% of the respondents’ companies.

And, not surprisingly, but valuable to verify, the primary architecture wars have pretty well been resolved: Nearly half the respondents said they are using or are likely to use thin access points (AP) with a controller for centralized management and security, compared to just 33% saying so last year.

Correspondingly, plans to use intelligent stand-alone APs with no centralized controller dropped by six percentage points over last year, and plans to use stand-alone APs with some centralized management decreased by about 7%.

http://www.networkworld.com/newsletters/wireless/2006/0731wireless1.html

As businesses and home users have become increasingly savvy about traditional threats delivered via e-mail attachments, criminals are finding new ways to lure end users to consume their attacks, according to the report.

Researchers specifically cited a growth in the number of threats that use spam e-mail messages or IMs to distribute links to Web sites where malware or spyware is secretly downloaded to end users’ computers.

Criminals are also using data garnered from PCs already infected with their botnet virus code to refine their other spam and spyware efforts, said Paul Wood, senior analyst with New York-based MessageLabs. The attack uses a phishing e-mail in an attempt to persuade PayPal customers to call a phony customer service call center where they are asked to disclose personal information including their credit card details by an automated voice system. Using other common forms of converged attacks, criminals are creating Web sites that distribute small “dropper” malware files that secretly infiltrate PCs and later deliver larger Trojan viruses.

Botnet operators are also becoming more sophisticated, using spyware loaded onto the machines they control to garner personal information that can be used to help target other attacks, MessageLabs said.

http://www.eweek.com/article2/0,1759,1985999,00.asp?kc=EWRSS03119TX1K0000594