BAE Systems Detica unveils CyberReveal security alert service for private firms

Posted on by admini

The new CyberReveal analytics and investigation product is designed to give internal IT security analysts a single view of existing cyber threats so they can protect intellectual property and sensitive commercial or customer banking data information from being stolen or compromised and to cut investigation times by up to 75%, claims BAE Systems Detica.

It gives internal anti-fraud bank analysts and other end users a single view of network activity across their whole IT estate, detecting attacks by their behaviour – not just by the signatures of previous attacks – so that distributed denial of service (DDOS) attacks can be prevented or customer data protected from identity threat attempts.

It is designed to help analysts protect their FS organisation faster, driving more value by integrating with existing infrastructure and security systems, with plug-in analytics packs also providing cost-effective protection to combat evolving threats and new threat vectors.

Commenting on the new launch, Martin Sutherland, managing director of BAE Systems Detica, said: “Commercial organisations are growing ever more concerned about securing their most valuable [data] assets – the larger the organisation, the greater the number of avenues for cyber attackers to exploit. CyberReveal addresses four key areas where traditional approaches are proving ineffective against the modern cyber threat – it helps analysts to prioritise the incidents they investigate, manage huge data volumes, evolve their defences, and enable quicker, more informed decision-making.”

Link: http://www.bobsguide.com/guide/news/2013/Apr/22/bae-systems-detica-unveils-cyberreveal-security-alert-service-for-private-firms.html

Read more

The CISO’s Guide to Advanced Attackers: Mining for Indicators

Posted on by admini

Forensics folks have been doing this for years during investigations, but proactive continuous full packet capture – for the inevitable incident responses which haven’t even started yet – is still an early market. That’s a start, but you will likely require some kind of Big Data thing, which should be clear after we discuss what we need this detection platform to do.

We spent a time early in this process on sizing up the adversary for some insight into what is likely to be attacked, and perhaps even how. But once you do the work to model the likely attacks on your key information, and then enumerate those attack patterns in your tool, you can get tremendous value.

We have already listed a number of different threat intelligence feeds, which can be used to search for specific malware files, command and control traffic, DNS request patterns, and a variety of other indicators.

So you can search your security data infrastructure for almost anything you are collecting – or even better, for a series of events and/or files within your environment – quickly and accurately to narrow down your searches to the most likely attacks.

We have every confidence that big data holds promise for security intelligence, both because we have witnessed attacker behavior captured in event data just waiting to be pulled out, and because we have also seen miraculous ideas sprout from people just playing around with database queries.

You are clearly constrained in terms of internal capabilities (you will be looking for a lot of data scientists over the next few years), as well as the lack of maturity of technologies such as Hadoop, MapReduce, Pig, Hive, and a variety of others in the security context.

But companies seriously looking to detect advanced attackers within their environments will be capturing packets to supplement the other data they already collect, and subsequently starting to use Big Data technologies to mine it all.

Link: https://securosis.com/blog/the-cisos-guide-to-advanced-attackers-mining-for-indicators

Read more

10 tips to secure funding for a security program

Posted on by admini

In all cases, good communication was the critical ingredient for success and resulted in the necessary funding, over a period of years, to establish and maintain a workable security program. To start the budget discussion, you must stress cost avoidance rather than profits and you will need hard, empirical evidence to depict the business risks and associated costs. Therefore, the best way to approach senior management to fund your cybersecurity program is to cast the expenditures using an ROI approach.

1. Set the foundation for security funding before you need it; and once established, keep it strong.
 2. Don’t use scare tactics.

3. Establish your cybersecurity credentials within your organization.

4. Relate your security risks to the business.

5. Outline the need in plain English.

6. Develop a plan that meets the security needs but also considers financial constraints.

7. Once you get the funding, follow the plan you outlined.

8. Provide constant feedback on the security program.

9. Use outside resources to support your request.

10.Always emphasize that cyber security is not an “information technology” issue — it is an organizational risk management issue.

Link: http://www.csoonline.com/article/732053/10-tips-to-secure-funding-for-a-security-program?source=CSONLE_nlt_update_2013-04-21

Read more

Hacking collective Anonymous calls for Internet blackout on April 22 to protest CISPA

Posted on by admini

This will not be the first Internet blackout in protest of a government bill. On January 18, 2012, more than 7,000 websites, including Wikipedia, Reddit and Google, protested SOPA (Stop Online Piracy Act) and PIPA (Protect IP Act), which were accused of similar breaches on online privacy.

President Barack Obama has threatened to veto CISPA for failing to adequately address privacy concerns.

Link: http://www.sify.com/news/hacking-collective-anonymous-calls-for-internet-blackout-on-april-22-to-protest-cispa-news-international-nevombfigca.html

Read more

Cybercrime dominates federal caseload, Hickton says

Posted on by admini

And Hickton said cybercrime investigators last year solved a string of bomb threats at the University of Pittsburgh and its related hospitals, a case that many thought would go unsolved, but culminated with the arrest of a suspect in Ireland.

The drug trade in western Pennsylvania has been traced to illegal narcotics kingpins in Newark, N.J., Cleveland and Detroit, Hickton said, but his office is seeing a major, deadly new trend emerge: the abuse of prescription pills facilitated by doctors and pharmacists in the region. “A lot of people sit back and say, ‘This is not in my community,’ but Washington County had more than 50 basically synthetic heroin deaths through pill abuse last year.

Attorney’s office has prosecuted some well-publicized cases in Indiana County in recent years, including the guilty pleas and sentencing of three men who admitted burning a cross on the lawn of a multirace family’s home in Robinson, West Wheatfield Township, and the current investigation of the embezzlement of millions of dollars from Falcon Drilling Company in Indiana.

“It will be a large organization of community leaders that’s working on crime prevention councils … beginning with a partnership with the United Way called Be One in a Million, a mentoring program that spins off an existing program called Be a Sixth Grade mentor,” Hickton said.

The components with jobs and with cyber are a part of that, it’s understanding that there may be a connection to make western Pennsylvania the go-to place for cyber like it is a go-to place for Marcellus shale right now,” Hickton explained.

“I have my responsibilities to bring the cases and enforce the law, but in my view, to do this job correctly, you have a broader mission and that is to ensure freedom and justice, by enforcing the law and protecting the public welfare,” he said. And what good do I do, really, if all I do is just hammer criminals and bring drug prosecutions if I don’t recognize that maybe we need to go and find out who are the church leaders and how can they help, who are the dedicated community activists?

Link: http://www.indianagazette.com/news/indiana-news/cybercrime-dominates-federal-caseload-hickton-says,17070503/

Read more

FISMA Reform Passes House on 416-0 Vote

Posted on by admini

The bill addresses a perceived shortcoming of FISMA, which promoted a checkbox mindset in the federal government, where grading agencies on the security items they can check off a list to impress auditors seemed more important than monitoring systems continuously to determine if they’re secure.

Absent from the Federal Information Security Amendments Act are provisions that would grant the Department of Homeland Security increased authority to oversee federal civilian agencies in the implementation of information security. The Obama administration, backed mostly by Senate Democrats, has ceded some of the Office of Management and Budget oversight of government IT security to DHS, and the Cybersecurity Act of 2012 would have codified that. Distrust exists among some lawmakers about giving that kind of authority to DHS, and contention last year over Homeland Security’s role in governing IT among civilian agencies is one (but not the only) reason the Cybersecurity Act never came up for a vote.

Under the Cybersecurity Enhancement Act, approved 402-16, the National Science Foundation, National Institute of Standards and Technology and other key federal agencies would develop and implement a strategic plan for federal cybersecurity research and development. NIST would be required to have a specific focus on the security of the industrial control systems that run critical infrastructure, such as the power grid, and identity management systems that protect private information.

Link: http://www.govinfosecurity.com/fisma-reform-passes-house-on-416-0-vote-a-5694?rf=2013-04-19-eb&elq=5a344ab33c544dcaa0986c8c9693692a&elqCampaignId=6502

Read more