• “Episode 5: Send Me a PDF” – Penetration testing has expanded beyond just OS/network level attacks, and is now focused heavily on applications and third-party components (Browsers, Java RunTime, PDF, etc). In this episode we explore these new attack vectors with a specific focus on PDFs.
• “Episode 6: State of the Hack 0001” – Expanding on last week’s podcast, in this episode we kick off our monthly “state of the hack” series: a SecureMaryland podcast dedicated to all things related to PenTesting.  This first episodes discusses the necessity of  “standards” both from a corporate as well as a pen tester perspective.  Also in this episode a new project is announced: PTF, a PenTesting Framework.  PTF is a detailed mind map of all aspects related to pentesting.

In an interview with the BFBS (British Forces Broadcasting Service) Claire comments that, “actual warfare is quite a high level threat, and I think it will be quite interesting to see whether it is actually possible in cyberspace given it’s limited capacity to actually cause physical harm.”  Limited capacity to actually cause physical harm?!?  I don’t know about you, but attacking centrifuges at nuclear power plants is very real and has the potential to do serious physical harm!

It’s great that events like this are taking place – the London event was attended by representatives from more than 60 countries.  The threat posed by modern advanced persistent and insider attacks is an increasingly real one; the challenge of protecting critical corporate and federal infrastructures from attacks is growing ever more complex; and the potential for a cyber-based attack to do significant and prolonged collateral damage – including plenty of damage in the physical world – is significant.

If that doesn’t count as cyber warfare, we’d love to know what does!

In our first podcast, we discuss the role of security technologies — including SIEM – and how these technologies just can’t keep up with today’s modern threats.  In the second podcast, “Cloudy with a Chance of Pain”, we focus on some of the critical security issues around everyone’s favorite 21st-century paradigm-shifting technology: cloud computing.

Stay tuned in the coming weeks for more eIQ guest speaker dates on the SecureMaryland podcast!  To access the entire catalog of SecureMaryland, you can visit: http://thecastcast.com/category/shows/securemd/

During this morning’s event, we started out by identifying some points from the Verizon 2011 Data Breach report regarding the effectiveness – or rather, the lack thereof – of information security technologies including SIEM to discover realized threats, and give security professionals the information they need to mitigate them:

• Successful data breach activity is up substantially, having more than doubled in the past year
• 86% of breaches were discovered by a third party
• 92% of attacks were classified by Verizon as “not highly difficult”
• The failure to implement simple controls were at the heart of 96% of breaches

Clearly, if SIEM is supposed to detect these data breaches and help make organizations more secure, it’s failing miserably at it.

Fortunately, every one of these security executives agreed that there are problems with SIEM.  But the participants needed more convincing that situational awareness was the right approach: most felt these problems were solely due to implementation difficulty, lack of user knowledge, professional services costs, and other operational issues.  So, let’s look at some of the problems that make SIEM a systemic failure, not just an operational one:

• SIEM is laser-focused only on event-based data, and looks at everything as if it’s an event.  As one participant asked on today’s call, “What else is needed?”  The answer is, “a lot”.  Information security is fundamentally a discipline of discovering and analyzing the abnormal.  If everything worked as it’s supposed to, there would be little need for security practitioners.  However, that’s not the case: we have a constantly increasing base of threats and risks, coupled with a growing set of regulatory and compliance requirements.  This means you need visibility into all security-related data: certainly you need events, but you also need visibility into asset and configuration state, network traffic, performance metrics, and many other pieces of data that are not events – and should not be treated like events.
• A bunch of point tools do not make situational awareness.  Gartner made this clear in their recent “Delivering Situational Awareness” research note.  Collecting data from SIEM and other tools is a great first step, but the ability to correlate all that data – both events and non-event information – is absolutely critical.  SIEM simply doesn’t do this.  Without that capability, you really only have a lot of tools that give you visibility into a piece of the puzzle, but not the whole thing.

There are many other reasons why SIEM is dead; I encourage you to read up on the differences between SIEM and a platform that can deliver true situational awareness on the eIQnetworks website.

In the end, the majority of participants on this morning’s call agreed that SIEM simply doesn’t work as advertised due to not only architecture and implementation problems, but due to a fundamental lack of capability.  The consensus was that something more is needed, that takes into consideration all aspects of security, and does so in an efficient, user-friendly manner.  Fortunately, we know just such a solution.

So, is SIEM really dead?  We think so.  Want more evidence?  Give us a call (+1.978.266.9933) or drop us an e-mail, and give us 60 minutes of your time to demonstrate the world’s first unified situational awareness platform.  You’ll be glad you did.

eIQnetworks wants to know what you think.  What security threats keep you up at night?  Are the tools and technologies you have today meeting your needs to address both security and compliance?  What new capabilities do you need to better address today’s advanced threats and compliance mandates?

We’ve assembled a brief survey to get your opinion; all responses are kept confidential, and you don’t have to reveal your name or organization.  If you complete the survey, you’ll be entered into a drawing to receive one of ten $25 Amazon.com gift certificates!  The survey is open through Tuesday, September 6, and we’ll post the results online in the coming weeks so you can see how your opinion stacks up against your peers in the industry.

To start the survey, click here.

• Wednesday, 9/7, 1pm – 2pm ET: Using SecureVue to Meet Verizon’s 12-Step Challenge to Minimize Data Breaches. (click to register!)  Verizon’s annual Data Breach Survey has become the gold standard of visibility into realized security threats.  In this webinar, we’ll review the requirements defined by this year’s Data Breach Survey to drastically reduce the risk of becoming the next security statistic, and provide a live demonstration of how the SecureVue unified situational awareness platform can provide real-time visibility into systems to ensure that threats don’t turn into a loss of critical data.

• Tuesday, 9/20, 1pm – 2pm ET: Fast, Easy and Complete Configuration Assessment Using SecureVue. (click to register!) According to Gartner’s John Pescatore, 65% of successful information security attacks exploit misconfigured systems.  In this webinar, we’ll demonstrate how the SecureVue unified situational awareness platform fcan be used to quickly, effectively and completely measure and report on the security of systems in real-time, including hardware, OS and patch data, services and daemons, enabled ports and protocols, access control lists (ACLs), and more — all without the need to deploy agents!

Still not convinced?  Did I mention that we’re giving away an Apple iPad 2 at each webinar?

But wait… there’s more!  Throughout October and November, we’ll be hosting live events in several major cities, with a major security industry speaker (and eIQnetworks customer!).  Stay tuned in the next few days for announcements to events in Houston, Los Angeles, San Francisco, and Atlanta!

From start to finish, the certification process has taken about a year and has involved Interoperability and Information Assurance (IA) tests by a multitude of DoD departments. Perhaps what makes obtaining certification most satisfying is that we always thought we’d developed a great piece of technology for helping commercial and Federal IT networks secure and enable them to demonstrate compliance quickly and easily. Now we know we did.

The list of all DoD approved products is available here – SecureVue can be found in the Element Management System category.

John: The panel you were on was titled, “Convergence of Security and Systems Management”.  What were the key take-away ideas that panelists presented at the event?

Vijay: The most critical message that we identified is that systems and security management are absolutely converging today; organizations are already down the road of evaluating how to do it, and some of the leading-edge enterprises are already implementing solutions.  Interestingly, at the panel, there was some disagreement between some of the panelists — specifically, IBM and HP (who recently purchased Arcsight) - regarding the current viability of security and systems management technologies and platforms.  HP believes that customers aren’t yet ready for real convergence; IBM and most of the other panelists (including me) disagreed.

John: It sounds like there are some differing ideas on the value of convergence between IBM and HP.  What’s your take on their differing ideas?

Vijay: HP seems to believe that security and IT operations teams are looking at different points of data, with different tools, and that either there’s minimal value in the cross-correlation in visualizing the data between these tools, or — perhaps more likely – they believe that it can’t yet be done; at least, not with their own current tool set.  IBM knows that it not only can be done, but must be done in order to address modern, fundamental business problems.  To make this point, they elocuted that it will require a common correlation engine to be done the right way.  We at eIQ fully agree that’s the right approach, and it’s something that we’ve been talking about — and implementing in our SecureVue platform – for years.

John: What are the biggest challenges that audience members and panelists brought up related to security and systems management convergence?

Vijay: The big difference in vision between the panelists was in terms of how to implement a solution.  Many large vendors would like to believe that they can provide a single, unified stack to address both the “micro” problems of security and systems management (say, end-point anti-virus, NAC, and patch management) as well as the “macro” problems (such as insider threat identification or global threat intelligence).  Ultimately, however, the opportunity for a single-vendor approach to solving convergence is minimal.  Some vendors already understand this; Dave DeWalt of McAfee has often stated that the reality will be an “ecosystem” consisting of multiple vendors and technologies; however, there will need to be something aggregating and analyzing the data that sits above these tools.  Some vendors, like McAfee, have solved this for certain aspects of security and systems management — for example, the McAfee ePolicy Orchestrator console which brings together end-point security and configuration data from many different vendors’ technologies.

However, an even broader level of visibility that extends beyond end-point data into network data, device data, user data, and other points of information are required to competently solve the more complex — and increasingly more common – threats and other issues that affect both security and systems management.  That’s where a platform like SecureVue adds tremendous value, by providing a common correlation technology that spans all security, compliance, systems management, and other and IT operations data.

John: What do you personally see as eIQ’s biggest advantage in being positioned to address convergence between security and systems management?

Vijay: Customers today are looking for a solution for security and systems management convergence today.  Many vendors are trying to satisfy that need: in some cases through legitimate attempts to create near real-time data ecosystems with real correlation; in other cases, through clever marketing tactics such as buying point technologies and putting them under a brand umbrella.  Neither of these approaches delivers to the enterprise today, but SecureVue does.  Our advantage is not simply one of being a market first mover, but of being a proven approach that is already delivering the promise of security and systems management convergence to organizations from the Fortune 1000 down to the large end of the mid-market.

Thanks for your insight, Vijay!

I’ve been a good CISO this year [well, there haven't been any MAJOR breaches].  I bought all of the tools I thought I needed to keep our network protected against an evolving array of malicious cyber and internal attacks.    Generally, they have worked well.

When I say ‘generally’ there were a couple of times that our network was breached, but I don’t think that we lost any data… nothing bad has happened yet.  We can keep that between the two of us, can’t we Santa?  No need to worry our compliance team, right?  If I’m being honest, there was also that Stuxnet attack – but nobody ever sees those tykes coming, do they?  I’m still not even sure what really happened… but with attacks like that you don’t, right?!

If you feel like stopping by on Christmas eve Santa, I could use a way to collect data from every corner of my network, in all data formats and give me a way to correlate it all.  I have such a large amount of data on multiple point systems… it’s simply not been possible to capture it all in one place with the tools we use.  It’d be great to have the ability to see if something that looks suspicious is something I should really be worrying about, or whether I can go back to sleep.

If there was something we needed to take action on then it’d great to be able to understand how and where it started, and how it was spreading, so that we could take preventative action I’d really appreciate it if it could be your Christmas gift to me.  Your elves are talented guys, right Santa?  Surely they can come up with SOMETHING to help?

Thanks and have a safe and secure 2011 Santa,

Best wishes,

Rudolph