More SecureMaryland Podcasts
I’ve been privileged to guest-host two more SecureMaryland podcasts over the past few weeks, both of which are now available (with video, too!) at SecureMaryland.org:
- “Episode 5: Send Me a PDF” – Penetration testing has expanded beyond just OS/network level attacks, and is now focused heavily on applications and third-party components (Browsers, Java RunTime, PDF, etc). In this episode we explore these new attack vectors with a specific focus on PDFs.
- “Episode 6: State of the Hack 0001” – Expanding on last week’s podcast, in this episode we kick off our monthly “state of the hack” series: a SecureMaryland podcast dedicated to all things related to PenTesting. This first episodes discusses the necessity of “standards” both from a corporate as well as a pen tester perspective. Also in this episode a new project is announced: PTF, a PenTesting Framework. PTF is a detailed mind map of all aspects related to pentesting.
A Clear and Present Danger (with Apologies to Tom Clancy)
As regular readers of The Situational Room will know, we’re not big on FUD (Fear, Uncertainty and Doubt), instead focusing on the realities that global commercial enterprises and federal agencies face in protecting their information infrastructure from attack. We at eIQ – along with, I suspect, the majority of our peers in the information security industry – been watching with interest the discussions taking place in London at the Second Annual Cyberspace Summit, and were intrigued by one particular comment from Claire Yorke of Chatham House, a British Institute created for the analysis of international issues.
In an interview with the BFBS (British Forces Broadcasting Service) Claire comments that, “actual warfare is quite a high level threat, and I think it will be quite interesting to see whether it is actually possible in cyberspace given it’s limited capacity to actually cause physical harm.” Limited capacity to actually cause physical harm?!? I don’t know about you, but attacking centrifuges at nuclear power plants is very real and has the potential to do serious physical harm!
It’s great that events like this are taking place – the London event was attended by representatives from more than 60 countries. The threat posed by modern advanced persistent and insider attacks is an increasingly real one; the challenge of protecting critical corporate and federal infrastructures from attacks is growing ever more complex; and the potential for a cyber-based attack to do significant and prolonged collateral damage – including plenty of damage in the physical world – is significant.
If that doesn’t count as cyber warfare, we’d love to know what does!
How Do Large Organizations Tackle Big Data and Cloud Security?
How do large organizations tackle the challenges of “Big Data” and cloud computing? These were the questions posed at the EMC Big Data Forum that we attended today, so we thought that we would share some of the things discussed at the event.
The Forum identified three key challenges: Read more…
Cybersecurity Legislation: The Good, the Bad and the Ugly
Recently, I’ve contributed two articles to AOL Government, reviewing two of the key problems with cybersecurity legislation:
- Closing the Gap Between Cybersecurity and Privacy. While the federal government has focused heavily on security, the fact is that privacy at the federal level is getting left woefully behind. This article identifies what federal legislators can do to close this gap, and ensure that security and privacy are addressed in lock-step.
- Feeding Frenzy: The Problem with Federal Cybersecurity. The U.S. government is languishing in dozens of cybersecurity-related bills, none of which seem to be coming to fruition. Why? This article identifies why the log-jam exists, and what can be done to fix the problem.
Check them out, and let us know what you think!
Hope Is Not a Strategy
Without Situational Awareness this could be your best chance of avoiding an attack
When McAfee announced in a recent blog post that its acquisition of NitroSecurity gave them “true situational awareness” we were – to be honest – a little skeptical. Why? Because developing SecureVue, our own situational awareness platform, has taken years of dedicated and disciplined product management and engineering work, organically building a solution from the ground up that is all the things a situational awareness solution needs to be: highly scalable, extremely fast, able to cross-correlate any security data elements, extensible to any type of security data, and delivering this all through a single unified console, to name just a few. So you can see how surprised we were when McAfee suggested that their end-point management console, ePolicy Orchestrator, could simply become a “situational awareness console” by plugging into it the broad range of disparate products that McAfee has acquired through acquisition over the past several years.
Fortunately, McAfee shed some light on this strategy at this week’s FOCUS event in Las Vegas. During McAfee’s Partner Summit on Monday, the company addressed the details of how they’re going to deliver situational awareness – a concept that eIQnetworks has been delivering on for several years, and a bandwagon on which everyone from McAfee, to IBM, to niche SIEM players seem to be jumping on these days. During a review of the McAfee product roadmap, McAfee indicated that they are now planning on delivering situational awareness by… wait for it… Read more…
eIQnetworks on the SecureMaryland Podcast
I’ve been sitting in as a guest on Shawn Grimes’ SecureMaryland podcast for the past few weeks. SecureMaryland focuses on information security, specifically issues that are of interest to practitioners in Maryland (my home state). Maryland is rapidly solidifying its role as “ground zero” for cybersecurity, given the large number of organizations deeply involved in the security space: the National Security Agency, US Cyber Command, and major firms such as Lockheed Martin are all located in the state.
In our first podcast, we discuss the role of security technologies — including SIEM – and how these technologies just can’t keep up with today’s modern threats. In the second podcast, “Cloudy with a Chance of Pain”, we focus on some of the critical security issues around everyone’s favorite 21st-century paradigm-shifting technology: cloud computing.
Stay tuned in the coming weeks for more eIQ guest speaker dates on the SecureMaryland podcast! To access the entire catalog of SecureMaryland, you can visit: http://thecastcast.com/category/shows/securemd/
Have IBM and McAfee finally got into the ‘Magic Bean’ market?
A few years ago IBM ran an advert for its eBusiness suite of products that tried to convince the Enterprise IT community that, ‘There Are No Magic Business Beans‘. With the announcements that IBM is acquiring Q1 Labs and McAfee buying Nitro it appears that both companies Read more…
SIEM Is Dead? Don’t Ask Us… Ask a CISO!
Earlier today, I was very privileged to have the opportunity to speak to a group of CISOs in a major U.S. market. The subject of discussion? The fact that “SIEM is Dead”, of course! Over the course of the past few weeks, we’ve seen a flurry of responses – some fully in support, others more skeptical – of our claim that SIEM is dead. While it’s easy to say those words, the real proof in the proverbial pudding is how security practitioners and executives respond to that claim.
During this morning’s event, we started out by identifying some points from the Verizon 2011 Data Breach report regarding the effectiveness – or rather, the lack thereof – of information security technologies including SIEM to discover realized threats, and give security professionals the information they need to mitigate them:
- Successful data breach activity is up substantially, having more than doubled in the past year
- 86% of breaches were discovered by a third party
- 92% of attacks were classified by Verizon as “not highly difficult”
- The failure to implement simple controls were at the heart of 96% of breaches
Clearly, if SIEM is supposed to detect these data breaches and help make organizations more secure, it’s failing miserably at it.
Fortunately, every one of these security executives agreed that there are problems with SIEM. But the participants needed more convincing that situational awareness was the right approach: most felt these problems were solely due to implementation difficulty, lack of user knowledge, professional services costs, and other operational issues. So, let’s look at some of the problems that make SIEM a systemic failure, not just an operational one:
- SIEM is laser-focused only on event-based data, and looks at everything as if it’s an event. As one participant asked on today’s call, “What else is needed?” The answer is, “a lot”. Information security is fundamentally a discipline of discovering and analyzing the abnormal. If everything worked as it’s supposed to, there would be little need for security practitioners. However, that’s not the case: we have a constantly increasing base of threats and risks, coupled with a growing set of regulatory and compliance requirements. This means you need visibility into all security-related data: certainly you need events, but you also need visibility into asset and configuration state, network traffic, performance metrics, and many other pieces of data that are not events – and should not be treated like events.
- A bunch of point tools do not make situational awareness. Gartner made this clear in their recent “Delivering Situational Awareness” research note. Collecting data from SIEM and other tools is a great first step, but the ability to correlate all that data – both events and non-event information – is absolutely critical. SIEM simply doesn’t do this. Without that capability, you really only have a lot of tools that give you visibility into a piece of the puzzle, but not the whole thing.
There are many other reasons why SIEM is dead; I encourage you to read up on the differences between SIEM and a platform that can deliver true situational awareness on the eIQnetworks website.
In the end, the majority of participants on this morning’s call agreed that SIEM simply doesn’t work as advertised due to not only architecture and implementation problems, but due to a fundamental lack of capability. The consensus was that something more is needed, that takes into consideration all aspects of security, and does so in an efficient, user-friendly manner. Fortunately, we know just such a solution.
So, is SIEM really dead? We think so. Want more evidence? Give us a call (+1.978.266.9933) or drop us an e-mail, and give us 60 minutes of your time to demonstrate the world’s first unified situational awareness platform. You’ll be glad you did.
Put up, or shut up!
Vijay Basani, President and CEO of eIQnetworks, challenges both McAfee and IBM to prove they can deliver what they claim. He says empty marketing claims and misinformation won’t help it when it comes to convincing the industry.
Following the announcements that IBM and McAfee are to acquire Q1 Labs and NitroSecurity, both vendors are claiming that the acquisition of SIEM tools will magically provide them with the ability to deliver ‘true’ Situational Awareness – we firmly believe that it won’t. SIEM + Net Flow + some analytics isn’t situational awareness… it’s just SIEM plus a few other things.
Situational Awareness requires Read more…
[Cyber] War: how prepared is our critical infrastructure?
The apparent breach of control systems at an Illinois water treatment plant raises a number of questions about the preparedness of critical infrastructure, both in the United States and around the world, to resist malicious attacks. It also, sadly, demonstrates that Read more…