Recap Antivirus
Weekly Security Highlights: 2011 Security Connected Recap
The first month of 2012 has come to an end, but that doesn’t mean we get to forget all of the lessons we’ve learned over the past year. Here’s a recap of some of the most well received Security Connected posts of 2011, from best practices advice to security conference highlights:
Building a Better Shady Rat Trap
As many of you will remember, earlier this year, McAfee Labs published a whitepaper about Operation Shady RAT. In it is a detailed investigation of targeted intrusions into over 70 global companies, governments, and non-profit organizations over the last five years that appeared to be sourced from a single actor or group. In this post, we took a detailed look at the several solutions across endpoint, network, data security as well as security management that can and should be used in a connected framework to enrich each other and thus mitigate risk, increase ROI, and create greater efficiencies regarding incident detection, prevention, and response.
Security Metrics and the Balanced Scorecard
If you can’t measure it, you can’t manage it. In this post, our Security Connected guest blogger Steven Fox tackles the topic of metrics, and how they map to an IT management framework known as the Balanced Scorecard. By discussing security within this Balanced Scorecard framework, IT professionals can communicate the business value of a given set of solutions. By speaking the language of business, they can also hope to get the attention of those who control the budget.
McAfee at Mobile Computing Summit – “But I Love My iPad” & Balancing Privacy & Governance
In early July, the first annual Mobile Computing Summit was held in Burlingame, CA. The event was put on to emphasize the effective use and management of mobile devices ranging from smartphones and tablets to laptops and beyond, and highlight the security issues surrounding their use. McAfee VP of Mobility, David Goldschlag, and I were privileged with the opportunity to weigh in on the issue of security in the mobile space.
Friday Security Highlights: Black Hat, Defcon and Operation Shady RAT
Our inaugural Friday Security Highlights post began with a recap from the Black Hat cyber security conference, held in Las Vegas in early August. The conference began with a patriotic call to action from Cofer Black, chief of the CIA’s counterterrorism group during 9/11. He raised concerns during his keynote about what he called an impending “Code War”, pointing to Stuxnet, and its unique ability to impact real-world infrastructure. Black’s word carried particular weight, as they came the same day that McAfee published a detailed report on Operation Shady RAT.
Top 15 Cloud Security Best Practices
Cloud security is a huge, ever evolving subject that is difficult to cover in a short space, especially with so many different cloud service types and architectures (SaaS, IaaS, PaaS, external, internal, and hybrid). Guest blogger Leon Erlanger provided his take in this post with a few cloud security best practices that just about any organization should apply when working with the cloud.
We hope you’ll take another look at some of these articles and use them to your organization’s advantage in 2012, whether your plans include migrating to the cloud, or integrating more security into your BYOD policy. As always, we welcome your comments here in the blog and on Twitter at @McAfeeBusiness, where we regularly update our followers on McAfee news and events.
6 Trends for 2012: @McAfeeBusiness January #SecChat Recap
With the McAfee Labs’ 2012 predictions report as a guide, we started off this month’s #SecChat by crowdsourcing the question to our participants: what did the security community believe would be the most influential threats of 2012? We received a wide variety of speculations and well thought-out arguments, and we’ve collected what we hope is an accurate representation of the most buzzed-about topics of the hour:
1. Mobile & BYOD
Similar to what we reported in the McAfee whitepaper, many of you predicted that mobile threats would remain one of the most prominent vectors through 2012. But while nearly all of our 2011 sightings were concentrated on the Android platform, @rpermeh, @msarrel and others predicted that we are also due to see an increase in malware for iOS devices. In light of these increasing mobile threats, this presents a challenge for enterprises that have embraced BYOD policies. @hrbrmstr noted that organizations will struggle with increased demand for BYOD, but will continue to lack effective means to control and monitor the practice. @ChetWisniewski predicted that the mobile market would start to specialize, as did the market for desktop exploitations. While today’s attacks are for the most part opportunistic and interested in a quick monetary payoff, exploits will continue to evolve throughout 2012 to a focus on data theft.
2. Hacktivism
The threat of hacktivism is a particularly interesting case, because while most of our followers agreed that hacktivism would continue through 2012, many did not think that that it would necessarily increase in real-world influence. @jenatsafenet noted that “hackers love free publicity,” citing that hacktivist exploits often get much more buzz if they are timely – around holidays, elections, etc – influencing the time and type of attacks. @KPHaley in particular believes that the hacktivist threat will increase around this year’s election. Still, @FSLabsAdvisor predicts that some of the “fame-seeking” segments of hacktivist groups will burn out in 2012, causing a subsequent drop in media coverage which could affect how the world views them as a threat.
3. Social Engineering
As @chort0 pointed out, “social engineering is the only true multi-platform tool in the tech world”. As a result, no matter what #SecChat topic we choose, social engineering always seems to make an appearance by the end. Many of our participants voiced some of the best practices advice we discussed during our December chat on security awareness. @ChetWisniewski noted that we must partner with users, provide tools and education with practical advice, and remember that IT only becomes ‘the enemy’ when we act like dictators. @chort0 advised showing employees examples of real-world attacks, to encourage them to modify behavior.
4. Critical Infrastructure
As we moved on in our conversation, critical infrastructure stepped into the spotlight; a threat the McAfee Labs also predicted would be influential in the coming year. While @sam0910 agreed that critical infrastructure is more at risk than ever before, @ChetWisniewski asserted that those systems are no more vulnerable than anything else – the attacks just get more press, because there is a larger real-world impact when facilities are breached. @chort0 and @Shpantzer added that most hacktivists lack the skill and motivation for kinetic damage, and that nation-states could be influenced by the deterrent of MAD. Nevertheless, @KPHaley believes that infrastructure providers should be looking at exploits like Stuxnet and Duqu as a warning, and take steps that will allow them to mitigate the threat of attack. @rpermeh agreed, saying that these are particularly good targets for nation-state actors and hacktivists, as they provide a bridge from the cyber to the real world.
5. Cloud
We’ve heard time and time again that for many organizations, 2012 is set to become the “year of the cloud”. @KPHaley and @ChetWisniewski addressed the security implications of this New Year’s resolution, predicting that many companies will migrate to the cloud and only afterwards worry about data security. @ChetWisniewski in particular noted that very few organizations have a “cloud data” policy, and awareness is very low among end-users. There is a great need to provide contextual warnings, as well as an easy and secure means to share files and data. Many of our participants mentioned the problem orgs are now facing with systems like Dropbox, and the need to create something that will work well in place of it.
6. Showing how security is material to the business
To wrap up with a thought we think is important to bring home, one of the most poignant topics in our discussion was the importance of effective communication between IT/security and the business. As @securelexicon pointed out, the inability of information security professionals to communicate risk in business terms could be one of the biggest threats of all. It’s time to form alliances with executives beyond the IT bubble, work to understand their culture, and learn how to explain to a board how a more secure company is a more profitable company. @msarrel gave a particularly interesting tidbit of advice – he likes to show C-level executives material evidence showing how news of a data breach can directly correlate to a drop in stock price. Whatever method you choose, it is crucial that security advocates learn to speak the language of business if any of the above threats are going to be fully addressed going into 2012.
Thanks again to everyone who contributed to this month’s discussion. We are always so impressed by the breadth of knowledge shared, and the many professionals who take time out each month to share their experience with our community. For those of you who haven’t yet joined a #SecChat discussion, look out for our next topic announcement here in the blog and on Twitter at @McAfeeBusiness. We always enjoy welcoming new faces and opinions to the table, as well as suggestions for future discussion topics.
December #SecChat Recap: Building an Effective Enterprise Security Awareness Program
As all IT professionals are painfully aware, it is impossible to ignore the role of people in an organization’s information security program. Information security, like everything else, is at its core a human enterprise influenced by factors that impact the individual. During our December #SecChat, we set out to address this topic with our followers, looking to gain insight from the community and learn more about what it takes to design and implement an effective security awareness program.
We began our conversation by asking what kind of security awareness programs participants had seen implemented, and what they believed made those initiatives more or less successful. A few of the main points that many of our followers brought up revolved around the importance of thinking outside the “yearly compliance video” box – making sure security awareness education is ongoing, relevant and fun.
First, @jadedsecurity reminded us that one big problem in many organizations is that security awareness is seen as a one-off thing – there is no reinforcement. And not only is there no reinforcement or ongoing education from the IT side, all too often there is no collaboration between IT and the rest of the business. As @BrianContos brought up, it is imperative that orgs include non-IT/security employees in the crafting of policies and awareness programs in order to set the foundations for strong governance. @hrbrmstr suggested developing a quarterly plan at the beginning of the year designed to pace in-depth messaging with smaller, more frequent bits. Again, this always requires collaboration between departments to make sure that IT messages do not overlap or conflict with any standard, all-hands business messaging.
The next big point of our conversation was that organizations need to do a better job at helping employees see the relevance of cybersecurity to their everyday lives – answering the question, “What’s in it for me?” Many of our participants cited this as one of the most critical angles of a security education program. As @lewisnic explained, you need to hook users and get them interested in the topic by explaining how they can affect their personal security (like online banking, phone, etc.) and then translate that to how it applies to the business. @msarrel brought up that a couple of ways to make enterprise security more “real” to users is to give concrete examples and demonstrations of what you have seen in your environment, or to tie in big-news events with internal analysis and personal advice.
Finally, nearly all of our participants agreed that one of the top priorities in any security awareness program should be to make the content engaging, interactive and fun. @grap3_ap3 suggested holding contests to encourage positive behavior, and rewarding employees who bring security issues to light. In an effort to make learning more engaging, @hrbrmstr’s organization actually created Flash games for topics like data classification, and hosts their policy and standards education class as a game of Jeopardy (winners are rewarded with a gift card). One of @djbphaedrus’ clients identified 5 new legitimate security issues with this gamification approach, “employees were thrilled, and awareness increased.” @451wendy also touched upon the importance of reinforcement through reward – public praise, compliments to the employee’s supervisor, or of course, the ubiquitous power of food.
As we approached the end of our hour, we asked our contributors if they had any lasting words of wisdom for those looking to start an awareness program. There was one important message voiced by a number of our participants that I think is summed up best in the words of @grecs: “Getting people to “get it” is sorta like raising kids. Kids learn their lessons in different ways.” Organizations can’t be afraid of reaching out and trying different techniques that may not be familiar. In turn, don’t be afraid to change your approach as time goes on and to tailor your program to your org’s individual culture, personality, and evolving security needs. Above all, be enthusiastic, and remember that awareness is an ongoing process. As @451wendy pointed out, security awareness should be seen as an ongoing dialogue, not a one-time lecture.
Thanks to everyone who joined in and helped to make our December #SecChat such a success. Stay tuned here in the blog and on Twitter at @McAfeeBusiness for next month’s topic, as well as regular updates on McAfee news and events.
October #SecChat Recap: Physical & Virtual Security for the Next-Generation Data Center
Last week, we hosted our monthly Twitter #SecChat on data center security, focusing on questions of physical and virtual security in the face of a modern environment that is going through rapid transformation. While the industry is being driven by trends in virtualization, cloud computing and more, data centers are now not only called upon to store mission-critical data, but to also deliver the benefits of cost reduction and simplified management associated with virtualization.
We kicked off the conversation by asking about the top security challenges participants have faced in their data centers. For @jtyrus, the answer was balancing application availability and performance with security needs, while @sam0910’s top challenges were total data protection, and protection of ever-increasing back-ups.
Next, we went on to discuss the point at which security becomes a consideration in projects and initiatives in the data center, and @BrandenWilliams made the point that all too often, security is bolted on as an afterthought, rather than built in from the get-go. @sam0910 and @jsokoly seconded this, saying that security should be considered at design, but unfortunately, is almost always thrown in at the end of a project. I added that this is exactly why we need an integrated, holistic solution across the data center. @wireheadlance and @armorguy also chimed in, noting that this lack of consideration for security is a challenge we’ll face for years to come, and is especially true when it comes to apps.
From there, our participants went on to discuss the topic of both virtual and physical security challenges in the modern data center – the importance of managing security personnel and properly investing in an effective physical security infrastructure. @mckey noted that we have a long history with physical security, and thousands of mistakes to learn from in this area. Still, contributor @phyllisgardner made the point that companies seem to be taking security much more seriously than they were just 5 years ago – or even, according to @jtyrus, even 1 year ago. @BrandenWilliams agreed, but noted that while companies are taking security more seriously, the bad guys have become more serious as well. Hacking is a much bigger businesses now, with larger organizations of professional bad guys, not to mention legions of malicious amateur hackers.
And while some companies have indeed upped the ante when it comes to both physical and virtual security practices, @mckeay made the point that most are getting distracted when it comes to implementation. @sam0910 agreed, saying that just being “serious” about security doesn’t help – companies need to be proactive and open to new ideas if they are to meet the challenges of securing their data center. @armorguy sees this tendency to distraction as a challenge – we need to make businesses understand that information security is a value-add, not just a cost. Orgs need to realize that security breaches are in fact preventable to a certain degree, so long as they take the proper steps forward.
And if the companies are taking steps forward, @ShawnHooper brought up a key point – how important it is that orgs are going about security in the right way. To go along with this, @armorguy noted how types of security - virtual vs. physical – are often valued differently in different industries. In certain spaces, like healthcare, information security carries much more importance, while in others, like commercial airlines, physical security is the biggest concern. Nevertheless, no matter the industry, @jack_daniel argued that physical security often moves to the forefront of people’s minds – the focus is on having a strong defense on the perimeter, even while the inside is weak. Companies need to be able to truly understand where their priorities lie, and realize that even when a data center is virtual, the data itself is real – and just as (if not more) in need of protection.
To wrap up, @danielkennedy74 posted a rather amusing piece of advice on the topic of physical security – making sure to install proper mantraps:
(OK – so, perhaps not this type of mantrap)
Until next time, thanks to everyone on who participated in our October #SecChat, and stay tuned here in the blog and on Twitter at @McAfeeBusiness for our November #SecChat topic. To learn more about what McAfee is doing to optimize security in the next-generation data center, you can also visit our Data Center Solutions page.
October #SecChat Recap: Physical & Virtual Security for the Next-Generation Data Center
Last week, we hosted our monthly Twitter #SecChat on data center security, focusing on questions of physical and virtual security in the face of a modern environment that is going through rapid transformation. While the industry is being driven by trends in virtualization, cloud computing and more, data centers are now not only called upon to store mission-critical data, but to also deliver the benefits of cost reduction and simplified management associated with virtualization.
We kicked off the conversation by asking about the top security challenges participants have faced in their data centers. For @jtyrus, the answer was balancing application availability and performance with security needs, while @sam0910’s top challenges were total data protection, and protection of ever-increasing back-ups.
Next, we went on to discuss the point at which security becomes a consideration in projects and initiatives in the data center, and @BrandenWilliams made the point that all too often, security is bolted on as an afterthought, rather than built in from the get-go. @sam0910 and @jsokoly seconded this, saying that security should be considered at design, but unfortunately, is almost always thrown in at the end of a project. I added that this is exactly why we need an integrated, holistic solution across the data center. @wireheadlance and @armorguy also chimed in, noting that this lack of consideration for security is a challenge we’ll face for years to come, and is especially true when it comes to apps.
From there, our participants went on to discuss the topic of both virtual and physical security challenges in the modern data center – the importance of managing security personnel and properly investing in an effective physical security infrastructure. @mckey noted that we have a long history with physical security, and thousands of mistakes to learn from in this area. Still, contributor @phyllisgardner made the point that companies seem to be taking security much more seriously than they were just 5 years ago – or even, according to @jtyrus, even 1 year ago. @BrandenWilliams agreed, but noted that while companies are taking security more seriously, the bad guys have become more serious as well. Hacking is a much bigger businesses now, with larger organizations of professional bad guys, not to mention legions of malicious amateur hackers.
And while some companies have indeed upped the ante when it comes to both physical and virtual security practices, @mckeay made the point that most are getting distracted when it comes to implementation. @sam0910 agreed, saying that just being “serious” about security doesn’t help – companies need to be proactive and open to new ideas if they are to meet the challenges of securing their data center. @armorguy sees this tendency to distraction as a challenge – we need to make businesses understand that information security is a value-add, not just a cost. Orgs need to realize that security breaches are in fact preventable to a certain degree, so long as they take the proper steps forward.
And if the companies are taking steps forward, @ShawnHooper brought up a key point – how important it is that orgs are going about security in the right way. To go along with this, @armorguy noted how types of security - virtual vs. physical – are often valued differently in different industries. In certain spaces, like healthcare, information security carries much more importance, while in others, like commercial airlines, physical security is the biggest concern. Nevertheless, no matter the industry, @jack_daniel argued that physical security often moves to the forefront of people’s minds – the focus is on having a strong defense on the perimeter, even while the inside is weak. Companies need to be able to truly understand where their priorities lie, and realize that even when a data center is virtual, the data itself is real – and just as (if not more) in need of protection.
To wrap up, @danielkennedy74 posted a rather amusing piece of advice on the topic of physical security – making sure to install proper mantraps:
(OK – so, perhaps not this type of mantrap)
Until next time, thanks to everyone on who participated in our October #SecChat, and stay tuned here in the blog and on Twitter at @McAfeeBusiness for our November #SecChat topic. To learn more about what McAfee is doing to optimize security in the next-generation data center, you can also visit our Data Center Solutions page.
McAfee FOCUS 11 Recap
FOCUS 11 has come to a close, and McAfee customers and partners shared an incredible week of sessions, networking activities and social events. What was started at Intel Developer Forum last month with hints of coming innovations came to fruition with some truly game-changing announcements. From presentations at the McAfee Global SecurityAlliance Partner Summit to the sessions and keynotes of the main FOCUS event, this year’s conference was truly an event to remember.
In our first bout of conference announcements, co-presidents Todd Gebhart and Mike DeCesare introduced our first two products built on McAfee DeepSAFE technology, co-developed with Intel: McAfee Deep Defender and McAfee Deep Command. McAfee Deep Defender is the industry’s next generation of endpoint security, capable of detecting nearly all kernel-mode malware, and McAfee Deep Command offers beyond-the-operating system management by taking advantage of hardware-based capabilities built into laptop and desktop PCs featuring Intel processors. Our team at McAfee worked closely with Intel to deliver these hardware-assisted security solutions, looking to transform the security industry by combining the power of hardware and software into a solution that will more effectively prevent attacks than ever before.
During the two-day McAfee Partner Summit, the focus was on the Power of 3: Intel, McAfee, and our partner community. For starters, McAfee teamed up with RSA Security to provide a compliance and risk management solution that combines the McAfee ePolicy Orchestrator platform with the RSA Archer eGRC Platform and the RSA Archer Enterprise Management solution, giving enterprises greater visibility into the security and compliance status of their infrastructures. Also announced were new additions to our Security Innovation Alliance program, as well as a new partnership with SAIC that will allow us to offer enterprise-ready protection from zero day and reconnaissance attacks by combining McAfee’s industry leading security products with SAIC’s CloudShield solutions. Finally, we announced several channel initiatives to drive partner profitability, as well as the three pillars that build the foundation and support for McAfee’s channel strategy: mutual investment, growth, and optimization.
Alongside all of our exciting product and partner announcements were of course the 2011 keynotes, the first of which featured Virgin Group founder Sir Richard Branson. The capacity crowd listened to Branson speak on life, leadership, and his newest business venture, commercial spaceline Virgin Galactic. Branson predicted that within just two decades, the cost of space tourism would drop enough for families to take their kids into space for vacation.
“I’m willing to forecast today that the people in this room’s children, 20 years from now, will be thinking, ‘Shall we go on holiday this year, or should we go off into space?’”
One of the most memorable presentations of FOCUS came during our final day keynote with Stuart McClure, co-author of the world’s bestselling computer security book, Hacking Exposed. McClure shocked the audience with an iPad hack onstage, as well as other live hacks. Down on the FOCUS showcase floor, the McAfee and partner booths were full of energy as attendees stopped by to view demos and technology stations, check out the Safe Never Sleeps chopper, and participate in the SIA pavilion drawing. Alongside our SIA sweepstakes, we also held a #MFEtrivia Twitter giveaway on @focusconference, with questions covering key FOCUS happenings and events. A few lucky trivia masters went home each night with some great prizes, including prime tickets to Blue Man Group and a dinner at Valentino.
Other unforgettable highlights from the show include the FOCUS Final Night Extravaganza, featuring a performance by the band Third Eye Blind, held on Thursday night at the Hard Rock Hotel & Casino.
For those of you who want to look back on all of the great sessions at this year’s conference, be sure to check out the presentations online on the FOCUS website. We also recorded a variety of videos at the conference, covering our SIA partners, McAfee booth demos, and happenings, as well as some fun stuff – all to be posted on the McAfee YouTube channel.
Thank you to all of our partners, customers, staff, and sponsors who made this year’s event possible. We’re already looking forward to planning next year’s show, so be sure and leave your feedback here, on Facebook, or on Twitter at @focusconference.
Until next year!
Recap of McAfee Happenings at IDF 2011
After listening in to the McAfee & Intel joint sessions, panels and demonstrations at Intel Developer Forum 2011, it’s hard to believe that only a little more than a year ago marked the beginning of our future with Intel. We promised a joint vision that would tackle security in a fundamentally new way, a vision that is finally coming into focus through the new technologies and initiatives that were announced at IDF.
As always, some of the biggest moments at the Forum happened during the keynote presentations. On day one, Candace Worley, senior vice president and general manager, Endpoint Security at McAfee, joined Intel CEO Paul Otellini on stage to introduce our DeepSAFE technology platform. DeepSAFE is a new McAfee technology platform, developed in partnership with Intel that allows McAfee to develop hardware-assisted security products that take advantage of a “deeper” security footprint. The technology sits below the operating system, which provides a new vantage point for protection technologies, enabling them to proactively detect and prevent stealthy APTs and malware. Worley demonstrated an implementation of the security technology during the keynote, running DeepSAFE to detect and stop a zero day Agony rootkit from infecting a system in real time.
After the keynote, we listened in to McAfee’s Gold Sponsor Session with Dave Marcus and Tony Jennings: McAfee and Intel – Security Beyond the Operating System. Marcus and Jennings offered their take on the current security landscape, detailing how and why we are working with Intel to move security beyond the operating system, down to the silicon level. Dave Marcus pointed out how the security landscape is changing – attackers are getting smarter, they’re downloading the details of every security solution out there, decompiling them and learning to work around them. Many stealth techniques, like rootkits, actually embed themselves outside the OS, and the attacks are growing: every day, over 60,000 unique pieces of malware are unleashed on the world. In addition, with the increasing consumerization of IT, solutions not only need to take into account sophisticated attackers, but consumers and employees who have continually demonstrated a love for clicking on foreign (and often malicious) links. Because of its position outside the operating system, DeepSAFE provides a direct view of system memory and processor activity, a vantage point that takes security away from the threat of a consumer’s clicks and enables the recognition of stealthy APTs and malware.
In another big McAfee-Intel announcement, McAfee’s Todd Gebhart joined Mooly Eden during the day 2 keynote to announce the development of new McAfee consumer anti-theft solutions for Ultrabook PCs. The new software will leverage unique, Intel chip-level technologies to provide device and data protection and is scheduled to be publically available in Ultrabook devices in 2012.
Down on the IDF technology showcase floor, the main McAfee booth was full of energy as attendees stopped by to view demos, learn more about our Security Innovation Alliance, check out the Safe Never Sleeps chopper and put their name in for a chance to win a remote control motorcycle in our Passport to Prizes sweepstakes. In addition to our main booth, McAfee showcased two other stations, including a Business Client Community booth with demo pods to showcase the capabilities of ePO Deep Command, EEPC with AES-NI and EMM, along with an embedded space with demos of medical device security with McAfee, Intel and Wind River
Alongside our Passport to Prizes sweepstakes, we also held a social media video giveaway with @McAfeeBusiness on Twitter. Attendees were asked what impressed them most about the McAfee booths or McAfee happenings at IDF, and those who gave a quick video response were rewarded with a signature McAfee backpack and Safe Never Sleeps shirt. Dan Dahle, senior strategic architect at Intel, gave his insight on McAfee Global Threat Intelligence for his 20 seconds of fame, while attendee Kevin was excited about his copy of McAfee Total Protection 2011, which was included in each attendee’s IDF backpack:
Other highlights from the show include the Intel Networking Nightcap featuring DJ ap.de.ap and will.i.am of the Black Eyed Peas, held on Tuesday night at the San Francisco Metreon theatre. Will.i.am even stopped by the conference to sign Intel’s SiMan, an 18-foot silicon man built up piece by piece throughout IDF with limbs signed by conference attendees. We looked on Wednesday as the completed SiMan was lit up with an impressive 1,500 LED bulbs, the entire structure meant to symbolize the importance of collaboration in a world driven by embedded technology.
Also worth noting was Intel’s thorough integration of social media, in evidence throughout the conference with installations such as the pre-keynote Twitter roll and social media pods featuring top #IDF2011 tweets in real time.
Finally, we captured some great video of one of my personal favorites at the show – Intel’s Industrial Control in Concert, a collection of digital vibraphones, xylophones, high-hats and other musical devices powered by Intel Atom processors.
For those of you who missed out on the show or just want to look back on all of the exciting events and announcements that took place last week, check out Intel’s IDF Newsroom for a complete recap, including photos, video and blogs covering each day of IDF. And for more on DeepSAFE and the other joint technologies that will shape McAfee and Intel’s integrated future, follow us at @McAfeeBusiness and stay tuned for updates from our annual FOCUS security conference in Las Vegas, October 18-20.
July #SecChat Recap – Security Conferences
Last month, we hosted our monthly #SecChat on Security Conferences – what makes them worthwhile and how they can be improved. We wanted to gain insight from you, the attendees and presenters, into what conference organizers are doing right and wrong, and how mainstream security events will need to evolve in order to stay relevant in a web 2.0 world.
To begin the conversation, we asked if our participants thought that security conferences kept up with the latest trends, and if not, what should be added or updated. @JGamblin responded that large security conferences have a natural tendency to be behind the curve 3-6 months due to the CFP process, an observation supported by several participants, including @chort0 and @msarrel. @SecRunner and @gattaca also pointed out that larger conferences tend to have too many vendor-focused presentations.
Many participants recommended smaller conferences for their ability to organize quickly, which in turn allows them to deliver more timely information. @gattaca recommended BSides, SchmooCon and DefCon as conferences that are more likely to have current information, while @danielkennedy74 noted that though smaller conferences have a community feel, they also tend to be quickly overwhelmed.
We then asked participants what the benefits were in attending large security conferences. The majority of participants believed that networking was the biggest draw, with @lewisnic, @chort0 and @SecRunner (among others) all saying that they looked forward to discussions with different people and being exposed to new views and approaches. Indeed, as @danielkennedy74 pointed out, “A strategic security person must be exposed to different things (like both vendors and hard tech), and be wary of comfort zones.”
@Wh1t3Rabbit then noted that a main problem of security conferences is the lack of audience participation, while other participants criticized conference speakers for failing to engage the audience. @gattaca asserted, “if you can’t tell a story without slides, you can’t tell a story.” Participants then offered creative ways for presenters to increase audience participation, such as through quizzes, polls and raffles, as suggested by @jtyrus. @JGamblin shared his creative way to increase audience engagement, by giving away boxes of movie candy at all of his talks. Overall, as @djbphaedrus put it, speakers must make their environment dynamic and give participants a chance to find and speak about their own ideas.
Another recommendation that cropped up was the idea that security conferences need to take better advantage of social media. As I mentioned during the chat, so long as an audience can connect to a channel like Twitter through a smartphone, laptop or other mobile device, a presentation can become instantly interactive through real-time polls and Q&A sessions. Many participants, including @danielkennedy74 and @msarrel, also suggested that conferences broadcast their talks live online. Speakers can then phone in or join the conversation through social media channels and, as an added incentive for organizers, @lewisnic noted that posting slides and content online is a great way for conferences to showcase their content and attract attendees.
In sum, many participants agreed that interaction and communication are crucial to the value of any conference, whether big or small. Stay tuned for our next #SecChat towards the end of August, topic will be announced soon. Feel free to tweet at @McAfeeBusiness with any questions/feedback in the meantime.
May #SecChat Recap – Prioritizing Security for SMBs
Last month, we hosted our Twitter #SecChat on How To Keep Security a Priority, particularly for SMBs with limited IT resources. When it comes to security, attacks can happen regardless of your business size or type (as the recent and numerous security breaches at Sony can attest). How are SMBs supposed to prioritize security when they have a limited IT staff and resources that have already been stretched thin? This is exactly what we hoped to discover during our Security Chat.
To kick off the conversation, we asked participants what they considered to be the three most important things to focus on when you have limited security resources. @jsokoly pointed out that in most SMBs he’s seen, keeping security a priority isn’t the problem, but rather making it a priority in the first place is the problem—a sentiment echoed by many participants. @451wendy and @hal_pomeranz also chimed in, “One problem is that many of these SMBs fall below the ‘security poverty line’—can’t afford good IT, much less security.”
Matt Sarrel, @msarrel, put forth the suggestion that creating security awareness comes first—administrators need to know what’s going on in the security world and see how others defend their resources. @labnuke and @Wh1t3Rabbit further elaborated on the idea that knowledge comes first, pointing out that defining the problem is a crucial first step – SMBs need to know what data they need to protect and where this data is located. However, I pointed out during our chat, many SMBs put too much of their focus on web, email and malware, and many forget about protecting the data itself. @msarrel agreed that a lot of businesses don’t know where their data even lives or the financial value of that data.
Eventually the conversation shifted as @labnuke noted that many business leaders are too busy dealing with the actual business to take the time to define the value of their data, a task that he suggests seems to belong to IT. But, as @averagesecguy and @joshcorman both agreed, “As long as we are relying on overworked IT staff to implement security, we will never be doing enough.” @Wh1t3Rabbit added that most companies don’t spend on security because it’s not seen as a necessity, and @dewer agreed that many companies are reactive to the problem – they only spend when the problem occurs, and this usually results in spending more money than they would have if they invested in proactive security measures.
The conversation winded down with @451wendy asserting, “We have created a whole industry out of keeping security separate from IT, and now many people can’t afford to buy IT separately.” For SMBs to ‘get’ security, @andrewsmhay suggests that it needs to be presented to them as something that will help availability, or in other words, the complexity of security needs to be eliminated.
This message ties in strongly with the editorial brief McAfee recently published on managing security without having to live and breathe it. Our solutions reduce complexity, but are also designed for affordability and practical usability.
Stay tuned for our next #SecChat on June 23rd, 11am PT where we’ll discuss stealth crimeware. Feel free to tweet at @McAfeeBusiness with any questions/feedback in the meantime.
June #SecChat Recap: Stealth Crimeware
Last week, we hosted our monthly #SecChat on Stealth Crimeware. When it comes to building malware, cyber criminals are getting smarter – employing stealth techniques with malware able to self-replicate and evade detection for long periods of time. It can be costly for enterprises to remediate the damage done to infected machines and networks. During this month’s #SecChat, we wanted to find out what challenges organizations face when it comes to the prevention and detection of stealthy malware.
To start the conversation, we asked participants to share the remediation costs or impact stealthy malware has had on their organization. @Labnuke noted remediation costs often get “lost” in many organizations that are only interested in getting services restored, an observation with which both @DaveMarcus and @0xjudd agreed. @DaveMarcus asked the chat if stealth detection was realistic, considering that security technologies and malware occupy the same “space.” @Labnuke noted security technology and malware tend to hide inside of each other, and that stealth malware is effective at detecting, disabling and evading security technology. @imaguid stated that as long as malware is active it can interfere, and therefore the only way to deal with malware is to make sure it doesn’t become active. @DaveMarcus then added that he often ponders over stealth detection effectiveness while inside the OS, since rootkits know exactly how to evade traditional models.
Following this, I asked if virtual environments are inherently more or less susceptible to rootkits than traditional systems, which elicited various responses. @grap3_ap3 thought they were equally susceptible, but @0xjudd suggested that virtual machines are not more or less secure, just less targeted. @DaveMarcus thought that VM environments are neither more or less secure objectively. He pointed out that VMs have a distinct advantage in that you can monitor them from the outside, and reiterated that moving beyond the OS is important. @451wendy chimed in that it comes down to how the system is managed and controlled, not whether it’s physical or virtual.
@Labnuke then noted that the issue in physical and VM worlds is how to remediate the problem while also determining at what point the infection happened, which @DaveMarcus agreed with. @gacevedo suggested that one could use behavioral analysis to determine at which point the infection happened. @Labnuke asked how one detects bad behavior, with @securelexicon wondering what research has been done in terms of studying the use of social engineering in concert with stealth malware. @DaveMarcus countered that the question on behavioral is if there is enough information to “convict” to a specific file or event – correlation is needed.
@joshcorman made an interesting point that people are over-focused on highly replaceable/recoverable data losses instead of more serious/irrecoverable losses. @labnuke added that multiple replaceable/recoverable losses can quickly add up to serious/irrecoverable losses. @securelexicon agreed, citing a recent pentest where he discovered a malware infection that was thought to be cleared of 6 months ago. Indeed, the problem of stealthy malware is not just about data loss, and during our chat I emphasized that with “reincarnating malware,” some people might just burn an entire infected system and backup tapes too, which can be very expensive for enterprises.
As we winded down the chat, @McAfeeBusiness asked what are the biggest obstacles are that organizations face when it comes to preventing the threat of stealthy malware. @joshcorman stated that stealthy attacks aren’t even required very often since people skip basic security measures like hardening or DefPassword. @labnuke suggested that the biggest obstacle is probably awareness, and as stealthy attacks by name mean “hidden,” a drive-by taking advantage of an unhardened system can result in exploits and loss. @DaveMarcus concluded that the OS and today’s security technology methodologies are known quantities – cybercriminals know our game, and change is needed to combat stealth crimeware.
Be sure to check out our recent whitepaper with Intel on The New Reality of Stealth Crimeware. Stay tuned for our July #SecChat, and feel free to tweet at @McAfeeBusiness with any questions/feedback in the meantime.