#SecChat Antivirus
October #SecChat Recap: Physical & Virtual Security for the Next-Generation Data Center
Last week, we hosted our monthly Twitter #SecChat on data center security, focusing on questions of physical and virtual security in the face of a modern environment that is going through rapid transformation. While the industry is being driven by trends in virtualization, cloud computing and more, data centers are now not only called upon to store mission-critical data, but to also deliver the benefits of cost reduction and simplified management associated with virtualization.
We kicked off the conversation by asking about the top security challenges participants have faced in their data centers. For @jtyrus, the answer was balancing application availability and performance with security needs, while @sam0910’s top challenges were total data protection, and protection of ever-increasing back-ups.
Next, we went on to discuss the point at which security becomes a consideration in projects and initiatives in the data center, and @BrandenWilliams made the point that all too often, security is bolted on as an afterthought, rather than built in from the get-go. @sam0910 and @jsokoly seconded this, saying that security should be considered at design, but unfortunately, is almost always thrown in at the end of a project. I added that this is exactly why we need an integrated, holistic solution across the data center. @wireheadlance and @armorguy also chimed in, noting that this lack of consideration for security is a challenge we’ll face for years to come, and is especially true when it comes to apps.
From there, our participants went on to discuss the topic of both virtual and physical security challenges in the modern data center – the importance of managing security personnel and properly investing in an effective physical security infrastructure. @mckey noted that we have a long history with physical security, and thousands of mistakes to learn from in this area. Still, contributor @phyllisgardner made the point that companies seem to be taking security much more seriously than they were just 5 years ago – or even, according to @jtyrus, even 1 year ago. @BrandenWilliams agreed, but noted that while companies are taking security more seriously, the bad guys have become more serious as well. Hacking is a much bigger businesses now, with larger organizations of professional bad guys, not to mention legions of malicious amateur hackers.
And while some companies have indeed upped the ante when it comes to both physical and virtual security practices, @mckeay made the point that most are getting distracted when it comes to implementation. @sam0910 agreed, saying that just being “serious” about security doesn’t help – companies need to be proactive and open to new ideas if they are to meet the challenges of securing their data center. @armorguy sees this tendency to distraction as a challenge – we need to make businesses understand that information security is a value-add, not just a cost. Orgs need to realize that security breaches are in fact preventable to a certain degree, so long as they take the proper steps forward.
And if the companies are taking steps forward, @ShawnHooper brought up a key point – how important it is that orgs are going about security in the right way. To go along with this, @armorguy noted how types of security - virtual vs. physical – are often valued differently in different industries. In certain spaces, like healthcare, information security carries much more importance, while in others, like commercial airlines, physical security is the biggest concern. Nevertheless, no matter the industry, @jack_daniel argued that physical security often moves to the forefront of people’s minds – the focus is on having a strong defense on the perimeter, even while the inside is weak. Companies need to be able to truly understand where their priorities lie, and realize that even when a data center is virtual, the data itself is real – and just as (if not more) in need of protection.
To wrap up, @danielkennedy74 posted a rather amusing piece of advice on the topic of physical security – making sure to install proper mantraps:
(OK – so, perhaps not this type of mantrap)
Until next time, thanks to everyone on who participated in our October #SecChat, and stay tuned here in the blog and on Twitter at @McAfeeBusiness for our November #SecChat topic. To learn more about what McAfee is doing to optimize security in the next-generation data center, you can also visit our Data Center Solutions page.
October #SecChat Recap: Physical & Virtual Security for the Next-Generation Data Center
Last week, we hosted our monthly Twitter #SecChat on data center security, focusing on questions of physical and virtual security in the face of a modern environment that is going through rapid transformation. While the industry is being driven by trends in virtualization, cloud computing and more, data centers are now not only called upon to store mission-critical data, but to also deliver the benefits of cost reduction and simplified management associated with virtualization.
We kicked off the conversation by asking about the top security challenges participants have faced in their data centers. For @jtyrus, the answer was balancing application availability and performance with security needs, while @sam0910’s top challenges were total data protection, and protection of ever-increasing back-ups.
Next, we went on to discuss the point at which security becomes a consideration in projects and initiatives in the data center, and @BrandenWilliams made the point that all too often, security is bolted on as an afterthought, rather than built in from the get-go. @sam0910 and @jsokoly seconded this, saying that security should be considered at design, but unfortunately, is almost always thrown in at the end of a project. I added that this is exactly why we need an integrated, holistic solution across the data center. @wireheadlance and @armorguy also chimed in, noting that this lack of consideration for security is a challenge we’ll face for years to come, and is especially true when it comes to apps.
From there, our participants went on to discuss the topic of both virtual and physical security challenges in the modern data center – the importance of managing security personnel and properly investing in an effective physical security infrastructure. @mckey noted that we have a long history with physical security, and thousands of mistakes to learn from in this area. Still, contributor @phyllisgardner made the point that companies seem to be taking security much more seriously than they were just 5 years ago – or even, according to @jtyrus, even 1 year ago. @BrandenWilliams agreed, but noted that while companies are taking security more seriously, the bad guys have become more serious as well. Hacking is a much bigger businesses now, with larger organizations of professional bad guys, not to mention legions of malicious amateur hackers.
And while some companies have indeed upped the ante when it comes to both physical and virtual security practices, @mckeay made the point that most are getting distracted when it comes to implementation. @sam0910 agreed, saying that just being “serious” about security doesn’t help – companies need to be proactive and open to new ideas if they are to meet the challenges of securing their data center. @armorguy sees this tendency to distraction as a challenge – we need to make businesses understand that information security is a value-add, not just a cost. Orgs need to realize that security breaches are in fact preventable to a certain degree, so long as they take the proper steps forward.
And if the companies are taking steps forward, @ShawnHooper brought up a key point – how important it is that orgs are going about security in the right way. To go along with this, @armorguy noted how types of security - virtual vs. physical – are often valued differently in different industries. In certain spaces, like healthcare, information security carries much more importance, while in others, like commercial airlines, physical security is the biggest concern. Nevertheless, no matter the industry, @jack_daniel argued that physical security often moves to the forefront of people’s minds – the focus is on having a strong defense on the perimeter, even while the inside is weak. Companies need to be able to truly understand where their priorities lie, and realize that even when a data center is virtual, the data itself is real – and just as (if not more) in need of protection.
To wrap up, @danielkennedy74 posted a rather amusing piece of advice on the topic of physical security – making sure to install proper mantraps:
(OK – so, perhaps not this type of mantrap)
Until next time, thanks to everyone on who participated in our October #SecChat, and stay tuned here in the blog and on Twitter at @McAfeeBusiness for our November #SecChat topic. To learn more about what McAfee is doing to optimize security in the next-generation data center, you can also visit our Data Center Solutions page.
Join Us for #SecChat Thursday on McAfee and Intel DeepSAFE Technology
This month at Intel’s Developer Forum in San Francisco, McAfee unveiled DeepSAFE with Intel, a new security technology that sits beyond the operating system, close to the silicon, and allows for a unique vantage point in the computing stack to better protect systems.
During our next #SecChat this Thursday, we’re opening up the discussion around DeepSAFE to the larger security community, and want to hear your feedback to the announcement. I’ll be joining the chat alongside a few other representatives from McAfee to hear your thoughts on DeepSAFE.
What questions do you want answered as DeepSAFE evolves, and we cover the technology more in our blogs and tweets? How do you think silicon-level technology will impact the greater security industry? Where do you see the benefits or pitfalls in this type of technology, and what could it mean to the enterprise? How do you see McAfee and Intel moving forward together?
Join the conversation this Thursday at 11am PT by following the #SecChat hashtag and @McAfeeBusiness Twitter feed, and share your input on how and DeepSAFE could impact your organization’s security program.
Logistics: How do I participate in #SecChat?
1. Find
- Create a search for the #SecChat hashtag to watch and participate in the real-time stream – we’ve found the easiest tool to do this is TweetChat, but other Twitter clients like TweetDeck work well too.
2. Follow
- @McAfeeBusiness will get the conversation rolling by posing a few questions to participants.
3. Engage!
- Tweet your reactions, questions and @reply to other chat participants.
4. Our One Rule: Use the #SecChat hashtag!
- Tag all your tweets with #SecChat so everyone can see your thoughts/comments during the chat. #SecChat should last about an hour.
Some of the latest resources on DeepSAFE include our FAQ, landing page on McAfee.com, and demo video at IDF, if you’d like more information before the chat. Other questions before Thursday? Don’t hesitate to reach out to us @McAfeeBusiness.
#SecChat this Thursday 8/25 – Securing the Next Generation Data Center
The modern data center is in transformation. Driven by industry trends in virtualization, cloud computing and green IT, data centers are now called upon to store, process and secure more information than ever before. Still, the data center remains the heart and soul of an enterprise’s technical infrastructure, and gaps in security can result in everything from brand damage and legal fees to regulatory fines and service downtime.
On Thursday we’ll host another #SecChat, and open the floor to discuss the challenges associated with securing the next generation data center. Some topics we’ll touch on:
-What types of initiatives and projects do you have underway or planned for your data center, and at what stage – design, post-design, implementation or post-implementation – do you think security should be a consideration?
-When it comes to consolidation, virtualization and cloud computing, are you using the same security solutions to protect both your virtual and physical environments?
-What and how many security products do you have deployed, and do you feel that having multiple vendors is causing any gaps in your protection?
-On the technical side, how important is protecting your hypervisor in your virtual environment, and which industry associations or analysts are you following to get guidance on your data center initiatives?
Recently, we ran a data center security study with Brocade, and discovered 62 percent of respondents are planning or engaged in data center upgrades, (many due to increased use of virtualization). Additionally, 29 percent of the respondents report that scaling server virtualization is a concern, and 32 percent report that bandwidth and traffic engineering are pressing issues. We’d like to hear from participants around these concerns, and if the survey results reflect a similar sentiment in your enterprise.
Join us this Thursday (8/25) at 11am PT by following the #SecChat hashtag and @McAfeeBusiness Twitter feed to share your thoughts and get constructive feedback as we discuss the latest trends, challenges and solutions in data center security.
As always, we welcome your comments and suggestions on this and any future #SecChat topics.
Logistics: How do I participate in #SecChat?
- Find
- Search for the #SecChat hashtag (via TweetChat, TweetDeck, or a Twitter client) and watch the real-time stream, starting at 11am PT this Thursday (8/25).
- Follow
- At 11am PT @McAfeeBusiness will get the conversation rolling by posing a few questions to participants.
- Engage!
- Tweet your reactions, questions and @reply’s to the chat, making sure to use the #SecChat hashtag.
- #SecChat should last about an hour.
Questions before Thursday? Find us on Twitter at @McAfeeBusiness.
July #SecChat Recap – Security Conferences
Last month, we hosted our monthly #SecChat on Security Conferences – what makes them worthwhile and how they can be improved. We wanted to gain insight from you, the attendees and presenters, into what conference organizers are doing right and wrong, and how mainstream security events will need to evolve in order to stay relevant in a web 2.0 world.
To begin the conversation, we asked if our participants thought that security conferences kept up with the latest trends, and if not, what should be added or updated. @JGamblin responded that large security conferences have a natural tendency to be behind the curve 3-6 months due to the CFP process, an observation supported by several participants, including @chort0 and @msarrel. @SecRunner and @gattaca also pointed out that larger conferences tend to have too many vendor-focused presentations.
Many participants recommended smaller conferences for their ability to organize quickly, which in turn allows them to deliver more timely information. @gattaca recommended BSides, SchmooCon and DefCon as conferences that are more likely to have current information, while @danielkennedy74 noted that though smaller conferences have a community feel, they also tend to be quickly overwhelmed.
We then asked participants what the benefits were in attending large security conferences. The majority of participants believed that networking was the biggest draw, with @lewisnic, @chort0 and @SecRunner (among others) all saying that they looked forward to discussions with different people and being exposed to new views and approaches. Indeed, as @danielkennedy74 pointed out, “A strategic security person must be exposed to different things (like both vendors and hard tech), and be wary of comfort zones.”
@Wh1t3Rabbit then noted that a main problem of security conferences is the lack of audience participation, while other participants criticized conference speakers for failing to engage the audience. @gattaca asserted, “if you can’t tell a story without slides, you can’t tell a story.” Participants then offered creative ways for presenters to increase audience participation, such as through quizzes, polls and raffles, as suggested by @jtyrus. @JGamblin shared his creative way to increase audience engagement, by giving away boxes of movie candy at all of his talks. Overall, as @djbphaedrus put it, speakers must make their environment dynamic and give participants a chance to find and speak about their own ideas.
Another recommendation that cropped up was the idea that security conferences need to take better advantage of social media. As I mentioned during the chat, so long as an audience can connect to a channel like Twitter through a smartphone, laptop or other mobile device, a presentation can become instantly interactive through real-time polls and Q&A sessions. Many participants, including @danielkennedy74 and @msarrel, also suggested that conferences broadcast their talks live online. Speakers can then phone in or join the conversation through social media channels and, as an added incentive for organizers, @lewisnic noted that posting slides and content online is a great way for conferences to showcase their content and attract attendees.
In sum, many participants agreed that interaction and communication are crucial to the value of any conference, whether big or small. Stay tuned for our next #SecChat towards the end of August, topic will be announced soon. Feel free to tweet at @McAfeeBusiness with any questions/feedback in the meantime.
May #SecChat Recap – Prioritizing Security for SMBs
Last month, we hosted our Twitter #SecChat on How To Keep Security a Priority, particularly for SMBs with limited IT resources. When it comes to security, attacks can happen regardless of your business size or type (as the recent and numerous security breaches at Sony can attest). How are SMBs supposed to prioritize security when they have a limited IT staff and resources that have already been stretched thin? This is exactly what we hoped to discover during our Security Chat.
To kick off the conversation, we asked participants what they considered to be the three most important things to focus on when you have limited security resources. @jsokoly pointed out that in most SMBs he’s seen, keeping security a priority isn’t the problem, but rather making it a priority in the first place is the problem—a sentiment echoed by many participants. @451wendy and @hal_pomeranz also chimed in, “One problem is that many of these SMBs fall below the ‘security poverty line’—can’t afford good IT, much less security.”
Matt Sarrel, @msarrel, put forth the suggestion that creating security awareness comes first—administrators need to know what’s going on in the security world and see how others defend their resources. @labnuke and @Wh1t3Rabbit further elaborated on the idea that knowledge comes first, pointing out that defining the problem is a crucial first step – SMBs need to know what data they need to protect and where this data is located. However, I pointed out during our chat, many SMBs put too much of their focus on web, email and malware, and many forget about protecting the data itself. @msarrel agreed that a lot of businesses don’t know where their data even lives or the financial value of that data.
Eventually the conversation shifted as @labnuke noted that many business leaders are too busy dealing with the actual business to take the time to define the value of their data, a task that he suggests seems to belong to IT. But, as @averagesecguy and @joshcorman both agreed, “As long as we are relying on overworked IT staff to implement security, we will never be doing enough.” @Wh1t3Rabbit added that most companies don’t spend on security because it’s not seen as a necessity, and @dewer agreed that many companies are reactive to the problem – they only spend when the problem occurs, and this usually results in spending more money than they would have if they invested in proactive security measures.
The conversation winded down with @451wendy asserting, “We have created a whole industry out of keeping security separate from IT, and now many people can’t afford to buy IT separately.” For SMBs to ‘get’ security, @andrewsmhay suggests that it needs to be presented to them as something that will help availability, or in other words, the complexity of security needs to be eliminated.
This message ties in strongly with the editorial brief McAfee recently published on managing security without having to live and breathe it. Our solutions reduce complexity, but are also designed for affordability and practical usability.
Stay tuned for our next #SecChat on June 23rd, 11am PT where we’ll discuss stealth crimeware. Feel free to tweet at @McAfeeBusiness with any questions/feedback in the meantime.
Stealth Crimeware – A New Reality. Join our June #SecChat.
Malware creators are getting smarter. Their attacks are becoming harder to detect, and a recent McAfee Labs & Intel whitepaper estimates that about 15% of malware uses sophisticated stealth techniques that allow them to remain hidden while simultaneously causing significant damage against enterprise targets. Stuxnet and the Zeus Crimeware Toolkit are powerful examples of how modern day criminals can use stealth techniques to steal data or target computing systems, and allow attackers to fully control operating systems and limit the risk of exposure.
Furthermore, many rootkits can self-heal and reinstall from a hiding place after a system has been cleaned, thus extending the time in which an attacker can control the compromised system. When faced with a compromised host that continues to leak data even after a system has been “cleaned,” it can become very costly for enterprises to perform complete reinstalls of their operating environments, or worse, replace the infected computers altogether.
Has your organization experienced a stealth attack or rootkit outbreak? How does your IT security team deal with these types of attacks? What is the impact and costs to remediate? We plan to discuss these questions and more during our next #SecChat – Thursday June 23rd at 11am PT.
McAfee and Intel are working to combine our knowledge in security, software and systems in order to stay ahead of smart malware attackers and stealth techniques. As an industry, we need to re-envision the way we think about maintaining enterprise security and better determine ways to detect and protect against stealth crimeware.
Be sure to join the conversation this Thursday, 11am PT on the @McAfeeBusiness Twitter feed – we look forward to hearing your thoughts on stealth crimeware.
To participate, follow #SecChat stream on search.twitter.com or your Twitter client, and engage by tagging your responses with the #SecChat hashtag.
June #SecChat Recap: Stealth Crimeware
Last week, we hosted our monthly #SecChat on Stealth Crimeware. When it comes to building malware, cyber criminals are getting smarter – employing stealth techniques with malware able to self-replicate and evade detection for long periods of time. It can be costly for enterprises to remediate the damage done to infected machines and networks. During this month’s #SecChat, we wanted to find out what challenges organizations face when it comes to the prevention and detection of stealthy malware.
To start the conversation, we asked participants to share the remediation costs or impact stealthy malware has had on their organization. @Labnuke noted remediation costs often get “lost” in many organizations that are only interested in getting services restored, an observation with which both @DaveMarcus and @0xjudd agreed. @DaveMarcus asked the chat if stealth detection was realistic, considering that security technologies and malware occupy the same “space.” @Labnuke noted security technology and malware tend to hide inside of each other, and that stealth malware is effective at detecting, disabling and evading security technology. @imaguid stated that as long as malware is active it can interfere, and therefore the only way to deal with malware is to make sure it doesn’t become active. @DaveMarcus then added that he often ponders over stealth detection effectiveness while inside the OS, since rootkits know exactly how to evade traditional models.
Following this, I asked if virtual environments are inherently more or less susceptible to rootkits than traditional systems, which elicited various responses. @grap3_ap3 thought they were equally susceptible, but @0xjudd suggested that virtual machines are not more or less secure, just less targeted. @DaveMarcus thought that VM environments are neither more or less secure objectively. He pointed out that VMs have a distinct advantage in that you can monitor them from the outside, and reiterated that moving beyond the OS is important. @451wendy chimed in that it comes down to how the system is managed and controlled, not whether it’s physical or virtual.
@Labnuke then noted that the issue in physical and VM worlds is how to remediate the problem while also determining at what point the infection happened, which @DaveMarcus agreed with. @gacevedo suggested that one could use behavioral analysis to determine at which point the infection happened. @Labnuke asked how one detects bad behavior, with @securelexicon wondering what research has been done in terms of studying the use of social engineering in concert with stealth malware. @DaveMarcus countered that the question on behavioral is if there is enough information to “convict” to a specific file or event – correlation is needed.
@joshcorman made an interesting point that people are over-focused on highly replaceable/recoverable data losses instead of more serious/irrecoverable losses. @labnuke added that multiple replaceable/recoverable losses can quickly add up to serious/irrecoverable losses. @securelexicon agreed, citing a recent pentest where he discovered a malware infection that was thought to be cleared of 6 months ago. Indeed, the problem of stealthy malware is not just about data loss, and during our chat I emphasized that with “reincarnating malware,” some people might just burn an entire infected system and backup tapes too, which can be very expensive for enterprises.
As we winded down the chat, @McAfeeBusiness asked what are the biggest obstacles are that organizations face when it comes to preventing the threat of stealthy malware. @joshcorman stated that stealthy attacks aren’t even required very often since people skip basic security measures like hardening or DefPassword. @labnuke suggested that the biggest obstacle is probably awareness, and as stealthy attacks by name mean “hidden,” a drive-by taking advantage of an unhardened system can result in exploits and loss. @DaveMarcus concluded that the OS and today’s security technology methodologies are known quantities – cybercriminals know our game, and change is needed to combat stealth crimeware.
Be sure to check out our recent whitepaper with Intel on The New Reality of Stealth Crimeware. Stay tuned for our July #SecChat, and feel free to tweet at @McAfeeBusiness with any questions/feedback in the meantime.
July #SecChat: Security Conferences – To Attend or Not to Attend
Cyber Security Conferences have been around almost as long as Cyber Security itself, but are they worth attending? During this month’s #SecChat, Thursday, July 28 at 11am PT, we want you to sound off and make yourself heard regarding our industry’s mass of mainstream and “hacker” security events.
We want to know what you, as attendees, would like to see more of at security conferences, and conversely, what you are downright sick of seeing. Are the hands-on hacking labs and how-to’s worthwhile for you? Or is there a need for more business-centric training? Are security conferences keeping up with the latest trends, or is there a need to change them going forward? Are the webcasts still interesting, or have they given way to Web 2.0?
On that note, if security conferences have lost their steam, how else are you keeping up to date with the latest in security trends? Who or what are your must read websites or blogs, your must listen to podcasts, or your must follow Twitter security experts? These are all things that we hope to learn during this month’s #SecChat.
So be sure to join the conversation this Thursday, 11am PT on the @McAfeeBusiness Twitter feed, and share your thoughts on both large security conferences (RSA, Blackhat, Interop) and specialized ones (OWASP, SecTor, DefCon).
To participate, follow #SecChat stream on TweetChat or your Twitter client, and engage by tagging your responses with the #SecChat hashtag. Hope to see you in the stream!