LayerOne Security Conference Video Available

Last weekend we participated in a smaller regional security conference in Pasadena California called LayerOne which occurs yearly at the Pasadena Hilton. There was a number of great talks and I provided one on the evolution of cyber-crime and it’s prevalence. I am making the video available here.

Yesterday’s Webinar Available!

Yesterday’s webinar on Customer Privacy, Malware and Government Regulations is now available for your viewing pleasure. Enjoy!

http://www.itsecurity.com/webinar/enterprise-malware/?tfso=1409

 

Why Security-as-a-Service reduces total cost of ownership (TCO)

Recently I have been getting a number of questions concerning the cost savings of a security-as-a-service (SaaS) model versus a traditional on-premise solution. While there are certainly a number of direct benefits to the end-user (easier to use and easier to upgrade), I thought for the purpose of this article to elaborate on the most important one: “reducing the total cost of ownership (TCO) via the outsourcing of security services”.

So what is exactly meant by reducing the total cost of ownership? Well according to industry analysts a good portion of small to medium sized companies out-source their security services to a 3rd party provider. Obviously this strategy has real benefits especially to companies who lack the technical ability to manage and maintain an on-premise anti-malware solution.

Because SaaS traditionally hasn’t resided on-premise it takes the overhead of managing and maintaining a complex myriad of technologies and places the responsibility with the provider. Take for example a small medicare facility with 100 employees; now if we factor in the following variables into the equation and apply it to a SaaS model we can clearly see the reduction in TCO:

Direct costs with an on-premise solution:

* 2 hrs to install the management server at $200 per hr (average technical consultation fee)

* $1000 to $1500 for hardware (necessary for the management server)

* $800 to $1000 for Microsoft Windows 2003 Server licenses

Overall initial cost (not including the anti-malware licenses or the yearly technical support contract to support various products – i.e the server, the anti-malware product, etc) = $2900

Direct costs with a SaaS solution:

A SaaS solution does not have any direct costs in terms of infrastructure or on-going management as it is being out-sourced (the only associated costs are that of the anti-malware subscription). With an on-premise solution there is a much higher initial and on-going cost as hardware tends to require maintenance and because their is a lack of technical skill in-house; outside help is required to maintain the anti-malware product.

In conclusion SaaS promises to revert the trend and reduce costs while helping mid-size companies to realize security, but within their budgets.

  

Anatomy of a data breach part 2

In this second part I am going to talk about utilizing different methods of protecting sensitive data-at-rest by using system hardening. The overall goal is to obviously implement an effective strategy to reduce the potential of a data breach (keeping in mind it’s all about best efforts when meeting compliancy). First of all we have to understand how a data breach is conducted and what methods are used to access internal protected information.

The purpose behind such an attack is to expose or alter information of value to the hacker such as patient information, financial records, proprietary company data, etc that can be used to gain profit. Because attacks are often targeted and slip by existing anti-virus defenses, the hacker will know a great deal about the web platform and the current security mechanisms behind it before launching his assault.

There are several ways of attacking these applications and getting access to the data:

1. SQL injection attack (this attack can range from simple insertion of a script to completely taking over the server).
2. Code injection attack
3. Planting malware on servers
4. Exploiting zero-day vulnerabilities in Apache or Internet Information Services (IIS)

It’s important to monitor and protect sensitive information on servers. According to official sources the TJX Max breach began with hackers compromising a wireless network at a Marshall’s store and gaining access to servers at corporate HQ. Because the hacker had gained administrative access he was capable of FTPing credit card information outside the environment and inserting custom written malware to intercept transactions in real-time.

For the purpose of this article we will look at how one can enforce additional security (on specific files that we don’t want leaving a specific server) using the built in security policies within TruPrevent technologies. In the example shown below I created a file access control rule preventing the piece of information from being altered, copied and in this case read to other systems (including external systems).

Figure # 1 Shows the directory we are protecting

 

 Figure # 2 We attempt to move the protected information to another server or an external FTP site (like in the TJX Max breach)

 

Figure # 3 We now get an error from Windows and a pop-up from TruPrevent indicating the action can’t be performed

 

 

Eleven months of writing for the Information Security Systems Association Journal

I have been writing now for eleven months in the Information Security Systems Association Journal (ISSA). These articles have been primarly focused along the lines of sharing information concerning the emerging threat-landscape and what we are seeing from a Panda Security perspective. Therefore; I thought I would share a little history with you by making these articles available for download.

* The Crimeware Ecosystem

* Targeted Scams: A new Trend

* From Traditional AV to Collective Intelligence

* The Silent Epidemic (the very first article)

* Targeted Financial Attacks

* Server-Side Polymorphism

Thoughts or comments?