LayerOne Security Conference Video Available

May 23, 2008

Last weekend we participated in a smaller regional security conference in Pasadena California called LayerOne which occurs yearly at the Pasadena Hilton. There was a number of great talks and I provided one on the evolution of cyber-crime and it’s prevalence. I am making the video available here.


Yesterday’s Webinar Available!

May 22, 2008

Yesterday’s webinar on Customer Privacy, Malware and Government Regulations is now available for your viewing pleasure. Enjoy!



Why Security-as-a-Service reduces total cost of ownership (TCO)

May 22, 2008

Recently I have been getting a number of questions concerning the cost savings of a security-as-a-service (SaaS) model versus a traditional on-premise solution. While there are certainly a number of direct benefits to the end-user (easier to use and easier to upgrade), I thought for the purpose of this article to elaborate on the most important one: reducing the total cost of ownership (TCO) via the outsourcing of security services”.

So what is exactly meant by reducing the total cost of ownership? Well according to industry analysts a good portion of small to medium sized companies out-source their security services to a 3rd party provider. Obviously this strategy has real benefits especially to companies who lack the technical ability to manage and maintain an on-premise anti-malware solution.

Because SaaS traditionally hasn’t resided on-premise it takes the overhead of managing and maintaining a complex myriad of technologies and places the responsibility with the provider. Take for example a small medicare facility with 100 employees; now if we factor in the following variables into the equation and apply it to a SaaS model we can clearly see the reduction in TCO:

Direct costs with an on-premise solution:

* 2 hrs to install the management server at $200 per hr (average technical consultation fee)

* $1000 to $1500 for hardware (necessary for the management server)

* $800 to $1000 for Microsoft Windows 2003 Server licenses

Overall initial cost (not including the anti-malware licenses or the yearly technical support contract to support various products – i.e the server, the anti-malware product, etc) = $2900

Direct costs with a SaaS solution:

A SaaS solution does not have any direct costs in terms of infrastructure or on-going management as it is being out-sourced (the only associated costs are that of the anti-malware subscription). With an on-premise solution there is a much higher initial and on-going cost as hardware tends to require maintenance and because their is a lack of technical skill in-house; outside help is required to maintain the anti-malware product.

In conclusion SaaS promises to revert the trend and reduce costs while helping mid-size companies to realize security, but within their budgets.


Anatomy of a data breach part 2

May 22, 2008

In this second part I am going to talk about utilizing different methods of protecting sensitive data-at-rest by using system hardening. The overall goal is to obviously implement an effective strategy to reduce the potential of a data breach (keeping in mind it’s all about best efforts when meeting compliancy). First of all we have to understand how a data breach is conducted and what methods are used to access internal protected information.

The purpose behind such an attack is to expose or alter information of value to the hacker such as patient information, financial records, proprietary company data, etc that can be used to gain profit. Because attacks are often targeted and slip by existing anti-virus defenses, the hacker will know a great deal about the web platform and the current security mechanisms behind it before launching his assault.

There are several ways of attacking these applications and getting access to the data:

  1. SQL injection attack (this attack can range from simple insertion of a script to completely taking over the server).
  2. Code injection attack
  3. Planting malware on servers
  4. Exploiting zero-day vulnerabilities in Apache or Internet Information Services (IIS)

It’s important to monitor and protect sensitive information on servers. According to official sources the TJX Max breach began with hackers compromising a wireless network at a Marshall’s store and gaining access to servers at corporate HQ. Because the hacker had gained administrative access he was capable of FTPing credit card information outside the environment and inserting custom written malware to intercept transactions in real-time.

For the purpose of this article we will look at how one can enforce additional security (on specific files that we don’t want leaving a specific server) using the built in security policies within TruPrevent technologies. In the example shown below I created a file access control rule preventing the piece of information from being altered, copied and in this case read to other systems (including external systems).

Figure # 1 Shows the directory we are protecting


 Figure # 2 We attempt to move the protected information to another server or an external FTP site (like in the TJX Max breach)


Figure # 3 We now get an error from Windows and a pop-up from TruPrevent indicating the action can’t be performed



Eleven months of writing for the Information Security Systems Association Journal

May 20, 2008

I have been writing now for eleven months in the Information Security Systems Association Journal (ISSA). These articles have been primarly focused along the lines of sharing information concerning the emerging threat-landscape and what we are seeing from a Panda Security perspective. Therefore; I thought I would share a little history with you by making these articles available for download.

* The Crimeware Ecosystem

* Targeted Scams: A new Trend

* From Traditional AV to Collective Intelligence

* The Silent Epidemic (the very first article)

* Targeted Financial Attacks

* Server-Side Polymorphism

Thoughts or comments?


Webinar on Privacy and Security – Win a Garmin GPS!

May 20, 2008

Free Live Webinar on May 21 @ 10AM PST / 1PM EST

New breeds of malware – spyware, adware, Trojans, and viruses – are rapidly infecting networks and exposing businesses and their customers to unprecedented security risks. The government is now mandating that corporations effectively protect the privacy of individuals and ensure the confidentiality and integrity of sensitive information.

Protect Your Corporate Information and Assets!

Get 16 tips to help you protect your corporate network from malware threats:

• 3 ways to safeguard against malware threats and comply with regulatory standards
• 5 technical safeguards that will significantly reduce your enterprise’s risk
• 3 ways to measure inadequacies during a security audit and if assets are already being compromised with
undetected malware
• 5 ways to evolve security best practices for crimeware and potential infection targets and Panda Security US have partnered to offer you this exclusive FREE live webinar.

Join us for a chance to win
Attendees to the live webinar will be entered for a chance to win a Garmin GPS. One winner will be selected from the audience by random drawing.*


Technology - The internets fastest growing blog directory

How regulations affect small to mid-size companies

May 20, 2008

It’s important to note that not only are large corporations affected by regulatory standards, but the small and mid-size companies are also equally affected; especially when their core business is dealing with protected classes of information by law (patient information, credit card information, financial data, etc).

A very good example is a regional medicare facility that has less then 500 employees. Now one may think that they are not subject to the same regulations mainly because of their size, but HIPAA is HIPAA and it applies to any organization that stores and maintains patient privileged information. 

For example if this fictional medicare facility were to have a screen-logger on a PC containing any of the above classes of information this could lead to a potential violation of the following and could result in fines:

HIPAA §164.308(a) (4) that pertains to protecting health information: “implement technical policies and procedures for electronic information systems that maintain electronic protected health information to allow access only to those persons or software programs that have been granted access rights as specified in §164.308(a) (4) [Information Access Management]”

It also leads me to believe that controls implemented around enforcing compliance doesn’t always lead to assurance that one is protected. This is particulary true regarding the recent high profile data security breaches occurring with corporations that have all followed regulatory standards, but some how were still compromised.

In conclusion security should not be ignored within small and mid-size companies. Especially if these companies handle protected classes of information.