Posts Tagged ‘Wikileaks’
Posted by Tom Kendall in Cybersecurity, Network Intelligence, Risk Management, Security Intelligence, Threat Management
This past weekend I watched a documentary on More4 that delved into the Wikileaks scandal. “Wikileaks: Secrets & Lies” went into great detail explaining how Julian Assange served as a middleman in this scandal. Although Julian Assange is viewed as the face and spokesperson for Wikileaks, the documentary showed that Assange would not have had any global status if it weren’t for insiders who are willing to send sensitive information to the organization.
This programme was not broadcasting how a hacker could break into a network and steal information; it uncovered a deeper concern of how an insider can revolt, stealing privileged information from inside the network and causing havoc along the way.
This threat is a concern that should be top of mind for organizations. In a report published by Verizon on Business Data Breaches, they found that 48% of total data breaches were caused by insiders and 48% of breaches involved a misuse of an insider’s privileges.
Although identifying the risk of an insider threat was highlighted, the documentary really drove home the need for better security measures, so these incidents can be prevented or halted as they occur and the people responsible can be identified and punished.
For companies without proper security technology, identifying the “rogue insider” is not an easy task. Wikileaks is an excellent example of why traditional perimeter security defenses, such as firewalls and anti-virus software, are no longer sufficient in the “post-perimeter” world. To prevent these types of incidents, organizations should deploy automated technologies that continuously monitor and correlate user activities across various sources (such as network devices, OS logs and applications). This Total Security Intelligence will allow rapid detection of unusual activities such as a large number of sensitive documents being downloaded from a SharePoint server during off-hours or from a remote access location.
To learn more about how Total Security Intelligence can help combat these insider threats and how organizations are using QRadar as the key component for their IT Security, click here.
Posted by Heather Howland in Cybersecurity, Federal, Risk Management, Security Intelligence, SIEM, Threat Management, Webinars
The steady drumbeat of news stories describing critical infrastructure breaches, whether they are inside-out or outside-in are shining a very bright light on need for total security intelligence from the predictive/prevention phase through the reaction/remediation phase.
WikiLeaks/Pfc. Manning and Stuxnet, although very different in execurion, have illustrated a set of common and fundamental security issues. First, it’s clear that with cyber espionage developing increased sophistication on a global scale, actionable intelligence not log collection and manual analysis, is required as a key defensive element. Second, behavioral analysis and anomoly detction are emerging as the essential technolgy for combating dangerous malware, as well as targeted insider exploits.
IT Security decision-makers across Federal and Commercial organizations need to face the reality that nation state/state sponsored cyber warfare is targeting critical infrastructure like never before. This not only crosses industrial boundaries, but also creates implications that could turn the world on its side by potentially impacting essential utilities: imagine how a massive loss of power or energy could impact a country’s economy and ability to defend itself.
Join Q1 Labs’ CSO Chris Poulin for an interactive webinar on February 24 at 2:00 PM EST, where you will learn:
- Why context (assets, network, applications, users) and situational awareness are necessary for advanced threat detection
- How Enterprises are using Security Intelligence to combat insider threat and external cyber espionage
- How the QRadar Security Intelligence Platform can help detect threats others miss while massively reducing false positives
Register today and reserve your place – this webinar is limited to the first 200 registrants.
Posted by Tom Turner in Threat Management
Q1 Labs got a well deserved 15 seconds of fame yesterday on New England Cable News, asserting that the NASDAQ Hack is just another example of why enterprises need security intelligence and total visibility in this day and age.
Can we say for certain that anything is different about this attack than the activity demonstrated by Stuxnet, or the motives exhibited by the perpetrator of ‘Wikileaks’? Until we know more, it is too early to tell.
Can we say for certain that some things are shared across all of these recent threat vectors? Absolutely we can: low and slow penetration of a network followed by stealthy persistence of the threat vector. In fact, even before these networks were compromised you can be sure that there was a period of subversive probing for network entry points.
The harbingers of these threats exist but were likely missed in the early phases because organizations didn’t have visibility into their network blind spots, or impact analysis features to detect intruders or insiders who are hell-bent on covering their tracks. Clearly this has to change, and 1600 customers that we know well, have already decided that is reality and made the necessary investments.
The only downside of TV coverage for Q1 Labs? Proving that some execs still reflect that maternal, back-handed compliment: ‘ah my son, you have a fine face for radio’.
Posted by Tom Turner in Cybersecurity, Security Intelligence, SIEM, Threat Management
Over the weekend, the Wall Street Journal brought to light the fact that the company that owns NASDAQ had been breached, including the Director’s Desk website, a portal that allows upwards of 10,000 directors at Fortune 500 companies to securely share confidential documents. This breach is yet another example of enterprises being at the mercy of hackers. But, in our eyes, it doesn’t have to be that way.
George Hulme from InformationWeek put it nicely in his post yesterday about the incident: “complying with security standards, having good authentication and authorization systems in place is great. So are IDS systems. But no matter how many layers of security are in place, what matters is how well it’s all orchestrated together.” The key sentence here is this: “what matters is how well it’s all orchestrated together.”
When all is said and done, this hack is no different than Stuxnet, the Google breach, Wikileaks, etc.; they are all connected, all the same, nothing new, and no company is safe from Cyber-Espionage. The key theme is low and slow advanced persistent threats, where hackers invade the environment and covertly do nothing…until they do something! China is trying to hack into the IP of every American enterprise, no matter how large or small. These breaches scream for the need for Security Intelligence – the ability to see every action taking place on your network.
The most glaring mistake by companies that endure these types of attacks is their lack of ability to detect anomalous behavior, which is critical, and unique in our SIEM solution. Nobody knows how long those suspicious files were in place, which is scary, however even if customers don’t detect the behavior right away, it’s still imperative to conduct an impact analysis: know how the breach occurred, how the systems were compromised, and the actions taken by the bad guys. This knowledge, is what we call Security Intelligence.
Posted by Chris Poulin in Cybersecurity, Threat Management
Every year vendors rush to be in the first clump of prognosticators for the new year. We get to read such gems of insight as compliance will continue to drive security, Windows 7 will prove more secure than XP or Vista (yet not perfect), and CIOs will fawn over cloud services. I could have inserted dozens of links just there but resisted the urge in order to protect the masters of the obvious.
Of the dozens I read a year ago, none predicted Stuxnet, Wikileaks or Operation Aurora, although there were a few dire predictions that cyberwarfare was going to escalate in 2010. Thing is, if the prediction turned out to be false in reality, the Chicken Littles would have proclaimed that it had come to pass anyway at the mere scent of a well publicized incident originating from a IP address in China. Look, if you’re going to predict something general, at least choose the road less traveled; otherwise it’s just self-fulfilling prophesy by consensus.
But hey, I work for a vendor, so why not join the lemming run? We are all individuals; I’m not.
So here are three top of mind predictions:
- According to the Gartner Hype Cycle 2010, Cloud Computing is at the Peak of Inflated Expectations. Consumers are flocking and providers are building as fast as they can, just like the 3 Little Pigs. We’re going to to find out soon which architectures are made of straw, sticks, and if there are any made of brick. A security incident in a public cloud, something more consequential than the recent Microsoft BPOS Data Leakage incident, is going to drive the cycle into the Trough of Disillusionment, weed out the hobby shop providers, and test consumers’ stomach for risk in the cloud. Cloud providers will have to retool in order to give users more control of, and visibility into, the security of their own data.
- I’ve said it before: cyber warfare makes no sense in a battlefield context. The amount of effort and coordination it would require to take down a national infrastructure in a developed country is tremendous. There is no single “power grid” to attack, and at least in the US the electric power system is a complex, distributed network of independently owned and operated power plants and transmission lines. Theories of cascade-based attacks are academic and unproven. The more complicated a plan, the less likely it is to succeed; the plan itself is more likely to fail than the target. We won’t see cyber warfare erupt any time soon. There may be targeted, tactical attacks, like Stuxnet, or cyber terroism, but the real threat we’ll discover is cyber espionnage. We’re likely to find evidence of wide-spread spying using computers as the perfect bugs. With the proliferation of both user- and rear-facing cameras in portable computers and smartphones, cyber espionage won’t just be relegated to harvesting local data or network sniffing on strategic DoD computers, but will be found in major kernel distributions.
- And finally, an anti-prediction: there will be no dire new security threat in social media. Your aunt will continue to click on dubious links and invitations and get clickjacked or infected by a drive-by download. The debate on imposing Draconian measures to block social networking or whether allowing it will jet fuel your hockey stick aspirations, will continue. Your users will expose things they shouldn’t, but no one who wasn’t going out of business anyway will go under as a result.
So there it is. I could have gone on for a couple of dozen more…well, guesses really, but the real interesting incidents are the ones that come out of left field. And anyway, if I predicted last year that a sophisticated worm created by a nation state and targeted to disable Iran’s nuclear capability would have surfaced, you’d all think I was a crackpot conspiracy theorist. So I’ll keep the really good ones to myself for now.
The latest on Cyber Security