Salutations, pop culture and security lovers! Everyone has a favorite bad movie, with bad acting, which they can’t resist watching from time to time. I am one of those cult classic movie lovers that can appreciate the awful acting in “Plan 9 from Outer Space” from the now infamous director Edward D. Wood Jr. You have to love the cheesy space ship sets made out of cardboard, and the clunky entrances and exits by the “B” rated actors. And don’t forget the last known performance of Bela Lugosi, in which he walked around his front yard with a haunting, evil stare. Scary!

At this point you may find yourself asking, what does this have to do with data security? In the Managed Security Service Provider (MSSP) space, we like to refer to all of the bad folks wreaking havoc on the internet as “bad actors”. These “bad actors” can be anything from botnets, phishing, command and control sites to malware infected web sites. In order to provide value to our clients, it is important to notify them as quickly as possible when they are potentially interacting (knowingly or unknowingly) with these “bad actors”.

The Plot Thickens

Solutionary has developed the ability to dynamically receive updates from third party sources such as Google Bad List, PhishTank, and Netcraft among others and automatically integrate them into our ActiveGuard platform. We then can correlate this information against device logs received from the client base. The result is that when a client interacts with a “bad actor”, we can quickly analyze the event, determine that the “bad actor” was involved, and provide the proper notification to the client to minimize any damage that could result from such an interaction.

One example would be if we received a firewall log based on a ping from a black-listed, known attack source. Another example would be if we received a web proxy log indicating a user is visiting a known malware command and control web site. In each case, the severity of the event would be elevated based on the correlation of the “bad actor” interaction, and the log information received from the client. In turn, this elevated event would bubble up to the surface in the Security Operations Center (SOC) who would subsequently perform a client notification.

List Maintenance Challenges

One of the main challenges is the ongoing maintenance of the “bad actor” list. The list is currently over 500,000 entries and growing. As you can imagine, this maintenance requires significant resources to ensure data integrity, accuracy, and that the information is being processing correctly. Most clients simply do not have the resources or technology in place to maintain such a vast and ever-expanding list, hence our use of multiple managed lists.

A Unique Global View

One advantage we bring to the table as a MSSP is a unique global view of security events across our entire client base. We are in the process of creating and maintaining a separate “bad actor” list based on attacks conducted across the client base. We can detect and validate attacks for a single client, and then the known “bad actor” list can be dynamically updated to protect the entire client base. In this way, attacks on “the one” help “the many”. Additionally, we are also developing the ability to add client generated black-list information into the ActiveGuard platform so if you have specific black listed sites we will be able to actively manage that as well.

Solutionary’s Security Engineering & Research Team (SERT) 

I need to mention how this relates to our Security Engineering & Research Team (SERT). This team consists of over 50 security professionals who research emerging threats, vulnerabilities, detection techniques, attack trends and security landscape to protect and provide our clients with early warning notifications of risks and threats. Along with updating the black list, our SERT performs some of the following activities:

• Forensics
• Global threat analysis
• Continuous threat analysis and incident response
• Vulnerability Discovery
• Emerging vulnerabilities
• Develop custom signatures for zero-day vulnerabilities and emergency threats
• Quarterly security awareness training
• Monthly report trending
• Research trending for forecasting and understanding threats
• Research detection techniques to improve our already long-established and patented security framework.

I would like to thank Don Gray and Brad Curtis for their contribution to this blog. Until then, and as always, ride safe, crank up the tunes, and stay secure!

Salutations, pop culture and security lovers! I remember my first iPod way back when they first came out. I loved the idea of not having to carry around all of my CD’s with me everywhere I went. Several years later, I upgraded to the iPhone, and recently have enjoyed the freedom to receive email and calendar updates in real time. (Yes, my boss found “an app for that”). However, I still like my original iPod for music (call me old fashioned). Enter this slick new tool (toy for some) called the iPad. Besides the name being somewhat interesting, the device is making a huge splash with the public. Due to its popularity, we are even seeing iPad interest in the managed security circles that we work in on a daily basis.

 

 

 

 

At this point you may find yourself asking, what does this have to do with data security? The other day I was doing a portal demo for a client and the gentleman mentioned he was rolling out iPads to some of his staff.

He was wondering if the ActiveGuard security and compliance portal supported the iPad browser. As it turned out we do in fact support the iPad interface with our security and compliance portal (Solutionary recently rolled out iPad support last month at the Gartner Security and Risk Management Summit). Now a client can be enjoying multimedia browsing, rock and roll, and still keep an eye on real time security event information. That is what I call freedom.

Given the recent high profile iPad security breaches I want to take the time to raise security awareness about protecting this new and popular endpoint. Recently my colleague Jon Heimerl specifically addressed this issue in a white paper titled "Endpoint Security and the iPad".

Check out Jon’s full paper when you get a chance. Until then, here are several tips to protect the iPad from a security perspective:

Physical Protection

It sounds like a no-brainer, but keeping the device (and all portables) as close to your vest as possible is always good. The old saying “out of sight, out of mind” applies here. This is especially true now when the iPad is ‘eye candy” to so many prying eyes.

Access Protection

It’s amazing how many folks do not enable passwords on these devices. A simple four digit pin is better than nothing, and could somewhat discourage a run of the mill thief. I know I even use simple 4 digit pins on the TV remote just to drive my kids crazy.

Logical Protection

This involves running some sort of anti-virus or personal firewall endpoint software on the device. Although applications of this type may not be widespread yet, you can bet the bad guys would love to infect America’s favorite new toy. If you think about it, this is a huge new attack surface that is growing larger every day.

Data Protection

Make sure you have enabled encryption whenever possible. Don’t forget to back up any personal data that may be stored on the device. Be especially careful to protect personal identifiable information of you and your loved ones. I for one am concerned about the thief of my portable device looking up my home address to plan for his next crime.

Communications Protection

If you use the iPad for communication to your corporate LAN, make sure you are doing so over some sort of encrypted link. This is especially a concern at airports, and other open Wi-Fi hot spots. The last thing you want is to be the target for a “man in the middle” type attack that could compromise sensitive data in transmission.

I would like to thank Jon Heimerl for his contribution to this blog. Until then, and as always, ride safe, crank up the tunes, and stay secure!