Many Security Professionals Don’t Understand Modern Malware

One of the most famous quotes attributed to Sun Tzu is, “If you know your enemy and know yourself, you need not fear the results of a hundred battles.” This statement should certainly apply to the current cyber threat landscape. Security professionals should have strong knowledge about new types of malware, the cybercrime market, and the tactics used by cyber adversaries so they can design and implement the appropriate countermeasures.

Yup, security professionals should know about sophisticated cyber threats in order to bolster defenses and detect anomalous network behavior. Unfortunately, many security professionals aren’t nearly knowledgeable enough in this area. ESG recently published a new research report titled, Advanced Malware Detection and Prevention Trends. The data gathered for this report revealed that:

  • 40% of enterprise security professionals (i.e., those working at organizations with more than 1,000 employees) are not very familiar or not at all familiar with polymorphic malware
  • 40% of enterprise security professionals are not very familiar or not at all familiar with metamorphic malware
  • 41% of enterprise security professionals are not very familiar or not at all familiar with modern malware packing techniques
  • 50% of enterprise security professionals are not very familiar or not at all familiar with malware Command & Control (C&C) communications techniques
Topics: Information and Risk Management Security and Privacy

Look out Apple, here comes the HP SDN App Store!

One of the most interesting parts of software-defined networking is the ability to leverage a programmable switching and routing environment (physical, virtual, or both) via centralized controller to run network services or applications. The reason I find it is so interesting is because it actually helps to solve real problems network teams face.

Citrix CloudPlatform Delivers IT-as-a-Service

Most folks likely know of Citrix as the mobility and application delivery company, but its CloudPlatform success also deserves some attention from enterprises and service providers building out an IT-as-a-service. Citrix has, albeit rather silently, built up a rather impressive list of service providers and enterprises that have deployed CloudPlatform. These are service providers that are delivering IaaS to its customers and enterprise IT shops that are lighting up self-service for its end-users.

Topics: Cloud Computing Private Cloud Infrastructure Citrix ITaaS

Big Data Security Analytics FAQ

I’ve been having a lot of conversations with security professionals about big data security analytics. In some cases, I present to a large audience or I’m on the phone with a single CISO in others.

While big data security analytics content varies from discussion to discussion, I consistently come across a lot of misunderstanding around the topic as a whole. This is understandable since “big data” is really a marketing term that the industry has all but coopted. Worse yet, security vendors have glue the mystery of “big data” and, the misconceptions of security analytics, and marketing hype together. No wonder why security professionals remain confused!

Topics: IBM Cybersecurity Data Management & Analytics Hadoop Information and Risk Management Dell Enterprise Software Security and Privacy Security big data security analytics SIEM LogRhythm ArcSight Leidos RSA netSkope click security APT Packetloop

When Zen is Spelled XEN

Sometimes it is just a feeling you get, and if you are lucky enough to get it, it permeates every atom of your being. Last week I got that feeling, though I must admit – just a tad of it was the awesome weather in the San Jose area. The rest of it came from being at a company that is really different than most because from the CEO down they couldn’t stop being just plain nice people. The company name might surprise you – Citrix – where I and several of my colleagues got a couple of days of up close and personal time with their top execs. It is always enjoyable to listen to people who are passionate, driven, and who can tell a story. Listening to Mark Templeton, Citrix CEO, was just like that. And it is much more than charisma – it is his love for all things technology related, his passion for his company’s mission, his belief in how they are changing the world. His presentation started with their company statement on creating value: Culture plus empathy, employee value plus customer value.

And the feeling didn’t stop with Mark--it was everyone from Citrix I met. And it wasn’t just about the people – I got to see their latest technology face to face, demonstrated live. Nothing like going into a demo center filled with OTHER COMPANIES' gear. Apple, Google, Microsoft, Dell, HP, Cisco, and so on. Citrix end point solutions demos were really stellar - because of the technology, the geek ambiance of the room, and the demo guru who was funny and excellent at his job. Seeing XenMobile, XenDesktop used on an iPad used as a Surface with full support for Microsoft gestures – you have to see it to believe it. Or moving from an Android tablet to a latop running Windows to an iPhone with the session moving from device to device seamlessly. And it doesn’t stop there – they continue to enhance their security and deep networking technology based on NetScaler as well. This was matched to their strategy of: Work is not a place, simpler is better, any-ness wins. XenDesktop and XenMobile provide an awesome end-user experience that goes way beyond the virtual desktops of yesterday.

Topics: Cloud Computing Private Cloud Infrastructure Citrix

VCE Continues to Demonstrate Solid Momentum

VCE remains the vendor that, when I mention their name, the lights go on and people seem to get the value of ICPs (integrated computing platforms). While many vendors are participating in this market, VCE’s early market presence and leadership continues to build momentum amongst the industry and its customers.

VCE's most recent announcement was packed with momentum and further validation of the areas of focus they spoke of in 1H2013. These new announcements include:

  • vBlocks: New vBlock 340 with EMC Next Gen VNX & a specialized system vBlock for high performance databases (well timed for the 60,000 attendees at Oracle Open World 2013)
  • Vision 2.5 improvements with additional integration with VMware and tied into Cloud Accelerator Services
  • Go to Market Partners: Expanded programs and increased incentives
Topics: Cloud Computing Storage EMC Cisco IT Infrastructure VMware Private Cloud Infrastructure Networking Compute integrated computing platforms ICP VCE

Organizations Remain Vulnerable to Insider Attacks

Over the past few years, the security community has focused its attention on attacks coming from Odessa, Tehran, and Beijing. On balance this is a good thing as we are learning more about our cyber adversaries. That said, what about insider attacks? Back around 2008, insider attacks were viewed as the most dangerous of all since insiders tend to know what they want, where it is, and how to get it.

Topics: Cloud Computing Information and Risk Management Security and Privacy Security malware Booz Allen Hamilton nsa Edward Snowden Anti-malware APT

The International Security Community Should Embrace the STIX and TAXII Standards

Most experts agree that security technologies based upon signature files (DATs) alone can no longer provide adequate security protection. Why? There is simply too much malware volume so it’s harder for the security industry to keep up with the bad guys. Furthermore, polymorphic and metamorphic malware is designed to change its appearance. You can’t match a pattern if the pattern keeps changing.

Yup, signature-based technologies need help and this help often comes in the form of cloud-based security intelligence. Trend Micro was a pioneer in this area when it introduced its Smart Protection Network (SPN) several years ago. As of today, cloud-based security intelligence has become a staple that is used by most security vendors including Blue Coat, Cisco, IBM, McAfee, Symantec, and Webroot. What’s more, security intelligence is used all over the place for threat detection, IP address reputation, URL reputation, malnet research, etc.

Topics: Information and Risk Management Security and Privacy

Why is Cisco Getting into Security Services?

Last week, Cisco announced that it was forming a services group to deliver professional and managed security services. The company also announced the hiring of Bryan Palma as Senior VP and GM to lead this new group. Palma comes to Cisco from Boeing where he held the title of VP of cyber and security solutions.

Topics: Cisco Information and Risk Management Security and Privacy security services managed services

Fail Factors: Why Startups Die - There Are No Fed Funded Tech Business Models

It's been a while since I've seen a new way to fail in business, hence the dearth of additions to this series. But now we have a new one - the fantasy business model.

Analyze This!

Analyze This!

Topics: Cloud Computing Analytics Big Data Data Management & Analytics Enterprise Software pivotal Tier 3 Sumo Logic

ESG Research Report Describes a Major Transition Coming to Endpoint Security

ESG just published a new research report titled, Advanced Malware Detection and Prevention Trends. The publication follows up on a 2011 research report on APTs and is based upon a survey of 315 security professionals working at enterprise organizations (i.e. more than 1,000 employees) in North America.

Topics: Information and Risk Management Security and Privacy Malwarebytes bromium Invincea Bit9

What’s in your ITaaS Shopping Cart?

When it comes to making the transition to the cloud, IT has a big job on its hands. It is complex, hard to do, and even harder to explain to management and the business units. When you think about it, the end-user experience should be nothing less than awesome. As cloudies will espouse – it should be on-demand and self-service. Make no mistake about it – IT would LOVE this! There are a couple of caveats that are new issues for IT and the business and they are not only technology oriented. The first one is IT is usually structured around a fixed budget – which makes the transformation to an on-demand IT resource a challenging business problem. How do you price your on-premises services? Who is using what services – many companies' IT departments aren’t even sure who is using AWS, Dropbox, or other SaaS applications without their approval or knowledge.

The second issue is even if the business can work with IT to shift to on-demand – how does IT pull it all together into a cohesive set of services that an end-user can understand? Also what about actually making all the services work together – like having single sign-on? Chargeback? Federation?

Topics: Cloud Computing cloud Ostrato ITaaS

You now have one less way to recover your data – and you probably didn't realize it

BE AWARE that today’s laptop and mobile devices have one less recovery option than they used to.

This particular customer service announcement is targeted mostly at business executives and the IT professionals who support them.

Topics: Storage Backup End-User Computing Data Protection Information and Risk Management mobile BYOD Jason Buffington BaaS

Cisco Acquiring Whiptail Amplifies Focus on the Storage Tier

The much anticipated intent from Cisco to acquire storage assets became the real deal today. Cisco announced it will complete the transaction for approximately $415 million in cash and retention-based incentives. Cisco’s investment in storage technology should not come as a surprise to anyone as it makes perfect sense given two trends:

  • The IT server, network, and storage infrastructure is collapsing into a single system designed as a turnkey building block coupled with management tools that gather intelligence, report out to the IT operator, and simplify the management and maintenance of IT infrastructure. Couple this with the added business benefit of improved time to value and you have a series of compelling reasons to change the way IT infrastructure is consumed and managed.
  • Virtualize everything. Server virtualization has paved the way for vendors to take the same benefits realized with server virtualization and build upon its success in the network and storage arena. Look at VMware’s and Microsoft’s storage strategy. They both move the storage intelligence to the server tier and cast the net out to multiple tiers of storage. Now Cisco will have local server disk capacity, server side memory caching capabilities, and a solid-state tier with Whiptail.

ESG has been keeping close tabs on the ICP (integrated computing platform) market and has had a keen focus on vendors that team up with Cisco in anticipation that they would make a storage investment. You can see more details in the recently published ESG Market Landscape report, Integrated Computing Platforms. VCE and NetApp have the closest coexistence with their respective vBlocks and Flexpod solutions. The Whiptail acquisition isn’t going to replace these types of solutions in the short term, but long term software-led storage virtualization from the likes of VMware with VSAN and Microsoft with Storage Spaces certainly will prove to be interesting to consider.

Cisco is making a smart move here and has a lot to gain assuming they can align with infrastructure decision makers and ideally include a bridge to the cloud as part of its strategy.

Topics: Cloud Computing Storage Cisco IT Infrastructure Private Cloud Infrastructure

EMC’s VNX2 Is Flash Optimized – Both The Product and The Launch (Blog Includes Video)

After much anticipation, EMC rolled out its next generation VNX (together with a bevy of other announcements) in a splashy live, and live-streamed, event this week. Surrounded by F1 cars, noise, and paraphernalia (not to mention a ‘special edition’ Lotus version of the product!?) in a film studio in Milan, the link to the event theme of “Speed To Lead” was pretty hard to miss. Of course it’s fun to look for the amusing (when audience members started drifting to get lunch I felt a rename to “Speed To Feed” was in order!), but there was plenty of hardcore and important news in all the glitz.

So, first off let’s hit the basics of the new ‘midrange’ VNX – to use an old adage it’s pretty simple: it does more for less. In fact rather a staggering lot more – it can exceed 1M IOPS, and reach 30GB/sec throughput, and scale to 6PB. While of course mileages may vary, EMC’s summary is to talk about it being 70% faster while doing 4X the workload of the prior model….and generally you don’t have to spend more than before to get that. The ‘oomph’ comes from a new ‘flash optimized’ architecture that benefits from 43 filed/granted patents, and includes such things as MCx (multicore optimization), both SLC (cache) and MLC (tier) flash, a Virtual Data Mover migration tool, and (on the block side) dedupe and active/active system protection.

Topics: Storage EMC IT Infrastructure Mark Peters deduplication

Dell’s Most Secure PC Initiative Presents a New Opportunity

When it comes to selling PCs to business organizations, Dell has long held a well-deserved reputation for aggressive pricing, tailored customization services, and strong customer service. Okay, but what about endpoint security? In the past, Dell sales reps would simply open their catalog and let the customer choose from a vast list of partner options. Want AV software, full-disk encryption, or biometric authentication? Dell would simply ask its customers to choose dozen of partner options in each area.

Topics: IBM EMC Cisco Information and Risk Management HP Dell Security and Privacy Security Kaspersky Lab trend micro Symantec Invincea antivirus Sophos Anti-malware encryption

Wayne's (VM)World - Day 2-4

First thought of the day on day 2 – wow, are my calves and feet sore. There is a lot of walking over a really massive conference center -- not to mention my hotel was 8 blocks away uphill. I took it as a challenge to make the daily routine carbon free and succeeded until the last minute ride to the airport.

The big news items were mostly on Day 1 – and having time to digest the first day of announcements and activities I started to realize the impact of VMware’s cloud hybrid service announcements. First of all, VMware is announcing a very nice way for enterprises to start to ‘test’ the waters. For example by purchasing (really renting) vCHS cloud services (going beyond virtualization) at one of VMware’s vCHS sites or using Savvis (with more to come) – a customer can place some workloads there and start to get the feel for cloud. Is it secure? Is it cheaper? Is it easy to use? These are all questions that can be vetted by an enterprise by using these off-premises services.

Topics: Cloud Computing cloud Private Cloud Infrastructure VMworld Public Cloud Service

VMworld 2013 Networking Wrap-up

After three action packed days at VMworld meeting with VMware and walking the expo floor, I now find myself reflecting on all those meetings while flying home. Overall, VMworld continues to impress--the attendance grew once again, with about 22,500 in attendance, and many of the sessions were either standing room only or overcapacity. Clearly organizations continue to see value in attending and the appeal is extending beyond just server virtualization. As VMware looks to expand its virtualization footprint to networking and storage, build out management capabilities, and host a public cloud, the show will attract IT staff from those domains as well.

Topics: Cloud Computing Storage IT Infrastructure VMware Private Cloud Infrastructure Networking VMworld Virtualization NSX Public Cloud Service

Off The Beach - Back To The Business Model

Summer is over. It always ends too fast and launches me back into reality with a tad bit of melancholy. I'm sure you feel for me.

Topics: Backup Data Protection Information and Risk Management Actifio Asigra

BaaS, DRaaS or Tertiary? New ESG insights on Data Protection-as-a-Service Trends

These days, you can’t have a discussion on modernizing your IT infrastructure without talking about “cloud” … but when it comes to data protection, there isn’t just one kind of data-protection-as-a-service (DPaaS).

In fact, most folks are considering up to three different DPaaS capability sets, including:

  • BaaS – Backup-as-a-service, where files are backed up to the cloud (with/without an intermediary on-premises caching solution)
  • DRaaS – Disaster-recovery-as-a-service, where whole machines (typically VMs) are replicated and restart-able from the cloud. Some DRaaS include rudimentary BaaS as a side-benefit
  • ‘Tertiary STaaS’ – Adding cloud-storage to one’s existing on-premises backup solution. These implementations can vary greatly from a third-usable copy via the cloud service to simply ‘block-storage’ that has to be remounted by the original backup application.
Topics: Data Protection Information and Risk Management Jason Buffington STaaS BaaS cloud-backup DRaaS