A war you will not win, but have to fight.
Often overlooked by organization patch management programs, a lack of awareness and proactive identification of application vulnerabilities can expose organizations to significant risk. Networks today often contain multiple operating system platforms, a mish-mash of backbone router and switch products, and hundreds of individual desktop and server applications. Keeping up with the latest security patches for all these systems can be a nightmare for any organization. Additionally, focusing all of an organizations’ effort on operating system patch management alone can be a foolish and risky decision.
Solutionary recently started releasing vulnerabilities identified by our Solutionary Engineering Research Team (SERT) which provides us a few examples to work with. Let’s look at an example of application vulnerability, and see what... read more >
During this holiday season many of us will likely exchange really cool gifts with friends, co-workers, and family. Some of us will be lucky to receive some of the latest advances in technology, such as iPads, smart phones, computers, and anything else you can think of with blinking lights and promise of hours of enjoyment. Let’s face it, it’s a time of giving and a great time to reward ourselves and each other for all the great work we did in 2011.
If you’re like me, there is nothing more fun than ripping off the wrapping paper and getting right into playing with some of these fun electronic wonderlands. However, I am cursed with always thinking:
“Cool new iPad; wonder what version of iOS it is running?”
I guess it is just part of being in the information security industry and part what keeps me diligent about staying secure.
I can’t help but think how many people around the world will be opening brand new... read more >
As a way to improve location based services for applications like Google Maps, Google started implementing WIFI positioning. WIFI positioning uses nearby WIFI access points to help triangulate the location of a user’s device. Some of these include devices we use everyday, such as iPhones, iPads, Kindles, tablets, and laptops. I assure you, the list goes on and on.
WIFI positioning was implemented to help locate devices where GPS and cell tower signals are weak. In order for WIFI positioning to work Google needs to collect the SSID and MAC address of any broadcasting Access Point. This information is collected using Google Street View vehicles that drive around taking pictures for Google maps.
In theory this sounds like a good idea, and it can help applications better pinpoint the location of user devices. WIFI positioning was not a big deal until Google confirmed it was mistakenly collecting payload data from Open WIFI access points with their... read more >
What are 10 Things that Should be at the Top of Everyone’s Wish list for the Holidays?
Overall, it has been a rough year for information security in the world. We ended 2010 with WikiLeaks, and it continued into 2011, supported by the disclosure to WikiLeaks of classified government material and confidential internal use only corporate information. This trend of intolerance with the system calmed through much of the summer only to resurrect itself in the form of the anti-establishment “Occupy” movement later in the year. While the Occupy movement is not itself a cyber-security worry, it does highlight that people have a considerable dissatisfaction with the status quo and are looking for change – and unmoderated change is usually not exactly good for the efficiency and security dynamics of any organization.
We’ve heard more about Stuxnet, and seen new viruses – I just picked off a copy of a Trojan Dropper last night, reading security news stories (an executable stored in Explorer temp files – cool). We’ve seen Apple... read more >
Who’s Naughty and Who’s Nice?
As the famous song routinely tells us this time of year, “Tis the season to be jolly.” For many people, that means the giving and receiving of gifts. Many gift-givers will trot out to the nearest shopping mall, braving crowds of festive bargain-hunters on their perfect present mission. Others will venture online, hoping to find an unbeatable deal on some gadget or trinket. Of course, many of the latter will use their work computers and Web access to shop on breaks or at lunch (yeah, right). Other gift-givers on your network, however, may have something else in mind entirely, giving away your confidential data. How do you tell who’s naughty and who’s nice?
The latest release of hundreds of... read more >
How an MSSP is Like Santa Claus
Ho ho ho! 2011 has flown by like St. Nick’s sleigh. Christmas carols are ringing in the air, and children’s thoughts are fixated on Santa Claus and gifts appearing under the tree.
As one of my favorite Christmas songs, “Here Comes Santa Claus”, played today, it occurred to me that there are some interesting parallels between Kris Kringle and Managed Security Services Providers (MSSPs). Before you stop reading this blog and click away, please give me an opportunity to explain.
According to legend (this is absolute fact if you are under the age of 8), Santa Claus keeps tabs on every little girl and boy in the world, keeping a list of who’s naughty and who’s nice. The legend goes on to say that elves are deployed in homes all over the world to assist St. Nick with the task of monitoring the children’s behavior.
I picture jolly old Santa sitting in his... read more >
December 02, 2011 - Posted by Doug Picotte to
The amount of log volume produced by security devices, servers, network devices, applications, and databases can be staggering. In the past, our log volume monthly processing statistics were in the millions. Fast forward to today and beyond, and we are talking about processing billions of log messages in a given month for a single organization. Just imagine the size of log file that is created by a Fortune 500 organization just during the course of normal operations. Now multiply that in times of heavy load, like a retail or travel operations over the holidays. Or try to imagine what those logs look like in a crisis such as during an active cyber attack or a DoS attack.
The key, of course, is to find the proverbial “needle in a haystack” that we can translate into an actionable alert for our client base. Recently there has been much discussion about log volume, and what type of logs we should be looking at for clients. As you can imagine, many log... read more >