When it comes to keeping up with advances in cybercrime, how is the financial services sector fairing? What impact are evolving regulations, industry standards, cloud services, BYOD, big data and escalating global cyber-threats having on the infosec practices and people tasked with keeping the sector secure?
To get some perspective on the current state of IT security among financial services firms, the SANS Institute completed a detailed industry-specific survey in early February 2014. Tenable co-sponsored the research project, which gathered results from over 400 respondents.
The recent release of SecurityCenter 4.7 allows organizations to combine network monitoring and MDM auditing to discover and audit all mobile devices in use, regardless if they are being managed, only used for email, or are connected directly to the network.
The new PVS 4.0 annual subscription makes network monitoring available to a wide variety of security practitioners. This is a new type of product, and it has many highly-practical use cases. Read about several ways you can get your security work done quicker with PVS 4.0.
Recently, Neohapsis published a tool named “Sudden Six” to test if your network is vulnerable to the SLAAC attack. The tool leverages latent IPv6 connectivity that may be present in your IPv4 networked devices to alter the flow of traffic for collection and potential modification for targeted attacks.
I’ll be honest – my first reaction when I heard about the SANS Consensus Audit Guidelines (CAG), was that our industry didn’t really need yet another framework or standard. But when I read them, I realized this was put together by experienced security professionals who all too often were successful on multiple occasions in breaking into systems during a penetration test at the same customer, or had to perform incident response for the same customer a third or fourth time.
When I was at RSA earlier this year, I gave a variety of media interviews and product demos about Tenable solutions. I demonstrated Nessus detecting malicious processes and the Passive Vulnerability Scanner (PVS) providing an audit trail of all network activity that led up to the infection. I also showed how the Log Correlation Engine (LCE) correlated PVS logged DNS queries to known botnets.
I have no idea if I had a role in the "Internet Kill Switch" debacle, but it's possible that I was one of the pushes that got that particularly horrible ball rolling. Back in 2002, when I was between jobs, I did a talk at CSI in Chicago, about the need for organizations to be better able to react to attack, especially if they were part of critical infrastructure. At the time, I was concerned particularly with denial of service attacks; I had been thinking about them and had concluded that it's never going to be possible to completely prevent such attacks.
I've been asked repeatedly for my opinion about the APT1 report, and every time I try to respond I find myself waffling. The reason is simple: I think the report is a good thing, a sign of deep dysfunction in security, a stimulant to information sharing, an indicator of failed foreign policy, a brilliant marketing maneuver and a bit of business as usual. It's hard to pull those together into a simple, "yes, it's a good thing!" answer.