Wednesday, April 27, 2011

Unplug Everything!

Just kidding…partially.  Have you seen the latest 2011 Verizon Data Breach Investigations Report?  It is chock full of data about breaches, vulnerabilities, industry demographics, threats and all the other internet security terms that make the headlines.  It is an interesting view into cybercrime and like last year, there is also information and analysis from the US Secret Service, who arrested more than 1200 cybercrime suspects in 2010.  One very interesting note from the Executive Summary is that while the total number of records compromised has steadily gone down – ‘08: 361 million, ‘09: 144 million, ‘10: 4 million – the case loads for cybercrime is at an all time high – 141 breaches in 2009 to a whopping 760 in 2010.  One reason may be is that the criminals themselves are doing the time-honored ‘risk vs. reward’ scenario when determining their bounty.  Hey, just like the security pros!  Oh yeah….the crooks are pros too.  Rather than going after the huge financial institutions in one fell swoop or mega-breach, they are attempting many more low risk type intrusions against restaurants, hotels and smaller retailers.  Hospitality is back on the top of the list this year, followed by retail.  Financial services round out pole position, but as noted, the criminals will always have their eye on our money.  Riff-raff also focused more on grabbing intellectual property rather than credit card numbers.

The Highlights:

  • The majority of breaches, 96%, were avoidable through simple or intermediate controls; if only someone decided to prevent them. 
  • 89% of companies breached are still not PCI compliant today, let alone when they were breached. 
  • External attacks exploded in 2010, and now account for the vast majority at 92% and over 99% of the lost records. 
  • 83% of victims were targets of opportunity.  Most attacks are opportunistic, with criminal rings relying on automation to discover susceptible systems for them. 
  • Most breaches aren’t discovered for weeks to months, and most breaches, 86%, are discovered by third-parties, not internal security teams.
  • Malware and ‘hacking’ are the top two threat actions by percentage of breaches, 50%/49% respectively, along with tops in percentage of records 89%/79%.  Misuse, a strong contender last year, went down in 2010.
  • Within malware, sending data to an external source, installing backdoors and key logger functions were the most common types and all increased in 2010.
  • 92% of the attacks were not that difficult.

You may ask, ‘what about mobile devices?’ since those are a often touted avenue of data loss.  The Data Breach Report says that data loss from mobile devices are rarely part of their case load since they typically investigate deliberate breaches and compromises rather than accidental data loss.  Plus, they focus on confirmed incidents of data compromise.  Another question might have to do with Cloud Computing breaches.  Here they answer, ‘No, not really,’ to question of whether the cloud factors into the breaches they investigate.  They say that it is more about giving up control of the systems and the associated risk than any cloud technology. 

Now comes word that subscribers of Sony’s PlayStation Network have had their personal information stolen.  I wonder how this, and the other high profile attacks this year will alter the Data Breach Report next year.  I’ve written about this type of exposure and felt it was only a matter of time before something like this occurred.  Gamers are frantic about this latest intrusion but if you are connected to the internet in any way shape or form, there are risks involved.  We used to joke years ago that the only way to be safe from attacks was to unplug the computers from the net.  With the way things are going, the punch line is not so funny anymore.



Technorati Tags: F5, data breach report, threats, Pete Silva, security, malware, technology, Verizon, cyber-threat, social engineering, attacks, virus, vulnerability, web, internet, cybercrime, identity theft, scam, data breach, psn, Sony, PlayStation

Connect with Peter: Connect with F5:
o_linkedin[1] o_rss[1] o_facebook[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]

Tuesday, April 19, 2011

Do You Splunk 2.0

A little over two years ago I blogged Do you Splunk? about the reporting integration with our FirePass SSL VPN and BIG-IP ASM.  The Splunk reports have provided customers valuable insight into application access and user behavior along with deep analysis of application violations, web attacks and other key metrics.  Recently, Splunk and F5 have been working behind the scenes and now you can also get 22 different templates for detailed reporting on the BIG-IP Access Policy Manager.  BIG-IP APM is a flexible, high-performance access and security solution that runs as a module on BIG-IP LTM.

Splunk is the data engine for IT. It collects, indexes and harnesses the fast-moving IT data generated by all of your IT systems and infrastructure - whether physical, virtual or in the cloud and correlates various pieces of data sources to provide new views and new insights.  Splunk makes it possible to search and navigate data from any application, server or network device from a web browser, in real time. Logs, configurations, messages, traps, alerts, and scripts: if a machine generates it, Splunk will index it.  The Splunk for F5 App provides real-time dashboards for monitoring key performance metrics. Reports from Splunk support long-term trending and can be downloaded in PDF or Excel formats or scheduled for email delivery. The F5 App supports core Splunk functionality such as deep drill-down from graphical elements, robust role-based access controls and Splunk’s award-winning search capabilities.

The following are a sample of the reports available in this version of Splunk for F5 using ASM, APM and FirePass data:clip_image002[12]

  • Request Status Over Time 
  • Top Attacker
  • Top Sites
  • Top Violations
  • Active Sync by Device Type
  • Top Device Type
  • Top User
  • Geo-location Reports
  • Session Duration and Throughput
  • Authentication Success/Failure
  • Connections by User
  • Failed Connections by User
  • All Connections Over Time

Splunk also has the unique ability to augment data from FirePass and ASM by connecting to and gathering data from Active Directory or LDAP and asset management databases that can highlight asset or application owner information.

Businesses are faced with competing challenges when it comes to granting their mobile workforce access to company data. The data must be readily accessible to users on the go but at the same time companies must protect and safeguard their internal systems that contain sensitive information. Robust monitoring controls are a must for maintaining auditing access, enabling dynamic application access and preventing data loss and availability issues.


Technorati Tags: Pete Silva,F5,security,application security,network security, business, splunk, education, reports, technology, metrics, compliance, data analysis, partners

Connect with Peter: Connect with F5:
o_linkedin[1] o_rss[1] o_facebook[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]

Wednesday, April 13, 2011

Technology Can Only Do So Much

People Make The Difference. 

One thing I’ve noticed with a few of the recent high profile attacks and breaches is that the human element played a significant role.  The technology used to stop, thwart, defend and otherwise render these attacks useless can be the best in the world but if people make mistakes, then that can be the chink in the armor.  While many companies focus on deploying infrastructure services to block malicious activity, there still needs to be continuing education for the fallible humans that we are.  We often talk about how the attacks are evolving, network to application and everything in between, along with how technology needs to adapt to the changing threat landscape.  So if the attacks are getting better, more sophisticated and ever changing, then people need to be aware that behaviors need to adjust also.

RSA has said that their breach was due to a spear phishing attack.  The thieves sent emails to various RSA employees with the subject: 2011 Recruitment Plan.  While the email itself went directly in the spam/junk folder, it was intriguing enough for one person to move it out of junk and open the infected excel attachment.  From there, a remote access tool called ‘Poison Ivy’ went to work, looking for various employee credentials.  They finally found their target, stole the data and sent it to another infected machine for transmission.  Luckily for RSA, they noticed this anomaly and stopped the attack.  It probably could have been much worse.

With HBGary, we’ve learned that many human factors played a role in this situation – social engineering, weak passwords and poorly written code.  Technology really can’t defend against easy to crack passwords or people giving up information.  These were not highly sophisticated attacks but basic errors that people made along the way.  It should remind us to look at our own passwords and maybe make a few changes.  It should remind us that if an authoritative-sounding someone contacts you asking for sensitive information, to be very cautious.  There is nothing wrong with saying, ‘I don’t feel comfortable sharing that,’ or even ‘I’m not sure; I don’t know,’ especially if you have not verified who that person is.  Personally, I’d rather make an IT admin’s job a little harder than make a malicious hacker’s job easier.

To be fair, I’m not picking on those companies or the people involved, I’m sure they wish they could go back and do things differently.  It should, however, be a lesson to us all that good security involves both technology and people and that a good security policy also includes education.  Sometimes technology can save us from ourselves but if you don’t lock your front door, you can’t expect your house to be safe.



Technorati Tags: F5, passwords, threats, Pete Silva, security, malware, technology, people, cyber-threat, social engineering, attacks, virus, vulnerability, web, internet, cybercrime, identity theft, scam, data breach

Connect with Peter: Connect with F5:
o_linkedin[1] o_rss[1] o_facebook[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]

Friday, April 8, 2011

3 Billion Malware Attacks and Counting

Almost half the total population of this planet.  At this rate, we’ll all have our own personalized malware in the coming years, specifically tailored for our various behaviors.  I built this infection especially for you.  Symantec recently released their annual Internet Security Threat Report for 2010 and noted that the cyber threats are increasing both in sophistication and frequency.  They found more than 286 million new threats last year with social networks and mobile devices being a favorite targets.  Mobile vulnerabilities were up 42% with 163 discovered last year.  The U.S. actually topped the list in many nasty categories: Most targeted country by DoS attacks (65% of total), most bot command and control servers (37% of total), most infected computers (14% of total) and most overall malicious activity (19% of total). 

As you may know, I like numbers and statistics and there were a couple supplemental reports that I found interesting.  The Year in Numbers and The 2010 Timeline.  Each is a single page report with highlights from the year.  The highlights, or lowlights depending on your view are:

  • 93% Increase in Web Based Attacks - URL shorts were the main culprit accounting for 65% of the malicious URLs over a 3 month period.
  • 260,000 Identities Exposed per Breach - The average number for each of the data breaches during the year.
  • 42% More Mobile Vulnerabilities – Remember, we’re now keeping our lives on these devices.
  • 6,253 New Vulnerabilities  - More than any previous year and new vendors affected by a vulnerability grew 161%.
  • 14 New Zero-Day Vulnerabilities – From IE to Flash to Reader.  Stuxnet used 4 unique zero-days. 
  • 74% Pharmaceutical Spam – 3/4 of all spam were for Rx pills.  Will you take the red one or the blue one?
  • 1 Million Plus Bots – Rustock had over a million bots under control.  No draft dodgers here.
  • $15 per 10,000 bots – Utility spam services…Get your bot herrrrrrrrrrah.
  • $.07 to $100 per Credit Card – Cost of a stolen credit card but if you buy in bulk, get a discount.

Lastly, if you are looking for porn, then more than likely you’ll find malware and the leading culprit of a breach which could lead to identity theft was a lost/stolen computer or data storage device.  One of the cool things about the data offered is the ability to build your own custom report.  You can select various topics or trends to customize the report specifically to your area of interest.



Technorati Tags: F5, mobile, threats, Pete Silva, security, malware, technology, Symantec, cyber-threat, cloud, attacks, virus, vulnerability, web, internet, cybercrime, identity theft, scam, data breach

Connect with Peter: Connect with F5:
o_linkedin[1] o_rss[1] o_facebook[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]

Tuesday, April 5, 2011

In 5 Minutes or Less - Enterprise Manager v2.2

Check out some of the new features in Enterprise Manager v2.2 like Predefined Reports, SSL TPS Utilization, Custom Views, Custom Monitors, Alerts and Reports, EM Virtual Edition, Bulk actions and more.

Enterprise Manager is a centralized management appliance for F5 BIG-IP® devices that gives you a consolidated, real-time view of your entire F5 application delivery infrastructure, plus the tools you need to quickly optimize performance and scale your infrastructure to meet business needs.



Technorati Tags: F5, enterprise manager, Pete Silva, security, business, education, technology, video, management, In 5 series, VE, virtual edition, cloud computing, ssl management, infrastructure

Connect with Peter: Connect with F5:
o_linkedin[1] o_rss[1] o_facebook[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]