Do You Splunk 2.0

A little over two years ago I blogged Do you Splunk? about the reporting integration with our FirePass SSL VPN and BIG-IP ASM.  The Splunk reports have provided customers valuable insight into application access and user behavior along with deep analysis of application violations, web attacks and other key metrics.  Recently, Splunk and F5 have been working behind the scenes and now you can also get 22 different templates for detailed reporting on the BIG-IP Access Policy Manager.  BIG-IP APM is a flexible, high-performance access and security solution that runs as a module on BIG-IP LTM.

Splunk is the data engine for IT. It collects, indexes and harnesses the fast-moving IT data generated by all of your IT systems and infrastructure - whether physical, virtual or in the cloud and correlates various pieces of data sources to provide new views and new insights.  Splunk makes it possible to search and navigate data from any application, server or network device from a web browser, in real time. Logs, configurations, messages, traps, alerts, and scripts: if a machine generates it, Splunk will index it.  The Splunk for F5 App provides real-time dashboards for monitoring key performance metrics. Reports from Splunk support long-term trending and can be downloaded in PDF or Excel formats or scheduled for email delivery. The F5 App supports core Splunk functionality such as deep drill-down from graphical elements, robust role-based access controls and Splunk’s award-winning search capabilities.

The following are a sample of the reports available in this version of Splunk for F5 using ASM, APM and FirePass data:

• Request Status Over Time 
• Top Attacker
• Top Sites
• Top Violations
• Active Sync by Device Type
• Top Device Type
• Top User
• Geo-location Reports
• Session Duration and Throughput
• Authentication Success/Failure
• Connections by User
• Failed Connections by User
• All Connections Over Time

Splunk also has the unique ability to augment data from FirePass and ASM by connecting to and gathering data from Active Directory or LDAP and asset management databases that can highlight asset or application owner information.

Businesses are faced with competing challenges when it comes to granting their mobile workforce access to company data. The data must be readily accessible to users on the go but at the same time companies must protect and safeguard their internal systems that contain sensitive information. Robust monitoring controls are a must for maintaining auditing access, enabling dynamic application access and preventing data loss and availability issues.

Resources:

• Splunk for F5
• F5 Networks Partner Spotlight - Splunk
• Knowledgebase: Splunk for Use with F5 Networks Solutions
• Video: Splunk for Use with F5 Networks Solutions
• Splunk Templates for BIG-IP Access Policy Manager (pdf)
• Splunk for FirePass SSL VPN (pdf)
• Splunk for Application Security Manager (pdf)
• ASM & Splunk integration
• F5 Security Community Group on DevCentral
• Do you Splunk?

Technorati Tags: Pete Silva,F5,security,application security,network security, business, splunk, education, reports, technology, metrics, compliance, data analysis, partners

Connect with Peter:	Connect with F5:

Identity Theft: Good News-Bad News Edition

So which would you like first? 

Javelin Strategy & Research said identity theft incidents were down 28% in 2010 (vs. 2009) according to their latest consumer survey.  This is the lowest level since 2007 and about 3 million less victims than in 2009.  They partially attribute this to a decline in industry reported data breaches going from 604 (221 million exposed records) to 404 (26 million exposed records) in 2010 along with economic conditions, better security measures and busts by law enforcement playing a major role.  If you have an existing credit card account, there’s good news on that front also – fraud from existing credit cards was down 38% ($14 billion) compared to 2009 ($23 billion).  New account fraud, where the victim might not have any idea than an account was opened in their name, took top honors in types of fraud with $17 billion siphoned.  ‘Change in physical address’ was the No. 1 method of account takeover reported by victims.

Don’t drop the confetti yet, however.  While the overall numbers look encouraging, the devil is in the details as the cliché goes.  Even thought the overall numbers are down, the consumer out-of-pocket expense to resolve ID fraud went from $387 per incident to $631 in 2010 – a 63% increase.  Because criminals are using more clever ways to steal you data, you have to spend more time fixing the issue and the costs can grew.  Your friends and family are also sticking it to ya. ‘Friendly Fraud,’ when someone you know steals your info, increased 7% with 41% of this batch saying their SSN was stolen.

They also found a correlation between retail sales and identity fraud.  When sales are up, fraud is down and when sales are down, fraud goes up, says James Van Dyke, founder of Javelin Strategy & Research.  He feels that when the economy is doing well and people can make purchases with their own money, they are less likely to steal.  Add to that, better security measures are in place and people are more aware of identify fraud, thus they keep a better eye on questionable transactions.  Another bad sign is that while credit card fraud has dropped, debit card fraud went from 26% to 36% in a year.  This could be due to more people using debit cards rather than credit for purchases but also due to debit’s lower level of protection when it comes to fraud. Some would question the validity of the survey since it is a ‘self-report’ telephone survey and bank data would argue that fraud is actually up in many areas.  There are many more intriguing tidbits in the report and you can check out Javelin’s report with a couple interesting charts here.

ps

Related:

• Identity Fraud Fell 28 Percent in 2010 According to New Javelin Strategy & Research Report
• Survey: Consumers say ID theft down 28%
• ID theft down 28 percent U.S. in 2010 – survey
• Statement from the Identity Theft Assistance Center on Report Citing Significant Decrease in Identity Theft
• Synthetic Identity Theft: The Silent Swindler
• Identity Theft Roundup
• The New Wallet: Is it Dumb to Carry a Smartphone?
• Dumpster Diving vs. The Bit Bucket
• Got a SSN I can Borrow?

Connect with Peter:	Connect with F5:

Technorati Tags: F5, infrastructure 2.0, integration, cloud connect, Pete Silva, security, business, education, technology, application delivery, intercloud, cloud, context-aware, infrastructure 2.0, automation, web, internet, cybercrime, security, holiday shopping, identity theft, scam, email, data breach

Dan Kaminsky Interview Part II

Peter Silva of F5 continues his conversation with IOActive's Dan Kaminsky. Please see Part 1 for complete description. In this segment, Dan talks about the discovery of DNS Cache Poisoning, DNSSEC and the overall importance of DNS to the Internet.

ps

Technorati Tags: Pete Silva,F5,security,application security,network security, business, banks, education, economy, technology, blogging, blogs, social networking, webinar, video, partners

Dan Kaminsky Interview Part I

Peter Silva of F5 sits down with IOActive's Dan Kaminsky. In this extremely informative and lively discussion, the Domain Name System is the topic. DNS infrastructure, DNS vulnerabilities including DNS Cache Poisoning, DNSSEC and what's happened since the discovery of the flaw are all discussed. In 3-10 minute segments.

ps

Technorati Tags: Pete Silva,F5,security,application security,network security, business, banks, education, economy, technology, blogging, blogs, social networking, webinar, video, partners

Dan Kaminsky Interview Part III

Peter Silva of F5 finishes his chat with IOActive's Dan Kaminsky. Please see Part 1 for complete description. In this segment, DNSSEC conversation continues and Dan explains what's happened since his discovery of DNS Cache Poisoning vulnerability. And info on an upcoming DNSSEC Webinar.

ps

Technorati Tags: Pete Silva,F5,security,application security,network security, business, banks, education, economy, technology, blogging, blogs, social networking, webinar, video, partners

F5 Networks Partner Spotlight - OPSWAT

Peter Silva interviews Benny Czarny, CEO of OPSWAT during the 2010 RSA Conference. Part of F5 Networks Partner Spotlight Week at RSA. f5.oesisok.com

ps

Technorati Tags: Pete Silva,F5,security,application security,network security, business, banks, education, economy, technology, blogging, blogs, social networking, webinar, video, partners

F5 Networks Partner Spotlight - Secure Passage

Peter Silva talks with Jody Brazil, President & CTO of Secure Passage during the 2010 RSA Conference. Part of F5 Networks Partner Spotlight Week at RSA.

ps

Technorati Tags: Pete Silva,F5,security,application security,network security, business, banks, education, economy, technology, blogging, blogs, social networking, webinar, video, partners

Consolidate and Dedicate to Eradicate

Whether it be due to cloud computing, last year’s economic mess, or just the general cyclical nature of the Tech Industry, Consolidation has been a huge focus of IT departments of late.  Data Center consolidation, hardware consolidation, staff consolidation and tech sector consolidation to name a few.  I remember the days of single purpose boxes that did one thing well.  In fact, a decade ago at Exodus, that was one of my positioning points for BIG-IP over such LB units as Alteon, ArrowPoint and LocalDirector since they were switched/hardware-based appliances.  I’d say something like, ‘It’s a Floor Wax and a Dessert Topping while the BIG-IP is software based, focused only on Load Balancing.’  Boy, times have changed.

Single purpose appliances, while still big business for their particular specialty,  are becoming fewer and fewer – just look at the handheld your using.  The printer was one of the first to go that route becoming printer/copier/fax/scanner in an effort to make them more useful and appealing to the customer.  Ads tout, ‘No more bulky equipment to buy – it’s all here in this great new thing that you must have!!  All for the incredibly low price of…..’  IDS graduated to IPS and now we have IDPS units and UTM (Unified Threat Management) systems or the Next-Gen Firewalls.  They have firewall, anti-virus, spam controls, web filter, IDS and more.  We are in a multi-task society and expect our devices to behave the same.  For a while, adding more and more functionality to a piece of IT equipment would either slow it to a crawl or make it very difficult to troubleshoot.  The processing power available today allows multi-function appliances to dedicate resources to ensure all the functions run smoothly.

Having multiple point solutions, interfaces and GUIs also makes it difficult to manage the various entities, especially if it’s a security device.  Managing multiple points of entry and enforcing a consistent security policy across the board can be challenging.  You got users connecting and requesting application access via VPN, some over the air on Wireless and others hooked right to the LAN.  They also are probably using various types of computing devices; from IT issued laptops, to home/personal machines to mobile devices.  You might have a specific policy for each type of access method/device or you enforce the same security, no matter what the connection.  Why wouldn’t you do a host check on LAN users similar to the scrutiny your remote users must pass?  In many cases, that might involve a NAC type controller and I thought we were trying to reduce the number of power suckers in the data center.  Today, IT needs a single management interface and policy enforcement point that’s easy to navigate and quick to deploy.  During a crisis, like a potential intrusion or breach, you can waste precious time trying to get to all the different appliances to assess the situation.

As consolidation continues, and more functionality is added to these multi-dedicated appliances, management of such an infrastructure especially if it’s part of a cloud, will continue to be an important driver for IT.  So, as you consolidate and are able to dedicate, that will enable you to eradicate costs, multiple management interfaces, multiple point products and with the right device, eradicate many of the threats that appear every day, the CDE way!

ps

Related resources:

• In 5 Minutes or Less Video: Consolidate Access with BIG-IP Edge Gateway
• BIG-IP Version 10.1: An Integrated Application Delivery Architecture [Whitepaper, PDF]
• Unified Access and Optimization [Whitepaper, PDF]
• F5 Delivers Next-Generation Application Delivery Services Giving Enterprises More Control with Context-Aware Networking [Press release]
• BIG-IP v10.1 Now Available

External articles:

• F5 Adds SSL VPN to its Big-IP
• F5 Reigns in Both Application Access and Remote Locations
• F5 Intros BIG-IP Edge Gateway Solution to Offer Next Gen Remote Solution
• F5 Networks Moves to Consolidate Services

 

Technorati Tags: F5,BIG-IP,v10.1,Edge Gateway,WOM,application delivery,Pete Silva,F5,security,application security,network security

Will you Comply or just Check the Box?

Some of both, apparently.  A recent Ponemon Institute PCI-DSS Compliance survey revealed that 71% of companies actually admitted that data security is not a top priority and 55% say they are only protecting credit card data and not other sensitive information like bank account info, social security numbers and drivers license data.  Additional statistics show that a miniscule 28% of smaller companies (501-1000 employees) are PCI-DSS compliant and around 70% of large companies (>75,000 employees) say they meet the Regulations.  The one that jumps out for me is the small merchant stat.  I understand that cost is a large factor for smaller companies to be PCI compliant but just imagine how many companies and industries that fall into the 501-1000 employee category.  And that doesn’t count all the even smaller ‘Family Owned’ restaurants, auto repair shops or any other service where you say, ‘I like them because they are local or family owned.’  Unfortunately, those friendly establishments might not be a BFF with your sensitive data.  I’m not saying to avoid your favorite Chinese take-out but also be aware that the numbers are against you.

There are a couple interesting PCI developments coming over the next  year.  As I mentioned in Regulation Roundup back in February, the PCI deadline for unattended, Point-of-Sale PIN entry devices is July 10, 2010.  These are those standalone ‘Pay for your parking’ machines, gas station terminals, ticket kiosks, vending machines and any other terminal where a PIN might be entered.  First, July 1, 2009, was the deadline for Triple-DES to be mandated for all debit transaction processing.  And next July, all fuel pumps (and like terminals) will need to have encrypted PIN entry pad, be able to encrypt the PIN itself and process using TDES.  I imagine there will be another mad dash next spring for merchants to get in compliance.
The other PCI piece is come summer 2010, PCI will be making some regulatory changes to update PCI standards including 3rd party audits (Level II), tokens, end-to-end encryption and potentially Virtualization Security.  Some of these changes should help in protecting our data.

And if you think skirting regulations might be a money saver, take a look at this article where the FTC has recently fined ChoicePoint for not adhering to the agreement made in 2006 for the huge 2005 data breach.  They just got whacked with another $275,000 for removing a database security monitoring tool.

As I finish up the 18th entry of 26 Short Topics I’ve noticed Regulatory Compliance, especially PCI, comes up frequently.  Maybe it’s the constant surveys, startling numbers, never ending breaches and media reports or maybe, it’s that PCI-DSS, while not perfect, affects almost all of us and it’s like we’re in it together.  You might not know, get along with or like your neighbor but if you shop at the same store and they are breached, suddenly you’re both in the same boat - ‘Hey, that happened to me too!’  It’s one of those things that we all should care about.

ps

• #18 out of 26 Short Topics about Security
• previous stories: 17, 16, 15, 14, 13.5, 13, 12, 11, 10, 9, 8, 7, 6, 5, 4, 3, 2, 1

UPDATE - Added 10.22.09:  ChoicePoint would like to clarify the characterization of the FTC situation and I'm happy to include this for accuracy:

"Your piece titled "Will you Comply or Just Check the Box" touches on recent ChoicePoint/FTC news and the company would like to request a clarification.

1.      In regards to your report that a "fine" was levied by the FTC
a.      While the Commission has authority to seek a civil penalty, http://ftc.gov/ogc/brfovrvw.shtm it expressly did not do so in this case, as the language of the Order and the amount of monetary relief indicate.  The Supplemental Stipulated Order itself in Part I provides for "monetary relief...to be used for equitable relief, including, but not limited to consumer redress and any attendant expenses...."  The FTC incorrectly characterized the monetary payment as a "penalty" in its initial press
release and has since revised its press release to correct this point.  The payment was made pursuant to the courts equitable authority to address compliance with its orders.  The payment is not punitive in nature and neither the Order nor the FTC press release (as modified) characterizes the payment as a fine or a penalty.

Thank you so much for you time and attention. We would very much appreciate your correction of the record."

- Not a problem, thanks for the update and appreciate the clarification.  ps 

Don’t say a Word

………………………………………………….….oh, you’re waiting for me?  This will probably be a short post since there are not that many security terms that begin with the 17th letter of our alphabet.  However, keeping Quiet is a common theme in security.  As mentioned numerous times, locking passwords, logins, and other sensitive information in your mouth vault keeps them from leaking to others.  Social Engineering has always been about compromising that vault.  Recently there was a post by Roger Thompson, AVG’s Chief Research Officer, which actually suggested to Write Down your passwords, especially complex, hard to remember passwords.  While this practice has been frowned upon for many years – as in the ever popular post-it’s stuck to laptops – there is some sense in creating (and writing down) difficult passwords that are extremely hard to guess.  Just put that paper in a safe location.  Our own Alan Murphy offered some advice about passwords just a few months ago.

Keeping Quiet is also what most companies do when they discover a breach, at least initially.  A survey from the 2008 RSA conference showed that 89% of security incidents go unreported.  More often it’s the insider breaches that say under the covers.  Some of that could be due to just being undetected but many companies don’t want the public exposure of a breach.  Laws have changed some of that and huge breaches, like the Heartland incident, must be reported so people can protect themselves.  Even the Heartland incident wasn’t detected for a couple months, and when it was, it didn’t get reported for yet another month.  Granted, sometimes law enforcement does ask victims not to say anything so evidence can be gathered and, as to not tip off the crooks.  In any event, keeping quiet about a breach happens more often than you think and it’s often due to the fear of a damaged reputation.  Of course there is an opposing view to the damage factor by Larry Walsh where he talks about the multitude of brands who have suffered major breaches and how consumers have either forgotten or forgiven.

While silence can be golden and rests are written into music for effect, when it comes to Data Breaches not saying a word can put your business in jeopardy and in the cross-hairs of the law.
ps

• #17 out of 26 Short Topics about Security
• previous stories: 16, 15, 14, 13.5, 13, 12, 11, 10, 9, 8, 7, 6, 5, 4, 3, 2, 1