I was very excited to finally get a copy of the much-anticipated 2013 Verizon Data Breach Investigations Report (DBIR.) I have found the report to be valuable year after year. This is the 6th iteration and this year’s report includes 621 confirmed data breaches, as well as over 47,000 reported security incidents. 18 organizations from across the globe contributed to the report this year. The full report is 63 pages, and I have to say that Wade Baker and company did a great job making it an enjoyable read. I enjoyed the tone, and I found myself laughing several times as I read through it (Laughing and infosec aren't commonly said in the same breath.) There are tons of great references as well, ranging from NASCAR, to Biggie Smalls, the Violent Femmes and more. The mantra of this year’s report is “Understand Your Adversary’ is Critical to Effective Defense and Response.” Here are a few observations:
The focus on the adversary answers customer questions. Who is the adversary? This is a frequent question from Forrester clients. The Mandiant APT1 report stirred up much debate on state sponsored actors and Verizon's data and analysis gives us more perspective on this class of threat actor. The first table in the report profiles the threat actors that are targeting organizations. It provides a high level view that I suggest you include in any type of executive engagement activity you participate in. This 3rd party snapshot of the threat actors should resonate with a wide degree of audiences.
You are now no doubt aware that Boston-based security firm Bit9 suffered an alarming compromise, which resulted in attackers gaining access to code-signing certificates that were then used to sign malicious software. See Brian Kreb’s article for more details. (Symantec breathes a quiet sigh of relief to see a different security vendor in the headlines.)
The embarrassing breach comes at a time when the company has been seen as one of the security vendor landscape’s rising stars. Bit9 has actually been around for more than a decade, but the rise of targeted attacks and advanced malware has resulted in significant interest in Bit9’s technology. In late July, Bit9 secured $34.5 million in funding from Sequoia Capital. Bit9’s future was bright.
On Friday afternoon, Bit9 CEO Patrick Morley published a blog providing some initial details on the breach. A few of his comments stood out: “Due to an operational oversight within Bit9, we failed to install our own product on a handful of computers within our network … We simply did not follow the best practices we recommend to our customers by making certain our product was on all physical and virtual machines within Bit9."
It's a little-known fact that both Southwest Airlines and the (soon-to-be) famous Yee-Haw Pickle Company began life on a cocktail napkin. What better medium to illustrate why Windows Intune should be on your radar as an I&O leader or professional?
In the late 1990s, no one could have imagined what PC management would eventually entail in an always-on, always-connected world. Those of you who know me, know that I've either managed or marketed 3 different client management product lines in my career. All of the vendors in the space, including Microsoft, have spent the last 15 years trying to make it easier to manage Windows PCs on an enterprise scale, for utility, security, business continuity and performance.
A mess? I'd say! I spoke with a mid-sized oil company a few weeks ago about their client management tools, processes and maturity. They use only a fraction of System Center Configuration Manager (SCCM) 2007's capabilities. The weekly patch cycle and packaging alone are a full time job for one person, and endpoint protection and remediation are still wishlist items. Half of their assets sit at the end of satellite links 50 miles from the nearest towns and they have a fleet of trucks manned by a small army of techs dedicated to just fixing PC problems over 5 big western US States. Expensive? You bet. Ineffective? Absolutely.
The misinformation and rhetoric surrounding the recent discovery of the Flashback trojan for Macs is vehement, and says more about the historically stable state of Mac security, and the irrational way many think about it than it reveals about its weaknesses. Even long-time industry observers, who should know better, are jumping into the fray to say: See! I told you so! The Mac is vulnerable! Well…duh…that's not exactly news, folks.
Of course the Mac is vulnerable. EVERY internet connected device is vulnerable. What matters is probability, frequency and potential impact. So the correct question then, is whether or not your prevention, detection and recovery mechanisms are effective. For example, I'm not convinced that traditional anti-virus approaches are right for the Mac. The track record of these tools in the Windows world is abysmal in my view. They're among the most intrusive technologies to the user - hogging system resources and making even basic tasks impossible as they inspect every file, every day, often several times a day. And…they're reactive. Think: death by a thousand papercuts over a period of years, only to be interrupted by a rare strain of encephalitis, followed by a partial lobotomy and organ transplant to get the patient breathing again, and you're in the ballpark. Application whitelisting will hopefully come to be seen as a better approach.