Archive for the ‘Cyber Security Monitoring’ Category
Original Entry by : Tim Nichols on Thursday, November 10th, 2011
We stumbled across an interesting blog post from Brian Krebs (KrebsonSecurity) this week titled APT: Persistence Pays Off that struck a chord with us. The blog argues that the safest way for an organisation to behave in today’s world is to assume that their security defenses have been breached and to operate accordingly. Brian argues that any organisation that doesn’t think that they’ve been breached isn’t paying close enough attention. It’s certainly an interesting perspective.
The article highlights the case of an international hedge fund that discovered (after a phone call from a friendly stranger) that they had at least 15 compromised PCs within their organisation and had absolutely no knowledge or visibility of the highly sensitive information that was leaking. The reality is that any company that has valuable intellectual property is a target for cyber attacks.
Posted in Cyber Security Monitoring | No Comments » Read More
Original Entry by : Tim Nichols on Monday, August 29th, 2011
We’ve just announced the results of our 2011 Network Visibility Monitor and, in reality, the results really weren’t all that surprising. We’ve known for a while that corporations are struggling to get the levels of visibility that they need into their 10Gb/s network segments and are concerned that the tools that they’ve invested in may not be up to the job. What was surprising to us was just how bad things are and how vocal respondents were prepared to be.
Posted in Cyber Security Monitoring, General | No Comments » Read More
Original Entry by : Tim Nichols on Tuesday, August 2nd, 2011
We’re delighted today to announce the release of Endace Security Manager 6.0, the latest incarnation of our high-performance Network Intrusion Detection System
ESM 6.0 is an important release and, for the first time, sees SNORT move from being a native feature of OSm (our Operating System for Monitoring) into a virtual container on the Endace System. This means that ESM (which includes the SNORT image) will sit alongside third-party applications hosted in the Endace Application Dock. It of course retains its place as a core feature of our Application Suite which is included as part of the base configuration for all Endace Systems.
Over the last couple of years there has been much debate inside the community about the performance impact associated with ‘virtualising’ SNORT (as opposed to a running it natively) and the engineering team here in New Zealand have worked extremely hard to optimise our implementation. We are extremely pleased with the results and can announce that the impact on SNORT performance is officially ‘negligible’.
Posted in Cyber Security Monitoring | No Comments » Read More
Original Entry by : Tim Nichols on Monday, July 18th, 2011
The ‘in band’ v’s ‘out of band’ debate continues to rage and we find ourselves discussing the pros and cons of IPS v’s IDS with customers on a regular basis. To this day, we’re still surprised by the number of IPS implementations that we discover deployed in ‘passive mode’, with the engineers responsible admitting to being “too scared to turn blocking on”.
The reality is that IPS and IDS are different horses which are designed for different courses.The debate isn’t IDS or IPS, its actually IPS and/or IDS. IPS are useful for organisations that don’t have the local resources (typically in the form of a SOC) to manage infections and outbreaks within the network. A high performance IDS is the right solution for those that do. At Endace we think of IPS as a kind of ‘SOC in a box’.
Posted in Cyber Security Monitoring | No Comments » Read More
Original Entry by : Tim Nichols on Thursday, July 7th, 2011
Tuesday the 5th July saw the passing of the 6th annual National Security Conference in London. As a supporter of the event we were lucky enough to be able to join the likes of Nick Harvey, Minister of State for the Armed Forces and Neil Thompson, Director, Office of Cyber Security & Information Assurance, Cabinet Office on the podium to share our perspectives on national cyber security and the role that central government plays in protecting citizens from both physical and cyber attack.
It was an extremely well attended event with high quality presentations and informed discussion amongst the 350 security and counter-intelligence professionals that attended. Nick Harvey opened the event with a great keynote that touched on a number of important themes that are close to our hearts.
Posted in Cyber Security Monitoring, Uncategorized | No Comments » Read More
Original Entry by : Tim Nichols on Thursday, June 30th, 2011
As a nation we’re obsessed by brands. They’re everywhere and whether we like it or not, in today’s ultra-connected world, they matter – government agencies are hiring branding agencies to help them manage their public ‘image’. If you look closely at some corporate accounts ‘brand’ is starting to appear as an asset on the balance sheet. Whether you agree or not isn’t the point, the fact is that they are and that matters.
For purists (like me), brand is really just a synonym for corporate reputation. You can’t buy your way to reputation: you earn it over time. You do the hard yards and you build it piece by piece, customer by customer, recommendation by recommendation. All the advertising dollars in the world won’t buy you brand equity (they will just buy you brand awareness). If you treat your customers like dirt, your brand will be dirt. That bit at least is very straightforward
Posted in Cyber Security Monitoring | 1 Comment » Read More
Original Entry by : Tim Nichols on Monday, June 27th, 2011
Most security professionals know that what vendors claim their systems can handle (in terms of throughput) and what they can really handle are two different things. Why is this the case, why does it matter and what can you do about it?
Before diving in, it’s important to understand what ‘throughput’ really means. In layman’s terms, throughput is the amount of network traffic (measured in Mb/s or Gb/s) that a system can ‘process’ without missing events.
There are three main reasons why network security systems, such as IDSs and IPSs miss network security events:
- The hardware platform doesn’t show the packets to the application because it’s simply not up to the job
- The DPI engine (the application) isn’t fit for purpose
- The rule set is too simple, or too complex
As a buyer of these systems, you need to be sensitive to all three factors, as two legs does not maketh a stool [sic]
Posted in Cyber Security Monitoring | No Comments » Read More
Original Entry by : Tim Nichols on Monday, June 27th, 2011
National security is a big deal. We trust our elected governments to have our backs, to stop the bad guys before they act and keep us safe. It’s why we pay our taxes and vote for the people that we do. The swing from traditional ‘armed’ threats internet-borne threats has been extraordinarily rapid and created an entirely new threat landscape for our governments to deal with. Lulzsec’s recent rampage across the internet has shown in the most public way just how vulnerable we all are (governments, enterprises and individuals alike), to malicious attack from this new frontier and in many cases, just how badly prepared we truly are. Protecting national security is far harder today than it’s ever been before. At least before you could see the bad guys.
At Endace we’ve worked closely with a variety of government agencies for many years, helping to facilitate, empower and enable the activities of those responsible for keeping us safe. It’s a market that we’re proud to be associated with and one that we’re actively developing all over the world with government agencies that understand the power of the Endace Platform.
Posted in Cyber Security Monitoring | No Comments » Read More
Original Entry by : Tim Nichols on Monday, April 18th, 2011
An article in today’s
TelcomAsia online publication about EU Cyber Security caught our eye. Michael Carroll wrote an article in response to a speech made by European Digital Agenda commissioner Neelie Kroes, who spoke at a telecoms conference in Hungary earlier today. The commissioner stated categorically that weak cyber security
will limit the potential of ICT to deliver social and economic benefits. Of course there’s nothing startlingly new in this statement; those in the industry have known for a long time that we’re only just starting to understand the true costs of cyber-crime and there’s a lot more to learn. What’s different this time, is that Kroes called for a
joint security effort from member states and other key “allies around the world,” noting explicitly that progress made to date is not enough to achieve the “close cooperation we need.”
Posted in Cyber Security Monitoring | No Comments » Read More
Original Entry by : Tim Nichols on Sunday, April 10th, 2011
In the last week both Symantec and IBM have released their annual security surveys which provide rich insight into the volume and range of security attacks circling the Internet.
As expected, Symantec Corp in their ‘Internet Security Threat Report’ highlighted a massive increase in threat volume (286 million new threats last year), accompanied by several new ‘megatrends’ in the threat landscape. The report highlights increases in both the frequency and sophistication of targeted attacks on enterprises; the continued growth of social networking sites as an attack distribution platform; and a change in attackers’ infection tactics. In addition, the report explores how attackers are exhibiting a notable shift in focus toward mobile devices.
Specifically, Symantec identified attacks such as Hydraq and Stuxnet as posing a growing threat to enterprises in 2010. To increase the likelihood of successful, undetected infiltration into the enterprise, an increasing number of these targeted attacks are leveraging zero-day vulnerabilities to break into computer systems. As one example, Stuxnet alone exploited four different zero-day vulnerabilities to attack its targets. While the high-profile targeted attacks of 2010 attempted to steal intellectual property or cause physical damage, many targeted attacks preyed on individuals for their personal information. For example, the report found that data breaches caused by hacking resulted in an average of more than 260,000 identities exposed per breach in 2010, nearly quadruple that of any other cause. At Endace, we see the prevention of data loss as being a key driver of technology investment over the next 12 months as organisations start to really understand the reputational damage caused when private customer data goes public.
Posted in Cyber Security Monitoring, General | No Comments » Read More