Tags: CIO, IT, Verizon Business

Tags: AMT, event_manager, filtering, IT@Intel, management, network_quarantine, omer_ben_shalom, quarantine, ron_miller, Security, system_defense, video, virus, vpro

Tags: AMT, event_manager, filtering, IT@Intel, management, network quarantine, Omer Ben-Shalom, quarantine, ron miller, Security, system defense, video, virus, vpro

Tags: AMT, event_manager, filtering, IT@Intel, management, network quarantine, Omer Ben-Shalom, quarantine, ron miller, Security, system defense, video, virus, vpro

Check out the Verizon Business Security Blog for more on the report.

Tags: Verizon Business, Data Breach Investigations Report, Bryan Sartin, data breaches

Check out the Verizon Business Security Blog for more on the report.

Tags: corporate data breaches, Bryan Sartin, Verizon Business, Data Breach Investigations Report

Intel maintains a “threat agent library,” with profiles of security threats, and the agents who might perpetrate them. It also uses real-time threat scenarios, or war games, to try to bring information about the actual environment together with threat agents and threats to test and improve threat response.

From fending off ordinary hackers to more organized crime or cyber terrorism, Casey’s role is like that of an IT secret agent working to keep Intel’s secrets out of the hands of real-world threat agents.

Casey blogs about IT security at IT@Intel. In a recent blog post, Power Tools in Information Risk Management, he discusses the tools he uses in managing information security risks at Intel. Check out other Intel blogs at Intel Open Port. (A recent post by Intel’s Matthew Rosenquist’s notes that the threats to network security are living, breathing opponents who are creative, knowledgeable, motivated, and have personal objectives in mind.

Related Stories: IntelSecurity

Some photos in video courtesy of: Adam Schuster, Andrew Dill, Christos (Christos_m2001), James (monkeyatlarge), Stuart Seeger, The Lucid Moment, Torstein Haldorsen and Windell Oskay, via Creative Commons Attribution 2.0 Generic License; Bill Hails and Herman Yung, via Creative Commons Attribution-No Derivative Works 2.0 Generic License; Christina X, Eduardo (tnarik), Lachlan Hardy, Mahalie, pingnews.com, and Rahmat Dornbrook, via Creative Commons Attribution-Share Alike 2.0 Generic License.

Tags: Security risk assessments, security risk modeling, security threats, threat agent library, network security, Intel, TIm Casey, information security, war games, hackers, cyber terrorism, threat agents, Open Port, Matthew Rosenquist, IntelSecurity

Tags: Symantec Security Response, Internet Security Threat Report

Tags: Symantec Security Response, Internet Security Threat Report

Tags: Internet Security Threat Report

Most companies try to block certain electronic messaging such as IM (Instant Messaging) because they’re worried about compliance and security. But undeniably, employees can and will figure out ways around it. And then there are viral devices, like blackberries for instance, that some companies and their employees cannot do without, as they enable mobility and quick response. So what are vendors doing to support these new trends and enhance productivity?

One of the goals is trying to integrate these tools and put them into one platform so it’s easy for the enterprise to manage and monitor these technologies. Intellectual property must be protected at all costs and so instead of ignoring these technologies, enterprises should embrace them and turn potentially negative security risks into a proactive system that can protect your company’s information.

Tags: BearingPoint, Scott Kimbel, electronic messaging

Tags: Botnets, phishing, trojans, Oliver Friedrichs, Symantec, Mercury News, Ryan Blitstein, Dark Vision

The company has been working for the past year with universities and high schools in Virginia, and plans to expand its offerings across the country as interest in simulation technology has spiked in the wake of the Virginia Tech shootings. The company’s RIFS technology enables law enforcement officers and other emergency responders to get a real-time video, data and 3D-model feed of local buildings as crises develop.

I got a look at the system during my interview with Alion’s Vice President of Homeland Security, Don Rondeau.

Tags: Alion Science and Technology, school, security, first responder, Response Information Folder System, RFIS, Virginia Tech, Homeland Security, Don Rondeau

I asked her what she heard from the conference speakers and what it means for her company and others.

Tags: CSIS, Tiffany Jones, Symantec

More information at: Symantec.com

Tags: Symantec

More information at:
Symantec.com

Tags: Symantec, Security, Amado Hidalgo, Eric Chien, Dave Cole, Elia Florio, Greg Ahmad, Han Lau, Symantec

More information at:
Symantec.com

(more…)

Tags: Symantec

Transcript:
Host: Jim Leach – SAVVIS
Guest: Rona Shuchat – IDC

Jim Leach – SAVVIS
Welcome to this edition of Thought Leaders, where, we bring you candid conversations with the people whose research and writing are guiding the buyers and suppliers of IT Solutions. I’m Jim Leach. Today we are pleased to welcome Rona Shuchat, Research Director for Telecommunication Transformation Strategy and top industry analyst from IDC. Rona conducts research in the evolution and roll out of next-generation services, using the Internet Protocol or IP as well as manage network services, Web Hosting, utility and on-demand computing, virtualized services, intelligent content delivery networks, service portals and application,-a way of networking. That’s quite a list Rona, you must be pretty busy.

Rona Shuchat – IDC
Well, thanks for inviting me Jim. It is really fast moving market, I’m covering a lot of areas but there is a lot of new innovation and we’ll talk about that.

Jim Leach – SAVVIS
Oh, we’re so pleased to have you, thanks for joining us here on Thought Leaders. The first question I have is, you bring really a unique prospective to our audience and that you study the strategic impact of both Telecommunications and Web Hosting. So, let’s start with Telecommunications. Ten years ago, at the height of .com boom, corporate networks were the rage. Venture money was pouring in to .com startups to develop new IT gear and billions of dollars were being spent to build out global networks but today corporate networking seems kind of boring. Other than Voice Over IP, is there anything interesting going on in corporate networking?

Rona Shuchat – IDC
Yes, actually there is a lot more going on than it first may be obvious. What comes to mind for me are areas like Deep Packet Inspection. The use of Web Optimization techniques. Even the use Web based portals to administer internal networks. For example, Deep Packet Inspection is a technology that’s helping IT managers, better understand how applications are using their network, helping them to set policies for controlling the utilization of IP Bandwidth, really with the goal of helping them to better control costs. Another innovation that I thought of is really the use of application acceleration products, to enhance the performance of highly dynamic transaction oriented Websites. I think, what we’re really seeing is there’s lot of new or refined optimization techniques incumbent to help companies improve application performance bringing together functionality like low bouncing, caching, compression, read optimization.

If you look at portals, like say more and more reporting and network control functions are being developed with portal type functionality and this is really an improvement over what I call previous separate control systems that often necessitate companies to support large development stuff that have expertise in different languages. So, I could go on and on Jim, but I think I’m going stop there, there really are a lot of interesting developments in corporate networking.

Jim Leach – SAVVIS
It seems like Rona, common thread across those different initiatives in the networking space is focused on the application and what applications need to run effectively and yet those of us in the IT Solution space, I think we tend a look at IT in discrete parts, whether it’s hosting or networks, servers or software. If CIOs are really looking for integrated IT Solutions for their applications, that cut across the Silos, is there an opportunity for telecommunications and hosting to come together to bring value for an IT Department or is it really better for an IT Department to continue buying these pieces individually.

Rona Shuchat – IDC
Jim, I think, there is a far more advantage for corporations to look at bundling a combination of elements to lower their overall total cost of ownership and when I say elements, I’m referring to potentially outsourcing a combination of server hardware, IP Bandwidth, storage, software, security you need in systems to monitoring into a single bundle. As we look out, at the different market segments, it’s really expected that small to mid size companies are really going to have a hard time, keeping up with and absorbing the in-house cost and expertise that they will need to support the growing complexity of their networked applications. From a large enterprise perspective, we believe that they can also benefit from advanced outsourced solutions, that take advantage of functionality like automated virtualization or utility computing and what I’ll refer to as performance application engineering.

These different elements help a company to consolidate their server resources but also enable then to scale, the whole concept of virtualization and utility computing for dynamic allocation of resources, will enable companies to scale their applications while keeping their cost under control, which is really a critical element that CIOs and CFOs will continue to watch, as applications grow and become more complex over time.

Jim Leach – SAVVIS
I think virtualization and utility computing for some of us, they sound just like another buzzword in IT and for those of us who’ve been around the IT block, a few times, I think, were all, a little bit jaded and some of us were even a bit cynical. Can you help us understand, what virtualization and utility computing are and what their real value is, that those concepts can deliver to a corporate IT Department?

Rona Shuchat – IDC
First of all, there is really a lot of media play around virtualization and utility computing. There’s a lot of different interpretations but there is, what I would say a real functionality to these concepts which is being provided in solutions by a number of large providers such as yourself. Simply put, a virtualization is the ability to take a single resource and make it appear as more than one, so that each instance can service separate application. For example, virtualization helps to partition servers, storage or even network interfaces and this in turn allows through the dynamic allocation of fixed resources.

When you think of utility computing, it’s very similar to the way you pay for electricity that you use over, let’s say the power line to your house. You only pay for what you consume over that power line and in today’s hosting world, this concept has been enhanced, I would say to include not only metered usage cost but the dynamic allocation of additional resources as they are needed and those resources might include things like processing power, storage or bandwidth.

So the point here, is that virtualization and on-demand computing can minimize the total cost of ownership for an enterprise, way beyond what they could achieve with a fixed resource model.

Now we are seeing savings in the — anywhere from 25-40% enterprisers say, when they compare a virtualization strategy versus a dedicated model. So, companies can really minimize their overall capital expenditure outlay. They don’t need to buy extra servers, for example, for those unusual peak periods and they can continue to scale and grow their applications and adjust up or down depending on how their growth moves ahead.

Jim Leach – SAVVIS
Oh, let’s talk a little bit more about Web Hosting and that’s another key area of your research and it appears that both supply and demand for Web Hosting are working to drive prices up in this area. There is a demand for high quality data center space with the right kind of power and cooling and security and the supply seems a little bit constrained. Can you talk to us a little bit about what’s driving this demand and do you think it’s going to increase?

Rona Shuchat – IDC
With the wholesale migration of traditional applications to Web-oriented architectures, we’re really seeing a tremendous growth and the need for Web Hosted applications. It’s really leading to, what I have call, resurgence and the need for web support systems and in addition to this migration of existing applications, I’d say that enterprisers are really bringing online, a wide range of new e-business functions, tie it to marketing, sales and transaction type services, there is really no limit for the types of applications that are evolving for e-business and to share some stats with you, IDC’s 2006 research shows, that approximately, 50% of all companies are now outsourcing all or part of their Website operations through an external service provider.

And this is up from about 44% compared to 2004 and we really expect this demand to keep growing. Our latest, Web Hosting forecast for example, shows that the US market for out sourced hosting services is predicted to grow from just under about 7 billion in 2005 to 14.5 billion in 2010, so we’re definitely projecting significant growth in this area.

Jim Leach – SAVVIS
So, if demand is going to continue to grow for Web hosting, you’re actually a trusted advisor to a number of corporate IT Departments. How are you advising them to evaluate Web hosting providers?

Rona Shuchat – IDC
Fairly, with so many options on the table today, it can very well be confusing to a corporate IT Department, there is multiple types of Web hosting providers out there. There’s Telecom Carriers, there’s IT outsourcing firms like IBM or EDS, there’s specialized managed Web hosting companies that are more of a (Inaudible) like a Rackspace for example, and then of course, there is the mass market hosters like GoDaddy or Yahoo, but as an enterprise customer, I think it’s really important, they need to assess whether the hoster can provide the scalability, needed to support their anticipated application growth and complexity and scalability isn’t just about providing data center capacity and processing power.

It may require the use of virtualization services or on-demand utility to achieve the economies of scale that are going to make the difference for that enterprise in terms of really lowering its total cost of ownership in an outsourced model. The enterprise also needs to evaluate the provider’s capabilities in terms of prepackaged solutions, levels of customization available. Last but not least, I’d say, they need to consider, the training and availability of support staff at that Web hoster, what kinds of certification does the staff have, availability of SOAs, what are the penalties for non compliance, there’s just really a whole diligent process, that an enterprise needs to go through to ensure that they are selecting a qualified Web hosting provider.

Jim Leach – SAVVIS
Oh Rona, this has been a great conversation and we’ve gotten a chance to talk with you about telecommunications and networking and Web hosting. Let’s put on your forecaster hat for the last question and give you the opportunity to look out five years, what recommendations would you give to Web hosting companies and corporate IT Departments?

Rona Shuchat – IDC
It’s going to be really important for companies to be able to dynamically scale their applications under increased usage and load and only pay for what they use, I think cost is still going to be a critical consideration for IT Organizations. So, in response to that, I think, it’s going to be a really important for hosting companies to be able to offer very granular utility computing service model, that can support very cost efficient solutions to help companies to be able to scale — outsource more complex applications and in the same breath really keep their costs under control.

Jim Leach – SAVVIS
Oh, thanks again, Rona Shuchat; Research Director at IDC and thanks to our listeners for joining us for this edition of Thought Leaders.

Copyright ©2006 PodTech.net. All rights reserved. Privacy policy

Tags: Thought Leaders, SAVVIS, Rona Shuchat, IDC, deep packet, virtualization

More information at:
Symantec.com

Transcript:
Editor – PodTech

Hello and welcome to this Security Response Podcast presentation for January 22, 2007 brought to you by Symantec, the world leader in providing solutions to help individuals, small businesses and enterprise; assure the security, availability and integrity of their information. Today’s Podcast is focused on ‘Trojan.Peacomm’ or is it also known ‘Storm Worm’. Trojan.Peacomm and his variance or a new Category 3 threat that Symantec has seen propagating in the wild. The goal of this Podcast is to provide you with the summary of what the threat is, its impact, as well as provide you with some information on how to protect yourself and your organization.

On January 19th, 2007 Symantec begin receiving alerts on Trojan.Peacomm. Due to an increase in the speed and volume in which this threat is being spammed across the Internet, Symantec has raised the threat level this particular malicious code the category three. Initially, appearing to come from Russia, this Trojan horse program targets Microsoft Operating Systems and arrives as an attachment and email currently being spammed to users around the world.

In the hopes of spreading spam that pumps up penny stocks the author of this malicious code or attempting to trick users into installing the Trojan horse contained in the email. Attackers are using fake news headlines and the promise of a video clip to get unsuspecting users to open the message. Examples of the emails subject lines or 230 dead as storm batters Europe and Fidel Castro is dead. Contained in the email is an EXE attachment with title such as full video.exe, greeting postcard.exe and fullnews.exe among several others.

If an unsuspecting user is tricked to opening one of these attachments, the Trojan will install a number of threads including a rootkit, which attempts to hide itself in the operating system as well as the UDP based peer-to-peer communication channel, which can be used by the Trojan to communicate with several known IP addresses. Once the Trojan has been successfully installed, the infected machines will attempt to connect these addresses and then in turn begin to distribute high volume of penny stock spam.

Symantec Labs have observed an average of over 3500 spam messages per minute being sent on infected machines. In order to protect yourself from Trojan.Peacomm and his variance users and system administrator are advised to perform the following actions. Update your antivirus signatures, antivirus signatures have been available from Symantec since January 19th , but users and system administrator are advised to check for updates on possible new variance of this thread, make sure to configure your Firewalls, email solutions and gateway machine to drop all executable attachments. Update your antispam products to ensure that spam messages distributed by Trojan.Peacomm are stopped at the email gateway, as well as filtering incoming and outgoing activity over UDP port 4078, 71.

Finally, Symantec recommends that users never open any email or attachments from unknown or untrusted sources. For more information on this particular threat, point your browser to www.symantec.com/enterprise/security_response/index.jsp. That concludes our Podcast for today. Thank you for downloading and listening to the Security Response Podcast brought to you by Symantec, the global leader in information integrity, providing software appliances and services to help individual and enterprises secure and manage their most important asset, their information. For more information about this subject related products or additional Podcasts, make sure to visit www.symantec.com.

Copyright ©2006 PodTech.net. All rights reserved. Privacy policy

Tags: Symantec, Security Response, Trojan.Peacomm, trojan horse, Symantec

More information at:
Symantec.com

Transcript:
Host: Editor - PodTech

You’re listening to a Symantec Podcast powered by PodTech.

Editor - PodTech
Hello and welcome to this Security Response Podcast brought to you by Symantec, the world leader in providing solutions to help individuals, small businesses, and enterprises, assure the security, availability, and integrity of their information. This Podcast will present a roundup of the Symantec Security Response to weblogs posted in November, 2006. Blogs posted by Symantec Security Response engineers this month include a number of interesting topics. Zulfikar Ramzan discussed the cost of online fraud for two online brokerage houses. Patrick Fitzgerald wrote about online fraud that uses spam containing this leading investment tips. Dave Cole provided an update of this Symantec Phish Report Network. Shunichi Imano reported on a security concern affecting Broadcom Wireless Drivers; and finally Orlando Padilla recounted the results of Symantec’s research into the new Microsoft Vista Operating System for its resistance to malicious code. In his blog entitled, “A Dollar Figure on Online Fraud.” Zulfikar Ramzan discussed the cost of online fraud for two online brokerage houses “ETrade” and “TD AMERITRADE” estimated that online fraud had cost them a combined $22 million.

These losses were incurred through a scheme known as Pump-n-Dump and which fraudsters use stolen password and account information to manipulate stock prices. This confidential information was stolen using Keystroke Logging Software and Software Scraping Software. Both of these tools allow attackers to give all information entered into a compromised computer. Zulfikar goes on to describe some steps that the brokerage houses can take to detect suspicious activity. He also explains there are steps that you should take to ensure that your online transactions are protected these include the use of antivirus and Anti-Spyware Software using different passwords for different online accounts and not opening any attachments that do not come from known trusted sources.

Finally, Zulfikar recommends that you not conduct confidential transactions on unknown computers. Computers in public places such as internet cafes are often infected with malicious programs such as Spyware. It’s crucial that you’re sure that the computer you’re working on is secure and free of Spyware before conducting any confidential transactions. The best way to do this is to restrict such activities to you personal computer. In a related topic, it now appears that attackers maybe using spam messages to manipulate stock prices and so called Pump-n-Dump schemes. Patrick Fitzgerald explained that the virus Rustock.B has been detected sending spam that, contain stock information and false projections on future prices for the stock.

The stock in question was selling for $0.65, but was projected to be selling for $10 within 5 days, but this promise of quick earning potential would encourage speculators to buy the stock at thereby driving up the price artificially, as Patrick explains the stock rose from $0.65 up to $2 per share over a five-day period. The scammers within sell their holdings of the stock, which they bought at a very low price at the higher price caused by the speculator buying. After a few days, the stock returned to its natural price and those who had bought it based on the false information in the spam message would have lost their money. This type of spam activity may become more common as attackers realize its potential for easy earnings. As Patrick reminds us investing in stocks advertised by stock-based spam is definitely not a good idea.

The Phish report network is an extensive anti-fraud community in which members contribute and receive fraudulent web site addresses for alerting and blocking attacks across a broad range of solutions. The network is a community initiative led by a group of vendors including Yahoo!, Netscape, Symantec, and others and it’s open to any organization who wants to have phishing activity targeting their brand blocked through the networks community of solution providers. In his blog Dave Cole announced that any and all computer users can now submit their fresh phishing information to the network.

They can do this by visiting the following web site https://submit.symantec.com/antifraud/phish.cgi. They can then cut and paste the URL of the fraudulent web site in to the form provided. Once the web site has been submitted, Symantec will let the web site determine if it’s indeed fraudulent. If so, it will be added to a blank list, which will then be incorporated into the security products of participating vendors, allowing them to protect their users against phishing attacks using the fraudulent web site. The intelligence will also be forwarded to numerous financial institutions, which can then use the information to help law enforcement agencies to track down potential fraudsters. With the rapid adoption of wireless technologies, security of these devices is becoming a more urgent issue. It has blog entitled, “Wireless Monkey on the Loose.” Shunichi Imano reports that functional exploit code for Broadcom Wireless drivers has been made available to the public. A wireless device maybe vulnerable to this exploit if the computer has a susceptible Broadcom Wireless and network card and is running the drives in question.

Unfortunately, due to the nature of wireless networking all that is required of the attackers to be within range of the vulnerable machine. Because this vulnerability occurs extremely low level within the networking protocol, there maybe difficulties in detecting these attacks using standard IDS or IPS methods Shunichi recommends that you update the wireless drives as soon as possible. If your computer is running a vulnerable version of the Broadcom Wireless driver; otherwise, you should avoid using you wireless card to connecting networks in insecure areas and also be aware of the risk involved when connecting to wireless networks. Microsoft has finally released its much anticipated Vista Operating System. Vista is expected to address many of the security issues that have played past versions of Windows. Orlando Padilla’s blog entitled, “Hit or Miss? Vista and Current Threat Survivability” assessed Vista’s ability to protect against known malicious code samples.

In order to test Vista Symantec researchers gathered approximately 2000 unique instances of malicious code. Malicious code was selected randomly and included Rootkits, Trojans, Spyware, mass mailers, and so on. The researchers executed the code using this as a default user account control settings to determine the malicious code’s ability to execute on the target system and compromising on average about 70% of the malicious code tested loaded on Vista successfully and executed without a crash or runtime error. Howerver, successful execution does not necessarily mean the Malcode has fully compromised the victim host.

Out of this 70% of samples that we’re able to execute, only about 6% were able to fully compromise the targeted computer and even smaller number of 4% survived the system reboot. The rest did not execute properly either due to incompatibility, unhandled exceptions, or security restrictions. Orlando states that it’s easy to see why malicious code fails to successfully infect Vista. Malicious code authors regularly assume that users are running with administrator privileges. They usually attempt to modify system settings and/or global user environments such as registry keys and shared documents. They also attempt to bind a port with little interference. In Vista, these common tactics are now restricted or virtualized. Despite this, the majority of file infectors executor were able to modify other executables in the user’s directory. This is dangerous if the accounts are shared or if the user decides to share one of the directories that contains infected files.

Orlando concludes that while the results of Symantec’s research initially bode well for Vista, it is reasonable to conclude that malicious code authors will adapt to the new operating system. They will likely no longer target the system as a whole, instead they will target the users environment, a large portion of Symantec samples had failed because of unhandled conditions with no alternative code paths or because they were not able to execute within Vista’s new security environment. With relatively minor changes. Malcode authors can resolve these obstacles and when that happens, Vista will likely be more susceptible to successful compromise by malicious code. That concludes our security response Podcast for today.

For the complete text of this month’s blog postings point your browser to www.symantec.com/enterprise/security_response/weblog. Thank you for downloading and listening to the security response Podcast brought to you by Symantec, the global leader in information integrity, providing software, appliances, and services to help individuals and enterprises secure and manage their most important asset, their information. For more information about this subject, related products, or additional Podcasts make sure to visit www.symantec.com.

Copyright ©2006 PodTech.net. All rights reserved. Privacy policy

Tags: Symantec Security Response, Microsoft, Broadcom Wireless, Symantec, Security, Zulfikar Ramzan, Patrick Fitzgerald, Dave Cole, Orlando Padilla, Symantec

More information at:
Symantec.com

Click here for transcript.

Tags: Symantec, Security, Jonathan Omansky, Orla Cox, Candid Wueest, Josh Harriman, Symantec

More information at:
Symantec.com

Click here for transcript.

Tags: Symantec, Security, online games

More information at:
Symantec.com

Click here for transcript.

Tags: Symantec, Symantec Security Response

More information at:
Symantec.com

Tags: Symantec, Security

More information at:
Symantec.com

Tags: Symantec, Security