Red Dawn: Unit 61398 – Now What?

Some of my ‘so-called’ friends that help organize the RSA Security Bloggers event have decided that folks that attend should actually have blogged something recently, well I haven’t so to make them happy…

With the increasing frequency and severity of advanced threats perpetrated by highly-organized and sophisticated groups and nation-states, enterprises need to realize that they are either compromised or will be soon. Traditional techniques need to be augmented with more sophisticated and exhaustive methods to provide visibility into all aspects of the internal environment – this requires continuous monitoring and analysis of all ingress and egress traffic patterns from every host on the network regardless of the source, destination or type of traffic.

There are 5 key initiatives that every organization should implement:

1. Invest in security professionals that have strong experience with forensic investigation and incident response
2. Implement incident response programs that complement and extend current prevention approaches to information security
3. Deploy network security technologies that provide deep visibility into the state of the internal network and can collect, analyze and archive massive amounts of all network flow data
4. Ensure network monitoring solutions integrate with existing network security tools, such as IDS/IPS, SIEM, and firewalls
5. Make security awareness throughout the organization an ongoing element of the information security program

Brevity is a gift shared by very few in the security industry =)

Chinese Government to Ban All US-Based Technology Companies and Products

Beijing, China – April 1, 2010 – The Chinese government announced that effective immediately all US based technology firms and associated products and services will be banned from all Chinese government and state-run agency IT environments. The ban is expected to include critical infrastructure, such as military, finance, utilities, and healthcare as well as education, retail and manufacturing companies. Continue reading →

The Top 5 Cyber Security Myths

Given the media hype around the Conficker worm (and now Gumblar), and the constant barrage of alarming disclosure announcements, I thought it would be a good time to take a calmer look at some of the security myths, misconceptions and mistruths that plague the industry.

Many of these cyber security myths have been around for close to a decade. They have driven marketing campaigns and have sold a lot of traditional newspapers. But for the most part these threats have proven much less dangerous than ballyhooed. Worse, they distract us from addressing the routine problems that lead to a more secure global IT environment. Until we can address every day vulnerabilities threats, how can we justify focusing on exotic edge cases? Continue reading →

US Warned of China ‘cyber-spying’

From the “you had to have seen that coming” department. The BBC is reporting that according to a security review council report to congress China is aggressively pursuing “cyber-spying” (here)

China has stepped up computer espionage against the US government and American businesses, according to an influential Washington congressional panel.

In its annual report to Congress, the panel warned that China was gaining increasing access to sensitive information from US computer networks.

It said China was aggressively pursuing cyber-warfare capabilities to gain an advantage over the US in any conflict.

China is stealing vast amounts of data from US computer networks, said Larry Wortzel, Commission chairman