Skip to main content


Showing posts from April, 2012

Infosec Europe 2012 Review

The end of another week, and the end of Infosec Europe at Earls Court.  Europe's biggest free three day event seemed as popular as ever, with an estimated 10k visitors over the three days (most seemingly at once at Wednesday lunchtime...).

Whilst there seemed to be a vaguely superhero theme (I certainly saw Robocop, a troupe of Wonderwomen and perhaps a Purple Meenie as marketing gimmicks..) there was a selection of some great talks, technical demo's and water cooler chat surrounding the main security issues of the day.

The keynotes were split across a range of topics from general compliance and CISO management through to the general focus on BYOD and mobile devices.  With the latter, many organisations know there is a potential threat with mobile and personal devices, but many are struggling to find the correct balance between policy, controls and manageability.  Thursday on the keynotes was another chance to go over the newer concept of Advanced Evasion Techniques.  Whilst …

Big Security Data to Big Security Intelligence

The concept of 'Big Data' is not new and was generally used to discuss the vast amounts of information resulting from the processing in areas such as astromony, weather or meteorological planning calculations.  The resulting processes produced petabytes of data, either in the form calculated results, or via the collection of  raw observations.  Approaches to store, manage and query the data vary, but many utilise concepts such as distributed and grid computing with vast amounts of physical storage, often directly attached (DAS), based on solid state or high speed SATA devices in order to allow rapid query execution.  Massively Parallel Processing was then applied in front of the data in order to execute rapid relational queries.

In recent years, networking, consumer and and social media applications have started to produce vast amounts of log, user and alerting information that needs to be stored and analysed.  For example, Walmart handles more than 1 million customer transact…

Security Patching for People

The updating of application and operating system software is a common phenomenon with individuals and organisations keen to reduce to zero-day threat impact that exists when a security vulnerability is still unknown to the software vendor.  Obviously, once the vulnerability has been identified, a new hotfix, patch or service pack is released which can reduce or remove that threat window which may have been exploited during that 'zero-day' phase.

There are countless warning centres for specific operating systems and platforms that aim to identify vulnerabilities to existing versions and in turn provide guidance on how to remove the vulnerability.  In general, software vendors nearly always recommended environments are patched to the most recent stable release in order to provide the best possible support.  In many scenarios support agreements can become quickly invalid or at least support withheld, if an environment is not at the most recent patch level.  All fairy straight for…

Do We Have a Duty to Run Anti-Virus Software?

If you have children under the age of 11, you are probably already familiar with the continual trips to inoculation clinics for things like Polio, Tetanus, Hepatitis, Measles, Mumps and so on. Whilst not all vaccines are compulsory by law, there is a strong suggestion, that unless your child has a known reaction, there should be inoculated. Whilst there might be a small chance of a side effect, the general goal is to overcome the small risk to the individual and focus on the benefit to society as a whole, if a particular disease can either eradicated in its entirety, or managed to such an extend that it no longer becomes mainstream.

The same approach can really be said around the practice of anti-virus and anti-malware for both the individual and corporate landscape. There's a process of virus identification, then a preventative approach governed by anti-virus and anti-malware software distributed on all exposed devices. The end result is hopefully one where the virus has limi…

Does a Data Breach Make You More Secure?

A breach.  A data loss incident.  An insider leak.  A media report of client data loss.  All would probably bring about a mild panic attack for most CISO's.  Eventually and dependent on the size of the organisation, that data breach will end up in the public eye, either via official acknowledgement that a breach had occurred - as is required by say the UK Information Commissioners Office - or a simple media response to explain that 'everything is under control'.  Ultimately that public information, could damage the brand and future customer base of the organisation.  Dependent on the industry and type of product or service that is being offered, the damage could be irreparable.

The sources of data breaches and losses are many and complex, with new and complex attack vectors appearing all the time.  If we could quickly categorize a data breach we would probably come out with a list something like this:

Malicious cyber attackMalware within the corporate networkNegligent emplo…