The life of a security researcher is not all beer and pizza. In most cases the days are long and very few seem to appreciate what you are doing. From the stand point of a security researcher they are the good guys trying to help push an agenda of security. They spend countless hours finding the holes in code and hardware before the “bad guys” do. Sure there are bug bounty programs that pay fairly well and some researchers work for larger firms, but it is not all about the money or attribution.
Last year at Black Hat USA 2014 we met up with a company that was looking to make some changes in the way we protect our data, Ionic Security. The concept was very simple, but the implementation was sure to be complex. I was not sure that what they wanted to accomplish could even happen. However, after a conversation with them I became more than interested. It was a simple concept, but it did not need to be overly complex. To make things even more interesting this was not a truly new idea, but it was one that had never been implemented for real data security.
In addition to seeing more than a few products and ideas during Black Hat and DEF CON we also had the chance to see something really cool from the team at Trustwave. This was not a product, but a chance to see the back end of the command and control servers for a new and improved version of the RIG exploit kit. To say that what they showed was impressive is an understatement.
The one common thing that I keep hearing everyone talk about at Black Hat and even DEF CON is how to protect your data. It is pretty much a given that if someone wants to get into your network they are going to get in. The number of flaws, vulnerabilities and compromises that are out there are simply too many to protect against. So there needs to be some other method to make sure that any sensitive data that you have is keep out of the hands of the “bad guys”. There are many suggestions about this, but most of them still try to do the same things stop the barbarians at the gate.
Have you ever lost your keys and had that moment of panic where you are not sure who might have them? This is not a good feeling. You do not know if someone has them and might use them to gain access to your things. This is the same feeling that should be running through the minds of every IT security professional right now when they think about their certificates and keys, but sadly this is just not happening. The reason that there is not more concern is that far too many even realize just how vulnerable they are.
One of the truths in security is that while an attacker can stay hidden they can continue to operate. In short, if you do not know about something, there is nothing you can do. Now you would think that this fact would encourage firms to talk about breaches and hacks more openly, but this is still not the case. One of the things I have seen over the years is that every company operates as an island. They do not share threat information (they might share your private data, but not threat information). This has created an environment where threat actors can continue to maintain attacks even after discovery at a different location. It is also why we tend to see the same threat vectors used over and over again.
For a while now (many years actually) I have argued that the rush to turn everything into a techno-gadget has been irresponsible and dangerous. However, companies that are looking into the “Internet of things” simply do not care. They see dollar signs and revenue streams in adding services to their devices that were a one-time purchase before. Because of this they are blindly rushing products to market that are open to attack on a massive scale. Consumers who are ignorant to these flaws are buying them up at a rapid pace leaving themselves exposed to data theft and worse.
Although much of the press surrounding AMD at the moment is focused on their lackluster earnings for Q2, there is some potentially good news from them. AMD’s dive into the use of High Bandwidth Memory is going to continue with their next GPU line up. According to the information available the next generation of GPUs will be code named Artic Islands and should be manufactures on a 16nm FinFET process.
Last year during DEF CON 22 we saw a demonstration of a UEFI root kit that was extremely worrying. This root kit was installed using a multipart systems to infect the UEFI BIOS in such a way as to grant the same level of access to an attacker as the CPU has (Ring 0). It was an almost unprecedented style of attack. When we reported on this many seemed to feel that it was not an issue. Now researchers are finding evidence of this same type of attack in the data lifted from the Hacking Team.
New Trustwave Security Intelligence Dashboard Bolsters Enterprise Visibility into Threats and Vulnerabilities
Enhancements to the TrustKeeper Managed Security Services Portal Benefits Everyone from the CISO to Local IT Managers across Distributed Enterprises
CHICAGO – July 9, 2015 – Trustwave® today announced a major enhancement to the company’s managed security services portal designed to give distributed, complex enterprises more actionable threat intelligence so they can better detect and protect themselves from security incidents, vulnerabilities and data breaches.
Available as part of the Trustwave TrustKeeper® managed security services portal, Trustwave Enterprise View brings order to the multitude of data inputs that make up today’s modern security reality. It gives security teams better visibility into areas not normally covered by security information and event management (SIEM) solutions. With Trustwave Enterprise View, everyone from the CISO to the local IT manager in an organization benefits from customized views designed specifically for their role in the organization. Roles include:
- Chief Information Security Officers (CISOs) -- CISOs need a broad view of the overall organization to be able to report on vulnerability scanning and remediation. With Enterprise View, CISOs can now view vulnerability scan results as well as the historical trend of vulnerability remediation. It also allows CISOs to drill down in greater detail on specific business locations or vulnerabilities.
- Regional Information Technology Teams – At the regional level, understanding how each region is doing and the ability to focus on individual regions is critical. A Regional Director can use Enterprise View to measure new regions as they come online, and identify whether they are meeting corporate security and performance metrics.
- Local Information Technology (IT) Teams – Local IT managers, who can have hundreds of devices to manage, now have visibility into device scan status so they can ensure identified vulnerabilities are remediated as soon as possible. Enterprise View allows local IT managers to easily maintain visibility into all tickets relevant to their piece of the larger organization, track their progress and manage the overall volume against corporate security metrics.
“With Enterprise View, Trustwave offers increased visibility to help enterprises address their security challenges across their distributed organization whether it’s around the block or around the world,” said John Amaral, senior vice president of Product Management at Trustwave. “Contextualized visibility into areas like support tickets and their response and resolution time, overall device availability, recent vulnerability scan results, and many more security-critical metrics are just the beginning of what makes Trustwave Enterprise View an indispensable part of an organization’s security infrastructure.”
With more than 25 data sources to choose from, seven different overview panels, and distinct views into devices, incidents and data sources, Trustwave Enterprise View allows for the creation of the customized security business intelligence dashboards each role requires. With data that maps to organizational hierarchies, staff can see exactly what they need and drill down to the details. Hierarchies relate to information across the organization and multiple security applications – facilitating more rapid decision making. Access can be limited to specific locations within the Enterprise View hierarchy, so that IT pros can focus on their areas of control. From CISOs to local IT managers, Trustwave Enterprise View provides the visibility required to stay ahead of today’s security challenges.
Trustwave TrustKeeper is more than just an intuitive, easy-to-use portal that offers unique visibility into and control of information security. Behind the scenes, TrustKeeper is Trustwave’s cloud-based gateway to a powerful technology platform that unifies the company’s on demand threat, vulnerability and compliance management services.
Learn more about Trustwave TrustKeeper managed security services portal, including the new Enterprise View application, at: https://www.trustwave.com/Services/Managed-Security/Trustkeeper/.
Trustwave helps businesses fight cybercrime, protect data and reduce security risk. With cloud and managed security services, integrated technologies and a team of security experts, ethical hackers and researchers, Trustwave enables businesses to transform the way they manage their information security and compliance programs. More than three million businesses are enrolled in the Trustwave TrustKeeper® cloud platform, through which Trustwave delivers automated, efficient and cost-effective threat, vulnerability and compliance management. Trustwave is headquartered in Chicago, with customers in 96 countries. For more information about Trustwave, visit https://www.trustwave.com.
Follow Trustwave on Twitter at www.twitter.com/Trustwave, on LinkedIn at www.linkedin.com/companies/Trustwave, and on Facebook at www.facebook.com/Trustwave. All trademarks used herein remain the property of their respective owners. Their use does not indicate or imply a relationship between Trustwave and the owners of such trademarks.