January 4, 2012

Keep Your Enemies Closer : Advance Threat Management

By erinkbanks

I was recently watching a replay of the CBS 60 Minutes report that originally aired in November 2009 called “Sabotaging the System”. The segment talked about viruses, malware, and hackers that have infected the public and non public networks. These include the federal networks such as the US Central Command (CENTCOM) network.  In 2008 the malware, agent.btz had landed on this network. It was believed that the virus found its way through a USB stick. This virus can see everything on the network and for some reason… they cannot get rid of it. According to the following article, the US military networks still cannot remove the virus in their network.

A USB drive… it was that simple. Hackers will find a way onto a network and for some reason, they don’t want to leave. One option that people initially like to take is to  block the USB port but we all know that making security a roadblock for the users can create more problems. A better option is to  use RSA Data Loss Prevention technology to allow only certain USB drives to have access to the system.  However, in spite of  all this work, blocking and denying… they might still get in. And this is  why we employ  defense in depth (multiple layers of security).  I love the RSA DLP capabilities but we need to do more than just lock the door. Looking at the security without the rose colored glasses, you will soon find out that if you have something worth stealing, someone will look for a way to steal it and one layer is not enough. As we like to say… “there are two types of organizations out there… those that have been hacked and those that admit that they have been hacked” (I use this line almost every day).

What does this mean in the long run? It is no longer about the protection, but understanding the threat. The only way to tackle the threat is to understand the threat. Why else did we say, keep your friends close but your enemies closer? How do you do this from a networking standpoint… by monitoring what is happening on the network. We do this by understanding the technology of the malware and its purpose. You can’t protect any of the systems when it’s a new malware and very little, to nothing is known about it. You need to understand where the attackers are going and what is or is not important to them.The technology that RSA NetWitness gives you… does just that. No more saying “we don’t know when they got onto the network and we don’t know what they took”… because you can see everything on the network. It’s literally like having a DVR for your network – you can watch and play back the activity… all activity on the network. When it comes down to it, not knowing what is happening or has occurred on your network is one of the negative facets of network security. Not knowing means that you will never have the ability to fix any problems, fix any holes, protect any data because you don’t know what you don’t know and that is the worst type of security. The fact is hackers are not going away as we try to put up barriers here and there, they still find a way in. Imagine your house is burglarized after you set the alarm, locked the doors, bought the dog…. wouldn’t you want to know how they got in? Wouldn’t you want to know what they took or touched? Do you really think you will feel ok if you stand in the middle of your house and just look at what is in eye view and assume that you will find out what went wrong? It doesn’t work that way… you wish there was a camera, you wish you could watch everything – that would help you prepare in case it happens again, because you would know what they know and you could fix that issue. That is what RSA NetWitness does… it lets you see the threat and it lets YOU manage it.

Leave a comment   |  tags: , , | posted in DLP, NetWitness, RSA, security

December 16, 2011

So You Think Security is Hindering You

By erinkbanks

I was recently reviewing a blog post from a friend regarding security. The line that stuck out to me in his post was putting the “No in Innovation”… seriously? You see my friend indicated that it was a security administrator that said this. I can not tell you how angry this makes me. I understand that people are angered by security. I understand the frustration that Tyler feels with the newly implemented FTP site, I get it that you want to submit your app but you can not (my last blog post) but no one should ever feel that it hinders you. I am going to bite my tongue here and say yes…. at this moment in time, security can feel like a pain in your day to day work. You feel hindered, but it is the just the world we live in and “ten years ago” we felt hindered when we needed a password for our voicemail, or a password in general. Ten years ago we did not need to download the amount of patches that we download now, it was a different world ten years ago in so many ways.

I can not preach this enough when I say everything needs to be looked at for what it does. Seat belts have changed over time because the cars, speed limits, and distractions have changed over time. Sure some people think that seat belts hinder them, it wrinkles their clothes, it puts too much pressure against their shoulders and rests in an awkward place. People don’t like them, it hinders their driving and when you don’t put them on, the car makes the most annoying sound! Remember that when seat belts first came out, they were just a lap belt, now look at them. It is a hinderance but they save our lives. Sure you can not compare the two, but you get the point? Technically, security will never stop being a pain in your daily life because we have not stopped creating the information that can be taken. We are now in a digital world and there is no stopping us… it isn’t going to end and as long as there are people out there that want the information, barriers will continue to be built. Just look at all the barriers that we experience in our day to day life that is not digitally focused. All of these hinderances were added to our life over time, because things change. For instance, my day involved going to class. My arms were filled with books and information and my car was locked so I could not easily but all the items down (hinder #1). I bought my coffee and had to sign the credit card slip. it took a while to run the credit card and have it approved and then to sign and get a receipt (hinder #2)… lets not forget what happens when the credit card machines are not working. I had to stop at the red light and wait for it to turn green (hinder #3). I had to lock the car now that I arrived at the office (hinder #4). I got to the office building and had to pull out my badge that was in the bottom of the bag (hinder #5)… point that I am trying to make, it was not even 9:00 am and I already have five things that created a delay and a pain in my day and I was being positive. Everything is relative. You can’t get mad at the security administrator or the person that implemented the ftp site. You can’t think that security is hindering you. If you want to get mad, get angry about the people that want to steal all the data. We need to learn how to live with the extra steps and understand that it is here to stay. Personally, I think we need to have more steps but that is another blog post.

Leave a comment | posted in security

November 22, 2011

Policies Are (some) Man’s Best Friend

By erinkbanks

I recently got into a discussion (not an argument… a discussion) with a fellow electrical engineer. We were discussing the impact of Steve Jobs and his recent passing. To be completely honest, I am a true Apple believer through and through. To the 6 iPods, 3 Mac laptops, iPad, iPhone, AirPort, and my personal favorite, Apple TV that I own… wait lets not forget the Apple stock… I believe in Apple but most importantly, I trust them. If you look at a couple of blog posts back, you will see my triangle of trust. Part of that triangle is TRUST… another part is POLICY. Apple has policies. In order to get an application into their App Store, you need to meet their policies. I love the fact that because I purchase items from the App Store my risk level is reduced. Not just any app can go in to the store. Clearly I do not jail break my iPhone, I find no reason to. Why? I use my phone for personal use (and a blackberry for work), I don’t need an unstable, unsecure environment, I don’t need to put myself into any more risk.

You see, my fellow EE wanted to submit some apps and he was upset because his apps didn’t meet Apple’s policies. He didn’t like this fact at all but he seemed to forget who he was writing the app for. As I tried to explain to him, not everyone that accesses the app store is an EE. This is a smart phone but that doesn’t necessarily mean that everyone that uses it is smart. Policies are in place to protect those that don’t quite understand the ramifications of their actions. The policy for password configuration is there so that people don’t use “password” for their password. When people use this word, they clearly are not thinking about security. So what do we have to do? Put a policy in place that says you must special characters, capitals, etc. At least make it harder to get hacked and make it “P@$$w0rd”… let’s make them work for it. If you don’t have policies like this, people will do anything. This isn’t just needed for security, we have policies for everything both for personal and authoritative reasons. Policies such as locking the door at night, turning the alarm on, turning the lights off when you leave the room, wearing a helmet when I snowboard, speed limits, wearing seat belts, or wearing a helmet when I ride a motorcycle. Policies are everywhere and they create stability, why would you not use them in your data center and your corporate environments. The kids need to be home by 11:00 pm, why wouldn’t you ensure virtual machines are deleted?

It would be great if we lived in a world where policies did not need to be implemented, I would love that and I am not saying that we need to have rules for everything. I understand his frustration and I understand this is why he does not have an iPhone but if you forget who your audience is, if you forget the level of security knowledge that is out there, then maybe your app should not be available in the store. I am not saying that the App Store is perfect and that all Apps are 100% safe but when I am still explaining to my nephews and nieces about the information they are posting on facebook and youtube, then I will take the policies. It gives us all one less thing to worry about… I will take that any day.

2 comments | posted in policies, security

November 15, 2011

EMC and RSA… Enabling Virtual Administrators

By erinkbanks

Every day as I work with virtualization and the components that surround it, I am reminded why I love working at EMC and RSA. Yes, I have the privilege to work with the mother ship, EMC as well as the security division, RSA because both virtualization and security are my passion. One of the many reasons why I feel that EMC and RSA are the correct choices when developing your virtual environment is because EVERY… and I mean EVERY product manager of the EMC and RSA products tells me that their role is to “enable the virtual administrators”. Every product that EMC and RSA rolls out their doors at the core has two things in mind, security and virtualization. EMC and RSA build their products with security at step one. As a person who preaches about security, how can I not love the fact that the company that I work for chooses to build security into the fabric of their products. More importantly how can I not love the fact that the products are being developed specifically with the virtual administrator in mind

Simplification of the technology is the easiest way to ensure adoption. Outside of that, the users are just looking for excuses. If you simplify the technology, why wouldn’t someone implement the capabilities. If you break down the silos and give users the things they need to get their job done, why wouldn’t you implement the capabilities. If you enable the virtual administrators, why wouldn’t you implement the technologies that are there to simplify and break down your daily tasks. Are these not the tools that we have been asking for… the tools that we needed?

This blog post isn’t to go through the entire list of integration points or to cover the capabilities, this blog post is to clearly state the obvious… (my stake in the ground)… when you think virtualization you must think EMC and RSA. I have discussions with customers daily about their frustrations with wanting to move further down their journey to a virtual data center, customers want to be enabled and I am here to tell you that EMC and RSA understands that. We understand the pains mainly because we are our own best and worst customer but built in to us, built into our culture is virtualization and simplification. We work with these technologies daily just like you and we beg to have the capabilities that make sense. All our solutions, across the board, from the management suite, to backup, to recovery, to storage, to security are on the journey with you to the virtual data center.

Leave a comment   |  tags: , , | posted in EMC, RSA, security

October 31, 2011

The Security Landscape is Changing

By erinkbanks

I was recently reading the document created by RSA, “When Advanced Persistent Threats Go Mainstream” . It talks about the changing landscape of security, specifically regarding Advanced Persistent Threats (APTs) and how it once again has made us rethink security. Now, I am completely fine with rethinking security. I love the fact that security is constantly moving, I like to be kept on my toes but what I found most nerve wracking is that it seems the new landscaping means that we need to wave the white flag. Are we at the point that we have “given up” on security and we now want to focus on realizing the level of acceptance? Ok so I may be exaggerating a little bit but what this papers identifies is that everyone is susceptible to being attacked. The target is constantly moving and yet everyone is the target. Taking pieces from individual entities and putting them all together in order to get the full puzzle. Does admitting defeat define companies now? Does admitting you are susceptible along with hundreds of others companies make it “cool”? When it comes down to it, there are two types of companies, those that have hacked and those that admit they have been hacked.

It appears that we are changing this landscaping specifically because of the end users and their realization of security. I get annoyed when I hear others talk about the fact that security is hindering their day to day life either at work or at home. Clearly people are not getting the message. Even though their personal accounts might have been violated through other breaches such as Sony, Nintendo, and Gameloft, people are not asking for more security…. they are asking for less. Taking how the end users look at their security helps define the security policies and plans but does this new landscape change anything pertaining to the end users? I know that we can not shut down all access but I feel like we need to use the tools we have it prevent such situations. For instance, using virtual machines for individual internet surfing sessions or using virtual machines to open attachments and scanning them could be ways to reduce risk as well. We have some of the tools and we need to continue to grow our capabilities but I am not sure I am ready to wave that white flag. The fighting will make us stronger and make us smarter, we can’t back down on this challenge.

Leave a comment | posted in security, virtualization, virtualization

September 21, 2011

You Want Security? Google Your Name

By erinkbanks

Wow… this one scared me!!! I recently received a call from a friend in the past… the far far past. I had not spoken to this person in over 15 years so to hear their voice on my home answer machine scared me. It scared me not because this was a voice from the past but because I did not know my house phone number…. how did he get it? Seriously, anyone we had in common would not have my home phone number so they did not give it to him. What is going on here… I started getting paranoid. So what was left but to google myself. First off, as much as this blog post is about knowing what is out there regarding you… googling yourself is a scary activity. I found some crazy things out there and some crazy people that have my name. Don’t forget to click that “images” option. I giggle thinking about it as I write this post.
Anyway… googling yourself is important to understand what others can know about you. I constantly stress that security will always come down to the individual, come down to you. If you don’t know what others know, how can you protect yourself, your life, your job, your career. For instance, the website www.spokeo.com had way too much information out there about me. It “blocked” out some information. For instance, XXXX’d out the last four digits of my home phone number but if you paid for the service, you got everything (we have a winner!!!!) This site had a lot more information about me to the point that I felt that I needed to remove myself from the site. Sometimes I wonder if I should pay the fee to see what else you get but I just refuse to give them my money… then again, I should know what they have. They do allow you to remove yourself from the website (go to privacy section) but it is not permanent and you have to keep going back to see if you reappeared.
My point, you must be vigilant and protect yourself. As we have seen, protecting yourself is not just about protecting your credit card information, protecting yourself comes down to so much more. What if you are one that opens the attachment or clicks the link that lets in the bad guys… nobody wants to be that person. Say you get a personalized email or phone call and you think that there is no way someone would know about the information, you are more then likely… wrong. Think about it, they know where you work, where you went to school, where you live… they can call you up and say they are from the alumni organization and they want to get some additional information from you for their records. They know it, they know about you, you just didn’t know it. They are getting smarter and therefore you must be smarter. I know that it isn’t a solution but it is a start and that is all I am looking for. I know that spokeo pulls the information from other sources but I have to fight what I can. If you realize this information is out there (whether you choose to remove yourself or not) will only require you to think a little bit differently about security. I know we all like to think that we are all safe and sound in our internet bubble (well my mom does), I wish that were the case, but it isn’t and not to scare you, it is only getting worse. Take care of yourself and take care of your public information.
I thank websites like these mentioned for providing me great context during my conversations and for helping me prove my points. Without you, my friends from the past would not be my friends of the present (then again, I thought is what facebook was for).

ps… while we are on the topic of google… if you have a gmail account if you aren’t using the google authenticator … you are crazy

4 comments   |  tags: | posted in security

August 11, 2011

Why Virtual Desktops are the BEST Thing in the World

By erinkbanks

I have been dying to write this blog for months because every conversation that I have with customers includes asking them if they are planning on implementing virtual desktops. The discussion does not need to be focused on security for me to ask this question either. The customer may want to talk about virtualization and I bring up virtual desktops because I feel that it will benefit their organization. I can not tell you how many times I see new employees join a company and they do not have a laptop available for them the first day. It ends up being days until they can get their hands on a system. If the time gets too long, they have to find a loaner system that is incredibly out of date and slow. This puts such a bad taste in the new employee’s mouth. I am sure they are real happy about taking that job. Now imagine the employee gets to bring in whatever system THEY want, including their own personal computer or tablet and they can connect into a corporate virtual desktop that is up to date with all the appropriate enterprise and security software. The system is available immediately and there is no time wasted and the employee gets to use what they want. Now the employee is excited they took this role. They don’t have to worry if they have some clunky and heavy system that they need to be dragging around. Now you can eventually give them a corporate laptop if you wish, based on what the new employee wants but no worries because their virtual desktop is still available and immediately accessible from the new system. No downtime for anyone.
Now lets add some security into the discussion… an employee acquires a virus on their corporate laptop because they are using it for personal access. This virus requires a complete rebuild of the system. This employee is a remote employee and needs to send the system in to the corporate IT organization, wait for the IT department to fix the system and then ship it back to your location. This could take days… possibly more then a week. That is a long time to not have an employee working. Imagine a world where the employee could access their virtual desktop from a secondary item like their personal system or tablet. Lets take the security discussion further and identify the general advantages it provides such as all the data stays in the data center, the ability to implement additional authentication capabilities like RSA SecurID, the data loss prevention capabilities. I personally love this one the best. As an employee, I personally can launch my virtual desktop from my personal system and the information stays within the virtual desktop because I can not copy to my personal system. Even better, say that the RSA Data Loss Prevention system is implemented and I am working a couple of programs for separate customers. They do not want the information co-mingled or to even move to the underlying system, RSA DLP can stop this. When the program is over my access is removed and the customers’ data stays with them (they keep the IP). No worries by the customer what I am doing with the information because I no longer have access to the desktop and the information is not on any other system.
There are so many advantages for companies, organizations, or programs when implementing virtual desktops. I understand that there are challenges to starting this process. It may not be something that you implement immediately. Maybe you need to wait until the users systems need to be refreshed. There are many reasons why you need to hold off but that does not mean you should not be having the discussion. For instance, say you want to implement a data loss prevention system within your company. You know you will eventually go to virtual desktops, does the vendors solution work with virtual desktops and which virtual desktop. Does your two factor authentication solution work with your virtual desktop solution?  This is a process and I highly recommend you start off small. Get the users used to the new system and find the right users for the beta program. Not everyone needs a virtual desktop, some will need many… either way, it is a discussion you should… no I take that back… MUST be having for the sake of security as well as the sake of your business

2 comments   |  tags: , | posted in security, virtualization

July 12, 2011

vShield App with Data Security … my favorite part of vSphere 5

By erinkbanks

Today was a big day in VMware land. Paul Maritz and Steve Herrod announced the release of vSphere 5. There are a multitude of capabilities and features that are just too many for me to list… but then again, maybe it is because I am only really excited about one… the vShield App with Data Security embedded with RSA DLP. I am sure you don’t have to ask, I mean finally we have incorporated data loss prevention capabilities directly into a virtualization solution. Finally we are simplifying security for the customers… finally we are providing out of the box capabilities to the administrators whether they are responsible for the infrastructure or the security of the infrastructure. I have said many times that the solutions are there but the customers are just struggling to get discover them and use them. How amazing will it be when I get to talk to customers and get to show them what they can do without having to discover anything BUT the data.

The vShield App with data security has the ability to (OUT OF THE BOX) discover and classify PCI, PII, and PHI sensitive data in your virtual machines. The RSA DLPs product suite always has the knowledge needed to provide OUT OF BOX capabilities to accurately discover what you are looking for. There is no need to create policies for credit card data, social security numbers, driver’s license numbers (and many more)… it is already in there. This is the information you want to look for. You want to ensure that you are complying with the security policies that your company has developed and those that they have to follow. Now imagine that you are you can bring up reports that identify what policies are violated and what files created this violation. Imagine that you can receive syslog messages and then compare it to the other activity that is occurring within your network.

It is a start… the future opportunities are endless. My hope is that when the customers get familiar and comfortable with the RSA DLP capability available within the vShield App with data security, they will expand on it. They will incorporate all the RSA DLP solutions. The technology that RSA DLP has available to assist users in determining sensitive data on endpoints, data centers, and data in motion is invaluable. RSA literally has teams that specialize in linguistics, information sciences, and regulations. They have taken the difficulty associated with wondering how you actually define the information you are looking for.

I do not have to provide you with the multiple examples of data that have gotten in to the wrong hands. With this new capability the excuses are not going to be able to stick. Users can start off “small”, getting comfortable with the idea of discovering and classifying data in their virtual machines and build up to discovering even more data in more areas. Eventually… no data will be able to hide or escape any secure infrastructure.

If you are looking for additional information, please review the press release from RSA and VMware

1 comment   |  tags: , , , , , , , | posted in security, virtualization

June 25, 2011

Are you putting your security at risk?

By erinkbanks

With so much news right now regarding security, laws, and breaches, my security discussions have increased. Maybe “discussions” isn’t the correct word because although I want to talk about it they just want to state. They want to state what they have heard but don’t really want to talk about any of it. This worries me because if you are not having the discussion, then you may be putting your security at risk. Now you may be thinking that they may not be talking to me because this is security and part of being secure is being secretive, but that is not the case here.
For those that have chosen to answer the question, “why did you make that decision”, most answers are “I am not sure”… seriously?… You aren’t sure? How can that be? This is your job right? And yet you can’t tell me why you chose that product? Reminds me of the arguments I get in with TSA agents regarding the two bag limit for carry-ons. First off, females are always down one bag because most of us carry a purse. Second, if you are going to ask me to consolidate, you must realize that when I get past security, I just unconsolidate. I have not reduced space at all. I still have not received a single explanation for this rule . No one knows the problem that TSA is trying to solve. I digress… the fact is if you don’t know what you are fighting or what you are fighting for, the battle becomes harder. If you don’t know why you picked that product or implemented that solution, you certainly can’t fight your battle correctly.
If you react and only make claims based on what you see on the t.v., read on the web, or read in the papers, you aren’t getting the whole truth and you more then likely are not making the correct decision. If you pull out one solution and implement another one, this does not mean you are any safer. This isn’t how security works. Security requires you to spend time thinking about the known and unknown problems and the best ways to tackle them. It means picking the product, software, education, configuration and policy changes that solves the known and unknown problems. It means being proactive and not reactive. Ripping out one vendor for another vendor or changing the technology all together will not make you secure. If anything, you may be putting your security at risk. There isn’t one product that will solve everything, there isn’t one answer. It is a journey and a discovery and you need to put time in to it. Security is not solved or fixed with a flick of a switch. There are layers to it. I understand that it is difficult and the unknown is scary and there are no guarantees but if you don’t know why you made the decision, you will never be secure. You need to stop putting your security at risk.

Leave a comment   |  tags: | posted in security

May 22, 2011

Is Security Easy?

By erinkbanks

As I have discussions with the customers I meet and talk to on a regular basis, I constantly yearn to understand the challenges they are facing. What is stopping them from moving forward and implementing the security tools that are available to them. Why purchase that SIEM to only put it on the shelf? Sure, you need to use the money but why would you not use it after you bought it? You know the response that I keep getting… (it rips my heart apart)… “It Is DIfficult”… wait.. what did you say? I just showed you how RSA enVision has reports available out of the box, I informed you of the fact that we use no agents, I just pointed out all the VMware messages that RSA enVision can correlate… OUT OF THE BOX. Doesn’t “out of the box” mean simple?
As I was busy worrying about the products, they were busy worrying about all that stuff that happens before you put the product in place. What am I actually looking for you? What do I need to look for in the future? How do I know what I need to do when I don’t actually know what to do? What policies… what compliance… where do I begin to start? I get it… I get the pain. People think that security is like a big jigsaw puzzle. You open the cover and look at the thousands of pieces and you have no idea where to start. It becomes overwhelming and sometimes you just want to put the cover back on the box. You leave the box sitting there and tell yourself you will get back to it, and it just keeps sitting there…
My concern is without starting the jigsaw puzzle you will be missing more then the finished product. You have to understand, security is a piece in the jigsaw puzzle, not the puzzle itself. It has the correct place in the bigger picture and once you put it in place, the others can easily link up around it. I understand that it is tough to find the piece but once you do, you will see why you needed it and why without it, you will never have a complete solution. You are lost until you have the piece.
Of course there are many companies out there that provide the consulting services to help you find the piece. You see, it is their job to find the piece and help you finish your puzzle. No matter how you start, you can not be afraid of security. It may be difficult in the beginning but everything that you don’t know is difficult in the beginning. That should never stop an organization from implementing solutions that are built to be easy. I understand that it isn’t the products that are difficult, it is taking the first step into the security puzzle piece that is difficult. So let me recap… security in itself is a puzzle piece in a very large jigsaw puzzle. Putting the puzzle together can be difficult, but it isn’t the security piece itself that makes it difficult. The security puzzle piece is essential in the grand scheme of things. Without it, the puzzle can never be complete. Don’t be afraid of it, it can be done and must. Don’t be afraid of the box… opening it… look inside… take a deep breath and start it. Don’t wait until someone throws the box away or until someone opens your box for you and starts taking your pieces.

Leave a comment   |  tags: , , | posted in security

Follow

Get every new post delivered to your Inbox.