Latest Entries »

Cyberwarfare incidences jumped sharply in 2012, Akamai said, with the number of distributed denial of service attacks more than tripling from the previous year.

China remained the largest culprit of cyberattacks, Akamai said. In the fourth quarter alone, 41 percent of observed attack traffic originated in that country, up from 33 percent in the third quarter. The share of attacks from the U.S. slid slightly to 10 percent in the fourth quarter from 13 percent in the third quarter.

“Looking at the full year, China has clearly had the most variability (and growth) across the top countries/regions, originating approximately 16 [percent] of observed attack traffic during the first half of 2012, doubling into the third quarter, and growing further in the fourth quarter,” Akamai said.

The company noted it doesn’t have enough insight to explain why the number of Chinese attacks soared so much.

The question I would like to put forward to the infosec community is how to tackle this growing Chinese threat? What is a viable strategy?

Just going through the Verizon Data Breach Reports of 2008, 2009 & 2010, I notice an increase in the data leaks caused by insiders (18%, 20% & 40% respectively).

Just looking at the present financial crisis in the market and the job cuts being announced, I think we have a ticking bomb here. Nothing is more dangerous than a disgruntled employee. And as fas as I have seen, organizations are pretty lax at the approach towards de-provisioning employees in a fashion that it minimizes the risk.

The focus lately has been a lot on the external threats, thanks largely to Anonymous and Lulzsec, that I fear that this very clear and present threat shall slide by under the radar.

[I know, this part 2 is coming after so much delay. Even I have forgotten what I really wanted to put here!]

After that encounter with the customer, DLP went off my radar for some time. It was while working in a start up, that I kind of rediscovered it while thinking about ideas for a new line of security services. This time around, I had some expert help at hand. Lengthy discussions and brainstorming was done, as I was asked to sell it as a service internally first. Putting a service twist on what apparently looks like a product was a challenge.

But some research actually made it clear. It IS a service, and not a out of the box product, as most people believed.

It’s been a few years since then, but sadly that’s the the perception is still largely. Though there is a shift, yet a lot more needs to happen. I have spent countless hours educating customers on DLP, and have made some headway. But like I said in the beginning, the term DLP itself is extremely misleading.

It does not magically stops/prevent data from leaking from your organization. If configured and implemented correctly, what it is really good at is preventing accidental leaks (like sending an internal price list to a customer by mistake).

A person who is motivated enough will find a way around the DLP. That’s where you need more controls and practices in place on top of the DLP to ensure the overall security of the organizations’ assets.

DLP + other logical/physcial/administrative controls = reasonable assurance against leakage.

Keep in mind. A DLP product isn’t the silver bullet.

Physics and Security

I have always been a physics enthusiast.  Theoretical physics to be precise. Mathematics has never been my strong point.

Last night I was watching  a program on the cosmos which documented the our understanding of the universe and it’s fundamental particles. I couldn’t help but draw some parallels between the way these two totally disconnected domain.

In my mind, the internet is pretty much like the universe. It grows and evolves and some parts of it fade away. On the internet information flows, so does in the universe (if could expand on this point but that would deviate me from the point). The sun is the central server with the planets as hosts (okay I admit, it’s a bit silly, but hang in there).

The parallel came into my head with respect to our understanding the nature of security, what is needed and how much. Every time the scientist discover some new particle/principle about the universe, it answers a few questions, but raises a lot more.

Similarly, whatever little experience I’ve had, security questions have only grown over the years. And I think they will continue to grow. We introduce a technology that addresses an issue, a lot more crop up (it takes us some time before we actually find that out or we live in denial about it – the chip & pin issue for example).

I do not see days getting easier for the security professionals (in a sadistic way that’s good). But just like in cosmology, there is an opinion that another Einstein is needed to relook at the present understanding of cosmology, I think a newer, bolder, radically different approach to security. I am not imaginative enough to come up with one, but I have this belief, that it is sorely needed.