Infosec professionals unsure about abilities to stop cyber attacks
It looks as the great British public is finally losing its patience with those businesses that it views as endangering their personal data, as a survey from LogRhythm claims to show that many people are now aware of the need for data disclosure ...
Barracuda Labs Introduces Hot Security Topics (HST) Ranking System
MarketWatch (press release)
"Information from HST helps to validate market data that IDC provides, and it identifies areas of opportunity where the infosec ecosystem is misaligned." Popular Topics Each exhibiting company provides a succinct company description, which Barracuda ...
by Robert Westervelt
vider OpenDNS has hired away the chief technology officer of security vendor Websense Inc. and is laying the groundwork for a variety of DNS layer security services and products aimed at enterprises.
Dan Hubbard, who spent 14 years at Websense, is planning to build out OpenDNS’ security product portfolio. Hubbard played a significant role at Websense, building the Websense Security Labs and the company’s classification engine, which is at the heart of its security products. The engine is used to filter out malicious websites, block spam and phishing attacks and is also at the core of Websense’s content filtering technology.
Hubbard confirmed his departure this week. A Websense spokesperson said the company is already reshuffling executives to fill the CTO role. Charles Renert, an expert noted for his work with Symantec Security Labs and founding Determina, was promoted to vice president and will assume Hubbard’s responsibilities in the interim.
It’s going to be extremely interesting to see how OpenDNS’s enterprise security plans unfold under Hubbard’s guidance.
I spoke to Hubbard at a reception at RSA Conference 2012 where he exuded a lot of enthusiasm for his new gig at OpenDNS. Hubbard said there’s a potential for a whole new range of security technologies that take advantage of being in the DNS layer. The company, which launched in 2005, already provides malware protection for its users by blocking outbound botnet communications at the DNS layer. It also maintains PhishTank, the largest clearinghouse of phishing information on the Internet. OpenDNS has 12 data centers that handle DNS requests, but also have been collecting threat intelligence data for years. Combining threat intelligence with the ability to keep track of individual IP addresses opens up an interesting set of capabilities for protecting laptops and mobile devices.
The company already has a broad set of users of OpenDNS Enterprise, which provides inbound and outbound protection and is application-, operating system-, protocol- and port-agnostic since it is essentially cloud-based at the DNS layer. The company has been pushing itself as an extra layer sitting between the Internet and enterprise firewalls and antivirus technology at the endpoint. There are some built-in reporting capabilities providing data on attacks and malicious websites that were blocked by the service.
Hubbard’s move to OpenDNS and the company’s security strategy caught the eyes of at least two prominent security luminaries: Dan Kaminsky and Paul Vixie, who attended the reception. Last year, Kaminsky briefly shared with me his vision of what DNS-based security technologies can do. He believes a broad range of technologies can be built out leveraging DNSSEC architecture for authentication and establishing trust in Internet communications. It could provide a much needed injection of trust into the Internet, which has been evaporating in recent years because of a variety of issues, including breaches at SSL Certificate Authority vendors and well known weaknesses in the digital certificate system itself. Vixie has also publicly shared the potential of adding security to the DNS layer.
It was hard, however, to find the enthusiasm for OpenDNS from others at the RSA Conference. The first thing that comes to mind with OpenDNS is its consumer products that enable parents to shield porn and other websites from their children.
Several industry analysts and other security professionals I spoke to were too wrapped up in their own respective areas of expertise, but a few people said they share Kaminsky’s passion for the long-term potential of DNS-layer security technologies.
OpenDNS CEO David Ulevitch told me the company already has the foundation in place to provide a wide variety of security services. He said it just has to execute on its strategy and provide a convincing argument that enterprises can get value out of having security at the DNS layer.
Android malware skyrockets: Kaspersky Lab
Computer Business Review (blog)
In fact, CEO Eugene Kaspersky told CBR at last year's InfoSec conference that the threat to Android and other mobile platforms was, "growing but it's not visible yet compared to Windows. Cyber criminals are humans; they are lazy.
SANS Institute Wins the SC Magazine Award for Best Professional Training Program
DigitalJournal.com (press release)
... The Internet Storm Center - an analysis and warning service for Internet users and organizations; the SANS Reading Room - over 1853 computer security white papers in 74 different categories; Webcasts - live webcasts covering timely Infosec topics; ...
What an InfoSec professional needs to know
Crain's Cleveland Business (blog)
Any Infosec professional you have on your staff should, at minimum, possess the CISSP® certification. CISSP stands for Certified Information Systems Security Professional and, while it is not the only Infosec certification that exists, ...
Posted by InfoSec News on Mar 01Forwarded from: <cfp2012 (at) recon.cx>
Posted by InfoSec News on Mar 01http://www.myfoxdc.com/dpps/news/internet-outage-at-pentagon-dpgonc-20120301-to_18314337
Posted by InfoSec News on Mar 01http://www.wired.com/threatlevel/2012/03/jet-propulsion-lab-hacked/
Posted by InfoSec News on Mar 01http://www.theregister.co.uk/2012/03/01/electronic_voting_hacked_bender/
Posted by InfoSec News on Mar 01http://news.cnet.com/8301-1009_3-57389119-83/antisec-dumps-monsanto-data-on-the-web/