by Marcia Savage
r security information and event management vendor acquired. Well, O.K, the deals aren’t that frequent, but standalone SIEM vendors have become popular acquisition targets. On Tuesday, TIBCO Software announced that it inked a deal to acquire SIEM vendor LogLogic.
Last fall, IBM bought SIEM vendor Q1 Labs and McAfee acquired NitroSecurity. SolarWinds, an IT management software company bought TriGeo, a SIEM provider that targeted midsize companies. In 2010, HP bought Arcsight and Trustwave acquired Intellitactics.
The TIBCO-LogLogic deal is a bit unusual - TIBCO is an integration software company and an unfamiliar entity in the security market. Palo Alto, Calif.-based TIBCO said the deal will expand its operational intelligence offerings while giving customers the ability to monitor threats, assess risks and address threats. The company is also describing the deal as a big data play.
“Enterprises must be able to analyze big data, including machine data generated from across their various systems, to gain comprehensive, real-time insights into critical business questions relating to compliance, security and operations,” the company said. “LogLogic will build upon TIBCO’s proven capabilities in event processing and in-memory analytics.”
San Jose, Calif.-based LogLogic touts its ability to provide SIEM and log management capabilities in a single architecture.
SIEM suppliers such as HP and IBM have been talking up the technology’s future as providing analytics and a comprehensive view of an organization’s threat environment. Time will tell if their efforts - and now TIBCO’s - will pan out.
by Michael S. Mimoso
It’s becoming a pretty safe bet that the reported Global Payments credit card security breach isn’t the only big breach out there. Visa and MasterCard, without naming Global Payments, reported a payment processor had been popped between Jan. 21 and Feb. 25. Global Payments Chairman and CEO Paul Garcia, however, said yesterday that his company discovered the hack in early March and that’s when it reported the breach to law enforcement and hired outside security help.
Likely there’s another shoe to drop. Brian Krebs has been killing it on this story, and he wrote yesterday on his blog and was quoted in an ABC News story that his initial report that 10 million payment records had been stolen could have been about a breach at another processor that has not been disclosed yet. Only 1.5 million have been attributed to the Global Payments breach so far.
Clearly, we’re not past the big data breach. Clearly, PCI DSS continues to be a joke and a money pit that isn’t about security, but at a minimum, point-in-time compliance.
Over the weekend, Visa and MasterCard delisted Global Payments as PCI compliant, which indicates something nasty is going on with this breach behind the scenes. Maybe there isn’t another processor involved but deeper penetration into Global Payments that isn’t being reported until investigators say so. Martin McKeay, a former PCI QSA, has a good blow-by-blow into what happens to card data from the time it’s swiped, and how it moves through merchant and processor networks. There are plenty of places where data is exposed and security can fall down, and processors such as Global Payments have to continuously check these access and egress points, not just when it’s time for the PCI auditor to show up.
Other processors have been delisted; Heartland Payment Systems and RBS WorldPay in 2009 and CardSystems, which soon after went out of business in 2005. Global Payments said the reported breach (it says only Track 2 data has been stolen—account numbers and encrypted PINs) has been contained and no fraudulent transactions have been reported. Yet there’s a specter hanging over this story and Global Payments. Chances are, they’re not out of the water yet and should it fall, a la CardSystems, it’s another reminder that basic security measures still count, and hiding in the weeds hoping not to get hacked is a fool’s errand.
by Robert Westervelt
ORLANDO - If you’re currently evaluating mobile device management software you may want to stop and instead conduct a thorough assessment to figure out your exact requirements before making that investment. In fact, two security experts at the 2012 InfoSec World Conference and Expo here in Orlando say some enterprises may not have an immediate need to buy a mobile device management (MDM) platform. In-house capabilities, such as Microsoft Exchange Active Sync (EAS), provide a foundation for mobile device protection and can already use certain Apple iOS and Google Android device security features.
There’s a trade-off, explained Lisa Phifer, owner and consultant of Core Competence Inc. EAS is severely limited in the control it provides to employee-owned devices. If all the organization needs is to enforce password and PIN length and have remote wipe capabilities for iOS devices, it works. Android capabilities are even more restricted, Phifer said. Depending on the Android firmware version and the carrier limitations placed on devices, companies may have the ability to use EAS for remote wipe, resetting the device to the factory default condition and enforcing the use of a device password.
During a session here in Orlando, Phifer and Diana Kelley, a consultant with Security Curve, demonstrated mobile device platforms from AirWatch and Fiberlink. The two platforms are one of dozens of mobile device management vendors vying for the attention of enterprises looking to gain visibility and control – some semblance of security to the whole bring your own device (BYOD) movement.
Kelley said early adopters of MDM platforms sometimes are convinced to buy and deploy it, but then suddenly realize they don’t know how to manage the tool or exactly what they want to get out of it. These enterprises sometimes lack any formal mobile device security policies or sometimes they’re mismatched, she said. Senior-level executives have few restrictions on their devices, while sales staff and other employees are given device limitations. Ultimately, an attacker will find a weakness, she said.
So what exactly are the benefits of an MDM platform? MDM tools can help bring those policy mismatches in line by managing what users require the most restrictions based on their role. They provide a common management umbrella for device diversity; they typically can embed additional security capabilities onto the device such as a third-party VPN, antimalware or a secure data container. They can also help monitor and enforce security policies – but those policies have to be well defined and communicated to employees, Kelley said. Let people know what the penalty is for violating that policy.
MDM platforms can also create a framework for the enterprise to provide troubleshoot, support and expense management capabilities. Self-service portals controlled by the enterprise enable employees to use certain trusted apps.
I think Phifer summed up mobile security well: It’s about managing the corporate assets on the device, not necessarily the device itself.
New information security association launched
The Information Security Vendors Association (ISVA) will be launching its initial charter and kicking off its recruitment campaign at Infosec Europe in London later this month. ISVA has a stated aim to become a global organisation founded on democratic ...
Posted by InfoSec News on Apr 02http://www.bankinfosecurity.com/articles.php?art_id=4636
Posted by InfoSec News on Apr 02https://www.computerworld.com/s/article/9225738/Global_Payments_says_1.5M_cards_affected_in_data_theft
Posted by InfoSec News on Apr 02http://www.dailymail.co.uk/news/article-2124257/Another-blow-Al-Qaeda-Terror-organisation-believed-victim-cyber-attack-websites-shut-down.html
Posted by InfoSec News on Apr 02http://www.cmio.net/index.php?option=com_articles&view=article&id=33116:stolen-laptop-affects-34k
Posted by InfoSec News on Apr 02http://www.globalpost.com/dispatch/news/regions/europe/germany/120331/switzerland-arrest-warrants-german-tax-inspectors-espionage