by Michael S. Mimoso
SAN FRANCISCO — When HP announced last September its intent to acquire SIM leaders ArcSight, it was a pretty startling $1.5B deal. Not only had another security company fallen off the map into the hands of a tech giant, but interesting questions started to arise about how HP would make ArcSight fit into its overall IT service and application management strategy. ArcSight wasn’t the only security company in HP’s crosshairs; Fortify had already been scooped in August to go along with the acquisition of TippingPoint as part of the Nov. 2009 3Com deal.
This under-construction security ecosystem being put together by HP is starting to take shape, and now executive VP of HP software and solutions Bill Veghte is spreading the word. Shortly before his keynote today at RSA Conference 2011, Vegthte explained how HP wants to build a platform that combines data sets from IT operations and security to provide security managers with more business context to help them make decisions. Leveraging the ArcSight platform with service and application management views provided by HP OpenView, he says, will build a risk platform CISOs can use to enhance their mission.
The question, however, becomes twofold: Is HP slowly shifting security responsibilities away from the CISO by moving operations and security data into the same bucket; and as SIMs are historically complex tools that require significant human capital investments to adequately implement and analyze, how does adding more data to that equation not exponentially increase that complexity?
Veghte fights that notion, adding that ArcSight’s ability to handle tens of millions of events and its ubiquity with large enterprise and government installations helps lessen the complexity issue. “This has to be about security first. We see this as an opportunity to enable the CISO to make better risk decisions with more context,” he said. “If you’re a large financial services organization, and you’re seeing a performance degradation in a trading application, is it a hardware failure, a load issue, or are you under attack? If we can aggregate all of that data, put it in context, and visualize it, that’s an enormous opportunity.”
by Carolyn E.M. Gibney
SAN FRANCISCO — While it may not be a security pro’s worst nightmare, it certainly wouldn’t be considered a pleasant dream. In 2009, David Compton, system administrator for Aspire of Western New York, a non-profit that serves people with developmental disabilities at over 50 group homes and field locations, got a call from someone in the finance department. The employee’s machine was slow and refused to load certain applications.
When Compton went to check out the computer, he said the first thing he noticed was that “the antivirus was disabled. Then I realized I couldn’t boot the computer into safe mode. That’s when I knew we had a problem.”
At an RSA Conference 2011 session entitled, “Aspire to a Network Free of Malicious Programs,” Compton explained that was the start of an episode during which he and his crew of “two and a half” security pros were “running around, cleaning up machines” for the next 110 hours. In the end, Compton had to “rebuild five servers, and about 50 workstations” to get rid of what turned out to be the nefarious Sality virus.
Nine months later, a rogue antivirus outbreak hit the organization, affecting more workstations, not only at the main location where the malware was believed to have penetrated the network first, but also at many of the various field offices and group homes as well. To top it off, the antivirus Aspire was using at the time wasn’t picking up the infections. Compton would “scan a machine that I knew was infected, and [the antivirus] would say, ‘Nope, it’s clean.’”
One of the most difficult aspects of the malware recovery process lied in the clientele Aspire serves. According to Compton, it was hard to explain security principles to a variety of computer users at 44 group homes who, in many cases, were just learning what computers were and how to use them, making the organization particularly susceptible to recurring infections.
What Compton thought was a problem specific to his organization, however, he later learned was systemic. He related that, over the course of the clean-up process, he discovered that many other computers for non-profit organizations were experiencing similar rates of infection, due, at least in part, to the overall strain on resources that the non-profits faced.
We were “using freeware to protect against malware,” he said.
Largely as a result of the turmoil, however, Compton was able to convince Aspire managers that investing in a commercial-grade endpoint security product was essential. After the infections, Compton said, everyone at the company was “very unsatisfied with the current endpoint security” posture.
Hunters and Toolmakers: Seeking Infosec Wizards
This shouldn't be surprising; the GovInfoSecurity.com survey released last week shows that half of the government IT security practitioners polled see insider threats as their greatest vulnerabilities (see Gov't Infosec Pros Question Fed's Security ...
InfoSec World Conference & Expo 2011
Help Net Security
With the primary objective of providing education to all levels of information security and IT auditing professionals, InfoSec World delivers practical sessions that give you the tools to strengthen your security without restricting your business.
Survey: InfoSec Pros Need New Skills
The information security profession is at a crucial turning point as professionals scramble to develop new skills in the arenas of cloud computing, mobile applications and social media, a new survey shows. The 2011 (ISC)2 Global Information Security ...
RSA 2011: (ISC)² study shows gap between cloud security technology and training
Creates Cyber Director with Sway Over Agency Infosec Budgets
A survey by GovInfoSecurity.com of government IT security practitioners released this week (see Gov't Infosec Pros Question Fed's Security Resolve) at the RSA 2011 IT security conference shows that a majority favor granting a White House cybersecurity ...
Gov't Infosec Pros Question Fed's Security Resolve
Government IT security managers and professionals overwhelmingly believe the federal government does not place enough emphasis on cybersecurity, according to the inaugural State of Government Information Security survey, unveiled Thursday by ...
: US worries over Internet 'kill switch' highlights need for contingency ...
Fortunately, help is at hand in the shape of the free educational seminar programs we are planning for the Infosecurity Europe show, which takes place at Earls Court, London 19-21 April 2011 www.infosec.co.uk," she added. For more on President Obama's ...
The Tech Herald
RSAC 2011: Forming a bridge between law enforcement and security
The Tech Herald
With his law enforcement experience and his InfoSec background, he knows the communication gap inside and out. But he is only one man. So his talk at BSides San Francisco centered on getting help from the security community to create a non-profit ...
NIST Issues Glossary of Infosec Terms
Do you have a language barrier with the non-technical managers you support? The National Institute of Standards and Technology's latest publication should help in narrowing that communications gap. NIST Thursday issued Interagency Report 7298 Revision ...
Posted by InfoSec News on Feb 18http://www.computerworld.com/s/article/9210061/U.S._patients_trust_docs_but_not_e_health_records_survey_shows
Posted by InfoSec News on Feb 18========================================================================
Posted by InfoSec News on Feb 18http://www.wired.com/threatlevel/2011/02/cyberwar-issues-likely-to-be-addressed-only-after-a-catastrophe/
Posted by InfoSec News on Feb 16Forwarded from: Yacine Zemali <yacine.zemali (at) ensi-bourges.fr>
Posted by InfoSec News on Feb 16http://news.cnet.com/8301-31921_3-20032518-281.html
Posted by InfoSec News on Feb 16http://www.theglobeandmail.com/news/politics/cyber-attack-hits-ottawa-probe-focuses-on-ip-addresses-from-china/article1910769/
Posted by InfoSec News on Feb 16http://www.eweek.com/c/a/Security/IT-Pros-Admit-to-Retaining-Security-Access-at-Former-Job-Sites-Survey-341472/
Posted by InfoSec News on Feb 21http://finchannel.com/Main_News/Tech/81378_Cyber_Espionage_in_Georgian_Businesses/
Posted by InfoSec News on Feb 21http://www.theregister.co.uk/2011/02/21/flash_drive_erasing_peril/
Posted by InfoSec News on Feb 21========================================================================
Posted by InfoSec News on Feb 21http://news.cnet.com/8301-1009_3-20033579-83.html
Posted by InfoSec News on Feb 18Forwarded from: Research <research (at) tacticalintelligence.org>
Posted by InfoSec News on Feb 18http://www.ottawacitizen.com/Funding+cyber+security+joke+expert+says/4306478/story.html
Posted by InfoSec News on Feb 18http://www.nbcchicago.com/news/local-beat/atm-thefts-116435289.html
Posted by InfoSec News on Feb 21http://www.nytimes.com/2011/02/22/world/asia/22korea.html