Building Cyber-Talent in the National Collegiate Cyber Defense Competition

The headlines are full of stories about the growing number of job opportunities for what may be a too-small pool of young cyber-defenders and incident responders. At Guidance Software, we support universities with our EnCase Academic Program to help ensure that the up-and-coming generation of information security specialists has the tools and technology they need to work like seasoned professionals do. To that end, we are also proud to be a Gold sponsor of the National Collegiate Cyber Defense Competition (NCCDC).

Ten finalist teams from more than 180 colleges and universities will participate in this national competition, held in San Antonio, Texas from April 25-27. To support this valuable training exercise, we supplied EnCase software network-wide, some EnCase training for all contestants, and will staff the volunteer Red Team with an EnCase incident-response expert. 

Security Professionals 2.0: Inspiring the Next Generation of Cybersecurity Warriors

There is heightened awareness within the business community regarding vulnerabilities related to cyber threats and the financial repercussions of breaches, data loss and cyber attacks. In fact, according to a recent Ponemon Institute survey, a majority of respondents indicated that cybersecurity risks rank higher in terms of business risks than natural disasters. However, there is a worrisome lack of interest in the IT security profession among young adults.

The Jobs are There. Where are the Skilled Workers… and Investment in Security?

According to a recent jobs report, of 1,000 adults ages 18-26 surveyed, only 24 percent expressed interest in a cybersecurity career. In comparison, 32 percent are interested in being an app designer/ developer. Additionally, 82 percent said that their high school counselor never mentioned the possibility of a career in cybersecurity.

Barbarians Inside the Gate: Finding the Needle in a Data Haystack

Sam Maccherola

Despite most corporations’ robust perimeter security solutions, advanced persistent threats may already have evaded perimeter detection and be lying in wait for some future launch date. Of even more concern is the fact that some of the barbarians who are already past the gate may not be Ukrainian hackers, they may be someone working at a neighboring desk.

Insider Threats: There is something you can do

Some methods for dealing with insider threats are exercised by managers with good people skills and the ability to spot early signs of attitude or work-satisfaction issues. However, the best source of raw intelligence on potential threats in the modern enterprise is found directly at the endpoints such as laptops and servers—the targets of most serious information-security threats.

SANS Survey Reveals Need for Analytics to Tackle Big Data

While organizations are still relying heavily on log management or SIEM platforms, only a small percentage are confident about their ability to analyze large data sets for security trends, according to the newly released  SANS Security Analytics Survey.

Guidance Software recently co-sponsored the survey with Hewlett-Packard, Hexis Cyber Solutions (a KeyW Company), LogRhythym, and SolarWinds on awareness and use of analytics and intelligence to augment current monitoring practices. 

Border Wars: Incident Response vs. Forensic Investigation

Josh Beckett

In my day job, we often discuss security tools and the respective processes that generate the requirements that demand the use of such tools. Lately, we have been debating incident response tools and processes as contrasted with forensic investigation tools and processes.  Obviously, both have differing benefits that they bring to the general discipline of security.  They also have differing requirements in terms of the tool sets that they require to execute those processes.

To me, the boundaries between forensic investigation and incident response have always been rather clear.  Maybe slightly fuzzy at the exact interface between them, but not a huge gaping canyon of a zone of uncertainty.  However, lately, I'm starting to believe that out there in the rest of the community it may not be so clear.  I could be wrong...it wouldn't be the first time and I'm sure it won't be the last, especially if you ask some of my close friends.

Yeah, they got an app that steals that.

Josh Beckett

Once again on my long and arduous morning commute the radio brought me a news story that prompted me to write.  There was an NPR news story, and oddly enough I can't find a reference to it anywhere, about how many mobile phone apps borrow, steal, or leak your privacy info.  My initial thought was 'hey, big software companies that attempt to understand issues of privacy have a tough time with this. It must be a serious problem when it comes to a boutique firm or garage programmer that doesn't care about anything other than getting their app to work and to market.'

When old processes meet new technology

Josh Beckett

As usual, one article triggered a series of thoughts to connect from various news pieces that have been building up in my head over the past week.  Let's start with the most recent first.  Reading this article on what security concerns the leadership in healthcare the most got me thinking.  Particularly this quote from the article:  “The goal in healthcare generally is treating those patients, not privacy and security. You don’t see the same focus on security in healthcare that you do in the financial sector.”  Yeah, that sounds about right.  Makes sense from what I've seen and experienced.  I'm sure we've all seen that there are signs in hospitals and other health care places that say 'No Smoking, Oxygen In Use' or some such thing.  These rules make sense to all of us.  We all get it.  Problem is, there is no such rule about no hacking hospitals.  'Our pricing model doesn't let us afford ample security staff, so please don't hack us' just doesn't carry the weight as 'don't smoke or you'll blow us all up.'  Patients' health is their primary focus, thankfully, and the data is just a way to describe the current condition and progress so that you can achieve the good health outcome of your client.  Essentially, it is a model that hasn't evolved in light of the data revolution of the computer age.  This brings me to my next thought...government security clearances.

Trust but verify, people.

Josh Beckett

I thought it was a well understood security principle; trust but verify.  Maybe it is and the PHBs are simply out-voting the security crowd and the voice of reason.  At the end of the day when you don't know what is out in the cloud and have limited to no controls to act if you did know, your data is seriously at risk.

Of course, an equally well known security principle states that a valid response to risk is to accept it.  I would sincerely hope that the businesses that have my data aren't doing this.  Who am I kidding? I know they are.  As if I only do business with the 20% crowd...I can only dream of the day.

...Or you could fix the software.

Josh Beckett

One of the fundamental realities of security is dealing with vulnerabilities.  In the industry, we have become so jaded to the fact that software makers simply don't want to go to the trouble and expense of churning out secure code that we have just learned to 'abide.'  Consequently, we come up with elaborate ways to measure vulnerabilities and concoct Wile E. Coyote style mitigation plans to bring the risk down to an acceptable level.

Occasionally, I'm reminded that my permanently security-tainted skepticism needs a bit of a challenge to my comfortable position that there is no real security, there is only incident response.  We continue to fight a losing war and resign ourselves to try harder tomorrow.  With nation-states throwing their hats and ample wallets into the ring and anonymously buying bugs and exploits and expecting it to not be reported to the software vendor or public, it seems all is lost.

Beyond Reactive: Your Security Game Plan

Sandy Lii The well-known military general and strategist Sun Tzu said it best in The Art of War, “If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.” In today’s war against cybersecurity threats, two types of enemy have been classified: known threats and unknown threats.

The known threats, true to their name, are tracked by their known and readily available signatures and are typically stopped by perimeter security solutions such as antivirus software, firewalls, or SIEM (security information and event management) systems. While these tools are necessary and can be effective at stopping known threats, the unknown threats--the ones with no defined modi operandi or signatures--remain at large within organizations, lurking undetected, waiting for the right moment to strike. Sometimes, these threats can even be a careless or disgruntled employee.

Medical Devices Vulnerable to Remote Cyber Tampering, FDA Warns

Ale Espinosa This post is not suited for the faint-hearted … especially those wearing a medical device.

The U.S. Food and Drug Administration (FDA) has issued cybersecurity recommendations for medical device manufacturers and user facilities, hospitals, health care IT and procurements staff, and biomedical engineers, following news of security issues in certain fetal monitors and software used in body fluid analysis.

According to the FDA’s safety communication issued last week, there are strong concerns regarding medical devices and hospital networks’ vulnerability to malware, as well as with the unauthorized access to their configuration settings. Among the devices and systems at greater risk are those that are network-connected or configured, hospital computers, smartphones and tablets, and password databases, among others.

Hello? You’ve Been Breached.

Ale Espinosa Knock, knock. Who’s there? The FBI.

The reality of the world we live and do business in has made us increasingly vulnerable to cyber threats and attacks. Perimeter security and signature-based threat detection tools can only do so much when the threat is brand new or if it morphs as it spreads out through your network, making their signature unrecognizable. Chances are, there is someone lurking in your network right now and you don’t even know it.

In fact, Verizon’s 2013 Data Breach Investigations Report revealed that approximately 70% of cyber breaches go completely undetected by organizations’ security teams, and are instead discovered by external parties like the authorities, FBI, or even the attackers themselves.

Information Security Executives Share their Perspective at the 2013 CISO/CLO Summit

Ale Espinosa This year’s Computer and Enterprise Investigations Conference (CEIC) was referred to by many of its loyal attendees as our best one yet. Running concurrently with the show was the CISO/CLO Summit, which brought together top information security and legal technology executives for a day filled with valuable panel sessions, presentations, and networking opportunities.

One of the most talked about presentations at the CISO/CLO Summit was offered by Bryan Sartin of Verizon, who gave an in-depth review of the 2013 Data Breach Investigations Report (read more about the report on one of my earlier posts). And in the spirit of survey data, we asked Summit attendees to answer a few questions for us regarding their information security concerns and challenges.