Heading OFF Hackers
Results 1 to 6 of 6

Thread: Heading OFF Hackers

  1. #1
    Member
    Join Date
    Dec 2004
    Posts
    37

    Heading OFF Hackers

    I just thought to share this article with you, any comments?..

    Source
    As the chief information security officer at Massachusetts Mutual Life Insurance Co., Bruce Bonsall is acutely aware of the need to keep one step ahead of the bad guys.
    That's why he has subscribed to a cyberthreat assessment service from iDefense Inc. in Reston Va.

    IDefense alerts customers such as the Springfield, Mass.-based insurer about possible attacks on their networks, using information gathered from a global network of security researchers, original vulnerability research, product vendors, national incident-response teams, underground hacker rooms and chat sessions.

    The service warns about a range of risks -- from impending worms and viruses to new software holes and even geopolitical events -- that could affect the security of overseas operations, Bonsall says.

    These advance warnings are invaluable at a time when Internet and e-mail threats are becoming more sophisticated and are capable of spreading much faster than traditional defenses alone can handle, says Bonsall.

    "Gathering intelligence and learning about things early on gives you more of a lead time to act on it," he explains. "The goal is to mitigate the risk of software vulnerabilities and the effects of attacks on your network."

    Increasingly, it's a best practice to subscribe to such services, according to a November 2004 research note from Gartner Inc. "Information risk cannot be managed without tracking external events on a daily or even hourly basis, and analyzing their significance," the report says.
    Gartner says that over the next two years, roughly 80% of all companies will spend about 10% of their security budgets on unnecessary fixes and that security intelligence services can help IT managers prioritize response and eliminate unnecessary remedial action.

    A Different Approach

    Radianz, a New York-based provider of telecommunications services to financial companies, uses a service from Symantec Corp. to monitor impending threats.

    Symantec's DeepSight threat management system monitors global Internet attack activity using a combination of empirical data and human intelligence, says Dee Liebenstein, group product manager for the service.

    Symantec's early-warning system collects firewall and intrusion-detection system data from about 20,000 sensors on customer networks in 150 countries. The data is analyzed for patterns of unusual behavior -- such as sudden spikes in specific types of network traffic -- that might suggest malicious activity.

    A team of Symantec threat specialists also collects and monitors information from a variety of sources, including honeypots -- systems that are used to lure hacker attacks -- and hacker sites, looking for signs of new threats. Last May, the service warned users of the Sasser worm 18 days before it began infecting systems worldwide, based on information it collected in that manner, Liebenstein says.

    That kind of lead time allows Radianz to make more-informed decisions when mounting a response, says Lloyd Hession, the company's chief security officer. Because Symantec's service is customized for each client, Radianz can focus on threats that are relevant only to its own technologies, he says.

    For instance, about nine months ago, Symantec warned of a critical protocol vulnerability in Radianz's voice-over-IP networks that received little media attention but was vital to fix nonetheless, he says.

    "Trying to get a measure of how significant a threat really is and whether it is really being exploited is hard," especially at a time when hundreds of new vulnerabilities are being discovered every month, Hession says. Knowing precisely what to focus on helps eliminate the otherwise costly disruptions that can result from rushing to address every single threat, he adds.

    Meanwhile, regulations that require companies to demonstrate due diligence in securing IT infrastructures, such as the Sarbanes-Oxley Act, are driving interest in commercial intelligence services, says iDefense CEO John Watters. "Security is becoming more and more of a business issue," he says.

    Even so, it's wise to exercise caution when using security intelligence information, says Howard Schmidt, chief information security officer at eBay Inc. and former security adviser to the White House. "I think it should be just one of the pieces in the CISO's tool kit," but not the most important one, he says.

    There's a "fair amount of false positives" in the information culled from alerting services, Schmidt points out. "These services are only as good as the input of the data they get. We need to get better at identifying and correlating data" to minimize this, he says.

    "An early-warning system is like a weather forecast," says Gerhard Eschelbeck, chief security officer at Qualys Inc., a provider of network vulnerability management services in Mountain View, Calif. "It tells you if you should take an umbrella. But it's far from being perfect."

  2. #2
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Firstly you will most probably learn by experience that the "earlyness" of the early warning provided by these services is often tied to how much they are sucking out of your company on a monthly basis. Some seem to get better service than others from what I have heard.

    Secondly, as a security admin, you should know what potentially exploitable services you have publicly available and be able to visit something like http://isc.sans.org and track the port activity worldwide there to see if there appears to be a threat out there. Additionally ISC is pretty damn good at reporting on their front page good details of what is occurring if it seems to be a threat to anyone.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  3. #3
    Senior Member Spyrus's Avatar
    Join Date
    Oct 2002
    Posts
    742
    Tigershark... I think we just found a new business, make ppl pay a few 100 bucks a month and we can send them updates from sans and from ao and symantec and we can prolly even automate the updates.
    Duct tape.....A whole lot of Duct Tape
    Spyware/Adaware problem click
    here

  4. #4
    oldie ric-o's Avatar
    Join Date
    Nov 2002
    Posts
    487

    Hey that's my idea

    Count me in your startup there Spyrus...I had that idea recently chatting with a buddy. ha ha.

    $$$$$

    Ok, in all seriousness, I use Symantec's Deep Sight Alert Service for vulnerability assessments. I find it very helpful in saving me valuable time...and it's not too expensive.

  5. #5
    Member
    Join Date
    Dec 2004
    Posts
    37
    You are completely right Tiger Shark.

    Symantic is really working hard to bash Hacker, I really respect those guys.
    Goddamn powerful service.

    Spyrus,
    LOL, really nice job. Try to get the most out of it.

  6. #6
    Junior Member
    Join Date
    Oct 2002
    Posts
    10
    "For instance, about nine months ago, Symantec warned of a critical protocol vulnerability in Radianz's voice-over-IP networks that received little media attention but was vital to fix nonetheless, he says. "

    Just as a Question, does anyone happen to know what the VOIP vunerability is that's mentioned, or where i could dig up some information on it?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides