You are on page 1of 12

Security for a

Faster World

In this issue:

the Risk in Your IT

Tips for
Enterprise Security

The Technologies to
Protect a Modern

Issue 1, 2012

2 2 [SEE] Understanding the Risk in Your IT Infrastructure 6 [UNDERSTAND] Tips for Implementing Enterprise Security 6 9 9 [ACT] The Technologies to Protect a Modern Infrastructure .Contents… Security for a Faster World Contributors: Drew Robb and Paul Rubens.

It’s very likely that some of these groups are Atlanta-based payments-processing firm sponsored and aided by foreign governments seeking Global Payments in early 2012. but small hacker groups. Opportunist Attacks The company had no choice but to take its site down — effectively closing up shop — and spend months Automated tools enable hackers of all types to scan rebuilding it from the ground up. they stole to gain advantage for their countries. To answer that question satisfactorily you need to understand the nature of the hacker threat and how it has evolved. .4 malware and the information that is stolen as a result million people’s payment cards. IT Business Edge. Vulnerabilities. fines. politically motivated “hacktivist” collectives such as Anonymous and organized crime gangs built on the model of modern businesses have also joined 2 Back to Contents Security for a Faster World © 2012. information relating to an estimated 1. or who wrote viruses that deleted files from infected machines for no better reason than the thrill of vandalism. huge IP address ranges and compromise any systems they encounter that are running software with known It’s no surprise that a large international corporation vulnerabilities in a matter of seconds. Depending on the nature of your business and the industry it operates in you may A few months earlier. No matter what makes a tempting target for hackers. and automated hacking kits incurred by the company as a direct result of the security — known as exploit packs — are available as a service breach was about $85 million. That means if one of of a small cosmetics business. you are wonder why anyone would bother hacking the website vulnerable to this kind of attack. a division of QuinStreet. Inc. Security for a Faster World SEE Understanding the Risk in Your IT Infrastructure By Paul Rubens W hen hackers broke in to the network of the fray. and can be rented by the hour. Today. hacking activities are still carried out by individuals. but you may kind of industry your business operates in. The total cost of of successful hacking attacks are actively traded on investigations. While 20 years ago hacking was the preserve of mischievous teenagers who broke into computer systems out of a sense of adventure. multinational industry. hacking is now a multibillion dollar. a small UK-based cosmetics face a range of differently motivated attacks firm called Lush found that hackers had discovered and exploited a vulnerability in its ecommerce site. remediation and other activities underground online markets.

extremely harmful to your reputation.S. This could a coordinated distributed denial of service attack. with it is wide to discuss measures that can be put in place serious consequences for your business. That can be well as harm to your business’ reputation. Inc. . resulting in a loss in customer confidence — and therefore lost business — Targeted and Advance Persistent Threat (APT) and could also result in your website being blocked by Attacks anti-virus software and search engines such as Google. offline or defaced with slogans promoting the activists cause. Security for a Faster World your computers is running vulnerable software then it’s be specifically targeted and attacked by hacktivists. business plans. including credit card details or account information that allows him to steal services If your Web server is compromised then your customers or make fraudulent purchases. spam by anti-spam organizations then you may find you Some DDoS attacks can be blocked by your firewall. IT Business Edge. “If you are involved in an industry or business activity that is targeted by ‘activists’ then your website could be specifically targeted and attacked by hacktivists. If a more than likely that a hacker will come across it and vulnerability is found then the website could be taken compromise it. And if your IP sources by software designed for exactly this purpose - addresses gets placed on a blacklist of known sources of a so called distributed denial of service (DDoS) attack. slowing down your IT infrastructure traffic generated automatically from many different and making employees less productive. harming both your business activities and your If that happens then they may install an email relay and reputation.” 3 Back to Contents Security for a Faster World © 2012. use it to earn money by sending out spam email messages from your network to thousands or even millions of Hacktivists may also attempt to make your website addresses. For example. to defend against DDoS attacks with your hosting or network provider But hackers also use compromised machines for far more malicious purposes than relaying spam. This consumes your system resources and unavailable to your customers by overwhelming it with network bandwidth. they Criminal Attacks can turn them into “zombie” systems: nodes in a botnet that receive orders from a command and control server. in most U. But arguably. be customer information. until you discover the breach and repair your server. your company could be targeted by rival businesses or foreign governments Hacktivist Attacks intent on stealing confidential corporate information such as financial records. but are unable to send emails to many of your customers. which inevitably involves a financial cost as your website with a vulnerable machine. states you are obliged to inform your could get infected with malware simply by visiting customers. Potentially more devastating. a far more dangerous type of hacker is the This may task them with searching out and infecting more one that breaks into your network and compromises your systems. or sending traffic to a selected victim as part of systems in order to plunder what he can find. a division of QuinStreet. tender documents If you are involved in an industry or business activity and intellectual property like source code to computer that is targeted by “activists” then your website could programs or designs for future products. If customer information is could fall victim to a “drive-by attack.” Your site’s visitors lost.

new. or they DVLabs creates “vulnerability filters” that are delivered may resort to stealing a laptop from a key employee’s car automatically to your intrusion prevention system (IPS) or home. can help in this regard by finding vulnerabilities in software before hackers do. information such as login details and passwords. that they can continue to exfiltrate information without Research organizations such as HP’s TippingPoint DVLabs detection for a period of months or even years. to protect your applications. a multi-layered approach Intrusion Prevention Systems is’s vital to know what threats you are up against. business risks by providing information and detailed real-time analysis of the current threat landscape and any Mitigating These Security Risks Using a Multi. IT Business Edge.designed to fool them into revealing useful informed so that a security patch can be produced. network devices.apparently from other people in your While the vendors of the vulnerable software are organization . targeted and the security breach hidden for as long as possible so APT . You can use this information to Layered Approach ensure that any security gaps are spotted and covered by adding new IPS filters or determining necessary policy Given this level of business risk inherent in your IT changes. If malicious activity is detected 4 Back to Contents Security for a Faster World © 2012. and therefore lost potential sales. this reconnaissance has been done they may be sent tailored emails . hackers may carry out samples found in the wild to understand the underlying detailed research on individual employees. While an IPS is recommended for companies of all types. Once software vulnerabilities they exploit. criminal. as well as analyzing malware To perform these attacks. Security for a Faster World This type of information is often stolen as a result of a Security Intelligence targeted attack known as an advanced persistent threat (APT) attack in which a team of hackers uses a variety of To protect against all the kinds of attack mentioned methods to compromise your IT infrastructure and keep above . There is also the chance that hackers modify data left on your TippingPoint’s ThreatLinQ security intelligence portal system. virtualization systems and operating Such thefts can have devastating consequences for systems until the vulnerability is patched by the vendor the business concerned in terms of loss of competitive concerned. They also detect suspicious activity on your network by comparing traffic at a given time to baseline or “normal” traffic. That’s because an IPS is likely to detect unusual movements of information or requests for information from suspicious sources. running one is particularly important for companies that may face targeted attacks or APTs. Inc. IPS switch modules and IPS appliances — including an SSL appliance — that inspect your network traffic to detect threat patterns or signatures (including those supplied by DVLabs ). hactivist. HP’s TippingPoint’s intrusion prevention system (IPS) range includes next-generation IPS systems. . Web applications.opportunist. a division of QuinStreet. infrastructure. emerging threats. what can you do to mitigate it? Since there is no single solution to security. advantage. causing serious disruption to your operations can also help businesses of all sizes reduce unnecessary long after their attack has been detected.

risks from application flaws security staff. software like HP Fortify Software in your infrastructure quickly and easily. hardware to install. Security Information and Event Management At a higher layer still. It can secure both your in-house. posture of individual parts of your business (like website sales) and show you how these vary over time. IT Business Edge. That’s because they can provide you with an overview of security incidents and alerts generated by your devices and applications caused by malware and hacker activity. Security for a Faster World then the IPS can take action. Fortify works in two fundamental ways: Entirely eliminating security risks in your IT infrastructure simply isn’t feasible. including desktop. Inc.particularly criminal or targeted attacks. This can applications. but also more opportunistic ones. (HP risks. including blocking or can also give you visibility into internal threats such as stopping suspect traffic and instantly alerting your database breaches and fraud. mobile and web applications. They 5 Back to Contents Security for a Faster World © 2012. mobile and cloud-based management platform like HP EnterpriseView. and employing appropriate software tools like the Fortify on Demand enables you to test the security of ones discussed here to manage them as effectively as any application as a service. without any software or possible. and that means you have no • Carrying out static and dynamic security testing alternative but to mitigate them. or in specialist applications from quantify the risk to your business. enabling you to track.) • Providing you with a secure software development framework. and reports. Security Center can help you eliminate software security risk by preventing or fixing security vulnerabilities in your Security Risk Management Dashboards applications before they can be exploited by hackers. This provides vital protection against more analyze vulnerability and risk assessments and combine determined criminals or hackers who may target your them with a model of your business by correlating organization by probing for vulnerabilities in your custom devices with business services. security information and event management (SIEM) systems such as HP ArcSight Enterprise Security Manager are an important defense for medium and large companies that face attacks from many different sources . By sifting through millions of log records to find critical events and presenting them Software Vulnerability Elimination to you in real time via dashboards. view the security vendors that you have bought in. custom-developed For a complete overview of enterprise risk it can applications and software bought from third-party be helpful to use a security intelligence and risk vendors. it helps you prioritize and manage security risks Moving up a layer. and configuration changes. fix and report on vulnerabilities through a centralized management server as it is developed. notifications. . Ultimately the best to find vulnerabilities and critical problems in your way to do this is by understanding the nature of these conventional. a division of QuinStreet. By doing this it lets you developed applications.

IT Business Edge. large enterprises are bigger targets. the bigger they are the harder they fall. companies was $5. and protecting against disgruntled employees who may attempt to use their access • Loss of customer data. desktop 6 Back to Contents Security for a Faster World © 2012. of your network.5 million — strategy when you know exactly what it is that you are without taking lost future sales dues to a negative change trying to secure. It’s only possible to breach is usually very significant: in 2011 the average start implementing a complete enterprise security per-incident cost for U. . That means conducting an inventory in competitiveness or reputation — according to research of corporate IT assets including servers. Security for a Faster World UNDERSTAND Tips for Implementing Enterprise Security By Paul Rubens A security breach can be a major catastrophe for any organization. keeping intruders and malware out service. Inc. but large enterprises are especially at risk. Enterprise data breaches get press attention. with significant consequent privileges to compromise your systems? You may find costs and harm to your corporate reputation these tips helpful to consider: In sheer financial terms the cost of a single security • Know what you are managing. which can carried out by Ponemon Institute. The average per- have unknown consequences. Once infections are incident cost in 2012 may well turn out to be higher still. When it comes to security. affect thousands of customers or former customers and often have a trickle- down effect on other businesses or partners. future product plans or financial data that can lead to permanent loss of competitiveness or business advantage • Destruction or alteration of valuable data • Virus and other malware infections. a division of QuinStreet. While small businesses are not immune to security risks and attacks. discovered there is a loss in productivity as resources have to be devoted to removing the infections and So what are the best practices for protecting your bringing the disinfected or rebuilt systems back in to corporate data. That’s because the consequences of a security breach or a targeted attack can include: • Major business disruption and loss of revenue • Theft of confidential data such as proprietary information.S.

suspicious or simply unusual activity on ensure efforts are spent in the right places.that will actually keep your • Categorize your data as either public. and the sheer activity leading to a security breach number of overall vulnerabilities. Security can almost always be smartphones and tablets. IT Business Edge. such as intellectual property or customer • Malware scanners to prevent malicious software from information. Although of tools and management systems available that all four of these steps are important. Given your network and to take steps to prevent such the complexity of most organizations. mobile devices including to an acceptable level. Mitigate the risks by applying appropriate security antimalware and IPS services. It’s also important to establish where messaging or Web traffic and on which platforms all this data is stored. a lot of this functionality can organization. a managed security service provider (MSSP) to configure and that means that ultimately security is about risk and manage your security devices and provide log management: ensuring sufficient controls are applied management as well. computers organization is the knowledge that you can’t fix or data stored on them everything overnight and the ability to focus attention on the things that present the most danger to the For smaller businesses. it’s important to be able to prioritize risks in order to determine what gets • The use of authentication and encryption systems to remediated and when. and networking devices. which can help you carry the one that is the hardest to carry out. a division of QuinStreet. Inc. probably be achieved with a unified threat management (UTM) appliance. There are plenty apply platinum-level security to public data. • An intrusion prevention system (IPS) to detect • Leverage Risk Assessment and Threat Modeling to malicious. . and that means that ultimately security is about risk management: ensuring sufficient controls are applied to each data category to reduce the risk of a breach to an acceptable level. instant (confidential). This may include: confidential. internal. third-party and improved. internal or business secure. to each data category to reduce the risk of a breach “Security costs money. the last of these is include asset auto-discovery. which provides basic firewall. which data is meant only for use inside separate your corporate network from the Internet the organization (internal) and which data is highly confidential. This involves deciding which data your company stores is available outside the organization • A firewall and other perimeter security systems to (public). storage be done in a cost-effective manner: you don’t need to resources. An alternative is to engage controls to each data category. or otherwise critical to the business getting on to the network hidden in email.” 7 Back to Contents Security for a Faster World © 2012. Key to any successful security prevent unauthorized access to networks. Security for a Faster World and laptop computers. Security costs money. That’s because it out this inventory exercise. but the question is always whether it can cloud-based applications and databases. involves implementing the entire security infrastructure — software and hardware -.

implement your protection and These incidents are then presented through real-time continue to gather data to aid your security efforts. a division of QuinStreet. as well as additional monitoring features and of your security infrastructure. Such services may include some or all of: perimeter and network • A security information and event manager (SIEM) security monitoring. and security event correlation. have more • Security services. ArcSight. as well as services. It can one vendor provides a better experience on every level then apply techniques such as pattern recognition than integrating a number of point solutions that aren’t and behavioral analysis to detect and manage designed to work together. vulnerability assessments. If you prefer not to become above. Some security partners can assist decisions to make. dashboards. as you might expect. security configuration management monitoring. as well as HP Fortify Software Security Center and TippingPoint network security hardware and software are all designed to work with VMware virtualization and cloud software. Security for a Faster World Larger enterprises. When you’re looking for a partner to help with your HP ArcSight’s Enterprise Security Manager (ESM) is enterprise security efforts. which actions they are taking with Most find that developing an ongoing relationship with that data and how that affects business risk. log platform to monitor and report on relevant security management. Enterprises should look for a security with fast implementations. look for a vendor that able to understand who is on your network. expert deployment advice and professional involved in the day-to-day operation and monitoring services. . logoffs. and data loss monitoring. what data provides all of the tools you need. incidents to prevent damage using a built-in workflow engine. 8 Back to Contents Security for a Faster World © 2012. notifications or reports. IT Business Edge. Start by accesses and database queries occurring across your understanding what you have and the extent to which it infrastructure to highlight possible critical incidents. insider threat monitoring. • Protection for your cloud-based resources. file security and it’s a job that’s never finished. A risk management platform such as HP’s EnterpriseView provides you with real- time graphical and report-based identification of these business risks by aggregating data from risk assessments. A SIEM platform like HP ArcSight Security Intelligence can analyze and correlate millions There are no easy fixes to implementing enterprise of log records of events such as logins. • A business-centric risk management platform to identify risks to the business that originate in your IT infrastructure. a security partner can services such as: also carry this out as a managed service. needs to be protected. Inc. If you have a significant amount of virtualized resources or operate a private cloud in your data center then you will need a security solution that is designed to work with virtualization. events and logs. they are accessing. upgrades and tuning and partner that can supply the basic infrastructure discussed system health checks.

and Israel. compared to what is out there now. The Prefecture of Police in Paris has 34. laptops. a division of QuinStreet. President and The nature of the threats has also changed. Fla. Printers. Inc. home computers. not simply what to put in place but how to put it in place. the size of the Chinese army.2 million IT security professionals worldwide. In March. but for profit or to do lasting harm. Employees use their own China.S. systems to conduct business.000. however. Sergei Skorobogatov. there is no longer an designed in the United States and manufactured in easily defensible perimeter. More than 80. and that is the just the tip of the iceberg. .000 people hold the Certified Information Systems Security Professional (CISSP) certification from ISC2 (The International Information System Security Certification Consortium.. That is no found that the military-grade ProASIC3 A3P250 chips. phone systems and security cameras are built “You need to take an overall holistic view of with Internet access. What were CEO of the Center for Strategic Cyberspace and Security once major attacks such as the Melissa virus seem mild Science (CSCSS) in London. The Tokyo Metropolitan Police Department has 43. destroyed as many as 1. had a backdoor deliberately built into them.000 sworn officers to protect its population. Changing Threat Structure Stuxnet.000 centrifuges at Iran’s At one time it was good enough to protect the perimeter Natanz nuclear facility in 2009 and 2010. People are no longer attacking for fun. Inc. it is a matter of strategy. In 9 Back to Contents Security for a Faster World © 2012. longer adequate. There are wired and wireless war requires more than just getting weapons in people’s networks. a with a firewall and then use antivirus software to track Cambridge University researcher. cybersecurity. ISC2 Executive Director Hord Tipton says there are about 2.” says Richard Zaluski. industrial equipment. with a need to double that number in the next three years. Those numbers. IT Business Edge. winning a for company business. speculated to come from teams in the U.) of Palm Harbor. To begin with. pale in comparison to the number of professionals working to keep information secure. Customers and vendors interact with backend hands. tablets and smartphones But as any successful general could tell you. down whatever managed to make it inside. Security for a Faster World ACT The Technologies to Protect a Modern Infrastructure By Drew Robb T he New York City Police Department has 35.000.

an attack that would cause physical destruction and the From Tactical to Strategic Security loss of life. computer systems. Switzerland’s Credit organization implements play a major role in the success Suisse and Julius Bär.” 10 Back to Contents Security for a Faster World © 2012. or threaten to release. India. In October governments. a division of QuinStreet. and Belgium’s Belfius.” Panetta said at the timer. secure. “The collective result your very existence as an organization. It is estimated 30. in combination with a physical attack on our can impact your intellectual property. Thieves no longer need to break into vaults to IDC Asia/Pacific in Bangalore. “The most destructive scenarios involve cyber actors launching several attacks on our critical infrastructure at one time. businesses and individuals. originated in Iran. “Organizations want security products that work well together. and the security solutions that an Bank of America. confidential data. you need a comprehensive approach. Citibank and evolving rapidly. said that the Shamoon virus. gain.” The broadening range and complexity of cyber attacks Not all such attacks are politically motivated. Senior Market Analyst. Secretary of Defense. poach Arabian state oil company Aramco and Qatari natural personnel or otherwise gain competitive advantage.” of these kinds of attacks could be a cyber Pearl Harbor. Visa and Mastercard.000 computers in Saudi Arabia alone were destroyed “If you have a cutting edge product you may be on the in the attacks. Britain’s HSBC. Japanese government websites were – six of those involving more than one million patients attacked. just since September 2009 to the business needs.000 patients. radar of a number of organizations. Leon Panetta.“The threats are access the cash. In 2008 means that organizations need to rethink security a disgruntled network administrator set up a password measures. The key is to identify what are the critical 500 data breaches involving the medical records of more business processes and then adapt the security systems than 20. It is not enough to deploy the same old giving him exclusive access to the City of San Francisco’s solutions. Security for a Faster World September 2012. which can damage country.000. have all had or failure of the organization’s overall security strategy. can be managed easily across IT devices and Then there are all the attacks that are done for financial cut cost. and locking out the rest of the city’s employees. at Persian Gulf oil and gas facilities owned by Saudi where confidential data is stolen to copy designs. in retaliation for a each.” customer data stolen.S. WikiLeaks has released millions of documents from dispute over ownership of the Diaoyu Islands. apparently from China.” launching several attacks on our critical infrastructure at says Zaluski. both domestic and foreign. as well as ‘national’ players who see ‘competitive’ “The most destructive scenarios involve cyber actors intelligence as a valid form of business development. “That can occur at a number of levels and one time. gas producer RasGas. 2012.S. in combination with a physical attack on our country. the U. Inc. The U.” says Naveen Hegde. IT Business Edge. it is impossible On top of those are the attacks done to secure and to build a security infrastructure that will be absolutely release. which wiped files on computers And don’t forget the field of corporate espionage. . Given the ever-changing nature of threats. within budget and doesn’t cripple business Department of Health and Human Services lists about operations.

. analysis and reporting. HP’s TippingPoint Next Generation Intrusion Protection System (NGIPS) uses context awareness and content “Organizations need to be able to demonstrate to their awareness. Inc. HP’s Enterprise Security Services provides a These HP Enterprise Security tools provide security comprehensive set of tools and services to give security personnel with the tools and data they need to move personnel the 360 degree view they need of critical from a tactical to a strategic approach. searching. a division of QuinStreet. in a group and hoping for the best. mapping applications that should be separate — separate. etc. posture and the ability to meet stringent compliance The HP ArcSight Logger collects information from any requirements. servers and view of all security and business service assets. IT Business Edge. big data and more is a applications and business processes. a processing. business 11 Back to Contents Security for a Faster World © 2012. reputation awareness and customers and regulators that it has an effective security other technologies to identify and block malware. The proactive security approach that enables organizations ArcSight ESM platform correlates the log data to users. mobility. HP EnterpriseView Security Intelligence and Risk have to segment and you should do that by application Management (SIRM) Platform provides a business-centric business group.” or risks can be related to the individuals. to leverage cloud.” says Zaluski. regions and processes that would be affected. allowing them to systems and make it easy to manage and reduce risk. keeping networks. geoLocation.” says Hegde.” the IT devices to the business services they support. “You Finally. concentrate on those risks and threat that will produce Since you don’t know what threats will be coming next. “As organizations continue system or device that generates log data and places to increase their remote employee access.. Security for a Faster World “There is no point in just lumping everything together units. as well as it in a centralized high-performance repository for distributed partner access back to their networks. the most harm to the organization. so any threats requirement.