Looking ahead, the X-Force Research and Development team has identified some key trends to watch for in the future, including:

Cloud Computing — As an emerging technology, security concerns remain a hurdle for organizations looking to adopt cloud computing. As organizations transition to the cloud, IBM recommends that they start by examining the security requirements of the workloads they intend to host in the cloud, rather than starting with an examination of different potential service providers. Gaining a good understanding of the needs and requirements first will help organizations take a more strategic approach to adopting cloud services.

Virtualization – As organizations push workloads into virtual server infrastructures to take advantage of ever increasing CPU performance, questions have been raised about the wisdom of sharing workloads with different security requirements on the same physical hardware. X-Force’s vulnerability data shows that 35 percent of vulnerabilities impacting server class virtualization systems affect the hypervisor, which means that an attacker with control of one virtual system may be able to manipulate other systems on the same machine. This is a significant data point when architecting virtualization projects.

Read more: http://www.prnewswire.com/news-releases/ibm-x-force-report-reveals-global-security-threats-have-reached-record-levels-101460029.html

The e-mail appeared to be an invitation from an old, junior high school friend. Yet when the hospital employee clicked on the link, it instead led her to a malicious site that installed a Trojan horse on her computer. In a little over a week, international cybercriminals used that beachhead to steal more than $600,000 from the woman’s employer, according to a terse description of the incident on the Information Systems Security Association’s Web site.

A number of similar incidents to this one highlight the threats of online crime facing small and midsize businesses (SMBs), says Stan Stahl, president of Citadel Information Group and president of the Los Angeles chapter of the ISSA.

“Typically, they say, ‘We have firewalls in place and have AV on all the desktops, so I guess we are secure,’” Stahl says. “But today cybercrime is so sophisticated that is not enough anymore.”

Read full article at http://www.darkreading.com/smb-security/security/attacks/showArticle.jhtml?articleID=225702557&cid=RSSfeed

Many trumpet increased availability as a reason to move to the cloud but what happens when your cloud provider is no longer available?

Some companies are faced with this very question this week as storage provider, EMC  announced its plan to shut down its Atmos Online cloud storage service immediately, according to a posting on its website.

EMC launched Atmos Online in May 2009, calling it “Cloud Optimized Storage [with] capabilities that can scale effectively, coupled with security and management tools.”  This placed EMC in direct competition with some of its service provider partners who used EMC’s Atmos technology to provide cloud storage to its customers.

EMC has now  downgraded Atmos Online to a development platform and is offering no guarantee as to the availability of user data moving forward. EMC used its web posting to “strongly encourage [companies to] migrate any critical data or production workloads currently served via Atmos Online to one of our partners offering Atmos based services,”

The provider going out of business is one of the many risks companies have to address when considering moving their critical data into the cloud. In this case, companies now have to spend resources doing the necessary due diligence in selecting an alternative cloud storage provider.

According to Morris Cody, CIO at Washington D.C. based Information Security Services Firm, Secure Intervention, companies moving to the cloud better consider the following:

There has been a lot of chatter in the news lately about the possibility of a “widespread coordinated” cyber attack against our critical infrastructure  and our ability to successfully defend against it.  Most of this infrastructure ( eg. utilities, finance, transportation, etc) is owned by private companies. Those currently responsible to protecting these networks will tell you that we are already under attack.  Is there a cyberwar going on?  Howard Schmidt, the White House’s Cyber Czar says “No”. But let’s not argue semantics. War, skirmish, tomfoolery…call it what you may. Many experts will confess the US is unprepared for a major cyberattack.

What is the government’s role in protecting these private networks? Should it have a role at all? Although some in the private sector are still debating these questions, the government has already moved in action. Last month, the DoD launched its new Cyber Command, headquartered at Ft. Meade, Maryland. Military observers still aren’t quite sure what this supposed to do. The Pentagon’s number two, Deputy Secretary William Lynn, in a gathering of cybersecurity officials and defense contractors,  floated the idea that the “Defense Department might start a protective program for civilian networks”.

According to Lynn, companies may “opt out ” of the program but by doing so would place us all at risk.  Does that mean, by default, all companies are considered in the program?

The congress also is taking action. A draft bill, co-sponsored by Sens. Joe Lieberman (I-Conn.) and Susan Collins (R-Maine), gives the Department of Homeland Security authority to keep “critical infrastructure” up and running during a “cybersecurity emergency”.

It would be interesting to see the bill’s definition of cybersecurity emergency.   All would agree that coordinated defense is essential. The federal government is probably the only entity able to provide that coordination on a national scale.  Coordination is one thing. Control, however, well that’s another animal.

As more vendors dive into the cloud computing market, every possible claim regarding the supposed benefits of moving to a cloud-based service is being made.  I ran across an article titled ” Why Cloud-based Monitoring is more reliable and secure than Nagios. ” The auth0r, who represented a cloud-based network monitoring company, contended that the Software-as-a-Service (SaaS) model offered by his company was better for companies than Nagios and other open source products.

The question is not  Cloud Computing vs. Open Source.  In fact, there are open source SaaS providers like MindTouch out there.  If considering a product like Nagios, a better comparison would be open source vs. commercial.  In many cases, cost is the determining factor for companies to look  to open source technologies. Other considerations include flexibility and security.

The more relevant  comparison would be hosting and managing a network monitoring system on site vs. moving to a SaaS provider. For many organizations,  IT is considered overhead and not the primary function of the organization. Companies move to the cloud for most of the same reasons companies out-source.  Can someone else do it better for less?  Cost is ually the easier consideration. Companies have to grapple with the ‘better’. Does it mean more security, availability, capacity? Many cloud providers would say ‘yes’ to all and then some.  Organizations have to really consider and make that determination themselves. Make a real comparision between their options and not just follow the typical vendor hype.

As CSO of Qualys, Randy Barr is responsible for security, risk management and business continuity planning of the QualysGuard platform. In this video Randy talks about cloud computing security from an insider’s point of view. He illustrates what a security professional has to go through when building a security program for a cloud environment.

For more security-related material visit Help Net Security: http://www.net-security.org

Today is the last day of RSA Conference 2010. If you didn’t make it,  CSOonline.com has provided a recap of the highlights:

RSA COVERAGE

RSA 2010: Infosec Pros Get Raises Despite Recession An (ISC)2 survey suggests salary increases and hiring went up for many security practitioners in the last year despite the Great Recession. Ironically, the recession may be WHY it’s happening.

RSA 2010: Why 41 Percent of You Would Fail a PCI Audit Miscellaneous news bytes from the RSA 2010 press room: QSAs tell Ponemon Institute that 41 percent of companies would bomb their PCI security audit; hackers industrialize their sinister revolution and VeriSign opens a new compatibility lab.

RSA 2010: Can Adobe Stop the Hate? Security pros are unhappy with Adobe Systems over recent flaws and attacks. Adobe Security Chief Brad Arkin on what the company is doing about it.

RSA Conference 2010: 4 Survival TipsFor the newcomer, the RSA security conference can be overwhelming. Follow these four strategies to get the most from it.

Social Networking is Risky Business From Computerworld: A panel discusses the risks associated with social networking sites.

Chertoff: Tracking Attacks to the Source is Key for Cybersecurity From Computerworld: An exclusive interview with former DHS leader Michael Chertoff.

RSA PODCASTS

RSA 2010: Microsoft’s Plan for Cloud Security Audio: Microsoft VP Jim Jones explains his company’s approach for securing its services in the cloud.

RSA 2010: Verizon Releases Its Threat Report Recipe Verizon Business will share the research framework used for its Data Breach Investigations Reports so companies can create reports tailored to their specific environments.

SECURITY B-SIDES COVERAGE

Security B-Sides: Perfect Authentication Remains Elusive Everyone realizes passwords have their shortcomings. But alternatives like two-factor authentication are not as powerful as one would expect. The problem? As always — human behavior.

One Man’s Life on the Security D-List At Security B-Sides, infosec author Andrew Hay explains the four pillars for moving from the bottom of the IT security shop to a place of respect, and why getting to the A-list isn’t all it’s cracked up to be.

Security B-Sides: Rise of the ‘Anti-conference’ The RSA 2010 conference had some nearby competition. Here’s the story of Security B-Sides as the conference alternative.

Attention! All the hackers on the systems of various according to their sects and wishes are eager to penetrate your network, but you can defeat these attacks by providing an appropriate combination of security tactics.

Networks are daily threaded with attacks, so you need to provide permanent protection. No doubt that the most common threats are: first, the viruses, which are small programs that in reality is trying to infiltrate your network and fool the computer, entering it as an attachment with an e-mail message, beginning immediately after opening the attached file, repeating the same self in the system of your computer. Secondly, Trojan horses which run through the computer by entering the applications or data files are useful, and that is activated on the Trojans after the mediation of specific programs; even begin to take over the reins in the system of your computer.

Thirdly, the worms that are also working to replicate itself and spread to begin the search for security holes in your system, so as to penetrate your system, and often remain hidden until the right opportunity to start attack of the distributed service (DDoS). No doubt that these three types of attacks pose a major threat to his company’s data and your personal data as well. Of course, you don’t want or any one of the owners of companies that their networks are points of attack to distributed denial of service attacks. Therefore, we must first ensure that the protection of all devices connected to your company, and the first step to ensure this protection is to provide these devices with firewall, which is a line of defense to it.

But is it enough to spend hundreds of dollars for the provision of firewalls, or that the cost would amount to several thousands of dollars? On the walls at a minimum be equipped with an examination engine of the data package (SPI), which examines the content of packages of data and gives the right of access to your network, in the event it was free from malicious software code.

How to use the firewall?

Firewalls can also be based on certain rules or filters block the movement of inappropriate incoming and outgoing data. It can benefit the choice of Internet Protocol (IP) for example, and to prevent existing staff in the network access to the protocol specific addresses on the Internet or receiving emails from them. Firewalls can also block the movement of data in the network based on a unique identifier named ” the title of control to access to the” (MAC). Many of firewalls can control in data by using filters of key words or scope, and permit data which is destined for a particular location. Firewalls also allow the creation of more sophisticated to make more complex rules for the data.

There is a better option than the firewall which is equipped with the test engine of the data packages (SPI), is the firewall, which depends on the engine of test of the deep data packages (DPI). It works great test engine (DPI) to examine the full content of the data package in addition to the advantage of examining the packet header to be performed by the firewall engine equipped with the examination of the data packages (SPI). The engines can deep packet inspection of data, during the examination of the contents of packets to discover and prevent many types of attacks: denial of service attacks, such as (DoS), and rash cache, and attacks the guise of Internet Protocol, in addition to a series of attacks by worms. The more the costs of the firewalls as become more like instruments of security, as a result of processing the applications of intent to combat viruses, spyware and virtual private networks (VPNs).

Know the firewall that you need

When the cost of the firewall is cheap, the process was prepared more easily, because the additional costs of course will provide more options, and as we know that when the number of options are increased and available, The process of the preparation of these options are more complex, so we recommend you first to learn what works well on protection, and what are the threats that want to keep away from you. For that we recommend first to write a list of all the services that users need to access, such as web sites and e-mail servers and FTP servers in addition to the messenger services and remote access of data, because the firewall can filter services on the basis of the nomination of port numbers (a way of addressing a particular service in a computer) used by these services, and Internet Protocol address of the source or destination of data. We will mention the following examples of common services outlets figures, namely: 80 of 23 service and HTTP service Telnet and FTP service for the 21 and 25 of the service SMTP.

There is no doubt that the safest way to build a list of control to access to services is beginning block all data movements, and then revisit it after the disengagement to the services required for the block one after the other, such as allowing the movement of data on port 25, if these data are bound to Internet protocol address on your e-mail in your network. If you need access to services in the internal network of computers outside your network, such as Web servers or e-mail servers, you will build more complex rules of the nomination. You can know if the firewall, which has used an outlet of the neutral area DMZ to connect with these services and to be able to isolate the services open to external networks, on the internal network, but if the firewall does not have an outlet for the neutral area DMZ, then supposed to be allowed to feature passage of the performing the work, a process in which all the movements of short data service on a particular Internet protocol address of an internal party. For those who are afraid of the topic of writing the rules for the nomination to firewalls, we say that the operations are not difficult, as appears to them, they soon learn to establish a simple set of such rules, they will learn quickly accomplish complex rules, but if they insist on their fear of the establishment of rules for the nomination, they then use specialists.

Author: Shrif S Kassem
Article Source: EzineArticles.com
Provided by: Digital Camera Information

As more organizations consider moving into the cloud to benefit from the evident cost savings  and focus more on their core business functions, the bad guys are also looking for the benefits.

2009 has been a notable year for malware and malicious online activity for a number of reasons and several of them relate to what is known as botnets. A zombie, or a bot, is a PC infected by malware that brings it under the remote control of a criminal. Criminals run networks that can range from thousands to millions of infected machines and they use them to power most of the cybercrime we see today including spam, DDoS, scareware, phishing, and malicious or illegal website hosting. They have a finger in every cybercriminal pie.

In the first half of the year, the Conficker worm (also known as Downadup or Kido) stole all the headlines in the malware world. Eventually the Conficker botnet was seen to deliver standard cybercriminal payloads, such as spambots and Fake AV (or scareware), much to the disappointment of some of the more hysterical commentators. Just because the outbreak received so much coverage that died away just as rapidly, don’t be fooled into thinking this threat has gone away. The Conficker Working Group, an alliance of security vendors, researchers and other commercial organisations is currently showing around 6 million unique IP addresses as appearing to be infected with this malware.

An unrelated, but important trend in 2009 was the exponential increase in the abuse of social networking providers for malicious purposes. The enormous active user populations on sites like Facebook, Twitter and MySpace prove a very attractive lure to organised online crime and its attendant money-making, bot recruitment and Fake AV pushing scams. Facebook has been abused by rogue Apps, designed to fool users into clicking links that reward the creator through pay-per-click affiliate advertising networks. It has also been used to spread malware through many means; malicious links in wall posts and messages, malware designed specifically to hijack accounts and by external compromise of legitimate Facebook Apps. The Koobface family of malware (also a botnet) has evolved over the course of 2009; it was initially spread through malicious messages and wall posts with links to fake YouTube sites punting a supposed codec in order to view the video. The codec of course was nothing of the sort and led to infection and account hijacking. Koobface now though has evolved to the point where it is fully capable of creating its own fake Facebook profile pages, complete with confirmed Gmail address, photo and biographical data. These fake accounts then set about joining networks and sending friend requests again all in a completely automated fashion.

Read more at http://countermeasures.trendmicro.eu/2010-year-of-the-zombie-cloud/