My latest Gartner research: Emerging Technology Analysis: Deception Techniques and Technologies Create Security Technology Business Opportunities

Deception techniques such as honeypots are not a new concept in security; however, new techniques and capabilities promise to deliver game-changing impact on how threats are faced. This research articulates how product managers can successfully use threat deception as a threat response tactic.

Gartner subscribers can read this research by clicking here.


Tags: , , , , , , ,

Optimized squid proxy configuration for version 3.5.5

#
#Recommended minimum configuration:
#
always_direct allow all

# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localnet src 192.168.0.0/16
acl localnet src fc00::/7
acl localnet src fe80::/10 # RFC1918 possible internal network
acl Safe_ports port 1-65535 # RFC1918 possible internal network
acl CONNECT method GET POST HEAD CONNECT PUT DELETE # RFC1918 possible internal network
#acl block-fnes urlpath_regex -i .*/fnes/echo # RFC 4193 local private network range
acl noscan dstdomain symantecliveupdate.com liveupdate.symantec.com psi3.secunia.com update.immunet.com avstats.avira.com premium.avira-update.com # RFC 4291 link-local (directly plugged) machines

acl video urlpath_regex -i \.(mpa|m2a|mpe|avi|mov|mpeg|m1s|mp2v|m2v|m2s|wmx|rm|rmvb|3pg|3gpp|omg|ogm|asf|asx|mp2|mp3|mp4|wmvm3u8|flv|ts)

#
# Recommended minimum Access Permission configuration:
#
# Only allow cachemgr access from localhost

no_cache deny noscan
always_direct allow noscan
always_direct allow video

# Deny requests to certain unsafe ports

# Deny CONNECT to other than secure SSL ports

# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on .localhost. is a local user
#http_access deny to_localhost

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#
#cache_peer 192.168.1.1 parent 8080 0 default no-query no-digest no-netdb-exchange
#never_direct allow all

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed

http_access allow all

# allow localhost always proxy functionality

# And finally deny all other access to this proxy
# Squid normally listens to port 3128
#pipeline_prefetch 4
read_ahead_gap 100 MB
client_request_buffer_max_size 2048 KB
eui_lookup off
http_port 0.0.0.0:8080 intercept disable-pmtu-discovery=always
http_port 0.0.0.0:3128
tcp_outgoing_address 192.168.2.2
connect_retries 5
client_persistent_connections on
server_persistent_connections on
detect_broken_pconn on

# We recommend you to use at least the following line.
#hierarchy_stoplist cgi-bin ?
# Uncomment and adjust the following to add a disk cache directory.
cache_dir diskd /ssd/0 100000 256 1024
cache_dir diskd /ssd/1 100000 256 1024
cache_dir diskd /ssd/2 100000 256 1024
cache_dir diskd /ssd/3 100000 256 1024

cache_dir diskd /ssd2/0 100000 256 1024
cache_dir diskd /ssd2/1 100000 256 1024
cache_dir diskd /ssd2/2 100000 256 1024
cache_dir diskd /ssd2/3 100000 256 1024

#cache_dir ufs /ssd/0 100000 256 1024
#cache_dir ufs /ssd/1 100000 256 1024
#cache_dir ufs /ssd/2 100000 256 1024
#cache_dir ufs /ssd/3 100000 256 1024

#cache_dir ufs /ssd2/0 100000 256 1024
#cache_dir ufs /ssd2/1 100000 256 1024
#cache_dir ufs /ssd2/2 100000 256 1024
#cache_dir ufs /ssd2/3 100000 256 1024

store_dir_select_algorithm round-robin
# Leave coredumps in the first cache dir
coredump_dir /var/cache/squid

# Add any of your own refresh_pattern entries above these.
# General Rules
refresh_pattern -i \.(gif|png|jpg|jpeg|jp2|jpx|j2k|j2c|fpx|ico|bmp|tif|tiff|webp|bif|ver|pcd|pict|rif|exifi|hdr|bpg|img) 220000 90% 300000 override-expire reload-into-ims ignore-no-store ignore-private store-stale
refresh_pattern -i \.(swf|js|wav|css|class|dat|zsci|ver|advcs|woff|eps|ttf|svg|svgz|ps|pl|acsm) 220000 90% 300000 override-expire reload-into-ims ignore-reload ignore-no-store ignore-private
refresh_pattern -i \.(mpa|m2a|mpe|avi|mov|mpeg|m1s|mp2v|m2v|m2s|wmx|rm|rmvb|3pg|3gpp|omg|ogm|asf|asx|mp2|mp3|mp4|wmvm3u8|flv|ts|f4v|f4m) 220000 90% 300000 override-expire reload-into-ims ignore-private
refresh_pattern -i \.(html|htm|crl) 9440 90% 300000 override-expire reload-into-ims refresh-ims ignore-private
refresh_pattern -i \.(xml|flow|aspx|asp) 0 90% 300000
refresh_pattern -i \.(json) 0 90% 300000
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
#refresh_pattern -i ^http:\/\/liveupdate.symantecliveupdate.com.*\(zip) 0 0% 0
#refresh_pattern -i ^http:\/\/premium.avira-update.com.*\(gz) 0 0% 0
#refresh_pattern -i microsoft.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims
#refresh_pattern -i windowsupdate.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims
#refresh_pattern -i windows.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims
refresh_pattern -i \.(bin|deb|rpm|drpm|exe|zip|tar|tgz|bz2|ipa|bz|ram|rar|bin|uxx|gz|crl|msi|dll|hz|cab|psf|vidt|apk|wtex|hz) 220000 90% 300000 override-expire refresh-ims ignore-no-store ignore-private store-stale
refresh_pattern -i \.(ppt|pptx|doc|docx|docm|docb|dot|pdf|pub|xls|xlsx|xlt|xlm|xlsm|xltm|xlw|csv|txt) 220000 90% 500000 override-expire reload-into-ims ignore-no-store ignore-private store-stale
#refresh_pattern -i ^ftp: 66000 90% 200000
#refresh_pattern -i ^gopher: 1440 0% 1440
refresh_pattern -i . 0 90% 300000 override-expire reload-into-ims refresh-ims

log_icp_queries off
icp_port 0
htcp_port 0
acl snmppublic snmp_community public
snmp_port 3401
snmp_access allow snmppublic all
minimum_object_size 0 KB
cache_effective_user squid
#header_replace User-Agent Mozilla/5.0 (X11; U;) Gecko/20080221 Firefox/2.0.0.9
vary_ignore_expire on
cache_swap_low 85
cache_swap_high 90
visible_hostname shadow
unique_hostname shadow-DHS
shutdown_lifetime 0 second
request_header_max_size 256 KB
request_entities on
half_closed_clients off
max_filedesc 65535
connect_timeout 8 second
cache_effective_group squid
#buffered_logs on
#access_log /var/log/squid/access.log squid
#access_log daemon:/var/log/squid/access.log buffer-size=1024KB
access_log none
netdb_filename none
client_db off
dns_nameservers 127.0.0.1 192.168.2.2 192.168.1.96
ipcache_low 50
dns_v4_first on
positive_dns_ttl 30 days
negative_dns_ttl 60 seconds
dns_retransmit_interval 2 seconds
check_hostnames off
forwarded_for delete
via off
httpd_suppress_version_string on
# mem and cache size
cache_mem 10 GB
memory_cache_mode disk
maximum_object_size 2047 MB
maximum_object_size_in_memory 2048 KB
digest_generation off
#digest_bits_per_entry 16

pinger_enable off
#memory_pools off
reload_into_ims on
cache_store_log none
#quick_abort_min -1 KB
max_stale 1 month


Tags: , , , , , , , , , , , , , , , , , , , ,

My latest Gartner research: Best Practices for Detecting and Mitigating Advanced Persistent Threats

Information security practitioners must implement specific strategic and tactical best practices to detect and mitigate advanced persistent threats and targeted malware by leveraging both existing and emerging security technologies in their security architectures. Management silos between network, edge, endpoint and data security systems can restrict an organization’s ability to prevent, detect and respond to advanced attacks. Adversaries continue to use social engineering and social networks to target sensitive roles or individuals within …

Gartner clients can access this research by clicking here.


Tags: , , , , , , , , , ,

My latest Gartner research: Forecast: Information Security, Worldwide, 2013-2019, 1Q15 Update

The information security market will grow 7.7% in revenue in 2014, with the IT security outsourcing segment recording the fastest growth — 15.2%. 1 Summary Tables Suitable for Printing 2 Pivot Table for Analysis 3 Data Structure and Definitions 4 Exchange Rates 5 Tips for Using Pivot Tables 1-1 Security Spending by Region, 2013-2019 (Millions of Dollars) 1-2 Security Spending by Segment, 2013-2019 (Millions of Dollars) 2-1 Worldwide …

Gartner clients can access this research by clicking here.


Tags: , , , , , ,

My latest Gartner research: Cool Vendors in Security Intelligence, 2015

Cool Vendors in security intelligence offer highly innovative technologies that address an organization’s demand for data-driven analytics, techniques in obfuscation and deception, and advanced detection solutions. CISOs should use this research when evaluating technology trends for planning. … illusivenetworks.com ) Analysis by Avivah Litan and Lawrence Pingree Why Cool: Illusive networks offers advanced attack deception … California ( trapx.com ) Analysis by Craig Lawson, Lawrence Pingree and Oliver Rochford Why Cool: TrapX Security is …

Gartner clients can access this research by clicking here.


Tags: , , , , , , , , , , ,

My latest Gartner research: Cool Vendors in Security for Technology and Service Providers, 2015

When considering partnering with these Cool Vendors, TSP product managers and CMOs interested in the security space should examine their innovative security technologies. These vendors are pioneering new directions and potential opportunities in the security market.

Gartner clients can access this research by clicking here.


Tags: , , , , , , ,

My latest Gartner research: Vendor Rating: Dell

After transitioning to a private company, Dell has broadened and deepened its efforts in a number of integrated technology, solution and service areas. Positive Dell transitioned to a private company in 2013. One intention of that move was to release the company from quarterly results pressure that are typical of publicly held companies to make required changes to maintain and increase its competitive capabilities, as well as increase …

Gartner clients can access this research by clicking here.


Tags: , , , , ,

My latest Gartner research: Invest Insight: Focus on Imperva

This research looks at various segments relevant to Imperva — Web application firewalls (WAFs), data-centric audit and protection (DCAP), cloud security, and cloud access security brokers (CASBs) — to provide the reader with the ability to assess the company’s prospects. Based in Redwood Shores, California, Imperva provides hardware and software cybersecurity solutions designed to protect data and applications in the cloud and on-premises. Customers use these solutions to discover assets and risks, protect information, and comply with regulations. …

Gartner clients can access this research by clicking here.


Tags: , , , , , , , , , , , , , , ,

Advanced & Persistent Security