Dear Friends and Colleagues,
As many of you already know, in April I announced my plan to join SonicWall. I am sure that some of my friends in the security industry expected me to join a “hot new startup” someday as opposed to a 26-year-old company. So, I figured I owed each of you a proper explanation of why I decided to join SonicWall at this time.
I had the pleasure of being introduced to some of the key product developments that were in SonicWall’s near-term roadmap. Those included fresh-new user interfaces, the addition of RTDMI technology to SonicWall’s Capture services, Capture Client, Capture Security Center and other innovative upcoming product plans.
As I further studied the company, I quickly discovered that SonicWall has an aggressive but achievable plan to completely transform its offerings in ways the company and the security industry are not expecting. These changes gave me renewed confidence in SonicWall and validated my decision to join at this crucial phase in the company’s history. I feel I have joined a company well on the path to the innovation and growth often only seen in startups.
My promise to our customers as a leader of SonicWall’s product management organization is to continue to drive innovation and bring renewed industry perspectives to SonicWall products and business strategy.
In short — I firmly believe we are poised for success and I expect to continue to work hard to win net new customers in the firewall market!
http://www.csoonline.com/article/2854672/business-continuity/the-breach-at-sony-pictures-is-no-longer-just-an-it-issue.html By Steve Ragan Salted Hash CSO Dec 2, 2014 I’m going to make a prediction. The breach at Sony Pictures has nothing to do with North Korea, aside form the fact that the destructive malware believed to be present on Sony’s network is similar to the malware used in South Korea in 2013 – an incident that was blamed on North Korea. Furthermore, I predict there will be an insider aspect to Sony’s breach. The first part of the attack on Sony centered on compromising records, once done, the attackers planted malware that was timed – based on the FBI memo – to activate just before Thanksgiving. The easiest way to accomplish this task – assuming I’m right – is by having someone on the inside with just enough access that everything looks normal with a passive glance at the logs. The second part of the attack on Sony is the aftermath, including the financial burden of dealing with box office losses, employee issues, as well as any fines that are sure to be levied. Sony’s just starting to enter this phase. On Monday, GOP (Guardians of Peace), the group claiming responsibility for the attack on Sony, pushed 25GBs worth of data to the public domain. They say this is only a fraction of the data they were able to compromise, suggesting to one media outlet that they were harvesting records for more than a year before making themselves known. A year. […]
http://thediplomat.com/2014/02/s-korea-seeks-cyber-weapons-to-target-north-koreas-nukes/ By Zachary Keck The Diplomat February 21, 2014 South Korea is developing offensive cyber weapons to target North Korea’s nuclear weapons program, according to the country’s defense ministry said on Wednesday. According to Yonhap News Agency, South Korea’s Defense Ministry outlined its long-term cyberpolicy to the parliament’s defense committee on Wednesday. The report stated that, “A strategic plan for the second phase calls for developing cybertools for offense like Stuxnet, a computer virus that damaged Iran’s uranium enrichment facility, to cripple North Korea’s missile and atomic facilities.” Yonhap also quoted an anonymous senior defense official as saying: “Once the second phase plan is established, the cyber command will carry out comprehensive cyberwarfare missions.” These missions will be carried out under a new Cyber Defense Command that South Korea plans to establish in May. It will operate under the purview of the ROK Joint Chiefs of Staff, according to the report. South Korea first established a Cyber Command in 2010 to guard against the threat posed by North Korea’s elite unit of hackers. So far, its aims have primarily been to protect vulnerable national networks from cyber attacks originating from North Korea, as well as to wage psychological warfare campaigns against Pyongyang. The decision to equip South Korea’s cyber warriors with the capabilities to attack North Korea’s nuclear and missile facilities therefore represents a dramatic escalation. […]
http://www.eurekalert.org/pub_releases/2013-12/pm-fcs121613.php Contact: Annie Touchette annie.touchette/at/polymtl.ca 514-231-8133 Polytechnique Montréal Montreal, December 16, 2013 – Installing computer security software, updating applications regularly and making sure not to open emails from unknown senders are just a few examples of ways to reduce the risk of infection by malicious software, or “malware”. However, even the most security-conscious users are open to attack through unknown vulnerabilities, and even the best security mechanisms can be circumvented as a result of poor user choices. “The reality is that successful malware attacks depend on both technological and human factors,” says Professor José Fernandez. “Although there has been significant research on the technical aspects, there has been much less on human behaviour and how it affects malware and defence measures. As a result, no one at the present time can really say how important these factors are. For example, are users who are older and less computer-savvy more open to infection?” It is therefore necessary to take a closer look at the impact that both technological and human factors have on the success or failure of protective mechanisms. To answer this type of question, Prof. Fernandez and his team drew inspiration from the clinical trial method to design the first-ever study applied to computer security. In a fashion similar to medical studies that evaluate the effectiveness of a particular treatment, their experiment was aimed at assessing the performance of anti-virus software and the likelihood that participants’ computers would become infected with malware. The four-month study involved 50 subjects who agreed to use laptops that were instrumented to monitor possible infections and gather data on user behaviour. “Analyzing the data allowed us not only to identify which users were most at risk, based on their characteristics and behaviour, but also to measure the effectiveness of various protective measures,” says Polytechnique student Fanny Lalonde Lévesque, who is writing her master’s thesis on this project. This pilot study provided some very interesting results on the effectiveness of computer defences and the risk factors for infection. For example, 38% of the users’ computers were exposed to malware and 20% were infected, despite the fact that they were all protected by the same anti-virus product, which was updated regularly. With regard to the users themselves, there did not seem to be any significant difference in exposure rates between men and women. In addition, the most technically sophisticated users turned out to be the group most at risk… This result may seem counter-intuitive, as it contradicts the opinion of some computer experts who argue that people should have a kind of “Internet license” before going online. “The results of this study provide some intriguing insights. Are these ‘expert’ users at higher risk because of a false sense of security, or because they are naturally curious and therefore more risk-tolerant? Further research is needed to understand the causes of this phenomenon, so that we can better educate and raise awareness among users,” says Professor Fernandez. In the future, this type of study will help provide scientific data to support decision-making on security management, education, regulation and even computer security insurance. A second phase, which will involve hundreds of users over a period of several months, is already being prepared. The initial results of this experiment were presented at the ACM Conference on Computer and Communications Security (CCS), which took place November in 2013 in Berlin, Germany. ### This research was carried out with the financial support of the Natural Sciences and Engineering Research Council of Canada Internetworked Systems Security Network (NSERC ISSNet), Trend Micro and MITACS.
http://www.bankinfosecurity.com/whatever-happened-to-ddos-phase-4-a-5986 By Tracy Kitten Bank Info Security August 13, 2013 It has been three weeks since Izz ad-Din al-Qassam Cyber Fighters declared “The break’s over and it’s now time to pay off,” announcing Phase 4 of “Operation Ababil,” the nearly year-long campaign of distributed-denial-of-service attacks on major U.S. banks (see DDoS: Attackers Announce Phase 4). But it has been nearly two weeks since any DDoS activity could be attributed to this group. Which begs the question: Is Phase 4 over before it ever really began? DDoS experts offer varying theories about the recent inactivity. “I believe that to a large extent, this particular set of attacks is over,” says Rodney Joffe, senior technologist at DDoS-mitigation provider Neustar. “If attacks come back, I believe [they] will be a totally new initiative, perhaps by the same actors and perhaps using the same proxy.” Mike Smith, a security evangelist at cybersecurity firm Akamai, says it’s hard to be certain why al-Qassam has been silent. […]