In this article Cisco talks about its plans to integrate the IronPort SenderBase technology into its products by 2008.
http://www.darkreading.com/document.asp?doc_id=127721
[Editor's Not (Valle): When Cisco pulls this off they will be raising the bar on what constitutes a robust firewall or secure router. This will also force the other large network/security companies to come up with (or buy) similar technology to make their security products comparable]
Pfizer lost social security numbers and other personal information on 15,700 of its employees because of one’s person P2P software.
http://www2.csoonline.com/blog_view.html?CID=33004
[Editor's Note (Valle): Many people don't realize that they can be sharing their whole harddrive when they enable P2P software on their computers. Cisco MARS is very good at tracking employees that are participating in P2P networks and has default reports that can be easily generated. CSA could have prevented the files from being copied and shared on a P2P network as well as kept the employee from installing the P2P client in the first place]
The first HIPPA audit ever was quietly initiated by the Department of Health and Human Services in March and is raising concerns in the health care industry.
Editor’s Note (Valle): The health care industry knew that this would eventually happen and I am glad that there is finally some action by the HHS that shows that there will be some enforcement of the HIPPA requirements. Also as healthcare providers are audited, the HIPPA’s vague information security requirements will become more defined and transparent to health care IT staff.
*Update* Below is a link to some of the questions that HSS might ask in an audit.
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9025253&pageNumber=1
A new study by market watcher Infonetics Research shows that Cisco has the best overall vendor perception in the NAC market compared to Juniper, Microsoft, Consentry, F5, and McAfee. The number one driver cited by users who plan
to use NAC is to better protect resources from unauthorized users and a desire to limit the impact of threats.
http://certcities.com/editorial/news/story.asp?editorialsid=1228#1
Once these corporate computers become infected they will be turned into “bots” that can be used for spam campaigns and DDOS attacks.
http://www.networkworld.com/columnists/2007/060707
edit.html?page=1
Editor’s note (Valle): The legal issues that corporations have to face if they are infected by bots are multifaceted. The bots can steal personal data from employees and customers and intellectual property from the company as well as cause disruption to others as part of a DDOS attack or spam campaign.
MARS would be able to easily find infected computers from their network behavior and as Steve Davies from IronPort mentions in the comment section of my June 7th post “Computer hackers steal Carson funds” the IronPort S series appliance monitors all out-bound traffic and can catch a bot calling home.]
Cyber-criminals are developing a new genre of highly sophisticated and evasive attacks designed to bypass signature-based and database-reliant security technology…Compromised web servers are keeping track of IP addresses of visitors so that they can hide malicious pages when anti-malware crawlers used by URL filtering, reputation services and search engines come for a visit and therefore look like a “clean” site
.
http://www.vnunet.com/vnunet/news/2191298/
hackers-turn-genre-evasive
[Editors note (Valle): In this escalating cat and mouse game I'm sure we'll start seeing anti-malware companies start to dynamically change the IP addresses of their web crawlers in order to fool these compromised web servers.
CSA and the IronPort C appliance would be good defenses against malware coming over HTTP (port 80)]
A real-life story of the damage a key stroke logger can do on the right (or should I say wrong) computer.
http://www.latimes.com/news/local/la-me-hackers1jun01,0,2083352.story?coll=la-home-local
[Editor's note (Valle) It will be interesting to find out how the key stoke logger got on the Treasurer's computer. The most common vector for this type of attack is opening an email that has the key logger within the email or by following a link in an email to a website that will deposit the key logger through a vulnerability in the user's browser.
Also relevent to this post was the news that a new variant of the Gozi virus (which had a key stoke logger included) was found last week by a security researcher. Most of the A/V vendors at the time could not recognize this new variant so we really do not know how many computers were infected by it.
CSA would have stopped these key stroke loggers from executing and IronPort appliances would have added an additional layer of defense by filtering email (C series appliance) and web traffic (S series appliance) for malicous traffic.]
As PCI becomes more accepted as a security framework, we can expect to see more states adopt laws similiar to Minnesota.
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9020923&
source=rss_topic17
[Editor's Note (Valle) Much of the PCI standard is just good network security practice that companies should have been implementing long ago.]
This New York Times articles describes the April – May DDOS attacks that took down a good part of Estonia’s digital infrastructure.
This is the first time in history that DDOS attacks have been considered a “national security situation”.
http://www.nytimes.com/2007/05/29/technology
/29estonia.html?_r=2&oref=slogin&oref=slogin
[Editor's note (Valle): Estonia probably could have mitigated a lot of the damage is they had had anti-DDOS protection either in the "cloud" at their ISPs or if they had appliances like the Cisco Traffic Anomaly Detector and Cisco Guard DDOS Mitigation Appliance.]
A security researcher decided to test how gullible web surfers really were and created a Google advertisement that prodded people to click on it and get infected. Guess how many people clicked?
http://www.computerworld.com/action/article.do
?command=viewArticleBasic&articleId=9019922
&source=rss_topic85
[Editors Note (Valle) It just goes to show you that now matter what sort of security defenses you put up in your company the weak link will always be the people. A good Cisco (IronPort) product to position for this would be the IronPort C series appliance which can filter HTTP traffic coming over Port 80]
