iBoss blog: Understanding the keys to writing successful ransomware

It is ironic that we have to look towards the authors of ransomware as examples of some of the leading aspects of software engineering. And while what they are doing is reprehensible and criminal, they ply their trade with improvements in customer service, using the cloud to package their programs, and lead in understanding the psychology of their ultimate victims. With all this effort going towards developing malware, it isn’t that surprisingly that this category has become very adept at making money. Perhaps legit software vendors can learn from some of these experiences, while hopefully avoiding some of the darker forces.

In my blog for IBoss today, I talk about some of these issues.

Announcing Inside Security: a new email newsletter

I am excited to announce that beginning today there is a new source of high-quality infosec news, analysis, reviews and trends. I have joined forces with Jason Calacanis’ Inside.com to produce Inside Security. The email newsletter will appear twice a week and contain links to content that I find interesting, useful, and cutting edge for CIOs, CISOs, and other IT professionals that want to stay on top of the latest exploits and defenses.

You can subscribe here and view a sample newsletter to see if this is relevant to your interests. Inside Security joins other newsletters such as Inside Tesla, Inside VR&AR, and a tech-based daily brief.

IBM SecurityIntelligence blog: Can You Still Protect Your Most Sensitive Data?

An article in The Washington Post called “A Shift Away From Big Data” chronicled several corporations that are actually deleting their most sensitive data files rather than saving them. This is counterintuitive to today’s collect-it-all data-heavy landscape.

However, enterprises are looking to own their encryption keys and protecting  their metadata privacy. Plus, there is a growing concern that American-based companies are more vulnerable to government requests than offshore businesses.

You can read more on IBM’s SecurityIntelligence.com blog here.

EventTracker blog: Should I be doing EDR? Why anti-virus isn’t enough now

Detecting virus signatures is so last year. Creating a virus with a unique signature or hash is quite literally child’s play, and most anti-virus products catch just a few percent of the malware that is active these days. You need better tools, called endpoint detection and response (EDR), such as those that integrate with SIEMs, that can recognize errant behavior and remediate endpoints quickly.

I like to think about EDR products in terms of hunting and gathering. You can read more in my post in EventTracker’s blog this week here.

 

Authentic8 whitepaper: Why a virtual browser is important for your enterprise

The web browser has become the defacto universal user applications interface. It is the mechanism of choice for accessing modern software and services. But because of this ubiquity, it puts a burden on browsers to handle security more carefully.

silo admin console2Because more malware enters via the browser than any other place across the typical network, enterprises are looking for alternatives to the standard browsers. In this white paper that I wrote for Authentic8, makers of the Silo browser (their console is shown here), I talk about some of the issues involved and benefits of using virtual browsers. These tools offer some kind of sandboxing protection to keep malware and infections from spreading across the endpoint computer. This means any web content can’t easily reach the actual endpoint device that is being used to surf the web, so even if it is infected it can be more readily contained.

Network World 9-vendor multifactor authentication roundup

Due to numerous exploits that have defeated two-factor authentication, many IT departments now want more than a second factor to protect their most sensitive logins and assets. The market has evolved toward what is now being called multi-factor authentication or MFA, featuring new types of tokens and authentication methods.

For this review in Network World, we looked at nine products, five that were included in our 2013 review, and four newcomers. Our returning vendors are RSA’s Authentication manager, SafeNet’s Authentication Service (which has been acquired by Gemalto), Symantec VIP, Vasco Identikey Authorization Server, and TextPower’s SnapID app. Our first-timers are NokNok Labs S3 Authentication Suite (pictured above), PistolStar PortalGuard, Yubico’s Yubikey and Voice Biometrics Group Verification Services Platform.

All of these products are worthy of inclusion in this review as representative of where the MFA market is heading. In addition, if you want to stay on top of MFA developments, we recommend you follow our Twitter list here.

My review also features a collection of screencaps here, and an overall trends rundown as well here.

 

iBoss blog: When geolocation goes south

What do a Kansas farm and a seaside McMansion have in common? Both have been discovered as the result of various geolocation-programming errors over the past several years.

Certainly the use of global positioning system (GPS) chips now built-in to tablets and smartphones is mostly a benefit when it comes to navigating to a meeting spot or finding a nearby gas station or restaurant. But the ubiquity of GPS tech has its downsides too.

There are some not-so-funny stories about GPS gone wrong that I describe in this post for iBoss’ blog.