_gaq.push(['_setAccount', 'UA-35754314-2']); _gaq.push(['_setDomainName', 'securityeverafter.com']); _gaq.push(['_trackPageview']); Security Ever After: April 2011 var _gaq = _gaq || []; (function() { var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true; ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s); })();

Monday, April 25, 2011

SANS National CyberSecurity Innovation Conference

Last week I had the opportunity to attend and participate in a panel discussion at the first SANS National CyberSecurity Innovation Conference in Washington, DC. While there I was able to learn from other security practitioners representing a wide array of industries each describe how they are securing their networks in creative ways. More often than not, success was achieved by leveraging existing tools and capabilities.

One of the more compelling topics was the Department of State implementation of the SANS Top 20 Security Controls. It was noteworthy that the Department of State was able to achieve an 85% decrease in vulnerabilities in the first year. What else are you doing that has this success rate?

SANS provides several resources to help understand and implement these controls, which ultimately provide the basis for continuous monitoring capabilities. There have been several webcasts on the Top 20 Controls. The most recent featured James Tarala who led a discussion on how a SIEM product can help implement these controls. Other resources are case studies, the Security 440 two day class and Security 566, a five day class on understanding and implementing these controls.

Thursday, April 21, 2011

Book Review: Linchpin

Linchpin by Seth Godin is one of the best books I have read. It gives the formula necessary to become the most valued member of an organization and not just a cog in the wheel. What follows are two of my favorite direct quotations from this book, sprinkled with my commentary.


"When you give something away, you benefit more than the recipient does. The act of being generous makes you rich beyond measure, and as the goods or services spread through the community, everyone benefits". I have found this to be so incredibly true in my life. I believe there is nothing more valuable than giving your time and resources to someone who can not possible return the favor.

"You can either fit in or stand out. Not both". I bet you can easily recall many examples where this is true. Think about it and choose wisely. A lot depends on your selection.

Saturday, April 2, 2011

Get Wisdom as Cheaply as You Can

New details have emerged about the now famous RSA APT incident. As posted on their Security Blog and as mentioned on the SANS Internet Storm Center, it was disclosed that the incident started by phishing emails that contained a malicious attachment. This allowed the attacker to establish a foothold inside the organization.

What about your organization. How can you remain diligent given the details released from this attack?

1 - Use existing management tools to make sure all third party software stays up to date.

2 - Educate your users about the risks inherited by the information they post to social networking websites.

3 - Remind your users to not opening suspicious email and attachments.

4 - Continue to monitor the network for new or abnormal traffic flows.

5 - Continue to harden systems using CIS and NIST guidelines. Monitor for any deviations.

6 - Intentionally invite your users to let you know if something seems strange. Anything at all.