Security Blog

Your source for information security news and views.

Pandemics and Continuity

Posted by: Kyle Deming

In our Strategy to Reality workshops, we've spent a lot of time discussing the growing commitment to risk management in most of our enterprises. This has to be seen as an extremely valuable process. However, as we rush to be more risk aware, we may be encountering another aspect of TMI (too much information - see the May 4th posting). There are simply too many things that can, and at some point in the future, may well go wrong. It is this uncertainty of outcomes and the potential problems we face that shape our thoughts and planning on risk.
In the context of far greater concerns about risk, our preparedness for a flu pandemic is a vital issue.

For the most part, surveys on the question suggest that there is indeed a substantial

More RSA and More on Data Loss Prevention

Posted by: Kyle Deming

Tagged in: botnet

Is it more polite to say data "leakage" prevention rather than "loss"? We know that what leaks might be recovered, and since we usually still have a copy, isn't it a bit bold to call it a "loss"? Sure there were terabytes of data on the most expensive weapon ever developed, but the report in the Wall Street Journal made clear that it wasn't ALL of the data, so maybe that's just a leak. And we still have the original data. But, like TMI and TLI, using three letters saves us the debate all together. Let's just go with DLP.

Of course, once you're in the DLP space, you're touching PCI-DSS compliance and that's a nice slippery slope into the whole realm of protecting electronic health and medical records (the difference here is important, but we'll save that for another posting). EHR/EMR are big pieces of the ARRA (that's another acronym we'll be talking a lot about - it's the American Recovery and Restoration Act, and it's almost $800 billion of the current stimulus package). The important opportunity for creative DLP solutions is around the new protections which are mandated as part of the spending package on health care information systems.
RSA had vendor after vendor with last year's solutions wearing new banners proclaiming there was something new to be seen. For the most part, and I mean for 90% of the exhibitors, there wasn't anything new!

My beef about too little imagination might be contrasted with the creativity and inventiveness we see in malware and botnets today. Now that's where you can see real imagination. Maybe TOO MUCH IMAGINATION! TMI again.

Now if the bad guys had a show think of all the new stuff we'd see. Think of the advances the botnets have made. Think of how much creative energies have gone into landing checks from Google and Microsoft for click fraud attacks. Wouldn't one of the keynotes be the team that took terabytes of data on the United States' most expensive weapons program in history? I'm sure none of you missed the Wall Street Journal article that broke just in time to remind all of the RSA crowd that we're not winning this game. (insert link)

The breakout sessions for the bad guys might include:

  • Advanced SQL injections (something we showcased in our 2003 Strategy to Reality workshop suggesting that website coding needed to be hardened)
  • Buffer overflows for the lazy
  • Selling financial data online
  • New tools for Herders - what your botnet controllers should include ...
  • Marketing strategies for botnets - who wants to rent your million boxes
  • ePay - a new underground for selling whatever you happen to find on a remote node
  • Exploits below the radar - using 10k bots as spam relays allows everybody to be low and slow and never found

If we lack imagination we're in trouble. 

I just want to get you thinking about what the bad guys could really do, or more likely, are already doing.

For years we've been making a big point about the threat of new emerging technologies that are creating big exposures. Does it take imagination to see these threats? Maybe it takes better communications upstream to management and the entire risk management community.

What are your thoughts? Be imaginative. Don't worry, we won't say it's TMI.


Posted by: Kyle Deming

Tagged in: information

I just learned some new texting shorthand from my daughters - TMI, meaning too much information.

I also began texting myself for the first time while working the floor at RSA.
So, it got me thinking ....

  • Too Much Information
  • Too Much IP (intellectual property easily stolen over the net)
  • Too Much Infrastructure
  • Too Much Interconnectivity
  • Too Much IP (internet protocol connections)
  • Too Much Indifference

Or maybe it's really about what we don't have enough of?

Has anybody ever used TLI? And that got me thinking that it wasn't just for too little information.

Two weeks ago when I returned from RSA I was both disappointed and discouraged. While the economy may have taken a small toll on the attendance and exhibitors, what really stood out was a lack of imagination. Shortly after 9/11, I heard Richard Clarke use that expression, a lack of imagination. We failed to think outside the box and see many of the obvious threats. When the French built the great Maginot Line, the impenetrable border between France and Germany, they lacked the imagination to see that a German military set on invading France would have few, if any, problems simply going around the wall and entering France through Belgium. My corollary is simply "bad guy cheat", but maybe they also have more imagination.
TLI: Too Little Imagination with all of our other TMI's isn't a good thing!

The industry I saw at RSA lacked imagination. It seemed that just as every other vendor in 2007 realized they had to proclaim they were a NAC solution, this year's required dress was a DLP message somewhere in the booth. Data loss is a big problem. Most forms of computer security touch one or many aspects of data loss prevention. So, if word is out that industry needs data loss prevention, then everybody has it. 

So, while we're struggling with too much information, we seem to simultaneously drown out the creative interpretation of all that information that comes from creative and insightful imagination.

I can take the TMI but the TLI is killing us! What do you think? Feel free to share more than 3 letters.