Security Blog

Your source for information security news and views.
Tags >> botnet

More RSA and More on Data Loss Prevention

Posted by: Kyle Deming

Tagged in: botnet

Is it more polite to say data "leakage" prevention rather than "loss"? We know that what leaks might be recovered, and since we usually still have a copy, isn't it a bit bold to call it a "loss"? Sure there were terabytes of data on the most expensive weapon ever developed, but the report in the Wall Street Journal made clear that it wasn't ALL of the data, so maybe that's just a leak. And we still have the original data. But, like TMI and TLI, using three letters saves us the debate all together. Let's just go with DLP.

Of course, once you're in the DLP space, you're touching PCI-DSS compliance and that's a nice slippery slope into the whole realm of protecting electronic health and medical records (the difference here is important, but we'll save that for another posting). EHR/EMR are big pieces of the ARRA (that's another acronym we'll be talking a lot about - it's the American Recovery and Restoration Act, and it's almost $800 billion of the current stimulus package). The important opportunity for creative DLP solutions is around the new protections which are mandated as part of the spending package on health care information systems.
RSA had vendor after vendor with last year's solutions wearing new banners proclaiming there was something new to be seen. For the most part, and I mean for 90% of the exhibitors, there wasn't anything new!

My beef about too little imagination might be contrasted with the creativity and inventiveness we see in malware and botnets today. Now that's where you can see real imagination. Maybe TOO MUCH IMAGINATION! TMI again.

Now if the bad guys had a show think of all the new stuff we'd see. Think of the advances the botnets have made. Think of how much creative energies have gone into landing checks from Google and Microsoft for click fraud attacks. Wouldn't one of the keynotes be the team that took terabytes of data on the United States' most expensive weapons program in history? I'm sure none of you missed the Wall Street Journal article that broke just in time to remind all of the RSA crowd that we're not winning this game. (insert link)

The breakout sessions for the bad guys might include:

  • Advanced SQL injections (something we showcased in our 2003 Strategy to Reality workshop suggesting that website coding needed to be hardened)
  • Buffer overflows for the lazy
  • Selling financial data online
  • New tools for Herders - what your botnet controllers should include ...
  • Marketing strategies for botnets - who wants to rent your million boxes
  • ePay - a new underground for selling whatever you happen to find on a remote node
  • Exploits below the radar - using 10k bots as spam relays allows everybody to be low and slow and never found

If we lack imagination we're in trouble. 

I just want to get you thinking about what the bad guys could really do, or more likely, are already doing.

For years we've been making a big point about the threat of new emerging technologies that are creating big exposures. Does it take imagination to see these threats? Maybe it takes better communications upstream to management and the entire risk management community.

What are your thoughts? Be imaginative. Don't worry, we won't say it's TMI.