Security Industry must help business prioritise cyber risk

Archive Blog Archives

Real world networks, real world attacks and real world impacts

There has been some interesting coverage today on the rise of automated control systems relating to the rail networks in the UK – systems that control signalling, points and train movements around the network.  The story – covered on the BBC website but rapidly echoed around the Internet – talks earnestly about the perceived risks and vulnerabilities.  See


Given the potential effects of any attack on transportation control networks, it will be critical for Network Rail to react quickly and effectively when necessary to prevent damage or the harmful effects of faults that are introduced into train control and signalling systems.  The challenge will be spotting that the attack has actually happened before the effects (in the real world) are apparent.  With insider threats, there may be very little evidence beyond some small changes in system behaviour that security has been breached until it is too late.  Similarly, attackers are always becoming more sophisticated and developing new ways to penetrate defences.  As a result, there is every chance that an attack will be completely new, and its effects and warning signs completely unknown, before it actually affects the signalling network.


To avoid this, it will be important to be able to spot not only known, expected threats but also those unknown ones that may not even have been devised yet. The only way to do this is to monitor systems for any unusual behaviour, whether from users or from the system itself, to spot the beginnings of any potential problem. While not every discrepancy will be an actual threat, the organisation needs to be able to identify every one and then determine which pose a risk to the signalling network, the trains themselves and the thousands of passengers that could be affected by any disruption or accidents that happen on the rail network. Without this level of intelligence, there is always the risk that attacks won’t be uncovered until it’s too late – and we won’t be talking about impacts like data loss or system downtime here, it will be real world events that affect real systems, real people and real lives.


In the case of the train network here in the UK, passengers will know that it doesn’t always have the best reliability and service record anyway – even minor disruptions can affect the rush hour journeys of thousands of people and lead to ruined evenings, missed appointments and additional travel time and cost.  If you layer that with the obvious safety issue of trains that get stopped unexpectedly at signals, running too fast or ending up in collisions or derailments – the impacts could easily be very serious.


This will be one system where getting security right will definitely mean a blended mix of preventative controls, advanced detection systems for previously unseen attacks and that gives the ability to respond very quickly when an insider or external attack has been suspected or detected.

Read More

FierceITSecurity: Huntsman Enters US Market, Brings New Tech for ‘Actionable Intelligence’

Huntsman Enters US Market, Brings New Tech for ‘Actionable Intelligence’

16 April 2015 (Source: FierceITSecurity) Huntsman, a subsidiary of Australian IT security company Tier-3, Thursday announced its entrance into the U.S. market where it hopes to challenge entrenched security and event management (SIEM) competitors. Along with the incursion, Huntsman unveiled new tech squarely positioned to capitalize on a trend seeing C-level execs demand more actionable insight regarding IT threats.

With high-profile breaches like Sony and Target creating PR nightmares, C-suite executives are making IT security a top priority. Huntsman CEO Peter Woollacott said in an interview with FierceITSecurity that this shift in prioritization is a “maturation” of the IT security space.

“When I speak to [executives] they tell me that several years ago they knew about IT security threats, but they weren’t that familiar with them, and, more importantly, they weren’t that familiar with the implications,” Woollacott said. “What they want to know is, ‘If there is a security threat, what part of my business is potentially impacted? What are you doing to fix that particular problem? And what do I need to do, relative to the other business risks that I’m facing, to remediate that problem?'”

Medium- to large-sized businesses rely on SIEMs to keep track of security logs and other IT security data. However, as companies expand or acquire other companies, multiple SIEMs can bog down the analysis process, with Woollacott’s research showing that American companies go as long as 170 days on average without recognizing potential threats.

Knowing that, Woollacott and his team are introducing a new tech called the Huntsman Unified Console that consolidates information from existing legacy SIEMs and presents the data in readable dashboards. The idea is to give the company what Woollacott calls “actionable intelligence” or easily evaluated threat vector analysis that analysts–or even execs–can use to make decisions.

Read more

Read More

CRN: Australian Security Company Makes U.S. Launch with Focus on SIEM

Australian Security Company Makes U.S. Launch with Focus on SIEM

16 April 2015 (Source: CRN) An Australian security company entered the U.S. market Thursday with a plan to both disrupt and complement established security vendors in the threat management market.

Huntsman Security, as it will be known in the U.S., offers a portfolio that includes a broad range of Security Information Event Management (SIEM) technology that provides real-time insight into preventing cyberattacks.

The U.S. launch of the company also includes the global release of the Huntsman Unified Console, which aggregates the output of SIEM environments from multiple vendors, including Splunk, Hewlett-Packard ArcSight, Q1 Labs and Huntsman Security’s own technology, into a single dashboard for a consolidated view of enterprise threats.

Tier-3, as it is known in Australia, already is established on a global scale, including in Australia, the United Kingdom and Japan. The company is recognized for developing a patented behavior anomaly detection technology.

As it breaks into the U.S. market, CEO Peter Woollacott said the company will compete with vendors such as AppSense; Q1 Labs; McAfee, part of Intel Security; and Splunk but also will collaborate with them as it works to aggregate their solutions in a single pane of glass.

“I think, in one sense, we’re definitely competing with them; no question about that,” Woollacott said. “But, in another sense we’re complementing them. … Being able to complement the capabilities of those technologies and give a global view of what’s happening at the enterprise is a significant step forward in the threat management process.”

Read more

Read More

4-step Guide to Killing Acquisitions

(Source: As we ramp up for RSA, it is interesting that one common cross vendor theme is coming up. HP’s ArcSight installed base has become the great SIEM [Security Information and Event Management] hunting ground. Meg Whitman has effectively killed yet another HP acquisition. Having been through some ugly acquisitions myself, I try to use every example of contrasting how to do these things right vs. how to do them very wrong. It seems that some executives either don’t want to do it right or they never really read the current definition of insanity “doing the same thing over and over expecting a different results.”

Don’t get me wrong, before Whitman came on board HP was kind of legendary for killing acquisitions. VoodooPC and Palm’s destruction were only the latest of a long string of firms HP bought and then systematically killed, wiping out millions to billions of value in what appears to be four easy-to-follow steps. Despite HPs past success in this area, Meg Whitman is turning doing it into a science. There appears to be no one better at killing acquisitions today than HP.

So this week, rather than focus on the firms that do this right, let’s focus on that magical skillset HP has for doing this masterfully wrong using ArcSight as the example.

» Read more

Read More
1 2 3 4