…How long do you think it would take to spot an intruder in your home?
Let’s say they got in during the night, just to give them a chance. It would probably be only a few minutes before you would be calling the police or tiptoeing towards the intruders gripping a tennis racket or baseball bat in your sweaty hands. It certainly wouldn’t be weeks or months before you noticed. And yet, many companies do take that long to spot intruders on their networks. Read MoreRead More
Despite the consequences of cyber attacks on high-profile businesses such as Sony, relatively few organisations understand the scale of the threat they face. Read moreRead More
Information security teams must get a better handle on the deluge of cyber-threat alerts that they’re being hit with every day – read more at Information AgeRead More
Target has reached a $67m agreement with Visa over a massive breach of customers’ payment data in 2013……..read moreRead More
Cyber threats have come a long way since 1988, when Robert Tappan Morris released the first computer worm via the Internet. These days, threats are not only far more sinister, they are sophisticated and ubiquitous. And, as the recent White House security breach demonstrated, no organization is secure. Read more
There has been some interesting coverage today on the rise of automated control systems relating to the rail networks in the UK – systems that control signalling, points and train movements around the network. The story – covered on the BBC website but rapidly echoed around the Internet – talks earnestly about the perceived risks and vulnerabilities. See http://www.bbc.co.uk/news/technology-32402481
Given the potential effects of any attack on transportation control networks, it will be critical for Network Rail to react quickly and effectively when necessary to prevent damage or the harmful effects of faults that are introduced into train control and signalling systems. The challenge will be spotting that the attack has actually happened before the effects (in the real world) are apparent. With insider threats, there may be very little evidence beyond some small changes in system behaviour that security has been breached until it is too late. Similarly, attackers are always becoming more sophisticated and developing new ways to penetrate defences. As a result, there is every chance that an attack will be completely new, and its effects and warning signs completely unknown, before it actually affects the signalling network.
To avoid this, it will be important to be able to spot not only known, expected threats but also those unknown ones that may not even have been devised yet. The only way to do this is to monitor systems for any unusual behaviour, whether from users or from the system itself, to spot the beginnings of any potential problem. While not every discrepancy will be an actual threat, the organisation needs to be able to identify every one and then determine which pose a risk to the signalling network, the trains themselves and the thousands of passengers that could be affected by any disruption or accidents that happen on the rail network. Without this level of intelligence, there is always the risk that attacks won’t be uncovered until it’s too late – and we won’t be talking about impacts like data loss or system downtime here, it will be real world events that affect real systems, real people and real lives.
In the case of the train network here in the UK, passengers will know that it doesn’t always have the best reliability and service record anyway – even minor disruptions can affect the rush hour journeys of thousands of people and lead to ruined evenings, missed appointments and additional travel time and cost. If you layer that with the obvious safety issue of trains that get stopped unexpectedly at signals, running too fast or ending up in collisions or derailments – the impacts could easily be very serious.
This will be one system where getting security right will definitely mean a blended mix of preventative controls, advanced detection systems for previously unseen attacks and that gives the ability to respond very quickly when an insider or external attack has been suspected or detected.Read More
16 April 2015 (Source: FierceITSecurity) Huntsman, a subsidiary of Australian IT security company Tier-3, Thursday announced its entrance into the U.S. market where it hopes to challenge entrenched security and event management (SIEM) competitors. Along with the incursion, Huntsman unveiled new tech squarely positioned to capitalize on a trend seeing C-level execs demand more actionable insight regarding IT threats.
With high-profile breaches like Sony and Target creating PR nightmares, C-suite executives are making IT security a top priority. Huntsman CEO Peter Woollacott said in an interview with FierceITSecurity that this shift in prioritization is a “maturation” of the IT security space.
“When I speak to [executives] they tell me that several years ago they knew about IT security threats, but they weren’t that familiar with them, and, more importantly, they weren’t that familiar with the implications,” Woollacott said. “What they want to know is, ‘If there is a security threat, what part of my business is potentially impacted? What are you doing to fix that particular problem? And what do I need to do, relative to the other business risks that I’m facing, to remediate that problem?'”
Medium- to large-sized businesses rely on SIEMs to keep track of security logs and other IT security data. However, as companies expand or acquire other companies, multiple SIEMs can bog down the analysis process, with Woollacott’s research showing that American companies go as long as 170 days on average without recognizing potential threats.
Knowing that, Woollacott and his team are introducing a new tech called the Huntsman Unified Console that consolidates information from existing legacy SIEMs and presents the data in readable dashboards. The idea is to give the company what Woollacott calls “actionable intelligence” or easily evaluated threat vector analysis that analysts–or even execs–can use to make decisions.Read More