Friday, March 22, 2013

All Grown Up: GRC Is The New Frontier

Guidance Software is located in Pasadena, California and is recognized as the worldwide industry leader in digital investigative solutions.  The EnCase platform is very well known to industry professionals and to some extent that is both a blessing and a curse.  Guidance Software has grown up and now provides a diversified set of products capturing digital evidence and breaking deeper into enterprise operations.   Some may be surprised as this once thought of detective’s tool is now ready for the board room.

Guidance Software holds its annual CEIC Conference and this year General Michael Hayden will keynote regarding emerging global cyber attack hotspots.  Hayden is a catch and this is not to be missed.  This is the annual May event that Guidance showcases each year and generally is very well received.

The last time I spoke to anyone from Guidance Jim Doyle was running their NYC Sales and consulting operations.  So last night I caught up with one of Guidance’s Sales Executives for the NYC region and we talked.  In this post I’ll  highlight just some of the conversation and how that simple, one off digital forensic product has expanded deep into the enterprise.  

GRC Ready....Are You?
The first place to start here is “EnCase” now featuring version 7.06 in Digital Forensics and available in four flavors Enterprise, Forensic, Portable and Tableau Forensic. Guidance provides powerful and comprehensive instruction and training for those breaking into the product line for the first time and great refresher for those looking back and wondering if they hit all the points.  On line, on-demand training via Adobe Connect is driving even greater saturation into the market place and providing easy and up to date product and web facing familiarity.  Getting to know V7 is a mouse click away for our forensic investigators and enterprise personnel.  Well done Guidance Software.

Wordle Capture
From my point of view I was looking for more information in how Guidance Software is breaking further into the enterprise.  I learned for instance investigators can reach out over the web and remotely capture information needed.  Acquiring data from disk or RAM, documents, images, e-mail, webmail, Internet artifacts, Web history and cache, HTML page reconstruction, RAIDS, workstations, servers and with V7: smartphones and tablets.  Our favorite forensic tool has indeed grown up to be a powerful forensic toolkit standing at the ready.  Something Guidance would label as complete Endpoint Visibility.  Well, not too many years ago that meant visiting every location and seizing computers and/or servers.  The remote capability is a real draw to the product line.

Perhaps one of the more unexpected areas Guidance Software has moved into is the Governance Risk and Compliance areas (GRC).  Frankly I just hadn’t put Guidance Software’s EnCase on my radar for GRC.  But with EnCase Enterprise edition your getting a very powerful software application with powerful automation tools.  The gold standard comes with a price that promises to make some a little queasy.  But the Enterprise Edition is going to let you see over the entire network and report on a wide variety of governance, risk and compliance issues.  For me this brought our dinner conversation last night full circle.  As we then dug into GRC and applications and tools provided by EnCase Enterprise combined with Adobe Connect lessons available right on the web this purchase could be viewed as answering some distressing questions left on the table after your last audit.  Check out Guidance Software and let me know if you find another similar product in the market place that comes close.

Thursday, March 21, 2013

Reality Meets Business Continuity

Reality Meets Business Continuity
(Planning for the unexpected)

In prepping for today’s InfraGard weekly conference call I was handed a couple of links directing me into the discussion of Cyber Warfare.  The first article dated Thursday 21 March 2013 by Hayley Dixon of the UK “The Telegraph” sent me thinking about the Prime Minster of Britain during the 1930’s, an era of “appeasement” and the old saying don’t bury your head in the sand.  Well, as history has noted Chamberlain’s Munich Agreement didn’t last long enough for the ink to dry - as war broke out on September 1, 1939.  So I read with some laughter,Rules of cyberwar set out for the first time in NATO manual”.  A regular how to or more exactly “what not to do” if your nation state is considering going to war.

Then I thought would Hitler abide by those rules?  Hmm.....I’m thinking probably not.  However, he might at first glance say let me get back to you on that.  Now ironically right under the title heading and giving way to more of my own dry humor is a photo of “An  Iranian technician ......Uranium Conversion Facility.....”.  The Iranians (posture) are just preparing for cleaner electric, improved power generation, right?  Just thinking dictators, despots, and the like and compliance with international standards such as they are.  What’s the rational thinking for compliance and who will enforce those standards?  The United Nations?  Read the article here: CLICK HERE

Right after that I navigated over to the FOX BUSINESS REPORT.  The Fox people reported servers at TV stations as well as a number of banks have either been shut down or severely disrupted.  The report was inconclusive on the origin and the hunt is going on to find the culprits of this intrusion.  Read here: CLICK HERE 

I gained additional insight when I read the CSO security and risk blogs on a DDOS attack on South Korea and then Jeremy Kirk has a good post on Linux Wiper malware used in S. Korea attacks (The attacks also targeted Windows computers’ master boot records).  Read here: CLICK HERE and CLICK HERE 

Whether the attacks originated from the web site of the Korean Software Property Right Council or somewhere else the point should not be lost are you prepared?  What is going to happen when the lights go out?  Whether its a hurricane, an act of war or some other incident is your business up to handling a disaster.  

The word “resiliency”  comes to mind and while fishing around on CSO I found Derek Slater posted a couple of good links on the topic of risk management.  Read here: CLICK HERE 

 Resiliency has to be brought into the board room for a frank go around and pondering what if we can’t anymore?  Which leads me into that non starter for budget tightening bureaucrats that rate Business Continuity Planning (BCP) as the last thing on their radar.  While BCP may not be the sexy star of corporate board rooms it may in fact save their bacon at the end of the day, no pun intended.  A strong BCP program soundly developed and managed can help mitigate some of the impact from even the most unforeseen disasters.  While it is noted that these programs cost money now, in the long term a more strategic view by executives from all stripes will be saying yes we can should another major incident hit our shores here at home.

3/21/2013 2115 hrs.

FDNY Watchline Report

South Korea Hit with Major Cyber Attack – Thousands of computers at three major banks and three broadcast companies in South Korea went down Wednesday in coordinated attacks traced to an IP address in China.  Despite this lead, however, North Korea is the suspected perpetrator in this most recent attack, as well as five others in the last three years. North Korea threatened to retaliate for joint (annual) military exercises between South Korea and the U.S., as well as Seoul’s support for U.N. sanctions against the North. By Thursday, one bank was up and running, but it may take the other five companies until next week to resume operations. Additionally, the U.S.-based Committee for Human Rights in North Korea was hacked.

Assessment: Analysts said the attacks are typical of North Korea—designed to frighten or show off—rather than those from China that seek to steal sensitive information. The state-sponsored attacks, which suggest the goals of terrorists, may explain bank and broadcasting targets. By some accounts, the victims in this case were in fact  demoralized as larger questions regarding cyber warfare continue. In Congressional  testimony this week, a  Rand expert offered that the figurative cyber “September 12” response was as important as preventing a “cyber 9/11.”  Experts, while answering key questions on U.S. vulnerability, continue to assess China and Russia as “the two state actors capable of perpetrating cybergeddon.”

Rand Report:

Google Research by FDNY:

3/22/2013 11:57 hrs
North Korea Suspected in Cyber Attack Despite China Link:

The Associated Press

Initial investigation links Chinese address to SKorea cyberattack; experts
suspect North Korea

Investigators have traced a coordinated cyber attack that paralyzed tens of
thousands of computers at six South Korean banks and media companies to a
Chinese Internet Protocol address, but it was still unclear who orchestrated the
attack, authorities in Seoul said Thursday.

Read More: CLICK HERE 

Theories Abound on Wiper Malware Attack Against South Korea:

The Threat Post

Disruptions to businesses in South Korea continue today after hackers used wiper
malware to take a number of banks and television networks offline yesterday. A
number of financial systems at a half-dozen banks and production systems inside
South Korea’s major television networks remain down, kicking off speculation as
to who is behind the attacks and how they got in.  Read More: CLICK HERE 

Wednesday, March 20, 2013

Welcome to Security Insights: March 2013

Welcome everyone and thanks to all in the security industry for all you do each day to keep our industries, work force and systems safe and secure.  Its a full time job with limited resources and endless capacity for failures.

In Security Insights I'm hoping to bring to everyone's attention articles and thoughts about what's going on in the industry today.  

Thanks again and we're off and running.

Joe Concannon