Tag Archives: apt

My RSA Conference Notes and perspective – Tuesday AM 2013

Today kicked off, for me, the RSA conference. The best part of these types of events is the onslaught of ideas shared between peers – generally through networking and random encounters in hallways (such as bumping into Bill Brenner). Thanks first off to RSA for creating the forum for these discussions to occur.

I have the privilege of speaking tomorrow, and look forward to the debate and flow of ideas that will ensue.
While reviewing some of the research provided to attendees, I had the following observations, and wanted to share them in entirety for debate and expansion:

Vendor management by procurement SHOULD include data plus asset chain of custody, and #infosec assurance to YOUR standards#RSAC

So basically – costs per breach are up; # attacks higher; 6 more days to resolve, & the same forms of attack #rsachttp://lockerz.com/s/285234702

Aren’t costs per breach up in 2012 to $8.9 million the result of our greater leverage of information technology & resulting value!

Most botnet, malware, & C&C operators manage MORE devices; across WIDER geographies, & generate a positive ROI. How is your information security?

#rsac Art’s presentation was good. Agree with Taleb perspective, but it must applied at Org to match robustness #infosec

Art Coviello gave an impassioned presentation that I thought was very good for a keynote at that level. Typically there is a risk of sales (which did occur at the end, of course) material, but a couple good analogies and mental positioning. I thought his analogy to Nassim Taleb’s AntiFragile was on point (and funny since I am 1/3 through it, so very fresh in the mind) for the security operations against the cyber threats. I would expand it though to include the business process and information security compliance program. I have found that the block and tackle of information security itself needs to be robust and antifragile. The lacking of these elements forfeits the benefits of the threat intelligence he describes.

This is especially poignant to me given the relative lack of volatility in the type of attacks that succeed against organizations, and their ongoing effectiveness in breaching our company defenses.

If you are looking to enjoy the keynotes (I would recommend at least Art and Scott Charney) live or on-demand here.

RSA thoughts and sessions .. to be continued ..


James DeLuccia

#BsidesSF notes from panel with Richard Bejtlich and Travis Reese

#BsidesSF session on with Richard B. and T of Mandiant covered a lot of very interesting points.  Specifically covered APT, China, Seriousness of attacks, marketing FUD, and kinetic vs cyber war fare.  I posted messages as they came up during the meeting and have copied them below in their entirety.

.    One man artisans are not posting high-res graphics b/c of copied versions appearing .. all lvls of biz at risk #BsidesSF #RSAC 10 minutes ago via TweetDeck

.    RT @ira_victor: #BSidesSF: many attax not persitant, Chinese malware dies when plug pulled. They like PlausDeniability #RSAC 16 minutes ago via Tweet

.    The technology that the developing world governments want to acquire is sitting around the U.S. and other countries #BsidesSF 17 minutes ago via TweetDeck

.    Are DDoS attacks serious attacks .. ala APT? .. Sure.. since “advanced” definition matches safeguards seriuosness @bsidesSF #RSAC 25 minutes ago via TweetDeck

.    “advanced” is the level required to exploit and defeat security systems #BsidesSF <– attacks do not need to be complex to work 26 minutes ago via TweetDeck

.    RT @mirmirage: Hacked BBC streaming sites serve up malware http://reg.cx/1MP6 #security #RSAC <– 1. Identify big usr base 2. Add malware 30 minutes ago via TweetDeck

.    RT @chenxiwang: There are much easier compnts to attck in a sys than going after the Crypto system. #RSAC <– Req residual risk visibility 32 minutes ago via TweetDeck

.    #BsidesSF panel is a great blend of research based responses and a roasting of companies w/ poor PR / marketing 34 minutes ago via TweetDeck

.    About 50 commercial victims to cyberattack were seen by Mandian. A large # was utilities. #bsideSsf 39 minutes ago via Echofon

.    Panel: u have to have some level of respect to what is being executed by china. They are getting same quality of SigInt as U.S. #bsideSsf 40 minutes ago via Echofon

.    Our culture is an affront on Chinese “network sovereignty”, such as Justin Bieber. #bsideSsf panel on #cyberwar 42 minutes ago via Echofon

Chinese believe we are already in a #cyberwar and that the U.S started it. #bsideSsf panel 44 minutes ago via Echofon

Expanded thoughts to consider also include:

The concept of APT and Advanced attacks is glamorous, but upon review it is commonly found that ‘simple’ attacks were the root cause of the breach.  Caution should be applied that an attack and a breach are just that – respect the past and the simple attacks, while managing the more complex approaches to espionage and data level attacks.

What is valuable?

The technology that the developing world governments want to acquire is sitting around the U.S. and other countries undefended and exposed.  Simpler to leap frog by building from these established systems (read: Utility companies, Manufacturing, etc…)

Great discussions and activity only wish could capture more of the discussions,

James DeLuccia IV