Category Archives: Computer security

FOSE 2013: Cloud, Virtualization, Cybersecurity, Mobile Government, Big Data Featured

Cloud and Virtualization; Cybersecurity; Mobile Government; Big Data and Business Intelligence; and Project Management will be the featured tracks at FOSE 2013, each providing cutting-edge technology insights, policy updates, case studies and expert guidance to optimize the efficiency and effectiveness of government programs. FOSE 2013, the largest and most comprehensive event serving the government technology community, will take place May 14-16 at the Walter E. Washington Convention Center in Washington, D.C.

“Late last year we surveyed our government and industry attendees to gauge the topics that are of most interest,” said Mike Eason, Vice President, Public Sector Events, 1105 Media, Inc. “Not surprisingly, cloud, mobile, big data/analytics and cyber came in at the top. It’s our job to ensure we are offering the education that supports the government’s needs around these issues. We are once again structuring our program to highlight these key trends, and will be drawing on the expertise of agency executives that have real past performance in the five areas to serve as speakers.”

Each track provides an in-depth look into the given topic, including:

  • Cloud and Virtualization will feature best practices and insights on technology trends, case studies and leading practices on planning, implementation and benefits realization.
  • Cybersecurity will examine the business of cyber, including detecting complicated malware and adversaries – insider and outsider, determining what data left the organization, developing defensive and preemptive measures to keep attacks from happening and managing risk-based compliance.
  • Mobile Government will offer tools, strategies and insights into hot issues such as BYOD, security, APIs and mobilizing enterprise systems, as well as achieving the goals of the Digital Government Strategy.
  • Big Data and Business Intelligence will focus on how to extract meaning from bits and bytes to reach business objectives, featuring case studies from federal agencies that have found useful intelligence from data, examine toolkits being used and highlight the management and policy challenges that come up in the process.
  • Project Management, developed in conjunction with the Project Management Institute, will provide best practices and trade secrets of agile project management to help the government professional advance their career.

A selection of confirmed session topics includes:

For more information and to keep up-to-date on the full program agenda, visit www.fose.com. To see how FOSE addresses the technology road ahead, view the FOSE 2013 infographic at www.fose.com/techtrends.

Five IT Security Predictions for 2013

Guest Post by Rick Dakin, CEO and co-founder of Coalfire, an independent IT GRC auditor

Last year was a very active year in the cybersecurity world. The Secretary of Defense announced that the threat level has escalated to the point where protection of cyber assets used for critical infrastructure is vital. Banks and payment processors came under direct and targeted attack for both denial of service as well as next-generation worms.

What might 2013 have in store? Some predictions:

1. The migration to mobile computing will accelerate and the features of mobile operating systems will become known as vulnerabilities by the IT security industry. 

Look out for Windows 95 level security on iOS, Android 4 and even Windows 8 as we continue to connect to our bank and investment accounts – as well as other important personal and professional data – on smartphones and tablets.

As of today, there is no way to secure an unsecured mobile operating system (OS). Some risks can be mitigated, but many vulnerabilities remain. This lack of mobile device and mobile network security will drive protection to the data level. Expect to see a wide range of data and communication encryption solutions before you see a secure mobile OS.

The lack of security, combined with the ever-growing adoption of smartphones and tablets for increasingly sensitive data access, will result is a systemic loss for some unlucky merchant, bank or service provider in 2013. Coalfire predicts more   than 1 million users will be impacted and the loss will be more than $10 million.

2. Government will lead the way in the enterprise migration to “secure” cloud computing.

No entity has more to gain by migrating to the inherent efficiencies of cloud computing than our federal government. Since many agencies are still operating in 1990s-era infrastructure, the payback for adopting shared applications in shared hosting facilities with shared services will be too compelling to delay any longer, especially with ever-increasing pressure to reduce spending.

As a result, Coalfire believes the fledgling FedRAMP program will continue to gain momentum and we will see more than 50 enterprise applications hosted in secure federal clouds by the end of 2013. Additionally, commercial cloud adoption will have to play catch-up to the new benchmark that the government is setting for cloud security and compliance. It is expected that more cloud consumers will want increased visibility into the security and compliance posture of commercially available clouds.

3. Lawyers will discover a new revenue source – suing negligent companies over data breaches.

Plaintiff attorneys will drive companies to separate the cozy compliance and security connection. It will no longer be acceptable to obtain an IT audit or assessment from the same company that is managing an organization’s security programs. The risk of being found negligent or legally liable in any area of digital security will drive the need for independent assessment.

The expansion of the definition of cyber negligence and the range of monetary damages will become more clear as class action lawsuits are filed against organizations that experience data breaches.

4. Critical Infrastructure Protection (CIP) will replace the Payment Card Industry (PCI) standard as the white-hot tip of the compliance security sword.

Banks, payment processors and other financial institutions are becoming much more mature in their ability to protect critical systems and sensitive data.  However, critical infrastructure organizations like electric utilities, water distribution and transportation remain softer targets for international terrorists.

As the front lines of terrorist activities shift to the virtual world, national security analysts are already seeing a dramatic uptick in surveillance on those systems. Expect a serious cyber attack on critical infrastructure in 2013 that will dramatically change the national debate from one of avoidance of cyber controls to one of significantly increased regulatory oversight.

5. Security technology will start to streamline compliance management.

Finally, the cost of IT compliance will start to drop for the more mature industries such as healthcare, banking, payment processing and government. Continuous monitoring and reporting systems will be deployed to more efficiently collect compliance evidence and auditors will be able to more thoroughly and effectively complete an assessment with reduced time on site and less time organizing evidence to validate controls.

Since the cost of noncompliance will increase, organizations will demand and get more routine methods to validate compliance between annual assessment reports.

Rick Dakin is CEO and co-founder of Coalfire is an independent information technology Governance, Risk and Compliance (IT GRC) firm that provides IT audit, risk assessment and compliance management solutions. Founded in 2001, Coalfire has offices in Dallas, Denver, Los Angeles, New York, San Francisco, Seattle and Washington D.C. and completes thousands of projects annually in retail, financial services, healthcare, government and utilities. Coalfire’s solutions are adapted to requirements under emerging data privacy legislation, the PCI DSS, GLBA, FFIEC, HIPAA/HITECH, HITRUST, NERC CIP, Sarbanes-Oxley, FISMA and FedRAMP.

NorseCorp Launches Context-Aware Cyber Risk Intelligence Solution

NorseCorp, the provider of live cyber risk intelligence and solutions for businesses to reduce eCommerce fraud and secure their high-value data, today announced the launch of its flagship cloud security service, IPViking™. IPViking is the first solution to harness Big Data analytics of live Internet traffic to deliver contextually-aware and actionable cyber risk intelligence, a missing layer in today’s security technology stack that levels the playing field for developers and enterprises in their fight against cyber crime, hacking, and ecommerce fraud.

In recent years the security landscape has changed dramatically. Companies are now spending more money on security solutions than ever, while breaches and data losses continue to rise. Meanwhile the total cost of these breaches has also increased. A recent study of U.S. companies sponsored by Hewlett Packard and conducted by the Ponemon Institute indicates that the cost and frequency of cybercrime have both continued to rise for the third straight year, with the occurrence of cyber attacks more than doubling over a three-year period and the financial impact increasing by nearly 40 percent. The study also revealed a 42 percent increase in the number of cyber attacks, with organizations experiencing an average of 102 successful attacks per week, compared to 72 attacks per week in 2011 and 50 attacks per week in 2010.

“Today’s security solutions lack the dedicated computing power to process the massive volume of cyber threats, something that hackers have exploited for years,” said Tommy Stiansen, CTO at Norse. “Norse developed a unique system combined of global infrastructure hardware and powerful proprietary software to acquire live threat data, delivering to customers in milliseconds as actionable intelligence. Because of Big Data tools, GPU computational clusters and IPViking, companies can secure their infrastructure, network transactions and applications more effectively than ever.”

To address this challenging security landscape, Norse created IPViking, a SaaS technology and service that reduces strain on existing reactive security solutions, while increasing their effectiveness by providing live intelligence that is context-aware and adaptive to the continually changing nature of the Internet threat landscape.

IPViking does this in three ways:

  • True Big Data Analytics – The ability to continuously collect and
    analyze vast amounts of live Internet traffic and turn it into
    actionable insight and cyber risk intelligence supported by over 1,500
    criterion
  • Internet-Scaled Global Infrastructure – A purpose-built ultra fast
    private cloud infrastructure that delivers intelligence to businesses
    in milliseconds before a potential network connection can become an
    attack, massively scalable to meet the demands of enterprises,
    datacenters, managed security providers, public and private cloud
    providers, and ISPs.
  • Flexible RESTful and JSON APIs – IPViking enables enterprises and
    developers to easily add live context-aware and adaptive security
    intelligence to any website, app, or device via flexible APIs that
    support virtually all programming languages.

“To enable faster and more-accurate assessments of whether a given action should be allowed or denied, we must incorporate more real-time context information at the time a security decision is made,” said Neil MacDonald, “Using ‘Big Data’ to Address the Next Generation of Information Security Problems,” Gartner Symposium/ITxpo, October 21, 2012. “This is the heart of adaptive and context-aware security.”

As networking and security evolve toward new software defined architectures, IPViking gives enterprises and networking vendors the ability and flexibility to make intelligent risk weighted decisions and policy enforcement at the hardware, software, virtual machine, and cloud level via integration through new emerging standards such as OpenFlow.

”While security solution providers have developed increasingly complex solutions to help companies defend against today’s attacks and breaches, they’ve never been more vulnerable, said Sam Glines, Norse CEO. “The massive increase in the possible attack vectors resulting from the broadening of the online corporate footprint and the increasing costs of managing today’s complex security solution stack have placed unprecedented demands on CISOs and IT security staff. IPViking’s adaptive defense capabilities mitigate risks caused by today’s highly sophisticated attacks, as well as vacant or unenforced policies unpatched servers and software, and human error by providing millisecond awareness of harmful inbound traffic that today’s reactive security solutions miss.”