Enterprise Security Today

Prism Announces SIEM Support for Virtual Infrastructures

Thu, 19 Nov 2009 09:06:51 -0500

Columbia MD, November 19th 2009 -- Prism Microsystems, developers of the EventTracker solution that provides turnkey Security Information and Event Log Management (SIEM) capabilities to the midsize enterprise, today announced the immediate availability of EventTracker 6.4. In an industry first, the new version extends SIEM features to all layers of the virtual infrastructure to help companies instantly detect compliance violations and security breaches in the new dynamic data center.

EventTracker 6.4 fills a critical gap in the virtual security market left open by traditional SIEM/Log Management solutions that are unable to see beyond the veil of virtualization. Critical items such as privileged user activity or the flow of data between virtual machines on a single host need to be monitored for compliance and ensuring defense in depth. However, security designed for physical computing environments is unable to provide such granular insight into the virtual environment. EventTracker 6.4 addresses this concern by monitoring and correlating log data in real-time at all layers of the virtual infrastructure including the management application, the hardware, the barebones hypervisor, the guest OS and applications, for deep security awareness.

"Virtualization has gone mainstream. Although the benefits are numerous, the accompanying challenges of visibility, control and added complexity require businesses to change the way they manage security. With EventTracker 6.4, our customers are not only ensured a powerful solution for securing their virtual infrastructure, they also benefit from seamless monitoring across both physical and virtual systems for enterprise-wide compliance and security visibility," said A.N.Ananth, CEO of Prism Microsystems. "This latest innovation further strengthens our commitment of providing the industry's most comprehensive SIEM solution."

Also in the new release is a feature referred to as Enterprise Activity Monitoring (EAM). This new capability provides a dashboard that identifies any new or out-of-ordinary behavior by user, admin, system, process and IP address to...

U.K. Police Make Trojan Computer Virus Arrests

Thu, 19 Nov 2009 07:08:38 -0500

British police have made the first European arrests connected to the spread of a data-thieving virus thought to have infected tens of thousands of computers worldwide, Scotland Yard said Wednesday.

The electronic crimes unit of London's police force said a man and a woman, both 20, were arrested in the English city of Manchester on Nov. 3 on suspicion of helping infect computers with programs sometimes known as "Zbot" or "ZeuS."

One expert described the viruses as the "most notorious pieces of malware of recent times."

"This is one of the most frequent families of worms that we encounter," said Graham Cluley, a technology consultant with British security firm Sophos PLC. "The ferocity with which it's been spammed out on occasions has really hit our radar."

Cluley said the Zbot family of viruses first came to his attention in 2007. Since then it has periodically swept across the Internet, stealing personal information from computers across the world and feeding it back to cyber-criminals. The viruses are commonly known as Trojan Horses or Trojans because they sneak onto computers and attack them from the inside, harvesting millions of lines of data -- including banking information, credit card numbers and social networking passwords.

The viruses spread by sending e-mails or other messages from infected computers, impersonating banks, tax officials, credit card companies or even friends and enticing potential victims to click on a link that downloads the Trojan.

Police said given the amount of information stolen "the potential financial gains to the culprits and losses to individuals and institutions are very substantial."

Cluley said it was impossible to know how much money had been lost to the viruses, adding that attacks were ongoing -- including two big waves in the past week alone.

Police said the Manchester pair were arrested on suspicion of breaking Britain's fraud and computer laws. It...

Computer Security Firm Fortinet Plans IPO This Week

Thu, 19 Nov 2009 07:08:54 -0500

Fortinet Inc. plans to go public Wednesday in an initial public offering, giving investors a chance to tap a network security provider with sales expected to grow.

If shares price at the top end of their projected range of $9 to $11, the IPO could be valued at $137.5 million, or more if the offering's underwriters exercise their overallotment options.

Fortinet's line of business is unified threat management -- offering various security functions, such as antivirus and firewall protection, in one package. The market research firm IDC pegs Fortinet's share of the unified threat management market at a little more than 15 percent. The firm expects the overall market to reach $3.5 billion in sales by 2012, up from $1.3 billion in 2007.

Fortinet said it will issue roughly 5.8 million shares. At the midpoint of the expected pricing range, the IPO would bring the company estimated proceeds of $52.4 million. The company plans to use the proceeds for general corporate purposes.

Company insiders plan to offer another 6.7 million shares, up from a previously announced 6.2 million, according to a filing with the Securities and Exchange Commission. The company will not receive proceeds from those shares. The integrated approach is intended to simplify management and cut costs.

David Menlow, president of IPOfinancial, said the public offering should be a straightforward opportunity for investors. "The growth rate of the company continues to improve," he said. "There's no rocket science with this."

Fortinet, based in Sunnyvale, Calif., said its revenue climbed from $38.7 million in 2004 to $211.8 million last year.

The company breaks its revenue into two categories: Product revenue, the biggest segment, includes one-time sales of security hardware and software. Services revenue includes subscriptions to antivirus, Web filtering and other programs.

The company says it became profitable in the third quarter of last year and has remained...

GAO: Los Alamos Computer Security Has Weaknesses

Thu, 19 Nov 2009 07:16:06 -0500

Security weaknesses uncovered in Los Alamos National Laboratory's classified computer network could increase the risk of a breach of classified information, the U.S. Government Accountability Office said in a new report.

The GAO audited key parts of the nuclear weapons lab's classified computers from November 2008 to July 2009. The classified computer network consists of more than 3,900 computers and devices for about 3,800 users, the report said.

Preventing leaks of sensitive information on the northern New Mexico lab's classified computer network is "critical to national security," the report stated.

"While the laboratory has taken steps to protect information on its classified computer network, a number of security weaknesses remain," the report said.

Lab spokesman Kevin Roark said Tuesday the vast majority of the issues raised by the report already have been resolved.

"All classified data at Los Alamos is extremely well protected and isolated from the Internet and all indications -- including other external audits -- confirm that this most important of information continues to be safe," Roark said.

Among the GAO's findings:

- The lab failed to mark the classification level of documents stored on its classified computer network or keep an inventory of the numbers and types of classified documents stored there. The report said that increased the risk that the lab may not be able to detect inappropriate uses.

- The lab also cannot effectively monitor the actions of computer users. While it monitored the network regularly, certain events were not being logged, which increased the risk that an unauthorized user would not be detected.

- Not all users were provided with the necessary specialized security training.

- Each division at the lab was responsible for securing its own computer systems that are connected to the classified network, which has resulted in a patchwork of cyber security practices.

The lab has had a number of high-profile security...

House Lawmakers Push Ban on Peer-to-Peer Software

Thu, 19 Nov 2009 07:16:33 -0500

Stung by an embarrassing electronic leak last month revealing ethics investigations into dozens of lawmakers, Congress moved Tuesday to prohibit federal employees from using the same type of Internet file-sharing software blamed for the disclosure.

The Secure Federal File Sharing Act, introduced in the House, would bar government employees and contractors from downloading, installing or using so-called peer-to-peer file sharing software such as Limewire without official approval. The bill also would require the White House to develop rules for employees and contractors working on home or personal computers.

The software is popular among computer users trading music, movies and other files over the Internet, often in violation of copyright owners. The underpinning technology also makes other information on a person's computer vulnerable to being downloaded, especially if the software isn't configured properly.

A House ethics committee report outlining inquiries involving dozens of members of Congress leaked onto the Internet after a junior committee staff member saved it on the hard drive of a home computer. The staff member, who had peer-to-peer software, didn't realize the file was unprotected but was subsequently fired anyway.

The secret report detailed investigations that included financial dealings, travel and campaign donations.

The White House Office of Management and Budget advised federal agencies in 2004 not to use peer-to-peer software. Rep. Edolphus Towns, D-N.Y., the new bill's sponsor, said putting the prohibition in federal law gives it much greater weight.

"We can no longer ignore the threat to sensitive government information that insecure peer-to-peer networks pose," said Towns, chairman of the House Oversight and Government Reform Committee. "Voluntary self-regulations have failed so now is the time for Congress to act."

Critics of the software, including the entertainment industry, have complained that personal data, including Social Security numbers, medical records and tax returns, are being unwittingly shared because users are unaware of how the...

Smartphones: A Bigger Target for Security Threats

Wed, 18 Nov 2009 07:42:18 -0500

Cheaters beware. In late October, Indonesian developer Sheran Gunasekera released mobile-phone software that can help someone eavesdrop on your conversations. A distrusting partner or spouse can secretly download the free application, called PhoneSnoop, onto your BlackBerry, remotely turn on the microphone, and listen to conversations held in proximity to the device.

PhoneSnoop, downloaded more than 2,000 times since its release, is one of a growing number of applications that can be downloaded onto a smartphone without a user's knowledge. FlexiSPY similarly can be downloaded onto Research In Motion's BlackBerry or the Apple iPhone. Smartphones and the growing number of people using them are becoming a bigger target for unauthorized and potentially harmful software, including worms, viruses, and spyware that tracks a user's Web activity. The smartphone security threat "is imminent," says Jeff Wilson, a principal analyst at consultant Infonetics Research.

Smartphones are increasingly prevalent and adept at handling more tasks, including trading stocks, paying bills, and buying stuff online. That makes them all the more attractive to thieves and hackers, says Khoi Nguyen, group product manager for mobile security at antivirus vendor Symantec. The number of smartphones shipped is expected to rise to 330 million units in 2014 from 178.3 million this year, according to ABI Research.

Storm8 Games Removed by Apple

Hackers can attack phone users through app stores, the Web, and e-mail. In early November, the so-called Rick Astley worm struck certain iPhones and turned their wallpaper to an image of the '80s music icon. A few days later, a related worm, iPhone/Privacy.A, began gaining access to users' e-mail and SMS messages, calendar appointments, contacts, and photos. Hackers could use that information to steal a phone owner's identity or personal data.

Mobile applications, sold or distributed through online app stores, are emerging as an especially attractive avenue for potential security breaches. Apple reviews...

FBI Says Hackers Targeting Law Firms, PR Companies

Wed, 18 Nov 2009 07:42:01 -0500

Hackers are increasingly targeting law firms and public relations companies with a sophisticated e-mail scheme that breaks into their computer networks to steal sensitive data, often linked to large corporate clients doing business overseas.

The FBI has issued an advisory that warns companies of "noticeable increases" in efforts to hack into the law firms' computer systems -- a trend that cyber experts say began as far back as two years ago but has grown dramatically.

In many cases, the intrusions are what cyber security experts describe as "spear phishing," attacks that come through personalized spam e-mails that can slip through common defenses and appear harmless because they have subject lines appropriate to a person's business and appear to come from a trusted source.

"Law firms have a tremendous concentration of really critical, private information," said Bradford Bleier, unit chief with the FBI's cyber division. Infiltrating those computer systems, he said, "is a really optimal way to obtain economic, personal and personal security related information."

Alan Paller, director of research at SANS Institute, a computer-security organization, said Monday that a major law firm in New York was hacked into in early 2008 in an attack that originated in China.

FBI officials did not immediately return messages for comment on the China connection. The FBI advisory was dated Nov. 1, 2009.

U.S. officials have been cautious about publicly linking cyber attacks to China. But recent government reports have described computer attacks believed to have originated in China, although it is unclear if the intrusions were conducted by, or with the endorsement of, any element of the Chinese government.

As is often the case with cyber crime, Paller said it is difficult to tell whether hackers were working on behalf of the country's government, located in that country, or simply routing computer traffic through that country.

While some computer network attacks...

Lock-and-Load Security for Your PC

Wed, 18 Nov 2009 07:41:44 -0500

While most people know about the dangers of suspicious Web sites and unknown email attachments, what about physical security? Leaving your computer unsecured or unattended could be the biggest mistake you ever make, according to Christina Hansen, a product specialist for CableOrganizer.com.

"In this day and age, many of us are 'running errands' on our computers," she says. "And even though shopping, banking, doing taxes, and accessing medical records online have become everyday activities, we need to give them special consideration because our personal information, and very identities, are at stake."

But it's not just people who need to be concerned: Companies are at risk too. "The hard drives of company computers can contain a lot of personal or proprietary information, from employee Social Security numbers to classified information dealing with product or technology development," says Hansen. She adds that the loss of such information can present a major liability risk to companies, whether it's from an old PC in a storage closet or a laptop carried by a traveling executive.

Securing computers against theft or unauthorized access doesn't have to be hard. "It's really not difficult, or necessarily expensive, for companies to secure on-premises computers against theft," says Hansen. "The key is to invest in products that have been specifically designed as theft deterrents."

Hansen explains that desktops and laptops in high-traffic workplaces can be secured in security cabinets, such as those manufactured by Black Box Network Services. And back-office server installations can be secured with floor enclosure server racks, which can be configured to prevent access to secure hardware while permitting access to other components.

Security should also be a concern when traveling, Hansen says. "Whether you're working outside the office or surfing the web on your laptop in a public place, it's important to protect your computer when it's outside its 'natural...

Microsoft Study Sees Growing Threat of Computer Worms

Wed, 18 Nov 2009 07:41:25 -0500

The danger of corporate computers becoming infected by worms has risen dramatically recently, according to a new study by Microsoft.

The study showed that, globally, the chances of infection by a computer worm had increased by almost 100 percent when comparing the first half of 2009 with the same six-month period in 2008.

The threat is focused mainly on business computers. Private users get off lightly, by comparison, partially because they are more likely than corporate customers to make sure their computers have the newest security software installed.

Germany and Austria both have PC infection rates significantly below the global average of 0.87 percent: 0.3 and 0.21 percent, respectively.

Germany usually performs well in such tests, said Microsoft spokesman and security expert Thomas Baumgaertner. That lies partially in the fact that Germany has a wide degree of penetration for fast DSL lines. That solid infrastructure insures that computer users regularly update their security software.

Despite the higher risk of worm attacks, the study say worms only make up about 6.7 percent of all attacks, meaning they are only the fourth most predominant threat. Trojan horse attacks claim first place in Germany, with 39.5 percent of all attacks.

These attackers disguise themselves as harmless software, but then insinuate themselves into a computer and allow remote access. Examples include programs like Wintrim and Alureon.

The most predominant worms are Conficker, followed by Taterf, which saw a 156-per-cent increase in its infection rates, reported the study.

Worldwide, the greatest threat remained attacks via fake security software. More than 13 million such attacks were blocked by computers with the help of Microsoft software in the first half of 2009. Nonetheless, a year ago, that figure was 16.8 million.

Microsoft presents its Security Intelligence Report twice a year, updating readers on the actual state of computer security and dangerous programs. It pools its information...

Phishing Scams Edge Into Social Networks

Wed, 18 Nov 2009 07:41:07 -0500

If you're always on Facebook or Twitter and keep up with the latest funny videos, you may want to think twice before clicking on the next link, image, or video that a friend forwards to you.

A recent FBI report indicates that phishing scams are becoming more common on social networking sites through a combination of viruses, hacked accounts, and decoy messages.

The report, titled "No, Your Social Networking 'Friend' Isn't Really in Trouble Overseas," describes the scam. Messages, which generally masquerade as warnings related to service agreements or other notifications, contain malicious code that covertly installs software on victims' PCs, letting thieves steal account names and passwords.

The thieves then use the accounts to distribute messages to friends of the victim, requesting large sums of money and spreading the malicious code even further.

The FBI suggests that users should adjust privacy settings to protect personal information, disable options such as photo sharing when possible, and carefully scrutinize links before deciding to click on them, regardless of their apparent source.

The FBI issued its report in conjunction with the Internet Crime Complaint Center (IC3), which reports that it has recorded nearly 3,200 cases of account hijacking since 2006. For more information on such scams and safeguards, check out www.ic3.gov or www.lookstoogoodtobetrue.com.