Throughout the course of my career I've been blessed to work with some of the most talented folks in the security and cyber threat intelligence (CTI) mission space to create a variety of different capabilities in the public, private and commercial sectors. Before I came to lead the Verisign iDefense team about five years ago, I had to evaluate external cyber-intelligence vendors to complement and expand the enterprise capabilities of my former organization.
Keep in mind that this was before the explosion of CTI in the marketplace and the myriad of different CTI vendors that have emerged over the past few years. The broader availability of CTI providers has made the task of understanding their capabilities and how their services address (or, more importantly, don't address) an organization's requirements more difficult. Essentially, CTI should help these organizations make better decisions and improve the overall security posture of their business.
Enter Forrester Research's Nov. 3, 2015 report: "Vendor Landscape: S&R Pros Turn To Cyber Threat Intelligence Providers for Help.” The report, as Forrester puts it, seeks to "give S&R pros the tools to evaluate cyber threat intelligence providers along with analysis of 20 of the top players in the space."
The "Provider Evaluation Criteria" section of the report includes critical intersections between the intelligence cycle and how a given provider's capabilities map to its intelligence collection, analysis and generation phases. Here, the authors provide some salient recommendations for organizations looking for a CTI provider. Please download the report to get what I believe is some of the best guidance out there on that subject.
Based on my experience, I'd also add a few more to the list:
- A good CTI provider should help you cut through media and marketing hype, not contribute to it. Make sure your vendor isn't more concerned with making a marketing splash than operating with discretion in the mission space.
- Your vendor should be able to "walk the walk." Please make sure they have a proven operational track record that is reflected in their processes, approach, client feedback and longevity. Make them show you their capability.
- In this industry, reputation matters. Make sure your vendor has staff that maintains good standing and solid peer relationships in the security and cyber-intelligence communities.
- How does the vendor plan to address your business in a year? Make sure your vendor continues to innovate and has a product and development roadmap that supports your needs and growth goals.
If you have any additional suggestions to add to the list, I'd love to hear about them in the comments section.
Written by Josh Ray, Senior Intelligence Director at Verisign
Follow CircleID on Twitter
I recently attended a Forum on Internet of Things in Smart Sustainable Cities: A New Age of Smarter Living staged in Singapore on 18 January 2016. The public forum provided a contextual overview to the second meeting of the ITU Study Group 20: IoT and its applications including Smart Cities and Communities which took place back-to-back with the Forum.
IP-based networks are a key component in the Internet of Things (IoT) as it is the only technology to offer ubiquitous, cost-effective connectivity. IPv6-based networks bring the virtually unlimited addressing scalability required for smart cities as we move from the current 13 billion devices connected to the Internet today to the predicted 50 billion devices expected to be networked by 2025.
The opening ceremony included a keynote address by H.E. Yaacob Ibrahim, Minister for Communications and Information, Singapore, in which he spoke about the economy's Smart Nation Initiative. Singapore, he noted, was perfectly positioned to extend the vision of a smart city to a national level.
He also used the address to publicly announce two local initiatives. First, to undertake a re-organization of the Info-communications Development Authority of Singapore (IDA) and Media Development Authority (MDA) into two new agencies, a converged regulator, the Infocomm Media Development Authority (IMDA) and the Government Technology Office (name to be confirmed).
The other announcement made by the Minister in his opening speech was of a trial of e-SIM technologies, which are seen as a potential component of IoT sensor communications. He said:
"IDA will be embarking on a trial to see how an open GSMA standard can enable e-SIM chips to switch between different mobile network operators. This trial will be conducted in partnership with PUB, Singapore's water agency, and will involve the mobile network operators. Such a standard will allow M2M businesses, and potentially consumers with e-SIM equipped smartphones, to switch network providers more flexibly."
The packed forum agenda, jointly hosted by the International Telecommunications Union and the Singapore Infocomm Development Authority included 15 speakers covering a range of smart city topics from personal data privacy and security to big data analysis and enabling infrastructure.
Dr. Chaesub Lee, Director of the ITU's Telecommunication Standardization Bureau, explained that the evolution of smart, sustainable cities is critically important because such a high percentage of the world's population live in cities. He stressed the importance of the many stakeholders required to build smart cities and urged vertical industries to work together toward the goal. "In the context of smart cities," he said, "we can not allow silos to develop between sectors. Common standards and interoperability will help us achieve horizontal integration allowing systems to interconnect and share data."
His emphasis on the importance of cities was reiterated by Nasser Saleh Al Marzouqi, Chairman of ITU-T Study Group 20, who employed statistics to illustrate the point. Cities, he said, produce 70% of global greenhouse emissions as they use up two-thirds of global energy demand to produce 80% of global GDP.
"We don't have any option other than to move to smart cities," he said, noting that the big challenge was for cities to maintain their contribution to global GDP while becoming more sustainable by improving waste and water management, traffic and mobility systems, electricity supply, safety and cultural facilities.
Every city has different needs, which are dictated by their individual demographic and geographic characteristics, he said. So, while the goal of the Study Group is to create standards, he advised that the first step in his recipe for starting a smart city is to engage all stakeholders and formalize the collaboration processes.
Originally published on APNIC blog.
Written by Adam Gosling, Internet Policy Development Consultant
Follow CircleID on Twitter
Cisco has announced its intent to acquire Jasper Technologies, Inc., a privately held company based in Santa Clara, which provides a cloud-based IoT service platform helping enterprises and service providers launch, manage and monetize IoT services on a global scale. Under the terms of the agreement, Cisco will pay $1.4 billion for Jasper, currently the industry’s leading IoT service platform in terms of number of enterprises and service providers.
“Together, we can enable service providers, enterprises and the broader ecosystem to connect, automate, manage, and analyze billions of connected things, across any network, creating new revenue streams and opportunities,” says Chuck Robbins, Cisco's Chief Executive Officer.
Cisco is one of the most aggressive IoT investors globally, with over 50 companies in its portfolio.
Follow CircleID on Twitter
More under: Internet of Things
Development of Firefox OS will soon cease completely and by the end of May, company has announced, it will pull all staff and resources completely away from Firefox OS. "The circumstances of multiple established operating systems and app ecosystems meant that we were playing catch-up, and the conditions were not there for Mozilla to win on commercial smartphones," according to a statement from Mozilla developer George Roter. Many of Mozilla's community members are disappointed by the decision, but the company is resolute that its next mission should be "exploring how we can make the biggest impact in IoT," reports Chris Welch in the Verge.a
Follow CircleID on Twitter
Republican senator and US presidential candidate Ted Cruz is not very happy with ICANN CEO Fadi Chehade.
In a letter dated today, Cruz along with two other senators, have dropped some pointed questions for Chehade in relation to his involvement with a recent meeting in China.
"Given your assurance to preserve and prolong the free and open Internet, we were surprised and dismayed to learn that you have agreed to co-chair a high-level advisory committee for the World Internet Conference, which is organized by the Chinese government, while you serve as the Chief Executive Officer of ICANN under contract with the United States Government," says the letter signed by senators, Ted Cruz (R-Texas), James Lankford (R-Okla.), and Mike Lee (R-Utah).
The senators continued:
As you must know, the World Internet Conference is not a beacon of free speech. It has been heavily criticized by members of the press for refusing to allow China-based reporters for the New York times and Washington Post to cover the conference. Reporters Without Borders demanded international boycott of the conference, calling China the "enemy of the Internet." In addition, GreatFire co-founder, Charlie Smith, described foreign guests of the Conference as "complicit actors in the Chinese censorship regime and are lending legitimacy to Lu Wei, CAC and their heavy-handed approach to Internet governance. They are, in effect, helping to put all Chinese who stand for their constitutional right to free speech behind bars."
The IANA transition has been raised as an issue by some of the US presidential candidates, though Cruz himself doesn’t have a stellar track record on internet related policies as The Oatmeal highlighted.
Read the full Cruz-Lankford-Lee letter here.
Written by Michele Neylon, MD of Blacknight Solutions
Follow CircleID on Twitter
ICANN's Board Governance Committee (BGC) today released its comments on recent reconsideration request of dotgay LLC's new top-level domain .GAY application. Kevin Murphy from Domain Incite reports: "ICANN has refused dotgay LLC's latest appeal against adverse .gay decisions, and has taken the unusual step of preemptively defending itself against probably inevitable accusations from gay right groups. On Monday, the Board Governance Committee threw out dotgay's Request for Reconsideration, in which the company had asked for a third crack at the Community Priority Evaluation process that could have seen it win .gay without paying at auction."
Follow CircleID on Twitter
Software-Defined Networking (SDN) and Network Functions Virtualization (NFV) have been picking up the pace as of late. A high percentage of communication service providers and large data centers have either added these technologies on their roadmaps, or are already doing small-scale Proof-of-Concepts (PoC) in their testbed environments.
The one thing that has insofar received surprisingly little attention is the scalability of these technologies. On paper, the best of the SDN pack are able to scale slightly above 100,000 hosts per SDN Controller. When you compare this number against the backdrop of Internet of Things (IoT) and the proliferation of connected devices, a cool 100k suddenly doesn't sound like such high a number after all.
To address the issues around scalability, many experts in the space are steering the market towards federation. Within this paradigm, rather than betting the farm on a single SDN Controller, the deployment consists of a number of SDN subsystems run side by side. On paper at least, this model facilitates virtually unlimited scalability. It also makes sense from the risk management perspective, as it isolates possible failures to individual subsystems.
Having said that, there are a number of practical problems with SDN federation that are yet to surface on most organizations' radars. Here is a laundry list of the three issues likely to emerge next:
1. Managing network blocks. Large organizations have deep silos, and SDN federation allows each silo to select its own favorite SDN controller type. When you couple this multivendor scenario with the legacy networks, one can quickly dream the need for a single authoritative system used to manage the network allocations centrally.
2. Provisioning. Going forward, most applications and services will be built and released by orchestrators that need the appropriate release parameters such as IP addresses and names before releasing an application or a service to production. To enable seamless service automation workflows, these orchestrators need an authoritative provisioning source for all-things-IP, regardless of which legacy network or SDN subsystem a given workload is going to.
3. Visibility and reporting. Once an organization lands with a mix of SDN subsystems, NFV orchestrators, cloud orchestrators and legacy networks, they will soon discover the need for a centralized management system providing real-time visibility and reporting on the network use throughout the organization.
The trump card to these problems is a new, vendor-agnostic layer in the elastic cloud stack that pulls together all network-related pieces of information; assigns networks to different SDN subsystems; and provisions the appropriate release parameters to the various orchestrators.
Addressing these challenges could also be the cure for at least some silo issues. After all, if interoperability between the different orchestrators and/or SDN subsystems is a simple matter of plug-and-play, there is less need to play politics.
For technology reasons, anyway.
Written by Juha Holkkola, CEO of FusionLayer, Inc.
Follow CircleID on Twitter
'It could've been worse' is a fascinating expression. It implies that the incident in question obviously could have been worse than expected, however it also implies that it could have been better, ultimately leading to the conclusion that it was at least somewhat bad.
So both fortunately and unfortunately for three Greek banks, the ransom DDoS attacks levied against them by hacker group the Armada Collective could have been worse.
What could have been a Greek Tragedy?
In the beginning of last December, three separate Greek banks were hit with DDoS attacks. The origin of the attacks was no secret. Each of the banks received similar messages: pay a ransom in bitcoin to a group called the Armada Collective, and the attacks will stop.
None of these banks paid the ransom. Instead, they contacted the authorities as well as the Greek central bank. However, just because the ransom wasn't paid does not mean the attacks weren't successful. Online banking services for each of these banks were blocked for several hours.
Why it could have been worse
The banks were quick to confirm that attackers were not able to penetrate the banks' security, did not gain access to accounts, and did not obtain the personal or financial information or data of any customer. No customers' money was at risk at any point during the attack. With massive data breaches of companies ranging from Target to VTech to Ashley Madison, it comes as a huge relief that these DDoS attacks were just DDoS attacks, and not smokescreens for malware or intrusions.
Why it could have been better
Damage sustained in DDoS attacks isn't simply measured in dollars and cents or in compromised customer information. The fact alone that web banking services went down for several hours is a major loss for each one of these banks.
These attacks worked well enough to compromise services, which naturally erodes customer confidence, and may result in many customers moving their money to banks they feel are more secure. It is this unsightly damage that can lead to long-term effects all from a DDoS attack.
A history of ransom
Regardless of how the mainstream media may cover this type of attack, there's nothing new about DDoS ransom attacks. The Armada Collective was already a known entity in the DDoS ransom attack game, hitting private email services such as Zoho, Runbox and FastMail. A fourth private email service, ProtonMail, was hit so hard that other companies using the same data center went down due to the attack. As a result of the pressure it faced from being the target of such a large-scale attack, ProtonMail paid the ransom (see at ZDNET).
Perhaps the best known DDoS ransom group, however, is DD4BC — Distributed Denial for Bit Coin. According to DDoS protection services provider Imperva Incapsula, DD4BC has launched high profile ransom DDoS attacks against gaming sites, bitcoin exchanges and the payment industry.
What site owners need to learn from this?
If you're thinking you can breathe easy because your site or business is nowhere near as big as a Greek bank and therefore will not be a target of DDoS ransom notes, think again. DDoS ransom notes are still happening simply because they're still working. For every Greek bank that contacts the authorities, there will be a ProtonMail that capitulates to the monetary demand.
DDoS ransom notes hit websites both big and small. So though your site may never make it on the list of a bigtime attack group like DD4BC or the Armada Collective, it could very well end up on a random list generated by some kid who has $30 to spare and a few minutes a day to spend on a booter or stresser — a 'DDoS for hire' service — not to mention the list of one of your unscrupulous competitors who has the same few dozen dollars and time to spare.
Don't let 'it could've been worse' happen to you
If you get a DDoS ransom note, don't pay the ransom. All it will do is mark you as an easy target, one who doesn't have professional DDoS protection.
The best advice is to get professional DDoS protection. With this, you can ignore DDoS ransom notes with confidence, and your site or business can conduct business as usual knowing you and your users aren't at risk from the consequences of a DDoS attack.
Written by Meg Bear, Senior VP, General Manager Cloud Services at Imperva
Follow CircleID on Twitter