Friday, 14 March 2014

Can anti-virus technology morph into breach detection systems?

Can anti-virus technology morph into breach detection systems?
Such breach detection systems would need a centralized management reporting system and cloud-based analysis of gathered threat data.

Anti-virus software is still often considered a "checkbox" item for enterprise deployments, especially on Microsoft Windows, but over the decades, anti-virus software changed to do far more than just signature-based virus blocking. Today, the question is whether the type of anti-malware product that evolved from virus checking can transform again to be a part of a "breach detection system," or BDS

“The premise of breach detection is things will get through all your defenses and you need to contain it as soon as possible,” says Randy Abrams, research director at NSS Labs, which has begun testing what it calls BDS products that can identify evidence of stealthy cyberattacks, track down what corporate computers and networks were hit and quickly mitigate against any malware dropped in that attack which would be used to spy and exfiltrate sensitive data. BDS products, however they do it — through sandboxing, an endpoint agent or other approach -- should be able to at least catch the breach within 48 hours, he says.
The premise of threat detection is things will get through your defenses and you need to contain it as soon as possible.
— Randy Abrams, research director at NSS Labs

BDS products are largely immature, Abrams acknowledges, but enterprise customers are keenly interested in them and asking to have them independently tested. NSS Labs started doing that last year with products from AhnLab as well as FireEye and Fidelis Security, which was acquired by General Dynamics. These three did fairly well in that first round of basic testing, Abrams says. But the main limitations appeared to be there needs to be more protocol analysis done in to ensure attackers don’t have “a hidden tunnel out of the enterprise,” he adds. The next round of BDS tests anticipated for later this year will be tougher, he says.

+More on Network World: McAfee plans enterprise security package for fast threat detection and response | Is rapid detection the new prevention? | IDC tabs ‘Specialized Threat Analysis & Protection’ as new segment +

The vendors that NSS Labs consider to be part of the emerging BDS market today include Cisco, FireEye, Symantec, McAfee, Palo Alto Networks, Damballa, Fidelis and AhnLab. The security industry itself is abuzz with the utterances of “indicators of compromise,” the “IOC” clues such as anomalous outbound traffic that might indicate an attacker successfully broke in. Abrams thinks any BDS will need a centralized management reporting system and probably a lot of cloud-based analysis of gathered threat data.

Where this will all go is uncertain. The term BDS isn’t universally applied as a description. One research firm, IDC, last year started tracking what it calls “Specialized Threat Analysis and Protection” as a new segment that seems similar to BDS.

The question is whether the established vendors in the traditional antivirus industry, particularly Symantec and McAfee which lead in market share, can transition over to anything close to the NSS Labs’ view of BDS. Abrams notes the problem with any anti-malware product, however good, is that criminals determined to break into corporations are testing the attack and espionage code they’ve developed for that against existing antivirus products to find something that will get through and not be noticed, at least for a while.

Best CCNA Training and CCNA Certification and more Cisco exams log in to Certkingdom.com


Monday, 10 March 2014

The greatest security story never told -- how Microsoft's SDL saved Windows

'We actually had to bus in engineers.'

Microsoft has launched a new website to "tell the untold story" of something it believes changed the history of Windows security and indeed Microsoft itself - the Software Development Lifecycle or plain 'SDL' for short.

For those who have never heard of the SDL, or don't have the remotest idea why it might be important, the new site offers some refreshingly candid insights to change their minds.

Without buying into the hype, the SDL can still fairly be described as the single initiative that saved Redmond's bacon at a moment of huge uncertainty in 2002 and 2003. Featuring video interviews with some of its instigators and protagonists, the new site offers outsiders a summary of how and why Microsoft decided to stop being a software firm and become a software and security firm in order to battle the malware that was suddenly smashing into its software.

Few outside the firm knew of the crisis unfolding inside its campus but not everyone was surprised. Microsoft now traces the moment the penny dropped to the early hours of a summer morning in 2001, only weeks before it was due to launch Windows XP to OEMs.

"It was 2 a.m. on Saturday, July 13, 2001, when Microsoft's then head of security response, Steve Lipner, awoke to a call from cybersecurity specialist Russ Cooper. Lipner was told a nasty piece of malware called "Code Red" was spreading at an astonishing rate. Code Red was a worm a malicious computer program that spreads quickly by copying itself to other computers across the Internet. And it was vicious."

Others arrived in the following two years; the Blaster worm, Nimda, Code Red II, MyDoom, Sasser, and on and on. To a world and a Microsoft not used to the notion of malware being a regular occurrence, this was all a big shock.

By January 2002, with attacks on its baby XP humbling the biggest software firm on earth, Bill Gates sent his famous Trustworthy Computing (TwC) memo to everyone at Microsoft. From now on, security was going to be at the root of everything and so help us God.

That turned into the SDL, and it was given priority one to the extent that it took over the whole 8,500-person Windows development team for much of that year and the next. Its ambition was to completely change the way Microsoft made software so that as few programming errors were made that had to be fixed once customers were involved; "security could not continue to be a retroactive exercise."

Users had also started complaining. Loudly.

"I remember at one point our local telephone network struggled to keep up with the volume of calls we were getting. We actually had to bus in engineers," the site quotes its security VP Matt Thomlinson as saying.

The fruit of the SDL was XP's first Service Pack in 2002, followed up by the even more fundamental security overhaul of SP2 in 2004. By then, XP had been equipped with a software firewall, an almost unthinkable feature for an OS three years eariler.

It's arguable that despite the undoubted gains of the SDL since then, that the firm has yet to fully recover from the trauma of the period. Windows development has seemed less and less certain ever since, following up XP with the flawed Vista and more recent Windows 8 near-debacle. Microsoft still does operating systems but it's not clear that all its users do.

Still, the SDL programme has proved hugely influential even if it's not well known outside tech circles. It is now baked into everything. It has also influenced many other software houses and many have versions of the SDL of their own, many modelled on Microsoft's published framework on how to run secure development.

Whatever mis-steps Microsoft has made in the last decade, security has turned into a bit of a success story right down to the firm's pioneering and hugely important Digital Crimes Unit (DCU) that conducts the forensics necessary to track down the people who write malware in their caves. Both the SDL and DCU are seen as world leaders.

So let's hear of for Redmond, the software giant that launched an operating system years behind the criminals but somehow clawed itself back from disaster. Most other firms would have wilted but somehow Gates's memo rallied the cubicle army.


Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

Saturday, 1 March 2014

Twitter Suffering From Growing Pains (and Facebook Comparisons)

Twitter faces growing pressure to attract new users and dramatically increase engagement on the platform. Can it ever rival the numbers and growth of Facebook?

Twitter's honeymoon as a publicly traded company could be coming to an end. With growth stalling and timeline views on the decline for the first time ever, Twitter finds itself at a crossroads.

Twitter Suffers from Growing Pains
While its quest for more ad revenue continues unabated, the company faces even greater pressure to attract new users and dramatically increase engagement on the platform.

"Twitter has seen its sequential MAU growth rate decelerate sharply after hitting 50 million, raising concerns that its quirkier nature might cap its potential audience in the U.S. at a ceiling well below that of Facebook."
-- Seth Shafer, SNL Kagan

"We as a company aren't going to be satisfied -- I am not going to be satisfied -- until we reach every connected person on the planet, period," CEO Dick Costolo said at last week's Goldman Sachs Technology and Internet Conference.

The challenge ahead for Twitter coupled with Costolo's grandiose goal puts the company in a predicament unlike any it has confronted before. It also fans the unfortunate, yet inevitable comparison to Facebook. While Twitter ended 2013 with an average monthly active user (MAU) base of 241 million, Facebook surpassed 1.23 billion. For every user that engages on Twitter, at least five are actively using Facebook.

"Twitter needs to do something to grow to the size of Facebook but the jury is still out if there's a clear path for Twitter or any other company to do that, or if Facebook is a once-in-a-lifetime anomaly that was in the right place at the right time," says Seth Shafer, associate analyst at SNL Kagan.

Costolo hasn't helped matters by failing to meet previous internal estimates for growth either. Early last year the executive reportedly told employees that he expected to reach 400 million MAUs by the end of 2013. Failing to double its active user base last year, Twitter reported a 30 percent increase in its stead.

"Twitter's overall MAU growth is still pretty healthy, but it's all coming internationally where users monetize at a much lower rate. U.S. growth has slowed significantly at about 50 million MAUs," says Shafer.

Facebook blew past 50 million U.S. MAUs without blinking and moreover, its sequential increases didn't dip into the single digits until it surpassed about 120 million users in the U.S., according to SNL Kagan data.

"Twitter, however, has seen its own sequential MAU growth rate decelerate sharply after hitting 50 million MAUs, raising concerns that its quirkier nature and niche focus might cap its potential audience in the United States at a ceiling well below that of Facebook," Shafer adds.

Twitter's 'Road Map' for Growth
Nonetheless, Twitter's lead executive says he is optimistic about rising user growth. While the company is being careful not to make specific promises or announcements about how it will improve on these points, Costolo has frequently referenced a road map of late that lays out a strategy for achieving better growth over the course of the year.

Pointing to field research and internal data on how users engage with the platform, he hints at a series of new features and design changes that are expected to drive new user growth. Twitter's vault of data and newfound capability to experiment with multiple beta tests simultaneously has "informed a very specific road map for the kinds of capabilities we want to introduce to the product that we believe will drive user growth," says Costolo.

He is quick to point out, however, that no single product feature or change to the platform will lead to a "quantum leap change in growth." Instead it will be an accumulation of numerous tweaks throughout the year that give him confidence. "You're going to be seeing a significant amount of experimentation of different ideas we have," he says.

While dispelling concerns about lagging growth in the recently closed quarter, Costolo says there was no specific event or trend during the quarter that meaningfully impacts how the company thinks about user growth. Indeed, improvements made during the finals months of 2013, particularly in messaging and discovery, have already paid off. Favorites and retweets rose 35 percent from the previous quarter and direct messages jumped 25 percent over the same period, according to Twitter.

"I'm starting to see those interactions do what we hoped they would do," he says. "It's more about pushing the content forward and pushing back the scaffolding of Twitter."

The company also hopes to attract new users by simplifying its on-boarding process and dramatically reducing the 11 steps a new account currently requires.

Under the Shadow of Facebook
Twitter has successfully maneuvered through its fair share of challenges before. Be it the fail whale sightings and power struggles of its early days or the feverish hunt for ad revenue of late, the company has found its way.

But now with its first complete quarter as a public company in the rear view, the demands for growth from investors will only get louder with each passing quarter. Twitter will have to deliver some big numbers in 2014 to keep Wall Street happy, but Costolo's comments also suggest that much of that success will depend on a clear differentiation between Twitter's role in the world and that of Facebook.

"Twitter is this indispensable companion to life in the moment," Costolo says. "If you think about it as a product, I think that misses the impact and the reach of what we really believe is a content, communications and data platform."

By that distinction, the opportunities afforded to Twitter are "enormous," says Costolo. "We believe we are the only platform where you get an understanding of wide reach in the moment while it's happening."

Tapping into big data and personalization could help, but it won't move the needle far enough for Twitter to reach the scale of Facebook, says Shafer of SNL Kagan.

Emerging from under the shadow of Facebook will be a struggle for Twitter unless it makes dramatic changes to the service or goes on an acquisition binge aimed at cobbling something larger together, he adds. And even that would be a challenge because of course, "we already have a pretty big thing like that called Facebook," Shafer says.

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com