Archives for October 2013

Detection Controls Beyond Signatures and Rules

Charles Kolodgy of IDC has a thoughtful post on SecurityCurrent entitled, Defending Against Custom Malware: The Rise of STAP.

STAP (Specialized Threat Analysis and Protection) technical controls are designed to complement, maybe in the future replace, traditional detection controls that require signatures and rules. STAP controls focus on threats/attacks that have not been seen before or that can morph very quickly and therefore are missed by signature-based controls.

Actors such as criminal organizations and nation states are interested in the long haul.  They create specialized malware, intended for a specific target or groups of targets, with the ultimate goal of becoming embedded in the target’s infrastructure.  These threats are nearly always new and never seen before.  This malware is targeted, polymorphic, and dynamic.  It can be delivered via Web page, spear-phishing email, or any other number of avenues.

Mr. Kolodgy breaks STAP controls into three categories:

  • Virtual sandboxing/emulation and behavioral analysis
  • Virtual containerization/isolation
  • Advanced system scanning

Based on Cymbel’s research, we would create fourth category for Advanced log analysis. There is considerable research and funded companies going beyond traditional rule- and statistical/threshold-based techniques. Many of these efforts are levering Hadoop and/or advanced Machine Learning algorithms.

The Secrets of Successful CIOs (and CISOs)

Rachel King, a reporter with the CIO Journal of the Wall St. Journal published an article last week entitled, The Secrets of Successful CIOs. She reports on a study performed by Accenture to determine the priorities of high-performing IT executives.

Ms. King highlights high performers’ top three business objectives compared to lower performing IT executives. Unfortunately, what’s missing from the article is how Accenture measured the performances of IT executives. Having said that, this chart is interesting:

Accenture Says Highest-Performing CIOs Focus on Customers, Business - The CIO Report - WSJ

One would naturally jump to the conclusion that high performing Chief Information Security Officers would need to orient themselves to these top priorities as well. But what if you work for one of the CIOs who is focused on cutting business operational costs, increasing workforce productivity, and automating core business processes?