YouTube – Black Hat Spam SEO

YouTube – Black Hat Spam SEO.

Interesting presentation on Black Hat Spam SEO by Zscaler’s Julien Sobrier.

Forrester Pushes ‘Zero Trust’ Model For Security – DarkReading

Forrester Pushes ‘Zero Trust’ Model For Security – DarkReading.

Last week Forrester Research began promoting a new term, “Zero Trust,” to define its new security model. The new model’s underlying principle is “trust no one.” In other words, you cannot trust the servers and the workstations inside your network any more than you could trust external third parties.

Given the nature of the changes we’ve seen during the last 3 to 5 years in technology and the threat landscape, we agree. We have seen a huge increase in what we call “inside-out” attacks where insiders are lured to malware-laden web pages on, for example, Facebook, Twitter, YouTube, and even the New York Times. The malware gets downloaded to the unsuspecting person’s workstation along with the normal content on the web page. From there, the malware steals the person’s credentials to access bank accounts, internal intellectual property, customer records, or whatever the attackers can readily convert to cash. This type of malware is not the traditional single-purpose virus or worm. Rather it’s an agent controlled by remote servers that can modify its functions. These “bots” have gone undetected for days, weeks, months, even years.

From a security perspective, this type of attack looks very similar to a malicious insider, and information security must protect against it along with the traditional “outside-in” attack method.

From my perspective, Forrester’s Zero Trust model and Cymbel’s next-generation defense in-depth architecture are the same when it comes to network security. Our Approach, based on the SANS 20 Critical Security Controls for Effective Cyber Defense, is broader.

However, there is one area where I disagree somewhat with John Kindervag, the Forrester analyst discussing the Zero Trust model, who is reported to have said:

It’s like a UTM [unified threat management] tool or firewall on steroids,” he says. It does firewall, IPS, data leakage protection, content filtering, and encryption with a 10-gigabit interface that separates the switching fabrics for each function.

Gee, how did he leave out packet shaping? I have no doubt that there are vendors attempting to do all these functions in a single appliance, but it reminds me of Network Access Control in 2007. NAC was going to subsume all manner of security functions in a single appliance. The complexity was overwhelming. Furthermore, most organizations really don’t want all that functionality in one box. There is still the need for a defense-in-depth architecture, in our opinion.

Some level of function consolidation is surely reasonable and advantageous to organizations with limited resources, i.e. everyone!! However the expertise needed to develop and advance all of these different functions is virtually impossible to assemble in one company. For example, full packet capture is really about innovative data storage and retrieval. High performance, stream-based, application level, firewall/IPS is about innovative deep-packet inspection combined with clever hardware design. And data loss prevention requires proxies and semantics-based data classification algorithms.

While I am surely not saying that we can achieve nirvana now, the components of Cymbel’s next-generation defense-in-depth architecture can provide major improvements in network security today:

  • Next-Generation Firewall with application- and user-level, internal network segmentation, integrated intrusion prevention, and bandwidth management – Palo Alto Networks
  • 0-day threat and botnet command & control communications prevention – FireEye
  • Cloud-based web and email security – Zscaler
  • Device/software discovery and configuration change detection – Insightix, AccelOps
  • High Performance Full Packet Capture – Solera Networks
  • Layer 2, 3, 4 encryption – Certes Networks
  • User-based, behavioral anomaly detection using net flows and logs plus high-performance event correlation – Lancope

I look forward to learning more about Forrester’s Zero Trust model and working with partners who recognize the new landscape and respond with creative solutions for our clients.



“It’s like a UTM [unified threat management] tool or firewall on steroids,” he says. It does firewall, IPS, data leakage protection, content filtering, and encryption with a 10-gigabit interface that separates the switching fabrics for each function

Consumerization and Corporate IT Security

Bruce Schneier’s article last week entitled, Consumerization and Corporate IT Security, postulates that IT security has no choice but to loosen control in response to the consumerization of IT. In other words corporate use of consumer IT products cannot be controlled by IT Security.

Here at Cymbel, we became aware of this issue back in 2007 and began searching for solutions to this issue. There is no doubt that corporate employees must be allowed to take advantage of Web 2.0 applications and social networking. However, the enterprise can surely do this in a controlled manner and provide protection against the risks of using these applications.

Here are four solutions we offer to corporate IT Security to protect the organization while enabling the use of consumer IT products:

Palo Alto Networks provides a next generation firewall designed and built from the ground up to enable controlled use of Web 2.0 applications and social networking and protection against web-based malware. In the last 18 months, they’ve grown from 200 customers to 2,000 and they are now cash-flow positive. I would expect an IPO in the next 12-18 months.

FireEye provides protection against web-based zero-day and unknown threats using heuristics rather than signatures. It minimizes false positives by using VMWare based sandboxes on its appliances to run suspicious executables prior to alerting.

NexTier Networks is the first Data Loss Prevention system that uses semantics to classify documents rather than traditional fingerprinting. Therefore it can protect against malicious attempts at intellectual property exfiltration as well as structured data without massive pre-scanning or pre-tagging.

Zscaler provides cloud-based proxy services for protecting against web and email-based malware without having to deploy any premises equipment. This is especially suitable for organizations with many small locations. Zscaler also provides a lightweight agent for traveling users so their web and email traffic is also routed through their cloud-based service.

In addition, we recommend Sentrigo, a database protection solution, as another layer of our next generation defense-in-depth architecture focused on applications, users, and information.

Enhanced by Zemanta

Internet Explorer 6 still represents more than 16% of web traffic

I was reviewing Zscaler’s State of the Web – Q2 2010 and was surprised to learn that Zscaler is seeing 16% of web traffic is still using Internet Explorer 6! Since Zscaler can be configured to prevent the use of IE 6, my guess is that IE 6 usage in the general population is even higher.

There is good news though – the trend for IE 6 and IE 7 is down and IE 8 is up, but IE 7 is still the most used browser by far at 25%. Firefox is second at 10%.

Google Malware double that of Bing, Yahoo, and Twitter combined

Via Help Net Security, Barracuda’s recently released its Barracuda Labs 2010 Midyear Security Report which includes the results of a study it did on search engine and Twitter malware. It focused on 25,000 trending topics over a two month period. The somewhat surprising finding was that percentage of malware laden links on Google (69%) exceeded Yahoo! (18%), Bing (12%), and Twitter (1%) combined. The “Searching for Malware, A Comparative Study,” starts on page 56 of the report.

It would have been interesting if the study broke down the results by page. In other words, the percentage of malware found on the first page of the search results, etc. Most people only review the first few pages of a search result.

This provides additional proof of the need of a web-based anti-malware solution. You surely cannot depend on the search engines themselves to do the job.

Full disclosure. Cymbel does partner with Barracuda, but for Web Application Firewalls. For web-based anti-malware, we recommend Zscaler.