Women may be the future of infosecurity

network SECURITY

ISSN 1353-4858 November 2013

www.networksecuritynewsletter.com

Featured in this issue:

Contents

Identifying threats in real time

NEWS

A

s cyber-attacks become an increasing risk for every organisation, the detection and remediation of any issues must occur immediately to avoid irreparable damage. And IT security professionals should gather as much intelligence about a breach as possible.

Only through advanced correlative, statistical, behavioural and pattern

recognition techniques can threats be identified in real time. Alistair Macrae of LogRhythm explores the techniques that can be used for such real-time identification and analysis of breaches, as well as how to navigate the complicated minefield of cyber-security forensic requirements and investigative procedures. Full story on page 5…

Dealing with encryption

E

ncryption is now widely used, and often enforced by IT policy or through guidelines for staff. And this even extends to smartphones.

If you’re an investigator or vendor being asked to decrypt Electronically Stored Information (ESI), what

preparations and considerations need to be addressed when encountering encrypted data, particularly in an e-discovery or e-disclosure situation? John Shaw of Consilio explains. Full story on page 8…

The importance of data protection inside your enterprise

M

ore than one-third of organisations have either not purchased or implemented next-generation security technologies, yet in 2012 alone there were 621 security incidents and 44 million compromised records.

Whether the threat is at the firewall or from within, it is increasingly important

to install dynamic security controls that protect your organisation at every touch point. But what is the best way to protect your enterprise from both the inside-out and the outside-in? Phil Allen of Dell Software Group outlines the steps you need to take. Full story on page 12…

Women may be the future of infosecurity

A

new report, ‘Agents of Change: Women in the Information Security Profession’ written by Frost & Sullivan, sponsored by Symantec and published by (ISC)2, reveals that women represent only 11% of the information security workforce, despite doubledigit annual increases of personnel in the profession. This is in spite of women having the necessary academic background.

“We need a broader and deeper level of education and engagement for women at a younger age before we can realise the level of impact required to solve the workforce shortage,” said Julie Peeler, director of the (ISC)² Foundation. The report divided respondents into two categories. With executives, managers, and strategic advisors, a Continued on page 2…

Women may be the future of infosecurity

1

Security officers get greater voice in boardrooms 2

FEATURES Identifying threats in real time 5 Being able to identify and trace attacks as they happen can help you limit the damage. Alistair Macrae of LogRhythm explores the techniques that can be used for such real-time identification and analysis of breaches, as well as how to navigate the minefield of cyber-security forensic requirements and investigative procedures.

Dealing with encryption 8 If you’re involved in e-disclosure or e-discovery activities, you’ll soon encounter Electronically Stored Information (ESI) that is encrypted. So how do you prepare for this? John Shaw of Consilio outlines the issues you’re likely to face.

The importance of data protection inside your enterprise 12 The dangers to your networks and your data don’t just stem from outside attackers. You also need to consider those inside the perimeter. Phil Allen of Dell Software Group discusses how dynamic security controls offer protection from all threats.

Living with cybercrime 15 Crime, espionage, warfare and activism are all now daily realities in the cyber realm. As with any problem, in order to address it you must first understand it, and by effectively planning for and properly handling the impending attack, the impact of cybercrime can be mitigated, says EJ Hilbert of Kroll Advisory Solutions.

Colin Tankard, Digital Pathways: confusion in the cloud 17 Cloud security has long been a topic of debate, yet many firms remain nervous about venturing into the cloud, fearing a lack of control. We spoke to Colin Tankard of Digital Pathways about this apparent confusion and how you can benefit from exploiting the expertise of specialists.

REGULARS News in brief

3

Reviews

4

Events

20

ISSN 1353-4858/13 1353-4858/10 © 2013 2011 Elsevier Ltd. All rights reserved This journal and the individual contributions contained in it are protected under copyright by Elsevier Ltd, and the following terms and conditions apply to their use: Photocopying Single photocopies of single articles may be made for personal use as allowed by national copyright laws. Permission of the publisher and payment of a fee is required for all other photocopying, including multiple or systematic copying, copying for advertising or promotional purposes, resale, and all forms of document delivery. Special rates are available for educational institutions that wish to make photocopies for non-profit educational classroom use.

NEWS

Editorial Office: Elsevier Ltd The Boulevard, Langford Lane, Kidlington, Oxford, OX5 1GB, United Kingdom Fax: +44 (0)1865 843973 Web: www.networksecuritynewsletter.com Publisher: GregHopwood Valero Publisher: David E-mail: [email protected] Editor: Steve Mansfield-Devine Editor: Mansfield-Devine E-mail:Steve [email protected] E-mail: [email protected] Senior Editor: Sarah Gordon Senior Editor: Sarah Gordon International Editoral Advisory Board: International Advisory Board: Dario Forte, Edward Editoral Amoroso, AT&T Bell Laboratories; Dario Forte, Edward Amoroso, AT&T BellJon Laboratories; Fred Cohen, Fred Cohen & Associates; David, The Fred Cohen, Fred Cohen & Communications; Associates; Jon David, The Fortress; Bill Hancock, Exodus Ken Lindup, Fortress; BillatHancock, ExodusLongley, Communications; Lindup, Consultant Cylink; Dennis QueenslandKen University Consultant at Cylink; Queensland University of Technology; TimDennis Myers, Longley, Novell; Tom Mulhall; Padget of Technology; TimMarietta; Myers, Novell; Mulhall; Padget Petterson, Martin EugeneTom Schultz, Hightower; Petterson, Martin Marietta; Eugene Hightower; Eugene Spafford, Purdue University; WinnSchultz, Schwartau, Inter.Pact Eugene Spafford, Purdue University; Winn Schwartau, Inter.Pact Production Support Manager: Lin Lucas Production Support Manager: Lin Lucas E-mail: [email protected] E-mail: [email protected] Subscription Information Subscription Information An annual subscription to Network Security includes 12 An annual issues and subscription online accesstoforNetwork up to 5 Security users. includes 12 issues and online access for up to 5 users. Prices: Prices: 1221 for all European countries & Iran 1112 forfor allall European & Iran and Japan US$1367 countriescountries except Europe US$1244 countries except Europe and Japan ¥162 000 for for all Japan ¥147 foruntil Japan (Prices525 valid 31 December 2013) (Prices valid until November 2013) To subscribe send 31 payment to the address above. To subscribe send payment to the address above. Tel: +44 (0)1865 843687 Tel: +44 (0)1865 843687/Fax: +44 (0)1865 834971 or via www.networksecuritynewsletter.com Email: [email protected], Subscriptions run for 12 months, from the date payment or via www.networksecuritynewsletter.com is received. Subscriptions run for 12 months, from the date payment is received. postage is paid Rahway,Global NJ 07065, PermissionsPeriodicals may be sought directly fromat Elsevier Rights USA. Postmaster send all Oxford USA address corrections to: Network Department, PO Box 800, OX5 1DX, UK; phone: +44 1865 Security, 365 Blair Road, Avenel, NJ 07001, USA 843830, fax: +44 1865 853333, email: [email protected]. You may also contact Global Rights directly through Elsevier’s home page Permissions may beselecting soughtfirst directly from Elsevier then Global Rights (www.elsevier.com), ‘Support & contact’, ‘Copyright Department, OX5 clear 1DX, permissions UK; phone: and +44 make 1865 & permission’.POInBox the 800, USA,Oxford users may 843830, +44 1865 853333, Clearance email: [email protected]. You paymentsfax: through the Copyright Center, Inc., 222 Rosewood may contact through Elsevier’s home Drive,also Danvers, MAGlobal 01923,Rights USA; directly phone: +1 978 750 8400, fax: +1page 978 (www.elsevier.com), firstthe ‘Support & contact’, ‘Copyright 750 4744, and in theselecting UK through Copyright Licensingthen Agency Rapid & permission’. In (CLARCS), the USA, users may clear permissions and make Clearance Service 90 Tottenham Court Road, London W1P payments through the Copyright Clearance Center, Inc., 222 Rosewood 0LP, UK; tel: +44 (0)20 7631 5555; fax: +44 (0)20 7631 5500. Other Drive, Danvers, MA 01923, USA; phone: +1 978 750 8400, fax: +1 978 countries may have a local reprographic rights agency for payments. 750 4744, and in the UK through the Copyright Licensing Agency Rapid Derivative Works Clearance (CLARCS),tables 90 Tottenham Court Road, London SubscribersService may reproduce of contents or prepare lists of W1P arti0LP, UK; tel: +44 (0)20 7631 5555; circulation fax: +44 (0)20 Other cles including abstracts for internal within7631 their5500. institutions. countries may have a local reprographic rights agency for payments. Permission of the Publisher is required for resale or distribution outside Derivative Works the institution. Permission of the Publisher is required for all other Subscribers may reproduce tables of contents or prepare lists of artiderivative works, including compilations and translations. cles including abstracts internal circulation within their institutions. Electronic Storage orfor Usage Permission outside Permission of of the thePublisher Publisherisisrequired requiredfortoresale storeorordistribution use electronically the Permission of the Publisher is required for orallpart other any institution. material contained in this journal, including any article of derivative compilations an article. works, Exceptincluding as outlined above, noand parttranslations. of this publication may Electronic Storage or Usage be reproduced, stored in a retrieval system or transmitted in any form Permission of the Publisher required tophotocopying, store or use electronically or by any means, electronic,ismechanical, recording or any material contained this journal, including anyPublisher. article orAddress part of otherwise, without priorinwritten permission of the an article. Except as outlined above, no part of this publication may permissions requests to: Elsevier Science Global Rights Department, at be a retrievalnoted system or transmitted in any form thereproduced, mail, fax andstored emailinaddresses above. or by any means, electronic, mechanical, photocopying, recording or Notice otherwise, without prior written of any the injury Publisher. Address No responsibility is assumed by thepermission Publisher for and/or dampermissions requests to: Elsevier ScienceofGlobal Rights Department, at age to persons or property as a matter products liability, negligence the mail, fax and email addresses noted above. or otherwise, or from any use or operation of any methods, products, Notice instructions or ideas contained in the material herein. Because of No responsibility is assumed by thesciences, Publisherinforparticular, any injury independent and/or damrapid advances in the medical age to persons or propertyand as drug a matter of products verification of diagnoses dosages should liability, be made.negligence Although or from anyis use or operation of anytomethods, products, all otherwise, advertisingormaterial expected to conform ethical (medical) instructions or ideas contained in the material herein. Because of standards, inclusion in this publication does not constitute a guarantee rapid advances of in the thequality medical sciences, in product particular, independent or endorsement or value of such or of the claims verification of its diagnoses and drug dosages should be made. Although made of it by manufacturer. all advertising material is expected to conform to ethical (medical) standards, inclusion in this publication does not constitute a guarantee or endorsement of the quality or value of such product or of the claims made of it by its manufacturer.

12987 Pre-press/Printed by Mayfield Press (Oxford) by Limited Pre-press/Printed Mayfield Press (Oxford) Limited

2

Network Security

…Continued from front page larger percentage of female infosecurity professionals (34%) were in consultant and advisor job titles than men (26%), while more than twice as many men as women were network security or software architects. In roles such as security analysts and compliance auditors, 38% of women cited security analyst as their job title versus 27% of men. However, a higher proportion of men held security engineer and network administrator job titles. The ‘2013 Global Information Security Workforce Study’ identified ‘security analyst’ as the number one most-needed position in the information security industry, opening the way for a strong female presence in the future. The report also looked at average job tenure, median and average annual salary and academic backgrounds. In these categories, the report showed only marginal differences between women and men who work in information security fields. The findings revealed that women in information security, as a group, have a more diverse academic background than men, and a collective background with slightly greater emphasis on social sciences and business degrees compared to engineering and computer sciences. “The report data indicates that the perspectives of women offer viewpoints needed to elevate the security industry to the next level,” added Michael Suby, author of the report and vice president of research at Frost & Sullivan. While technical skills are integral to information security, the report found that women believe a successful professional should maintain a variety of skills, whereas men believe technical skills should be the priority. “Although efforts to fill the information security industry with skilled professionals have increased, the growing number of sophisticated attacks in our cyber landscape are posing an increased threat to organisations in both the public and private sectors,” said Suby. “Combatting these threats requires a community approach to training and hiring qualified security professionals from a variety of backgrounds. As our research reveals, women leaders are the

strongest proponents of security and risk management education and training in the industry. This type of mentality is crucial to building standards in the industry and echoes the report’s findings that women are indeed, ‘agents of change’ in the future of information security.” The full study can be found here: https://www.isc2cares.org/.

Security officers get greater voice in boardrooms

A

new IBM study of security leaders reveals that they are increasingly being called upon to address boardlevel security concerns and as a result are becoming a more strategic voice within their organisations.

A constantly evolving threat landscape, emerging technologies and budgetary restraints are requiring security leaders to play a more active role in communicating with C-suite leaders, as the rise in security incidents impacts brand reputation and customer trust, says IBM. Among the findings in the ‘2013 IBM Chief Information Security Officer Assessment’ are that mobile security is the number one “most recently deployed” initiative, with one-quarter of those surveyed deploying it in the past 12 months. While security leaders are looking to advance mobile security beyond technology and make it more about policy and strategy, less than 40% of organisations have deployed specific response policies for personally owned devices or an enterprise strategy for bring-your-own-device (BYOD). Nearly 76% of security leaders interviewed have deployed some type of cloud security services – the most popular being data monitoring and auditing, along with federated identity and access management (both at 39%). While cloud and mobile continue to receive a lot of attention within many organisations, foundational technologies that security leaders are focusing on include identity and access management (51%), network intrusion prevention and vulnerability scanning (39%) and database security (32%). The report is available at: www.ibm. com/security/ciso.

November 2013