Image: Sergej Khackimullin

Lack of coordination, benchmarking and proactive improvement of functionality are reasons why security processes in enterprises fail to meet their potential, according to a new survey.

Published by SenSage Inc., the survey polled more than 375 attendees at the 2011 RSA Conference in San Francisco and inquired about the effectiveness of critical security processes, including log management, compliance reporting, real-time monitoring, forensic investigation and incident response.

SenSage documented the key findings of its survey in a report released this week, revealing that 53 percent of the respondents said they have no coordination among those five critical security processes, or that they have only “reactive triage” across them.

Sixty-five percent of enterprises said they have no measurement to benchmark the effectiveness of these processes, or that this measurement is inconsistent. Additionally, more than one-third of respondents said they have not implemented proactive efforts to improve the five processes, or that their improvement efforts have been inconsistent.

As a result inadequate coordination, measurement and proactivity, most organizations perceive their log management, compliance reporting, real-time monitoring, forensic investigation and incident response processes to be ineffective or “somewhat effective” at best, the study found.

The survey also indicates the security industry is struggling to overcome the “closed data” models of traditional SIEM and log management systems. When asked if they have ever experienced hurdles to data access and analysis while performing their duties as security professionals, “yes” responses outnumbered “no” responses two to one.

Bob Dix, Juniper

Juniper Networks executives will participate in various speaking engagement at the 2011 RSA conference, covering topics ranging from mobile device security to the impact of cyber attacks, the firm announced.

In the “Defend Your Mobile Life” Plenary Session, Mark Bauhaus, executive vice president and general manager of the Service Layer Technology Business Group, will talk about key findings from the company’s global research on the risky realities of mobile devices and detail the necessary security components enterprise IT and service providers must integrate into the mobile experience.

Steve Hanna, distinguished engineer, will discuss open industry standards for network security and access control at the “Trusted Network Connected Seminar,” while his colleague, Bob Dix,vice president of government affairs & critical infrastructure protection, will partake in a panel session titled “Digital Apocalypse: Fact or Fiction?” where focus will be on the impact of cyber attacks on critical infrastructure.

Sanjay Beri, vice president and general manager for Juniper’s Access and Acceleration Business Unit, will participate in a discussion exploring how and why organizations are using cloud security, the benefits they realize and the challenges they face, in a panel session titled “Trends in Security Delivery Models: Cloudy Skies Ahead?”

Held Feb. 14-18, 2011, RSA focuses on information security for enterprise and technical professionals from major industry verticals such as banking, finance, government, healthcare, pharmaceuticals, computer software development and manufacturing, according to the event website.

Alan Paller

Writers from washingtonpost.com, Wired, International Data Group, Dark Reading and USA Today topped the list of cybersecurity reporters who received the 2010 Top Journalist Award at the RSA Conference in San Francisco, Calif., earlier this month.

“Journalists are among the most important people in cybersecurity because until the public fully understands the threat, the nation will never act to solve the problem,” said Alan Paller, SANS Institute’s director of research.

Brian Krebs, formerly of washingtonpost.com, received the most votes. Over the past 15 years, he wrote hundreds of stories for The Washington Post and its online edition, including more than 1,300 blog posts and eight front-page stories and a Post Magazine cover.

“[He] breaks more stories more often than any other cybersecurity journalist,” said a panel member. “Plus, he seems to really focus on breaking stories that matter, not just those that will generate buzz.”

Finishing second in the voting was Robert McMillan, who has written about computer technology since 1996, and in 1998 was co-founder and editor-in-chief of IDG’s LinuxWorld online magazine. In addition to LinuxWorld, he has written for New Scientist, Wired News, Linux Magazine and the Detroit Free Press.

“He seems to never sleep, an admirable quality in a wire reporter, and tends not to sensationalize,” said a panel member.

The additional eight winners were recognized because of their exceptional journalism this year, and in previous years.

Kevin Poulsen is a former black-hat hacker, who currently serves as senior editor for Wired;

Tim Wilson is a 25-year veteran of computer-industry journalism and a founding editor of Dark Reading;

Kim Zetter is a freelance journalist, who has written for publications across the world on topics varying from cryptography to electronic voting;

Byron Acohido writes for USA Today and won the 1997 Pulitzer Prize for Beat Reporting;

Keith Epstein is an award-winning writer and investigative journalist currently working for the Huffington Post’s Investigative Fund;

Dan Goodin has covered legal affairs, Internet governance and financial markets for publications such as CNET News.com, The Wall Street Journal and Bloomberg News;

Siobhan Gorman covers intelligence terrorism and national security in the Washington, D.C., bureau of The Wall Street Journal;

Robert Lemos is an award-winning technology journalist, who spent eight years as a staff writer at ZDNet News and as a senior staff writer at CNET News.com.

The majority of the incidents reported to the FDIC were “related to malware on online banking customers’ PCs,” according to Nelson. Most often, the victims are sent an email containing a link to a fake website designed to capture their login credentials.

Despite growing efforts by banks to enforce a variety of credentialing, cyber criminals continue to stay one step ahead. “Online banking customers are getting too reliant on authentication and on practicing layers of controls,” Nelson said.

Additionally, commercial accounts are generally not covered in the same manner as individual accounts and business end up swallowing much of the cost of the theft.

Advocates of cloud computing talk about the lower costs and ability to make security features part of the program data.  Most of the lower costs come from equipment and repair costs that could save money for big and small companies alike. Many believe that cloud computing is changing security as we know it.

Others are more hesitant and the idea of widely adopting these information management techniques. Melissa Hathaway, former senior director for cyberspace for the National Security Council, said the migration toward the cloud is gaining momentum without having satisfactorily addressed several pressing concerns.  Of these concerns, most were focused around online data’s vulnerability to attacks.

Also listed among the concerns is compliance with different standards and the governments access to information through search warrants. Because of the economic sense of cloud computing, these security risks are being evaluated. Also resulting from the discussions on cloud computing safety at the RSA Conference is the need for better private-public partnerships to fight cyber threat.

The concerns coming out of RSA encourage the cyber community to critically evaluate cloud computing and security.

Amit Yoran

During the RSA Conference, Amit Yoran, CEO of NetWitness Corp., discussed the challenges in dealing with the issue of cyber warfare, along with Scott Borg, director and CEO of the Cyber Consequences Unit.

Yoran discussed some of the challenges facing cyber defenders in the coming years, particularly the difficulty in seeing the threats before they happen.

“There is a complete lack of visibility into modern threats,” Yoran said. “For example, criminals could control the supply chain to introduce the attack points exactly where they want them – directly introducing their own private vulnerabilities in the hardware, software or even the services they provide.”

He also discussed the growing prevalence of cyber crime and how the issue will only get worse over time.

“There has been a major shift in crime as reported by former DEA administrator Francis Mullen,” Yoran said. “More money has been made through online crime than the amount made through drug trafficking. The attributes that make cyber crime attractive to civilians and cyber gangs also become very attractive to nation states.”

Melissa Hathaway

This week, RSA’s conference in California looks “ to drive the worldwide information security agenda,” says conference general manager Sandra Toms LaPedis.

As instances of cyber attacks continue to grow more prevalent, cyber warriors and national security officials are gathering in California to examine methods to enhance cyber defenses. The RSA conference, held in San Francisco this week, includes a number of headline government speakers, like Secretary of DHS Janet Napolitano, White House Cybersecurity Coordinator Howard Schmidt and FBI Director Robert Mueller.

The conference also includes industry leaders like Craig Newmark, founder of Craigslist, Enrique Salem, President and CEO of Symantec and David DeWalt, President and CEO, McAfee Inc.

On Tuesday, Melissa Hathaway will discuss how to develop a strong and cohesive national cybersecurity plan that includes cooperation between the private sector and government.

The conference will examine issues like security in the cloud, enabling the use of social networking sites and ensuring safe remote access of business networks.

Sandra Toms LaPedis, Area Vice President and General Manager of RSA Conference, said “As cyber warfare, cloud security and protecting the enterprise in the face of consumerization and mobility emerge as new challenges for IT departments, our attendees rely on RSA Conference for practical insights and real-world answers to these issues.”

Some of the more prevalent issues presently facing cyber defenders will dominate the agenda, particularly cyber crime and cyber espionage. Most recently, the highly publicized Aurora attacks against search engine giant Google has brought the issue of cyber espionage into the public eye.

“Malware has become important as the sophistication of the attacks has increased. That is underscored by the Google Aurora attack,” said Philippe Courtot, Chairman and CEO, Qualys Inc. “Now we know for a fact more than a hundred companies were compromised in very targeted attacks of industrial espionage.”

During the conference, FBI Director Mueller will discuss the variety of cyber threats currently arrayed against US interests, including cyber crime and how foreign government and terrorists exploit the Internet for nefarious purposes.

Schmidt will participate in a “town hall” style discussion and Secretary Napolitano will discuss the impact that cyber threats have on society at large.

In a session titled  “ Dealing with Sophisticated Threats in Cyberspace without Creating Big Brother ,” former Secretary of Homeland Security Michael Chertoff and former chief counterterrorism advisor to the NSC, Richard Clarke, will look at how the government can help to defend companies and citizens against cyber threats without eroding civil liberties or infringing on privacy rights.

The expanding use of mobile devices to access Internet services will also be a central discussion point at the conference.

“There are so many security topics high on the agenda. Certainly one of the topics is how mobile devices are becoming more like computers with the benefits and drawbacks as well,” said Simon Bransfield-Garth, CEO of Cellcrypt, a voice security solutions provider.

The conference also includes a number of tutorials taught by the SANS Institute, a cybersecurity training center headquartered in Bethesda, MD.

The conference will likely include the release of new threat studies and new services and products catering to the cyber defense community.