The lesson to be learned from the content of Snowden’s documents released to date is that the NSA has built a global capability to execute on a plan of information dominance for intelligence gathering. Ostensibly to collect enough communications meta data and content to deter, disrupt, and destroy terrorists and their plans, the NSA’s capabilities have also been used for broader spying on foreign leaders,
Security analytics is the term being applied to the new methods being developed to counter sophisticated targeted attacks. The idea is simple but implementation requires skill sets that have yet to be acquired by most organizations. Gather as much data as possible, apply filters derived from security intelligence, and identify attacks in progress or already firmly established beachheads made by the adversary.
Note to security clearance holders: The following post contains no links to secret documents.
As the carefully orchestrated stream of leaks from Edward Snowden are published in The Guardian, we have learned first of the massive scale of US (and now UK) data and communication surveillance. Top Secret/NoForn documents were also published that spelled out the procedures and oversight measures that the NSA must comply with to avoid spying on “United States persons”.
Everything changed June 1, 2012. That’s when we entered the age of weaponized malware. On that day David Sanger’s article in the New York Times alerted the world to the fact that the United States and Israel were responsible for a long term, concerted campaign against the uranium refining capability of the Iranian regime.
Thanks to my colleagues, Paul Henry and Paul Zimski for a great discussion on weaponized malware yesterday. While the threats that dominate our headlines … Stuxnet (2009), DuQu (2010) and Flame (2011) seem like story lines that spy movies are made of, they are in fact something enterprise should be concerned about.
Back in the late ’90s, the president of a prominent U.S. anti-virus company was approached by a delegation from India. Their request? Weapons-grade malware. In the same month, he was also approached by representatives from Pakistan with the same request. As he explains it: “Two nuclear armed nations with a common border and a history of armed conflict have only one interest.
Mobile device management is a workplace reality that IT is scrambling to get their arms around. And justifiably so…according to the new report by Symantec, the 2012 State of Mobility Survey, organizations of all sizes are seeing numerous damages due to mobile devices in the workplace, including data loss, damage to the brand and loss of customer trust.
There is no question we have entered the era of always connected mobile devices. Smart phones, iPads, and Android devices have changed the way people access information. Last month, I discussed why denying the use of personal mobile devices isn’t a realistic view. Looking to the future, here are some considerations on how to incorporate this new way of doing business.
I have logged more travel miles than I care to admit in 2011. Throughout it all, I heard significant trepidation from IT security directors and CISO’s over the invasion of their offices with those nasty, uncontrollable personal digital devices that everyone is now armed with: iPhones, Android devices, and iPads. Especially iPads. And invariably the worst offenders are the business leaders.