Vote for me in
IT Security Blogs
Symantec Vision Conference - Day 1
Today was the first big day of Vision 2008. Thousands of people packed into the hall to hear the opening keynote from the Symantec Chairman and CEO, John Thompson. Run in a chat show and hosted by Steve Trilling, it was quite a spectacle (even if I say so myself).
The message was simple, information is exploding - doubling every two years in most organizations and soon it is estimated that there will be as many pieces of information as there are grains of sand. John went through our larger acquisitions since last year and how they fitted into the big picture. Including Vontu for data loss prevention, Altiris for endpoint management and AppStream for virtualization. He also talked about new product releases and awarded prizes to our most visionary customers.
Parallel sessions then took over with streams covering all aspects of the Symantec portfolio. The ones I went to were packed and people were happy with what they were hearing - which is great. We seem to be back on track of giving the right level of marketing and technical content which is good.
I hosted a table at the analyst lunch on Data Loss Prevention and there was a great deal of buzz around the topic and where it was going. It’s always good to hear the various thoughts and ideas from competing analysts. People generally felt that we were just at the start of understanding all the issues associated with confidential information and how it need to be handled. Technology and the way we use it is moving so quickly, consumerization of IT as well as the boundaryless enterprise all make the problem more complex - but they bring benefits so data loss solutions need to keep pace!
The partner expo hall was packed, I haven’t seen it so busy in the last couple of years, so it was great to see it back in all its glory. Of course for me it gave the opportunity to meet up with old friends and colleagues who have moved to different companies as well as take part in some great discussions with customers, especially around the new technology announcements.
If you weren’t there… then you can still catch some of the highlights from the website.
Technologies For Data Loss Prevention
I am speaking at the SNIA Europe Academy on 20th May 2008 in London - and “Technologies For Data Loss Prevention” is the title of my session. So… two things here… firstly, I have been involved with SNIA since it first started and it is good to see an organization ‘grow up’ with its customers needs and the ever changing technology. So while there are some sessions on fibre channel and other more usual storage related items, there are also sessions like mine and on compliance challenges which talk at a different level - not the just physical storage but the information that is there and what it means to the enterprise.
Secondly, I was in with an account team at a customer to talk about futures in both storage and security and data loss came up. The rep did a great job of explaining our latest and greatest technology (which we acquired late last year when we bought Vontu), but missed out on some of the obvious ones… such as encrypting backup tapes if they are going off-site, or keeping anti-virus definitions up to date - some of the things we often think of as obvious but, as with all good management books, it is not until the obvious is pointed out that it becomes ‘obvious’.
Anyway… my session will cover the range of technologies that can (and should) be considered and it is most definitely not a ‘one size fits all’ - to be effective and cost efficient you need a holistic approach - some of which will be ‘obvious’ and others, less so. Hope to see you there.
There Goes The Neighbourhood
In this case it was the neighbourhood that funded a glamorous lifestyle - even if they didn’t know it. This is a case of identity theft taken to a whole new extreme with multiple neighbours of a Philadelphia couple being defrauded of $100,000. The couple had keys to neighbours flats and post boxes and used them to take all kinds of information, including bank account details as well as installing spy-ware on their computers.
How didn’t the neighbours realize? Well, it seems that the couple had opened bank accounts and credit cards in their neighbours names - in this case they used a fake driving license. (So you wouldn’t know until you tried to open an acocunt or a credit card and the credit check fails.) Try a Google image search for driving licenses and you will be amazed at how many there are… people need to realise the importance of the information they hold and more to the point the consequences of what can happen if it falls into the wrong hands. So… if you happen to have just past your driving test, and you want to tell your friends about it - then tell them, but please don’t post a picture of your license on your social networking site!
Free Music… Come And Get It
And 360,000 people responded - and got adware instead. The difficulty is to know what is genuine and what isn’t. A number of big name bands, Coldplay being the latest, have released their upcoming single ‘for free’ as an MP3 - and that was genuine. So where’s the difference? In this particular case the MP3 turns out to be an executable - so it’s a program, not a music file. This brings us quite nicely to browser plug-ins which you (the user) are told are required for a web page to load correctly - but it turns out that a large number of these are also malware (adware and keyloggers top the list).
If you are on a web site you don’t know and it asks you to run a program, or install a browser plug-in. Just say no… navigate away. Remember… If a deal sounds to good to be true - then it probably is, and its better to be safe than sorry.
Dataloss At The Border?
The US announced this week that they would be able to search laptops, or rather search the information on laptops without any reason being given. They have been able to search laptops for a while, but have needed to have a good reason, or suspicions, to do so. The result of this change is going to mean a number of things, firstly; longer delays to get in (hopefully they won’t be searching everybody’s data… else we could be waiting in line for weeks…) and secondly the possibility of data being compromised.
It is difficult to know what to suggest… if you are waiting to get into the US, especially if you are a visitor rather than a national, then you are unlikely to decline a request for them to look at the laptop contents - as that would no doubt give rise to a quick trip back home on the next plane. You probably wouldn’t want to leave the laptop there - just in case it gets lost. Perhaps it is time to look at all that information on there - and decide that it would be better left ‘at the office’ and the laptop is just a portal that you can use remotely. It will still take customs a while to go through an empty laptop - but at least there will be no chances of the data being compromised.
What Price Information?
In the latest release of the Symantec Internet Security Threat Report we have an update on the price of information. Perhaps one of the most scary aspects is that you can now get volume discounts!
Top of the list are bank account and credit card details which range from 20p to £500. Next are full identities which come in at between 50p and £7.50 - while these do not give instant access to money they do enable cyber criminals to apply for bank accounts and credit cards in the victims name and then perpetrate the fraud without the victim knowing… until they find they have lost their credit rating due to bad debts.
Also making it to the top 5, for the first time, are eBay accounts and go for between 50p - £4. This shows that all information is worth money to someone (further down the list are gaming accounts, social network accounts and others). So… if you have information that you think is valuable to you then it is probably of value to someone else - protect it wisely.
-
Subscribe
-
Podcasts
-
Symantec Security Response Weblog
-
Links, downloads and other resources
Symantec UK
Symantec Podcast Directory
Symantec Security Response
