Archive - May 2011

Lockheed Martin Cyber Attack Highlights Cyber-Blame Snags
3 Reasons Why Security Appliances are Hot

Lockheed Martin Cyber Attack Highlights Cyber-Blame Snags

WASHINGTON | Mon May 30, 2011 6:48pm EDT
(Reuters) – Past patterns may point to China, but top investigators say they will never know for sure who mounted a “significant” cyberattack against Lockheed Martin Corp, the Pentagon’s No. 1 arms supplier.
Lockheed, which is also the government’s top information technology provider, said on Sunday it was a “frequent target of adversaries around the world.”

The company has not disclosed which of its business units was targeted, but people with experience plugging holes after such strikes said that cyberspies likely sought trade secrets or weapons-related data.

The Bethesda, Maryland-based company did not respond to a request to clarify whom it deemed adversaries, and whether it suspected a foreign state in the digital assault it said it had detected “almost immediately” on May 21.

Lockheed said it had countered with stepped-up security measures and that no customer, program or employee personal data has been compromised in the “significant and tenacious attack” on its information systems network.

China has generally emerged as a prime suspect when it comes to keyboard-launched espionage against U.S. interests, although the Pentagon says more than 100 foreign intelligence groups have been trying to pierce U.S. networks.

“China’s government, the Chinese Communist Party, and Chinese individuals and organizations continue to hack into American computer systems and networks as well as those of foreign entities and governments,” the bipartisan U.S.-China Economic and Security Review Commission said in its 2010 annual report to Congress.

The body was created by the Congress in 2000 to advise it on implications of trade with China. It said in its report the methods used in suspected Chinese-launched attacks were growing more sophisticated and increasingly piggy-backing on social networking tools.


Beijing, at odds with the United States over Taiwan and other issues, has “laced U.S. infrastructure with logic bombs,” a cyberweapon, former U.S. National Security Council official Richard Clarke wrote in his 2010 book “Cyber War.”

Beijing steadfastly dismisses such charges.

“I’d say it’s just irresponsible to arbitrarily link China to such cyber hacking activities in each and every turn,” Wang Baodong, the Chinese Embassy spokesman in Washington, said in an email to Reuters. “As a victim itself, China is firmly against hacking activities and strongly for international cooperation on this front”.

Pinning down responsibility for an attack like that reported by Lockheed is “incredibly difficult” given the sophisticated ways that an attacker may misdirect, said Anup Ghosh, a former senior scientist at the Pentagon’s Defense Advanced Research Projects Agency, or DARPA.

Encoded clues in the Stuxnet virus that may have slowed progress on Iran’s nuclear program, for instance, seemed designed to point to Israel.

But “it is impossible to know if these are red herrings or genuine,” said Ghosh, who worked on securing military networks for DARPA from 2002 to 2006 and who now runs Invincea, a software security company.

Eugene Spafford, who heads the CERIAS cybersecurity research facility at Purdue University in Indiana, said the digital residue of an attack would not suffice to lead to a person or place.

“Records may show a network address where those bits came from, and that network address may tie to a machine in a country, but that is only the address of the most recent ‘hop’,” he said in an email interview.

“It is always possible that it is a system that itself was compromised, by another system that was compromised,” and so on and so on, Spafford said. In addition, one could never rule out the possibility that a given cyberstrike might be launched by someone in the pay of yet a third party, no matter where it originated.

Spafford, whose CERIAS lab has partnered with a dozen major companies and national laboratories, including defense contractors and Fortune 500 companies, said the bottom line is that “we likely never really will know who did it.”

Investigators first look for hard evidence — searching for stolen data that may be traveling across the Internet or seeking out people looking to sell information culled in a cyber attack. They typically rely heavily on circumstantial evidence, including whether the attack details match known methods from a suspect and if the targets are consistent with a group’s perceived interest.

It is also possible that the U.S. intelligence community, using its vast electronic eavesdropping and other spying capabilities, may make a judgment about the origin independent of forensic analysis, but that too would be subject to doubt.

3 Reasons Why Security Appliances are Hot

For many SMBs, security appliances are the best solution to their security needs as they are very affordable, offer excellent protection, and require little or no technical expertise to install or maintain. For those same reasons, valued-added resellers (VARs) find appliances to be a relatively easy sell.


Among the easiest appliances for VARs to sell are functional, manageable and upgradeable devices, notably unified threat management (UTM) appliances, which are available from many vendors such as Cisco, Fortinet, SonicWall and WatchGuard. The UTM concept is based on the assumption that a combination of security solutions bundled in the same appliance creates a better security umbrella for organizations, said Ariel Avitan, an analyst at Frost & Sullivan.

“Another main advantage of UTM solutions is their low cost in comparison to purchasing many different security solutions,” said Avitan. “These two advantages are driving the rapid adoption of UTM solutions by SMB customers.”

Typical UTM solutions include a firewall, intrusion prevention system/intrusion detection system (IPS/IDS), an AV (Antivirus), an AS (Anti-Spam) component and a virtual private network (VPN).

The shift in business to the Web has exposed small businesses to multiple security risks, which they often struggle to counteract due to limited IT and financial resources.

“The solution for many SMBs is a security appliance, because it is easy to manage, affordable and doesn’t require them to be security experts,” said John Keenan, VP of Distribution, Americas for SonicWALL, a security vendor. Keenan said three factors are driving appliance sales in the SMB market: the proliferation of broadband; intelligent controls on the boxes; and SMBs’ appetite for enhanced security.


Security appliances are very affordable

Products range in price from a hundred dollars to several thousand dollars.

A low-end offering such as the ZyWALL 2 Plus costs a little more than $100 but delivers quite a bit. It supports IPSec VPN, which makes it suitable for remote site to central server deployment and home to office or office to home deployments. Data encryption over the Internet ensures secure transmission between two sites, eliminating the need for expensive leased lines, and enabling global interconnectivity at a minimal expense.

The ZyWALL 2 Plus provides robust firewall protection, based on stateful packet inspection (SPI) and denial of service (DoS) technology. The ZyWALL 2 Plus provides the first line of defense against hackers, and other malicious threats.

If you choose to go up a notch, a Cisco ASA 5500 will set you back anywhere from $700 to $5000 dollars. A low-end Cisco ASA 5500 is an easy to deploy solution that integrates world class firewall, unified communications (voice/video) security, SSL and IPsec VPN, intrusion prevention (IPS), and content security services in a flexible, modular product family.

Designed as a key component of the Cisco Self-Defending Network, the ASA 5500 provides intelligent threat defense and secure communications services that stop attacks before they impact business continuity.

A high-end appliance can cost several thousand dollars. For example, the Blue Coat ProxyOne, a new device aimed at SMBs, starts at $8,999 for 100 users. The price includes the appliance, software licenses, automatic security updates and 24X7 support. The appliance can scale to support up to 2,000 users.

For your money, you get Web filtering, inline malware and anti-virus scanning, as well as on-box reporting (reports generated by the product; no add-ons needed) to enable safer use of Web 2.0 applications. A ProxyOne box delivers real-time Web defense, using the cloud-based Blue Coat WebPulse service. Additionally, Blue Coat security experts continually update the WebPulse defenses to protect against new threats.


Excellent protection

A security appliance, such as a UTM solution, provides comprehensive protection to customers as it has tightly integrated security features that work together on a single appliance, said Keenan. This class of appliance makes it easy for SMBs to manage their security because they only have to deal with one box and one source of support. Such an appliance solution is highly cost-effective as it offers a centralized console that enables monitoring of network security at remote locations.

Besides UTMs, the security appliance market includes standalone appliances (which deliver a single security application), blade appliances (a hybrid between UTMs and standalone devices) and software appliances.

All-in-one security appliances require little or no user technical expertise to install or maintain. This makes them appealing to SMBs and VARs. SMBs like these boxes because of their simplicity and practicality, while VARs like them because they are generally bullet proof in their reliability, and provide the proverbial foot-in-the-door to sell services.

“Some SMBs still need our expertise, whether it’s assessing their securing vulnerabilities, configuring the products, or providing remote monitoring through a managed service,” said Alvin Myers, president of United Systems, a VAR in Oklahoma City.

Copyright © 2013. Created by Meks. Powered by WordPress.