Meet the Bloggers Twitter BTSecureThinking YouTube Channel Blogroll About BT Looking for more?
BTSecureThinking Resources center

SecureThinking > Tags

Posts tagged - McAfee

Tuesday, September 7, 2010

Intel + McAfee 4Ever: Dealing with Security Issues during an M&A

By Toby Weir-Jones, Vice President of Product Development, Managed Security Solutions Group, BT Global Services

Just when we thought we’d seen everything, Intel’s bombshell announcement that they are acquiring McAfee stands to shake up the security industry all over again.  Aside from the potential impact on the security vendor space (as far as all the downstream corporate customers are concerned), it’s interesting to imagine the alignment issues which will surely arise between these two massively security-conscious firms.

As a security officer, should you invest significant effort into building a set of practices and policies which somehow enable integration with a completely different set?  For example, at the easy end of the scale, you might have two different standards for how many failed logins trigger an account lockout, so you reconcile the two and come up with a new standard which everybody is meant to adopt.  Far more difficult are issues to do with internal failures and when/how they might ultimately require documentation in SEC filings. 

The security officer’s role in such negotiations is likely to be much less technical and more financial – building models to track costs, measure risk exposures, and the like – and the output from such efforts will probably end up on the desks of Legal and Accounting more so than IT or Operations.  Ultimately the decisions surrounding how to combine policies will be driven by business and risk considerations, first and foremost, but it’s a dangerous path for the acquiring firm simply to say the target firm shall inherit all the parent’s policies. 

This is primarily because the policies in place are usually a function of all sorts of local contextual issues, which are then mapped against whatever subset of industry best practices make sense for the business in question.  For example, if a development team is distributed globally while working on a single project, a firm needs to make a decision about using private WANs for data exchange, or instead, relying on local internet access at each facility and coupling that with a strong VPN.  If the immutable policy point at the acquiring firm says that no internal R&D data shall traverse the internet — and it was never written to consider whether VPNs are an acceptable carve-out — then the disruptive effect might be significant for all the IT and network teams which have to scramble to catch up. 

As with most things, there is no simple answer – the point is to ensure that M&A activities don’t simply assume “the IT stuff will sort itself out.”  The integration teams need to give an equal seat at the table to the security officer, the IT architect and whoever else is responsible for the glue that drives how the firms get things done behind the scenes.  It’s not just about operating synergies and reduced cost of sales anymore.

Posted at 2:05 PM in SecureStrategies | No Comments »
Tags: , , , , , , , ,

Bookmark and Share

Tuesday, December 15, 2009

Annual Internet Threat Reports Make for Good Fireside Reading

Pete Russo, Senior Marketing Manager, BT Global Services

‘Tis the season for egg nog and annual internet threat reports. In recent weeks McAfee, MessageLabs and Cisco, among others, have each released their readings of the threat environment facing both business and home users during 2009. Rather than letting these reports ring-in a flurry of fear, uncertainty and doubt, here are a few strategies to maximize the value you can derive from them.

Eric Ogren, from the Ogren Group, starts his review of 2009 reports on searchsecurity.com with a reminder that these documents are, at their core, “vendor marketing documents.” In other words, what the vendor highlights will speak most strongly to their core business. His primary recommendation to circumvent vendor tunnel vision is to read multiple vendor reports to gain the most complete picture of the threat environment.

Another recommendation is to maximize value from these reports by taking them from a review of the past to a call to action for the coming year. While the threat landscape is always changing, using the major vulnerabilities from the past year is as valuable as a reality check. Reading the report enables you to develop a checklist on what has already been accomplished by your team, what still needs to be done – and it also helps in developing guidelines to justify upcoming budget requests.

Finally, reports can also be a company-wide education, tool. While IT security teams should be reading the entire report as part of their year-end activities, the rest of the company will undoubtedly benefit from a series of snapshots of the most salient user-focused recommendations from the reports. Collaborating with your internal communications colleagues to develop a “New Years’ Best Practices campaign” is a good way to get this initiative rolling.

Annual Threat Reports from BT’s partners can be downloaded here:

McAfee Mapping the Mal Web Report

Cisco Systems Annual Security Report

MessageLabs Intelligence Annual Report

Posted at 9:27 PM in SecureAlert | No Comments »
Tags: , , , , , ,

Bookmark and Share

Wednesday, October 28, 2009

Guest Post: McAfee – Day Zero is Dead … Long Live Day Zero!

Mike Nielsen, Director for Network Security, McAfee

It wasn’t very long ago that Network Intrusion Prevention System (N-IPS) vendors were in furious debate over who released the signature first after a new exploit was discovered, protecting their customers fastest from the attack du jour.  The story line went something like this:

1) Microsoft announces <some large number> vulnerabilities on Tuesday

2) Fast forward 80 days: Threat X is discovered, targeting one of the above vulnerabilities – this is the classic Day Zero

3) Fast forward somewhere between eight minutes and two weeks: numerous IDS vendors release some large number of exploit-based signatures

The winner of the “competition” was always the vendor who released their exploit signatures in the shortest timeframe after Step 2; and then, issued the press release.  So went the early days of Network IPS.

Then, rather suddenly (around 2005), Step 2 shortened from 80 days to 10, then five, to two, and then finally to one day.  This made some of us in the industry take pause, and to think – there’s something far more sinister at work here.

What was ignored broadly then, and is glossed over broadly now by many IPS vendors, is that the above timeframe is nonsense at its core.

Instead, we need to look at this very differently:

1)       New software is released to market.  This is Day Zero.

2)       Fast forward 0 seconds: Vulnerabilities exist in this software, but not many people know about them

3)       Fast forward several weeks: Attacks are underway against these vulnerabilities, but they are isolated and targeted

4)       Fast forward three months: Software vendor announces vulnerabilities and patch on Tuesday

5)       New, broadly used exploits are discovered against those announced vulnerabilities

6)       Security vendors scramble to be the first to market their protections to Step 5

What is overlooked (Steps 2-3) is fundamental to the challenge we face: the day a new piece of software is released to the market, there are vulnerabilities, and there are certainly hackers exploiting them as fast as they can discover them.  The protection gap — rather than being from the time a new vulnerability is announced to the day a new attack is discoveredis actually the time from when the software is released to the time the vendor issues the patch.  Then the cycle starts all over again.

So what is Day Zero now?

Day Zero needs to be thought of as the day a new piece of software is released.  And in order to protect yourselves in our second scenario above, you need to know that your network protections are guarding against what we don’t know, versus what’s made the headlines.

That’s where Vulnerability Analysis on your IPS comes into play.  It’s no longer adequate to look for what’s been announced.  You need to be ready for what the hackers are doing long before the press release comes out.  That’s where McAfee and BT come in – we have more than 350 researchers on staff finding vulnerabilities and fixing them long before the software patches come available, and eons ahead of the rest of the industry.  And it’s why we can claim that our platforms, and hence BT Managed Security Solutions Group, protect customers on average 80 days ahead of the threat.

The proof is in the results.  Verifying a vendor’s claims can be a challenge, and it’s precisely why independent validation is so important.  Want more info?  Visit http://nsslabs.com/IPS/McAfee-M8000.html for more information and to understand why vulnerability analysis and IPS detection accuracy are so important.

As Director for Network Security, Mike Nielsen is responsible for all elements of McAfee’s Network Intrusion Prevention Systems on the highly successful I and M-series platforms.  Mike is a veteran of the telecom and security industries, with more than 15 years experience in developing, deploying and marketing high-speed network and security solutions. 

http://nsslabs.com/IPS/McAfee-M8000.html

Posted at 9:55 PM in SecureAlert | No Comments »
Tags: , , , , , , ,

Bookmark and Share