ISSSource White Papers

Posts Tagged ‘enterprise’

Wednesday, January 22, 2014 @ 01:01 PM gHale

The security consolidation continues with VMware paying $1.54 billion to buy mobile security company AirWatch.

Atlanta-based AirWatch, led by co-founder and Chief Executive John Marshall, came to life in 2003 and is an enterprise mobile management and security solution provider.

Belden, exida Ink Partnership Pact
French IT Security Firm Acquired
Palo Alto Networks Deals for Morta Security
Security Firm Accumuli Deals for Eqalis

The acquisition is the largest made by VMware, topping the $1.26 billion purchase of Nicira in 2012.

This move puts VMware into competition with established mobile technology management rivals Microsoft, Blackberry and Intel, as well as venture-backed Silicon Valley challengers including MobileIron and Good Technology.

Palo Alto-based VMware said it will pay $1.175 billion in cash and about $365 million in installment payments and assumed unvested equity.

“With this acquisition VMware will add a foundational element to our end-user computing portfolio that will enable our customers to turbo-charge their mobile workforce without compromising security,” said VMware Chief Executive, Pat Gelsinger.

“When we started AirWatch, we set out to help businesses succeed in the mobile explosion that was set to come. Now there are more than 2 billion smart phones and tablets in the world and more than half of those devices touch an enterprise,” said Alan Dabbiere, co-founder and chairman, AirWatch. “By joining a proven innovator like VMware, we now have an opportunity to bring our leading-edge solutions to an even broader set of customers and partners to help them optimize for the mobile-cloud world.”

The deal won approval by both boards and should close by the end of the first quarter.

Wednesday, April 24, 2013 @ 08:04 AM gHale

By Gregory Hale
Visibility of control system data remains a top priority for refineries these days as the entire enterprise needs to see what is going on throughout the process.

“We are constantly getting pressure to get the data as visible and transparent as possible to a variety of different groups,” said Jason Bottjen, manager of control systems engineering at Valero Energy Corp., during his talk Tuesday at the PAS Technical Conference in Houston.

PAS: Human Reliability
Firms Don’t Budget to Protect IP
Manufacturing Most Attacked Industry
Simulated Attacks Hike Security Awareness

While some of the early talks were visionary and dealing the way things could and should be, Bottjen talked about some of the ways things are in refineries today.

With a boatload of different systems installed within the refineries, Bottjen said there are challenges to ensure plant reliability and safety.

Some of those challenges are:
• Control system challenges
• Management of complex automation systems
• Complexity of open systems and legacy systems
• Cyber security
• Control loop performance

One of the important things he has to deal with is the traceability of data and figuring out which pieces fit together.

When talking about the cyber security challenge, Bottjen said they had to deal with intrusion detection, inventory of cyber assets and physical and network access.

In addition, control loop performance always becomes an issue with underperforming loops, loop tuning and high operator interactions.

“Tuned loops mean greater productivity, which lead to greater profitability,” Bottjen said.

He also said operators need access to information to make informed decisions, especially when it comes to alarms and alarm management.

“Proper alarm management is a key for plant reliability and safety,” he said.

Operators, he said, need greater data visualization so they need to see data with more meaning.

One of the constants that never changes, Bottjen said, is the idea that “things change and that makes this a never ending process.”

That is why to improve reliability, everyone must strive to continuously improve and upgrade the process and manufacturers need to invest in new technologies to solve challenges, he said.

“We need to demystify the black box,” Bottjen said. “We need to increase visibility into the system.”

Monday, September 24, 2012 @ 12:09 PM gHale

New cyber security software that passively monitors networks to help operators detect intruders and other anomalies specifically for utilities and other industrial systems is under development by Idaho National Laboratory (INL).

The need for the software, named Sophia, emerged about seven years ago, said Gordon Rueff, who led Sophia’s development with INL colleagues Jared Verba, Kenneth Rohde and Corey Thuen. Sophia should be ready to go as early as next month.

SCADA Security Basics: Insecure PLCs
Report: Pipeline Security Vulnerable
Cyber Research Lab Opens
Malware Intelligence System

“Until recently there wasn’t much of a market for security tools or even situational awareness tools inside a control system because your control system was here, your Internet was over here, and they didn’t talk. That’s no longer the case. Now users have to think about cyber security.”

Industrial systems such as power plants originally focused on physical security because they didn’t have to worry about the Internet, but that has changed as operators have added computer networks to allow for system visibility all the way through the enterprise.

Work on Sophia, named after the Greek goddess for wisdom, began three years ago. It is a tool to automate real-time monitoring on static Supervisory Control and Data Acquisition (SCADA) system networks – those with fairly fixed communications patterns. Anything out of the ordinary triggers an alert.

If the program detects suspicious activity, it alerts an operator or network administrator, who can then decide if the activity is threatening.

“Sophia doesn’t try to make that distinction, it just says, ‘Hey, there’s a new device,’ or ‘You’ve got a new communication pathway; you need to figure out what it is,’ ” Rueff said. “It could be something as simple as someone installed a new unit that is supposed to be there.”

The program is available over an Internet browser via an XML application programming interface. For proof-of-concept security tests, developers limited Sophia to local host connections. INL completed two rounds of testing, the second involving dozens of companies, and the plan for now is to have Sophia ready commercial availability in October, INL said.

“It really is the flagship,” said David Kuipers, a program manager with the National SCADA Test Bed Program at INL. “It’s the first technology of this group that will be transitioned to industry.”

Using Sophia drops the time spent monitoring these systems to four hours, down from a week’s worth of man-hours, said Misty Benjamin, an INL spokeswoman.

About 30 companies participated in testing the software, including Idaho Falls Power and Austin Energy.

Concerns about the security of industrial systems such as water and power plants has been heightened in recent years by the discovery of the Stuxnet worm, part of a U.S.-led cyber warfare campaign that disrupted uranium processing in an Iran nuclear facility. Security researchers called it the first weaponized malware because of its sophistication and precise target, and its discovery led to speculation about whether a similar tool could target systems in the United States.

Wednesday, August 29, 2012 @ 01:08 PM gHale

The Zero Day Initiative (ZDI) released five security holes that Hewlett-Packard has had, and known about, for more than six months.

All the zero-day holes affect products in HP’s enterprise and networking divisions:
• HP LeftHand Virtual SAN
• HP Operations Agent for NonStop
• HP Intelligent Management Center
• HP iNode Management Center
• HP Diagnostics Server

New Java Zero Day in Play
SpecView Hole in SCADA/HMI line
Siemens Default Password Hole
Hot Fix for ICONICS Zero Day

In all five products, remote attackers can exploit programming flaws to inject and execute arbitrary code via specially crafted requests – sometimes even at systsem user level.

These are all at the highest threat level. In all five cases, the ZDI informed the company of the problems at the end of 2011. HP failed to release patches for any of these critical security holes.

Because companies would often make no move to fix the security holes reported to them, two years ago, ZDI said it would in future disclose such holes after 180 days if companies failed to respond. ZDI has invoked its rule more than once.

The odd part about the release of the Zero Day news is HP owns TrippingPoint, which runs ZDI. HP took over TippingPoint when it acquired 3Com.

Friday, August 24, 2012 @ 04:08 PM gHale

McAfee fixed a bug-prone update that disabled security software for home and enterprise users over the weekend.

Users who received the latest updates for McAfee’s consumer and enterprise versions of its antivirus software last Friday found themselves unable to access the Internet or encountered errors within the application, according to messages posted on McAfee’s community forums.

Autos Vulnerable to Cyber Attack
Test: AV Products Fail in Protection
Whitelisting Defense Combat Ready
APT: Attackers get What They Want

Home users were unable to access the McAfee Security Center console, preventing them from running anything within the software program. Enterprise users encountered errors with the On-Access Scanner.

Enterprise users had to wait till Monday for VSE 8.8 Hotfix 793640, which contained the full DAT 6809 update, according to a McAfee knowledge base article. However, the hotfix was 100 MB in size, making deployment a challenge for administrators overseeing a large number of affected machines.

“Deployment can cause high bandwidth usage in large environments,” McAfee recommended. The support document also suggested deploying the hotfix in stages rather than to all systems at once.

McAfee released a smaller version of the hotfix, VSE 8.9 Hotfix 793781, late Tuesday. While the smaller hotfix has a smaller initial footprint and addresses most of the issues, “remediated systems will require a full DAT update as soon as possible,” according to the advisory.

The hotfix does not force a reboot, but the company recommended a restart of all systems after installing the fixes in order to validate the latest update.

This isn’t the first time a security vendor had a faulty update. McAfee alone has had three bad DAT updates in recent years, including the April update for its email gateway security products that caused the systems to crash and display message scan failures.

McAfee is not alone, as a problem update was behind the Microsoft’s Security Essentials scanner attempt to flag as malware. Last month, Symantec released an update for its Symantec Endpoint Protection 12.1 that caused users running Windows XP to see the blue screen of death. Symantec rolled back the signatures a few days later.

Tuesday, August 14, 2012 @ 05:08 PM gHale

By Gregory Hale
Change is inherent in today’s manufacturing environment. Yes, some technology may be long in the tooth, but change is inevitable and a modernization plan will help companies move forward.

Changing technology: The Purdue model was the state of the art in the 80s, the MES convergence was in the 90s and it was enterprise convergence in the 2000s.

Invensys: One Step Ahead
Invensys: Cyber Key to Modernization
SQL Injection Moves Up a Notch
SQL Attacks Take Big Jump

“The speed of business is changing,” said Rick Morse, vice president for the Control and Safety Solutions business of Invensys Operations Management during the product roadmap discussion during the 2012 North America Invensys Foxboro User Group conference in Boston Tuesday. “With automation advances, what used to take 50 people to do years ago can now be done by one person.”

That is what Invensys’ modernization program is all about, embracing change to gain more perspective and stronger productivity from people and technology.

“There used to be manual labor and we replaced that with PLCs and DCS’s and now we are changing to a new era. We are going to decision support automation,” Morse said. “We are going to tie all the technology together and put it into context. That means we change to a knowledge worker from a manual worker.”

“The whole game will change as we go to a whole new perspective on what we can help you do,” he said. “The speed of business and the speed of money are getting closer together.”

With modernization, “We are reinventing from the inside out.”

Thursday, July 19, 2012 @ 06:07 PM gHale

Mozilla offered some details of the security fixes in the new versions of its Firefox web browser, Thunderbird news and email client, and the SeaMonkey “all-in-one Internet application suite.”

Based on the same Gecko platform, version 14.0 of Firefox and Thunderbird, and version 2.11 of SeaMonkey closed a number of the same security holes, some of which rate as “critical” by the project; updates have also gone out for the “enterprise” versions of Firefox and Thunderbird to address these issues.

Browser Update: Advantage Bad Guys
Privacy Issues with Firefox Tabs
Flash Update Fixes Firefox Crashes
Flash Patch Hits Firefox 13

These critical vulnerabilities include a code execution problem related to javascript: URLs, a JSDependentString::undepend string conversion bug and attacker can exploit to cause a crash, a same-compartment Security Wrappers bypass issue, and various memory safety hazards. They also took care of a critical use-after-free problems, an out-of-bounds read bug, and a bad cast in the Gecko engine that could lead to memory corruption. Some of these vulnerabilities and attacker could exploit remotely to execute arbitrary code on a victim’s system, Mozilla said.

The developers also corrected three high-risk vulnerabilities – including location spoofing and data leakage issues – and three moderate security bugs.

Additionally, the update to Firefox closes a high-risk cross-site scripting (XSS) problem, and two moderate issues. Many of these same vulnerabilities ended up addressed in version 10.0.6 of Mozilla’s “enterprise” Extended Support Releases (ESR) of Firefox ESR and Thunderbird ESR.

Thursday, June 21, 2012 @ 12:06 PM gHale

Risk-based security strategy is the right way to go for most enterprises, but the problem is they have not taken any steps to implement a plan, a new study said.

Commitment to risk-based security management (RBSM) is high, but implementation is low, according to The State of Risk-Based Security Management, a survey conducted by the Ponemon Institute and sponsored by security vendor Tripwire.

Targeted Attacks Cost Companies
White House: Congress Must Pass Cyber Laws
Cyber Crime Grows More Complex
Cyber Report: Life on Technology Edge
Cyber Security Month: DHS Eval Tool

Although 77 percent of the organizations in the study claim a significant or very significant commitment to RBSM, their actions do not back up this claim, the study says.

Slightly more than half of respondents (52 percent) said they have a formal RBSM function, program, or set of activities dedicated to risk-based security management, according to Ponemon. Less than half (46 percent) report they have deployed any risk management program activities at all. Forty-one percent don’t classify their information according to its importance to the organization.

Among those organizations that do have a formal function, program, or set of activities dedicated to risk management, 74 percent have either partially or completely implemented some risk management practices, the study said.

Most organizations are looking to reduce risk by implementing preventive tools and practices, but many do not have tools and practices for detecting threats and compromises once they have penetrated enterprise defenses, Ponemon said.

“It turns out that 80 to 90 percent of the organizations report deploying the majority of the important preventive controls, but only 50 percent report deploying the majority of important detective controls,” the survey said.

While many respondents indicated a lack of resources, skilled personnel, and leadership are barriers to implementing RBSM, Ponemon said the lack of a formal program or strategy is a more significant roadblock.

Thursday, June 14, 2012 @ 02:06 PM gHale

By Gregory Hale
In case anyone was wondering, air gaps don’t exist.

They may have at one time, but in today’s modern manufacturing automation environment, they are not viable. An air gap is a physical gap between a network in the enterprise and a control system where digital information cannot cross that line. Yes, vendors and experts talk about air gaps as being a supreme security measure, but if you listened to Eric Byres, chief technology officer and vice president of Tofino Security, during his session entitled “Air Gaps and Unicorns: Do they really Exist?” at Wednesday’s Honeywell Users Group (HUG) 2012 in Phoenix, AZ, a super worm, like Stuxnet, didn’t even care if there was an air gap or not. It had quite a few different attack vectors and it knew how to use them.

HUG: Security Plan a Must
HUG: IT Solutions Group Forms
HUG: Next Gen Technology
FBI Frets Switch to IPv6

“Stuxnet was assuming there was always another pathway in,” Byres said. “Stuxnet played on the human nature of control systems.”

If everyone is fine with the idea an air gap does not really play into the security equation, then the next step is to understand what you really have to protect and then work on a plan that involves solid technology and also fit in the human factor.

“If you want security to work, you have to have it work with the way a human works,” Byres said. “If you design security that runs counter to human nature, then that will be a design flaw.”
Some of the areas Byres said a user should do are:
• Manage all flows into the industrial control system (ICS)
• Manage all flows out of the ICS
• Subdivide the ICS system employing the zones and conduits approach
• Detect unusual behaviors on the ICS system
• Don’t focus on protecting your system, focus on knowing your system

One of the areas Byres talks about frequently is companies should not get caught up in the hype of the latest huge potential attack, but rather understand what you really have to protect.

“Have strategies for looking at all pathways,” he said. “Always protect the crown jewels. Start with what really matters.”

One of the ways to protect those key assets is to understand the system.

“Control systems are usually pretty steady. Knowing that, you can really find out and understand when there is some anomaly on the system. That is something to look at.”

There is no one way to protect systems, instead there is a multitude of options a user must employ to keep the system up and running.

“You have to remember air gaps are a dangerous illusion,” Byres said. “Defense in depth is the only real defense.”

Tuesday, March 6, 2012 @ 05:03 PM gHale

Information is intrinsic to the core of any business. Most organizations would find it impossible to function without the availability and absolute privacy of their proprietary – and priceless – information. Therefore, securing it across the extended enterprise is critical to the success of any organization.

Every organization needs to take a layered approach to security, utilizing both processes and solutions designed to prevent compromise. Complicating the challenge of managing risk and securing data is the fact “the enterprise” now extends far beyond what were the traditional boundaries of enterprise networks and perimeter firewalls. Companies are giving direct network access to trusted business partners and contract workers, and in some cases, even to customers.

Workers access the enterprise network remotely using consumer-class mobile devices, many of which are personally owned and not controlled by the company whose network they access.

Moreover, data and applications are being moved into public and hybrid cloud environments where the data owners have little direct control over security.

Find out more in the McAfee white paper.

Archived Entries