The Lazy Genius

Security News & Brain Dumps from Xavier Ashe, a Bit9 Client Partner

Archive for September, 2008

New ISC(2) Certification

Posted by Xavier Ashe on September 30, 2008

I am pleased to inform you that (ISC)2 launched a brand new certification program designed to validate secure software development practices and expertise and address the increasing number of application vulnerabilities. The need for education and certification in this area has become an overwhelming global concern in the industry and as a certifying body and proponent of continuing professional education we were presented the opportunity to provide a solution to address the issue.

The Certified Secure Software Lifecycle Professional (CSSLP) aims to stem the proliferation of security vulnerabilities resulting from insufficient development processes by establishing best practices and validating an individual’s competency in addressing security issues throughout the software lifecycle (SLC). It takes a holistic approach to software security. Code-language neutral, it will be applicable to anyone involved in the SLC, including analysts, developers, software engineers, software architects, project managers, software quality assurance testers and programmers. CSSLP is the only certification in the industry that ensures that security is considered throughout the entire software lifecycle.

Read more on CCCure.org.

Advertisements

Posted in Security | Leave a Comment »

Security and Society: Role of Government

Posted by Xavier Ashe on September 29, 2008

Posted in IBM, Security | Leave a Comment »

Security Management: A Chicken & Egg Problem

Posted by Xavier Ashe on September 8, 2008

Today’s security information and event management products and practices, as well as log aggregation and analysis technology, are still largely the same as they were in 2006. Oh, the players have changed — the big vendors now dominate the SIEM market — but there hasn’t been a revolution in the automation of security management technology or practices that even comes close to matching the revolutions we see in attack vectors almost every week.

It may sound like I’m dinging the SIEM technology vendors for a lack of recent innovation, but I’m not. The problem here really isn’t the vendors, but enterprise security managers. Vendors are only as good as the market demands, and so far, most security pros are still too busy fighting fires to really put much thought, time, or money into the management problem.

Interesting article on Dark Reading.

Posted in Security | Leave a Comment »

Judge: Man can’t be forced to divulge encryption passphrase

Posted by Xavier Ashe on September 8, 2008

A federal judge in Vermont has ruled that prosecutors can’t force a criminal defendant accused of having illegal images on his hard drive to divulge his PGP (Pretty Good Privacy) passphrase.

U.S. Magistrate Judge Jerome Niedermeier ruled that a man charged with transporting child pornography on his laptop across the Canadian border has a Fifth Amendment right not to turn over the passphrase to prosecutors. The Fifth Amendment protects the right to avoid self-incrimination.

Niedermeier tossed out a grand jury’s subpoena that directed Sebastien Boucher to provide “any passwords” used with his Alienware laptop. “Compelling Boucher to enter the password forces him to produce evidence that could be used to incriminate him,” the judge wrote in an order dated November 29 that went unnoticed until this week. “Producing the password, as if it were a key to a locked container, forces Boucher to produce the contents of his laptop.”

Especially if this ruling is appealed, U.S. v. Boucher could become a landmark case. The question of whether a criminal defendant can be legally compelled to cough up his encryption passphrase remains an unsettled one, with law review articles for the last decade arguing the merits of either approach. (A U.S. Justice Department attorney wrote an article in 1996, for instance, titled “Compelled Production of Plaintext and Keys.”)

Read the full article on C|Net News.

Posted in Security | Leave a Comment »

TSOM Redbook

Posted by Xavier Ashe on September 5, 2008

Network and resource availability is critical to business and service assurance. But enterprises, federal agencies, and service providers can lose millions of dollars per year as a result of worms and other types of malware that bring down corporate resources and customer-facing services. That is why information security is one of the top concerns of every CIO in any organization. To maximize resource and service availability and protect customer information, today’s information security teams must be able to:

– Quickly recognize and handle security incidents.
– Enforce security policies.
– Support audit and compliance initiatives.

The problem is that each of these activities involves security data that resides throughout the organization. Enterprises and service providers need to be able to access and quickly analyze this time disparate data quickly and efficiently. In today’s complex, multi vendor environments that means leveraging an automated, integrated solution. In response to these challenges, IBM Tivoli Security Operations Manager, a security information and event management (SIEM) platform is designed to improve the effectiveness, efficiency and visibility of security operations and information risk management.

This IBM Redbooks publication helps you design/create a solution using Tivoli Security Operations Manager to centralize and store security data from throughout the technology infrastructure so that you can:

– Automate log aggregation, correlation and analysis.
– Recognize, investigate and respond to incidents automatically.
– Streamline incident tracking and handling.
– Enable monitoring and enforcement of policy.
– Provide comprehensive reporting for compliance efforts.

This book is a valuable resource for security officers, administrators and architects who wish to understand and implement a Security Event and Information Management system.

Download the new IBM Redbook: Deployment Guide Series: IBM Tivoli Security Operations Manager 4.1

Posted in IBM, TSOM | Leave a Comment »

TSOM + CloudShield + ISS + Blade = Awesome

Posted by Xavier Ashe on September 4, 2008

IBM (NYSE: IBM) on Tuesday introduced a blade server that supports CloudShield Technologies’ software for real-time analysis of network traffic to prevent viruses and denial of service attacks.

“The IBM BladeCenter PN41 enables service providers to manage their network, security and telecommunications technology on a integrated platform,” Jim Pertzborn, VP of telecommunications industry solutions for IBM Systems Group, said in a statement. “This integration can help service providers meet their customers’ evolving requirements for data, voice and video services.”The new blade and software support are key components of IBM’s hardware, software and services framework for service providers. The package also includes IBM’s intrusion prevention technology and Tivoli Security Operations Manager.

Read the full article on InformationWeek.  I first heard about this project about 2 years ago when I was helping develop solutions for the Telecom group at IBM.  It’s taken a lot of work to get this packaged together and I am glad to see it finally hit the streets.  Other sites that have picked this up:

Posted in IBM, ISS, Security, TSOM | Leave a Comment »

 
%d bloggers like this: