This week Alan Shimel and I discuss the meaty security topic of APTs (Advanced Persistent Threats). Also joining us is Michael Sutton, VP of security research at Zscaler.
APTs are a class of network security attacks that target intended organizations for a very specific type of gain; financial, intellectual property, geopolitical, etc. They are advanced in the sense they intelligently attack specific targets, rather than “rattling doors” looking for whatever vulnerabilities might be exploited, using more sophisticated attack methods.
APT attacks can stretch over long periods of time, usually many months, rather than hammering a site or system over a few minutes or hours. We used to call these types of security attacks “slow rolling” or “under the radar” attacks. APTs can also use watering hole techniques, compromising an external site or online service a company uses or compromising a business partner of the intended target. Bottom line is APTs aren’t mindless bots or random network attacks.
Also check out Alan’s post on NetworkWorld about the APT podcast.
There’s a lot more to say on the topic so listen in. I hope you enjoy the podcast.
During this episode, Alan and I talk about:
The podcast is full of the usually banter and tomfoolery so join us for thirty-five minutes of fun and good security information.
And don't forget to send us your podcast name ideas. The winner will receive a free t-shirt (the valuable part of the prize) and get to appear on our podcast. Email me at <mitchell at mitchellashley dot com>.
We have another network security blog in the house. Not too far on the heals of Secure64 CEO, Steve Goodbarn, two of his technical guys have decided to join the ranks of the network security bloggers. The blog, www.Paths2Trust.com, is co-authored by Joe Gersch and Bill Worley. Joe, the head of development for Secure64, has taken the lead and started putting up some blog posts while Bill’s been heads-down cranking out DNSSEC product code.
The primary topic of their blog is DNSSEC. Both are active in secure DNS product development and I expect they’all also share some of their experiences with the standards bodies, DNSSEC adoption, and implementing DNSSEC. Both Joe and Bill have the career chops to talk tech and I’m sure we’ll enjoy hearing what they have to say not only about DNSSEC but also their past experiences in networking, RISC computing platforms (in which Bill is an industry pioneer) and other topics of interest.
I enjoy working with all of these guys as part of my Converging Network LLC business. It’s a real pleasure to see them joining the security blogging community. Take a moment to welcome them by checking out both www.paths2trust.com and www.stevegoodbarn.com. You can also check out Steve on his recent SSAATY podcast appearance.
It's always satisfying when someone takes your advice and as a result I'm happy to welcome a new blogger who's decided to join us. The new blogger on the block is Steve Goodbarn, CEO of DNSSEC vendor Secure64. Steve's a client of my business, Converging Network LLC, and we've been talking about doing a blog with two of his other "more technical" executives. But after spending time with Steve it was really clear he has a unique perspective and a great deal of wisdom to share with us. Steve comes from a background as CFO of Janus Funds, so he really understands how businesses (and CFOs in particular) evaluate, assess and justify risks and mitaging costs around security purchases. Plus he's a genuinely nice guy which I'm sure others will discover as they read his blog and meet Steve at various industry events and security blogger get togethers.
Join me in welcoming Steve to the blogosphere and the community of security bloggers. You can find Steve at http://www.stevegoodbarn.com. Steve also recently appeared on SSAATY podcast episode #61 with Alan and me.
Fast on the heals of our podcast with Steve Goodbarn of DNSSEC vendor Secure64, Alan and I whipped up an interview with Mike Rothman to talk shop about security and his goings on at his new company, eIQ Networks. Honestly, I thought Mike had sworn off working for another product company and would never had guessed he’d join someone from the SIM space, so you can imagine I was pretty to surprised to hear Mike found a new home at eIQ Networks. That says a lot about what he thinks about the prospects for eIQ and the kind of team he’s joining. Mike’s been a good friend to me, and many in the security world, and I definitely wish him all the best in his new role at this new company.
Just in case you are wondering, Mike is going to continue blogging at Security Incite and is also launching a corporate blog and podcast at eIQ Networks. Since social media for product companies is something I specialize in myself, I'm interested to see where Mike will take the corporate blogging efforts. BTW, if you'd like to learn more about the social media strategy and product innovation services of Converging Network LLC, please contact me directly.
Our guest on SSAATY podcast #61 is Steve Goodbarn, former Janus Funds CFO and now CEO of Secure64, maker of highly scalable and deployable DNSSEC products. DNSSEC has been in the news a lot lately, (Network World seems to be the place where it's covered most), largely because of Dan Kaminsky's talk this summer at Black Hat 2008 in Las Vegas. Now you frequently see articles and blog posts explaining how cache poisoning exploits can be used to hijack not just individual servers but entire domains, right up the path to .com, and . root.
Fortunately solving DNS security isn't as ginormous as stopping global warming but to truly secure DNS then DSNSEC would need to be fully deployed throughout the Internet and will happen in steps over time (as discussed in this blog post.) That's where Steve and the other experts at Secure64 come in. They've developed technology that can both handle the high speed demands of very large DSN infrastructure (and small) and makes DNSSEC much easier to deploy. Both of these challenges are obsticles DNSSEC has faced until now. Secure64 is not only a client on Converging Network LLC (my company) but also someone who I think will be a winner in the new era of domain sercurity services.
In the podcast Steve gives Alan and me his take on the DNS security issues and how Secure64 tackles these problems for their customers. Steve and some of the technical leaders are getting into blogging, with a little prodding and assistance from yours truly. Steve's blog is at www.stevegoodbarn.com. Secure64's CTO, Bill Worley, and VP of engineer, Joe Gersch (read more about them both here) also have their own blog at www.paths2trust.com.
If you'd like to learn more about the social media strategy and product innovation services of Converging Network LLC, please contact me directly.
Alan and I are getting back into the swing of doing podcasts regularly again. I guess since we don't work together every day any longer, this is a way we maintain our industry connection along with our personal friendship. Alan's ying and I'm yang. He's "click" and I'm "clack". (An NPR Car Talk radio show reference.) He's a former New York lawyer, I'm Nebraska small town guy. He's loud and opinionated, I'm quiet and informed (lol). We once had a COO candidate interviewing with our company who first interviewed with Alan and then talked with me. After we both got a better understanding of each other, she said "You and Alan must really hate each other. I'll bet you go at it all the time. You're both so different." She was pretty shocked when I told her we actually were really close friends and have a great time working together. I really enjoy Alan's friendship.
When time came to do our podcast again, Alan called me and said "Lets do one. Got any guests?" I'm working on getting a couple of guests lined up but I didn't have anybody ready yet. So he said, "Lets check on Twitter." Trolling for guests on Twitter — how funny, I thought by hey why not. Literally seconds later, Mike Murray responded saying he'd join us. Mike had just turned on his cell phone and see our Twitter message while his plan was headed to the gate. So the sound is a bit rough (Mike was in an airport) but having him on the show was well worth it.On this episode we talk with Mike about why signature-based security product do and don't still matter, how IT spending less will impact security, and experiences working with security professionals who don't seemingly have as much security training. Of course a good bit of our discussion centers around the US economy, or lack of one depending whether you believe we've hit bottom or there's a ways yet to go.
This week Bill Brenner, senior editor at CSO Online, joins Alan and me to discuss the impact the financial crisis will have on security in enterprises, small businesses and the security industry itself. We're likely to see a lot more federal regulations and this could actually be good for network security (see my Network World blog post about recessions, transparency and network security.) The interview is also a good insight into the world of a media writer/editor, as Bill shares why he move from reporting on the everyday security news to his new position where he gives his own insights and comments into what's happening.
Alan and I also talk about a host of items including the every evolving M&A activity in the security industry, Apple's wonderful blackbox "we know better" iPhone (which wiped out all of Alan's music during a recent upgrade), and "green IT" press releases by Mirage Networks and others.
Enjoy the podcast. If you are interested in sponsoring the podcast, feel free to contact us.
It's that time again and we really have a "big show" for you with episode 57 of the SSAATY Podcast. Industry veteran and luminary Tom Noonan joins Alan and me. Unless you are new to security, you know that Tom was the co-founder of Internet Security Systems (ISS) which was sold and is now part of IBM. Through ISS, Tom helped make intrusion detection, vulnerability management, unified threat management, and security research (through the X-Force team) commonplace within the security industry.
Tom's now retired from IBM following ISS's integration into the company and is now on the advisory board of Rohati. Rohati provides Network-Based Entitlement Control (NBEC), offering the Rohati TNS 100, 500 and Central Management System products. Tom's excitement about Rohati and the Rohati team is clear and you can tell he's enjoying his advisory role with the company.
During the podcast, we reflect on Tom's early experiences with ISS and how that has shaped and relates to today's security industry. Tom's view is that it's still early in the life of the security industry and there's ample opportunity for new companies and technologies to emerge and make an impact.
Whether you are a security newbie or veteran, you'll find the interview with Tom informative and inspiring, so join Alan and me in welcoming Tom to episode 57 of the podcast.
As a wrap up, Alan and I talk about some of the acquisition rumors, including Citrix being in play with Microsoft, Cisco and IBM, and Juniper is looking at Aruba and Meru Networks. Alan also applies some smackdown on Mirage Networks for making such a big deal about running their NAC product as a virtual software appliance. Alan also surprises us with his less than enthusiastic experience with his iPhone 3G, and surprisingly is ready to bring back his Microsoft Windows Mobile 6 phone in place of the iPhone. I'm glad Alan's finally seen the light and sees Apple for what it is, a closed hardware and closed software company that's more about cool fads and cultish followings than easy to use, functional, customer centered products. Since recording the podcast, Apple's now taken to banning competitive products from App Store too! Looks like Alan isn't the only one with iPhone buyer's remorse.
The latest installment of the SSAATY podcast is up and available. Michael Montecillo, a security practitioner and analyst with Enterprise Management Associates, stops by to join Alan and me on the podcast. After tricking Michael into a setup Brazilian Jujitsu match with Chris Hoff, we turn our attention to more serious matters; the roll of analysts in the network security industry. The discussion covers the influence analysts have on a vendor's fate, how much vendors can influence analysts and their coverage, and just how reliable predictions are by analysts. We have a good bit of fun and I know you'll enjoy the podcast.
The podcast was recorded in the Medioh studios in Boulder, Colorado, by Medioh CEO Scott Converse. Special thanks to Scott for hosting us one again and acting as our podcast sound engineer.
We have a new URL for the podcat, http://www.ssaatypodcast.com if you'd like to subscribe to the RSS feed or listen to other episodes.
Enjoy the podcast!