Network Security Blog

It’s hard doing interviews on the showroom floor at RSAC.  Even the relatively quiet places are incredibly noisy when you get right down to it.  The good thing is it hopefully masked the worst of my mispronunciation of Roel Schouwenberg’s name.  Roel is the Senior Anti-Virus Researcher at Kaspersky Lab and spent some time talking to me in the Threat Post booth on the showroom floor at RSA 2010.  We started off talking about the omnipresent APT, moved into slicing apart signature-based AV and end up on organized crime and what the future may bring. 

NSP-RSAC2010-KasperskeyLab.mp3

Jan Hichert, CEO of Astaro Internet Security, and I met in one of the quieter hallways of the 2010 RSA Convention.  Of course, ‘quiet’ is a relative term when it comes to RSA, but the audio came out acceptable in any case.  We talked about several of the new products Astaro is offering this year, including Astaro Mail Archiving, Astaro Wireless Security and Astaro RED.  We finished the conversation talking about Jack Daniel’s new position at Astaro, social media and Security BSides.  I think Astaro is one of the few security companies that actually get social media, in large part thanks to Jack. 

NSP-RSAC2010-AstaroSecurity.mp3

While I’m sure Mikko Hypponen, Chief Research Officer at F-Secure, is getting as tired as hearing the term APT* as the rest of us are, he had some insight into what’s really happening with this threat and the fact that it’s not something new, it’s just the acknowledgment that it’s happening that’s new.  He’s been seeing similar attacks going on for nearly six years, what’s changed is the recognition and public attention to the threat that’s something new.  He believes that the organized crime component of malware will be moving to smart phones as the criminals realize that it’s easier to make money quickly and easily from phones than the complicated hoops they have to jump through to make money from computers.

NSP-RSAC2010-FSecure.mp3

* I’m with @CSOAndy who believe the A in APT should stand for Adaptive, not Advance.  It’s much more descriptive of what’s really happening.

Note:  Rich and I were kind of busy this week, so we let Zach run with the podcast.  Now I have to go back and listen myself to hear what was said.  I’ve been told I shouldn’t be worried, but…

Martin and Rich are away at RSA — and I’m all alone. Well, actually, I have a special guest host: Jamie Arlen (a.k.a. Myrcurial) — and boy did we have a lot to talk about. Tonight’s show is a bigun’, clocking in at about 50 minutes. So, apologies for the lengthy show and file.

Network Security Podcast, Episode 187, March 3, 2010
Time:  51:05

Show Notes:

• RSA: Securing cloud computing is industry responsibility says Art Coviello
• Google Joins the Cloud Security Alliance
• Report: The Command Structure of the Aurora Botnet:History, Patterns, and Findings (Damballa)
• Authorities bust 3 in infection of 13M computers
• Verizon Incident Metrics Framework Released
• Open Wi-Fi ‘outlawed’ by Digital Economy Bill
• Tonight’s music:  Another Devil’s Fool by Freeky CleanN

I caught up with Pedro Bustamante, Senior Research Analyst from Panda Security, for a brief interview about what his company is doing in 2010.  Panda recently received ICSA Lab certification of their cloud AV product, which required some retooling of the ICSA processes.  Panda is releasing a new, free, no-registration version of their product as well as an upgraded version of their existing anti-virus that includes many of the features that Panda customers have been asking for.  We talked about a new USB vaccine Panda is releasing which ‘inoculates’ a USB drive by writing an unalterable file to the drive before a virus can.  Finally we discussed the sheer amount of data Panda is collecting and how much of it they’re able to process automatically.  But there does, and always will, remain a small fraction of a percent of the data that has to be inspected by human beings to catch the new and the interesting that malware writers are creating.

NSP-RSAC2010-PandaSecurity.mp3

One of the things I don’t believe we see enough of in the security field is independent testing.  Vendors of all stripes make claims about what their products do, and without independent testing it’s hard to tell if they’re the cream of the crop or a bad apple.  ICSA Labs is one of the few companies that do the sort of testing that’s needed to provide the information to tell the two extremes apart.  I took a few minutes to sit down with Andy Hayter of ICSA Labs to talk about anti-virus testing, education of consumers and a new initiative to use the testing ICSA does in the real world.  For the sake of transparency, ICSA is a part of Verizon, the company I work for as well.

NSP-RSAC2010-ICSALabs.mp3

As a PCI QSA, one of the big technologies I’m looking at this show is end-to-end encryption (E2EE).  So it’s no surprise that my first interview of RSA 2010 is with Mark Bower, the Director of Information Protection Solutions at Voltage Security.  We talk about what E2EE is, how it will affect merchants and what we might be seeing in the future from Voltage SecureData Payments POS SDK.  I hope that we’ll see adoption of Voltage’s SDK or something very similar in the coming year, we need to help merchants protect cardholder data as close to the point it enters their network as possible.

NSP-RSAC2010-VoltageSecurity.mp3

The best laid plans of mice and all the that:  I planned too much for RSA this year and despite having several interviews already recorded and edited, finding the time to actually upload them has been nearly impossible so far.  It doesn’t help that AT&T’s 3G network in downtown San Francisco is severely impacted by 10,000 security professionals descending on the area for a week.  Hopefully I have a chance to get a little more time between meetings today. 

Today’s schedule is both heavier and lighter than yesterdays.  It’s heavier because I have meetings with F-Secure, Xceedium, Astaro, Agiliance, Kaspersky Labs and a metric ton of parties to go to tonight.  It’s lighter because I actually scheduled a little time between meetings and some time to wander the show room floor for a couple of hours.  I still may not have the time to upload or edit many of the interviews I’m collecting.  I vow my schedule next year will have to be a lot lighter.  I think I’ve made that vow before though.

Time to go find coffee and get ready to assault the day.  Because I know if I don’t take a running charge at my schedule, it’s going to run me over.

The good thing about living close to San Francisco is that I can work from home this morning and head in to the Moscone Center in the early afternoon.  The bad thing about living close to San Francisco is that I have to work from home this morning and can’t head in to the Moscone Center until early in the afternoon.  I was already hearing about all the informal gatherings taking place last night that I couldn’t participate in because I was still at home.  But I’ll get to join in just a few hours, after I finish taking care of the things that must be done to prepare for RSA.

Today’s interview schedule is actually relatively light.  I have a meeting with Voltage Security to hear about end to end encryption; one of the first questions for them will be defining E2EE, which I suspect we’ll disagree on slightly.  The next meeting is with the folks from ICSA Lab, to hear about the new threats that arose in late 2009/early 2010.  Then I’ll be meeting with Panda AV to hear about what’s changed since they introduced their Cloud AV product last year.  With just a little luck, I’ll be able to edit and post all three of these interviews up before it’s time to head out to the first of the RSA parties. 

If you’ve got questions for any of these folks or the other people I’ll be interviewing this week, please leave a comment and I’ll do my best to ask your question.  As always, the point of the Network Security Microcasts is to give you an idea of what’s going on at the events in as near real time as I can.