Palo Alto Networks News of the Week – May 23

In a three-part series, CSO Rick Howard highlights the importance of understanding differentcyber adversaries and their motivations. Check out Part 1Part 2 and Part 3.

Healthcare organizations are at risk of being the next “Target” for cyber criminals. We’re encouraging an AVR report with Palo Alto Networks to gain deeper visibility into what’s on your network.

On May 20, Palo Alto Networks Wildfire detected the start of the latest Kuluoz spam campaign.

Customer Spotlight: Animal Logic, one of the world’s most accomplished digital studios, relies on Palo Alto Networks next-generation firewall to more efficiently manage its network security.

Palo Alto Networks responded to the recent Richard Stiennon article in Forbes about Microsoft licensing within embedded systems.

Here are more upcoming events you should know about:

Oppdag hurtig ukjente trusler med utvidet visibilitet og intelligens. [Norwegian]
When: May 27, 2014 from 3:00 PM – 3:30 PM CET
Where: Online

Expose the Underground [Spanish]
When: May 28, 2014 from 8:00 PM – 10:00 PM CST
Where: Ciudad de Mexico, DF

Next Generation Security Technical Workshop
When: May 28, 2014 from 10:00 AM – 1:00 PM GMT
Where: London

Palo Alto Networks: Live Demo
When: May 28, 2014 from 9:00 AM – 10:00 AM PST
Where: Online

Transforming Networks Security with the Software Defined Data Center
When: May 28, 2014 from 1:00 PM – 2:00 PM CET
Where: Online

Ultimate Test Drive Workshop Brisbane
When: May 28, 2014 from 11:00 AM – 3:00 PM GMT+10:00
Where: Brisbane

AFCEA: Spring Intelligence Symposium – Intel
When: May 29, 2014 from 8:00 AM – 6:00 PM EST
Where: Bethesda, MD

Combat APTs with Palo Alto Networks
When: May 29, 2014 from 10:30 AM – 11:30 AM GMT+7:00
Where: Online

Expose the Underground
When: May 29, 2014 from 11:30 AM – 1:30 PM MST
Where: Edmonton, AB

Expose the Underground [Spanish]
When: May 29, 2014 6:30 PM – 9:00 PM CST
Where: Monterrey

Oppdag hurtig ukjente trusler med utvidet visibilitet og intelligens. [Norwegian]
When: May 30, 2014 from 3:00 PM – 3:30 PM CET
Where: Online

Combat APTs with Palo Alto Networks
When: June 3, 2014 10:30 AM – 11:30 AM GMT + 7:00
Where: Online

Discover Unknown Threats with Extended Visibility and Intelligence
When: June 3, 2014 1:00 PM – 2:00 PM CET
Where: Online

Palo Alto Networks: Live Demo
When: June 4, 2014 9:00 AM – 10:00 AM PST
Where: Online

Discover Unknown Threats with Extended Visibility and Intelligence
When: June 5, 2014 1:00 PM – 2:00 PM CET
Where: Online

Palo Alto Networks: Live Demo ANZ
When: June 5 2014, 10:00 AM – 11:00 AM GMT + 10:00
Where: Online

[Source: Palo Alto Networks]

IT’s Hottest Jobs: Information Security Architect

[Randy Gross]

Job title or job role:

Information Security Architect

Key responsibilities for this individual:

Information security architects plan and carry out security measures to protect an organization’s computer networks and systems. Their responsibilities are continually expanding as the number of cyberattacks increases

The information security architect is responsible for analyzing information security systems and applications, and recommending and developing security measures to protect information against unauthorized data modification or loss. Access control, intrusion detection, virus protection, certification, audit, incident response, security engineering, development and implementation of security policies and procedures are some of the areas that this individual is engaged in on a regular basis. Typical job responsibilities can include:

  • Designing security models; reviewing and approving security configurations and installation of firewall, VPN, routers, IDS scanning technologies and servers.
  • Overseeing security awareness programs; educating staff on information security policies, procedures and practices.
  • Monitoring industry security updates, technologies and best practices to improve security management.
  • Participating in the development of hardware/software/network security procedures and guidelines that support information security policies.

Top industries or markets needing this position:

Demand for information security architects is high. As cyberattacks grow in frequency and sophistication, many organizations find themselves falling behind in their ability to detect these attacks. Security architects are needed to develop innovative solutions to prevent hackers from stealing critical information or creating havoc on computer networks.

The federal government is expected to greatly increase its use of information security architects to protect the nation’s critical IT systems. In addition, as the healthcare industry expands its use of electronic medical records, ensuring patients’ privacy and protecting personal data are becoming more important. More information security architects will likely be needed to develop the safeguards that will satisfy patients’ concerns. Financial services companies also have a growing need for information security architects.

Preferred job roles or work background desired in this job role:

Candidates for the position of an information security architect should have at least eight to 10 years of experience in the IT field, with a broad range of exposure to all aspects of business planning, systems analysis and application development. Additionally, three to five years of experience specifically devoted to information security is advisable.

A bachelor’s degree (or advanced degree) in information technology, information security, computer science, mathematics or a related field is also the norm for this job.

Many employers will also require or prefer that candidates have advanced security-related industry certifications. Examples include CompTIA Security+, CompTIA Advanced Security Practitioner, Certified Information Systems Security Professional (CISSP), Certified Network Security Professional (CNSP) and Certified Hacking Forensics Investigator (CHFI).

Technology, business and soft skills needed for success in this role

Technology skills for an information security architect should include:

  • Knowledge of risk assessment procedures, policy formation, role-based authorization methodologies, authentication technologies and security attack pathologies
  • Technical proficiency in security-related hardware and software, forensics and other security systems and tools.
  • Technical proficiency in broader areas of IT, including networking, servers, desktops and mobile devices.

Desirable business and soft skills should include:

  • Oral and written communication skills with the ability to present and discuss technical information in a way that’s understandable for non-technical audiences.
  • The ability to lead both technical teams and project teams that cross multiple business functions.
  • Problem solving and analytical ability.
  • Strategic thinking and relationship management.

Top challenges of acquiring this talent:

Like many higher-level IT jobs, the role of information security architect is one that currently has more demand than supply. The Bureau of Labor Statistics reports that the employment outlook for security architects is expected to grow about 20 percent through the year 2018 as the need for information security and workers with security skills increases.

Best sources for recruiting individuals into this role:

Because the security architect is responsible for maintaining the security of a company’s computer system, they must think like a hacker would, anticipating the moves and tactics that hackers might use to try and gain unauthorized access to a computer system or network. Some IT experts feel that the best security architects are former hackers, making them very adept at understanding how the hackers will operate.

Best sources for developing internal staff into this role:

Many security architects begin their careers in entry-level positions as IT support specialists. This job provides the training necessary to become familiar with network systems, security and problem solving.

A lower level IT staff member often will demonstrate the aptitude and attitude to be trained and certificated for security-specific jobs. Someone in an entry-level position may operate software to monitor and analyze information, while a more senior-level position could be engaged in investigative work to determine whether a security breach has occurred.

Look for employees who demonstrate good organizational and problem-solving skills. They also need strong problem-solving and analytical skills

Time needed to train and “on-board” an individual into this role:

This is not an entry-level position. Many people venture into the occupation only after working in other IT roles such as computer technician.

Because of the critical nature of the information security architect, several years of experience in advanced security tasks is highly recommended. This experience may be gained by prepping an internal candidate for a senior security position; or recruiting an experienced security architect from another organization.

Candidates for the position of an information security architect should have at least eight to 10 years of experience in the IT field, with a broad range of exposure to all aspects of business planning, systems analysis and application development. Additionally, three to five years of experience specifically devoted to information security is advisable.

Competitive salary and benefits required to hire this individual:

The average pay for an information security architect is $106,974 per year, according to PayScale, a provider of data and insights around salary and career topics. Total pay for this position (salary and benefits) ranges from $82,714 to $157,556. Factors such as geographic location, known technologies, certifications and practical field experience can affect the salary level.

Best ways to measure success of the individual in this role:

The Information Security and Control Association has developed high-level guidance for information security governance and evaluation of security performance. They propose six areas that organizations should focus on when measuring the performance of security personnel and programs:

  1. The strategic alignment of information security in support of business objectives.
  2. Executing appropriate measures to mitigate risks and reduce potential impacts on information resources to an acceptable level.
  3. Integration of all relevant assurance functions to maximize the effectiveness and efficiency of security activities.
  4. Optimizing security investments in support of business objectives to achieve the best return on security investments.
  5. Using information security knowledge and infrastructure efficiently and effectively.
  6. Monitoring and reporting on information security processes to ensure that objectives are achieved.

About the author: Randy Gross is the Chief Information Officer for CompTIA, the ICT Industry Trade Association.

The Latest Kuluoz Spam Campaign Kicks Off

At 06:47 PST on May 20 Palo Alto Networks WildFire detected the start of the latest Kuluoz spam campaign. The total number of e-mails detected quickly rose to over 30,000 per hour around noon PST and had not begun to slow down as of 1:30PM PST.

 

Kuluoz is a descendant of the Asprox malware and spreads by sending copies of itself as an e-mail attachment. As the malware infects more systems, the systems begin sending more e-mails which leads to more infections. Kuluoz makes money for its owner by installing other malware, such as crimeware or fake antivirus programs.

Kuluoz e-mails often trick the reader into thinking they are delivery notifications (such as UPS or Fedex), or notices from airlines or payment processors. In this case the e-mails claim to contain a document about a court case.

Subject: Hearing of your case in Court
From: Notice of Appearance

Pretrial Notice,
Please, download the copy of the court notice attached herewith to read the details.
Note: The case may be heard by the judge in your absence if you do not come.

Truly yours,
Clerk to the Court.
Olivia Smith

Each e-mail carries one of the following attachments:

  • Court_Notice_May-20_Date_IN-FN_2014.exe
  • Court_Notice_May-20_Date_EN-RM_2014.exe
  • DC_Court_Notice_ER_NSER[4 Random Numbers].zip

These attachments are different versions of the malware that has been packed to evade antivirus engines. Twelve of the 53 scanners on virustotal.com now detect the first variant of the malware, but only three detect the latest version.

To determine where the highest number of infected nodes are, we mapped the sending IP address for each of the attach e-mails to their rough geographic location. While there are infected systems around the world, the largest concentration is in North America, particularly the United Stats and Canada.


Geographic Distribution of Koluoz Spam Nodes in North America

Thus far we’ve detected the following command and control servers in use.

  • 192.69.192. 178:443
  • 59.106.185. 11:443
  • 173.203.113. 94:443
  • 69.60.8. 88:8080
  • 205.186.156. 218:8080

The network traffic generated by each Trojan uses the HTTP protocol, and despite its use of port 443, is not encrypted with SSL.

As with most fast-spreading malware, antivirus engines will typically begin detecting the files a day or two after the spread has begun. While we haven’t seen any indication that the spam volume has begun to slow down, we do expect the campaign to wind down in the next 24 hours, but a new campaign will probably be close behind. WildFire users can rest assured that they’ll be protected from whatever Kuluoz has in-store next.

[Source: Palo Alto Networks]

Palo Alto Networks News of the Week – May 16

Interested in the top Palo Alto Networks news from this past week? It’s all right here.

Palo Alto Networks researchers identified a new Trojan, Funtasy, that targets Spanish Android users with sneaky SMS charges.

For the Record: We recently asked several Palo Alto Networks customers to describe the benefits of WildFire, and why adding a WildFire subscription to their Palo Alto Networks deployment is a better option than buying a standalone detection product or service.

Sharat Sinha, Palo Alto Networks VP, detailed 3 security priorities for the Asia Pacific region.

Kevin Magee, Palo Alto Networks Regional Sales Manager for Ontario, Public Sector, shared his perspective on the success of the Palo Alto Networks Expert Forums held recently in Ontario’s unique public sector community.

We hosted our third annual EMEA Expert Tour under the sun this week in Marbella, Spain with NextWave partner sales engineers and technicians across the EMEA region.

We talked at our Federal Expert Forum about tackling the government’s toughest cybersecurity challenges.

As a continuing part of our government and public sector activities, we are featured on Federal News Radio/WTOP in the United States over the next few months. Check it out to hear Rick and Steve Hoffman, VP, U.S. Federal, talk about what advanced government security teams are doing today.

Danelle Au discussed the massive challenge of securing the Internet of Things.

Our own James Sherlow commented on whether it is time to kill OpenSSL post-Heartbleed.

Join fellow IT Managers & Security Experts at the Palo Alto Networks Customer Forum on May 21 in The Netherlands. If you attend, you could win a great prize.

Here are more upcoming events you should know about:

[Source: Palo Alto Networks]

English
Exit mobile version