Joe Goldberg, Chief Security Evangelist, Splunk talks about how Asian security issues are not unique in the global marketplace, and the company’s plans for Black Hat Asia.
Q: You'll be at Black Hat Asia. Have you found there are security issues that are faced more in Asian markets and how can Splunk technology face them?
Joe Goldberg: Actually Asian organizations face the same threats that organizations in other countries do. Asian organizations possess confidential data, whether it is intellectual property or customer data, and they need to protect it from advanced cyber threats such as nation states, cybercriminals, or hacktivists. Industry research consistently confirms that among the top countries targeted by advanced threats, several Asian countries are among the top 10.
To protect confidential data, security teams in Asia have security use cases that include log management, incident investigation and response, forensics, security and compliance reporting, fraud detection and real-time detection of known and unknown threats.
In order to perform these use cases, IT Security teams need to be able to index all their structured and unstructured machine data, including “non-traditional security” IT data. This is because all data can be security relevant and contains the minute details of cyber security threats. IT Security teams also need a fast way to search through this massive amount of machine data, turn it into useful reports and visualizations to identify threats and measure risk, and correlate on the data to detect threats in real-time.
Splunk technology can help organizations with these challenges. Splunk is a big data security intelligence platform, used by over 2500 security customers.
Splunk can index all the machine data in an organization and make it available for SIEM-like use cases including threat detection, advanced correlations and alerting, incident investigation, and reporting. Splunk can also perform statistical baselining and analysis to identify outliers and abnormal behavior that may represent advanced, unknown threats. We are much more flexible, faster, and scalable then traditional SIEMs.
Q: What are you excited about at Black Hat Asia? And how can companies/attendees connect with your company while at the show?
Goldberg: Asian organizations are beginning to see the promise of big data security analytics as a next-generation approach to detect and defeat advanced threats. As such, we are seeing a phenomenal amount of interest in big data for security use cases in Asia and we are excited to attend Black Hat Asia to further educate the market here on how they can use big data to improve their security and compliance posture.
Companies and attendees can connect with Splunk at our booth in the Sponsor Hall. At our booth, attendees can speak with Splunk security experts to see how Splunk is used as a big data security intelligence platform or SIEM. Attendees can also see demos highlighting the Splunk App for Enterprise Security, the Splunk App for PCI Compliance and many other security-related apps from our partners including Palo Alto Networks, Cisco, FireEye and Blue Coat. Also, they can talk with Splunk technical experts to get answers on their toughest deployment and product questions.
Dick Bussiere is Principle Architect, Asia Pacific for Tenable Network Security. Here, he tells us about a few of the most common mistakes in information security, and comments on the state of information security in Asia.
Q: What are some of the most common mistakes that companies make in terms of information security?
Dick Bussiere: I think there are two things. First, I don't think companies understand the complexity of their networks and how intricate the communications patterns are between all the elements within. At a basic level, this leads to not understanding what communication paths are necessary and what communications paths are not necessary. Unnecessary paths left open can increase the chance for an attacker to compromise an entire organization. I think it's important to clamp down critical networks to restrict communications to only what is essential for those critical parts to do their jobs.
Second, I think many companies have overconfidence in their systems to detect malicious activities automatically. Sure, the technology is becoming more intelligent but it is still far from perfect. Proactively monitoring network activities at critical points continues to be an important part of overall security. Having a human look "suspicious" things over as part of a continuous monitoring methodology is key.
Q: What have been the most notable advancements in information security today?
Bussiere: I think the work that the operating system vendors have done over the past several years has done a lot to make exploitation much more difficult to achieve. Simple things like code signing, sandboxes, Kernel Patch Protection, harder default security settings and so-on have gone far to make us safer. We've seen a shift away from vulnerabilities in the operating system and towards vulnerabilities in the applications. If you look at statistics you see that system infections rates have been in a steady decline year over year.
Q: Why do you see it as important to participate specifically in the Asia version of Black Hat? What makes Asia unique in terms of information security?
Bussiere: My opinion is that Asia is behind the curve in terms of information security. Some countries such as Singapore, Korea, Australia take it really seriously, while the majority are fairly loose. Black Hat helps to increase awareness. Also, there is a lot of talent here, and giving that talent a chance to shine at an event such as Black Hat is a great thing.
Vincent Goh is Vice President of Asia Pacific and Japan for RSA, the security division of EMC. Here, he explains today's major security issues, and the impact they have on businesses.
Q: What have you found as the cause for most information security breaches and how does a business combat these breaches?
Vincent Goh: 2013 had been eventful on the cybersecurity front with high profile incidents including South Korean cyber-attacks and exploitation of websites in Singapore. Focusing on a look back into 2013, RSA’s recently released the first edition of its monthly Online Fraud Report for 2014. The report highlighted 2013 as a record year for phishing attacks, in which RSA’s anti-fraud researchers recorded nearly 450,000 attacks (averaging to an estimated one attack every minute) and record estimated losses of over USD $5.9 billion*.
India (54 percent of APAC phishing volume, estimated losses of $225 million); Australia (21 percent of APAC phishing volume, total estimated losses of $87 million); and China (14 percent of APAC phishing volume, total estimated losses of $59 million) were identified as the top three most affected countries in the region.
In 2014, RSA advises businesses to be more vigilant, especially as the concepts of Big Data become more mainstream. To help counter the stealth in malware, RSA also released the latest Security for Business Innovation Council (SBIC) report detailing how to transform outdated security processes which will help organizations to become more proactive in managing cyber security risks.
Five recommendations to include:
- Shifting focus from technical assets to critical business processes – protecting information based on how they are used.
- Instituting business estimates of cybersecurity risks – developing techniques for describing cybersecurity risks in business terms and integrate the use of business estimates into risk-advisory process.
- Establishing a business-centric risk assessment process.
- Setting a course for evidence-based controls assurance.
- Developing informed data collection methods.
Q: Does Asia have a unique set of information security issues that's different from the West's?
Goh: Although there are idiosyncrasies between the type and frequency of security incidents in Asia and the West, the basic threats remain the same.
One key difference that impacts fraud rates is language. Monetary-based fraud players seek the most efficient route to success. Time and complexity required for translation in non-English-speaking countries results in a reduced number of phishing attacks compared with English-speaking countries.
Q: Why does RSA feel it's important to take part in conferences like Black Hat Asia?
Goh: Security conferences like Black Hat Asia and RSA Conference Asia Pacific and Japan expose the real world of security threats and solutions to a broader audience. It also enables the security community in Asia to connect – networking, collaborating and discussing their current and potentially future security challenges, solutions and trends.