Saturday, July 28, 2012

Red Sky Weekly - Fusion Report 17 released


This week we released Fusion Report 17. FR12-017 details an adversary who is active in Defense Industrial Base industry sector. The report provides an in depth analysis on the actor's known TTPs and their flagship malware to include tailored SNORT signatures and over 140 host and network-based indicators. Also, due to related indicators provided by a member, Red Sky analysts identified high-probability targeting of as many as 22 other non-member companies.
For those Red Sky Alliance members not in the Defense Space, one member's detection just became your prevention. This group has been active for quite some time, We strongly suggest you implement protections from this report immediately.
The addition of FR12-017 was only the beginning of the week. It’s been a bit of a wild ride. I’ve been in Vegas for Blackhat, meeting current members, demo’ing potential members, sitting in talks, supporting associate members (technology partners), and of course, attending a few parties!
Highlights from the week:
  • Published Fusion Report 17
  • I spent the brunt of the week at Blackhat while Chris held down the portal –which appeared to be pretty busy! We finalized membership with a couple of new companies, and a few current members enrolled more of their Infosec team members. Chris has been busy this week. He's working the next Fusion Report, training two analysts, and it appears slogging through a new, unusual piece of malware.
  • Blackhat was cool. I did a demo in shorts and a polo sitting on a bench outside of the executive briefings on Tuesday night. During the talk, a current member was walking by and stopped to rave about how much he liked being in the Alliance. Needless to say, we have a new company joining as a direct result of the reviews offered. Thanks Don!
  • I spent a ton of time with our Associate members. Associate members are vendors who perform analysis in the backend of the Red Sky Portal. LookingGlass and Norman both did a heck of a job. I tried where I could to offer my testimonials to folks coming to their booths, as both provide analytics, and both have strong peer reviews. I hope it helped! 
  • LookingGlass threw a party on Thursday night at a club in the bottom of Aria. Love you guys man, but I’ve got to say, meeting Randy Couture was probably the highlight of my day. Randy is supporting wounded warriors through his own organization, the Xtreme Couture GI Foundation. LookingGlass sold T-Shirts all day and during the party to support Randy's Foundation. At the end of the night presented them with a check for $10,000. It was a heck of a night.  Well done guys. Bravo Zulu!
  • Last, I’m on my Delta flight from Vegas to Detroit for a layover before heading into Boston. Sitting next to a VP from Qualys. We struck up a great conversation about things we’re both doing (I’m liking the new web application firewall!). When we talked Red Sky, I gave him a quick look at the portal and walked him through the story of an ‘overseas’ hacker using the ISP in the US, and then the ensuing fusion report (having WiFi on the airplane is really sweet!). We’re now LinkedIn, he’s sending me a couple of referrals, and maybe we’ll see Qualys joining the Alliance sometime soon. Who knows! We’ll see!
 
We’re at 19 companies in the portal today with four more working their way through the membership process. We don’t require cleared facilities, government inspections, or secret spy handshakes. We only require that you pass muster when we ask our Advisory board if you should be admitted, participate, and follow the information handling rules. It’s that simple. Vendors are also welcome as analytic/defender participants. Some really good stuff comes from having vendors in the community. How else will they know what holes they have to fill in their products? Also, having vendors in the portal is a great (GREAT!) way to find out if they can do what they say they can do! They get peer reviewed just like everyone else. So far, so good!
Still not sure about joining? Not a problem. Call us when you’re ready. Quoting Tom Bodett (Motel 6) “We’ll leave the light on for ya!”
I’m heading on vacation starting today. I’m turning off my electronics for the next week.  If you need help, please don’t hesitate to reach out to Jim. He’s standing by to take your call!
Have a great weekend!
Jeff
Post a Comment