Thursday, February 23, 2012

Red Sky Alliance status report

Good evening all!

This is my second week as a full time employee with the Red Sky Alliance, so I thought I’d offer a status report. So I’ll start from the top:

  • The site went live on February 1st. It looks great. There are still some features that we’re working through - better authentication, encrypted instant messaging, and automated means for collecting information from the site, correlating it, and parsing it into a kill chain format. All three are well underway. 
  • Since going live, we’ve had a group of hand picked expert analysts from several great companies participating in the site, providing feedback, and sharing current indicators about the newest APT activities.
  • On the 10th, as you may know, I wrapped up as the Director of the DoD/DIB Collaborative Information Sharing Environment and became Red Sky’s COO/VP for Collaborative Research and Analysis. On my first day, I flew to Tokyo with the folks from Delta Risk, World Bank, Lockheed Martin, and US-CERT to speak with the JPCERT and several of its members about the importance of sharing attack information.
  • Last, in response to member requests, we’re adding features to the portal, and adding strategic alliances as “Associate Members”.  
    • A malware analysis capability is being added to the backend of the Red Sky portal. I’m happy to announce that we’ve inked a deal with Norman to purchase the Norman G2 Malware Analyzer suite of tools. Norman has also agreed to support the Red Sky Alliance membership with analysis provided by the Director of their Malware analysis shop –an old friend and long time Honeynet member, Einar Oftedal. Once fully online, we’ll be able to process up to 40,000 pieces of malware per day.
    • Kyrus-Tech has been added as an Associate Member in the “Vendors and Consultants” space. Kyrus-Tech created Carbon Black — a slick way of doing desktop forensics remotely. Again, I’ve known Mike Tanji for a long time. He’s a smart guy with a smart team.
    • Detla-Risk has been added as an Associate Member. Delta-Risk performs Anti-APT strategies. Adam Lange came from AFCERT and is a great source of ‘APT best practice’ information. Adam can be found in the “Vendors and Consultants” space. (NOTE: Associate Members are restricted to non-analytic spaces in the portal, but are available for questions. Please feel free to peer review their information as you would with anyone else in the portal!) 
    • I’m sitting a panel at Georgetown where we’ll be discussing cyber, public-private partnerships, and APT in the financial services community. 
My calendar is quite busy. It's a good thing. I’m back in NH with membership conversations with two companies by phone and one in-person along the way. I’ll be in and out of Boston and Hartford over the next week or so, responding to membership presentation requests.