Thursday, May 24, 2012

Red Sky weekly update - pre-Memorial Day weekend

It's Thursday afternoon, and I'm expecting a very hectic day tomorrow so I thought I'd author my weekly blog today before heading into the Memorial Day weekend.

It's been a heck of a week!

Fusion Report 9 set off bells and whistles with a number of folks inside the membership. We've probably got a half dozen new ISPs just like the one we reported on Monday that are now going into the analysis queue.

The portal has been on fire this week... very busy! One of the best things is our newest addition. Yesterday one of the members asked for assistance in contacting an international company. Within an hour of the request we had JPCERT in the portal with an offer to assist. This morning we had one of their incident response analysts involved. You see, this is not just a US problem. It is a global problem. Red Sky wants international participation. It's critical.

Our team is growing!

  • Chris Hall has accepted a position leading Technical Analytics. Many of you know Chris. He and I were together at the DoD Cyber Crime Center... I know what you're thinking. It's bad form to cherry pick your last employer. Well, for the record, I didn't. He'd moved on a year ago. He starts terminal leave in two weeks and will be coming into Red Sky after a short vacation. We're very excited! Chris will lead a team of analysts and will be both technical analysis lead and act as our community manager.
  • We've brought in a new Business Development manager. This guys' a retired Navy Captain from the acquisitions/logistics community, but he's been doing big data integration projects for several years. We've had a number of approaches by vendor/partners who bring incredible capability to the table. We need someone who can drive these relationships to win-win solutions. I'm confident we've found the right guy!
  • We've also brought in a new CIO. He's been handling IT Program Management for a medium sized defense contractor. Our portal is growing and so are the services, feeds, storage requirements, etc. We're happy (I'M happy!) to have someone managing our infrastructure -even if he is still part time with us.. for now!
Changing gears -

Every year I put on my Navy short sleeved whites (admittedly, I had to buy a bigger uniform a few years ago)  and take my kids to the Memorial Day Parade. I live in a small town in New Hampshire of about 3500 people, of which roughly 10% are Veterans and full members of the American Legion. We love the military up here, and the idea of putting on my old uniform, ribbons, clean hat, shined shoes, and then using Memorial Day as a teaching moment for my young girls is something I look forward to, and do, every year.

Please, in your own way, take a moment and remember our Veterans, active duty military, and their families this weekend. Freedom isn't free.

Until next time,
Have a great Memorial Day weekend!

Sunday, May 20, 2012

Weekly update; Fusion Report 12-009 was just posted

It’s been another great week in the Red Sky Alliance!  
This week was the week of the FS-ISAC meeting.  As a result, participation was a little light, but nonetheless, we had some pretty cool stuff happen.
Fusion Report 12-009 was just posted to the portal. It tells the story of an Internet service provider in the US whose only customers are apparently international (ahem) entrepreneurs, including details of one man’s empire of fraud, domains, and a laundry list of malicious activity. The report gives our membership over 400 new domains, malicious emails and subnets that they may now simply ‘block’. This report was interesting because it wasn’t based on an incident responded to by a member, rather translations of open source information by one of our analysis teams which suggested that an international "security professional" was using a rural US-based ISP for their service. The question ‘why?’ lead us to some interesting findings from the membership, and in the end, a great read!
On Wednesday, another Founding Member joined the Alliance and our Advisory Board; this one from the Defense Industrial Base. This is a smaller company ($1.5 billion in annual revenue and 300 federal contracts in intelligence, defense, homeland security and the aviation industry) but the company has a GREAT Infosec team that will make an incredible contribution. The cross sector nature of the Alliance is rounding out nicely! Welcome!
Also on Wednesday we analyzed a suspected targeted 0-day. Many of the Alliance members assisted, and the output will be a formal Fusion Report showing how it plays into the bigger scheme of the group using it. I’m very much looking forward to Fusion Report 10!
Until next time,
Have a great week!