Saturday, February 22, 2014

Red Sky Weekly: The new normal.. it's here!!

I spent a couple of days this week in Stockholm. Thanks to the IDG folks for having me over. Stockholm is one of my favorite places in the world, and I'll rarely turn away an opportunity to visit.

During the conversations, something struck me. Presentations rarely offer the audience a solid take-away. Rhetoric, 'I'm smart', and marketing often trump "go home, and do this". The funny thing is, while I enjoyed the presentations (as much as I could.. many of the decks were in English, but the audience and speakers used Swedish), conversations revolved around two things... lack of a call to action in the presentations, and the impending changes to EU privacy laws in 2016 (companies face a 5% fine if caught with PII violations --5% of their total revenue!).

And then I had a conversation with a guy who works for IBM in the UK. Great talk. Smart guy. His talk basically presented findings in their October trends report, and while much of it I'd already known, IBM handles volume. In their own networks and in their global services group. X-Force isn't as well known as they used to be (because they're now IBM), but they published a report in which one graphic hit me like a ton of bricks. 
http://public.dhe.ibm.com/common/ssi/ecm/en/sew03031usen/SEW03031USEN.PDF
IBM (presumably X-Force) says that 23% of all of the attacks that they track are Advanced Threat, Mercinary, or Malicious Insider. The graphic is a grainy picture taken during the conference, but the full report, the link to the full report and better graphics, is shown below it.

Why would I mention an IBM report? Because it shows clearly that we've moved into a new era.

A whopping 23% of the attacks that IBM reported are what we believe are "Targeted Attacks". 38% in all are what others call "Determined Adversary". These aren't kiddie-scripters folks.

It used to be that we talked of the "one percenters".. one percent of the companies knew about this stuff. Then the top 5%, then 10.. now 38% of the attacks (at least according to IBM) are the result of targeted attacks. 

Why is this important? Because I still hear-tell of companies worried only about compliance! PCI, HIPAA, and now throwing in the kitchen sink with new DFAR regulations requiring government contractors to report. If compliance is your only motivation, at 38%, you need to start keeping up on the new normal.. and at 38%, that's exactly what we're talking about.. Welcome to the new normal.

What does that mean to you? We have a solution.

  • Red Sky's social network caters to more mature information security teams. They want DATA. But at the same time, they like the idea that we turn the chaos of some of the social conversations into usable, analyzed intelligence. 
  • Don't want to participate in the collaboration? Hire Wapack Labs to do it for you. We don't think of this as a subscription service. All of our reporting is tailored to your company. Why? Companies are like fingerprints.. every one is different... different operating procedures, different infrastructure, mission, product --and information needs.
  • Still to much of a commitment? Consider Allagash. Allagash will let you log into a web page, ask a question, and we'll tell you what we know.. starting at $35/month, you'll have a fast and easy diagnostic tool. We're beta testing starting next week. So far so good. Drop us a note. We'll be happy to run a demo and get you signed up for the beta.


So I'm going to close out this week with a couple of short thoughts..

  • Allagash is coming along nicely. We ran a test sample against our internal version last week.. a 4T sample. Obviously not through a web query, but our engine performed really well. Several APT groups, criminal activities, and a bunch of non-targeted information was identified. Our first beta customers come online on the first of the month. I'm looking forward to it. I think we have about a dozen people interested in beta test accounts. It's small, but our first shot. Interested in being an early adopter? We've got a list going. Sign up here.
  • Our Red Sky threat day is coming up soon. We're hosting it at the Harvard Club of Boston with a cocktail party the night before. We've invited the current class of National Security Fellows to join us for the evening, and we have sponsors signed for our first-ever sponsored event. This was new for us. So far, so good. We'll see how it goes. Interested in sponsoring one of our events? Contact Steve Hunt for more information.
  • Last, we've got two guys at RSA this week. I'll be in the lab, but Rick Gamache and Steve Hunt will be wandering the floors. Rick is Red Sky's CIO and Steve heads up community engagements. Reach out directly if you'd like to have time with either... or grab a beer!
OK folks. I'm cooked from travel. 
Have a great week!
Jeff