Home » Blog

Blog

Free Gartner Group Reports: IPS and Managed Security Services

By Les Jones | Published: March 11, 2010

Gartner Group Magic Quadrant for MSSPs, North America 16 April 2009.

Gartner Group Magic Quadrant for Network Intrusion Prevention Appliances 14 April 2009.

Did I mention we sell SecureWorks managed services and TippingPoint IPS? ‘Cause we do.

Posted in Network Security Products | Tagged | Leave a comment

Computer Forensics in Employment Defense

By Bill Dean | Published: March 10, 2010

Due to the massive layoffs our country has experienced through this recession and the inability for much of that workforce to obtain new jobs, employment litigation is currently a focal point for attorneys representing employers. There are many standard practices that employers should follow when terminating an employee, but one of the most valuable steps is often overlooked. The potentially most valuable resource to defend employment matters could be the company issued phones and computers. With the proper acceptable computer usage policies in place, the digital evidence in the employer’s possession could contain the information needed to successfully defend the suit.

For the majority of today’s workforce, the lines between business and personal lives no longer exist. The majority of employees today work during their personal time and conduct personal business while at work. The primary tool for work and personal activities is technology of some flavor. Until recently, it was routine for employees to conduct personal conversations primarily via email, both using the company email system and personal email accounts typically not logged by the company (Gmail, Hotmail, etc).

Social Media

However with the recent explosion of social networking sites, email is now combined with Facebook, MySpace, and Twitter communications just to note a few. If you currently have a Facebook account, you can test this theory. Analyze the times of status updates for your Facebook “friends” and note the times of the posts. Or simply look to see who is online with the Facebook system during periodic times during the workday.

I want to be clear that this is not an indication of someone’s dedication to his or her work, but the culture shift. It is likely that those with even those with the most stringent work ethic will participate in these activities during business hours, the lines between work and personal lives are eroding. Combining email and social networking sites with detailed Internet activities, research, personal pictures, and other activities performed on their work computer or mobile phone may provide an unintentional diary that will aid in your employment litigation matters.

Now that the stage has been set for the value of digital technology in employment litigation, let’s be sure the appropriate paperwork is in place. As case law has demonstrated, just because the company owns the asset that this information is located does not necessarily guarantee that it can be accessed and reviewed. As the “Time to Review Corporate Computer Policies” article in this newsletter states, companies need to be certain that the appropriate acceptable usage policies for corporate technology is in place before issues arise that will benefit from leveraging this information. The above mentioned article outlines three good examples of “loopholes” in the policies that prevented crucial information from being leveraged in employment matters and provides tips for tighten up the policies for your clients.

With everything in place, let’s apply digital forensics to routine employment litigation.

Employment Litigation in Action

Let’s start with a sexual harassment case in which the plaintiff accused a superior of sexual harassment and filed suit. Leveraging digital forensics discovered thousands of Facebook chat messages, Internet activity, and deleted emails with pictures attached confirming that the relationship was mutual and that the superior had actually tried to end the relationship numerous times. Read More »

Posted in Social Media | Leave a comment

SANS WebCast: Smart Strategies for Securing Extranet Access

By Les Jones | Published: March 8, 2010

Smart Strategies for Securing Extranet Access March 9 1:00 pm Eastern:

SANS InstituteMany organizations leverage extranets to share sensitive information with partners, customers and employees. However, unlocking sensitive business data to outsiders presents access control complexities and the risk of compliance violations. Extranets also offer entry points for malware and social engineering attacks that can wreak havoc with the security infrastructure of organizations.

In this live webcast featuring security experts from SANS and Oracle, learn how you can mitigate risk, improve extranet security, streamline compliance and enable your organization to boost its bottom-line by taking advantage of advanced access management technologies.

Featuring: Sword & Shield’s Dave Shackleford, Senior SANS analyst, course author and instructor; and Eric Leach, Oracle director of product management responsible for Oracle Fusion middleware access management tools.

Register here.

Upcoming Webcasts with Dave Shackleford

March 17 1:00 pm EasternPrivileged user monitoring – Automating compliance and managing risk
March 23 1:00 pm EasternAutomated Operating System Lockdown: Security Blanket 4.0 Review

Posted in Publications | Leave a comment

Check Point Abra Luncheon April 20 at Fleming’s Knoxville

By Lara Bergman | Published: March 5, 2010

Check Point Abra Endpoint SecurityIn conjunction with the release of the Abra USB stick, Sword & Shield and Check Point will host a Lunch N’ Learn on April 20 in Knoxville to inform mobile users how they can maintain a secure virtual network on a device so small it can fit in their back pockets.

Because of the explosion of mobile workers in the corporate world, Check Point and SanDisk partnered to provide companies with a secure and affordable alternative to allowing third-party PC-access to a company’s network.

Abra Resources
Abra Whitepaper
Abra Datasheet
Contact a Sales Rep

The Abra device combines proven Check Point virtualization, virtual private network (VPN) and security technologies with an encrypted SanDisk high performance USB drive to create a secure, virtual workspace. Users simply plug an Abra stick into a Windows-based PC and enter their credentials to immediately turn any PC into a corporate desktop.

Participants for the April luncheon will learn how this new solutions will benefit your organization by:

  • Turning any PC into a corporate desktop: Access files and applications anywhere, anytime with integrated VPN connectivity.
  • Securing mobile data: Software and hardware encryption that segregates your virtual workspace from the host PC.
  • Allowing workers to stay productive at home:  Ideal for contractors and disaster recovery because these workers can access secure corporate files and applications from personal PCs.

Abra’s plug-and-play USB form factor allows users to easily launch a virtual workspace that keeps mobile data secure by segregating the virtual workspace from the host PC. And, built-in encryption protects data while working or traveling. Users can work offline from the encrypted USB drive or online using Abra’s integrated VPN client

Luncheon Registration

The Check Point Abra Luncheon is 11:30 am to 1:00 pm April 20 at Fleming’s Prime Steakhouse in Turkey Creek, Knoxville, TN. Lunch is complimentary.

An asterisk (*) indicates a required field.
Spam Protection – Enter this word: captcha

Check Point Abra USB Stick

Posted in Network Security Products | Leave a comment

“Loose lips sink ships” is now “Loose Tweets sink fleets”

By Les Jones | Published: March 4, 2010

ReutersIsraeli army nixes raid after Facebook leak:

JERUSALEM (Reuters) – The Israeli military called off a raid in Palestinian territory after a soldier posted details, including the time and place, on social networking website Facebook, Israel’s Army Radio reported on Wednesday.

It sounds like military forces need an update to “Loose lips sink ships.” How about “Loose Tweets sink fleets”?

Hat tip to SayUncle.

Posted in Social Media | Tagged | Leave a comment

Making VMWare More Secure

By Les Jones | Published: February 26, 2010

SANS InstituteDave Shackleford has a new post at the SANS Blog – IT Audit: 6 VMWare Settings Every IT Auditor Should Know About. Dave teaches the Virtualization Security Fundamentals course at the SANS Institute.

Posted in Virtualization Security | Tagged | Leave a comment

Build Your Own Version of Microsoft’s COFEE

By Les Jones | Published: February 17, 2010

Bill Dean, our Director of Computer Forensics, has a new article in Digital Forensics Magazine, Wake up and Smell the COFEE:

As everyone in the digital forensics community is well aware, Microsoft recently developed and released a forensic data collection tool named COFEE (Computer Online Forensic Evidence Extractor), intended for the law enforcement community only. But what seemed to be only minutes later, the tool was leaked to various Internet websites and torrent feeds. Very soon, many digital forensics specialists searched for, found, and then anxiously performed their first test of this revolutionary toolset. Disappointment quickly set in. COFEE doesn’t disclose secret backdoors into the system? COFEE doesn’t automatically bypass all passwords or provide the decryption keys? It doesn’t install the “show all evidence” button? No it doesn’t. I want to make one very important point: COFEE does not perform digital forensics. Its primary function is to perform data collection, to be analyzed at a later time. In my opinion, COFEE has a core design flaw; it is comprised of only Microsoft tools. Since many of us do not legally have access to COFEE, let us instead learn to build our own kit and add key functionality not available from Microsoft tools.

Read the whole thing.

Posted in Publications | Leave a comment

Weekly Twitter Roundup for 2010-02-10

By Les Jones | Published: February 10, 2010
Posted in Links | Leave a comment

Job Opening: Principal Consultant, Risk & Compliance

By Les Jones | Published: February 8, 2010

Send Resumes as a Word or PDF AttachmentJoin Sword & Shield, one of the most trusted and fastest growing security consulting firms in the United States!

Job Title: Principal Consultant, Risk & Compliance

Skills: PCI DSS, IT/Compliance Risk Assessments/Gap Analysis/Remediation Plan

Location: Negotiable.

Tax Term: Full Time

Pay Range: $80-$100k commensurate with experience.

Length: Indefinite

Travel Required: 50%

Telecommute: Negotiable.

Position Description: The Principal Risk & Compliance Consultant will work with Sword & Shield customers to conduct procedural and operational reviews of information security processes and system controls against industry, government, and internal compliance standards.​ Principal consultants will leverage analytical skills and security and compliance knowledge to review organizations’ current security policies, processes, and controls to provide in-depth gap analyses and guidance on best practices in Governance, Risk, and Compliance (GRC) areas.

This position requires an extensive knowledge of security concepts and architecture, technical auditing techniques and standards, as well as a strong background in and knowledge of a variety of compliance mandates, specifically PCI DSS.  This function also requires excellent communication skills over phone and email and particularly the ability to correctly convey solutions to more or less knowledgeable customer contacts.

You can enjoy a casual work environment while working with a close, family-oriented peer group of security professionals. Sword & Shield is a small privately-owned company with large government contracts and Fortune 1000 commercial accounts. If you enjoy hands-on interactive network security work…this is the place for you. Our work environment allows our security consultants the opportunity to showcase their skills and abilities and receive the credit they deserve as individuals. Read More »

Posted in Hiring Notices | Leave a comment

Considerations for Buying and Implementing DLP solutions

By Les Jones | Published: February 8, 2010

Our own Dave Shackleford explains how to choose a Data Loss Prevention solution at SearchFinancial Security.

The first — and arguably most important — feature of any DLP solution is the depth of content awareness and analysis. These tools need to be able to identify a variety of data types, such as credit card numbers, banking records, personal data and financial statements, all in a number of different formats. There are numerous techniques offered by vendors, ranging from sophisticated regular expression pattern matching to dictionary lookups, but more is usually better, especially with regard to file types (Microsoft Word and Excel documents, database files, email archives, etc.).

  • Integration with existing security systems, such as endpoint security tools and encryption, as well as IT infrastructure components like Active Directory and network monitoring tools. Most advanced solutions will incorporate auditing actions that correlate detection and prevention actions with the users who initiate them at the host and/or application level.
  • Accuracy and tested results from existing customers or independent labs. Although many DLP vendors’ products may have similarities in terms of policy types and content detection algorithms, all differ somewhat in accuracy and implementation. Ensure you talk with reference customers and industry sources to get up-to-date opinions on how the product actually performs in production environments.
  • Cost, both to implement initially and maintain over time. Hardware, software and operational costs such as additional personnel should be factored in.
  • Platform support and performance metrics, taking both host-based and network-based DLP tools into account. In large, high-speed networks, not all solutions are equally capable of parsing data and accurately detecting policy violations. On the host side, some DLP agents consume significant processor and memory resources.

Read the full article here.

Posted in Publications | Leave a comment