#Cyberwar You Ain’t Seen Nothin’ Yet

Bloomberg  Market Makers morning Cyber roundup:

bloombergfbi-leo

 

Bloomberg market makers had the FBI agent for NY (Leo) on just a little while ago.

It is best to not depend on perimeter security (such as only a firewall) Best to detect and react, We can help you call us

Also the CEO of Palo Alto Networks is now on:

Bloombergmarkmclaughlin

 

And guess what he says: ” Not just detect but prevent, Must use prevention on the network (the Next generation method). Don’t double your security budget if you spend it on legacy products. Money alone will not fix this problem

Amazing to see, but we have been saying this for weeks and months now:

 http://oversitesentry.com/cybersecurity-hiring-problems/ 3/9

http://oversitesentry.com/your-cyberdefense-still-2000s-thinking/   2/20

http://oversitesentry.com/2-steps-stops-all-cyberattacks/  2/17

http://oversitesentry.com/hackers-are-coming/  2/10

It is called search for IPS (Intrusion Prevention Systems) and you will go as far as

http://oversitesentry.com/reviewing-all-of-the-changes-in-2015/ 1/22

http://oversitesentry.com/my-it-is-outsourced-i-dont-worry-about-security/  10/24

 

CIA revelations:

bloomberg-ciaspying

The CIA has spent $35mil to hack the encryption of Apple products.

The key here is not that our country can do this, it is that it _can_  be done. So if we can do this, then the bad guys know they can and eventually they will.

 

Yes anyone can be hacked could be with what we now know.

DRAM

Including the now DRAM Rowhammer hardware hack just found recently:

http://oversitesentry.com/do-you-believe-there-is-a-cybersecurity-problem/  3/10

 

 

So get the theme here?  if it has been hacked it will be again.  And our government has shown the way

 

Even though the FREAK vulnerabilities have been patched, there are more vulnerabilities in DRAM with rowhammer that cannot be patched by software, maybe a workaround.

The current Government research in hacking moves into future hacker activity.

And the script kiddies use and hack us for those of the luddites who don’t patch and backup.  

 

The Criminals just put their hands in the barrel and

 

 

All we can do is build a defensive shell.

poliwallinnetwork_bandura

this is the best shell (so far):

(copied from my previous post:http://oversitesentry.com/more-sophisticated-attacks-we-must-up-cybersecurity/

Poliwall, can sit in front of the Firewall/IDS-IPS devices and block all traffic that comes from some countries.
Let’s look at it statistically from a successful malware attempt into your network:
If malware can be blocked 45% of the time with Anti-virus software that means it has a 5% chance of success.
If an IPS system has 50% chance of catching a malware program (this depends on the system, but we can make conservative conjecture)
Now add the Polliwall in front of this system adds another 30% catch of the malware (depending on more variables, but I am being conservative).
So what is the chance the malware will go through and infect?
.55 * .5 * .7 = .1925 or about 19%  and if the IPS  and Polliwall is managed correctly maybe you can move the needle to
.55 * .4 *.6 =  13.2 % with a 10% increase of efficiency in IPS and Polliwall.
I don’t want to suggest that any piece of the defense system can be 80% effective, but if it could the effectiveness of the malware drops significantly.  We are in essence dependent on the vendors of Polliwall and IPS manufacturers as to the effectiveness of their products

 

 

 

And the idea is only to create an environment that is as hard as possible to crack, but then we know where the attack is coming and going.  If you have no IDS or IPS systems then you dont know, and may not know for over 220 days before you learn about it on the news.

 

 

Contact Us to help you set this environment up.

 

 

Advertisements

3 thoughts on “#Cyberwar You Ain’t Seen Nothin’ Yet”

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.