FIR B2B podcast: LinkedIn’s B2B Marketing Chief Tells What Works

Posted on by
Reply

If you use LinkedIn for marketing, you must listen to this interview. LinkedIn consistently ranks as the most effective social network for B2B marketers. What do the best of the best do well? David Karel shares the lessons he’s learned from nearly two years of working with hundreds of B2B marketers as well as using the LinkedIn platform to reach his own customers.

Listen and learn from Dave Karel on our latest For Immediate Release: B2B podcast from Paul Gillin and I. We have a 20-minute flash tour of what you need to know to succeed on LinkedIn.

Network World: Ten new generation endpoint security products compared

Posted on by
Reply

Endpoint security used to be so simple: you purchase an anti-malware scanner, install across your endpoints, and you were protected. Not anymore. However, the days of simple endpoint protection are over. Scanning and screening for malware has become a very complex process, and most traditional anti-malware tools only find a small fraction of potential infections.  The attackers have gotten more sophisticated, and so too must the endpoint detection and response (EDR) tools, which need to find more subtle exploits, even ones that don’t leave many fingerprints.crowdstrike flow

This week, I review of ten different endpoint detection and response (EDR) tools for Network World magazine. You can read the complete review package here.

I spent several months running Outlier Security, Cybereason, Sentinel One, Stormshield SES, ForeScout CounterAct, Promisec PEM, Countertack Sentinel, CrowdStrike Falcon Host, Guidance Software Encase, and Comodo Advanced Endpoint Protection. From this experience, I came up with a series of broad trends:

Virus signatures are passé. Creating a virus with a unique signature is child’s play, thanks to the nearly automated virus construction kits that have filled the Internet over the past several years. Instead, many of these products tap into security news feeds that report on the latest attacks such as VirusTotal.com and other reputation management services.

Second, tracking executable programs is also so last year. In the old days of malware, exploits typically had some kind of payload or residue that they left on an endpoint: a file, a registry key or whatnot. Then the bad guys graduated to run their business just in memory, leaving little trace of their activity, or hide inside PDFs or Word documents, or would force your Web browser to a phished site that contained Java-based exploits. Today’s hackers have become more sophisticated, using Windows Powershell commands to set up a remote command shell, pass a few text commands, and compromise a machine without leaving much of a trace on an endpoint.

Many products can track privilege escalation or other credential spoofing. Modern attackers try to penetrate your network with a legit user credential that uses a default setting when you installed SQL Server or some other product, and then escalate to a domain administrator or other more significant user with greater network rights.

Insider threats are more pernicious, and blocking them has become more compelling. One of the reasons why traditional anti-virus protection has failed is because attackers can gain access to your internal network and do damage from a formerly trusted endpoint. To block this kind of behavior, today’s tools need to map the internal or lateral network movement so you can track down what PCs were compromised and neutralize them before your entire network falls into the wrong hands.

In addition to insider threats, data exfiltration is more popular than ever. Moving private user data, or confidential customer information, out of your network is the name of the game today. Look no further than Sony or Target to see the harm of making public some of their data as examples of what the EDR tool has to deal with now.

Many tools are using big data and cloud-based analytics to track actual network behavior. One of the reasons why the sensors and agents are so compact is that most of the heavy lifting of these tools happens in the cloud, where they can bring to bear big data techniques and data visualization to identify and block a potential attack.

The variety of approaches is stunning, and worth a closer look at these tools, to see if you can leverage one or more of them to better protect your endpoints.

iBoss blog: Understanding the keys to writing successful ransomware

Posted on by
Reply

It’s ironic that we have to look tothe authors of ransomware forexamples of some of the leading aspects of software engineering. And while what they are doing is reprehensible and criminal, they ply their trade with improvements in customer service, using the cloud to package their programs, and leading in understanding the psychology of their ultimate victims. With all this effort going towards developing malware, it isn’t that surprising that this category has become very adept at making money. Perhaps legit software vendors can learn from some of these experiences, while hopefully avoiding some of the darker forces. There are also some important lessons from these activities that IT folks can learn to help better defend their networks.

First, there is using the cloud. Several ransomware authors are making use of the cloud to deliver some of the key elements of their code. The malware authors deploy a NW Javascript library that appears harmless, but allows access to operating system functions to better control their target PCs. This ups the ante in terms of danger and also complicates efforts to protect such infected computers. A second aspect of using the cloud is how some ransomware samples download their initial infection from a series of shared Google Docs accounts, to try and make these sources more difficult to track.

But coding prowess is just one side of the ransomware effort. Another is the ability to exploit human psychology and social engineering.One group researching the underlying operations of Cryptowall found that the ransomware was advertising different pricing at different geographical locations. For instance, the US fee was several hundred dollars higher than the fees for countries like Russia, Mexico and Israel. This demonstrates that the purveyors of malware understand median incomes and will changes demands when their victim’s locale calls for it. If the ransom isn’t paid on time, it doubles.  This shows prior criminal experience and understanding of how we all think: act now to pay less!

Anotherpart of the underlying Cryptowall infrastructure is how it exploits the Bitcoin payment network, moving money from collector accounts until it’sultimately out of the network and presumably into the criminal’s own banks for final payment.

Finally, there is the built-in live chat support. Many legit apps and SaaS-based services now come with live operators who will enter into text chats with end users to help them solve any problems and answer questions on how to pay their ransoms. A ransomware sample called Jigsaw now offers this chat “feature” to better collect their ransoms from their victims. “By providing a human voice to go to and by making the process of paying the ransom easier, the purveyors of the new Jigsaw variant appear to be trying to convince users into paying up,” according to Trend Micro researchers that first uncovered the chat routine. Jigsaw also exploits some social engineering of its own, starting off by locking just a few files and then adding more to its encrypted repository if the victim hesitates to pay the ransom.

The malware authors offer “better support than [users] get from their own Internet service providers,” says Angela Sasse, a psychologist and computer scientist at University College London who isquoted in this Nature magazine article. She says that many of the victims of ransomware rave about the customer service and support they got to pay their ransoms.

All of this shows that ransomware is attracting more professional developers, as the funds collected from their malware efforts are also attracting more ill-gotten gains. It’s too bad that all this coding couldn’t be used for good rather than evil.

Announcing Inside Security: a new email newsletter

Posted on by
Reply

I am excited to announce that beginning today there is a new source of high-quality infosec news, analysis, reviews and trends. I have joined forces with Jason Calacanis’ Inside.com to produce Inside Security. The email newsletter will appear twice a week and contain links to content that I find interesting, useful, and cutting edge for CIOs, CISOs, and other IT professionals that want to stay on top of the latest exploits and defenses.

You can subscribe here and view a sample newsletter to see if this is relevant to your interests. Inside Security joins other newsletters such as Inside Tesla, Inside VR&AR, and a tech-based daily brief.

IBM SecurityIntelligence blog: Can You Still Protect Your Most Sensitive Data?

Posted on by
Reply

An article in The Washington Post called “A Shift Away From Big Data” chronicled several corporations that are actually deleting their most sensitive data files rather than saving them. This is counterintuitive to today’s collect-it-all data-heavy landscape.

However, enterprises are looking to own their encryption keys and protecting  their metadata privacy. Plus, there is a growing concern that American-based companies are more vulnerable to government requests than offshore businesses.

You can read more on IBM’s SecurityIntelligence.com blog here.

FIR B2B Podcast: Why words matter, with search marketing guru James Mathewson

Posted on by
Reply

James Mathewson is a prolific author, digital marketing expert, search engine aficionado and editor-in-chief of IBM.com. Paul Gillin and I recently spent some time with him talking about using data to understand how customers think so that you can align messages to explicitly and implicitly stated needs.

For example, using the wrong terms — such as notebook instead of laptop — can sabotage your marketing efforts. Marketers need to use the language of customers and prospects to define their brands. Listen to our podcast here.

The death of the editor-in-chief

Posted on by
Reply

This piece was written for Sam Whitmore’s MediaSurvey, which is a subscriber-only site. I have reposted it with his permission.

We have come to the end of an era. It is time to retire a professional title that was significant role in my own life, that of the Editor-in-Chief or EIC. It now has little significance for those in online publishing, perhaps because the entire editorial department has collapsed into a single individual. As in, the EIC is also the copy editor, chief illustrator (thanks, clipart), social media promotions manager, and freelance manager. We might as well add the roles of lunchroom monitor and basketball coach too, for all that they matter.

To say that editorial operations have changed from back in the day when I was EIC at Network Computing in the early pre-web 1990s is an understatement. It is a completely different world. Look at some of the magazine mastheads from that era: there are dozens of roles that are historical curiosities now. It is like looking at the Dead Sea Scrolls. “Yes, sonny, back in my day we printed things on dead trees, and put them into the mail. And we walked five miles uphill to school too.” Who uses ordinary mail, and many kids learn online. Is there anything that the Internet can’t do now?

We had a significant editorial staff: some 20 people, some million or so dollars in annual salaries. Oh what fun I had back then. Not everyone wrote for the publication, but all contributed towards creating a solid editorial product every month. Remember art directors? Another job title that is headed for the scrap heap. Since then, I held other EIC titles and have run online publications with varying sized staffs, but never that big and for that much budget. Little did I know that my first EIC job was going to be the best of them.

Today we don’t have that luxury of having an editorial staff. If the EIC still writes their own stuff, they have a pressure to get it posted online within moments of the actual news event: how many posts on the Microsoft/LinkedIn deal did you read Monday morning, barely minutes after the acquisition was announced? You don’t have time to do a copy edit, or even check the facts, before you get something online.

Sure, there are pubs that have huge (by comparison) editorial staffs and probably still have EICs that can lay claim to the title, but they are by far the exception. Look how many publications Techtarget still has: Each one has a miniscule staff, with a lot of shared services. And I mean no disrespect for them; they are just an obvious example. When I was at EETimes back in the mid 2000’s, their print revenue was 10x or 20x their online revenue, and healthy revenue it was. Not so today. No one prints on dead trees anymore. It seems even silly to say so.

Now the current tech publishing model isn’t really about the articles. Instead, it is all about how you can pay the bills with other things: custom publishing and lead generation and conference sales – in other words, with everything but your actual editorial product. Who needs editorial product, anyway? Bring in the copywriters!

When I was last at ReadWrite, I ran a successful editorial effort with several full time editors and numerous freelancers. The company had just been purchased by an online advertising agency called, ironically, Say Media. Their first question: do you intend to still do copywriting for ReadWrite? Ahem, I didn’t realize that the rebel alliance had taken over. Or maybe it was the dark side of the Force, if I want to have the right Star Wars metaphor. Whatever, Say What? I didn’t last long as a “copywriter.”

Regardless of what the job I was doing was called, the problem is those golden words that I have written over the years used to be the crank that turned the cash machine on. It was words that got readers to open the pages, which in turn drove advertisers to plunk down thousands per fullpage ads. Thanks to the web, there are no more printed pages, and ad rates are down. Way down. If you the reader doesn’t click, we the writers don’t get paid.

But the web isn’t only to blame: that just started the process of decline of the EIC. What really killed him or her off was the very nature of the web publication itself has changed. When every article that I write lives or dies based on the clickstream, you are just a Google entry away from obscurity – or fame and becoming a viral meme. Nowadays the time that I spend promoting, tweeting, reposting, commenting, and cajoling and trying to find readers is just as much as the time spent interviewing, testing, researching and writing. Social media is the cart now driving this old workhorse.

So say farewell to the EICs, may they RIP. Soon we will take our place next to buggy whip operators in history. Please take a moment and honor their memory.

EventTracker blog: Should I be doing EDR? Why anti-virus isn’t enough now

Posted on by
Reply

Detecting virus signatures is so last year. Creating a virus with a unique signature or hash is quite literally child’s play, and most anti-virus products catch just a few percent of the malware that is active these days. You need better tools, called endpoint detection and response (EDR), such as those that integrate with SIEMs, that can recognize errant behavior and remediate endpoints quickly.

I like to think about EDR products in terms of hunting and gathering. You can read more in my post in EventTracker’s blog this week here.

 

Fast Track blog: The benefits of being in a hackathon

Posted on by
Reply

With the number of coding for cash contests, popularly called hackathons, exploding, now might be the time that you should consider spending part of your weekend or an evening participating, even if you aren’t a total coder. Indeed, if you are one of the growing number of citizen developers, you might be more valuable to your team than someone who can spew out tons of Ruby or Perl scripts on demand. I spoke to several hackathon participants at the QuickBase EMPOWER user conference last month to get their perspective. You can read my post in QuickBase’s Fast Track blog today.

Authentic8 whitepaper: Why a virtual browser is important for your enterprise

Posted on by
Reply

The web browser has become the defacto universal user applications interface. It is the mechanism of choice for accessing modern software and services. But because of this ubiquity, it puts a burden on browsers to handle security more carefully.

silo admin console2Because more malware enters via the browser than any other place across the typical network, enterprises are looking for alternatives to the standard browsers. In this white paper that I wrote for Authentic8, makers of the Silo browser (their console is shown here), I talk about some of the issues involved and benefits of using virtual browsers. These tools offer some kind of sandboxing protection to keep malware and infections from spreading across the endpoint computer. This means any web content can’t easily reach the actual endpoint device that is being used to surf the web, so even if it is infected it can be more readily contained.