Caught on tape: Malware Distribution Techniques

If you haven’t already done so, you should read the Verizon Data Breach Investigations Report that they publish annually. In the 2018 Verizon DBIR, it is chock-full of good reading around the specifics of breaches in 2017 and provides an insight to the Who, How, Why, What, and When. In the report you can read about the internal threat actors down to how malware was distributed. In all, Verizon has dotted all the I’s and crossed all of the T’s and provided you visibility into 53,000 incidents and 2,216 confirmed breaches across all verticals in 2017. Historically I have used these reports to help educate myself and my customers on the threat landscape as well as leverage the information to help justify spend on security related products, tools, or services to help keep the enterprise safe.

While reading the report, the sections regarding malware (ransomware included) stood out to me. Why? Well come on, you would think by 2017 will all of the security tools deployed that malware, even 0-day, wouldn’t be an issue but it still is. On pages 17/18, the report discusses the frequency of malware vectors, or basically how malware is distributed.

Continue reading Caught on tape: Malware Distribution Techniques

Value Added Resellers: Trusted Advisor or Used Car Salesperson of Tech?

Let me kick this off with a little background as to how and why I decided to write on this subject. I believe it was late 2014 or early 2015 and I was working for F5 Networks. During one of our Quarterly Business Reviews, we had a guest presenter from Gartner come in and talk about Mode 1 and Mode 2. Couple of items that stuck with me over the years:

  • Embrace change or you will fail
  • 1 in 10 top tech companies will not be around 10 or 20 years from now.
  • Mode 1 is legacy
  • Mode 2 is the future (the cloud)
  • Hybrid (Bimodel IT) will be adopted sooner than later and Mode 1 will be completely retired

This meeting was terrifying for me, I recently started this job and F5 Networks sole business model was Mode 1; traditional and sequential, emphasizing on safe and accuracy. The reassuring part to all of this was, in my particular patch (Arizona and Nevada), Mode 2 adoption was speculated to take 5 or more years to be adopted. This was ideal for me, enough time for me to hone my skills and make a move later down the road if F5 wouldn’t embrace change.

Continue reading Value Added Resellers: Trusted Advisor or Used Car Salesperson of Tech?

Executing Security at Scale

Raise your hand if you’re using any or all of these technologies:

  • NGFW
  • IPS/IDS
  • URL Filter
  • Antivirus
  • DLP
  • Sandbox
  • VPN
  • DDoS Mitigation

Pretty much all of us, right? Now raise your hand if you are decrypting SSL/TLS outbound.

While HTTP/2 doesn’t require SSL/TLS, it will use it by default if it is available. Oh by the way, all modern browsers have supported HTTP/2 since January of 2016. Factor in the efforts of Let’s Encrypt, the adoption of SSL/TLS has skyrocketed in the past few years and will continue to grow. Hell, even this shitty blog is using TLS 🙂 If you aren’t decrypting SSL/TLS you have to ask yourself, what good is my NGFW, IPS, Antivirus, etc if I am completely blind to it? The answer is simple, it isn’t good, in fact it’s terrible. You are bound by the constraints of legacy security, source/destination and ports. It’s like locking a screen door. It will keep the flies out but it won’t stop any real threats.

Continue reading Executing Security at Scale