Year?s top 5 security podcasts highlight security breaches of 2011

The high-profile security breaches of 2011, emerging security technologies and the increasing should improve software security practices contributed to shaping most of the most desirable and thought-provoking

Security Wire Weekly interviews of 2011. Over the process the year, SearchSecurity.com spoke to dozens of security experts and researchers who've made important contributions to the safety industry. This year's top 5 podcast list had a typical theme: security breach prevention.

In 2011, emerging technologies, including cloud-based services and strong smartphone platforms had a tremendous impact on corporate security strategies and continue to take action in 2012.  Security defenses took a toll and attackers continually sought the way to cash in on weaknesses and gain access to corporate networks.  There have been lots of successful incidents to explore, including the RSA SecurID security breach, the Epsilon email breach and the Sony security breach. While unrelated, the  security breaches highlighted various lingering security problems which may give any determined hacker a fashion into sensitive network data.

SearchSecurity.com has pulled together five interviews that were well liked by our listeners and continue to supply valuable information to assist security professionals understand the hazards to their organization and apply best practices.  Moreover, a sixth podcast, which does not qualify as an interview, was added to the list as it was a full of life discussion at the impact of compliance mandates at the security industry.  

1. Sorting through data breach data to enhance your security strategy: The yearly Verizon Data Breach Investigations Report (DBIR) is a document packed with interesting data, but finding the most useful information to improve an enterprise's security posture is difficult. In April, the SearchSecurity.com editorial team spoke with Bryan Sartin, director of investigative response at Verizon about the firm's 2011 DBIR. Sartin explained why the value of account credentials and intellectual props and explained probably the most important data points for enterprise CISOs. 
   Bryan Sartin is director of the investigative response practice at Verizon Business. He is responsible for all customer-facing incident response, computer forensics and IT investigative work.

2. RSA SecurID lessons learned:  In August, NetWitness CSO Eddie Schwartz joined SearchSecurity.com Editorial Director Michael Mimoso in a discussion on how NetWitness detected and alerted RSA's security team to a potential security breach. Schwartz said large organizations often have log files that are diverse and dispersed, making it difficult for security teams to find anomalies and swiftly take action. NetWitness' full packet capture technology flags anomalous network activity on users' accounts and alerts response teams to indicators of compromise, Schwartz said. At RSA, it detected the use of a remote access tool on a specific account and helped incident responders to quickly determine the scope of the breach. Schwartz also talked about data breach trends, the rise of hactivist group attacks and the way organizations can respond to enhance security defenses. 
   Eddie Schwartz is currently the chief security officer at RSA, The Security Division of EMC Corp. He was appointed last January following RSA's acquisition of NetWitness. 
3. Data security breach avoidance also involves the end user: In August, Catalin Cosoi, head of the online threats lab at Romanian antivirus vendor BitDefender, talked concerning the increasing number of targeted attacks and social engineering attack tactics that security technology often fails to protect against. Cosoi believes ISPs need to be forced or empowered though legislation to protect users and block infected machines. The automated tools behind most phishing attacks are becoming more sophisticated, enabling less savvy cybercriminals to better focus their attacks, Cosoi said. In addition, determined cybercriminals can easily tap into social networks and other freely available information to conduct a spear phishing campaign against specific employees at a targeted organization, Cosoi said.  At least part of the answer is an ongoing end-user security awareness training program, according to Rob Cheyne, CEO of Safelight Security Advisors. A good first step is a risk assessment, Cheyne said in an interview conducted in March. 
   Catalin Cosoi heads the online threats lab at Romanian antivirus vendor BitDefender. He has been involved in the company's research and development of new antispam and antiphishing technologies.

4. Software security is a key ingredient in data breach avoidance: Microsoft has long made its Security Development Lifecyle freely available to organizations attempting to boost the level of software quality within their development teams.  In April, David Ladd of Microsoft's software security engineering team talked about why many enterprises can easily deploy technical changes, but often struggle with culture changes. Ladd said Microsoft has launched a simplified SDL, which can help even small- and medium-sized organizations implement pieces based on priority. A good entry point to improving software security is to conduct an initial assessment of the state of the processes and technologies in place and understanding the business' risk tolerance, Ladd said. Leadership is also important, he said, as well as understanding the resources and expertise available within the organization. More mature organizations can begin threat modeling, according to Chris Wysopal, co-founder and CTO of application security vendor Veracode, in another April interview. David Ladd is principal security program manager of Microsoft's SDL Team. He's also part of the University Research Programs group in Microsoft Research.

5. Citigroup data security breach highlights necessity of Web application security: Following the Citigroup data security breach affecting more than 300,000 customers, Jerimiah Grossman of WhiteHat Security explained that a simple business logic flaw was exploited by attackers to steal account data.  The insufficient authorization flaw should have been caught in the code review process, Grossman said. 
   Jeremiah Grossman, founder and chief technology officer of WhiteHat Security and a founding member of the Web Application Security Consortium (WASC).

6. Bonus: Does compliance hinder the creation of innovative security technologies? Following his short talk at the 2011 RSA Conference on Why Zombies love PCI (YouTube video), Joshua Corman, then an analyst at the 451 Group and currently director of security intelligence at Akamai Technologies, joined Paul Judge of Barracuda Networks in a lively debate on whether compliance hinders the creation of innovative security technologies.  According to Corman, compliance is forcing organizations to guard custodial data rather than protecting intellectual property and other corporate secrets. As a result, security vendors create technologies to guard custodial data, such as Social Security or credit card numbers. Meanwhile, Judge argued that compliance has stimulated specific security markets, cranking up competition.
   Joshua Corman is director of security intelligence at Akamai Technologies. Prior to that he was research director for enterprise security at the 451 Group. Paul Judge is chief research officer at Barracuda Networks. He joined Barracuda following its acquisition of Purewire in October, 2009. Judge was founder and CTO of Purewire.

Dig Deeper

• People who read thcould also be read...