What does this mean for security professionals at these companies? Most of us would agree that personal devices pose a greater risk than company provided hardware. At the same time, the idea behind allowing these devices on the network is to increase productivity and worker happiness, so restricting their access is generally counterproductive. If we have to give them access to the same resources, we should at least make sure they are protected as well as company provided systems, but because the systems are employee owned, users have administrative rights and can undo anything IT puts in place. Worse yet, employees are often resistant to installing anti-virus packages and the like because they decrease system performance. So what is the security professional to do? We need to give them access to the resources that make them productive, but the machines frequently will be more vulnerable (unpatched, no AV, etc…) than what we’ve traditionally accepted in terms of risk.

If you’re a fan of the Zero Trust model Forrester espouses, hopefully you already have a number of the components needed to monitor these networks. All devices whether employee provided or not need to be audited, inspected, and monitored. In many instances a network-based approach is more cost effective than client side packages on every device, but in the case of BYOD environments network based tools are often the only way. As such, the network monitoring should be as close to the devices as we can get. Flow data happens to be a very cost effective way to perform this task because it is present through so much of the infrastructure. Its like a lightweight sniffer trace on almost every port in the network without the ridiculous data storage requirements and cost. Layering this data into an expert system like StealthWatch to perform Behavioral Analysis takes it from an audit and forensics tool, into an operational response engine capable of detection and even mitigation.

For more information on Securing BYOD environments with Flow data, check out our Mobile Device Webinar tomorrow. 

Image by Tim Wilson.

ATLANTA, Feb. 13, 2012 – Lancope, Inc., a leader in flow-based security and network performance monitoring, will host a complimentary webinar on mobile device security on Wednesday, February 22 at 11:00 a.m. ET / 8:00 a.m. PT. Participants will learn how flow collection and analysis can seamlessly extend network visibility and security to users’ personal smartphones, tablets and laptops to address the growing bring-your-own-device (BYOD) trend. To register for the webinar, go to: http://www.lancope.com/news-events/webinars/mobile-device/.  

As an increasing number of mobile devices make their way onto corporate networks, enterprises require a more comprehensive security solution for adequately protecting their infrastructure. Unfortunately, mobile users often circumvent corporate security policies and safeguards, and it is too cumbersome – and often impossible – to install and manage security software on every new device. With NetFlow and other types of flow data, organizations can cost-effectively gain the situational awareness needed to maintain high levels of security and performance amidst a constantly-evolving network and mobile environment.

Join this webinar and learn how to address BYOD and IT consumerization on your network without having to install additional software or deploy expensive probes:

WHO:             Joe Yeager, Director of Product Management, Lancope

WHAT:          “Securing Mobile Devices for BYOD Environments”

WHEN:          Wednesday, February 22 at 11:00 a.m. ET / 8:00 a.m. PT

REGISTER:  http://www.lancope.com/news-events/webinars/mobile-device/

Attendees will learn how to:

• gain complete network visibility across all devices
• detect anomalous behavior originating from users’ personal smartphones, tablets or laptops
• quickly and easily uncover externally-launched, zero-day attacks, and internal threats – regardless of the device being used
• ensure high levels of performance for mobile users by quickly assessing issues that may be causing a slowdown 

Seventy-five percent of companies currently allow employee-owned mobile devices to be used at work, and mobile devices will exceed PCs in both shipments and spending in 2012. Now is the time for organizations to update their security framework to embrace the influx of mobile devices onto corporate networks. By analyzing mobile device information collected from existing network infrastructure, Lancope’s StealthWatch^® System proactively detects issues stemming from any device. 

To register for the webinar, go to: http://www.lancope.com/news-events/webinars/mobile-device/. For more information on StealthWatch, please visit: http://www.lancope.com/products/.

About Lancope
Lancope^®, Inc. is a leading provider of flow-based monitoring solutions to ensure high-performing and secure networks for global enterprises. Unifying critical network performance and security information for borderless network visibility, Lancope provides actionable insight that reduces the time between problem identification and resolution. Enterprise customers worldwide, including healthcare, financial services, government and higher education institutions, rely on Lancope to make better network decisions, respond faster to network problem areas and avoid costly outages and downtime — at a fraction of the cost of conventional network monitoring solutions. With Lancope, you can know your network and run your business better. Privately held and venture-backed, Lancope is headquartered in Atlanta, Georgia. For more information, visit www.lancope.com. 

# # #

©2012 Lancope, Inc. All rights reserved. Lancope, StealthWatch, and other trademarks are registered or unregistered trademarks of Lancope, Inc. All other trademarks are properties of their respective owners.

Media Contacts:

Jody Ma Kissling 

770-225-6513

jma@lancope.com

Bill Keeler/Lesley Sullivan

Schwartz MSL

781-684-0770

lancope@schwartzmsl.com

*Photo by MIKI Yoshihito

• FierceMobileIT: Lancope unveils offering to tame the BYOD beast
• Help Net Security: Security for IT consumerization

Company’s NetFlow-based monitoring solution delivers comprehensive security amidst IT consumerization and growing network complexity

Atlanta, February 7, 2012 – Lancope, Inc., a leader in flow-based security and network performance monitoring, today announced that its StealthWatch® System extends comprehensive network visibility to mobile devices for the security of bring-your-own-device (BYOD) environments. By analyzing mobile device information collected from existing network infrastructure, StealthWatch cost-effectively detects issues stemming from any device on the network without having to install additional software or deploy expensive probes. Lancope will host a complimentary webinar on mobile device security later this month.

“Mobile users often circumvent corporate security policies and safeguards, and it is too cumbersome – and often impossible – to install and manage security software on every new device,” said Joe Yeager, director of product management at Lancope. “With 75 percent of companies allowing employee-owned mobile devices to be used at work, now is the time for organizations to adopt a solution like StealthWatch that leverages existing infrastructure to deliver seamless security monitoring for any device that enters the network.”

Traditional threat detection mechanisms such as probe devices, antivirus and IDS/IPS quickly become cost prohibitive and ineffective within a BYOD environment. Unlike these technologies, StealthWatch leverages NetFlow and other flow data inherent in network infrastructure to provide end-to-end visibility for dramatically improved network troubleshooting and risk posture.

Through sophisticated behavioral analysis, StealthWatch can detect and alarm on anomalous behavior originating from anywhere on the network, including users’ personal smartphones, tablets or laptops. This enables organizations to quickly and easily uncover externally-launched attacks such as botnets, worms or advanced persistent threats, as well as internal risks including network misuse, policy violations and data leakage – regardless of the device being used.

Advanced identity and application awareness further enhance security investigations by tracing the root cause of unusual behavior all the way down to the exact user and program responsible. These features also support other efforts such as network forensics and regulatory compliance. In addition to improving mobile security, StealthWatch can help ensure high levels of performance for mobile users by quickly assessing issues that may be causing a slowdown.

“Beginning this year, mobile devices will exceed PCs in both shipments and spending,” adds Yeager. “Meanwhile, Gartner has predicted that 90 percent of companies will allow corporate applications on personal devices by 2014. While conventional defenses are losing their efficacy amidst this rapidly-evolving environment, StealthWatch is filling in the gaps and providing the situational awareness needed to maintain high levels of security and performance in light of IT consumerization and BYOD.”

To register for Lancope’s complimentary webinar on mobile device security taking place on Wednesday, February 22, go to: http://www.lancope.com/news-events/webinars/mobile-device/. Further details on StealthWatch can be found at: http://www.lancope.com/products/.

About Lancope
Lancope®, Inc. is a leading provider of flow-based monitoring solutions to ensure high-performing and secure networks for global enterprises. Unifying critical network performance and security information for borderless network visibility, Lancope provides actionable insight that reduces the time between problem identification and resolution. Enterprise customers worldwide, including healthcare, financial services, government and higher education institutions, rely on Lancope to make better network decisions, respond faster to network problem areas and avoid costly outages and downtime — at a fraction of the cost of conventional network monitoring solutions. With Lancope, you can know your network and run your business better. Privately held and venture-backed, Lancope is headquartered in Atlanta, Georgia. For more information, visit www.lancope.com.

# # #

©2012 Lancope, Inc. All rights reserved. Lancope, StealthWatch, and other trademarks are registered or unregistered trademarks of Lancope, Inc. All other trademarks are properties of their respective owners.

Media Contacts:

Jody Ma Kissling

770-225-6513

jma@lancope.com

Bill Keeler/Lesley Sullivan

Schwartz MSL

781-684-0770

lancope@schwartzmsl.com

To download the full report, go to: http://www.lancope.com/resource-center/industry-reports/state-of-netflow/.

The report breaks down the issues into the following topics: 

• Overview of Network Issues
• What is NetFlow
• Malware and Policy Violation Detection
• Incident Response, Forensics and Compliance
• Network Performance and Traffic Monitoring
• Benefits of NetFlow
• Best Practices for Maximizing NetFlow Usage
• The Future of NetFlow

If you need to quickly grasp the state of current network issues then this is a critically important report to read. 

Despite 20 years of research and development in the information security industry, high-profile, damaging breaches are at an all-time high. Almost every week we hear about the compromise of supposedly hardened assets such as Symantec's AV source code, Epsilon's prized email list and Sony's PlayStation Network. Even information security powerhouses such as RSA Security have fallen victim.

As information security techniques have evolved, so have the attackers’ methods and motivations. Further compounding the dilemma is a rapidly shifting IT landscape full of technologies such as cloud computing, high-speed 10G+ network cores, IPv6, and the blustering world of social media. While many CIOs and CISOs certainly wish for an infosec endgame, the unfortunate truth is that network security is an ever evolving arms race in which rapid change is a way of life for those that wish to survive.

A Journey, Not a Destination
 

Information security has a history of one-upmanship. As new methods are developed to deal with risks posed to the enterprise, attackers find new avenues of attack, often taking advantage of emerging technology trends. In the late 90s, we saw the use of simple computer viruses and fast spreading worms. The risk was often network downtime and loss of user productivity due to lost files or slow and unresponsive workstations. IT security personnel countered these threats with firewalls, host-based anti-virus programs, and intrusion detection technologies that leveraged signatures and port-based blocking mechanisms.

Over time, attackers realized that loud, obnoxious worms and viruses were easily detectable and easily countered. Throughout the late 2000s, a shift to "low and slow" botnet-based attacks often obfuscated by encryption or non-standard port tunneling took hold, and the arms race continued. The security industry answered with dedicated data loss prevention technology, smarter firewalls, and security information management systems.

Fast forward just a few short years to 2011, and we see the dawn of hacker collectives such as Anonymous and LulzSec. The age of the directed attack or advanced persistent threat (APT) has arrived. This new brand of attack is driven by a variety of motivators including:

• Governments and state entities realizing the value of cyber warfare
  (i.e Stuxnet, Operation Aurora)
• Political, religious, and patriotic motivations
  (i.e hacker collectives such as Anonymous and LulzSec)
• The anti-sec movement, and a desire to "teach the security industry a lesson"
  (i.e RSA, Stratfor, Symantec, HBGary Federal)
• A desire for notoriety
  (i.e copy cat attacks resulting from Anonymous and LulzSec)
• Monetary motivators resulting from a sharp increase in cyber spending over the last 5 years
  (i.e record setting in holiday season of 2011)

To combat these new threats, infosec professionals look to the security industry for innovative new methods to address the infosec arms race. One such answer can be found in the emerging field of network flow analysis.

Know Your Network, Run Your Business:

Information and Visibility Win the War

Network security monitoring systems such as Lancope's StealthWatch technology are on the cutting edge of the modern security practice. Leveraging NetFlow, IPFIX, sFlow, and other network flow accounting technologies, the StealthWatch System brings a new lens to the information security landscape. Flow-based network security provides a wide range of benefits including:

• Situational awareness across the entire network on a 24x7 basis. Anywhere you have Cisco equipment you have coverage. Flows are used to create hundreds of reports that detail the activities of users, applications, attackers, and more. Flow logs found within the StealthWatch FlowCollector contain a complete account of everything that has happened on the network. You're never in the dark.
• Rapid detection and response without the need for signature updates. Lancope's StealthWatch System leverages behavioral analysis and statistical algorithms to detect and alert on suspicious network transactions and behaviors.
• Simplified virtual network visibility. Many virtual platforms such as Cisco's Nexus 1000v, Citrix Xen, and VMWare's ESX 5.0 support flows natively. No native support? No worries. Lancope provides a software-based flow visibility tool called the FlowSensor VE that easily installs and provides coverage for virtual areas that don't support flows natively.
• Affordability and ease of deployment. Lancope's StealthWatch System leverages existing network infrastructure to gather flows and analyze network behavior. There is no need for expensive 10G packet capture devices since devices such as Cisco's Catalyst 6500, 4500, and 3750-X provide the flows that are needed to detect threats.

So while the threat landscape continues to evolve, so do the countermeasures available to the modern infosec warrior. As you plan for 2012 and beyond, be sure to consider the power stored away in your routers and switches. It's already there. You just need to select a flow collection and analysis system capable of making sense of the flows. Lancope's StealthWatch System is a powerful technology that can serve as the next countermeasure in the continuing infosec arms race.

LinkedIn is one of the most important social media sites on the web. They have over 101 million members, including executives and engineers from every Fortune 500 company.   When you signup to Lancope's NetFlow Ninjas group you can participate in the most recent discussions of how NetFlow enables monitoring tools to collect NetFlow packets exported from enterprise routers and switches, generating network traffic reports that help understand the nature of the network traffic and bandwidth utilization.  

It is clear that there is a surging momentum behind the adoption of NetFlow as the de-facto protocol for network monitoring and by joining the 'NetFlow Ninjas' LinkedIn group you may  participate with some of the leading figures in this exciting technology explosion.  Click here to join the LinkedIn NetFlow Ninjas.

This CSIS report summarizes the new defense requirements for protecting cyberspace from escalating cybercrime. Although the cybersecurity industry is full of recent publications about new attacks and security breaches, it is difficult to summarize the extent these damages. Here are just a few facts taken from the CSIS research:

High-end cybercrime takes two forms. Criminals steal intellectual property (IP), either at the behest of a government or for their own use. Even small companies can be a target. Estimates of these losses are in the billions of dollars. Germany, whose economy is one-quarter the size of the U.S. economy, estimated its own IP losses due to industrial espionage at $25 billion to $50 billion, the bulk of which results from weak Internet security. Most companies do not report losses and may not even be aware of them. When Google was hacked, only one other company reported a potential loss, even though we know that more than 80 major companies were victims.

Advanced cyber criminals have capabilities that approach those of national intelligence agencies, and some criminals have close relationships with their governments. A flourishing black market supports cyber crime. In it, you can buy the latest malware, learn of recently discovered vulnerabilities, or rent “botnets” (thousands of computers remotely controlled for criminal purposes without the computer owners’ knowledge). Credit card numbers, personal information, and bank account data can be bought in bulk. Some sellers offer guarantees.

Cyber criminals also target the financial system, going after automated teller machines (ATMs), online bank accounts, and credit cards. Some crimes have been spectacular: one Russian gang took $9.8 million from ATMs over a Labor Day weekend. The chief planner is not only still at large, we do not even know his or her identity. Where law enforcement is weak, cyber criminals are safe.

In 2012 there are dozens of slated private and federal initiatives that move forward towards resolution of these issues. Many of these initiatives embrace flow-based monitoring solutions and real-time network behavioral analysis. The Lancope website contains a wealth of information about network security.

Everyday businesses, governments, organizations, schools, and consumers extend the reach of information and communications technologies. Our modern culture is interconnected by information technologies – and irreversibly dependent on it. The increased adoption of information technology has also been accompanied by the development of a new set of cyber threats:

• Advanced Persistent Threats (APTs)
• Insider threats
• Industrialized attacks
• Employee misuse & abuse
• Fully automated attacks

Just take a moment to grasp the extent of these cyber attacks:

• Hackers take down CIA website, steal Sony user data and cause mayhem for Google online security.
• Epsilon, the largest email marketing service company in the world, announced it was hacked by a group targeting the company's email lists.
• A cyber war may be on the horizon after Google accused hackers in China of breaking into the personal email accounts of US officials
• Governments, IOC and UN hit by massive cyber attack
• The Pentagon has responded saying it will consider computer sabotage an act of war and would consider responding to such acts as it would any other threat to the country.

This list is just the tip-of-the-iceberg, as sitting below the surface of these six articles are thousands of other stories about the increase in cyber threats. Obviously, this is a topic that we need to understand and Adam Powers, Lancope's CTO, will explain how to harness the latest developments in enterprise-ready flow collection and analysis solutions to help combat these threats.