Wan Zhaoyun Safety Equipment released

In the area of digital crime (cyber criminal), what should we do when attackers have been linked in a chain of interests and designed and implemented various types of attacks in a cooperative manner?


last week, in RSA2009 's opening keynote speech, RSA Executive Director Art Coviello gave his answer, "creative cooperation (inventive collaboration)".


Coviello that in the current security situation, the information security of various organizations, enterprises, experts and scholars, should also adopt a cooperative approach to respond, so as to ensure that not behind the attackers, better protect the public interest. In his keynote speech, "A Common call:architecting a New information security landscape", he appealed to users, government agencies, information-safety companies, and other forces to unite to address cyber and digital threats. And for the industry's manufacturers, Coviello also warned that in the process of combating cyber criminals, only the integration of different products into an infrastructure, in order to effectively protect the enterprise resources. Coviello added, "Businesses must be clear that you are the entire security system in operation, not individual individuals in play." ”


in fact, "cooperation" has indeed become this year's RSA conference to become a majority of participants recognized the theme.

"We are actually working together and in some ways the cooperation with Microsoft has gone beyond common product cooperation and standards," said Galloway, vice president of
Cisco Wireless/Security technology. We have been working to solve the interoperability of products, and there are many opportunities for us to integrate the products of security vendors into our technology. ”

"We all have a common enemy," said Scott Charney, vice president of
Microsoft's Trusted computing division. So we've seen a lot of vendors in the industry working together through open or private channels and giving the best solutions. ”


last year's RSA conference, Microsoft's chief research and strategic management Craig Mundie proposed a end-to-end credible plan that has shown that Microsoft is actively seeking partnerships with more partners, In the RSA Conference, Charney a new idea for End-to-end's credible plan, saying that Microsoft will make more efforts to make the security industry, consumers and policymakers seriously explore cybersecurity issues.


　


Eliminating the blind

of virtual environment security

Security in a virtualized environment is an important issue for the General Assembly.
The virtual receptacle homeowner Platform, launched by IBM, is designed for virtual networks, including network intrusion prevention Systems (IPS), which is the result of the Phantom program of IBM ISS. Previously, ISS actually had IPs software, but there was still a blind spot in the use of traditional IPs products in virtual environments where virtual machines shared the same hardware and replicated to other physical machines. IBM also launched a new application called receptacle Security controller, which is designed to summarize the IPs power of multiple IBM Proventia IPs GX6116 applications and link to 10Gbps networks The device's approach allows customers to avoid replacing existing IPs devices when upgrading to a 10Gbps network.
Similarly, Cisco has released security cloud services, the 7.0 version of IPs sensor software, the 8.2 series of ASA 5500 series, the new ASA botnet traffic filter, as well as improvements to its remote access and VPN technology, and other deliverable products.
It is noteworthy that a British start-up named Syphan Technology has launched a cloud-based, gigabit-per-second security service platform. The company says that if deployed in an enterprise environment, a ITC220 device can support 1000 virtual local area networks (VLANs) and provide services such as intrusion prevention, firewalls, denial of service protection, data loss protection, and content filtering capabilities. In addition to high-bandwidth performance, the device has a latency of only 64 nanoseconds because it uses a field programmable gate array (FPGA) to process content filtering. This speed makes it unnecessary for the system to be backed up when the packet passes through the device. To speed up the hardware, the device breaks down the filtering of data into micro tasks that can be performed in parallel, which the company calls the process Stealthtrap. Not only that, the device can also save 16 million data flow states in memory and find a partial match for known attacks.

Fighting Zombie Networks

At the RSA meeting, security researcher Joe Stewart also raised the need for international cooperation to fight back and defeat the most malicious attacker on the internet-the botnet, only the volunteers of ad hoc organizations. Joe Stewart, director of the Malware Research Division of the American SecureWorks Company, has been actively promoting security researchers to develop a multi-party program.
He said in an interview, "If you look at how criminals think about whether to continue their plans, you will find that they may be affected by three factors: risk, effort, return, we should be in these three aspects of the overall fight these guys." "In doing so, you need to build important groups that are dedicated to specific botnets or cybercrime in a secret way."
Stewart expects that this will require international efforts and will involve a global treaty signed by every country connected to the Internet. Each country will have an autonomous system, in which the autonomous system, together with the border routers, is responsible for dealing with the various malicious activities generated in the network.
as part of the Treaty, there should be a basic control procedure that enforces enforcement to avoid IP spoofing among members. Each country should have a CERT (Computer Emergency Response Team) certificate, which has the legal authority to give network operators responsibility. It will also create a problem of information abuse among global institutional management researchers, law enforcement and certs certification in each country. Information from researchers and suppliers will be shared to ensure that they are aware of the latest advances in dealing with related malware.
In addition, companies such as Microsoft, Symantec, EMC and McAfee have also released many new products.