Gartner Security Summit Sizes Up An Evolving Landscape of Threats

June 3, 2008

This week in Washington, D.C., security experts, analysts and even a few science fiction authors gathered at the Gartner Security Summit to talk about the next big cyber threats. Two of the most interesting trends involve threats arising from the exploding use of social networks and software as service (SaS) providers.

In both cases, attackers can direct attacks toward several organizations by first compromising SaS and social network services and then abusing the trusted relationship between users and the site to deliver malicious code. Because services like SaS and social networks are typically provided over encrypted connections, signature-based security is rendered completely ineffective.

John Pescatore, vice president and research fellow at Gartner, told Dark Reading that, “The attacker could go after Proctor & Gamble—or salesforce.com, which P&G uses, as well as hundreds of others,” They are going after shared code – software as a service, etc. – to magnify the impact of the attack.”

As the Dark Reading piece points out, the conventional response would be to bar the use of the unmanaged and potentially risky apps from the enterprise. But this bunker mentality not only deprives organizations of the significant value and power of tools like SaS, social networks and virtual worlds, it may prove to be untenable in the future.

“We’re finding a lot of clients calling it a ‘Generation X/Generation Y problem,’” Pescatore told Dark Reading, “where young users who have grown up with social networks and smart phones expect to be able to use these tools not only at home, but at work. The old IT model that tells you what you can do and use [technology-wise] is breaking.”

In addition, according to Pescatore, “There will be more tools to reverse-engineer enterprise applications on Websites,” Pescatore says. “Within two- to three years, these reverse-engineering tools will be so easy to use that the next round of application-level attacks will be against every type of software you can think of.”

In such a climate, the already overwhelming pace at which new attacks outrun the capacity of conventional security to handle them will only accelerate. Real-time cyber intelligence tools, such as NeuralIQ’s Q5 Intrusion Forensics Systems, which give organizations the power to identify and respond to attacks in real time, are integral to meeting future security challenges. The Q5, for example, is able to peer directly into system memory, beneath the encryption layer, so attacks over encrypted channels are laid bare. The information threat landscape is constantly evolving. Shouldn’t your security do the same?

NeuralIQ Q5: A New Category in Information Security

February 4, 2008

Putting NeuralIQ Q5 into a category like other security products is difficult. In fact, NeuralIQ Q5 establishes a new category: the Intrusion Forensic System.

Most security products have a limited range of detection and protection. Some can work on the network, some on the host. Those on the network have only a narrow range of detection. Several vendors have moved to Unified Threat Management (UTM). UTM refers to a comprehensive security product that includes protection against multiple threats. A UTM product typically includes a firewall, antivirus software, content filtering and a spam filter in a single integrated package. So UTM is only as good as the weakest component in its package. If the antivirus scanner is excellent but the firewall in the system is not tuned appropriately your protection is compromised.

No network traffic or host activity escapes Q5 detection. NeuralIQ Q5 Intrusion Forensic System enhances protection at every level of the network stack. Regardless of which systems you use to protect your hosts and network, Q5 can make your systems smarter, more agile, and easier for you to use.

Feature: Visualize Operating System and Attacks in Real Time

October 29, 2007

Neuralon is a next-generation interface for visualizing operating system activity. It’s a three-dimensional graph that takes data captured by NeuralIQ’s Q5 Series intrusion forensics systems and converts the data into an interactive tool for monitoring, navigating, and analyzing attacks in real time. Nodes are coded to represent processes, ports, and attackers. Neuralon allows users to quickly identify what processes are under attack, the port over which the attack is made, and the attacker initiating the connection.

Neuralon can be used to monitor system activity live, or you can use it as a time machine, allowing you to visually search your system’s interactions in the wild. Scrub through the event line to locate regions of interest. Tens of millions of database rows containing valuable forensic intelligence are at your fingertips without having to pore through massive logs. Fully integrated into NeuralUI, the frontend for the Q5 Series, users can drill down into exactly the detailed forensic information they need, including attacker history, packet stream visualization, and host activity.

Event Horizon: The World’s First Real-Time Forensic Honeygrid

September 10, 2007

Last night NeuralIQ launched Event Horizon, a global network of high-interaction honeypots that are subject to real-time forensic analysis. Built from NeuralIQ’s Q5 series of intrusion forensics systems (IFS), Event Horizon collects signatures, reverse-engineered shellcode, and vulnerability data acquired by the honeygrid and pools them into a central database.

Event Horizon, which is named after the maximum observable distance in the universe, reflects the Q5’s ability to capture all operating system data for virtualized guest decoys while remaining completely outside the decoys, within the host hypervisor. All interaction with the decoys is funneled into the Q5’s multi-layered forensics engine while remaining invisible to attackers.

Because Event Horizon receives signatures, exploit code, and a wealth of forensic intelligence in real time, it marks the first time that the security industry will have the ability to mount a zero-day response to zero-day attacks.

“Information security has found itself in a reactive posture for too long,” said NeuralIQ CTO Alen Capalik. “Researchers will never be able to predict all the ways attackers will circumvent their defenses and exploit their systems. Yet by learning directly from attackers in real time and pooling that knowledge, at least we can tip the balance of power back into our favor.”

The rapid analysis and collection of intrusion intelligence from around the world also gives a whole new view to “the anatomy of a hack.” In addition to making otherwise static, signature-based systems much more agile and giving security professionals the information they need to close vulnerabilities at their source, Event Horizon offers the promise of observing attack patterns as they evolve on a global scale.

“The power of a single IFS is formidable. When you start connecting these systems around the world and let them learn from each other, however, the possibilities are truly extraordinary,” said CEO Stan Eramia. “Right now we’re just excited to be collecting data, but over the coming months, things are really going to start getting interesting.”