http://www.guardium.com/index.php/pr/923
Helps Organizations Safeguard Critical Enterprise Data
Trusted information lies at the center of today’s business transformations. To succeed in today’s dynamic business environment, organizations must unlock the value of critical information stored in silos within and outside of the organization, while still safeguarding it from unauthorized access or changes.
The acquisition of Guardium will enable IBM clients to maintain trusted information infrastructures by continuously monitoring access and activity to protect high-value databases against threats from legitimate users and potential hackers. It will also help clients streamline compliance processes for ever-changing industry and government mandates with centralized and automated controls for all major platforms.
The combination of IBM and Guardium technology will help organizations safely realize the promise of business analytics and use trusted information to drive smarter business outcomes. Designed for cross-platform environments, Guardium’s technology identifies patterns and anomalies in data access and usage allowing organizations to maintain the integrity of their data and turn it into a strategic business asset. The monitoring capabilities of Guardium’s technology also detect fraud and unauthorized access via enterprise applications such as an organization’s ERP, CRM or Data Warehousing solutions.
“Organizations are grappling with government mandates, industry standards and business demands to ensure that their critical data is protected against internal and external threats,” said Arvind Krishna, general manager, IBM Information Management. “This acquisition is another significant step in our abilities to help clients govern and monitor their data, and ultimately make their information more secure throughout its lifecycle.”
The Washington Metropolitan Area Transit Authority (Metro) operates the second largest rail transit system in the United States and transports more than a third of the federal government to work. Washington Metro needed to safeguard sensitive customer data and simplify compliance with the Payment Card Industry Data Security Standard (PCI-DSS), without impacting performance or changing database configurations. With more than 9 million credit and debit card transactions yearly, Metro is classified as a top-tier Level 1 merchant by the PCI-DSS standard. With Guardium’s technology, Metro gained granular visibility into all database transactions, allowing them to protect the privacy and integrity of their critical data and identify potential fraud in their ERP/HR system.
According to the recent IBM Global CIO Study, one in three business leaders frequently make decisions based on information they do not trust or do not have. With renewed focus on transparency and accountability, businesses and government agencies cannot afford to make decisions based on data that has been compromised. To succeed, organizations need to maintain a vigilant real-time watch on database access to protect enterprise data and comply with regulatory requirements such as HIPAA and the European Data Protection Directive, the U.S. federal government’s NIST 800-53 standard and industry mandates such as the PCI-DSS.
“Guardium gives clients unprecedented visibility and control over their data access activities while taking advantage of automation to deliver rapid return on investment,” said Ram Metser, chief executive officer of Guardium. “The combination of IBM and Guardium provides clients with a comprehensive solution for safeguarding critical enterprise information and preventing fraud without the complexity of traditional approaches.”
This acquisition extends IBM’s business analytics strategy, including the range of offerings available through IBM’s recently-announced Business Analytics and Optimization Consulting organization with 4,000 consultants, a network of analytics solution centers, and an overall investment of more than $12 billion in organic growth and acquisitions.
IBM will integrate Guardium within IBM’s Information Management Software portfolio which has more than 35,000 experts dedicated to helping clients use information as a strategic asset to transform their business. This marks the 28th acquisition to support the Information Management initiative.
For more information about IBM Information Management, visit http://www-01.ibm.com/software/data/information-on-demand/.
For more information on IBM Analytics: on Twitter, Business Analytics & Optimization Press Kit and Analytics: How it Works on YouTube.
###
IBM, Information on Demand is a trademark or registered trademark of International Business Machines Corporation. For a list of additional IBM trademarks, please see www.ibm.com/legal/copytrade.shtml
All other company, product or service names may be trademarks or registered trademarks of others. Statements concerning IBM’s future development plans and schedules are made for planning purposes only, and are subject to change or withdrawal without notice.
PTECH diagram
http://www.bollyn.com/public/Ptech_diagram.pdf
EXCERPTS:
1) Spielberg Docudrama
2) IBM-Guardium
IBM in late November acquired Guardium, an Israeli start-up, currently a Boston-based developer of data security systems, for $225B. Guardium, a spin-off of Israel's Log-On Software, is officially American, having moved all of its operations to Boston in 2003.
IBM in late November acquired Guardium, an Israeli start-up, currently a Boston-based developer of data security systems, for $225B. Guardium, a spin-off of Israel's Log-On Software, is officially American, having moved all of its operations to Boston in 2003.
The company's management has changed, but is Israeli. One founder, Lior Tal, who also founded start-ups Insightix and SlickAccess, left Guardium when the company relocated to America. One source told Ha'aretz: “The technology is Israeli. The investors are Israeli, the management is partly Israeli and the entrepreneurs are Israeli. True, they moved to the United States and there are now 50 to 60 employees in Herzliya Pituah and Ra'anana who will become rich. But that does not change the fact that it is an exit with an Israel component.”
develops solutions that allow secure access to enterprise data, including databases from IBM, Oracle, Microsoft and others. It also monitors the software for unauthorized access. Steven Spielberg will soon begin filming a docudrama series set in Jerusalem's Shaare Zedek medical center. It will be the first co-production between Dreamworks Studios, in which Spielberg is a partner, and Israeli producer. Spielberg emphasized that, despite his long-time ties to Israel, the project is a commercial production to be marketed globally.
Guardium
A Mossad front
company which
provided hostile spy
software to at least 18
federal agencies.
http://forum.prisonplanet.com/index.php?topic=109378.0
http://www.guardian.co.uk/technology/2010/sep/24/stuxnet-worm-national-agency
Stuxnet: Ahmadinejad admits cyberweapon hit Iran nuclear program
President Mahmoud Ahmadinejad says that a computer worm incapacitated some centrifuges of the Iran nuclear program. The worm was surely Stuxnet, experts say.
http://forum.prisonplanet.com/index.php?topic=109378.0
http://www.guardian.co.uk/technology/2010/sep/24/stuxnet-worm-national-agency
Stuxnet worm is the 'work of a national government agency'
Malware believed to be targeting Iran's Bushehr nuclear power plant may have been created by Israeli hackers
A computer worm which targets industrial and factory systems is almost certainly the work of a national government agency, security experts told the Guardian – but warn that it will be near-impossible to identify the culprit.
Graph shows concentration of Stuxnet-infected computers in Iran as of August. Photograph: Symantec Latest figures, from August, show 60% of computers infected by Stuxnet are located in Iran – dramatically up from July, when it accounted for less than 25% of infections, research by Symantec shows, with the graph below (from 4 August) showing the prevalence in other countries by comparison. The company estimates that the group building Stuxnet would have been well-funded, comprising between five and 10 people, and that it would have taken six months to prepare.
Alan Bentley, senior international vice president at security firm Lumension, said Stuxnet is "the most refined piece of malware ever discovered", and that the worm was significant because "mischief or financial reward wasn't its purpose, it was aimed right at the heart of a critical infrastructure".
Stuxnet works by exploiting previously unknown security holes in Microsoft's Windows operating system. It then seeks out a component called Simatic WinCC, manufactured by Siemens, which controls critical factory operations. The malware even uses a stolen cryptographic key belonging to the Taiwanese semiconductor manufacturer RealTek to validate itself in high-security factory systems.
The worm then takes over the computer running the factory process – which for WinCC would be "mission-critical" systems which have to keep functioning under any circumstance – and "blocks" it for up to a tenth of a second. For high-speed systems, such as the centrifuges used for nuclear fuel processing being done by Iran, that could be disastrous, experts suggested.
US army forces are aware of the threat posed by Stuxnet, general Keith Alexander confirmed this week, saying early indications showed that the worm was "very sophisticated".
Clulely told that Guardian that Siemens has "astonishingly" advised power plants and manufacturing facilities not to change the default password that allows access to functions, despite it being exploited by Stuxnet and being "public knowledge on the web for years".
Alan Bentley, SVP International at Lumension, told the Guardian: "There is a lot of circumstantial evidence to suggest that Iran was the target of Stuxnet. We know that the worm was designed with a specific target in mind – its makeup and the way it executes render the tell-tale signs.
"Combine this with the fact that the worm was identified by a Belarusian security firm working for an Iranian client and the fact that the nuclear power plant was not working properly for months, it is understandable that speculation points towards Iran as the target. But, without being inside the walls of the Bushehr nuclear power plant, we can't be certain."
"It's significant because it's not just the malware but the vulnerability to infect machines – if this had been in more traditional, criminal hands it could have been more widely used, like Conficker was. This was a powerful vulnerability it exploited and usually either you sell it for a lot of money or use it for mass criminality."
David Emm, a senior security researcher at Kaspersky Lab, told the Guardian: "We think that Stuxnet's sophistication, purpose and the intelligence behind it suggest the involvement of a state.
The experts agree that Stuxnet marks a shift away from malware deployed for financial gain to controlling critical machinery. We are now moving into a "third age" of cyber crime, Clulely said, where the intention of making money from technical exploits is replaced by an intention to bring down critical infrastructure. "We're entering this third age as well, where there are political, economic and military ways in which the internet can be exploited – and malware can be used – to gain advantage by foreign states.
"I think we will see more and more attacks which will be blamed on state-sponsored cyber attacks. There have been numerous attacks in the past which could be said to have possible military, political or economic motives, but it is very difficult to prove that a hack was ordered by Mossad or instead dreamt up by a Macclesfield student."
http://www.csmonitor.com/USA/2010/1130/Stuxnet-Ahmadinejad-admits-cyberweapon-hit-Iran-nuclear-program
The "Stuxnet" computer worm, which has been described as one of the "most refined pieces of malware ever discovered", has been most active in Iran, says the security company Symantec – leading some experts to conjecture that the likely target of the virus is the controversial Bushehr nuclear power plant, and that it was created by Israeli hackers.
Speaking to the Guardian, security experts confirmed that Stuxnet is a targeted attack on industrial locations in specific countries, the sophistication of which takes it above and beyond previous attacks of a similar nature.Graph shows concentration of Stuxnet-infected computers in Iran as of August. Photograph: Symantec Latest figures, from August, show 60% of computers infected by Stuxnet are located in Iran – dramatically up from July, when it accounted for less than 25% of infections, research by Symantec shows, with the graph below (from 4 August) showing the prevalence in other countries by comparison. The company estimates that the group building Stuxnet would have been well-funded, comprising between five and 10 people, and that it would have taken six months to prepare.
Alan Bentley, senior international vice president at security firm Lumension, said Stuxnet is "the most refined piece of malware ever discovered", and that the worm was significant because "mischief or financial reward wasn't its purpose, it was aimed right at the heart of a critical infrastructure".
However Graham Cluley, senior consultant with the online security company Sophos, warned against jumping to conclusions about the target of the attack, saying "sensationalist" headlines were "a worry". Clulely is wary of reports linking Stuxnet with Israel: "It's very hard to prove 100% who created a piece of malware, unless you are able to gather evidence from the computer they created it on – or if someone admits it, of course."
But he said that its characteristics did not suggest a lone group. "I think we need to be careful about pointing fingers without proof, and I think it's more appropriate – if true – to call this a state-sponsored cyber attack rather than cyber terrorism."Stuxnet works by exploiting previously unknown security holes in Microsoft's Windows operating system. It then seeks out a component called Simatic WinCC, manufactured by Siemens, which controls critical factory operations. The malware even uses a stolen cryptographic key belonging to the Taiwanese semiconductor manufacturer RealTek to validate itself in high-security factory systems.
The worm then takes over the computer running the factory process – which for WinCC would be "mission-critical" systems which have to keep functioning under any circumstance – and "blocks" it for up to a tenth of a second. For high-speed systems, such as the centrifuges used for nuclear fuel processing being done by Iran, that could be disastrous, experts suggested.
US army forces are aware of the threat posed by Stuxnet, general Keith Alexander confirmed this week, saying early indications showed that the worm was "very sophisticated".
Clulely told that Guardian that Siemens has "astonishingly" advised power plants and manufacturing facilities not to change the default password that allows access to functions, despite it being exploited by Stuxnet and being "public knowledge on the web for years".
Alan Bentley, SVP International at Lumension, told the Guardian: "There is a lot of circumstantial evidence to suggest that Iran was the target of Stuxnet. We know that the worm was designed with a specific target in mind – its makeup and the way it executes render the tell-tale signs.
"Combine this with the fact that the worm was identified by a Belarusian security firm working for an Iranian client and the fact that the nuclear power plant was not working properly for months, it is understandable that speculation points towards Iran as the target. But, without being inside the walls of the Bushehr nuclear power plant, we can't be certain."
Rik Ferguson, senior security adviser at Trend Micro, said: "Initially, it looks like a targeted attack. It saw a high percentage of infections concentrated in the Middle East. Iran being one. There's every possiblity that the [other countries affected] may have been collateral damage."
Asked whether a nation state was behind the attack, Ferguson said: "The truth is we don't know. But we can look at the concentration [of the attacks]. I don't think we can call this cyberwarfare, I would call it modern espionage. Countries have been spying on their neighbours for years – as the technology has improved, espionage has always improved, and this is step in that direction."It's significant because it's not just the malware but the vulnerability to infect machines – if this had been in more traditional, criminal hands it could have been more widely used, like Conficker was. This was a powerful vulnerability it exploited and usually either you sell it for a lot of money or use it for mass criminality."
David Emm, a senior security researcher at Kaspersky Lab, told the Guardian: "We think that Stuxnet's sophistication, purpose and the intelligence behind it suggest the involvement of a state.
"This is a very sophisticated attack – the first of its kind – and has clearly been developed by a highly skilled group of people intent on gaining access to SCADA [supervisory control and data acquisition] systems – industrial control systems for monitoring and managing industrial infrastructure or facility-based processes. In contrast to the bulk of indiscriminate cybercrime threats on the internet, this has been aimed at very specific targets. It's different also because there's no obvious financial motivation behind the attack – rather the aim seems to be to sabotage systems."
However, John Pescatore, vice president for internet security at Gartner, said it was "definitely not the case" that Stuxnet would have required state sponsorship. "We've seen similarly targeted software going after credit card readers for financial gain in the past," he said. "Governments have no monopoly on the talent. We've seen attacks that looked like they were state-sponsored in the past launched by hackers for attention or citizens' groups. You cannot tell just by looking at where it landed."The experts agree that Stuxnet marks a shift away from malware deployed for financial gain to controlling critical machinery. We are now moving into a "third age" of cyber crime, Clulely said, where the intention of making money from technical exploits is replaced by an intention to bring down critical infrastructure. "We're entering this third age as well, where there are political, economic and military ways in which the internet can be exploited – and malware can be used – to gain advantage by foreign states.
"I think we will see more and more attacks which will be blamed on state-sponsored cyber attacks. There have been numerous attacks in the past which could be said to have possible military, political or economic motives, but it is very difficult to prove that a hack was ordered by Mossad or instead dreamt up by a Macclesfield student."
http://www.csmonitor.com/USA/2010/1130/Stuxnet-Ahmadinejad-admits-cyberweapon-hit-Iran-nuclear-program
President Mahmoud Ahmadinejad says that a computer worm incapacitated some centrifuges of the Iran nuclear program. The worm was surely Stuxnet, experts say.
Iran's president Monday appeared to confirm what cybersecurity experts have been saying for weeks: that a new type of malicious software – a cyber guided missile called Stuxnet – has hammered that nation's nuclear-fuel centrifuge facilities.
Skip to next paragraphAlthough he did not mention Stuxnet by name, Iranian President Mahmoud Ahmadinejad for the first time admitted that malicious software code had damaged the nation's centrifuge facilities. The statement, cybersecurity experts say, makes it all but conclusive that Stuxnet caused problems for Iran's centrifuges. In a seemingly related move, Iran temporarily halted its nuclear fuel enrichment processes, according to a report issued earlier this month by the International Atomic Energy Agency.
"They succeeded in creating problems for a limited number of our centrifuges with the software they had installed in electronic parts," Mr. Ahmadinejad told reporters at a news conference, Reuters reported. "They did a bad thing. Fortunately our experts discovered that and today they are not able [to do that] anymore."
The admission seemed to directly link problems at Iran's centrifuge facilities to the Stuxnet worm. California antivirus company Symantec and German researcher Ralph Langner, among others, had previously concluded that Stuxnet was designed specifically to target power supplies that control the motors in centrifuge plants of the precise type and configuration that Iran uses – and to cause them to spin out of control.
Prior to Ahmadinejad's statement, Iranian officials had admitted only that Stuxnet had infiltrated computers at its nuclear facilities, denying that Stuxnet or any other software code had harmed its Natanz centrifuge nuclear fuel-enrichment facilities. Vice President Ali Akbar Salehi, head of the Iran's Atomic Energy Organization, in mid-November denied that the nation's nuclear program had been harmed by the Stuxnet computer worm.
"Fortunately the nuclear Stuxnet virus has faced a dead end," he told Iran state media. But Ahmadinejad's comments appeared to experts to trump Mr. Salehi's claim and further confirmed that Stuxnet had indeed wreaked havoc on Iran's centrifuges.
"Combined with the analysis that Symantec did ... we can now pretty much close the case on who [was] the target," Eric Byres, a Vancouver-based industrial control systems expert who has created software to counter Stuxnet, wrote on his blog Monday.
Mr. Byres and other cybersecurity experts told the Monitor they believe the ultra-sophisticated Stuxnet worm was developed by a nation state with major cyberweapons expertise. The United States and Israel are often cited as likely suspects, although there is no conclusive evidence aside from hints in the code that appear to point to Israel – but which could have easily been placed by another nation state that wanted to deflect blame.
"It is unlikely that there is another [nuclear centrifuge] site that would use the specific Vacon and Fararo Paya drives in the configuration that Stuxnet expects," Mr. Byres noted, referring to power supplies and motors targeted by Stuxnet and reportedly used in Iran's centrifuge plants. "Since Iran admits that their centrifuges were damaged, then that particular attack sequence must have been designed for the Natanz nuclear site and other sites copied from it."
In an intriguing but unconfirmed footnote, Byres's blog cites an anonymously sourced report on the DEBKAfile, a Jerusalem-based website that reports on intelligence matters and military affairs. It reported that the Iranian scientist assassinated in Tehran on Monday was Iran's leading Stuxnet expert.
While the claim that the dead scientist was a Stuxnet expert could not be immediately confirmed, Byres noted it as a reminder that when cyberwarfare breaks out and encroaches on the real world, it's not just industrial equipment that breaks.
"If this is true, then Stuxnet is moving from a cyberwar to a shooting war," he wrote.
Skip to next paragraph
Related Stories
"They succeeded in creating problems for a limited number of our centrifuges with the software they had installed in electronic parts," Mr. Ahmadinejad told reporters at a news conference, Reuters reported. "They did a bad thing. Fortunately our experts discovered that and today they are not able [to do that] anymore."
The admission seemed to directly link problems at Iran's centrifuge facilities to the Stuxnet worm. California antivirus company Symantec and German researcher Ralph Langner, among others, had previously concluded that Stuxnet was designed specifically to target power supplies that control the motors in centrifuge plants of the precise type and configuration that Iran uses – and to cause them to spin out of control.
Prior to Ahmadinejad's statement, Iranian officials had admitted only that Stuxnet had infiltrated computers at its nuclear facilities, denying that Stuxnet or any other software code had harmed its Natanz centrifuge nuclear fuel-enrichment facilities. Vice President Ali Akbar Salehi, head of the Iran's Atomic Energy Organization, in mid-November denied that the nation's nuclear program had been harmed by the Stuxnet computer worm.
"Fortunately the nuclear Stuxnet virus has faced a dead end," he told Iran state media. But Ahmadinejad's comments appeared to experts to trump Mr. Salehi's claim and further confirmed that Stuxnet had indeed wreaked havoc on Iran's centrifuges.
"Combined with the analysis that Symantec did ... we can now pretty much close the case on who [was] the target," Eric Byres, a Vancouver-based industrial control systems expert who has created software to counter Stuxnet, wrote on his blog Monday.
Mr. Byres and other cybersecurity experts told the Monitor they believe the ultra-sophisticated Stuxnet worm was developed by a nation state with major cyberweapons expertise. The United States and Israel are often cited as likely suspects, although there is no conclusive evidence aside from hints in the code that appear to point to Israel – but which could have easily been placed by another nation state that wanted to deflect blame.
"It is unlikely that there is another [nuclear centrifuge] site that would use the specific Vacon and Fararo Paya drives in the configuration that Stuxnet expects," Mr. Byres noted, referring to power supplies and motors targeted by Stuxnet and reportedly used in Iran's centrifuge plants. "Since Iran admits that their centrifuges were damaged, then that particular attack sequence must have been designed for the Natanz nuclear site and other sites copied from it."
In an intriguing but unconfirmed footnote, Byres's blog cites an anonymously sourced report on the DEBKAfile, a Jerusalem-based website that reports on intelligence matters and military affairs. It reported that the Iranian scientist assassinated in Tehran on Monday was Iran's leading Stuxnet expert.
While the claim that the dead scientist was a Stuxnet expert could not be immediately confirmed, Byres noted it as a reminder that when cyberwarfare breaks out and encroaches on the real world, it's not just industrial equipment that breaks.
"If this is true, then Stuxnet is moving from a cyberwar to a shooting war," he wrote.
No comments:
Post a Comment