This week the focus was principally on security as Google warned that some accounts may be the focus of state sponsored attacks, while IBM offered security components for mobile devices. Also this week, both RSA and Lockpath upgraded their GRC platform offerings.
Google Warns of Attacks
It seems that Google email accounts may be the target of state-sponsored attacks. This is not rumor or hearsay, but a warning that appears on the Google security blog and published by Eric Grosse, VP Security Engineering, at Google yesterday.
In the post, he says that Google has specific intelligence that indicates that certain accounts may be the target of attacks.
We are constantly on the lookout for malicious activity on our systems, in particular attempts by third parties to log into users’ accounts unauthorized,” he says.
When we have specific intelligence -- either directly from users or from our own monitoring efforts -- we show clear warning signs and put in place extra roadblocks to thwart these bad actors.”
He doesn’t identify what group of users is the possible target of the attacks, but he seems pretty sure that there is a threat -- so much so that on the blog there is a screenshot of the warning that will appear if your account has been attacked.
If the warning appears, he says, it doesn’t mean that the account has been compromised, only that an attempt has been made to subvert your account.
He continues: “…It just means that we believe you may be a target, of phishing or malware for example, and that you should take immediate steps to secure your account.
Here are some things you should do immediately: create a unique password that has a good mix of capital and lowercase letters, as well as punctuation marks and numbers; enable 2-step verification as additional security; and update your browser, operating system, plugins, and document editors…”
This is real cloak-and-dagger stuff. Google doesn’t say how it knows about this, where the treat comes from or why accounts might be attacked.
But it’s probably not too difficult to speculate as to who might be behind it. That said, there are all kinds of rogue groups, sponsored by rogue states so it could be any one of a substantial enough list. Best to be secure, just in case you end up in the crossfire.
IBM Upgrades Mobile Security
And in the security space, IBM has announced software to help organizations develop mobile applications that are more secure by design.
With it, users can build security into the initial design of their mobile applications so that vulnerabilities will be detected early in the development process
According to the 2011 IBM X-Force Trend and Risk Report, mobile exploits increased by 19% in 2011. In addition, according to the recently released data from the IBM Center for Applied Insights study, 55% of respondents cited mobile security as a primary technology concern over the next two years.
As well as mobile application testing capabilities, there are significant new capabilities from which customers can benefit:
- Integration with IBM's QRadar Security Intelligence Platform allows for increased Security Intelligence when an application is moved into production. By correlating known application vulnerabilities with user and network activity, QRadar can raise or lower the priority score of security incidents.
- A new Cross Site Scripting (XSS) analyzer that uses a learning mode to evaluate millions of potential tests from less than 20 core tests. This new XSS analyzer finds more XSS vulnerabilities faster than any previous version of AppScan.
- New static analysis capabilities help companies adopt broad application security practices through simplified on-boarding of applications and empowering non-security specialists to test faster than with prior releases.
- Predefined and customizable templates provide development teams the ability to focus on a rule set prioritized by their security teams, helping corporations focus on key issues for them across their organization
In addition to the QRadar integration, AppScan offers integration points with IBM Security Network IPS and IBM Security SiteProtector.
IBM says it aims to provide a comprehensive and integrated security framework for applications across the development and production lifecycle.
RSA Upgrades Archer eGRC
The new Archer eGRC Platform provides additional scalability, improved usability and advanced reporting, while new RSA Archer solutions have been developed for PCI Compliance and Regulatory Change Management.
Improved internal audit capabilities offer users the opportunity to connect auditing with enterprise controls -- a crucial first step in integrating compliance within an overall risk management strategy.
Additionally, RSA has launched an updated RSA Archer Community and Exchange platform providing members with expanded tools and resources to facilitate collaboration and help drive innovation for the RSA Archer GRC Platform.
Enhancements have been added that are designed to provide improved usability and additional scalability and functionality for customers including:
- Flexible packaging capabilities
- Advanced reporting with introduction of additional statistical functions
- Expanded international capabilities designed to enable bi-directional languages
- Enhanced usability and user interface
- Improved index and tagging capabilities
RSA has also announced that it is collaborating with RiskBusiness, an international risk advisory firm. As a result, RSA Archer customers can identify risk taxonomy and key risk indicators (KRIs) that can be integrated into their RSA Archer eGRC framework.
The new RSA Archer GRC Platform v5.2, RSA Archer GRC Solutions and RSA Archer Community and Exchange are all currently available to Archer customers.
LockPath Launches Continuity Manager
Finally this week, GRC vendor LockPath has announced the launch of Business Continuity Manager. The tool is part of Keylight 2.4, the latest version of the company's GRC platform.
Unlike traditional GRC tools, Business Continuity Manager provides common forms for business continuity out of the box and lets customers use any standard web browser to match Keylight to the company's distinct business continuity processes and needs.
Key Business Continuity Manager features:
- Business Impact Analysis
- Business Continuity Plans that offer users pre-built forms, workflows and notifications to build business continuity
- Teams and Contacts that enables the appointment of a team leader, identification of a team of essential personnel and definition of critical vendors
- Document Management enabling users to more easily export business continuity plan content with supporting documents