Securonix has selected industry veteran, Peter Christou, as VP International Sales, to spearhead their aggressive global growth plans. Joining Peter, in the London UK office as Technical Director will be Simon Moffatt, who has spent many years in the security and compliance markets.

Christou has spent over 20 years in the Security market and been involved in a number of successful international start-ups including, Gradient Technologies, Open Environment Corporation, Breach Security, LogLogic, LogRhthym and NitroSecurity. He joins Securonix from NitroSecurity, where he was Vice President, International Sales, prior to their recent acquisition by McAfee.

“Before joining Securonix, I looked at a number of other opportunities, but what convinced me to join Securonix was their unique products, and the huge market potential for them. Not only was I excited about their technology, but I was also impressed with the dynamism of the company and the professionalism of their team” said Christou.

Moffatt will be responsible for driving the technical delivery, enablement and strategy to the EMEA operations. He brings over 10 years experience in technical leadership roles, having held positions at Sun Microsystems and Oracle Corporation. “Insider threat and abnormal user activities are key concerns for many organisations attempting to secure interconnected and complex business environments. Securonix is the leader in behaviour profiling and adaptive analytics and I’m eager to help develop the business further in the region“, said Moffatt.

“We are very pleased to have Peter and Simon join our team, to spearhead our International growth. Both have a wealth of experience in the security and compliance space and close relationships with some of the largest corporations, MSSP’s, Integrators and Resellers in the market. They have excellent reputations in our market, and are a tremendous asset to our company”. said Sachin Nayyar, CEO of Securonix.

The week long event was held in the wonderful southern Spanish city of Malaga, famous for it’s tapas, fresh fish and marina, for the worlds rich and famous yacht owners.

The main themes during the week were clearly focused on the rise of big security data, how it can be managed, assessed and responded to.  Security across the entire organisation now requires complete solutions covering the end to end life cycle protection of information assets, from storage to transit and accessibility.

This solution driven approach encompasses a wide array of attack vector counter measures, analytics, management, compliance and reporting, resulting in huge amounts of security data.  This ‘big’ security data can be generated from numerous sources such as event and transaction monitoring, alerting platforms, identity management sources and threat dictionaries for example.

As organisations develop, using more flexible approaches to work (home working, Bring Your Own Device), engaging in more supplier chain and partner integration and utilising more complex and distributed systems, the need for detailed analytics and intelligent security response is key.

Content and context, play a central part in being able to identify where the highest risk resides within the organisation, from a personnel, data, event, transport, resource and device perspective.

The role of behaviour profiling is also a major component of being able to identify whether an event is of a high risk to the organisation and if it was malicious or non-malicious.  Profiling, along with peer group comparisons, make it easier to help identify the security exceptions from the white noise of data and help drive real time compliance and remediation and ultimately prevention.

A great week with thought provoking discussions, demonstrations and great tapas!

Apr 2012, Los Angeles, California:  Securonix, industrys first Security Intelligence Platform that automatically detects emerging and advanced targeted IT threats, announced today that they have been recognized as a cool vendor in the context aware computing industry by Gartner. According to the report titled “Cool Vendors in Context-Aware Computing, 2012″ (1) published by Avivah Litan, et al at Gartner,

“Products and services that support context-aware computing should be used to enhance user interactions with enterprises and service providers. This will ultimately benefit all parties by creating richer and often more-profitable experiences.”

“We believe Securonix’s recognition by Gartner demonstrates our reputation as a leading solution in the security intelligence industry,” said Sachin Nayyar, CEO of Securonix. “We are glad to be leading the industry towards more intelligent and adaptive security solutions that are  not dependent on known threats. To combat risks from advanced targeted attacks and insider threats, companies require identity, activity, access, violations and business context or “intelligence” to be embedded in the fabric of every IT program. We will continue to leverage our comprehensive Threat and Risk Intelligence suite™ to serve our rapidly growing worldwide customer base and look forward to continued innovation in the industry

About Securonix

Securonix is the Security Intelligence Platform that identifies IT threats using advanced identity, access, and behavior analytics and scores the results in actionable business risk terms. Security, risk, and fraud management groups use Securonix to focus their IT risk, SIEM, IAM, DLP and fraud programs on the real and emerging threats by automatically identifying the highest risk users, resources, and activity. For more information, visit  http://www.Securonix.com or email info@securonix.com

About Gartner’s Cool Vendors Selection Process

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose[KW3]

Jim Griffiths from Yodel make an interesting presentation referring to the curse of ‘Security Theatre’ often being applied by many organisations.  The term was initial coined by information security leader Bruce Schneier, when referring to security counter measures that don’t actually reduce the threat per-se, but simply increase the feeling of being secure.  In today’s complex threat landscape and with many organisations facing a finite security budget, it could often be a short term solution to a long term threat.

Jamie Cowper of Verocode, spent some time discussing the often overlooked aspect of 3rd party library usage and open source application management.  Whilst many development programmes – both internal and external – reference open source libraries from a range of languages, many organisations often overlook the fact that they often contain numerous vulnerabilities that need identifying, managing and ultimately remediating.

Well re-knowned speaker Neira Jones, Head of Payment Security at Barclaycard, spent time to reference the recently published Verizon Data Breach Investigations Report.  With 855 incidents covering 174million compromised records, 2011 was a busy year.  Whilst BYOD has become a popular focus, it was startling to reference that 94% of all compromised data didn’t occur from mobile devices or laptops, but via servers.  Whilst ‘hacktivism’ was seemingly a large cause for concern, many hacktivist or external attacks rely heavily or pre-existing user accounts often held by trusted employees.

Alan Cottom from Stonesoft introduced the newer concept of AET – Advanced Evasion Techniques.  Whilst not to be confused with APT – Advanced Persistent Threat – AET, is more focused on the transport and conduit method a threat will use in order to infiltrate theprivate network.  AET’s are becoming more advanced as they attempt to circumvent late generation firewalls, IDS and IPS systems to delivery a threatening payload on to the trusted network, with great emphasis on perimeter threat reduction and analysis.

David Shore from Pfizer gave a fascinating insight into the world of fake prescription drug manufacture and how Pfizer are leveraging new approaches to identify and track suppliers of fake goods as well as educating the entire supply chain on how to avoid potential counterfeights.

Dave Evans from the UK Information Commissioners Office, provided an update on some of the recent changes to the DPA and how organisations are implementing ways to protect the privacy of personally held information.

The other two non-vendor related talks that caught the attention where by Darren Hepburn from UBS and Jitender Arora UK CISO at GE Capital.  Darren focused on the need for greater threat intelligence when it comes to analysing SIEM, activity and identity data.  He argued that by weaving in business and context data into the analysis process, it can become a lot clearer to reduce false positives and improve the identification of abnormal activities.  Jitender focused on the approaches many organisations use when it comes to social media and that simple policy changes are not enough.  Whilst social media is now all around us, from both a corporate and individual perspective, Jitender argued that a governance approach is often more productive.

Overall it was a great summit, with some interesting talks and great client networking.  It seems whilst 2011 was the year of the hacktivist and external cyber criminal, many organisations simply want better intelligence when it comes to threat management from both an internal and external perspective, reducing the noise whilst being able to focus every reducing resource to the areas of the highest risk.

A common view identified by Wall, was that many organisations simply view malicious insiders as ‘outsiders’ by proxy.  A malicious internal user is just the same as an external hacker and therefore the protection approach used for external attacks can simply be applied internally.  However, on reflection, this approach can be limiting.

Insider threat can arise from several areas, mainly the malicious and non-malicious activity.  The malicious user is a potentially a more identifiable threat, whereas a non-malicious user could simply be bypassing internal security policy through either ignorance or a willingness to perform and hit personal targets.  For example, the employee who sends files and documents to a personal email address to allow home working.  Or an employee who uses a work laptop to log into the corporate network.  Both are potentially damaging and vectors for data breaches, but from the employee’s perspective they’re simply attempting to improve their work performance.

Both examples could be a result of poorly aligned security policy however, which are restricting the true productivity of the worker via increased mobility, device usage and flexible hours.

Another form of non-malicious insider threat comes from the well known negligent employee.  Often associated with accidental data disclosure, negligent insiders are often responsible for things like USB device loss or laptop thefts, which many DLP solutions attempt to reduce, especially now as the 2010 cost of insider threat to an organisation rose to a new high of $7.2m according to the Ponemon Institute.

Malicious or non-malicious insider threat activity often has one thing in come – neither require the need to break rules or perform an extraordinary event.  Both can simply use legitimate access or accounts that they own or can use.  This can pose significant issues for analysts attempting to identify breaches, fraud or threatening use, as many transactions on the first level are legitimate.

The requirement for deeper intelligence and a more rounded multi-faceted approach to insider protection is now common, with many organisations attempting to model and profile insider activity to help identify abnormalities and exceptional usage.  By analysing access and activity exceptions, it can become easier to remove the noise often associated with attempting to track internal users.

Abnormal patterns and exceptions can be identified by comparing an employee with others who perform a similar role within the organisation, in order to help track usage changes or differing behaviour.  This approach to both the access a user has and the activities their perform, makes it easier to help find insider risk from both a malicious and non-malicious viewpoint.

A lot of the analysis is on who has access to what within the applications. Whilst this is a key component of access control management, it doesn’t entirely solve the issues associated with legitimate user access being used maliciously, either intentionally for a fraudulent act, or through poor policy application such as shared use.

Identifying insider misuse is often a complex affair. One of the key ways, is to use behaviour profiling to identify changes to user actions that may constitute a malicious act. There are two main ways this can be completed – firstly via historical analysis and secondly via peer analysis.

Historical analysis is the most obvious – track what an individual, team or application normally does based on what has happened in the past. This process is used throughout nature and our professional lives in general. If you feel unwell, the doctor’s first analytical step is to often check observations against an historical norm for example. But what if you’ve been getting gradually unwell over a period of several months or years?

Historical analysis of access transactions is a powerful tool not to be discounted. However, if a malicious user was implementing a long term fraudulent act they may want to try and obfuscate their actions by slightly altering their behaviour over a period of time, in order to avoid suspicious. Slightly changing values, or seeing how far before an alert is triggered. This type of approach is often difficult to identify.

A way to overcome such as scenario, is to use peer analysis, by checking what other users are doing in the similar situation. Back to the doctor’s again – and with a potentially serious illness – the doctor is more likely to confer with normalised results from other patients to understand a true level of the situation. The same approach is applied to user activities.

By comparing a users actions against those performing a similar role, it can become clearer as to whether a user is performing an activity outside of a normal threshold.

A snow flake looks beautiful in isolation, but less so when compared to a billion others in a blizzard.

The main keynotes brought some insightful thoughts, with some themes on interconnectedness and the obvious concern around Bring Your Own Device to work.

Arthur Coveillo (EVP at RSA) delivered a talk focusing on trust in an inter-connected world. Phrasing Mick Jagger with you “can’t always get what you want”, he commented that while the internet is trust worthy ‘enough’, it is natural to see increased attacks on resources and services that become more popular. Information is the digital currency in 2012 and the internet is the bed rock for all we do. From shopping and health care, to food ordering and professional services, the internet has a hand in it all. A key mention again, was the concept of ‘intelligence’, by focusing on layered horizontal security solutions as opposed to silo’d point fixes.

Enrique Salem (CEO Symantec) performed a well commented and interesting talk on the ‘digital native’. The ‘digital native’ can generally be described as being born in the late 80′s / early 90′s (generation Z) and is known for digital multitasking, or to phrase Salem, running with ‘continuous partial attention’. The focus on being always connected is not new, but the native doesn’t generally see themselves as being ‘connected’ to anything at all. Instead, the internet is omnipresent with all devices, services and information flow being continually on, with the consumer in the centre. Not being connected is akin to someone losing their wallet or house keys, rendering them useless and unable to contribute. A big danger point is the blurring between the work and non-work landscape. This seemingly not only applies to things like data, email and the like, but also the digital native’s own personal identity, which is perhaps more subtle and dangerous.

The digital native is a great example of the need for more developed intelligent monitoring surround user access and activities in being able to track for altered behaviour with the blurring of personal and business transactions.

Stuart McClure (CTO McAfee) gave an insightful view on ‘securing the un-securable’. He came up with the oxymoron of things that are described as ‘unbreakable’ are generally the first things that are hacked. He described how 2011 saw the concept of ‘why would we be hacked?’ become redundant, with many organisations and industries, being breached when previously seen as safe havens. The engaging talk went on to try and focus the understanding of threat management as a complex taxonomy of many different actors, targets and motivations. He preceded with a great live demo (who does live demo’s these days?) showing the potential threat associated with wireless insulin distributors for diabetes sufferers. He reiterated the need for multi-layered protection at all levels, with a focus on white-listing.

2011 was seemingly an unpredictable year from an information security perspective, with continuing threats from a cyber landscape with renewed attacks from an insider fraud and malicious employee perspective.

2012 looks like the year for intelligence, by removing the noise from the continual alerting, in order to drive home efficiency savings on risk response and by focusing on the key components that threaten the corporate landscape.