NitroSecurity, Inc., the leader in high-performance, content-aware security information and event management (SIEM) solutions, today introduced enhancements to its award-winning NitroConnect Partner Programme to further engage and empower value added resellers and systems integrators.

White House officials unveiled a series of initiatives designed to help implement information technology to the national power grid to make it smarter, more efficient and secure.

The National Science Technology Council outlined its plans to modernize the power grid in rural areas and to create a “smart grid innovation hub” in a report titled “Building the 21st Century Grid” released June 13. The hub will be a collaboration of federal researchers, companies and utility executives and will support research, development and deployments of smart grid technology.

NitroSecurity will be adding a new product to its industrial-control system SIEM (security information and event management) portfolio to securely manage smart grid deployments, Eric Knapp, the director of critical infrastructure markets for NitroSecurity, told eWEEK. The NitroView SIEM currently provides real-time visibility across both the business and SCADA (supervisory control and data acquisition) networks within energy utilities, according to Knapp. The new version will add support for devices, protocols and applications specifically used in intelligent distribution and metering on smart grids, Knapp said.

Iran had a fallout problem at two nuclear facilities last July, but it wasn't radiation that leaked. Rather, after the plants' computer systems were infected with a worm, later dubbed Stuxnet, fallout took the form of a dramatic shift in what cyberattackers are capable of and how they must respond.

This was clearly the opening salvo in what many suspect could be a new strategy in attacking an enemy. The worm, according to a Symantec report, exploited four zero-day vulnerabilities, compromised two digital certificates and injected code into the programmable logic controllers, or PLCs, of industrial control systems used to manage industrial environments – such as power plants, oil refineries and gas pipelines. The malware relayed instructions to the physical machinery that literally made the equipment blow a gasket.

"The continuing resolution represents a crisis at our doorstep," said Defense Secretary Robert M. Gates. One result, he said, is "inefficient, start-and-stop management" of the armed forces, with greater use of one- and two-month contracts, which are inherently inefficient.

The budget impasse has stalled contracts for companies like NitroSecurity, a cyber security concern that does work for the Defense Department, NASA and the Food and Drug Administration.

"We have been selected for additional contracts, but the money is in limbo because of the continuing resolution," said Kenneth R. Levine, chief executive of NitroSecurity.

An ambitious project to create a statewide cyber-alert "early warning" system in the state of Washington to link with the federal Department of Homeland Security (DHS) is starting to take shape and could be a cybersecurity monitoring model for other states.

The "Public Regional Information Security Event Management" system (PRISEM) is designed to offer an online early warning about everything from botnet incursions on compromised desktops to possible full-fledged cyber-attacks from terrorists. As now designed, PRISEM will use customized security and information event management (SIEM) equipment from NitroSecurity that's being kept at the University of Washington's Applied Physics Lab where researchers will assist on the project, says Michael Hamilton, CISO of Seattle.

PRISEM is intended to be a central security-event and analysis point to aggregate real-time log and event information. Such alerts would be generated from local and state agency networks — and possibly private companies — and offer an early warning system for possible cyber-attacks or botnet activities. DHS would be kept in the loop on PRISEM's security findings.

The NitroGuard Intrusion Prevention System (IPS) device is an intelligent packet-filtering system that detects sophisticated network intrusion attempts and actively records and/or stops such attempts. The NitroView Enterprise Security Manager or Enterprise Security System (ESM/ESS) is the central point of administration and configuration. The ESM/ESS allows network administrators to keep all configuration settings, user and access group profiles, and event and flow data in a single location. These two components are part of a full unified security management system. However, we only evaluated the ESM and the NitroGuard Intrusion Prevention System in a standalone deployment. The intrusion prevention appliance actively detects, analyzes and protects the network from an array of security threats, including viruses, worms, spyware, denial-of-service (DoS) attacks, and other forms of malware, as well as unknown or zero-day attacks.

The user interface is one of the more attractive interfaces I have used. There are user-configurable views on the dashboard, and tools, options and a tree-based selector for managed appliances are all within a couple of clicks of where one needs to be. Reporting is strong, with built-in reporting templates available, including compliance reporting. One also has the ability to design custom reports. Also new to this release is a "what if" alert action. As an added benefit, the product is both FIPS and Common Criteria certified. Read More

Each year businesses spend billions of dollars on securing their networks from outside intruders, yet we continue to hear of personal data being compromised. Given the multitude of network security tools available today, how can this happen?

Companies may implement a firewall to block outside traffic from getting in, along with an anti-virus program, limit network access and consider security to be addressed. While there is no doubt that this is a great first step to securing a company's network, much more must be addressed.

News Facts:

• Emerging Threats Pro, the most comprehensive intrusion prevention solution available, and NitroSecurity, the leader in high-performance, content-aware security information and event management solutions (SIEM), today announced a technology partnership to share threat intelligence and research.
• In today's IT environment, new malware threats are emerging so rapidly that security solutions are struggling to keep pace. Information is the key component of any defense against new attacks and this partnership provides each company with greater access to the intelligence needed to thwart emerging attacks. By sharing threat intelligence, rules and research, Emerging Threats and NitroSecurity will enhance their view of the evolving IT threat landscape.
• Emerging Threats Pro and NitroSecurity customers will benefit from the research of both organizations and the unique capabilities each team brings to the industry.
• NitroSecurity and Emerging Threats will share research and combine rulesets to allow both organizations to offer a more complete and more effective security solution to their clients.
• Emerging Threats Pro is an open source IDS/IPS ruleset, which combines the best of the Emerging Threats open source community, along with an experienced, full-time research team, and the industry-leading Telus vulnerability and malware research to cover the full range of threats facing security professionals today.
• It is the only ruleset available today that supports Suricata and all versions of Snort back to 2.4.
• NitroSecurity is a leading cybersecurity and compliance management company that develops the industry's fastest and most scalable analytical tools to gather and analyze information on security threats in real time. This allows its customers to stay updated on potential attacks while fulfilling stringent regulatory requirements.

As the line between securely hosted and controlled enterprise applications and cloud-based applications continues to blur, there's more "legitimate" traffic between corporate networks and the Internet than ever before. This opens up new vectors for attack by hackers and cybercriminals as more traffic types are allowed through corporate firewalls. The result is an increase in diversity of covert command and control channels, which hide inside legitimate traffic in order to bypass perimeter security. These C&C channels, used by malware ranging from simple spambots to more sophisticated rootkits, vary in the maliciousness of their intent from casual hacking all the way to advanced persistent threats (APT) and industrial espionage.

How can you detect these covert conduits, and what do you do if you find one? There's no easy way, but there are proven methods that help. The first is to fully understand what is really going on in your network, so that you can best utilize security automation and event analysis tools. What often prevents this is a lack of deep understanding about how enterprise systems actually behave, and then incorporating that baseline information into the tools that are available for use in threat detection. Read More

I spoke with SIEM vendor NitroSecurity yesterday to hear about what would normally be a low visibility announcement. NitroSecurity announced that it will support OSIsoft's PI system, a data historian program for industrial control systems. With this integration, NitroSecurity's SIEM platform (NitroView)can log, analyze, and correlate security events across IP and serial-connected industrial control devices.

If this news came 6 months ago, I would have listened politely, hung up the phone, and then quickly forgotten everything I heard. Stuxnet changed all this. Stuxnet provides a real-world example of malware specifically intended to infect, propagate, and potentially disrupt a control network. Some analyst believe that this has already happened -- Stuxnet may have caused damages leading to a delay in the launch of Iran's nuclear power plant at Bushehr. Read More