It’s down to the final weeks for Call for Speakers (C4S) proposal submissions for the RSA Charge 2017 event.
If you are still on the fence, time is running out but there are some helpful aids to get you started. First, check out the webinar replay of ‘What You Should Know Before Submitting Your Proposal’ and then use the Offline Submission Form (for practice) before submitting your proposal using the Online Submission Form. There’s also FAQs to help you before submitting your proposal.
The Tracks include:
You may also check out the complete RSA Charge 2017 Session details.
All of the information to help you submit your proposal can be found on the RSA Charge 2017 microsite, including Charge registration information – though RSA Charge ‘Speakers’ receive a complimentary pass to the Charge event – another solid reason to submit!
Even if you are not considering submitting a presentation proposal, we encourage you to attend this premier event; save $300 with the Early Bird Discount through June 30.
See you in Dallas!
As you know, starting late Thursday and hitting mainstream over Mother’s Day there is a current outbreak of a ransomware threat known as “WannaCry” or “Wanna Decryptor”. Ransomware attacks like “WannaCry” are meant to be very visible in order to pressure the victim to pay the ransom. The scale of this attack, together with this specific ransomware family, is unique in that it has worm-like capabilities leveraging an exploit against vulnerable Microsoft Windows® operating systems. This exploit was recently made publicly available and appears to be associated with the “Shadowbrokers” release of nation state hacking tools. As of 5/15/2017 at 1pm ET, the associated income achieved is less than $50k the best we can estimate, less than 150 individuals or businesses impacted that were willing to pay.
While details are still emerging, RSA believes it follows a typical attack pattern where a malicious link is delivered through email as part of a phishing scam, whereby the malware installs itself. The malware can spread rapidly when an already infected computer is able to locate additional open and vulnerable computers with outbound internet connections. This malware can travel quickly through an internal network as a result of a core Windows networking function exploit. Microsoft issued a patch for this vulnerability under advisory (MS17-010).
The vulnerability exploited in this attack was made public in September, 2016. Microsoft released a patch in March, 2017. If an organization looks at their enterprise risk management with proper cyber hygiene, they may not have been vulnerable to this attack.
While mitigating attacks like this, which include host blocking, a robust backup strategy and comprehensive patch management, IT leaders should also be mindful that because of Microsoft’s patch support policy, any organization still running Windows XP, Windows 8 or Windows Server 2003 remain at high risk. Microsoft has issued specific guidance for this attack, which can be found here. This is not a new phenomenon and like in most major attacks, resistance is achieved with disciplined patching hygiene.
This latest wave of ransomware continues a trend with this popular attack method. Attackers are shifting away from stealing information for profit, rather taking advantage of the fact that data is critical to its victims for daily business operations.
While we continue to monitor and validate, at this time there appears to be no impact to the internal networks of any of the major Dell Technologies networks.
Individual alerts have been sent to clients using specific products. Because many clients leverage Microsoft OS and products as underlying components of RSA Products, there is a risk they could be impacted. That said, the actual product applications that RSA distributes are not impacted.
You may be asking how RSA can help. First, recognize that ransomware threats, by design, are noisy and are obvious to the infected victim … this is part of the criminal’s objective and business model. RSA NetWitness® Suite is designed to help identify and provide visibility into a ransomware attack – but as part of this attack method, the victim organization’s data is being encrypted by the malware. This is the same for any advanced threat detection and response technology platform.
From a risk perspective, RSA Archer is designed to help automate risk management, prioritizing activities to reduce risk (i.e. Vulnerability Risk Management) to mission-critical systems, and consistently and effectively manage an actual incident.
From an investigation and readiness standpoint, RSA can provide strong visibility and expertise, helping users to reconstruct, analyze, and understand the attack for current and future identification of ransomware behavioral indicators and operational performance optimization. Analysts within Security Operations Centers (SOC) can see suspicious activities such as lateral movement of infected systems, and/or attempts to infect workstations and other network and critical business assets to more readily determine the overall operational, business continuity, governance, regulatory and compliance impact of the attack to their business. Lastly, RSA can help security programs and IT operational functions see the last known good state of the workstation to understand when the incident first began in order to measure “dwell time”, determine SOC visibility and detection, gaps and remediation requirements as well as the ability to restore from known good backup. This can help limit data loss and reduce the prospect of paying ransom to the attackers.
In a large-scale attack like this, expertise and experience in readiness, response, resilience and business risk management is imperative. RSA can help organizations in their response and readiness efforts and programs. These attacks can be contained and preemptive efforts can be taken to block similar attacks from occurring in the future, minimizing the impact and scale of ransomware campaigns.
For a deeper dive on using RSA Netwitness to improve you visibility and make decisive steps to reduce the impact on your environment, see WannaCry from the RSA NetWitness Suite's Perspective and Blocking WannaCry with Netwitness Endpoint.
Here are some additional resources if you’d like to learn more about the attack.
New attacks are often followed by attack variants that use a similar infection vector with minor changes to bypass common defenses such as port and allowed path blocking. As such, four broad predictions:
While newsworthy and certainly impacting organizations, the underlying issue for WannaCry is patch hygiene. Understanding the IT investments needed to be able to upgrade applications tied to OS changes (i.e. config, patches, etc.) must be a focus for organizations to better improve vulnerability to patch to deployment. Understanding major newsworthy hacking event, can reveal defensive commonalities that can have broad, risk reducing impacts to the organization short and long term.
RSA’s Business-Driven Security solutions uniquely link business context with security incidents to help organizations manage risk and protect what matters most. The RSA Risk and Cybersecurity Practice, our expert professional services team, help organizations identify, assess, and close the gaps; and take command of their evolving security posture. Feel free to contact RSA for further detail or assistance.
Pretty informal post here- I just finished troubleshooting an issue with AFX at a client site. It's an error I've seen before and wanted to give a shout out because others are likely to run into it as well.
They were having issues with the server not fully starting up. In the mule_ee.log file, there was a complaint about "address already in use".
This is an error I've seen before, and it's because SPLUNK uses port 8089 as one of it's defaults, which AFX also requires for web service asynchronous callback functionality.
The easiest way to get around this issue is to modify /home/oracle/AFX/esb/lib/user/afx-config.properties, and modify the afx.async.callback.port parameter to a port that's not in use by the system.
I do think it'd be a good idea to get a callout in our install guide, knowing that splunk is a pretty common service to have running on a server, but wanted to get something out there in case it helps someone.
Join more than 2,000 security, risk and compliance professionals at the premier Business-Driven Security event, RSA Charge 2017. This year’s event will be held Oct. 17-19 in Dallas at the Hilton Anatole Hotel.
This is your opportunity to network with RSA customers, partners, and industry experts while discovering how to implement a Business-Driven Security strategy in an increasingly uncertain high-risk world.
RSA University will also once again be offering condensed product-specific training courses beginning Monday, October 16 and on Tuesday, October 17, with information available soon on the RSA Charge microsite. Visit the microsite often to stay informed and maximize your experience at RSA Charge 2017.
Don’t miss this event - inspiring Keynotes, hands-on labs, strategic security sessions, technical deep-dives, and so much more; register today and save $300 with the Early Bird Discount through June 30.
See you in Dallas!