So it's been an interesting week at SLC Security. We have been doing many security notifications over the past few weeks and the number one reaction to put things in perspective is disbelief. One company that we previously reported on actually called us back in disbelief. From what we can gather they have been owned for quite some time but have failed to resolve the issue (and we are still seeing problems from their network).
We have been providing grace periods before we report the issues and it's funny because until we post information on a company nobody even cares. They ignore the notifications and then as soon as the post hits the blog they want to call in a panic when if they responded to our notifications in the first place we would have not posted the information in the first place.
Also here's the biggest issue. Many times we remove the post if requested if we feel that the company is doing something to resolve their issues but guess what happens 95% of the time? They get added to the blacklist and our system detects activity and we know that they are still vulnerable to the same issue that we attempted to notify them of in the first place. So what should a group of security professional volunteers to do? Do we let the public vulnerable? That's what most of these companies would like to see us do. No we simply block them in our blacklist and then it goes out to our clients and customers that subscribe to our feeds.
It's a shame really that these companies can make money off of the Internet yet they don't want to invest in a secure environment for their computing requirements. In fact the number one issue we see is that people just don't seem to care. They would rather deny that they have an issue or try and brush the activity under a rug. Well guess what? You can't stop foreign companies from calling you out and the blacklist are still showing a problem.
Here is what you should do. Hire us! We reported on issues at BCBS (2 months prior to them becoming public), we reported issues at JP Morgan Chase (prior to them acknowledging an issue). We all know the PR nightmares that were caused by these cases and there are a few others that we detected ahead of time. The reality here is that our subscriptions and solutions are way cheaper than the PR nightmare of actually having to disclose a breach so my suggestion is to consider the fact that we are detecting problems faster than some of the larger infosec companies out there and our technology is completely different than what is being used in a traditional security model.
It really makes you stop and wonder as in the case of one of the big breaches several other entities that were named never publicly disclosed any issues yet after the big breach notification we stopped seeing the malicious activity. Do you think it is possible that they decided to fix the issue and sweep it under the rug?
--
SLC Security Services LLC is a private intelligence company located in Raleigh, NC. The company has been making breach notifications to companies and organizations that are not customers in order to help protect clients that could be affected by security issues on their corporate networks. The company has been providing notifications with a 2 day grace period before posting the notifications.
SLC Security provides threat intelligence products that can be directly consumed by your IDS, Firewall and monitoring solutions. We also provide outsourced monitoring to companies that want to augment their security staff and do not want to have to hire expensive analyst in house. By outsourcing your monitoring you are allowing your security teams to fix problems while you leave the detection and notifications to our highly skilled analyst.
No comments:
Post a Comment