Announcing the Full Keynote Panelist Lineup at Gigaom Change fifianahutapea.blogspot.com

Gigaom Change 2016 Leader’s Summit is just one week away, September 21-23 in Austin. The event will take place over two and a half days of keynote panels with a lineup of speakers that are visionaries making R&D and proof of concept strategic investments to bring concept to reality, forging multi-billion dollar companies along the way.

Three top industry experts in the following industries will highlight the current impact these innovations are having, then pivot toward what will be possible in the future: Robotics, AI, AR/VR/MR, Human-Machine Interface, Cybersecurity, Nanotechnology and 3D+ Printing.

Keynote panelists include leading theorists and visionaries like Robert Metcalfe, Professor of Innovation, Murchison Fellow of Free Enterprise at the University of Texas; Rob High, IBM Fellow, Vice President and CTO, IBM Watson. It also includes practitioners who are actively implementing these technologies within companies; like Shane Wall, CTO and Global Head HP Labs; Melonee Wise, CEO Fetch Robotics; Stan Deans, President of UPS Global Logistics and Distribution; and Rohit Prasad, Vice President and Head Scientist, Amazon Alexa. We will hear from Sapient about AI, IBM about nanotech, Softbank about robots and a wide range of other innovators creating solutions for visionary enterprises.

We couldn’t be more excited to introduce you to the full lineup of this extraordinary group.

Our opening night keynote speaker will be internet/ethernet pioneer Robert Metcalfe, Professor of Innovation, Murchison Fellow of Free Enterprise at The University of Texas.

Speaking on the VR/AR/MR panel is Jacquelyn Ford Morie Ph.D., Founder and CEO of All These Worlds LLC and Founder & CTO of The Augmented Traveler Corp. Dr. Jacquelyn Ford Morie is widely known for using technology such as Virtual Reality to deliver meaningful experiences that enrich people’s lives.

Discussing the subject of robotics is Rodolphe Gelin, EVP Chief Scientific Officer, SoftBank Robotics. Gelin has worked for decades in the field of robotics, focusing primarily on developing mobile robots for service applications to aid the disabled and elderly. He heads the Romeo2 project to create a humanoid personal assistant and companion robot.

On the artificial intelligence panel, Manoj Saxena, Executive Chairman of CognitiveScale and a founding managing director of The Entrepreneurs’ Fund IV, a $100m seed fund, will address the cognitive computing space.

Speaking on the subject of nanotechnology is Dr. Heike Riel, IBM Fellow & Director Physical Sciences Department, IBM Research. Dr. Riel’s work focuses on advancing the frontiers of information technology through the physical sciences.

Addressing human-machine interface is Mark Rolston, Cofounder & Chief Creative Officer, argodesign. Mark Rolston is a renowned designer who focuses on groundbreaking user experiences and addresses the modern challenge of design beyond the visible artifact – in the realm of behavior, the interaction between human and machine, and other unseen elements.

Discussing the subject of artificial intelligence is Rob High, IBM Fellow, Vice President and Chief Technology Officer of IBM Watson. Rob High has overall responsibility to drive Watson technical strategy and thought leadership.

Addressing nanotechnology is Dr. Michael Edelman, Chief Executive Officer of Nanoco. Through his work with Nanoco, Dr. Edelman and his team have developed an innovative technology platform using quantum dots that are set to transform lighting, bio-imaging, and much more.

As CEO of Fetch Robotics — delivering advanced robots for the logistics industry — Melonee Wise will speak to the state of robotics today and the need and potential for the entire industry to transform to meet demand for faster, more personalized logisitics/ops delivery using “collaborative robotics”.

As Chief Technology Officer and Global Head of HP Labs, Shane Wall drives the company’s technology vision and strategy, new business incubation and the overall technical and innovation community. Joining our 3D+ Printing panel, Wall will provide real insights into how 3D+ printing is going to transform and disrupt manufacturing, supply chains, even whole economies.

Taking a place on the Human-Machine interface panel is David Rose, an award-winning entrepreneur, author, and instructor at the MIT Media Lab. His research focuses on making the physical environment an interface to digital information.

Joining the 3D+ Printing panel is Stan Deans, President of UPS Global Logistics and Distribution. Deans has been instrumental in building UPS’s relationship with Fast Radius by implementing its On Demand Production Platform™ and 3D Printing factory in UPS’s Louisville-based logistics campus. By building this disruptive technology into its supply chain models, UPS is now able to bring new value to manufacturing customers of all sizes.

Addressing human-machine interface is Rohit Prasad, Vice President and Head Scientist, Amazon Alexa, where he leads research and development in speech recognition, natural language understanding, and machine learning technologies to enhance customer interactions with Amazon’s products and services.

Joining our AR/VR/MR panel, Liam Quinn is VP, Senior Fellow & CTO for Dell, responsible for leading the development of the overall technology strategy. Key passions are xReality where Quinn drives the development and integration of specific applications across AR & VR experiences, as well as remote maintenance, gaming and 3D applications.

Niloofar Razi is SVP & Worldwide Chief Strategy Officer for RSA. As part of the Cybersecurity panel she brings more than 25 years experience in the technology and national security sectors, leading corporate development and implementation of investment strategies for billion dollar industries.

Michael Petch is a renowned author & analyst whose expertise in 3D+ printing will bring deep insights to advanced, additive manufacturing technologies on our Nanotechnology panel. He is a frequent keynote speaker on the economic and social implications of frontier technologies.

Josh Sutton is Global Head, Data & Artificial Intelligence for Publicis.Sapient. As part of the AI panel Josh will discuss how to leverage established and emerging artificial intelligence platforms to generate business insights, drive customer engagement, and accelerate business processes via advanced technologies.

Joining our AR/VR/MR panel is Melissa Morman, Client Experience Officer, BuilderHomesite Inc. Morman is a member of the original founding executive team of BHI/BDX (Builders Digital Experience) and advises top executives in homebuilding, real estate, and building products industries on the digital transformation of their business.

Joining our Cybersecurity panel is John McClurg, VP & Ambassador-At-Large, Cylance. McClurg was recently voted one of America’s 25 most influential security professionals, sits on the FBI’s Domestic Security (DSAC) & National Security Business Alliance Councils (NSBAC), and served as the founding Chairman of the International Security Foundation.

Speaking on our Cybersecurity panel is Mark Hatfield, Founder and General Partner of Ten Eleven Ventures, the industry’s first venture capital fund that is focused solely on investing in digital security.

Speaking on our robotics panel is Mark Halverson, CEO of Precision Autonomy whose mission is to make unmanned and autonomous vehicles a safe reality. Precision Autonomy operates at the intersection of Artificial Intelligence and Robotics employing crowdsourcing and 3 dimensional augmented reality to allow UAVs and other unmanned vehicles to operate more autonomously.

Special guest James V Hart, is an award-winning and world-renowned Hollywood screenwriter whose film credits include Contact, Hook, Bram Stoker’s Dracula, Lara Croft: Tombraider, August Rush, Epic and many more projects in various stages of development, including Kurt Vonnegut’s AI fueled story Player Piano. With us he’ll discuss the impact of storytelling on how we’ve formed our views of the future.

---

Gigaom Change 2016 Leader’s Summit is just one week away, September 21-23 in Austin, but there are still a few tickets available for purchase. Reserve your seat today.

Easy Way to Download

Fluke briefing report: Closing the gap between things and reality fifianahutapea.blogspot.com

The Internet of things is great, right? I refer the reader to the vast amount of positive literature that is washing through the blogosphere, no doubt being added to even as I write this. At the same time, plenty of people are pointing out the downsides — data security for example, more general surveillance issues or indeed the potential for any ‘smart’ object to be hacked.

All well and good, in other words it’s a typical day in techno-paradise. But the conversation itself is skewed towards the ability to smarten up — that is, deliver new generations of devices that have wireless sensors built in. What of the other objects that make up 98% (I estimate) of the world that we live in?

Enter companies such as Fluke, which earned its stripes over many years of delivering measurement kit to engineers and technicians, from multimeters to higher-end stuff such as thermal imaging and vibration testing. While such companies might not have a high profile outside of operational circles, they are recognising the rising tide of connectedness and doing something about it in their own domains.

In Fluke’s case, this means manufacturing plants, construction sites and other places where the term ‘rugged’ is a need to have, not a nice to have. Such sites have plenty of equipment that can’t simply be replaced with a smarter version, but which nonetheless can benefit substantially from remote measurement and management.

The current consequence, Fluke told me in a recent briefing about their let’s connect-the-world platform (snappily titled the “3500 FC Series Condition Monitoring System”), is that failures are captured after the event. “We have more than 100,000 pieces of equipment and the reliability team can only assess so many. We’ve never been able to have maintenance techs collect data for us, until now,” reports a maintenance supervisor at one US car manufacturer.

That Fluke are upbeat about the market opportunity nearly goes without saying — after all, there really is a vast pool of equipment that can seriously benefit from being joined up — but the point is, the model goes as wide as there are physical objects to manage. And equally there’s a ton of companies like Fluke that are smartening up their own domains, making a splash in their own jurisdictions. Zebra’s smart wine rack may just have been a proof of concept, but give it five years and all wine lovers will have one.

Inevitably, there will be a moment of shared epiphany when all such platforms start integrating together, coupled with some kind of Highlander-like fight as IoT integration and management platforms look to knock the rest out of the market. I’m reminded of the moment, back in the early 90’s, when telecoms manufacturers adopted the HP OpenView platform en masse, leading to possibly the dullest Interop Expo on record.

Yes, the future will be boring, as we default to using stuff that we can remotely monitor and control. As consumers we may still like using ‘dumb stuff’ but for businesses that interface with the physical world, to do so would make no commercial sense. Equally however, such a dull truth will provide a platform for new kinds of innovation.

I could postulate what these might be but the Law of Unexpected Consequences has the advantage. All I do know is, it won’t be long at all before what is seen as exceptional — the ability to monitor just about everything — will be accepted as the norm. At that point, and to make better use of one of Apple’s catchphrases, everything really will be different.

Easy Way to Download

Welcome to the Post-Email Enterprise: what Skype Teams means in a Slack-centered World fifianahutapea.blogspot.com

Work technology vendors very commonly — for decades — have suggested that their shiny brand-new tools will deliver us from the tyranny of email. Today, we hear it from all sorts of tool vendors:

• work management tools, like Asana, Wrike, and Trello, built on the bones of task manager with a layer of social communications grafted on top
• work media tools, like Yammer, Jive, and the as-yet-unreleased Facebook for Work, build on social networking model, to move communications out of email, they say
• and most prominently, the newest wave of upstarts, the work chat cadre have arrived, led by Atlassian’s Hipchat, but most prominently by the mega-unicorn Slack, a company which has such a strong gravitational field that it seems to have sucked the entire work technology ecosystem into the black hole around its disarmingly simple model of chat rooms and flexible integration.

Has the millennium finally come? Will this newest paradigm for workgroup communications unseat email, the apparently undisruptable but deeply unlovable technology at the foundation of much enterprise and consumer communication?

Well, a new announcement hit my radar screen today, and I think that we may be at a turning point. In the words of Winston Churchill, in November 1942 after the Second Battle of El Alamein, when it seemed clear that the WWII allies would push Germany from North Africa,

Now this is not the end. It is not even the beginning of the end. But it is, perhaps, the end of the beginning.

And what is this news that suggests to me we may be on the downslope in the century-long reign of email?

Microsoft is apparently working on a response to Slack, six months after the widely reported termination of discussions of acquisition. There has been a great deal of speculation about Microsoft’s efforts in this area, especially considering the now-almost-forgotten acquisition of Yammer (see Why Yammer Deal Makes Sense, and it did make sense in 2012). However, after that acquisition, Microsoft — and especially Bill Gates, apparently — believed they would be better off building Slackish capabilities into an existing Microsoft brand. But, since Yammer is an unloved product inside of the company, now, the plan was to build these capabilities into something that the company has doubled down on. So now we see Slack Teams, coming soon.

Microsoft may be criticized for maybe attempting to squish too much into the Skype wrapper with Skype Teams, but we’ll have to see how it all works together. It is clear that integrated video conferencing is a key element of where work chat is headed, so Microsoft would have had to come up with that anyway. The rest of the details will have to wait for actual hands on inspection (so far, I have had only a few confidential discussions with Microsofties).

My point is that we are moving into a new territory, a time where work chat tools will become the super dominant workgroup communications platform of the next few decades. This means that the barriers to widespread adoption will have to be resolved, most notably, work chat interoperability.

Most folks don’t know the history of email well enough to recall that at one time email products did not interconnect: my company email could not send an email to your company email. However, the rise of the internet and creation of international email protocols led to a rapid transition, so that we could stop using Compuserve and AOL to communicate outside the company.

It was that interoperability that led to email’s dominance in work communications, and similarly, it will take interoperability of work chat to displace it.

In this way, in the not-too-distant future, my company could be using Slack while yours might be using Skype Teams. I could invite you and your team to coordinate work in a chat channel I’ve set up, and you would be able to interact with me and mine.

If the world of work technology is to avoid a collapse into a all-encompassing monopoly with Slack at the center of it, we have to imagine interoperability will emerge relatively quickly. Today’s crude integrations — where Zapier or IFTTT copy new posts in Hipchat to a corresponding channel in Slack — will quickly be replaced by protocols that all competitive solutions will offer.

We’ll have to see the specifics of Skype Teams, and where Facebook at Work is headed. Likewise, all internet giants — including Apple, Google, and Amazon — seem to be quietly consolidating their market advantages in file sync-and-share, cloud computing, social networks, and mobile devices. Will we see a Twitter for Work, for example, after an Amazon acquisition? Surely Google Inbox and Google+ aren’t the last work technologies that Alphabet intends for us?

But no matter the specifics, we are certainly on the downslopes of the supremacy of email. We may have to wait an additional 50 years for its last gasping breath, but we’re now clearly in the chat (and work chat) era of human communications, and there’s no turning back.

Easy Way to Download

Is There Life After Dell? SonicWALL Thinks So! fifianahutapea.blogspot.com

When SonicWALL was acquired by Dell back in 2012, many wondered how SonicWALL would fare under the auspices of industry giant Dell. That said, SonicWALL managed to maintain market share in its core SMB business sector, and start making inroads in to the large, distributed enterprise sector. Nonetheless, when Dell decided to sell off its software assets, along with SonicWALL to private equity firms, many began to wonder once again what that meant for SonicWALL.

SonicWALL provided the answers to those queries at the company’s PEAK 2016 event, which was held last week in Las Vegas. The primary topics of discussion focused on applying SonicWALL technology and what the future holds for SonicWall, its partners and customers.

Along with the requisite product announcements, SonicWALL also hosted several educational sessions bringing cloud security to the forefront of partners’ minds, as well as the challenges created by the ever growing IoT infrastructure spreading through enterprises today.

SonicWALL offered a strong message that there is life after Dell, and that the company will thrive and grow despite the forced separation from Dell. For example, SonicWALL is in the process of strengthening the company’s channel programs to better support both its partners and end customers. What’s more, the company also announced its Cloud GMS offering, which is aimed at simplifying management, enhancing reporting, and reducing overhead. What’s more, Cloud GMS brings cloud based management, patching and updating to the company’s army of partners, providing them with a critical weapon in the battle against hosted security vendors, and those plying “firewalls in the cloud” as a means to an end.

The importance of the forthcoming Cloud Global Management System (GMS) cannot be understated. SonicWALL aims to eliminate the financial, technical support and system maintenance hurdles that are normally associated with traditional firewalls, transforming what was once an isolated security solution into a cloud managed security platform. A capability that will prove important to both customers and partners.

For partners, Cloud GMS brings a unique, comprehensive, low cost monthly subscription to the table, which is prices out based upon the number of firewalls under management. That ideology will allow partners to become something akin to a hosted services security provider, shifting customer expenses to OpEx, instead of CapEx.

SonicWALL Cloud GMS solution Offers:

• Governance: Establishes a cohesive approach to security management, reporting and analytics to simplify and unify network security defense programs through automated and correlated workflows to form a fully coordinated security governance, compliance and risk management strategy.
• Compliance: Rapidly responds and fulfills specific compliance regulations for regulatory bodies and auditors with automatic PCI, HIPAA and SOX reports, customized by any combination of auditable data.
• Risk Management: Provides ability to move fast and drive collaboration and communication across shared security framework, making quick security policy decisions based on time-critical and consolidated information for higher level security efficacy.
• Firewall management: MSPs will be able to leverage efficient, centralized management of firewall security policies similar to on-premises GMS features, including customer sub-account creation and increased control of user type and access privilege settings.
• Firewall reporting: Real-time and historical, per firewall, and aggregated reporting of firewall security, data and user events will give MSPs greater visibility, control and governance while maintaining the privacy and confidentiality of customer data.
• Licensing management: Seamless integration between GMS and MySonicWALL interfaces will allow users to easily and simply log into Hosted GMS to organize user group names and memberships, device group names and memberships, as well as adding and renewing subscriptions and support.

 

Easy Way to Download

Work Processing: Coming soon to a ‘Doc’ near you fifianahutapea.blogspot.com

Easy Way to Download

Book review: Silicon Collar: an optimistic perspective on humans, machines and jobs fifianahutapea.blogspot.com

A dilemma lurks in the pages of Vinnie Mirchandani’s book on the future of work. “The interviews I conducted show practitioners in a wide array of industries using technology to improve productivity and product quality. They were pragmatic and generally optimistic,” he says. “I also found a contrasting sense of pessimism in the academic and analyst world about ‘jobless futures.’ ”

As one in the “academic and analyst” community who finds himself in an apparent minority, I jumped at the opportunity to read what optimism Mirchandani had to offer. Truth be told, there’s plenty of it for a relatively simple, yet profound reason: that humanity across the globe sees little reason to give up some of the things that it sees as valuable.

A salutary tale comes from the world of sport — basketball, specifically, where teams such as California’s Golden State Warriors are using every technology they can get their hands on to monitor performance in training and during games, to detect and pre-empt injuries, to plan seasons and indeed, careers for players.

Of course, technology can only take things so far: as comments Kirk Lacob, Assistant General Manager for the Warriors, “The reality is that we can’t influence results completely—and we are a results business. But if we can push and pull the probabilities, we can hope to have a better outcome.” So, yes, technology can augment our capabilities without detracting from them.

But beyond this is a broader picture, about humanity’s relationship with sport. We can argue that it ain’t what it used to be, when kids with sneakers would throw hoops in some godforsaken, dusty back lot. Equally however, however augmented and scientific it becomes, it remains a bunch of people with a ball. For reasons beyond anyone’s ken, that remains interesting.

The same principle can be applied to so many domains, from wine growing to white collar areas such accountancy. Yes, of course many jobs can be automated — not least the 3 D’s of dull, dirty, and dangerous such as in garbage collection or construction. And it is an open goal of a debating point to say that people in these positions might require some kind of retraining.

But are we, as suggests Vivek Wadhwa, Fellow at the Rock Center for Corporate Governance at Stanford University, heading towards a catastrophe? “We won’t be able to retrain the workers who lose today’s jobs. They will experience the same unemployment and despair that their forefathers did,” he suggests, arguing against the notion of a luddite fallacy.

Such ’despair’ is inevitable, a consequence of the technology-driven income and value disparity that looms in the near distance argue many. Others suggest that such dystopian views are cyclic: “About every 50 years, almost like clockwork, we have the collective experience that the sky is falling. Nothing could be further from the truth,” says analyst Denis Pombriant.

Building on this theme, Mirchandani chooses to look to the past to help understand the future. Citing the Law of Unintended consequences, he makes the point that while we do not know what the jobs will be, there will be plenty of them — “Review FastCompany’s projection of jobs in the next decade to include Urban Farmers, Neuro-Implant Technicians and Virtual Reality Experience Designer,” he says.

There’s a deeper point in the book, that goes way beyond a pantomime “Oh yes there will, oh no there won’t” argument. Simply put (though it is explored in detail), it is that technology doesn’t cause inequality, but exploitation does. As new ways of working become possible, we owe it to ourselves to ensure that they are delivered to serve the many, not the few.

There’s enough in this thoroughly researched and readable book to back the view that automation can sit alongside artisanship, to coin a phrase, both are ‘better together’. Beyond this however, it is the exploitation argument which I found most compelling, and most needy to be addressed by policy and governance. We will only have a bright future for work if we choose to make it so, or, as the commenter Kirby suggests on one of my previous articles, “Humans will have much bigger problems on their hands than worry[ing] about having a job.”

P.S. In the course of reviewing this book, I discovered my article above was mentioned. Which was nice.

Easy Way to Download

Counteracting APTs with a Fine-tuned SIEM Solution fifianahutapea.blogspot.com

Even though not a prevailing type of cyber attacks, advanced persistent threats (APTs) are definitely the most devastating ones. Just like a sudden volcano eruption that’s been  slowly surging underneath, an ATP may stay invisible for many months but finally result in serious financial damage, ruining companies’ reputation and even lead to human victims as it happened after the scandalous Ashley Madison data breach.

The annual cyber threat report M-Trends 2016 by Mandiant stated that the average number of days in 2015 during which organizations were compromised before they discovered the breach (or were notified about the breach) was 146. To make things even worse, security specialists reveal the majority of APTs by accident, which means that APTs’ real lifecycle is limited only by the power of vigilance. So is the battle with APTs really a matter of luck? Or is there anything to detect them before they wreck an organization’s assets?

Why are traditional tools no good?

With APTs, you may think that organizations are too much negligent about their security and take inadequate security measures. In reality, targeted entities usually adopt the whole range of security tools from standard firewalls and antiviruses to sophisticated anti-malware products. The problem is that these traditional tools aren’t able to withstand an APT attack, leaving a great number of blind spots in an enterprise’s infrastructure.

For example, firewalls as an essential part of network security can close unnecessary ports and block unsolicited incoming network traffic. Their advanced versions can even partially protect against DDoS attacks. But they definitely can’t detect malicious users, analyze packets containing malware and obviously they cannot deal with attacks that don’t go through them. Due to traditional firewalls’ limited functionality, most organizations supplement them with intrusion prevention systems (IPS) that allow to examine network traffic flows, detect and prevent vulnerability exploits. However, IPS also have their limitations as they are helpless against client-side application attacks. 

Moreover, managing an array of security tools is difficult and costly, as you need to acquire multiple software licenses and hire specialists to deal with each particular piece of software. It’s also impossible to manually correlate data from multiple systems in order to detect and respond to proliferating attacks. And, finally, scattered solutions cannot ensure a 360° view of a company’s IT environment, which finally results in loopholes that let hackers in.

At the same time, today’s security software market offers advanced security information and event management (SIEM) solutions that are able to replace multiple scattered solutions. Even if not considered as the ultimate remedy against APTs, SIEM systems might assist security officers at different stages of an attack.

Learning from life lessons: The case of Carbanak attacks

To get all armed for possible attacks, it’s useful to analyze previous mistakes. In the history of security breaches, APTs have a ’track record’ of calamitous intrusions. Among them there are a series of attacks by the Carbanak group that targeted more than 100 banks and other financial institutions in 30 nations (the US named the second biggest target), which made it one of the largest bank thefts ever.

Started out in August 2013, this sophisticated hacking gang was first publicly disclosed only in 2015 when the total gain already reached $1 billion. To stay unnoticed and learn every bank inside out, attackers used a whole range of tactics from spear phishing to latent watch, stealing money in modest batches. The theft was revealed accidentally, after examining one ATM’s strange behavior. However, disclosure didn’t stop the Carbanak hackers from their shady affairs: a new series of attacks were already registered in 2016. This time, the gang aims to double down the previous catch.
But what if victims had a fine-tuned SIEM solution?

As the banks were unprepared for these attacks and had no relevant solutions in place to detect the APTs, we decided to take this case as an example and illustrate how a fine-tuned SIEM solution, such as IBM QRadar, could help to reveal the Carbanak advanced persistent threats.

Malware Infection

According to the publicly available details of the attack, the hackers got access to bank employees’ computers through opportunistic malware. IBM Security QRadar QFlow Collector could pinpoint a malware infection by ensuring constant monitoring of the traffic going in and out of an organization. The tool processes sessions and flow information from external sources in such formats as QFlow, NetFlow, SFlow, JFlow and sessions from Packeteer, which allows to baseline network traffic and implement anomaly rules, as well as to build up specific correlation rules to detect the following:

• communications with known botnet control centers and malicious IP addresses. This information can be subscribed (IBM X-Force) or integrated with SIEM from open sources.

• communications with unusual and potentially malicious countries and regions

• communications via unusual ports (e.g. 6667/IRC)

• communications containing specific payloads (e.g. bot control commands), which is possible with IBM Security QRadar QFlow Collector’s functionality.


Spear Phishing

Once the attackers gained access to employees’ computers, they started a massive spear phishing campaign that was very hard to identify. Indeed, a SIEM solution can hardly distinguish an infected email message originating from a legitimate email account (a workstation with malware) from a legitimate email. However, if the email server is connected to a SIEM solution as a log source, it’s possible to detect the following abnormalities:

• an enormous amount of messages sent from the same account within a short time 

• email messages sent in non-business hours from a corporate account

• a huge number of messages with the same subject to different mailboxes


The advanced correlation with physical security controls also allows detection of mailouts from users before their check-in through a physical security gate.

Privilege escalation and deeper reconnaissance

Systematic spare phishing coupled with malware infection allowed the gang to continue their attack through privilege escalation and deeper reconnaissance that are typical for all APTs.  

Privilege escalation could be monitored with a fine-tuned SIEM solution with the following:

• audit enabled and properly configured on workstations

• log data collected from workstations and sent to a SIEM

• user accounts and roles mapped in a SIEM solution using information from LDAP/AD


In such a scenario, any user with no Admin role logging in with administrative privileges would trigger an alert in a SIEM solution.
Moreover, most of SIEM solutions contain out-of-the-box reconnaissance detection correlation rules that can be fine-tuned to minimize false-positives. In our case, a deeper reconnaissance originating from an internal corporate network could be identified if firewalls were sending access logs to a SIEM solution.

Latent watch

To better understand the internal systems, the hackers assigned operators to work with video- and screen-capture feeds grabbed and transmitted to the attackers with the previously injected malware.

The unusual traffic analysis based on anomaly rules would detect video and screen capturing activities since video translation produces a lot of traffic that could be caught by IBM Security QRadar QFlow Collector.

Infection of computers attached to ATMs

The Carbanak gang successfully infected computers attached to ATMs in order to make the machines dispense cash. In case if compromised administrative accounts were used to spread infection, a SIEM solution would be able to alert the security personnel about the following:

• a logged admin user account didn’t belong to the attacked server’s support team (mapping with LDAP/AD)

• a specific admin user account was logged in to many servers in a short time.

Additionally, an advanced correlation with Identity and Access Management solutions and Ticketing systems would allow to detect cases when an admin user was logging to the system with no appropriate ticket or IAM allowance.
Compromise of internal databases and creation of fraudulent accounts
During the attacks, hackers manipulated Oracle databases to open payment or debit card accounts at the same bank or to transfer money between accounts using the online banking system. Normally, all activity related to creating new accounts should pass through a validation procedure. Depending on such a procedure and tools used for validation, this information could be integrated with a SIEM solution to alert on unexpected account creation. If there’s no such validation in place, each new account creation could be alerted and investigated by a security analyst.

• A SIEM consultant could help a bank to get reports on business-critical data modification by doing the following:
• enabling Oracle Fine Grained Auditing (FGA) or a similar audit mechanism 

• compiling and integrating a list of approved database users. This would allow to detect data modification performed by unapproved accounts, which could be alerted to by a SIEM solution.


Abuse of the Society for Worldwide Interbank Financial Telecommunication system

To be able to move large amounts of money into controlled accounts, the attackers abused the Society for Worldwide Interbank Financial Telecommunication system. A well-configured SIEM solution could ensure a constant monitoring of all critical financial applications. If a particular application weren’t supported by QRadar out-of-the-box, appropriate parsing, mapping and categorization could be developed. Once custom data is properly normalized, a SIEM solution would be able to detect abnormal money transfers with anomaly correlation rules, if the following are true:

• a single account has transferred over the limit

• a single account has made many small transfers to one or several specific accounts

• a total amount of transfers from one account in a specific timeframe passed the limit

• 


• many accounts made transfers to the same target account in a specific period


You can thwart it

The case we’ve just analyzed proves that companies are not helpless in their battle against APTs. It may sound strange, but even as sophisticated as they are, APTs have their weakness hiding in the letter “P.” Persistence, which is the most difficult to deal with, actually means that attackers leave a lot of traces in the course of their attacks. Thus security administrators well-armed with a relevant SIEM solution have multiple touchpoints to detect intruders and stop them before their illegal activities lead to dramatic data and money losses.

Easy Way to Download