BreachBytes

Robert Vamosi has a nice overview of two recent reports on his Defense in Depth blog, the first on data breaches and the second on identity theft. The interesting figures from both reports: 9/10 breaches could have been prevented by following best practices and 57% of identity thieves use the information to open new lines of credit (not too surprising).

A summary of the Verizon report on data breaches is available here while the entire report can be found here as a PDF. Likewise, a summary of the identity theft report can be found here and the full version here as a PDF.

There is a lot of talk right now about security for virtual machines. My post from last week was about a company generating NetFlow data from virtual switches. Now at least two significant efforts are being announced at RSA. First, Solera Networks is releasing a free beta of a virtual network tap. Their premise is that buying virtual equivalents of IDS, IPS, etc is wasteful and expensive to enterprises. The virtual tap interfaces with Solera’s line of packet capture devices and closes the gap in network visibility in virtual environments. This approach seems stronger than Montego’s approach (NetFlow only). Solera provides the entire packet stream allowing you to do pretty much anything.

The second big announcement is from IBM, who is announcing “Phantom”, a hypervisor security layer.  This layer will let admins in virtual environments lock down the virtualized environment outside the VM instances allowing a single point of configuration to lock down a host of virtualized servers or clients. This will be a technology to keep an eye on in the coming months.

As usual, the security industry is catching up with a technology (this time around VM) that has been around for a considerable amount of time. This attention to virtual environment security is welcome but as usual a bit late in the game. The securtiy industry  is still not keeping pace with technology advances. I don’t expect it to catch up anytime soon.

Montego Networks CTO John Peterson has an excellent writeup on enabling NetFlow for visibility into virtualized networks. I talk a lot about network visibility with flow data on BreachBytes, but up until not I was not aware of any company implementing NetFlow for virtual switches. Montego’s technology makes visible some of the “dark space” that had previously existed in networks using virtualization. This looks like promising technology to keep an eye on in the future.

Yesterday we reported on a breach involving 4.2 million credit card numbers at an unnamed retailer. Turns out the retailer is Hannaford Bros. grocery stores. The AP is reporting on the story but has little detail beyond what was available yesterday. Although this is not a breach at the TJX level, the compromise of 4.2 million customer credit card numbers is nothing to take lightly.

Just when it started to seem that 2008 was going to be a better year than 2007 for data breaches, the Massachusetts Banking Association is notifying its members of a major data breach at an unnamed retailer. Boston Business Journal is reporting on the breach. According to the article, between 60 and 70 banks have been contacted by Visa and Mastercard. As of this time the retailer involved has not been named , although this is sure to change very soon. This smells of last year’s well-documented TJX breach and subsequent fallout. It remains to be seen if this story will pick up steam like TJX did, but if the retailer is a well-known company it could well be TJX2. From the article:

“The MBA estimates that hundreds of thousands of credit and debit cards owned by consumers in Massachusetts and northern New England states could be affected, and it is urging consumers to monitor their accounts,” the statement said.

We will follow up on this story as more details emerge.