Duqu is a stealthy computer virus with a hidden agenda...

Everything that you need to know about Duqu:

Duqu was reported to antivirus vendors around the 14th of October, 2011, but it has been in the wild since November of 2010. Since then there have been varients (updated copies with additional features or upgrades to code) released.

It has been billed as the next Stuxnet, the son of Stuxnet, or a Stuxnet clone. In reality, Duqu is actually more like a payload of Stuxnet rather than the entire attack campagin, because it is a backdoor package dropped via other means. The reason why Stuxnet was considered to be so advanced was in large part because of its varied numbers of unpatched exploits that it used to ensure successful infection.

Lets take a look at the similarities:

• Duqu uses code segments that can be identical to or very close to those used in the Stuxnet payload.
• Both Stuxnet and Duqu use signed code in order to appear to antivirus, Windows, and users as legitimate code.
• Registers a remote procedure call server in a very similar fashion to Stuxnet
• Has the same list of antivirus products, in the same order as Stuxnet except one more product was added.
• Checks for running processes in a manner similar to Stuxnet
• Both Stuxnet and Duqu use “import by hash” techniques instead of directly importing function names.

These similarities are code similarities, which means that Stuxnet and Duqu seem to share a common resource base, code base, and methodology in loading and running executables. Essentially we can think of the ways Duqu and Stuxnet install and launch themselves as being similar enough to warrant either worry that it is the same perpetrator of Stuxnet, or that they have access to the source code of the Stuxnet threat.

There are plenty of significant differences, however, namely that Duqu only performs information-gathering techniques. In comparison, Stuxnet destroyed industrial equipment, disabled safety systems, and was overtly malicious. Duqu’s most significant malicious payload is its spying ability.

Duqu infections currently have the following functionalities:

• View processes, accounts, and domain information
• View drive names/information
• Ability to take screenshots
• View network and network setup
• Keylogger
• Window name enumeration
• Share enumeration
• File exploration on all drives

Duqu sends this information to a command-and-control server currently located in India, the IP address of which is hard-coded into the Duqu payloads. Interestingly enough, Duqu is also set to destroy itself after 36 days of infection, a probable reason for why it has been able to live so long in the wild without detection.

Targets:

Duqu appears to be mostly targeting some industrial control systems and Certificate authorities, probably for the purposes of gaining information to be used in further exploits. CA compromises are also lucrative because of their use in malware.  Duqu itself is a sterling example of the use of compromised CA information because it uses a stolen certificate to sign itself as legitimate software, fooling the operating system, antivirus, and user alike with the ruse.

Infection Methods:

At first, Duqu was largely reported to have come from the same folks who created Stuxnet.  This simply doesn’t have to be the case.  The techniques could have been copied or even stolen wholesale by the malware authors.  Duqu also behaves differently and uses different infection methods.  Whereas Stuxnet was focused on remote exploitation or spread-exploitation, Duqu’s exploit of choice (MS11-087, which has since been patched) is a trojan-horse method that requires a user to open an infected Microsoft Word document.

What Can We Learn From This?

Don’t trust the initial reports, be wary, but try not to buy into the paranoia because it’s important to have measured and rational reactions to security threats so your customers and users don’t view you as the “boy who cried wolf”.  The sad thing about Duqu is that it would be very hard to detect without antivirus signatures.  With it being signed, silent, patient and auto-deleting, it is a threat that is difficult to detect or defend against unless you have the proper security infrastructure (Intrusion detection system, VLANs, exfil firewalls, Data Loss Prevention, ect…).  Use this as an excuse to justify increased security expenditures if you don’t have things up-to-spec.

Related articles

• Duqu hackers scrub evidence from command servers, shut down spying op (ctolabs.com)
• Duqu incidents detected in Iran and Sudan (ctolabs.com)
• Microsoft Releases Temporary Plug For Duqu (bobgourley.com)

You may also like -

2011 in CybersecurityExploit Theater : MS11-083 and Defense-in-DepthCTOvision December Monthly SummaryAlex's 2012 Tech PredictionsStuxnet, Duqu Date Back To 2007, Researcher SaysBob GourleyDuqu hackers scrub evidence from command servers, shut down spying opCrucialPointLLC‘Duqu’ Virus Likely Handiwork Of Sophisticated Government, Kasperky Lab SaysCrucialPointLLCMicrosoft Releases Temporary Plug For DuquCrucialPointLLCComputer Virus Hits U.S. Drone FleetCrucialPointLLC

Android has been plagued by malware, security vulnerabilities, and now, privacy issues. It started with HTC’s logging application which over-zealously logged aspects of phone use in insecure ways which made that data accessible by any application, and more recently has come to a head with the discovery of the carrier IQ application.

You may also like -

Anup Ghosh on Cybersecurity in 2012: Let’s break the security insanity cycleThe most well thought out research agenda for cyber security I have seen to dateMobile Continues to Trickle in to the MilitaryFedCyber Webinar: The Security Development LifecycleMobile Risk Management: Welcome to the JungleNIST identifies cloud computing standards gapsCrucialPointLLCYea! Legislation!Haft of the SpearCongrats To Sony Corp! This is a very good moveCTOvision.comWalking Through The Front Door: SQL InjectionsCTOvision.comCloud Security BooksDr Cloud's Flying Software Circus

This post provides an update on the Security Innovation Network (SINET) Workshop and Showcase, and also provides an invitation for you to attend this potentially game-changing event (I serve on the SINET steering committee and would truly appreciate seeing you at the showcase).

Keynotes will be delivered by: General Keith B. Alexander, Commander of the U.S. Cyber Command & Director of the National Security Agency, and His Excellency Jaak Aaviksoo, Minister of Education and Research, Former Ministry of Defense, Republic of Estonia. The Showcase was created for sixteen innovative Cybersecurity technologies to be selected from 100 applications by our steering committee. The SINET 16 will present in front of representatives from the investment, research, commercial, civilian, defense and intelligence communities. For more information, please click here.

The mission of SINET is to advance innovation and enable global collaboration between the public and private sectors to defeat Cybersecurity threats. The Showcase is supported by the Department of Homeland Security, Science & Technology Directorate, and public and private sponsors.

Please join us as we continue to give the entrepreneurs a voice and advance innovation through collaboration models. The Showcase takes place at the National Press Club – Washington DC, October 25 & 26, 2011

We will soon be announcing the companies that made the list of the top 16 for this event. I’ve seen the list and believe they are all worthy of the widespread attention this event will give their offerings.

As an example of the types of companies to expect in the SINET Showcase for 2011, consider last years selectees:

The SINET 2010 Presenting Companies

AVIRTEK, INC., Tucson, AZ

BlueSpace Software Corp, Austin, TX

BreakingPoint Systems, Inc., Austin, TX

Catbird Networks, Inc., Scotts Valley, CA

dataguise Inc., Fremont, CA

FireEye, Inc., Milpitas, CA

Future Point Systems, Inc., Reston, VA

Global Velocity, Inc., Clayton, MO

InfoAssure, Inc., Annapolis, MD

Invincea, Inc., Fairfax, VA

Lookingglass Cyber Solutions, LLC, Baltimore, MD

Mocana Corp, San Francisco, CA

PrivacyDataSystems, Charlotte, NC

ReversingLabs Corp, Cambridge, MA

Scio Security, Ann Arbor, MI

Silver Tail Systems, Inc., Palo Alto, CA

SitScape, Inc., Vienna, VA

Telesecret Corporation, Los Angeles, CA

Trustifier Inc., Newark, DE

WebLOQ, Inc., Monterey, CA

You may also like -

Opinion: The most needed innovations in IT are in the security domainSINET Showcase 27 October 2010Security Innovation Network Announces the 2011 SINET Showcase InnovatorsSecurity Innovation Network "Showcase 2011" 25-26 Oct 2011 in DCWashington Exec Flash Summit on Innovation in GovernmentDepartment of State’s Consular Systems and Technology: A Track Record of Inno ...CrucialPointLLCSecurity Innovation Network (SINET) Expands to Create “The SINET Group” with ...CrucialPointLLCComing Conferences Of InterestCTOvision.comInvincea Continues to Gain MomenturmCTOvision.comYesterday’s Security Doesn’t Work for Today’s ThreatsCrucialPointLLC

It’s late Monday morning when your computer security department notices that a suspicious message has been emailed to most of the email addresses at your company. It contains a malicious PDF that exploits a new vulnerability that came out over the weekend. The patch hasn’t been applied to the company workstations yet, and it’s too little, too late by the time the email goes out telling everyone not to click on the links.

By the time inboxes are scrubbed and most of the infections have been catalogued it’s clear that this is going to be a security nightmare, since a few dozen machines have been compromised. The attack will take a week or more to fix as desktops are reloaded, servers are checked for more intrusions, and any data losses are reported to the proper authorities.

This is how computer security has been operating at most corporations for a decade. Now enter the world of Secure Configuration and Change Management, or SCCM. SCCM can take the infection turnaround time from days and weeks to minutes or hours, and one of the products leading the charge is Triumfant.

Triumfant’s Configuration and Change Management Tool is an almost completely self-sufficent heuristic scanning software algorithm that manages to neatly sidestep some of the problems with traditional heuristic detection using a combination of patented intellectual property and a gradually changing baseline scanner that is able to move with an IT environment instead of against it.

In a Triumfant environment, baseline behaviors are scanned in groups weekly. These weekly scans are then compared against nightly aggregations of endpoint scans. The nightly aggregations are in turn made up of changes tracked by the user-agent on the endpoint. By comparing gradual baselines within user-defined groups, Triumfant is better able to understand what is and isn’t anomalous, thereby eliminating false positives and negatives.

How are anomalies detected?

The agent on the endpoint hashes all of the files on the hard disk with a cryptographic algorithm, generating a fingerprint for each file. If a file is changed, then the hash will change, signaling a need to compare the old and new versions. The endpoint agent then performs change detection sweeps, comparing hashes of older scans against the MD5 hashes of the current scan. When something changes, a flag is raised and an entry is made in a local change database. The agent also scans a list of over 3000 metrics (such as registry settings) that determine the behavior of the computer.

Every minute, the client makes a connection request to the Triumfant server. If the server responds with a request for the list of recent changes (which it does by default every night) the list is uploaded. All databases and lists are encrypted and signed.

When a rouge application, malware, or an unauthorized user make changes in the system registry, adds files to the hard drive, or modifies critical files in system directories, the endpoint client detects these changes and adds them to a behavior profile. If the behavior is deemed to be malicious, Triumfant flags it as a rouge application and gathers the related system events and changes up into a single, coherent event and prepares them for reversal in remediation. No white- or black-listing is used in this technique, meaning that the server does not need to be constantly updated with new profiles or lists, other than Microsoft windows update signatures, which are used to help determine the patch status of a machine.

Remediation:

Once an undesirable change or application has been discovered, and cataloged, it is presented to an administrator via the Triumfant web interface. The web interface is a highly customisable AJAX application that allows for the creation of new views, reports with charts and graphics, users with different groups and permissions, and the ability to remediate issues with only a few simple clicks.

Simply click on the problem, then click on the remediation button in the left-hand corner. The remediation will be performed automatically by the tool, then put into the list of remediated issues automatically. If for some reason the remediation cant be performed, then it is placed in the “unsuccessful remediation” category.  Unsuccessful remediations are not commonplace.  Even if important system files are deleted or corrupted, computers in the same group are able to copy files for other group members to use, provided that the hash values matched before corruption or deletion.

Taking it further:

Triumfant has extrapolated on their heuristic detection and automatic remedition because the scanning technology behind it can do so much more. Triumfant scans over 3000 parameters for use in their tool, and it collects this data inside of a large, highly-opimised database, allowing it to be easily used for other applications, such as compliance testing.

Inside of the Triumfant server tool, administrators can import SCAP files to use as templates in compliance testing. Once Triumfant has scanned it’s member computers and determined that they are outside of compliance, the template will be used to build remediations against whatever parameters are out of alignment with the SCAP specifications.

Triumfant can also take the data from its database and insert it into a variety of third-party applications with which it has integration, including ePO and the Remedy ticketing system for high cohesion with existing software. Triumfant has custom-built integration for custom ticketing and tracking systems as well.

Past and Present:

Due to the problems associated with heuristic detection, most CCM software has not seen deep market penetration. Triumfant’s tool has been around for some time, having been fire tested at the pentagon for almost 4 years now, while the company has been around since 2002.

In the next few months, Triumfant will be debuting an updated version of their tool that is able to perform all of it’s functions on Macs as well as Windows computers. By the end of the year a Unix or Unix-variant (Linux, BSD, Solaris) should be out, followed by smartphone variations.

Tools such as Triumfant may very well become the future of computer security configuration management over the next few years. Tools like those provided by Triumfant offer ease of use without sacrificing security, bringing thousand-system compliance requirements into the reach of even small IT security departments. It’s ability to remediate nasty infections (like rootkits) give it a leg up on many anti-virus vendors which must release signatures, patches, and fixes and which will forever lag behind heuristic detection technology.

You may also like -

Yesterday's Security Doesn't Work for Today's ThreatsThe Evolving Enterprise Threat EnvironmentInvincea and Triumfant: two firms filling important roles in enterprise ITSome Context on Malware in the EnterpriseMobile Apps Can Have Strategic Impact: If Mobile Risk Can Be ManagedYesterday’s Security Doesn’t Work for Today’s ThreatsCrucialPointLLCTriumfant: A New Approach to IT SecurityCrucialPointLLCGranola: Disruptive Technology without the DisruptionBob GourleyRegister for 16 Dec webinar on what the CIO and CTO need to know about develo ...CrucialPointLLCSpecial Summary: Enterprise security storiesBob Gourley

This is the second installation on my series about Computer Network Operations (CNO).  The last blog explored the actions known as Computer Network Exploitation (CNE), and as always, please feel free to comment.  Today, the topic switches from exploitation to defense.

Computer Network Defense (CND): Includes actions taken via computer networks to protect, monitor, analyze, detect and respond to network attacks, intrusions, disruptions or other unauthorized actions that would compromise or cripple defense information systems and networks. Joint Pub 6.0 further outlines Computer Network Defense as an aspect of NetOps.

CND essentially means keeping the bad guys out and from acquiring or altering our information.  This is something that the United States has not been particularly successful with recently.  There has been progress made, however, largely due to the recognition that vulnerabilities in cyberspace affect everyone, not just the government or military.

In 2006 the first Government-led, full-scale, cyber security exercise of its kind, Cyber Storm, took place.  “Cyber Storm was a coordinated effort between international, Federal and State governments, and private sector organizations to exercise their response, coordination, and recovery mechanisms in reaction to simulated cyber events.”[1] This event highlighted some of the vulnerabilities in our defense systems as well as some of the shortcomings in our attribution and response capabilities.  Each Cyber Storm builds on lessons learned from previous real world incidents, ensuring that participants face more sophisticated and challenging exercises every two years.  Cyber Storm has been repeated bi-annually since and advances have been made to address the major issues, but more work needs to be done.

You may also like -

Twelve Principles of DoD Cyber ConflictA Discussion About Computer Network OperationsCNO Part 1: Computer Network ExploitationJTF-CND to JTF-CNO to JTF-GNO to Cybercom50 Days of Lulz: A RetrospectiveA First For The Nation: NERC Completes First Grid Security ExerciseCrucialPointLLCPeering into North Korea’s Future: the Cyber AngleShepherd's PiUS DoD Consults Former Hacker Charlie Miller on Cyber SecurityBob GourleyDARPA commissioning ad-hoc smart phone networkCrucialPointLLCArmy Activates First of its Kind Cyber BrigadeBob Gourley

This is the first part in my series about Computer Network Operations (CNO).  Again, I welcome any and all discussion on the matter and hope that this post will help educate our readers and encourage dialogue between them.

• Computer Network Exploitation (CNE): Includes enabling actions and intelligence collection via computer networks that exploit data gathered from target or enemy information systems or networks. Joint Pub 3-13

CNE, which can include cyber-espionage, has many advantages at the strategic, operational, and the tactical levels.  Strategically, an adversary may find it more beneficial to collect data against us rather than make an offensive move against us, for fear of retaliation.  Again, a vulnerability in our network is an open door for another to come take information.  This is generally physically harmless, but the amount of information that walks out the door daily is staggering and it adds up.

This has been one of the biggest problems that the U.S. has had to deal with in recent years, as witnessed during the release of hundreds of thousands of diplomatic cables over the Wikileaks website last summer.  China and other countries steal our government and our industry secrets every day.  Of course, that is not to say that we aren’t stealing theirs as well, but we need to continue to become better, while getting better at securing our own information.

In an excerpt from the book Toward a Theory of Space Power: Selected Essays, Benjamin Lambeth, a RAND researcher, says “unlike the air and space environments, cyberspace is the only military operating area in which the United States already has peer competitors in place and hard at work.”[1] Naturally, most hold China to be our main competitor in this arena, and in fact most other areas as well, but there are and will be other adversaries, state-level and below, that have designs on exploiting the United States through the cyber domain.  What are some strategies that we should seek to continue growing in this area?

You may also like -

Twelve Principles of DoD Cyber ConflictA Discussion About Computer Network OperationsCNO Part 2: Computer Network Defense50 Days of Lulz: A RetrospectiveJTF-CND to JTF-CNO to JTF-GNO to CybercomPeering into North Korea’s Future: the Cyber AngleShepherd's PiA First For The Nation: NERC Completes First Grid Security ExerciseCrucialPointLLCSOCOM’s Technology Wish ListCrucialPointLLCSOCOM's Technology Wish ListCTOvision.comA CTO Perspective: Consider The Message The Elders of the Internet Have A Mes ...CTOvision.com

In a networked world, as in the rest of the world, we have to keep ourselves protected from attacks.  The problem is, this networked world actually exists in a different domain than we are historically used to fighting in.  Of course, I am talking about the cyber domain.  The United States has long enjoyed a distinct military advantage in controlling the four traditional domains of air, space, ground, and land.  But the cyber domain is the only one that man created; yet paradoxically the U.S. does not have full control over it.

It is the very nature that is cyberspace (decentralized) that makes it so difficult to dominate.  Further, dominance in cyberspace is essential to dominance in all other domains, as they are all increasingly dependent upon cyber infrastructure.  It seems that right now we are involved in what I see as an arms race, so to speak, that parallels historical times such as aircraft wars during the initial stages of flight, the space race between the U.S. and Soviet Union, and also the nuclear arms race during the Cold War.

One major difference in this realm however, is that domination in cyberspace means you essentially become the main target of anyone wishing to expand their power, to take a realist’s perspective.  In the cyber realm there are no borders by which to define your existence and draw a line in the sand.  Additionally, as of now there are no widely accepted defined rules, analogous to a Geneva Convention or Nuclear Non-Proliferation Treaty, governing actions in this realm.  Even if there were established norms and mores in this realm, there is no international governing body to preside over them.  All in all, this ‘wild west’ atmosphere essentially means that if there is an open door (i.e. vulnerability in your network), it is an invitation for someone to walk in and take something or attack without fear of repercussion.

This as where Computer Network Operations (CNO) comes into play.  According to Joint Pub 3-13, CNO consists of three different operations; computer network exploitation (CNE) (and espionage), computer network defense (CND), and computer network attack (CNA):

• Computer Network Exploitation (CNE): Includes enabling actions and intelligence collection via computer networks that exploit data gathered from target or enemy information systems or networks.
  

• Computer Network Defense (CND): Includes actions taken via computer networks to protect, monitor, analyze, detect and respond to network attacks, intrusions, disruptions or other unauthorized actions that would compromise or cripple defense information systems and networks. Joint Pub 6.0 further outlines Computer Network Defense as an aspect of NetOps

• Computer Network Attack (CNA): Includes actions taken via computer networks to disrupt, deny, degrade, or destroy the information within computers and computer networks and/or the computers/networks themselves.

Over the next couple weeks I will be expanding upon this concept with a series of posts related to this.  I am hoping this can help some people understand what it is we are all dealing with here, what the nature of the threat is, and how we can work together to alleviate it.  I welcome any input and discussion on the matter.

You may also like -

Twelve Principles of DoD Cyber ConflictCNO Part 2: Computer Network DefenseJTF-CND to JTF-CNO to JTF-GNO to CybercomCNO Part 1: Computer Network ExploitationCyber And Physical Security: The discussion continuesFrom Networks to SwarmsCrucialPointLLCThe End of Cyber Security (Part IV)Haft of the SpearFedCyber.com Cybersecurity Summit on Wednesday, September 28CTOvision.comPeering into North Korea’s Future: the Cyber AngleShepherd's Pi

General Alexander is keeping busy at NSA/CYBERCOM

Last week, General Alexander (director of NSA and commander, USCYBERCOM) spoke at the RSA conference in San Francisco. He pointed out the the explosion of technology over the past 10 years. That users went from an average of 250MB of personal files, to over 128GB. The fact that 70% of Americans online are on Facebook – that 600M users worldwide are as well. This, mixed with the huge advances in programming (Watson and Deep Blue) lets us know that we do have the capability to protect and defend our advanced networks.

General Alexander reminded us of attacks on Estonia (2007) and Georgia (2008) as well Latvia, Lithuania, Azerbaijan and Kyrgyzstan. His concern is that some of those attacks might be used on the 15K DoD networks. These networks are scanned over 1 million times a day, yet receive 20k email attacks a month, thousands of independent network assaults. The DoD is scanning 92TB+ and 150B+ packets every day.

The biggest problem is that our public/private infrastructure is the backbone to the network. Additionally, there is a need to secure the defense industrial base. This was made certain by the USB flash drive issues in 2008. General Alexander states, ”Take combined talent and figure out how we secure the network.”  The “combined talent” is that in academia, private industry, and public servants.

The general brought up needs to have widespread cyber education. For our citizens and our civil servants (military and government). The people need to be educated on their role in cyberspace and how they can be a factor in this domain.

Lastly, General Alexander focused on how important STEM + R&D efforts will be to cyberspace dominance. STEM (Science, Technology, Engineering and Math) studies are needed to have educated work force.  R&D spending drives innovation. This ties in with his thoughts on a public/private partnership – pushing STEM + R&D needs to be done at academic, private and public levels, and must be concerted efforts.

If you are an enterprise IT professional there is something you should know:

Invincea has been named the “Most Innovative” company at the 2011 RSA conference.

There are reasons for this. The capabilities provided by Invincea hold great promise in the fight against malware. The endorsement of a panel of security experts at the world’s greatest security conference should be enough to get your attention, so now do your own due diligence and accelerate Invincea into your own enterprise.

Here is more from BusinessWire:

http://www.businesswire.com/news/home/20110215005868/en/Invincea-Named-%E2%80%9CMost-Innovative-Company-RSA%C2%AE-Conference

SAN FRANCISCO–(BUSINESS WIRE)–RSA Conference:

“Invincea was judged the most innovative by our diverse panel of judges. We look forward to watching Invincea in the years to come as it is sure to make a continuing impact on the information security landscape.”

News Facts

• RSA^® Conference (www.rsaconference.com), the world’s leading information security conferences and expositions, today announced Invincea Inc., as the winner of its “Most Innovative Company at RSA Conference 2011” contest. Invincea was determined as most innovative during the RSA Conference Innovation Sandbox program, a half-day interactive program intended to foster the entrepreneurial spirit of the security industry and represent today’s best new security solutions.
• This year’s Innovation Sandbox program featured interactive white boarding sessions, a “Trailbreakers” panel showcasing innovators who blazed their own trail, a “Start-up Speed Dating” session, matching venture capital professionals with early stage start-up company attendees, and the finalists’ presentations to a panel of judges.
• This year, Invincea Inc. competed against nine other finalists invited to pitch their product and business plan to a judging panel including Asheem Chandna of Greylock Partners; Gerhard Eschelbeck of Webroot; Renee Guttmann of Coca-Cola; Paul Kocher of Cryptography Research, and Ray Rothrock of Venrock.
• Innovation Sandbox was sponsored by Radware (NASDAQ: RDWR), the global leader in integrated application delivery solutions and Titus, a leading provider of security and compliance solutions for email and documents.

“The Top 10 participants in this year’s Innovation Sandbox represent the entrepreneurial spirit of the security industry,” said Sandra Toms LaPedis, Area Vice President and General Manager of RSA Conference. “Invincea was judged the most innovative by our diverse panel of judges. We look forward to watching Invincea in the years to come as it is sure to make a continuing impact on the information security landscape.”

About RSA Conference

RSA Conference helps drive the global information security agenda with annual events in the U.S., Europe and Japan. Throughout its 20-year history, RSA Conference consistently attracts the best and brightest in the field, creating opportunities to learn about information security’s most important issues through face-to-face and online interactions with peers, luminaries and emerging and established companies. As information security professionals work to stay ahead of ever-changing security threats and trends, they turn to RSA Conference for a 360-degree view of the industry. RSA Conference seeks to arm participants with the knowledge they need to remain at the forefront of the information security business. More information on events, online programming and the most up-to-date news pertaining to the information security industry can be found atwww.rsaconference.com.

RSA and the RSA Conference logo are either registered trademarks or trademarks of EMC Corporation in the United States and/or other countries. All other products and/or services referenced are trademarks of their respective companies.

You may also like -

Some Context on Malware in the EnterpriseInvincea Webinar Will Help You Stop Spear Phishing ThreatsThe Debut of Invincea: New endpoint protection against malwareInvincea Browser Protection Eliminates Web2.0 Security RisksInvincea Continues to Gain MomenturmYesterday’s Security Doesn’t Work for Today’s ThreatsCrucialPointLLCInvincea and Triumfant: two firms filling important roles in enterprise ITCTOvision.comSecurity Innovation Network Announces the 2011 SINET Showcase InnovatorsCrucialPointLLCThe Evolving Enterprise Threat EnvironmentCrucialPointLLCContinued Evolution of DoD Cyber PolicyCTOvision.com