These days we hear a lot of terms thrown about like the “Consumerization of IT” and “Bring your own device” (BYOD), and “Network health”.  This is because corporations are starting to warm up to the idea that maybe if they let you bring in your personal computing devices such as smartphones and tablets, they won’t have to pay to give you one.

Related articles

• Mobile Apps Can Have Strategic Impact: If Mobile Risk Can Be Managed (ctolabs.com)
• Fixmo Sentinel: Manage Your Mobile Risk (bobgourley.com)
• Fixmo And Mobile Risk Management For Enterprise and Government Agencies (bobgourley.com)

You may also like -

Fixmo And Mobile Risk Management For Enterprise and Government AgenciesFixmo Sentinel: Manage Your Mobile RiskFixmo Announces Advisory Board, Adds to Board of DirectorsMobile Apps Can Have Strategic Impact: If Mobile Risk Can Be ManagedTTPs, CRADAs, MRM, and FixmoFixmo Extends No-Charge Mobile Risk Management Solutions for Government Agenc ...CrucialPointLLCFixmo: The Mobile Risk Management CompanyCrucialPointLLCFixmo Unveils SafeZone, a Risk Management Solution for Personal Mobile Device ...CrucialPointLLCFixmo Partners With CorreLog to Create Holistic Mobile Infrastructure Complia ...CrucialPointLLCFixmo Appoints Tyler Lessard as Chief Marketing OfficerCrucialPointLLC

Duqu is a stealthy computer virus with a hidden agenda...

Everything that you need to know about Duqu:

Duqu was reported to antivirus vendors around the 14th of October, 2011, but it has been in the wild since November of 2010. Since then there have been varients (updated copies with additional features or upgrades to code) released.

It has been billed as the next Stuxnet, the son of Stuxnet, or a Stuxnet clone. In reality, Duqu is actually more like a payload of Stuxnet rather than the entire attack campagin, because it is a backdoor package dropped via other means. The reason why Stuxnet was considered to be so advanced was in large part because of its varied numbers of unpatched exploits that it used to ensure successful infection.

Lets take a look at the similarities:

• Duqu uses code segments that can be identical to or very close to those used in the Stuxnet payload.
• Both Stuxnet and Duqu use signed code in order to appear to antivirus, Windows, and users as legitimate code.
• Registers a remote procedure call server in a very similar fashion to Stuxnet
• Has the same list of antivirus products, in the same order as Stuxnet except one more product was added.
• Checks for running processes in a manner similar to Stuxnet
• Both Stuxnet and Duqu use “import by hash” techniques instead of directly importing function names.

These similarities are code similarities, which means that Stuxnet and Duqu seem to share a common resource base, code base, and methodology in loading and running executables. Essentially we can think of the ways Duqu and Stuxnet install and launch themselves as being similar enough to warrant either worry that it is the same perpetrator of Stuxnet, or that they have access to the source code of the Stuxnet threat.

There are plenty of significant differences, however, namely that Duqu only performs information-gathering techniques. In comparison, Stuxnet destroyed industrial equipment, disabled safety systems, and was overtly malicious. Duqu’s most significant malicious payload is its spying ability.

Duqu infections currently have the following functionalities:

• View processes, accounts, and domain information
• View drive names/information
• Ability to take screenshots
• View network and network setup
• Keylogger
• Window name enumeration
• Share enumeration
• File exploration on all drives

Duqu sends this information to a command-and-control server currently located in India, the IP address of which is hard-coded into the Duqu payloads. Interestingly enough, Duqu is also set to destroy itself after 36 days of infection, a probable reason for why it has been able to live so long in the wild without detection.

Targets:

Duqu appears to be mostly targeting some industrial control systems and Certificate authorities, probably for the purposes of gaining information to be used in further exploits. CA compromises are also lucrative because of their use in malware.  Duqu itself is a sterling example of the use of compromised CA information because it uses a stolen certificate to sign itself as legitimate software, fooling the operating system, antivirus, and user alike with the ruse.

Infection Methods:

At first, Duqu was largely reported to have come from the same folks who created Stuxnet.  This simply doesn’t have to be the case.  The techniques could have been copied or even stolen wholesale by the malware authors.  Duqu also behaves differently and uses different infection methods.  Whereas Stuxnet was focused on remote exploitation or spread-exploitation, Duqu’s exploit of choice (MS11-087, which has since been patched) is a trojan-horse method that requires a user to open an infected Microsoft Word document.

What Can We Learn From This?

Don’t trust the initial reports, be wary, but try not to buy into the paranoia because it’s important to have measured and rational reactions to security threats so your customers and users don’t view you as the “boy who cried wolf”.  The sad thing about Duqu is that it would be very hard to detect without antivirus signatures.  With it being signed, silent, patient and auto-deleting, it is a threat that is difficult to detect or defend against unless you have the proper security infrastructure (Intrusion detection system, VLANs, exfil firewalls, Data Loss Prevention, ect…).  Use this as an excuse to justify increased security expenditures if you don’t have things up-to-spec.

Related articles

• Duqu hackers scrub evidence from command servers, shut down spying op (ctolabs.com)
• Duqu incidents detected in Iran and Sudan (ctolabs.com)
• Microsoft Releases Temporary Plug For Duqu (bobgourley.com)

You may also like -

2011 in CybersecurityExploit Theater : MS11-083 and Defense-in-DepthCTOvision December Monthly SummaryAlex's 2012 Tech PredictionsStuxnet, Duqu Date Back To 2007, Researcher SaysCrucialPointLLCDuqu hackers scrub evidence from command servers, shut down spying opCrucialPointLLC‘Duqu’ Virus Likely Handiwork Of Sophisticated Government, Kasperky Lab SaysCrucialPointLLCMicrosoft Releases Temporary Plug For DuquCrucialPointLLCComputer Virus Hits U.S. Drone FleetCrucialPointLLC

Android has been plagued by malware, security vulnerabilities, and now, privacy issues. It started with HTC’s logging application which over-zealously logged aspects of phone use in insecure ways which made that data accessible by any application, and more recently has come to a head with the discovery of the carrier IQ application.

You may also like -

Anup Ghosh on Cybersecurity in 2012: Let’s break the security insanity cycleThe most well thought out research agenda for cyber security I have seen to dateMobile Continues to Trickle in to the MilitaryFedCyber Webinar: The Security Development LifecycleMobile Risk Management: Welcome to the JungleNIST identifies cloud computing standards gapsCrucialPointLLCYea! Legislation!Haft of the SpearCongrats To Sony Corp! This is a very good moveCTOvision.comWalking Through The Front Door: SQL InjectionsCTOvision.comCloud Security BooksDr Cloud's Flying Software Circus

As of yet, there is no definitive narrative of the virus that hit the U.S. drone fleet at Creech Air Force Base in Nevada this September. Original reports stated that drone cockpits had been infected with a keylogger virus and, while there was no indication that classified information had been stolen or that missions had been compromised, the virus has proven tenacious, resisting efforts to disinfect machines and forcing the Air Force to wipe entire hard drives. Sources said that officials at Creech never informed the 24th Air Force, the central authority on cyber for the Air Force, about the breach until the 24th read about it online. Yesterday, however, in its first official statement on the infection, the Air Force explained that the virus was actually credential stealer and insisted that the virus was only a nuisance that was easily contained. It claimed that the 24th AF had known about the breach since the 15 September. The Air Force also disputed that cockpits were affected, stating that only ground control systems were breached.

If initial reports were true, then our military cybersecurity is in a lamentable state. The most critical element of perhaps our most vital weapons and intelligence systems would have been breached, and the primary defenders were kept in the dark because of the fear of failure that permeates security and stifles information-sharing and cooperation. But even if the relatively optimistic official accounts of the infection are the whole truth, the military’s computer security paradigm still needs an overhaul.

In some ways, the official statement is more worrying than even the most sensational initial accounts as it suggests a disconnect from cybersecurity realities. First, it’s too quick to dismiss what may have been a real threat. According to Microsoft security architects, once a credential stealer gets a foothold on your network, it typically takes between 24 and 48 hours to gain Domain Admin credentials and access to every account and workstation. An anonymous official has claimed that the malware only targets online gaming accounts, but this has not been confirmed or attributed. If the 24th managed to isolate the virus, they may have squashed a nuisance or they averted a crisis. Their confidence in defensive measures is even more unsettling. “Our tools and processes detect this type of malware as soon as it appears on the system, preventing further reach,” the release claims, “We continue to strengthen our cyber defenses, using the latest anti-virus software and other methods.” That the Air Force feels safe behind a cyber Maginot Line, as Professor Rick Forno would say, does not fill me with confidence, especially when the virus has already penetrated “air gaped” systems, the gold standard in network security.

It’s time the Air Force adopts industry best-practice and switches to a “presumption of breach” mindset. Rather than putting all of its energy into keeping all attackers out with technological silver bullets, the Air Force, like top private firms, must assume that it will be infected and most likely already is. This is hardly a stretch. The official release states that drone systems are not facing any “advanced persistent threat” or even targeted attack, just one of millions of random, run-of-the-mill viruses floating around on the internet. The malware in question is said to be commonly used to steal log-ins and passwords for online games, implying that it was picked up in such a setting. How many other isntances of malware were accidently picked up by Air Force personel and possibly transfered on to classified systems? And if malware designed to steal your Mafia Wars account can access some of the military’s most mission critical systems, how long will it take for a sophisticated, state-sponsored virus like Stuxnet makes in on to UAV infrastructure?

A “plan to fail” approach would shift emphasis to forensics and remediation, areas where the Air Force seems to be lagging. If the 24th AF really did know about the infection since 15 September, at least their monitoring and intrusion detection systems are in order. The official release, however, does not say that they have finished disinfecting computers or that they have determined the source of the malware, implying that they are still working on forensics and infection turnaround a month later. If true, the initial insider reports of persistent and mysterious malware confirm this, and add that the only cure seemed to be to wipe internal hard drives and start clean, a costly and time consuming process.  It is also important, when operating under a presumption of breach, to share information about infections, attacks, and mistakes, unlike initial reports suggested, rather than hide possible failures and to learn from them. From the tone of the press release, classifying the attack as a minor annoyance promptly taken care of with the latest and greatest technology, it doesn’t look like much learning is taking place.

Related articles

• Get Hacked, Don’t Tell: Drone Base Didn’t Report Virus (wired.com)
• Follow Up of the Day: Air Force Says Drone Fleet Virus is Just a Nuisance (geeks.thedailywh.at)
• Yesterday’s Security Doesn’t Work for Today’s Threats (CTOvision.com)

You may also like -

Updates on Dronegate2011 in CybersecuritySurvey says: Security risks never higher, or more costlyCrucialPointLLCComputer Virus Hits U.S. Drone FleetCrucialPointLLC

A recent IDG interview of Bob Gourley of Crucial Point and Andrzej Kawalec of HP delved into the problem of the “traditional” method of enterprise security, a paradigm  under severe challenge. We can sum up the traditional approach as less a certain tactic, technique, technology, or policy than a way of viewing the world.

As Gourley has noted, traditional enterprise security can be characterized with one of these bullets:

• Primarily exists below the CIO level and is primarily thought of as a technical–rather than policy–matter

• Is based on point defense of all access points (The Maginot line approach)

• Doesn’t provide defense-in-depth

• Is not about the enterprise as a whole

• Does not take into account enterprise use of computing technologies besides PCs

Enterprise security, in the traditional approach, is thought of as an technical issue rather than a policy problem. This limits the ability to think strategically and keeps the conversation (and policy) focused on tactics and technical measures and counter-measures–losing sight of overall problems and solutions that are typically decided at the CIO level. Point defense is seen as a viable solution to dealing with security problems, a solution with a poor historical track record in both military and private security contexts. It does not focus on the enterprise itself but looks narrowly at a discrete set of technical issues, and similarly is blind and deaf to the growing enterprise use of “post-PC” mobile technologies.

As noted before, this is an aggregate set of practices formed by an underlying worldview rather than a deliberate policy that a Bill Lumbergh sat down and decided to inflict on his subordinates. It was formed less by deliberate design than a confluence of factors, including the dominance of the PC as a singular computing practice within the enterprise, the relatively primitive (compared to today) nature of security problems, the marginalization of computer security as a technical rather than policy issue, and an desire to minimize loss by attempting to protect everything within the enterprise.

Although military examples are often useful in looking at attack/defense dynamics in the cyber world, a more mundane example from private security also illustrates the point. Dignitary protection, a fairly standard mission for both private security in the corporate, political, and entertainment world, is not just about neutralizing a discrete set of technical threats (the stereotype of a bodyguard checking for bombs or people with guns). It’s also about understanding and calculating plausible threat scenarios informed by a knowledge of the principal’s everyday lifestyle, security weaknesses, likely adversaries, and many other factors. Point defense is a worst-case scenario, and is arguably seen as a denial of tradeoffs inherent in the profession.

Obviously, the creation of the CIO itself (and the similar rise in CTO positions) is a symptom of greater change in both government and private organizations. The idea that technology policy within an organization can be centralized and strategically directed in a long-term frame has enormous implications for the way we think about enterprise security. We’ll be discussing these issues in more depth at the FedCyber Government-Industry Cyber Security Summit and hope you’ll be able to attend.

You may also like -

Special Summary: Enterprise security storiesThe Evolving Enterprise Threat EnvironmentLatest DodgeRetort - GAO: Federal CIO's need to focus more on information man ...Yesterday's Security Doesn't Work for Today's ThreatsNew Enterprise CIO Forum Blog Talk RadioFDCCI Preparation with Virtual Instruments and CarahsoftCrucialPointLLCBig Data Success in GovernmentBob GourleyNote to CIOs: Your organization will never be 100% secureCrucialPointLLCEvolving Approaches to Cyber ThreatsBob GourleyLatest DodgeRetort – GAO: Federal CIO’s need to focus more on information man ...CrucialPointLLC

This won't work anymore

The second interview for IDG on Monday, September 12, featured Andrzej Kawalec, HP‘s CTO of Enterprise Security along with Bob Gourley. The two first discussed changes in the enterprise threat environment, which have been dramatic.

They agreed on three major emerging challenges in enterprise cybersecurity. The first is simply the nature of the threat, which is growing more sophisticated, faster, and more targeted over time. Phishing, for example, gives way to Spear phishing where the impostor emails are designed to look like they came from colleagues, offer a malicious link tailored to the target, and may have company letterheads and logos. Threats to enterprise are growing more serious because, as Bob noted, the money is with the enterprises and the threats follow.

The second emerging challenge is the consumerization of IT. Employees no longer do all their work on a (hopefully) secured company workstation. Instead, they are flipping through presentations on their personal tablets and checking emails on their smartphones. While on one hand, this is great as it allows users to stick with the devices they prefer and are comfortable with, and encourages them to work wherever and whenever is convenient, it also means that hardening single data endpoints is no longer enough, as an enterprise can’t know what device its employees will be working on. Already, a recent survey of IT managers reveals that employees use personal devices for work in almost 90% of companies, and that most do not have the tools to manage them.

Lastly, the cloud is changing how IT is delivered. Software-as-a-Service, Platform-as-a-Service, and Infrastructure-as-a-Service are reinventing how we consume and interact with IT. Again, cloud computing has brought many benefits, but also its share of challenges as CTOs, CIO, and CISOs adjust and make their security work for a new paradigm.

Adapting to this threat environment requires a risk management approach. As Kawalec noted, enterprises must plan to fail and expect to be under attack not just from malware or malicious code in general, but also internal threats, the quintessential example being Bradley Manning and all the anonymous contributors to WikiLeaks. This complicates security not only because social engineering and trusted users can get around any current technical solution, but also because their motivations tend to be different from traditional criminal hackers. If enterprises assume that their networks are already compromised, they need to protect them with a remediation approach. An example would be Triumfant’s Configuration and Change Management Tool, which effectively scans networks for anomalies before users even notice that something is wrong, and then reduces infection turnaround time from days to minutes as it implements solutions at the click of a button then fills on gaps from healthy computers if important file systems have been deleted.

Still, even with products emerging to help enterprises “plan to fail” at perfect internet security, dealing with a shifting IT paradigm and threat environment takes a different kind of CIO. Today’s CIOs and CISOs need to understand architecture, vision, and design, to see the system on both macro and micro levels to reduce security silos and provide robust solutions for a changing world.

Related articles

• Using Triumfant for Secure Configuration and Change Management (bobgourley.com)
• In Search of a Russian Winter of Information Systems Security (fedcyber.com)

You may also like -

Yesterday's Security Doesn't Work for Today's ThreatsSpecial Summary: Enterprise security storiesNote to CIOs: Your organization will never be 100% secureEvolving Approaches to Cyber ThreatsThinking About the Traditional ApproachYesterday’s Security Doesn’t Work for Today’s ThreatsCrucialPointLLCSurvey says: Security risks never higher, or more costlyCrucialPointLLCBig Data and the Enterprise CIOCrucialPointLLCGourley Discusses Big Data Security With IDGCrucialPointLLCBob Gourley Discusses Big Data Security With IDGCTOvision.com

This post provides an update on the Security Innovation Network (SINET) Workshop and Showcase, and also provides an invitation for you to attend this potentially game-changing event (I serve on the SINET steering committee and would truly appreciate seeing you at the showcase).

Keynotes will be delivered by: General Keith B. Alexander, Commander of the U.S. Cyber Command & Director of the National Security Agency, and His Excellency Jaak Aaviksoo, Minister of Education and Research, Former Ministry of Defense, Republic of Estonia. The Showcase was created for sixteen innovative Cybersecurity technologies to be selected from 100 applications by our steering committee. The SINET 16 will present in front of representatives from the investment, research, commercial, civilian, defense and intelligence communities. For more information, please click here.

The mission of SINET is to advance innovation and enable global collaboration between the public and private sectors to defeat Cybersecurity threats. The Showcase is supported by the Department of Homeland Security, Science & Technology Directorate, and public and private sponsors.

Please join us as we continue to give the entrepreneurs a voice and advance innovation through collaboration models. The Showcase takes place at the National Press Club – Washington DC, October 25 & 26, 2011

We will soon be announcing the companies that made the list of the top 16 for this event. I’ve seen the list and believe they are all worthy of the widespread attention this event will give their offerings.

As an example of the types of companies to expect in the SINET Showcase for 2011, consider last years selectees:

The SINET 2010 Presenting Companies

AVIRTEK, INC., Tucson, AZ

BlueSpace Software Corp, Austin, TX

BreakingPoint Systems, Inc., Austin, TX

Catbird Networks, Inc., Scotts Valley, CA

dataguise Inc., Fremont, CA

FireEye, Inc., Milpitas, CA

Future Point Systems, Inc., Reston, VA

Global Velocity, Inc., Clayton, MO

InfoAssure, Inc., Annapolis, MD

Invincea, Inc., Fairfax, VA

Lookingglass Cyber Solutions, LLC, Baltimore, MD

Mocana Corp, San Francisco, CA

PrivacyDataSystems, Charlotte, NC

ReversingLabs Corp, Cambridge, MA

Scio Security, Ann Arbor, MI

Silver Tail Systems, Inc., Palo Alto, CA

SitScape, Inc., Vienna, VA

Telesecret Corporation, Los Angeles, CA

Trustifier Inc., Newark, DE

WebLOQ, Inc., Monterey, CA

You may also like -

Opinion: The most needed innovations in IT are in the security domainSINET Showcase 27 October 2010Security Innovation Network Announces the 2011 SINET Showcase InnovatorsSecurity Innovation Network "Showcase 2011" 25-26 Oct 2011 in DCWashington Exec Flash Summit on Innovation in GovernmentDepartment of State’s Consular Systems and Technology: A Track Record of Inno ...CrucialPointLLCSecurity Innovation Network (SINET) Expands to Create “The SINET Group” with ...CrucialPointLLCComing Conferences Of InterestCTOvision.comInvincea Continues to Gain MomenturmCTOvision.comYesterday’s Security Doesn’t Work for Today’s ThreatsCrucialPointLLC

It’s late Monday morning when your computer security department notices that a suspicious message has been emailed to most of the email addresses at your company. It contains a malicious PDF that exploits a new vulnerability that came out over the weekend. The patch hasn’t been applied to the company workstations yet, and it’s too little, too late by the time the email goes out telling everyone not to click on the links.

By the time inboxes are scrubbed and most of the infections have been catalogued it’s clear that this is going to be a security nightmare, since a few dozen machines have been compromised. The attack will take a week or more to fix as desktops are reloaded, servers are checked for more intrusions, and any data losses are reported to the proper authorities.

This is how computer security has been operating at most corporations for a decade. Now enter the world of Secure Configuration and Change Management, or SCCM. SCCM can take the infection turnaround time from days and weeks to minutes or hours, and one of the products leading the charge is Triumfant.

Triumfant’s Configuration and Change Management Tool is an almost completely self-sufficent heuristic scanning software algorithm that manages to neatly sidestep some of the problems with traditional heuristic detection using a combination of patented intellectual property and a gradually changing baseline scanner that is able to move with an IT environment instead of against it.

In a Triumfant environment, baseline behaviors are scanned in groups weekly. These weekly scans are then compared against nightly aggregations of endpoint scans. The nightly aggregations are in turn made up of changes tracked by the user-agent on the endpoint. By comparing gradual baselines within user-defined groups, Triumfant is better able to understand what is and isn’t anomalous, thereby eliminating false positives and negatives.

How are anomalies detected?

The agent on the endpoint hashes all of the files on the hard disk with a cryptographic algorithm, generating a fingerprint for each file. If a file is changed, then the hash will change, signaling a need to compare the old and new versions. The endpoint agent then performs change detection sweeps, comparing hashes of older scans against the MD5 hashes of the current scan. When something changes, a flag is raised and an entry is made in a local change database. The agent also scans a list of over 3000 metrics (such as registry settings) that determine the behavior of the computer.

Every minute, the client makes a connection request to the Triumfant server. If the server responds with a request for the list of recent changes (which it does by default every night) the list is uploaded. All databases and lists are encrypted and signed.

When a rouge application, malware, or an unauthorized user make changes in the system registry, adds files to the hard drive, or modifies critical files in system directories, the endpoint client detects these changes and adds them to a behavior profile. If the behavior is deemed to be malicious, Triumfant flags it as a rouge application and gathers the related system events and changes up into a single, coherent event and prepares them for reversal in remediation. No white- or black-listing is used in this technique, meaning that the server does not need to be constantly updated with new profiles or lists, other than Microsoft windows update signatures, which are used to help determine the patch status of a machine.

Remediation:

Once an undesirable change or application has been discovered, and cataloged, it is presented to an administrator via the Triumfant web interface. The web interface is a highly customisable AJAX application that allows for the creation of new views, reports with charts and graphics, users with different groups and permissions, and the ability to remediate issues with only a few simple clicks.

Simply click on the problem, then click on the remediation button in the left-hand corner. The remediation will be performed automatically by the tool, then put into the list of remediated issues automatically. If for some reason the remediation cant be performed, then it is placed in the “unsuccessful remediation” category.  Unsuccessful remediations are not commonplace.  Even if important system files are deleted or corrupted, computers in the same group are able to copy files for other group members to use, provided that the hash values matched before corruption or deletion.

Taking it further:

Triumfant has extrapolated on their heuristic detection and automatic remedition because the scanning technology behind it can do so much more. Triumfant scans over 3000 parameters for use in their tool, and it collects this data inside of a large, highly-opimised database, allowing it to be easily used for other applications, such as compliance testing.

Inside of the Triumfant server tool, administrators can import SCAP files to use as templates in compliance testing. Once Triumfant has scanned it’s member computers and determined that they are outside of compliance, the template will be used to build remediations against whatever parameters are out of alignment with the SCAP specifications.

Triumfant can also take the data from its database and insert it into a variety of third-party applications with which it has integration, including ePO and the Remedy ticketing system for high cohesion with existing software. Triumfant has custom-built integration for custom ticketing and tracking systems as well.

Past and Present:

Due to the problems associated with heuristic detection, most CCM software has not seen deep market penetration. Triumfant’s tool has been around for some time, having been fire tested at the pentagon for almost 4 years now, while the company has been around since 2002.

In the next few months, Triumfant will be debuting an updated version of their tool that is able to perform all of it’s functions on Macs as well as Windows computers. By the end of the year a Unix or Unix-variant (Linux, BSD, Solaris) should be out, followed by smartphone variations.

Tools such as Triumfant may very well become the future of computer security configuration management over the next few years. Tools like those provided by Triumfant offer ease of use without sacrificing security, bringing thousand-system compliance requirements into the reach of even small IT security departments. It’s ability to remediate nasty infections (like rootkits) give it a leg up on many anti-virus vendors which must release signatures, patches, and fixes and which will forever lag behind heuristic detection technology.

You may also like -

Yesterday's Security Doesn't Work for Today's ThreatsThe Evolving Enterprise Threat EnvironmentInvincea and Triumfant: two firms filling important roles in enterprise ITSome Context on Malware in the EnterpriseMobile Apps Can Have Strategic Impact: If Mobile Risk Can Be ManagedYesterday’s Security Doesn’t Work for Today’s ThreatsCrucialPointLLCTriumfant: A New Approach to IT SecurityCrucialPointLLCGranola: Disruptive Technology without the DisruptionBob GourleyRegister for 16 Dec webinar on what the CIO and CTO need to know about develo ...CrucialPointLLCSpecial Summary: Enterprise security storiesCrucialPointLLC