Crime Still Pays - Show Notes

 This show airs on Thursday, May 21 @ 10 AM PST.  Register Now!

 Check out the preview:


 One of the first things you may notice about this show is that we did it 100% at the RSA conference...that is new for us and I was initially concerned about our ability to deliver the detail we would normally. It was certainly different, I could not always hear, Jimmy Ray and I juggle a bit physically with guests on the stage - but I really liked that JR could work with the plasma and physically walk us through what he was speaking to.  It really makes me want to push harder on how we can improve our whiteboarding technology on the show.  I think Valerie St. John did an outstanding job with her usual 'classing up.'

Don't miss Jimmy Ray's Hands on Security Workshop Schedule for June 4

Here is how we break this one down -

  • Segment 1 – Is Morality limiting your Profit Potential?  Our segment 1 guest is no stranger to TechWiseTV, Patrick Peterson has been on with us before and he has not only the busienss saavy but also the technical smarts.  He joined Cisco via IronPort and has since continued to not only move up but not lose his street cred as a security researcher. 
  • Segment 2 – The Architectural Approach to Modern Security Issues - SAFE v2 came out at RSA. JR and I had gotten some sneak peaks at it.  The docs and the methodology are as strong as they have ever been.  If you have not used these free reference materials then you are missing out.  This is a very unique item that Cisco does, its free, but its value is very high - especially for security folks who either understand the importance of the network or are looking to.
  • Segment 3 – Polymorphism and the failure of URL Filtering. Kevin Kennedy from IronPort works with the WSA - Web Security Appliance.  He does a great job here with the invisible and dangerous aspects of how a web page really works.  Perfectly normal and respected web pages can be infected and ready to leverage a vulnterability on your machine - they are hidden due to the lesser known fact that modern web pages are more of a 'recipie' than anything else. (remember the issues?) Web pages are made of a great many objects that are pulling content from other places and simpy assembling it on our behalf.  This is largely why URL filtering is a challenge in this but also why it CANNOT be confused with the value of IronPorts reputation analysis and filtering.
  • Segment 4 – Is the Firewall Dead? Jimmy Ray gets pretty fired up here not only talking about the modern role for firewall technology (new botnet capabilities on the ASA) but the proper view and use of IDS/IPS in today's bot challenged network.  (Jimmy Ray wrote a blog entry on this - How to Keep IDS from Sucking)

Jimmy Ray did a nice job writing summaries of his adventures each day we were at RSA -

The pace of innovation and the sheer ‘professionalism’ of the modern criminal enterprise is as fascinating as it is shocking. The ‘no news is good news’ mantra of years past should now be deemed a dangerous proposition. The profit potential enabled by the Internet has fueled a dangerous marriage of geek smarts and business savvy that has entrepreneurial criminals building massive shadowy empires.
Join us as we:
• Welcome fellow geek Pat Peterson, Cisco Fellow, IronPort Technology Director and Security Researcher
• Expose the clues that help unravel the ‘system’ in place as we hunt down the command and control architecture.
• Disassemble the technical genius behind the ‘Spy vs. Spy’ nature of the highly effective Conficker Bot and what it tells us about the future.
• Demonstrate the latest techniques being used by criminal bot herders to maximize profit and evade detection.
• Illustrate the latest architectural approaches to your network security with a new version of the popular SAFE methodology.
• Welcome a special guest from Cisco’s Security Intelligence group as we dive into the ‘Wisdom of Crowds’ for dealing effectively with today’s polymorphic attacks.
• Reveal the latest integration of IronPorts ‘reputation’ filters for expanding the power of traditional security tools.
• Pay some bills and dive into the latest marriage of traditional URL filtering, reputation filtering and malware filtering all in a simple appliance form factor as we get hands on with the IronPort S-Series.
• Show you how hackers are using your own XML code against you.
• Determine if hackers are heckling your firewall.



Original Episode Description
The always-evolving security landscape represents a continuous challenge to organizations. The fast proliferation of botnets, the increasing sophistication of network attacks, the alarming growth of Internet based organized crime and espionage, identity and data theft, more innovated insider attacks, emerging new forms of threats on mobile systems, are examples of the diversity and complexity of the real threats that shape today’s security landscape.

As a key enabler of the business activity, networks need to be designed and implemented with security in mind to ensure the confidentiality, integrity and availability of data and system resources supporting the key business functions. Cisco’s new security architecture provides the design and implementation guidelines for building secure and reliable network infrastructures that prove to be resilient to both well-known and new forms of attacks.
Nowadays, achieving the appropriate levels of security is not longer a matter of deploying point products confined to the network perimeters. Today, the complexity and sophistication of threats mandate system-wide intelligence and collaboration. To that end, Cisco’s new architecture takes a defense-in-depth approach, where multiple layers of protection are strategically located throughout the network, but under an unified strategy. Event and posture information is shared across safeguards for greater visibility, and response actions are coordinated under a common control strategy.
The architecture uses modular designs that accelerate deployment and that facilitate the implementation of new solutions and technologies as business needs evolve. This modularity extends the useful life of existing equipment, protecting previous capital investments. At the same time, the designs incorporate a set of tools to facilitate day-to-day operations, reducing overall operational expenditures.
Cisco’s architecture leverages the Cisco Security Framework, a common framework that drives the selection of products and capabilities that maximize the principals of security, visibility and control. Also used by Cisco’s lifecycle services, the framework facilitates the integration of Cisco’s rich portfolio of security services designed to support the entire solution lifecycle.

Pictures from the Show/Conference