Headline: Channel Partners – 3/10/16: Network Security Incidents High Among World’s Largest Companies

Story: A new survey of IT and security professionals reveals that 72 percent of organizations have experienced five or more network security incidents in the past 12 months.

Regardless of region or technology, IT and security administrators revealed that their networks have significant blind spots, underscoring that too many organizations deploy network security technologies in silos with little or no communication between products and teams, according to the survey.

Respondents reported low confidence in their patch-management agents (37 percent), mobile device management agents (35 percent), encryption agents (28 percent) and antivirus agents (27 percent).

Question: How does the industry overall, if government and enterprise can’t fully help themselves (I’ve even had conversations with employees about this), approach security as a benefit to the end user?

What capabilities do manufacturers, integrators and consultants at this time have to truly bring the proper knowledge and education to the corporate and government space where AV/IT and even IoT security is concerned? It’s always been about on-premise security — this now represents a whole new industry turn.

So we had a scenario with the device backdoor “1MB@tMaN” username situation that has in essence been blown to kingdom come. I wrote a blog, along with the many others who blogged and podcasted about it in the industry, though I will claim that my writing was from the absolute beginning of the reveal by Forbes where I saw it pop up on the writer’s Twitter site…

Researchers warn of Batman and Black Widow backdoors in kit provided by AMX, supplier to White House, military… https://t.co/xtPdhtJZNb

— Thomas Fox-Brewster (@iblametom) January 21, 2016

…and a full examination of the situation throughout the week, concerning this being as much about sensationalism with a measure of factual data and information when I finally did publish the blog “Baffling” Backdoor Cyber-Talks. Oh and his lead reference to the the Juniper backdoors incident being in any way comparative to this one was just — wrong.

In fact in a later update to the article this statement appeared:

A spokesperson from Harman confirmed the backdoors had been removed but said they were benign and not “hidden.” They added: “First, ‘Black widow’ as an internal name for a legacy diagnostic and maintenance login for customer support of technical issues. Commonly used in legacy systems, it was not ‘hidden’ as suggested, nor did it provide access to customer information. While such a login is useful for diagnostics and maintenance, during our routine security review in the summer of 2015, we determined that it would be prudent to eliminate this feature as part of a comprehensive software update. We informed our customers and the update was deployed in December 2015.

“‘1MB@tMaN’ was an entirely different internal feature that allowed internal system devices to communicate. It was not an external login nor was it accessible from outside of the product. The ‘1MB@tMaN’ internal system device capability also was not related to nor a replacement for the ‘Black Widow’ diagnostic login. The only connection was the fact that our software update that eliminated ‘Black Widow’ also provided an update to the ‘1MB@tMaN’ internal capability that eliminated this name.

Could it be though that Thomas Fox-Brewster (whose Twitter handle as you see is @iblametom) may have intended this to be purpose-filled fuel that would eventually lead to the clamor that is still taking place in the industry? Of course there were the umpteen other articles written (Ars Technica’s for one) that fueled this charge against AMX by Harman, as well as further building this security uproar.

Here’s one though that most may not have known about — ZDNet reported in late January, in yet another AMX-related article that Cisco was forced to fix a critical vulnerability that was found in its Aironet 1800-series wireless access point devices that would effectively allow an attacker to walk in with backdoor access. It was reported in the article that according to Cisco, the flaw was due to the presence of a default user account that is created when the device is installed. Cisco said that although the account did not have have full administrative rights, it still allowed an attacker to gain unauthorized access to the device. Should we now turn our targeted attention toward Cisco, being the major industry presence that they are (even if it is videoconferencing and collaboration), or the next company that is found to have a device-based “vulnerability?”

And why is the industry getting all fired up now? I’ve been writing on cybersecurity and have attended conferences here in Washington, DC for about two and a half years now — my first blog on the subject was here on rAVe in January 2014 Cyber Security: Defending Against an Escalating IT War (I’ve written blogs in other media sources as well), in fact I wrote this passage in the blog:

While cybersecurity may not yet be a focus of the industry, with the ongoing threat to whole enterprise operations in numerous realms of business, a stronger look may be possible in the time to come.

With networked AV as well as IoT being primary topics of industry discussion, as well as primary focus at trade shows, security needs to be a prime focus among such discussions as well. Industry experts Paul Zielie, Manager Enterprise Solutions at Harman who talks and educates on networked AV and security and Toine Leerentveld, Technology Manager for Control Systems at Crestron (as well as a part of their network security team) who discusses the subject in this interview at ISE, are two who well represent that security discussion in the industry.

Want to get information from a well-known and highly reliable source in terms of cybersecurity? Brian Krebs is an American journalist and investigative reporter who is best known for his coverage of profit-seeking cybercriminals. You can read his KrebsonSecurity in depth security and information news — here are some recent articles to give you an idea of high profile security incidents as well as a product that this security expert recommends:

A California-based Internet hosting provider that specializes in protecting customers from massive “distributed denial of service” (DDoS) attacks aimed at knocking sites offline, has itself apparently been massively hacked…

Hackers Target Anti-DDoS Firm Staminus

A phishing attack of a well-known technology company…

Seagate Phish Exposes All Employee W-2s

A user-friendly and secure device (as Krebs states) where he says “hardly anyone would pick either word to describe the vast majority of wireless routers in use today.” He goes on to state that the eero system did indeed noticeably extend the range of his home WiFi network, as well as how his most recent router — an ASUS RT-N66U, a.k.a the “Dark Knight” never gave him coverage throughout their three-level home despite multiple experiments with physical placement of the device. 

Wait — The Dark Knight? Hmm, seems like Krebs likes the DC Comics approach as well…

eero: A Mesh Wi-Fi Router Built for Security

I will be talking to networking and security experts — not just in AV, but in IT and IoT as well in the months to come to get to the heart of certain discussions for the industry and end user. If you are an integration company or consultant that can fully satisfy the enterprise and government end user’s AV/IT and even IT security needs, all the added value power to you. In fact I’d like to talk to you about your approaches and methods. If not yet, look for proper resources for information and education inside and outside of the industry, and stay tuned here as well.

Reference: Channel Partners: Network Security Incidents High Among World’s Largest Companies