A couple of weeks ago I had the pleasure of attending HP ArcSight Protect ’11, hosted by HP Enterprise Security: ArcSight, Fortify and TippingPoint. This wasn’t my first time attending this show, and as usual, I was very impressed by the global customer conference. For those of you who didn’t get to attend, I have finally sat down and pulled together some thoughts to share.
The Big news from the show was that HP’s Enterprise Security Products (ESP) division will formally launchon Nov 1st, 2011. This division will include products from ArcSight, TippingPoint, Fortify and Viistorm (the UK-based security company that will act as the global security services arm).
I also really enjoyed HP EVP Tom Reilly’s visionary keynote message as it was right on target with the ID Intelligence theme that I dedicate a lot of focus to on a regular basis. The keynote emphasized ArcSight’s new acronym Security Information Risk Management (“SIRM”) (remember ETRM?) and also touched on major industry news and trends such as:
- The APT & Stuxnet Reality: Assume that you’ve already been hacked; adopt a prioritized, Risk-based InfoSec approach
- “Well-Funded Adversaries” = Nation States and Organized Crime are highly sophisticated
- “We all struggle with ‘BYOD’ (Bring Your Own Device) to Work” = Mobility Security Challenges
- The Cloud, Virtual Environments and Mobility provide new ‘attack surfaces’
If you’d like to learn more about Reilly’s keynote click here to see his video interview:
In other ArcSight news, their technology ecosystem partners are being strongly encouraged to implement “closed loop response actions” that will allow real-time remediation activity from directly within the SOC & the ArcSight ESM™ platform to complementary third party security solutions.
Finally, based on Cyber-Ark’s alliance with HP ArcSight, we were privileged to have had the opportunity to present a customer case study at the event. To top that, we were also invited to be the subjects of a video interview by SC Magazine on the topic of, you guessed it, ‘Privileged Identity Intelligence.’ Check out the link to the video and let us know what you think. You can expect to hear more from us on this topic moving forward.
Have any ArcSight highlights of your own? Share them here!
As we work to shake off the post-Labor Day blues, consider this week’s top security stories to get you re-acclimated to the risks around you….from Britons having to look over their shoulder (online!) and cyber crime at a Bikini Bar, to a new market for the The Cyber Club….let’s get schooled!
Britons Safer on the Street than Online: Results from the Norton Cyber Crime Report found that Britons are three times more likely to suffer online crime than they are street crime. The global survey of approximately 20,000 people found that more than half of the UK population (51 per cent) has been affected by some kind of cyber crime. Additionally, the survey found the top three online threats were viruses (38 per cent), credit card scams (10 per cent) and social networking fraud (six per cent). Check your anti-virus software people!
Grab Your Cover-Up: Bikinis Sports Bar & Grill is an unlikely spot for a cyber security shake-down. So, we suppose you have to give David Palmer (no, not the idealistic president from 24) some credit for selecting a, um, “colorful” backdrop for his crime. Among the charges he was convicted on, the disgruntled IT administrator decided to strike back at his former employer by breaking into the company’s systems and deleting payroll files for one of its customers. Palmer will be sentenced in November.
This Isn’t a Job for The Club: If you still think a steering wheel lock can protect your car, think again. With a new report from McAfee showing that carhacking will replace carjacking as criminals’ attack method of choice, maybe there’s a market for The Cyber Club? As demonstrated at Black Hat this year, it IS possible to gain remote access to a car by hacking its electronics system. This report shares interesting data about the link between the increasing lines of code necessary to run advanced car features, and the exponential attack vectors that this creates. Those bells and whistles may soon carry a very large price tag—and one that’s not on the sticker: theft insurance.
That’s our “back to school” recap for this week. What else would you add to the list?
Our Q&A with SysAdmin Appreciation Day Twitter Contest Winner: Thomas Deliduka of the Columbus Museum of Art (Ohio)
As readers of our blog know, we recently crowned Thomas Deliduka as this year’s winner of Cyber-Ark’s SysAdmin Appreciation Day Twitter contest. Thomas beat out several other participants in a competitive contest by impressing the judges with his efficient and error-free Microsoft Exchange rollout for 100+ users. But since there’s only so much you can learn in 140 characters (or less) we thought it would be valuable to learn more about his “winning” achievement. Without further ado, here’s our Q&A with Thomas—we hope this not only shines some more light on the merits of his winning submission, but also provides some great insight for other SysAdmins out there who just may find themselves in a similar situation!
Cyber-Ark: Thomas, in addition to your new title as “SysAdmin Appreciation Day Twitter Contest Winner,” could you tell us a bit about your day job?
Thomas: I am the Director of Information Technology at the Columbus Museum of Art in Columbus, Ohio. It is probably the best job I have ever had, I get all the hands-on experience but also the responsibility of a department head.
Cyber-Ark: Although there were many great submissions and it was a tough decision for the judges, your Tweet/achievement immediately resonated with the judges and they were unanimously impressed. Can you tell us a little bit more about how you first approached the rollout?
Thomas: Once I was assigned the project in late 2010, I began researching what I actually needed to do to upgrade Exchange. At first, I just bookmarked some posts and then left it alone—it wasn’t until February when I purchased two new servers and realized I needed to start getting to work. Another resource that was helpful was this amazing blog post, which I’m not sure I could find anymore, that outlined how to run Exchange in legacy mode and then slowly move people over.
Cyber-Ark: And then the fun began?
Thomas: I got the first server OS installed and named it “xxxxxxx-01″ because it was going to be the first server. However, then I read further and find out I needed to install the CAS server first. In my mind, the CAS server should be server 2, so before I went too much further, I renamed the server and started installing the operating system on server 1.
I got the CAS server online the first day and it immediately integrated it with my 2003 environment—including allowing for the ActiveSync calls to come first to the Exchange 2010 server and then get routed to the 2003 server through the “legacy” DNS entry.
That was almost seamless, I was so surprised. None of my phone users noticed any changes at all.
On the second day, I finished the Mailbox server—I couldn’t wait to convert my own mailbox because I always experiment on myself. So, I finished that, and again, ActiveSync connected just fine on my Android device and kept on humming.
Cyber-Ark: Once you had tested the migration on your own accounts, how did you approach the other users?
Thomas: Right away I started moving people who I knew were on vacation and out of the office—just about 10 mailboxes or so. I found that by bringing up Outlook after the migration of the mailbox, the system automatically updated to the new Exchange Server. That was surprising, but welcome, since I knew I wouldn’t have to visit every single user!
After that, it was smooth sailing. I told people to expect a mailbox migration over the new few days and that they shouldn’t notice any changes. I connected via VPN at night over the next few days and converted about 20 or 30 mailboxes at a time. The final group to convert was the Mac Users—we were using Microsoft Entourage 2008 on about five computers. When we needed to migrate their mailboxes, Entourage would no longer work so I had to install the updated Office 2011 before migrating their mailboxes, then immediately convert and connect so they would see no downtime.
That was fine for four of the users, but there was one who decided he simply couldn’t have me messing with his computer for at least another four days. So, I migrated his mailbox and taught him how to use the new Webmail with Exchange 2010.
The day I migrated the last mailbox, I went ahead and separated the 2003 server and shut it down! From start to finish it was a little less than two weeks but it’s easier to say two weeks.
Cyber-Ark: Any additional information you learned from all this?
Thomas: One issue you could say I had was that Microsoft doesn’t allow Domain Admins to sync e-mail through ActiveSync. There is an inherent value within Active Directory that when it is not set–ActiveSync doesn’t work. As a Domain Admin, it’s automatically turned off. This experience forced me to do the proper “best practice” of removing myself as a domain admin and using another account for super-user operations. I don’t really count this as a problem because it only affected me. I hope that doesn’t disqualify me!
Cyber-Ark: Absolutely not. Congrats again on a smooth and successful migration! Any parting words?
Thomas: I have to hand it to Microsoft, they really did make it easy. We haven’t had any routing issues, in fact mail-flow is much better. Smart phones work just fine, everything is amazing.
If you’d like to reach Thomas to congratulate him—or to learn more about his story—feel free to contact him on your preferred social network:
Today, July 29, 2011, marked another excellent SysAdmin Appreciation Day and the Cyber-Ark team is thrilled to have played a role in recognizing the efforts of these IT rock stars. As you know, on Monday, we kicked off our 2nd Annual System Administrator Appreciation Day Contest by asking participants to answer this simple question over Twitter: “What is your greatest enterprise IT accomplishment in the past year?”
As the responses rolled in, our esteemed judges, Standalone SysAdmin’s Matt Simmons, Cyber-Ark’s Bill Pesiridis, and the NubbyAdmin’s Wesley David, analyzed their merits and began to formulate their thoughts on who should be crowned the “winner.” While the judges determined that there were some truly exceptional responses, and that all of the achievements deserved recognition (more on that later), one stood out from the pack.
Without further ado, on behalf of our judges, we would like to formally declare Thomas Deliduka, aka @Tomnibus, as this year’s winner! Here’s the winning Tweet:
@tomnibus “@CyberArk Greatest Accomplishment: upgraded Exchange 2003->2010 on my own for 100+ users, two weeks start to finish, no hiccups #SysAdminDay”
The judges agreed that this was a significant achievement. For Wesley, Thomas’s response marked a serious accomplishment. An Exchange 2003-2010 rollout is no easy task, you can read more about that type of migration here, and he was impressed with the speed and efficiency. For Matt—the complexity of this type of project stood out from the pack. Bill concurred—he’s actually tackled the project himself and agrees that it is a daunting task. E-mail is a critical application for the end-user, and it can be very difficult to find the downtime to pull this migration off.
So there you have it once again—congrats Thomas! You’ll be hearing more from @Cyberark as you are soon to be the proud recipient of our grand prize—an Amazon Kindle.
But wait, there’s more. Wesley, Matt and Bill would like to recognize the efforts of the other participants who they deemed “honorable mentions”, as this was a very close competition. Check back next week for a new blog post that details their thought process when selecting the winner and these “finalists”—and stay tuned, especially, if you were a participant. We’ll be reaching out to you to learn more about your achievements. After all, in Matt’s words, while Thomas’ achievement was very impressive, “we could select any of these responses justifiably.” So great job participants—in true recognition of SysAdminDay, you provided us with some excellent insights into the great work you do on a daily basis. You truly deserve even more than just a day of celebration!