backtop


Print 19 comment(s) - last by inperfectdarkn.. on Mar 18 at 8:12 AM


  (Source: MUNIT2K5)
Leading the transformation are security leaders like ex-McAfee chief Brett Wahlin, now Sony's CSO

Sony Corp. (TYO:6758) surprisingly has not been digitally attacked [1][2][3][4] [5][6][7] by hackers for some time now.  No, Anonymous hasn't discovered a new love for the Japanese gadget maker.  Rather, Sony has finally stepped up to the plate in terms of spending on security and encouraging innovative visions to protect its massive worldwide customer base.

In terms of customers, Sony is one of the world's few firms that can claim to have hundreds of millions of customers on platforms that it solely designs.  Only a handful of other firms -- Microsoft Corp. (MSFT), Apple, Inc. (AAPL), and Google Inc. (GOOG) share this kind of position.  Moreover, Sony -- along with Microsoft -- was an early proponent of online console gaming with its PlayStation Network.

Yet, according to a terrific interview piece by Australia's SC Magazine, in 2011 -- before the string of intrusions -- Sony's number of security-specific employees worldwide could be counted on one hand -- 4.  No, they aren't joking.

Pair an internet oriented firm with virtually no security and then mix in a hate-vendetta by Anonymous and what do you get?  It doesn't take rocket science to see why Sony became the laughingstock of the security world in 2011.

But amid the debacle the company's leadership woke up.  Their most important decision was to hire former McAfee security officer Brett Wahlin as its chief security officer.  The security games by Anonymous -- particularly their highly successful social engineering efforts -- were nothing new to Mr. Wahlin.  After all, he started his career during an eight-year stint with the U.S. military during the Cold War era.

China hackers
Sony's new security chief honed his craft battling the Russians and Chinese.
[Image Source: Asia Society]

He recalls in the interview, "You start to see a lot of similarities to the social engineering tradecraft in the Cold War... they have a discrete set of characteristics and targets and if we can begin to adapt some of the pattern recognition to a digital-based [environment]... we may be able to detect fraud more effectively."

Under Mr. Wahlin's leadership a new security operations center (SOC) has been created, in partnership with security contractor ArcSight, Inc. and hardware provider Hewlett-Packard Comp. (HPQ).  The Sony CSO hopes to emulate the successes of top security teams like the Microsoft Trustworthy Computing Group.  Among his tools are automated defenses, penetration testing, and regular code audits.

As mentioned, the results are paying off -- Sony hasn't been hacked lately.  And even when it has suffered the occasional intrusion, it's locked it down before much damage could be done.

Anonymous
Now Brett Wahlin has a new adversary -- Anonymous. [Image Source: Jason Mick/DailyTech]

Taking on the Russians with U.S. military, and later the Chinese (or "state-sponsored guys" as Mr. Wahlin ambiguously refers to them as in the piece) was hard enough, but taking on Anonymous is a brand new and potentially greater challenge.  But while Mr. Wahlin may not be able to stop every single attack, he is the face of a new era for Sony, a company that went from having four security employees to having a solid security task force, manned by some of the world's best and brightest.  As they say, necessity is the mother of invention.

Be sure to check out SC Magazine's full interview for more commentary by Mr. Wahlin and his transition from fighting Russian and Chinese spies to fighting Anonymous.

Source: SC Magazine



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

So they have 5 employees
By kingmotley on 3/12/2012 4:29:49 PM , Rating: 5
So by super serious, they added a 5th employee?




RE: So they have 5 employees
By Dug on 3/12/2012 5:00:18 PM , Rating: 5
Six employees would be super super serious.


RE: So they have 5 employees
By dsquare86 on 3/12/2012 5:19:34 PM , Rating: 2
5 employees and a rent a cop would be serious!


RE: So they have 5 employees
By GulWestfale on 3/12/2012 6:00:57 PM , Rating: 1
they should hire al gore, so he can fight the evil manbearnonymous.


RE: So they have 5 employees
By Gondor on 3/13/2012 4:07:03 AM , Rating: 5
Or Chuck Norris.


RE: So they have 5 employees
By lightfoot on 3/12/2012 7:14:43 PM , Rating: 2
Paul Blart turned Sony down because they didn't offer him a Segway and a 4-cell Maglite.


RE: So they have 5 employees
By spread on 3/12/2012 10:15:13 PM , Rating: 2
And they're super sorry, again, for leaving your customer information in plain sight for everyone to access.

And they will be super sorry when it happens next month too. Sorry. They are sorry.


RE: So they have 5 employees
By Carl I Khan on 3/15/2012 12:04:28 AM , Rating: 1
yeah they hired another genious called brett who knows jack shit and 50 of his firends all are freakin unskilled newbs worse than the lady who this dude replaced


Define "security"
By Reclaimer77 on 3/12/2012 3:49:56 PM , Rating: 2
I'm having a real hard time believing that they only had 4 security employees world wide. What criteria is applied to "security" in this context?




RE: Define "security"
By JasonMick (blog) on 3/12/2012 4:09:44 PM , Rating: 2
quote:
I'm having a real hard time believing that they only had 4 security employees world wide. What criteria is applied to "security" in this context?

I'm guessing, if SC Magazine's accounting is accurate, that Sony was heavily outsourcing its network management to outside firm(s).

I agree it sounds somewhat astounding, but it was well reported that heavy layoffs occurred in the company's in-house security and IT teams just before the first round of intrusions.


RE: Define "security"
By Chadder007 on 3/13/2012 9:53:08 AM , Rating: 2
Looks like Sony probably ended up paying more to lay them off. Outsourcing isn't the best option sometimes.


RE: Define "security"
By inperfectdarkness on 3/18/2012 8:12:32 AM , Rating: 2
I'm guessing 3 of the 4 were actually working for the legal department on ways to catch Linux users.


Human nature
By kensiko on 3/12/2012 3:37:14 PM , Rating: 2
People only react once something bad happen, they rarely act before...

Am I of the only ones that prefer to prevent instead of repairing the broken jars?




RE: Human nature
By Mitch101 on 3/12/2012 4:33:16 PM , Rating: 2
People generally only know their weaknesses once someone exposes it. All depends on the skillset of the person attempting to gain access.


LULZ!
By Rhonkar on 3/12/2012 4:12:53 PM , Rating: 2
With 'ex-McAfee chief Brett Wahlin' in charge, I give it six months, this time they'll find those naked pictures of Kaz Hirai too.




RE: LULZ!
By bebimbap on 3/13/2012 11:43:04 AM , Rating: 2
wasn't McAfee accused of wrongfully advising its customers with "scareware" to buy more McAfee products?


All this time
By qrhetoric on 3/12/2012 3:34:39 PM , Rating: 3
All this time I figured there was nothing Sony could have done to prevent the hacks. Kind of sad that it was preventable.




By derricker on 3/13/2012 11:54:33 PM , Rating: 2
What a filthy double moral standard, when they lose customer's personal data by the thousands they do nothing, now they lose these songs they pad 250mil for but obviously were worth much more than that, and now they react.




Mr Brett
By Jasric on 3/16/2012 8:30:50 AM , Rating: 2
Has anyone thought of that Mr Brett could be the head of this Anonymous gang and actually Sony are not getting attacked now because he would look real stupid otherwise.

Just a thought :).




"I mean, if you wanna break down someone's door, why don't you start with AT&T, for God sakes? They make your amazing phone unusable as a phone!" -- Jon Stewart on Apple and the iPhone














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki