This month a major retailer confirmed that a limited collection of their point-of-sale systems were attacked by highly sophisticated malware at a variety of their stores, resulting in a potential impact to millions of payment cards. This security breach also impacted a subsidiary store, adversely affecting hundreds of thousands more customer payment cards. Prior to this news release, other high-profile security or data breaches have prominently featured in the news, resulting in millions of stolen credit and debit cards.
Kaptoxa/BlackPOS point-of-sale (POS) malware is believed to be behind some of the biggest data breaches and thefts. This malware, staying resident in POS machine memory and monitoring memory, is believed to have stolen customer personal credit card information. Enterprises, both commercial and government, are constantly challenged by attackers exploiting unpatched or vulnerable applications, man-in-the-middle or malware attacks on centralized providers (Domain Name System [DNS] providers, highly trusted sites) and distributed denial-of-service (DDoS) attacks. Rapid and widespread adoption of social and mobile media is also contributing to the promotion of attacks and recruitment of potential attackers, leading to economic and reputation losses for enterprises. For consumers, private citizens and rest of societal community, the loss amounts to security, privacy and potential financial concerns.
IBM offers security solutions spanning hardware and software to address risks arising out of advanced threats, mobile access, cloud infrastructure and compliance issues. We have tools that can provide analysis of big data for security insights, coupled with expertise to provide customized and fit-for-purpose integrated security solutions.
At IBM Impact 2014, which takes place in Las Vegas from April 27 through May 1, 2014, we will be doing a demonstration of the new "Federal Information Processing Standard (FIPS) 140-2 for data-in-motion" feature, which has been added to IBM Worklight 6.1. Lab session 1163 is led by the feature developers from IBM Research and IBM Software Group and will focus on enabling the FIPS 140-2 capabilities in Worklight 6.1, using IBM Worklight Studio and IBM Worklight Server running on IBM WebSphere Application Server using the Liberty profile.
Figure 1: Impact 2014 lab session MMA-1163: “Using IBM Worklight to Protect Sensitive Data”
FIPS 140-2 is a US federal government computer security standard used to certify cryptographic methods on a public infrastructure, and it’s a fundamental requirement for any software purchasing decision. Many federal agencies will have FIPS 140-2 certification as a core purchasing requirement and, thus, would find this lab to be relevant and timely. Given the various security breaches noted previously, this session should also interest commercial enterprises.
In particular, lab 1163, titled “Using IBM Worklight to Protect Sensitive Data,” focuses on the following:
- How to create an IBM Worklight project using the IBM Worklight Studio plug-in for Eclipse
- How to enable the FIPS 140-2 encryption feature in an IBM Worklight project
- How to properly configure and use the JSONStore feature for FIPS 140-2 local data encryption
- How to securely communicate with a server from an IBM Worklight client
We are looking forward to sharing with session attendees at Impact 2014 as well as learning from their rich and diverse experiences.
A malware author needs to succeed just one time to perpetrate a crime or fraud, while a security professional needs to succeed every time to protect their data. The authors of this blog post, and IBMers everywhere, wake up each day with a mission to defeat these invisible, ever-present malware authors. Are you like us? If so, please come share your skills, wisdom and approaches to protecting sensitive data at our Impact 2014 lab session!
Have any of these well publicized security or data breaches disrupted your life? Please see us at Impact 2014 or connect with us on Twitter @Bperepa.