Come See Mike Walker Speak on the EA Industry Expert Panel and Present at the Troux Conference 2013

Troux WWC 2013

The Troux Worldwide Conference is returning to Austin, Texas on March 19-20, 2013. If you are a Troux customer, partner, or actively involved in Enterprise Architecture (EA) or Enterprise Portfolio Management (EPM), this is your opportunity to enjoy peer networking and joint learning with a focus on delivering rapid results with Troux EPM solutions.

Mike Walker Troux Conference

I'm flattered and feel very fortunate to be invited back to speak on the EA Industry Expert Panel for a third year in a row! This is certainly an honor and I thank Troux for the opportunity to be invited back to this exclusive event each year. I especially am humbled to be surrounded by a great line up of speakers and EA practitioners. 

It should be a great event!

If there are folks that are the conference or in the Austin area that want to meet up to discuss EA please let me know either through the comments on this post or through Twitter. 

 You can see me in two sessions:

  1. Presentation - Highly Impactful EA Organizations Make Value Driven Decisions
  2. EA Industry Expert Panel - Success in the Connected Enterprise
 
Below I have provided the descriptions of each:

Highly Impactful EA Organizations Make Value Driven Decisions
Enterprise Architects are faced with a rapidly changing business climate, competitive pressures and a shifting technology landscape that is forcing the enterprise to evolve. With this acceleration of change in the market it requires faster decisions that are well informed to maximize value. Enterprise Architects are at the tip of the spear to enable this change but need the tools.

In this session I will explore one of the proven practices that I have found from highly impactful Enterprise Architecture (EA) organizations, namely enterprise portfolios. Enterprise portfolios extend past the traditional project and program discipline to cover all aspects of the enterprise. Moving from disconnected, static and context-less pieces of data to a governed portfolio of enterprise knowledge that can maximize value and mitigate risk to our businesses.

Success in the Connected Enterprise

Success in the connected enterprise requires that executives understand the cause-effect relationships that exist across their organization. They must know what can and should change, when to change it, and where to take risks, all while avoiding unintended consequences. Transforming people, product and processes is difficult, but it is even harder without having access to detailed and reliable knowledge about how the parts of their organizations fit together, operate and evolve. In this session our panelists will share their personal insights, and answer your questions, on how they use various portfolio concepts to navigate and guide critical decision-making in their organizations

Red October Botnet Hides Calls to Control Server

MrRich

While working on the release of the latest version of the McAfee Network Security Platform, which offers advanced malware and botnet protection, we tested a sample of the malware Red October. With the help of our in-house advanced botnet analysis framework, we analyzed the network traffic generated by this sample and tracked its communications with the botnet control server.

Today, most malware uses cryptography in its communications to evade detection from network-monitoring appliance such as intrusion detection and prevention systems. The cryptography makes it very challenging to find the messages’ structure. The is the case with Red October, which collects infected machine information such as volume drive serial number, Internet Explorer product key, available MAC IDs, etc. and encrypts those messages with an SHA1-like algorithm and sends them to its control server. We find it useful to know the exact structure of the encrypted network communication because it also reveals what kind of data the malware steals and how it is encrypted.

Red October uses various layers of packers and obfuscation techniques to execute its final code. One of interesting bit of the code tells us how it triggers a function that sends user data to the control server after encryption.

The code uses the SetTimer API to execute the TimeProc function after 15 minutes.

1.SetTimer

 

We find the code for its cryptic stuff here:

red_october_traffic

 

And finally it sends to the control server:

red_october traffic2

 

 

 

 

 

 

 

 

 

In response, the control server sends encrypted commands to the infected machine. This command data is parsed accordingly:

parsing C&C commands

 

McAfee customers are well protected with our UDS-BOT signature, which is now integrated with the Network Security Platform.