It is in stealth mode no more. The company today took the wraps off at least some of its plans and revealed the closing of a $9.2 million Series A funding round that also includes investments from Ignition Partners and Lightspeed Venture Partners. Levine is joining Bromium’s board.

Its founders are Gaurav Banga, the former CTO of Phoenix Technologies; Simon Crosby, the former CTO of the Data Center and Cloud Division of Citrix; and Ian Pratt, the current chairman of Xen.org and another Citrix veteran. Both Pratt and Crosby joined Citrix after it acquired the open source virtualization company Xensource in 2007.

Bromium is turning out to be a bit of a reunion of former Xensource execs: Frank Artale, a managing director at Ignition who was also a Xensource exec, is joining Bromium’s board as well.

So what does Bromium plan to do? It won’t say, but I got a few hints from Simon Crosby, Bromium’s CTO. “The timing of this is perfect to what is going on right now with all the attacks that have been going on recently,” he said.

The attacks against EMC’s RSA security products, and also on Google’s Gmail, he says, were carried out via the client — that is, end user devices like a PC, a smartphone or a tablet. “Bromium believes that getting to a secure era in cloud computing requires securing both the client and the cloud.”

And how to get there? Again, he wouldn’t say exactly, but he did point the way: Virtualization. The technique of creating numerous “virtual” computers that run concurrently on a single physical host computer has been a fundamental development in the evolution of cloud computing. “Everyone I think knows that virtualization can help with security, but no one has really delivered an elegant solution that enhances security through the use of virtualization,” Crosby told me. “This is where I think we can strike a blow for the good guys.”

For another hint, look at Intel’s recently closed acquisition of security software concern McAfee. “Intel gets that security needs to move closer to the hardware, and we would agree with that,” Crosby said. McAfee’s CTO, George Kurtz, is on Bromium’s board.

Bromium marks the second security start-up that Andreesen Horowitz has invested in recently. The other was Silver Tail Systems. And it probably won’t be the last. As AH founder Marc Andreesen said in his appearance with Walt Mossberg and Kara Swisher at D9, he loves security. Why? “The threats keep morphing.” Indeed they do.

Later, after RSA described how it was attacked, the defense contractor Lockheed-Martin found its systems under attack. EMC admitted that its technology was breached in the Lockheed incident, and has since offered to replace the tokens of affected customers. Long a lynchpin of computer security at many companies and agencies doing sensitive work, there’s no question that the reputation of the SecurID system has been hurt.

Since the first attacks against RSA were disclosed, many of those organizations that have relied on the tokens have been trying to figure out what to do, and whether or not they can still trust them. One of those organizations was the National Security Agency, the super-secret spy agency who sets IT security policies throughout the U.S. government’s intelligence and defense establishments.

The unclassified document below is an internal advisory from the NSA’s Information Assurance Directorate concerning its recommendations. If your company is among those coping with the headaches that are arising as a result of all this, I thought at the very least it would make for interesting and hopefully useful reading. Granted, this document was issued in March, which was before RSA came clean on the details of the attack, but it may prove useful nevertheless.

NSA RSA Advisory

The company says that because its information security team detected the attack right away and took aggressive action to ward it off, its systems remain secure.

Reuters is reporting that the U.S. Department of Homeland Security and the Defense Department have offered to help Lockheed determine the extent of the attack. It’s not known as yet if any data was taken or who the attackers are. Reuters is also citing a “person with direct knowledge” saying the attackers had broken into sensitive Lockheed Martin networks, and similar networks run by other U.S. defense contractors.

While there’s no official word as yet regarding what kind of attack it was, Reuters is citing that same person as saying the attackers created duplicate SecureID devices. These are the electronic key fobs that generate a new numeric sequence every 60 seconds which are used in combination with a personal identification number to create a two-factor authentication system that is intended to keep intruders out of sensitive networks.

The tokens come from RSA, a unit of EMC, whose systems were attacked in March. In April it disclosed that it fell victim to a phishing attack.

EMC isn’t saying anything concerning the Lockheed incident, but Bloomberg News is reporting that the company is speedily replacing existing key fobs with new ones as a way of remediating the damage.

All of this is yet another example of how the Internet has gotten scary in recent years. The knowledge and capabilities to launch attacks on the systems and networks used both in sensitive military work and in the industrial systems that control the machinery required for modern life have made those networks increasingly tempting targets for people who want to have an impact.

There’s no indication as yet that the parties who carried out the attack against EMC are the same who have attacked Lockheed, but it wouldn’t be unreasonable to suspect they’re related. That would make it a fairly sophisticated, multi-phase attack. What the target may ultimately be is anyone’s guess.

It wouldn’t be the first time that a U.S. defense contractor had been attacked. In 2008, a BusinessWeek cover story profiled an attack against Booz Allen Hamilton, also carried out via phishing.

Going after the systems used by defense contractors to steal jet designs is one thing. Attacking systems like the power grid–deemed by the government to be “critical infrastructure”–is quite another. It’s the fear that these systems could come under attack just as readily as any other that keeps the government funding numerous “Cybersecurity” efforts.

You can see a little of one such facility–one that’s probably seeing action as events unfold–in the CNBC documentary “Code Wars,” which airs tonight on that network. While TV documentaries are generally not known for their ability to accurately convey the complex story that computer security often is, security professionals I know who’ve watched it have described it as “surprisingly good.” Below that is Lockheed’s full statement disclosing the attack.

BETHESDA, Md., May 28, 2011 — On Saturday, May 21, Lockheed Martin detected a significant and tenacious attack on its information systems network. The company’s information security team detected the attack almost immediately, and took aggressive actions to protect all systems and data. As a result of the swift and deliberate actions taken to protect the network and increase IT security, our systems remain secure; no customer, program or employee personal data has been compromised.

Throughout the ongoing investigation, Lockheed Martin has continued to keep the appropriate U.S. government agencies informed of our actions. The team continues to work around the clock to restore employee access to the network, while maintaining the highest level of security.

To counter the constant threats we face from adversaries around the world, we regularly take actions to increase the security of our systems and to protect our employee, customer and program data. Our policies, procedures and vigilance mitigate the cyber threats to our business, and we remain confident in the integrity of our robust, multi-layered information systems security.

Headquartered in Bethesda, Md., Lockheed Martin is a global security company that employs about 126,000 people worldwide and is principally engaged in the research, design, development, manufacture, integration and sustainment of advanced technology systems, products and services. The Corporation’s 2010 sales from continuing operations were $45.8 billion.

Remember, if you will, that RSA disclosed it was under what it described as an “extremely sophisticated attack” in March. Later in April, the EMC-owned security outfit disclosed some of the anatomy of the attack, though it didn’t say much about what information was taken.

A few days ago, Robert Cringely reported that a major U.S. defense contractor had a very bad weekend, as a network issue took down remote access, meaning that anyone who routinely worked remotely had to go instead into the nearest office. The way he tells it, the incident was followed by word that all employees using the tokens would be issued new ones and would be required to change their passwords. The tokens are used to provide two-factor authentication to the corporate network from outside the firewall that’s meant to keep outsiders out.

Obviously, word of a network disruption like this is disturbing on many levels, not the least of which is the fact that Lockheed Martin works on some of the country’s most important and most sensitive defense projects, like the F-22 and F-35 jet fighters.

EMC isn’t commenting on the incident. But Reuters is quoting Steve Winterfeld of TASC, a company spun off from Northrop Grumman, as saying RSA hasn’t provided enough details on how its network was breached, and that this has led him to consider the RSA devices as no longer secure. People are, he says, “freaked out.”

He’s likely not alone. As of 2009, there were more than 40 million people either using RSA tokens or RSA number-generating software on their smart phones.

Initially, it released no details about how the attack was carried out. Now, RSA–which is a unit of storage giant EMC–has gone into some detail concerning how its systems were breached, in a blog post by Uri Rivner, whose title is Head of New Technologies, Identity Protection and Verification. It all started with phishing emails. Over the course of two days, two groups of emails were sent to a small group of employees, none of them high profile, nor apparently especially senior. Though RSA doesn’t spell out who received them, the emails may well have gone to the human resources department or some other quiet corner of the company. The emails contained an Excel spreadsheet attachment entitled “2011 Recruitment Plans.” Naturally it was created to look just believable enough that one of the employees who received it fished it out of the spam folder to which it was initially directed and opened it. You can probably fill in most of the blanks from here.

The spreadsheet contained a Zero-day exploit that took advantage of a weakness in Adobe Flash, which has since been patched. Through that hole, attackers were able to install anything they wanted on the target machine. They chose a version of a program called Poison Ivy RAT, and in this case RAT stands for “remote administration tool,” a program that is used to control one computer from another in a different location.

Armed with remote access to the target machine, the attackers then set about gaining deeper access to RSA’s corporate network. Like a person masquerading as a real employee searching a company’s building for a set of master keys, these attackers carried out a series of attacks designed to escalate the level of access they had to the system. They gathered login credentials from the relatively low-level accounts they compromised at first, including usernames, passwords, and domain information, then went after higher-value accounts with more access.

Once that was done, they started working on the real job: Finding the data they wanted to steal, and then extracting it from RSA’s systems. They gathered what they wanted, collected it in a “staging area,” compressed it, and then downloaded via FTP.

Still unexplained at this point: What information was taken, and does it in any way affect the integrity of its own security products? When the attack was first disclosed, the company said that some information about its SecureID products was taken by the attackers. This has led to a lot of questions and speculation by security pros who naturally have to think about the worst-case scenario, and frankly, there are many for which the adjective “worst” would apply.

The big looming question is whether or not the attacker gained access to the seeds–the random keys embedded in each token–that are used to generate the constantly changing numeric codes that appear on the device’s display. For instance, in one scenario described by David Scheutz of the Intrepidus Group, the attackers might have found a list of seeds and token serial numbers. Once you have the serial number of an individual token, you can then create your own token that would allow you to impersonate that user on whatever systems they use.

That scenario, which is only one of four on Scheutz’s list, is potentially pretty scary. As of 2009, some 40 million RSA tokens were in use securing networks at companies large and small and at numerous government agencies. And aside from the hardware tokens, software that mimics them runs on some 250 million smart phones.

When it first revealed the attack, RSA said it was “confident that the information extracted does not enable a successful direct attack on any of our RSA SecurID customers,” though it did say it thought the information taken would make attack easier. Hopefully RSA has more to say about all this in the coming days.

Separately, EMC said today it has acquired privately held NetWitness, which specializes in network security analysis. NetWitness provides “precise and pervasive network visibility” which gives companies the ability to detect and cope with “advanced threats” while automating the investigation process. NetWitness will operate within RSA. Financial terms have not been disclosed, but judging by the description of this attack, it seems like a timely acquisition.

Coviello didn’t disclose many details about the attack, but said the attackers were able to extract some information about the company’s SecurID products. The backbone of the SecurID system is the keychain-sized tokens like the one pictured that generate a new number every 30 seconds or so, and used to log in to computer networks and other systems. The tokens and software that generates numbers in the same way on smart phones are widely used by corporations and governments to keep attackers out. As of 2009, RSA estimated that 40 million people used the tokens and another 250 million used RSA software on their smart phones.

Coviello said that so far it doesn’t look like the SecurID system has been compromised. But the information taken by the attackers could make an attack that would compromise it somewhat easier. “While at this time we are confident that the information extracted does not enable a successful direct attack on any of our RSA SecurID customers, this information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack,” he wrote. “We are very actively communicating this situation to RSA customers and providing immediate steps for them to take to strengthen their SecurID implementations.”

RSA has classified the attack as an “Advanced Persistent Threat” which in security industry parlance means it’s sophisticated enough that it may require the resources of a nation state to carry out, though the phrase is often met with mild derision by security professionals. As one put it, APT is another way of saying “not attacked by a script kiddie.”

It remains to be seen exactly how significant this incident will prove to be over the long term. As one security expert put it to me, if algorithm used to generate the numbers displayed by the token is compromised in any way, confidence in the SecurID system will plummet, and the cost to RSA and EMC could be serious. Not only will there be the cost to replace all those tokens, but work will have to be done to change the software algorithm used to generate the numbers. Neither will be inconsequential. EMC shares finished the day up 25 cents or nearly 1 percent, but are falling slightly in after-hours trading as the news about this attack has come to light.

Mr. Schmidt argued that the National Strategy for Trusted Identities in Cyberspace (or NSTIC) is meant to serve as a catalyst for the private sector to adopt however it sees fit, and will “balance privacy, anonymity and security.”

In a nutshell, NSTIC would be a way for individuals to sign onto Websites that adopt the voluntary federal program. Initially, the thinking goes, the program would be used by federal agencies to allow individuals to check things like electronic medical records held in government databases, but once proven and accepted, would be adopted by private organizations like banks and other commerce sites to ensure greater security for normal transactions.

Bruce Schneier, the head of cybersecurity for British Telecom, was generally supportive of the program, but also had a word of warning for Mr. Schmidt: “I really think this is something the government can’t control, and if it starts controlling it, everyone would freak.”

Read the rest of this post on the original site

As a company, and as individuals, Microsoft (MSFT) really does value honesty and openness. Consider this: In a presentation yesterday at RSA 2008 in San Francisco, David Cross, a product unit manager at Microsoft, explained the design concept behind the User Account Control in Windows Vista in the following very honest, very open way:

The reason we put UAC into the platform was to annoy users. I’m serious.”

A true credit to the company, that Cross.

If that truly is the reason for UAC’s inclusion in Vista, it’s served its purpose well.