Symtrex Inc.

Cyber Security Specialist

Call - 866-431-8972 | Send an Email | Request a Quote
Visit Us On FacebookVisit Us On TwitterVisit Us On Linkedin

Profile

Archives for June 2014

Webinar - The CyberCriminal Ecosystems: How to stay safe in Dangerous Waters

by

Live Event

Date: June 26, 2014 at 2 PM Eastern

Speaker: Dennis Fisher,IT Security Expert at Kaspersky Lab

Today’s headlines are filled with stories about organizations victimized by cybercriminals. Sometimes, the bad guys are motivated by money. Other times they want your sensitive corporate intelligence and confidential data. Cybercrime is on the rise across all industries and company sizes. IT security professionals face an increasingly-complex battle—protecting more devices and employees against malware, phishing attacks, cyberespionage, exploitation of software vulnerabilities, and waterholing, all while staying on top of the dangers on the horizon.

In this live webinar, Kaspersky Lab security expert Dennis Fisher will provide a comprehensive overview of the latest cybercriminal methods and tips for how to keep your organization safe.

 

Register today to learn about:

Register Now

What is Two-Factor Authentication? Where Should You Use It?

by

By Brian Donohue - Kaspersky

We’ve recorded podcasts about it. We’ve discussed it at length in a number of screencasts (which I have kindly embedded below). We’ve mentioned it indirectly in countless articles. But we’ve never taken the time to dedicate an article solely to explaining what two-factor authentication is, how it works, and where you should use it.

 

What is Two-Factor Authentication?

 

Two-factor authentication is a feature offered by a number of online service providers that adds an additional layer of security to the account login process by requiring that a user provide two forms of authentication. The first form – in general – is your password. The second factor can be any number of things. Perhaps the most popular second factor of authentication is the SMS or email code. The general theory behind two-factor is that, in order to log in, you must know something and possess something. Thus, in order to access your company’s virtual private network, you might need a password and a USB stick.

 

Two-factor is no panacea to prevent account hijacks, but it’s a formidable barrier to anything that would try to compromise an account protected by it. I think it is pretty well known that passwords are severely flawed: weak ones are easy to remember and easy to guess; strong ones are hard to guess but hard to remember. Because of this, people who are already bad at creating passwords, use the same ones over and over again. Two-factor at least makes it so an attacker would have to figure out your password and have access to your second factor, which would generally mean stealing your cell phone or compromising your email account.

Read More - >

Security Week - Security is a Journey not a Destination

by

Security Week

by Marc Solomon - June 5, 2014

Organizations Need to Look at Their Security Model Holistically and Gain Continuous Protection and Visibility Along the Entire Journey…

“Life is a journey, not a destination.” Most often attributed to Ralph Waldo Emerson, today we come across that phrase all the time – in songs, books, articles, and even in TV commercials for everything from automobiles to financial services. But if we change the word “life” to “security” it could also be used to describe how we need to think about protecting our organizations against advanced cyber attacks. Let me explain.

Most security tools today focus on prevention only – access control, detection, and blocking at the point of entry – to protect systems. They scan files once at an initial point in time to determine if they are malicious. But predictably, attackers fundamentally understand the static nature of these security technologies and are innovating around their limitations to penetrate network and endpoint defenses. The latest improvements in threat detection include executing files in a sandbox for detection and analysis, the use of virtual emulation layers to obfuscate malware from users and operating systems, reputation-based application whitelisting to baseline acceptable applications from malicious ones, and, more recently, attack chain simulation and analysis detection. If the file isn’t caught or if it evolves and becomes malicious after entering the environment, point-in-time detection technologies are no longer useful in identifying the unfolding follow-on activities of the attacker.

Advanced attacks aren’t focused on what we traditionally consider to be the destination – the walls of the enterprise. They’re focused on the journey, leveraging an array of attack vectors, taking endless form factors, launching attacks over time, and obfuscating the exfiltration of data. These attacks aren’t limited to a point in time but are ongoing and require continuous scrutiny.

In order to detect advanced threats and breach activity more effectively, security methods can’t just focus on detection and prevention but must also include the ability to mitigate the impact once an attacker gets in. Organizations need to look at their security model holistically and gain continuous protection and visibility along the entire journey – from point of entry, through propagation, and post-infection remediation.

To do this we need a security model that combines big data architecture with a continuous capability to overcome the limitations of traditional point-in-time detection and response technologies. With a true continuous model, security professionals can answer key questions like:

• What was the method and point of entry?

• What systems were affected?

• What did the threat do?

• Can I stop the threat and root cause?

• How do we recover from it?

• How do we prevent it from happening again?

• Can I quickly hunt down Indicators of Compromise (IoC’s) before they impact my operation?

In this model, process-level telemetry data is continuously collected across all sources, while it is happening, and is always up to date when it is needed. Analysis can be layered to work in concert to eliminate impacts to control points and deliver advanced levels of detection over an extended period of time. Analysis is more than event enumeration and correlation; it also involves weaving telemetry data together for greater insights into what is happening across the environment. Tapping into a broader community of users, global intelligence is continuously updated and shared immediately and correlated with local data for even more informed decision making.

A continuous approach together with a big data architecture enables transformative innovation in the battle against advanced threats that target the endpoint. For example:

1. Detection that moves beyond point-in-time. A continuous approach enables detection to become more effective, efficient, and pervasive. Behavioral detection methods like sandboxing serve as inputs for continuous analysis and correlation, activity is captured as it unfolds, and intelligence is shared across detection engines and control points.

2. Monitoring that enables attack chain weaving. Retrospection, the ability to go back in time to monitor files, process, and communication against the latest intelligence, and then weave that information together to create a lineage of activity provides unprecedented insights into an attack as it happens.

3. Automated, advanced analytics that look at behaviors over time. Combining big data analytics and continuous capabilities to identify patterns and IoC’s as they emerge, enables security teams to focus their efforts on the threats that matter most.

4. Investigations that are more targeted, fast, and effective. Transforming investigation into a focused hunt for threats based on actual events and IoC’s, gives security teams a fast and effective way to understand and scope an attack.

5. Containment that is swift and surgical. With the level of visibility the continuous approach provides, security teams can identify specific root causes and shut down all points of compromise and infection gateways simultaneously to prevent lateral movement of an attacker and break the attack chain.

In this model, detection and response are no longer separate disciplines or processes but an extension of the same objective: to stop advanced threats. Going beyond traditional point-in-time methodologies, detection and response capabilities are continuous and integrated. It’s what’s required for advanced threat detection and response that’s focused on the journey, not just the destination.

Kaspersky Lab - Your Child and Social Networks

by

Your Child and Social Networks

May 30, 2014 Featured Post, Security, Tips 1 Comments

Like it or not, the means of communication our children use have changed drastically over the past decade. They are far less eager to call or meet each other, but are constantly available online in social networks. When it comes to 11 to 14-year-olds, depending on what’s hip in their environment and, to some extent, the local legislation, your son or daughter would want to register a Facebook or Vkontakte account. Yet as a parent, you are the sole bearer of the responsibility over the way your child’s online life goes.

Prohibiting never works

Some parents would save it for a ‘special day’ like ‘sweet 16’ or some other important event when allowing their child to register a social media account. This effort is futile because a teenager will do it when his peers do, not willing to become an outcast. If you impose a iron-clad ban on social networks, your child could do it secretly. You don’t want that. If you can’t fight it, then take the lead.

Read More ->

New Snare Agents - Released

by

We are pleased to announce the release of three new Enterprise Snare Agents, the Snare Agent for MAC OSX, and two browser Agents - Firefox and Chrome.

Snare for OSX allows event logs from the OSX subsystem to be collected from the operating system, and forwarded to a remote audit event collection facility after appropriate filtering. Snare for OSX operates as an ‘audit dispatcher’ application that receives the audit log data, with Snare directing auditd to generate events that will electively filter out event data that you are not interested in, formats the resulting data into something that is more suited to follow-on processing, and delivers it to one or more remote systems over the network. Snare for OSX is known to work on OSX 10.7 (Lion), OSX 10.8 (Snow Lion), OSX 10.9 (Mavericks).

When you access a web site, your Firefox browser connects to the main destination page, downloads the HTML data, and then attempts to access any additional files referenced by the page in question; these may be images, cascading style sheet files, or a range of other alternatives. Snare will log each of these access requests, and report the details of the transaction.

The Snare for Chrome agent provides a valuable audit trail of user activity, and by association, any malicious activity injected by remote sites into the users’ web requests. Data is passed to a Snare Server, or compatible application, for analysis, and includes information on the URL accessed (ie: the web page, or image, or cascading style sheet), the date/time, the length of the request, the response, and the page from which the resource was requested.

The two browser agents are provided at no cost to those that have already purchased the Snare Product Suite.