[metaslider id=2951] … Read More
Archives for January 2015
Are SIEM’s Enough?
If you are like most companies today, you have followed all the steps to ensure compliance with the myriad of regulations – SOX, PCI DSS, HIPAA, to name a few: Firewall in place, AntiVirus Deployed, Network Segmented, IDS/IPS, with the logs being sent to an SIEM/SIM/SEM. You are capturing event data from systems (Windows, Linux, Applications, etc) and sending that information as well. Reports have been created, and alerts setup for any unusual behaviour. So why according to Verizon Data Breach Report are the number of incidents/breaches climbing every year. In addition, according to the 2014 Cyberthreat Defense Report, by the CyberEdge Group, 60% of respondents were affected by a successful cyberattack in 2013.
Reviewing logs (10 years ago) was the best way to see what was occurring on your network, and for the most part were extremely successful, a jump in activity on a device indicated a form of malware/trojan/virus. So what has changed?
- Increased sophistication of threats.
- Proliferation of devices and applications
- Rise of Social Media
- Inadequate Data Collection
- Data overload
- Over normalization
- Siloed information and processes.
Organizations are collecting data from a variety of data sources, or trying to, and then create complex queries to generate reports. The problem lies in the fact that you are collecting log data for a compliance regulation,not necessarily for security. Being compliant does not equate to being secured. Log Management truly assist with forensics – after the breach – but most do not assist with predicting or providing Security Analytics. In order to have security intelligence and therefore have anomaly detection, you need historical data to create a more effective baseline of average activity by either the user or the computer (asset), and for most SIEM/SEM/SIM’s the more data collected, the slower they will perform. By utilizing a Data Analytics platform, to augment your SIEM/SEM/SIM, additional alerts can be generated on activity that deviates by specific thresholds, and can be investigated immediately. Allowing a machine to “learn” the habits of the organization will eliminate human error. Have a look at the whitepaper by our partner Hexis Cyber Solutions – Why SIEM’s Are Not Enough,or review the HawkEye AP .
Contact us for web demonstration of the product.
Gartner Positions Sophos EndPoint in Leaders Quadrant
Looking for new Endpoint Security – Gartner positions Sophos in the “Leaders” Quadrant of the Magic Quadrant for Endpoint Protection Platforms. Evalution Based on Completeness of Vision and Ability to Execute
OXFORD, UNITED KINGDOM — (Marketwired) — 01/19/15 — Sophos today announced it has been positioned by Gartner, Inc., in the “Leaders” quadrant of Gartner’s “Magic Quadrant for Endpoint Protection Platforms” for the eighth consecutive year.(1)
Gartner identifies four primary stages in the security lifecycle: setting policy, prevention, detection and remediation, and evaluated EPP vendors based on whether the features their solutions offer address these four stages.
According to the report, “The rise of the targeted attack is shredding what is left of the anti-malware market’s stubborn commitment to reactive protection techniques. Improving the malware signature distribution system or adapting behavior detection to account for the latest attack styles will not improve the effectiveness rates against targeted attacks…to be successful going forward, EPP solutions must be more proactive and focus on the entire security life cycle.”
Sophos believes the company’s Project Galileo product strategy of integrating innovative next generation enduser, server and network protection technologies will further its leadership in this market. The combination will enable complete, simple-to-manage security that works effectively as a system, in contrast to the complex, disjointed layers of protection so many businesses wrestle with today.
“We’re continuing to build on our reputation for producing effective, simple-to-use security solutions by introducing next-generation technology that protects customers even better,” said Dan Schiappa, SVP and GM of the Sophos Enduser Security Group. “We believe Gartner’s continued placement of Sophos in the Leaders quadrant for Endpoint Protection Platforms is validation of our innovative strategy and our ability to deliver on that strategy.”
Sophos continues to innovate on the endpoint and, more broadly, in protection of the entire enduser, across devices and platforms. The company will soon be launching Next-Generation Enduser Protection aimed at defending customers from sophisticated threats such as Vawtrak, an effective and widespread botnet recently profiled by SophosLabs.
“Next-Generation Enduser Protection is where the industry needs to head,” adds Schiappa, “and Sophos is one of a very few companies worldwide that have the breadth of solutions and the depth of knowledge and expertise to be able to drive this massive and necessary evolution in our industry.”
Contact us for more information
NetBeat Nac select as Readers Trust Finalist in Best NAC Solution
Tuesday, January 20, 2015
HANOVER, Md., January 20, 2015– Hexis Cyber Solutions (Hexis), a wholly-owned subsidiary of The KEYW Holding Corporation (NASDAQ: KEYW), and a provider of advanced cybersecurity solutions for commercial companies and government agencies, has been selected as a Readers Trust Award finalist in the Best NAC Solution category for the SC Awards 2015. To become a finalist, NetBeat NAC was selected by a panel representing the readership of SC Magazine as one of the best-in-class security products and services. The winner will be announced at the SC Awards 2015 ceremony to be held on April 21, 2015 in San Francisco.
“From Home Depot to JP Morgan to Sony, cyber attackers showed new levels of sophistication and determination in their attacks in 2014,” said Illena Armstrong, VP, editorial, SC Magazine. “With mounting headlines, it’s more important than ever to recognize the tireless efforts of the men and women across the globe who work to combat these threats and provide cybersecurity to organizations large and small.”
The SC Awards, now in its 18th year, are the information security industry’s most prominent recognition for cybersecurity professionals, products and services. With the awards, SC Magazine recognizes the achievements of security professionals in the field, the innovations happening in the vendor and service provider communities, and the vigilant work of government, commercial and nonprofit entities.
“We are honored to be recognized by SC Magazine’s readers as providing one of the best network access control solutions on the market,” said Chris Fedde, president, Hexis Cyber Solutions. “Our goal in creating NetBeat NAC was to offer a next-generation solution that not only provides companies comprehensive visibility and access control across their networks, but is also simple to deploy and manage while remaining cost-effective. Being selected as a finalist for this award is further proof that our solution provides companies a critical step forward in a proactive approach to better IT security.”
Vendors and service providers who offer a product and/or service for the commercial, government, educational, nonprofit or other industries are eligible for the SC Awards’ Reader Trust Award category. A panel representing a cross-section of SC Magazine’s readership from large, medium and small enterprises from all major vertical markets, selected NetBeat NAC from the hundreds of entries submitted across multiple technology categories.
“Functionality, manageability, ease of-use and scalability are hallmarks of the Readers Trust Award finalists,” said Illena Armstrong, VP, editorial, SC Magazine. “We are proud to recognize Hexis Cyber Solutions for their contributions to the cybersecurity industry and look forward to revealing the winners at the SC Awards Ceremony.”
Winners of this year’s SC Awards U.S. will be announced at a gala dinner and award ceremony to be held in San Francisco on April 21, 2015. This is one of the most anticipated IT security events of the year and promises excitement and invaluable networking opportunities with some of the top corporate IT professionals in the country.
About SC Magazine
SC Magazine provides IT security professionals with in-depth and unbiased information through timely news, comprehensive analysis, cutting-edge features, contributions from thought leaders and the best, most extensive collection of product reviews in the business. By offering a consolidated view of IT security through independent product tests and well-researched editorial content that provides the contextual backdrop for how these IT security tools will address larger demands put on businesses today, SC Magazine enables IT security pros to make the right security decisions for their companies. Besides the monthly print magazine, special Spotlight editions and daily website, the brand’s portfolio includes the SC Congress and Expo series (New York, Chicago, Toronto, London), SC Awards, SC Marketscope and SC Magazine Newswire.
Malware getting more advanced, easier to use in 2015
Reports of breaches at private companies and federal agencies piled up throughout 2014. While security officials scramble to shore up defenses and shorten response time, experts say the malware threat is only going to get more sophisticated and easier to deploy in 2015.
Much of the discussion in 2014 centered on leaks from insiders, whether malicious or accidental. However, of the 10 breaches and vulnerabilities reported by federal agencies in 2014, eight were a direct result of hackers attempting to put malware on government systems.
The largest — a breach of Postal Service networks — exposed the personally identifiable information of more than 800,000 employees, including birth dates, home addresses and Social Security numbers.
In 2015, “Malware is going to become the tool of choice rather than others because it’s easy to build,” said Paul Christman, vice president of Dell’s Public Sector Software division.
“The level of sophistication for malware is going to become higher and higher and higher,” Christman said. “It’s going to become easier to construct malware out of recyclable parts that are generally available via the Internet. From that perspective, the barrier to entry for malware is going to be lower.”
In the public sphere, many of the attacks on federal networks have been attributed to state actors, with China, Russia and North Korea taking many of the headlines, along with smaller state-sponsored groups.
“We’re not in a world with two nations with fingers on the button ready to launch bombs at each other anymore,” said Rob Roy, federal chief technology officer for HP Enterprise Security Products. “We’re now in a digital world with everyone else.”
In this new reality, understanding the malware threat is about “strategic intelligence,” Roy said — knowing the actors and their motives.
The methods used in state-sponsored attacks tend to be more advanced, though the malware itself is not necessarily more sophisticated.
“The malware that comes out of China … by and large is very, very simplistic,” according to Joe Stewart, director of malware research at Dell’s information security lab, SecureWorks. “China’s approach seems to be throw a lot of basic level programmers at a problem.”
“You can either get super stealthy with something or just have enough new stuff churning that it takes a long time for anti-virus companies to catch up,” Stewart said. “That strategy of just coming up with a thousand new pieces of malware — that are all basic but are new — that works pretty well if you have enough programmers.”
While Chinese perpetrators attack en masse, other parts of the world are producing truly sophisticated intrusion methods.
“What we’re seeing is more sophisticated ways to deliver malware and hide in traffic,” Roy said.
“The quiet actors hide in the noise,” he said. A blunt, obvious attack could actually be just the tip of the spear while the more sophisticated malware “just quietly rides that traffic.”
A security manager might remediate the known intrusion and think the job is done, never realizing more sinister code was implanted during the breach.
Stewart noted while the more complicated malware attacks are just now becoming known publicly, many have been in development for five years or more.
“You can only imagine the stuff that’s being developed right now that we haven’t seen yet,” he said. “These are sophisticated groups with lots and lots of money behind them and lots and lots of expertise, they can do things that are very stealthy.”
For example, 2014 saw attacks using memory-only malware, which moves around a system executing arbitrary commands without actually writing a file to the disc.
End-memory or disc-less attack code “is almost not malware,” Stewart said, and can be very difficult to detect as there’s little — if anything — for analysts to grab onto. “Unless you have the full infection chain from beginning to end, you really can’t see what happened.”
While identifying these new attacks is hard, studying them has been problematic, as well, in part because of their rarity.
“It’s really, really hard to come by,” Stewart said. “You have to be a high-level target, you have to know you’re being targeted and you have to find that very stealthy malware.”
Once inside, hackers often use a methodical approach termed advanced persistent threat (APT).
“That’s the way sophisticated actors take down an organization,” Roy said. “A bad actor gets in and then starts siphoning information,” infecting a network piece by piece so that if one malicious code is discovered and removed, others continue working behind the scenes.
“Security is never perfect,” Roy admitted. “It’s about risk management: how to do a much better job of detecting it and shutting it down.”
Cybersecurity starts with people
While malware attacks are expected to become more advanced in 2015, so are the means for defending against them. But the first and most important is also the least technical: educating users.
Programs like continuous diagnostics and mitigation (CDM) provide security managers with a holistic view of a network, giving them the ability to spot unauthorized users and actions, presumably before extensive damage is done.
However, preventing malware from breaching a system in the first place relies on authorized users practicing proper cyber hygiene.
“Malware is only effective because of users clicking on something, doing something that they oughtn’t do,” Christman said.
Federal agencies are getting better in this regard, Christman said.
“In the federal space it’s becoming more of a consistent training effort … across all the agencies we talk to,” he said. “User education is probably going to be the hardest wheel to turn because there’s so many people but it’s also the thing that could probably bring us the biggest benefit.”
Social engineering — getting a user to give up log-in credentials through a spear-phishing email, for example — is often the first step in a malware attack.
“There are those few attacks that solely rely on social engineering and credentials. But most of the time your attackers are using tools” like malware, Stewart said. “They want more control over the network, more ability to exfiltrate data and in order to do that they really need a backdoor.”
A mix of educating users and sharing information on known threats will start to tip the scale in favor of the defenders, in Roy’s assessment.
“We’re living in an interesting time right now,” he said. “As we see the government investing in new technologies like CDM, it should be a game changer.”
But the fight will continue.
“As long as people can steal data and make use of it, [the use of malware] is going to continue to increase,” said Kevin Kelly, CEO of LGS Innovations.
Financial institutions will face increased scrutiny of their cybersecurity practices in 2015
From our Partner Hexis Cyber Solutions
In 2015, financial institutions can expect to have their cybersecurity practices put to the test in every sense of the word. Bank cyberdefenses will be tested not only by the highly evolved insider and outsider threats that are constantly working to breach financial networks, but also by the regulatory exams to which the New York Department of Financial Services will subject them.
To this end, the NYDFS recently announced that its New Cybersecurity Examination Process for the banks under its jurisdiction will require all of the relevant institutions to undergo a rigorous cybersecurity exam to ensure they are at the forefront of network security, The National Law Review reported.
Turbulent 2014 leads to increased emphasis on financial institution cybersecurity
The NYDFS exam comes after a year in which several banks and financial institutions found their networks compromised by attackers looking to steal extremely sensitive financial information and intellectual property. The regulatory body imposes exams on other areas of financial and banking operations, but 2015 will be the first year where a separate exam specifically for cybersecurity is required.
The National Law Review looked at an official letter from the NYDFS and found that the examinations are designed to encourage institutions to make cybersecurity an integral part of their overall risk management strategy, rather than just a subset of IT strategy.
Results of the cybersecurity exam could be made public
It would behoove all of these institutions to take this test seriously, especially in light of the news that the Securities and Exchange Commission could make the exam results public, The Hill reported.
The implications of this should not be lost on the organizations that will be subject to the exam. If a financial institution or bank gets poor results on the cybersecurity exam and those results get published for the public to see, it could have a major impact on that organization’s ability to drive new business or even keep existing customers on board.
Financial cybersecurity could be held to a higher standard
As The Hill explained, many regulators in different agencies feel that financial institutions should be held to higher standards for cybersecurity than other private sector industries, due mainly to the sensitive nature of the information they deal with everyday.
While specific security measures have yet to be mentioned, the recent emphasis on continuous monitoring and automated threat removal among government agencies themselves could be a clue as to where financial cybersecurity is going. These measures, among others, will provide a layer of security that is otherwise missing in perimeter defense-dependent institutions that have proven highly susceptible to attacks in the past