[metaslider id=2951] … Read More
Archives for May 2015
Human Error Top Data Security Issue, Says Law Firm Report
From Health IT Security – Read Full Article
It seems as if every week there is a new top data security issue for healthcare organizations to remain vigilant on. If nothing else, it further underlines why a well-rounded approach to data security is essential, and covered entities must ensure their administrative, technical, and physical safeguards are all current.
A recent report from a law firm shows why employee training and education programs are critical for all industries, including healthcare. Human error was the number one cause of data security issues,according to Baker Hostetler. The firm reviewed cases it had worked on in the last year that related to privacy and data protection, and found that employee negligence was responsible for 37 percent of reported issues. – More ->
Interesting article, however when it comes to Human Error, I believe the issue is really human nature. We can educate our employees to not click on “phishing attempts”, the problem is that some are written so well that even the most educated person will open the email. In these instances the only remediation is to incorporate security products that will detect and remediate any malware or threats to the corporate network, block any communication with a command and control as well as monitor your network for unusual behaviour.
Contact us with any questions on how we can assist.
Hexis Cyber Solutions – “Cool Vendor” by Gartner
Monday, May 4, 2015
Vendors Selected for the “Cool Vendor” report are innovative, impactful and intriguing
HANOVER, Md., May 4, 2015 –Hexis Cyber Solutions(Hexis), a wholly-owned subsidiary of The KEYW Holding Corporation (NASDAQ: KEYW), and a provider of advanced cybersecurity solutions for commercial companies and government agencies, today announced that it has been named a “Cool Vendor” in the “Cool Vendors in Security for Technology and Service Providers, 20151” report by Gartner, Inc. The report highlights innovative security technologies from vendors who are pioneering new directions and potential opportunities in the security market.
The report comes on the heels of Hexis’ recent introduction of HawkEye G 3.0, featuring ThreatSync™, an open framework for threat fusion, analytics and evidence-based detection and validation of unknown and known threats, which includes direct integration with third-party perimeter security technologies and third-party SIEMs. Both Hexis’ HawkEye G automated threat removal platform and HawkEye AP big data analytics platform are included in the report. Together, HawkEye G and HawkEye AP, along with data from an ever-expanding ecosystem of third-party security tools, enhance the data and context organizations can use to better detect, verify and remove threats at machine-speed.
“In the battle to defeat today’s increasingly sophisticated attacks, threat intelligence and automation are paramount,” said Chris Fedde, President, Hexis Cyber Solutions. “We consider our inclusion in the Cool Vendor report by Gartner confirmation of our mission to enable customers to reduce the time between perimeter breach and threat removal. We’ve continued to innovate, providing greater threat intelligence for faster, higher confidence in automating threat removal, so that even customers with constrained internal resources can protect their organizations before damage is done.”
1 Gartner “Cool Vendors in Security for Technology and Service Providers, 2015,” by Ruggero Contu, Lawrence Pingree, Eric Ahlm and Avivah Litan, April 23, 2015.
Gartner does not endorse any vendor, product or service depicted in our research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
About Hexis Cyber Solutions< br/> Hexis Cyber Solutions, Inc. is a team of cybersecurity experts delivering solutions that enable organizations to defend against and remove cyber threats at machine speeds before they do damage. Hexis’ advanced security solutions use real-time endpoint sensors, network detection, and threat analytics to provide organizations with an intelligent and automated threat detection and response solution. Hexis’ solutions deliver improved visibility into the network and endpoints, threat verification, and automated threat removal capabilities for organizations of all sizes.
Hexis Cyber Solutions, Inc. is a wholly-owned subsidiary of The KEYW Holding Corporation (KEYW), based in Hanover, Maryland with engineering offices in Columbia, Maryland and San Mateo, California. Hexis’ solutions were developed leveraging KEYW’s expertise in supporting our nation’s cybersecurity missions. For more information contact Hexis Cyber Solutions, 7740 Milestone Parkway, Suite 400, Hanover, Maryland 21076; Phone 443-733-1900; Fax 443-733-1901; Email email@example.com; or on the Web at www.hexiscyber.com.
Defend against APTs with big data security analytics
Information Security – February 2015
Without a trace: Cybersecurity incident response teams must follow the thread of security events through volumes of log data from increasingly diverse sources.
Organizations that start to address information security in a meaningful way will come to a point in their maturity when they have a lot of machine data. The challenge many CISOs face is how to leverage that data quickly and correlate events dynamically across the enterprise to track down advanced persistent threats (APTs). The Sony Pictures Entertainment hacking incident in November underscores the importance of security monitoring and rapid incident response to clamp down on damages before disaster strikes.
IT security managers cannot protect what they cannot see, and to “see” associations or patterns that can help detect APTs enterprises must have comprehensive logging in place across multiple layers within a network. The greater the visibility, the larger the machine data, and the harder it is for cybersecurity incident response teams to “follow the thread” and correlate security events with threat intelligence in a meaningful way. The answers to many security questions about fraudulent activity, user behavior, communications, security risk and capacity consumption lie within these large data sets.
Why so much logging? Most advanced adversaries gain access to a victim’s network via malware, drive-by links or Web shells. Once the initial attack phones home — malware will initiate outbound connection to C2 hosts to get around inbound firewall rules — root kits are delivered, and they quickly gain access to a user account and drive around the network as a fully credentialed user. It is difficult to lock down a Microsoft network in any meaningful way without destroying its functionality. A successful strategy to defeat this type of attack includes the following:
- Detect the malware or drive-by links before users click on them. To do this a cybersecurity incident response team has to be able to compare user behavior against threat intelligence. This requires full packet logging of all ingress and egress traffic on an enterprise’s edge.
- Detect malware or rootkit delivery to the endpoint. To do this the cybersecurity team needs verbose logging on antimalware and endpoint protection systems.
- The cybersecurity team needs to be able to analyze user behaviors and access across the entire enterprise. Security information and event management (SIEM) tools can alert you to unusual activity, such as account usage during off hours. This is only possible with comprehensive logging of Active Directory (AD) and host access events.
To read the full article – > Click here
For more information on how to defend against APT, malware or security analytics please contact us.
Employees are weak link in company cyber attacks
Mark Burnette, For The Tennessean 11:11 p.m. CDT April 29, 2015
Today’s companies face a truly daunting task when trying to protect their computer systems and sensitive data from compromise. Attackers are better coordinated and more sophisticated than ever before, and their tools are easier to obtain and use.
While there are many security issues for businesses to be concerned about (some of which are covered in other installments of this series), an all-too-common problem at companies of all sizes is attacks directed at the computer users themselves. The vulnerable users are workers in the company who have user accounts and passwords and use desktops, laptops, tablets and other devices to interact with a company’s data and network. Hackers and other bad guys target these users because they have access to sensitive data and systems, their account passwords are typically easy to guess or crack, and they are often willing to open a malicious file, click on an emailed link or even willingly type their password into a bogus site.
Protecting your company against end-user attacks requires a two-pronged approach: 1) train your users to help them be more aware of how end-user security attacks occur and 2) configure your systems to make it harder for the bad guys to successfully get in if a user slips up. Here’s a list of steps you should take:
•Keep up to date with security patches provided by software vendors for end-user machines. In addition to operating system patches, be sure to patch application software such as Adobe, Java and web browsers, as older versions of those tools have well-known vulnerabilities that are frequent vectors of attack.
•Provide spam filtering for every machine, with sensitivity controls turned up. One of the most common tactics attackers use to make initial entry into a company’s network is enticing end users to click on a spam email link that installs malware. While this won’t stop every phishing attempt, if you can filter out even one, that is one fewer opportunity for an unsuspecting user to click a bad link.
•Remove local administrator rights from end-user machines. Local administrator rights give a user more power to make changes to a computer, and if an attacker gains control of a machine with those rights, damage to the network can be much more significant.
•Make sure there is up-to-date anti-virus/malware protection installed on every machine.
•Require IT personnel to use different passwords when they work on servers. Even IT administrators can fall victim to email phishing attacks when they are working on their own computer. If they click on a bad link while logged in as an administrator, attackers can gain big-time access to your network using their privileged credentials.
•Develop a security awareness program for all personnel to help them understand their responsibilities when using a company computer system and/or handling sensitive data. This training should also teach users how to create good passwords (ones that are easy to remember, but difficult to guess).
•And perhaps most importantly, require “two-factor authentication” for users logging on to the network from a remote location. That means that a password alone is not enough to gain access; another form of authentication is needed. That could take the form of such things as a fingerprint, a token (a physical device that generates a code that is entered on the machine) or a digital certificate. If two-factor authentication is in place, an attacker who successfully captures a user’s access credentials still won’t be able to remotely connect to the network without the second factor (the token).
Taking all these measures will not completely eliminate the possibility of a successful attack, but it will greatly reduce your exposure to this common attack path, which just might make a potential attacker move on to a more vulnerable target.
Mark Burnette is a partner in the Security and Risk Services practice at LBMC, the largest regional accounting and financial services family of companies based in Tennessee, with offices in Brentwood, Chattanooga and Knoxville.