Symtrex Inc.

Cyber Security Specialist

Call - 866-431-8972 | Send an Email | Request a Quote
Visit Us On FacebookVisit Us On TwitterVisit Us On Linkedin

Profile

Archives for November 2015

Toymaker VTech is Breached

by

In an article by Phil Muncaster – InfoSecurity Magazine

A Hong Kong-based maker of children’s educational toys has suffered a data breach, exposing the details of potentially millions of children and their parents.

VTech, which builds “electronic learning toys,” revealed in a statement on Friday that an “unauthorized party” accessed customer data held in its Learning Lodge app store database on 14 November.

It continued:

“Upon discovering the unauthorized access we immediately conducted a thorough investigation, which involved a comprehensive check of the affected site and implementation of measures to defend against any further attacks.

Our customer database contains general user profile information including name, email address, encrypted password, secret question and answer for password retrieval, IP address, mailing address and download history.”

The firm stressed that the database in question doesn’t store credit card information as Learning Lodge payments are processed by a third party provider. Read Entire Article

So the good news is no Credit Card Information was stolen, however, the information that was stolen can be devastating to the parents/children, especially considering that for the most part, people reuse passwords and secret questions for email addresses, banking, etc.

LogRhythm’s Security Intelligence Platform SIEM Product Review

by

by Karen Scarfone – Tech Target

Expert Karen Scarfone examines LogRhythm’s Security Intelligence Platform, a SIEM tool for analyzing collected data

The LogRhythm Security Intelligence Platform is a security information and event management (SIEM) product for enterprise use. It is used to collect security event log data from software throughout an enterprise, including network security controls, operating systems and user applications. The SIEM tool analyzes the data to identify possible signs of malicious activity so humans or automated processes can stop attacks in progress or help recover from successful attacks. SIEM platforms such as LogRhythm’s also generate detailed reports on security events that can be used to document compliance with security regulations, laws and other requirements.

LogRhythm SIEM product versions

LogRhythm’s SIEM platform is available in several formats, including an all-in-one bundle or distributed components, and as hardware-based appliances, server-based software and virtual appliances (supported by VMWare ESX, Microsoft Hyper-V and Citrix XenServer). These last three formats — hardware, virtual and server software — can be mixed

and matched as needed within a single LogRhythm Security Intelligence Platform implementation.

Examples of the major component types are:

  • Platform Manager (PM): Supports centralized management and administration for the LogRhythm implementation
  • Data Processor (DP): Performs log collection and management
  • Data Indexer (DX): Indexes data and metadata
  • AI Engine (AI): Provides correlation and analysis capabilities
  • All-In-One (XM): Combines the PM, DP, DX and AI components
  • Network Monitor (NM): Specializes in deep analysis of network traffic contents
  • Data Collector (DC): Collects log data from remote systems and prepares it for secure transfer to the centralized LogRhythm Security Intelligence Platform implementation

Read the full article ->

 

Enterprise Snare Agent Update

by

Please be advised that two of the Enterprise Snare Agents have patch updates available – the Enterprise Snare Agent for Windows and the Enterprise Snare Agent for MS SQL.

For the Enterprise Snare Agent for Windows:

  • Improve debugging output

Enhanced debugging support is added for the windows agent. To output debug logs to a file, and after stopping the snare service, the agent is run from administrative console, ie. SnareCore.exe -c -d9 >> log.txt

Then log.txt file will include the event IDs of all the events that SnareCore will capture, regardless if
they are ignored by objectives.

  • Windows Agent Crashing on occasion with USB events

There was an issue with the registry bookmark handling of the events specially when dealing with USB events (where Enable active USB auditing? is selected on Network Configuration in the web UI). Due to this issue, Snare might crash while  processing USB events. This issue is fixed in this release and now bookmarks and USB events work correctly together.

Snare Enterprise Agent for MS SQL

  • SnareMSSQL does not remove its service on uninstall

An issue was identified with the uninstaller of the SnareMSSQL v1.4.1, v1.4.2 and v1.4.3 agent versions. Due to this issue if the uninstaller was run on a SQL server standalone machine then the uninstaller may not remove the SnareMSSQL service which could be left in a disabled state requiring a reboot to clear. This issue is fixed in this release. Now uninstaller removes the SnareMSSQL service  correctly during uninstall.

  • The MSSQL agent picks the machine hostname for current events instead of event hostname

An issue was found for installs that use cluster mode with the ‘system’ column on current events page. Due to this issue, sometimes, the machine hostname was shown in the system column instead of current active cluster node name. This issue is fixed in this release and now the system column shows the appropriate active node name.

  • Issue with the loadinf option on cluster machine
  • Error handling astray when checking groups

An issue was found with the way errors were reported on the web UI during the ‘Check Groups’ operation from objective page. Due to this issue, the next error was appended with the previous one; causing confusing error text. This issue is fixed in this release.

These updates can be downloaded from your client area, should you wish more information please contact us.

LogRhythm scores High

by

LogRhythm scores high on the Gartner report – Critical Capabilities for Security Information and Event Management. (September 2015).

Gartner’s 2015 Critical Capabilities for Security Information and Event Management report enables IT security managers to align their needs with one of the three most common use cases. And LogRhythm Scores high on all three.

  • Compliance
  • Threat Management
  • SIEM

Compliance

Contact us to find out more

Sophos XG Firewall

by

Sophos XG Firewall

We’re excited to announce the launch of Sophos XG Firewall with Sophos Security Heartbeat™. They are a compelling reason to add network security to your Sophos portfolio.

Sophos XG Firewall – the new Next-Gen Firewall and UTM solution from Sophos provides unmatches ease of use and revolutionary new protection technology to give you an unbeatable offering for organizations of all sizes:

Hightlights Include:

Network Security Control Center – an innovative interface that delivers instant network and threat intelligence so users can take-action fast.

XG Series Appliance – comprehensive range – including  a new entry-level – XG 85(w) and XG 750 for larger implementations

Security Heatbeat –  a unique capility that links the firewall and the cloud endpoint for the very first time allowing them to share intelligence and enchance protection against advanced threats.

Take a tour of the Sophos XG Firewall

See Security Heartbeat in Action

Contact us for more information