[metaslider id=2951] … Read More
Archives for March 2016
Solarwinds Positioned Highest in Ability to Execute
Gartner 2016 Magic Quadrant Positions SolarWinds Highest in “Ability to Execute” for Network Performance Monitoring and Diagnostics
AUSTIN, TX-(Marketwired - March 02, 2016) - SolarWinds, a leading provider of powerful and affordable hybrid IT infrastructure management software, today announced that the company has been included in the Gartner, Inc. 2016 Magic Quadrant® for Network Performance Monitoring and Diagnostics (NPMD)* as a Challenger. In addition, the report positions SolarWinds highest along the “Ability to Execute” axis.
“We believe our position in the Gartner® NPMD Magic Quadrant is reflective of our commitment to eliminating the complexity that IT professionals face in their environments today,” said Nikki Jennings, group vice president, product strategy, SolarWinds. “By developing powerful solutions that address real-world problems out of the box with no professional services required, SolarWinds provides accessible and immediate value to help IT Pros reach their most-pressing network infrastructure health and performance goals that drive the business forward.”
According to Gartner, “The goal of NPMD products is not only to monitor the network traffic and infrastructure to facilitate outage and degradation resolution, but also to identify performance optimization opportunities.”
As part of its research, Gartner tested SolarWinds’ NPMD offering featuring Network Performance Monitor and NetFlow Traffic Analyzer.
SolarWinds Network Performance Monitor provides a comprehensive view of network fault, performance, availability, and latency to more effectively identify, prioritize and resolve network issues before they impact application performance, end users and businesses.
SolarWinds NetFlow Traffic Analyzer provides a platform to aggregate and analyze all flow data, including NetFlow, J-Flow, sFlow®, IPFIX, and NetStream® data, enabling IT Pros to keep a close watch on network traffic data, identify bandwidth hogs and build customized reports of network traffic.
Contact us for more information
Cybercrime trends point to growing sophistication
By Robin Wright - Site Editor
Sophos’ James Lyne warns that cybercriminals are becoming more effective, thanks to document-based malware and advanced social engineering techniques.
SAN FRANCISCO — Cybercrime trends point to an alarming increase in advanced social engineering techniques and customized, targeted document-based malware attacks in 2016, according to Sophos research.
James Lyne, head of global security research at Sophos and an instructor with the SANS Institute, spoke about these cybercrime trends during a presentation at RSA Conference 2016 Wednesday and offered several warnings to enterprises about specific emerging threats. Lyne said Sophos’ latest research shows tried and true attack methods and threats, such as drive-by downloads and phishing attacks, are as common as ever.
But Lyne also explained that cybercriminals today are moving to new, greener pastures and becoming much better at making money from stolen information. In fact, he said cybercriminals have built a mature underground economy on the dark Web that puts legitimate ecommerce efforts to shame. Specifically, Lyne offered the example of AlphaBay Market, a site on the dark Web that allows cybercriminals to buy, sell and trade data. He showed how the site would automatically remove credit card numbers for sale when they gets a couple days old because by that time, the account number may have been already changed.
“They also factor the pricing [of the data] according to how many cybercriminals have bought it so far,” Lyne said. “So they have a little bit of a stock market going on the value of the data and the likelihood of you being able to use it for fraud purposes.”
But there’s more, Lyne said. When cybercriminals sign up for the site, they have to provide a PPG or GPG key to authenticate themselves. Lyne said Sophos researchers signed up for the site and purchased some data for testing purposes; within two seconds of purchase, they received an email with PPG encrypted Excel file with all of the credit card account information.
“Frankly, it’s one of the better online shopping experiences I’ve had in my life,” he said. “Using PPG and GPG keys – man, I wish we could get real retailers to do stuff like that. This is impression best practices.”
However, Lyne warned that AlphaBay was offering more than just credit card numbers and email addresses. The most valuable information was credentials. For example, Lyne said that cybercriminals can focus their search for something as specific as VPN access for a company in a designated region or vertical industry.
Even more distressing, according to Lyne, was the advancement Sophos researchers discovered in social engineering attacks. Lyne said at last year’s RSA Conference, he delivered a presentation that show a “slight uptick in quality” of social engineering attacks that had moved beyond stock scam emails regarding Nigerian princes and instead employed more targeted, well-researched intelligence to fool targets.
“That trend is in absolute full brutal force [today],” Lyne said. “It’s staggering how good some of the scams actually are.”
For example, instead of sending scam emails to people offering tax refunds, which no longer have a high success rate, cybercriminals may send a resume or CV file to an organization that has published job openings. Those individuals may have sought the services of reputed companies like ARC Resumes to better the format and content of resumes. Cybercriminals may most probably target those good resumes that are bound to attract potential recruiters. And Lyne said that even such emails with obvious misspellings or bad grammar still get clicked on by some users.
Document-based malware on the rise
The resume and CV file attacks are particularly concerning, Lyne said, because of another cybercrime trend: document-based malware. “There’s some interesting things occurring [where] a small subsection of cybercriminals are focused on document-based malware,” he said. “They are producing toolkits, just like we see from mainstream cybercriminals, that are specifically focused on [document] exploits.”
In addition to customizing document-based malware, Lyne said, many cybercriminals are using this type of attack to purposefully limit the distribution of their document-based malware and instead target just two or three thousand people in a specific vertical or company. And document-based malware combined with more advanced social engineering techniques can make for a devastating attack, Lyne said. For example, he said his favorite recent example was a document that was made to look like an encrypted file with confidential data.
“Isn’t that clever-using heightened awareness of security to actually get people to open something? If it’s encrypted, it must be important, right?” Lyne said. “They’ve really upped their game with social engineering techniques.”
Lyne said these cybercrime trends all add up to show an unsettling truth for enterprises: that attack methods are maturing, as is the underground economy around stolen data and credentials. “There are numerous things here that fly in the face of our usual expectations of how cybercrime works,” he said. “Things like only focusing on two or three thousand users, limiting distribution purposefully, custom crafting [of document-based malware] and use of excellence in social engineering.”
3 ways SMBs can become more cyber resilient
With companies facing more risk of attacks, it’s vital to step up endpoint and network security
By Todd Weller, Special to ThirdCertainty - Vice President of Corporate Development at Hexis Cyber Solutions
Cyber attackers don’t discriminate based on company size. They focus on the value of the data they can steal. This means that most small and midsize businesses face much the same cyber exposures as large enterprises.
But due to cash flow and manpower constraints, SMBs face greater challenges when it comes to securing their networks. Unfortunately, attackers aren’t sympathetic and these challenges may result in SMBs being viewed as more attractive targets.
Based on the data breaches disclosed in 2014 and 2015, it is clear that cyber attacks have become a mainstream operational risk for all companies.
That said, there is no reason 2016 shouldn’t be a year in which companies, especially SMBs, make progress toward achieving cyber resilience. This should be a key objective for organizations of all sizes.
Cyber resilience requires organizations to have plans in place to prevent, detect, respond and recover rapidly from cyber attacks. In short, cyber attacks are now a business and operational risk and no longer just an IT risk.
The good news for SMBs is that steady improvement of the company’s security posture does not have to be an overwhelming endeavor. Here are three steps to put you on a path to become more cyber resilient in 2016:
Improve visibility. Relying on detection technologies focused primarily on known threats no longer provides sufficient visibility. Detecting advanced threats requires deployment of behavior-based detection capabilities on both endpoints and networks. Continuous recording capabilities (analogous to a security camera) can be used reactively and proactively.
Focus on integration. Some large organizations deploy solutions from hundreds of security vendors. SMBs with limited resources do not have that option. Fortunately, many cybersecurity vendors are moving toward integration of multiple detection capabilities. There is a growing trend of a provider offering both endpoint and network capabilities.
Look into managed services. Monitoring and effectively responding to thousands of alerts can be daunting. This is why many SMBs are looking to consume security monitoring and response as a managed service. This may be through in-house assistance or from companies such as zzcomputer.com, it all depends on what a business needs. The good news for SMBs is that by going to a managed security services provider, they not only get access to a nice car, but also get a driver with it.
Hexis Cyber Solutions Enhances HawkEye G Integrated Detection and Automated Response Capabilities
HANOVER. Md., March 01, 2016 — Hexis Cyber Solutions Inc. (Hexis), a wholly-owned subsidiary of The KEYW Holding Corporation (NASDAQ:KEYW), and a provider of advanced cybersecurity solutions for commercial companies and government agencies, is committed to the continuous innovation and development of its flagship next-generation endpoint security solution, HawkEye G. With a continued focus on enhancing its integrated malware and threat actor detection modules, enterprise platform support, and ecosystem partners, Hexis is pleased to announce current and forthcoming product enhancements to its HawkEye G solution.
Significant HawkEye G Release 4 Enhancements Demonstrate Continued Innovation
Hexis continues to focus on product innovation and the forthcoming HawkEye G release 4 will include several, significant enhancements.
Expanded network sandboxing integration.
HawkEye G Release 4 will include native, network sandboxing capabilities powered by Lastline, the only Full System Emulation (FUSE™) malware analysis platform. Lastline was recognized by NSS Labs as a leader in Breach Detection in its 2015 Breach Detection System Comparative Evaluation. This technology integration will add multi-protocol content extraction and network sandbox malware analysis to the HawkEye G product line without requiring additional appliances. Network content will be extracted, verified, and submitted from the HawkEye G Network Sensor appliances to Lastline’s malware analysis sandbox for detonation, analysis, and scoring for false positive reduction or response actions based on real-time endpoint event data. Organizations can choose to leverage Lastline’s cloud-based or on-premise offerings for the analysis of Windows PE files, Microsoft Office documents, and PDF files extracted from HTTP and SMTP protocols on a single appliance.
Expanding Platform Coverage to Mac OS.
Hexis’ platform support includes Windows workstation and server, Red Hat Linux, and with Release 4 of HawkEye G, expands coverage to Mac OS X. “We continue to expand our platform support offerings to meet our customers’ growing needs for security on their end-user computing platforms. With the addition of Mac OS X support, we’ve set a high bar enabling organizations to improve their endpoint security posture across multiple operating systems, delivering multiple advanced malware detection engines, an expanding third-party ecosystem, and automated response capabilities from a single technology vendor,” explains Chris Carlson, Hexis VP of Product Management.
YARA Rules Support.
HawkEye G Release 4 adds support for customer-defined YARA rules via a YARA engine embedded in the HawkEye G Host Sensor. This will enable multiple new capabilities including custom threat scoring in detection mode, automated quarantine file in response mode, and a new endpoint prevention module that performs process pre-execution suspension, inspection, and termination before malware begins to execute. The prevention module runs locally on the endpoint in either online or offline modes without requiring connection to the HawkEye G Manager or cloud services to function.
“The team has worked tirelessly to develop these product enhancements for the HawkEye G Release 4. We are confident that these additions to the product will empower our enterprise and government customers to better prevent, detect, and respond to ever-changing malicious attacks,” says Chris Fedde, President, Hexis Cyber Solutions.
Hexis HawkEye G App for Splunk™
Built from the ground up with integration in mind, Hexis strives to continuously expand and improve our technology integrations and partnerships with the goal of increasing the value of our solution and enhancing ROI for customers.
With this in mind, we are pleased to announce the release of Hexis HawkEye G App for Splunk, which is now available for download on the Splunk marketplace. The HawkEye G App for Splunk presents a real-time situational overview of the HawkEye G deployment, including dashboards, reports, search and alerting on endpoint and network threat activity, threat scoring, automated and machine-guided remediation activity, and system health and status
LogRhythm Joins Lockheed Martin Cyber Security Alliance
GAITHERSBURG, Md., Feb. 29, 2016 /PRNewswire/ — Lockheed Martin (NYSE: LMT) announced the addition of LogRhythm, a leader in security intelligence and analytics, to the Lockheed Martin Cyber Security Alliance. Alliance members collaborate to solve growing cybersecurity needs and meet future threats through customer-focused solution design, experiments, and end-to-end systems integration pilots.
“The Lockheed Martin Cyber Security Alliance brings together the right experts, the right processes, and the right technologies to provide our customers with mission resilient systems,” said Angie Heise, Vice President Lockheed Martin Commercial Cyber. “By sharing our best practices we are able to combat cyber-threats with ever-increasing agility. LogRhythm brings even more expertise, skills and tools to the alliance, and we are thrilled to welcome them.”
LogRhythm empowers organizations around the globe to rapidly detect, respond to and neutralize damaging cyber threats. The company’s security intelligence platform unifies next-generation security information and event management, log management, network and endpoint monitoring and forensics, and security analytics.
“As a member of the Lockheed Martin Cyber Security Alliance, we look forward to collaborating with some of the smartest minds in the industry and supporting customers in the public and private sectors,” said Jon Bickford, vice president of Americas sales at LogRhythm. “LogRhythm is proud to represent the security information and event management community in this significant effort to attack global cyber security challenges with new defense capabilities for detecting and neutralizing advanced threats.”
LogRhythm joins a host of industry leading alliance partners, including: APC by Schneider Electric, CA, Cisco, Citrix, CyberPoint, Cybereason, Dell, EMC Corporation and its RSA security division, FireEye, HP and its ArcSight division, Intel and Intel Security (formerly McAfee), Juniper Networks, Microsoft, NetApp, Radware, Red Hat, Solutionary, Splunk, Symantec, Trustwave, Verizon and VMware.
About Lockheed Martin
Headquartered in Bethesda, Maryland, Lockheed Martin is a global security and aerospace company that - with the addition of Sikorsky - employs approximately 126,000 people worldwide and is principally engaged in the research, design, development, manufacture, integration and sustainment of advanced technology systems, products and services.
