[metaslider id=2951] … Read More
Archives for May 2016
LogRhythm – Earns Recommended Designation and 5 Stars
Independent Testers Praise LogRhythm as “Most Complete, Pure-play SIEM”
BOULDER, Colo.–(BUSINESS WIRE)–LogRhythm, The Security Intelligence Company, today announced that its Security Intelligence Platform, has earned the “RECOMMENDED” designation and a perfect five-star rating in SC Magazine’s 2016 SIEM and UTM Group Test. The reviewers specifically called out LogRhythm’s “next-gen features and superlative correlation and analytics” as its primary strengths.
As part of the SIEM and UTM Group Review, SC Magazine tested six solutions. The review emphasized that LogRhythm’s security intelligence platform is “a heavy-duty tool made for a demanding large environment. It is scalable and complete with the largest list of supported connectors we’ve seen yet.”
“Information security teams value advanced analytics, efficient incident response, and effective workflow and collaboration in the platform they place at the center of their security operations. It’s not surprising then that LogRhythm received SC Magazine’s “RECOMMENDED” designation in this year’s lab test,” said Mike Reagan, chief marketing officer at LogRhythm. “This review highlights why enterprises around the globe are increasingly selecting LogRhythm’s Security Intelliegence and Analytics Platform to bolster their ability to detect, respond to and neutralize advanced cyber threats through comprehensive threat lifecycle management.”
SC Magazine stated that LogRhythm is the “most complete, pure-play SIEM we’ve seen.” It went on to say about the LogRhythm solution, “It has the intelligence to analyze, correlate and make sense of huge amounts of data.”
LogRhythm’s unified Security Intelligence Platform integrates next-gen SIEM and log management with network forensics, endpoint monitoring and multidimensional security analytics. LogRhythm provides deep visibility into threats and risks to which organizations are otherwise blind. Designed to help prevent breaches before they happen, LogRhythm accurately detects an extensive range of early indicators of compromise, enabling rapid response and mitigation.
The deep visibility and understanding delivered by LogRhythm’s Security Intelligence Platform empowers enterprises to secure their networks and comply with regulatory requirements.
The SC Magazine review can be found online at: http://www.scmagazine.com/utm-and-siem/grouptest/361/.
Designer Cyber Threats Increasing
ComputerWeekly.com – Warwick Ashford – May 4, 2016
Cyber attackers are crafting spam to deliver malware that uses vernacular, brands and payment methods for better cultural compatibility, Sophos researchers find
Cyber criminals are increasingly designing attacks for specific countries to trick victims into downloading malware, according to research by SophosLabs.
Analysis of data from millions of endpoints worldwide revealed a growing trend of crafting spam to deliver malware that uses vernacular, brands and payment methods for better cultural compatibility.
Ransomware disguised as an authentic email or notification, complete with local logos, is more believable, and therefore more financially rewarding to cyber criminals, the researchers said.
To be as effective as possible, scam emails are also impersonating local postal companies, tax and law enforcement agencies and utility firms through phony shipping notices, refunds, speeding tickets and electricity bills.
SophosLabs noted a rise in spam where the grammar was more often properly written and perfectly punctuated.
“You have to look harder to spot fake emails,” said Chester Wisniewski, senior security advisor at Sophos. “Being aware of the tactics used in your region is becoming an important aspect of security.”
Researchers also saw historic trends of different ransomware strains that targeted specific locations. Versions of CryptoWall predominantly hit victims in the US, UK, Canada, Australia, Germany and France; TorrentLocker attacked primarily the UK, Italy, Australia and Spain; and TeslaCrypt honed in on the UK, US, Canada, Singapore and Thailand.
The analysis also showed the level of malware infections and attacks per 1,000 Sophos endpoints for countries in the first three months of 2016, also known as threat exposure rates (TER). Although western economies were more highly targeted, they typically had a lower TER.
Countries ranked with the lowest TER included France at 5.2%, Canada at 4.6%, Australia at 4.1%, the US at 3% and the UK at 2.8%. Algeria at 30.7%, Bolivia at 20.3%, Pakistan at 19.9%, China at 18.5% and India at 16.9% were among the countries with the highest percentage of endpoints exposed to malware attacks.
“Even money laundering is localised to be more lucrative. Credit card processing can be risky for criminals, so they started using anonymous internet payment methods to extort money from ransomware victims,” said Wisniewski.
“We have seen cyber crooks using local online cash-equivalent cards and purchasing locations, such as prepaid Green Dot MoneyPak cards from Walgreens in the US, and Ukash, which is now paysafecard, from various retail outlets in the UK,” he said.
The concept of filtering out specific countries also emerged as a trend.
“Cyber criminals are programming attacks to avoid certain countries or keyboards with a particular language,” said Wisniewski. “This could be happening for many reasons. Maybe the crooks don’t want attacks anywhere near their launch point to better avoid detection. It could be national pride. Or perhaps there’s a conspiratorial undertone to create suspicion about a country by omitting it from an attack,” he said.
Banking is an example of how cyber criminals are using location-based malware to be more prosperous. The Sophos research revealed historically how Trojans and malware used to infiltrate banks and financial institutions converges on specific regions.
Brazilian banker Trojans and variants pinpoint Brazil, and Dridex is predominant in the US and Germany, for example, while Trustezeb is most prevalent in German-speaking countries, Yebot is popular in Hong Kong and Japan, and Zbot is found mostly in the US, UK, Canada, Germany, Australia, Italy, Spain and Japan.
“There is an entire cottage industry of uniquely crafted Trojans just targeting banks in Brazil,” said Wisniewski.
With cyber criminals having a deliberate hand in creating threats that look authentic and are specifically targeted, Sophos researchers said it is more difficult to recognise malicious spam.
Hexis HawkEye G 4.0 Release Now Available
HawkEye G 4.0 Features Network Sandbox Capabilities Powered
by a Partnership with Lastline, a Cloud Offering, and Extended 24/7
HANOVER, Md., May 2, 2016 – Hexis Cyber Solutions Inc. (Hexis), a wholly-owned subsidiary of The KEYW Holding Corporation (NASDAQ: KEYW) and provider of advanced cybersecurity solutions for commercial companies and government agencies, announced today the general availability of HawkEye G 4.0. This release represents a continued focus on expanding the company’s core capabilities of integrated detection and automated response. Major highlights of this release include:
- Addition of network sandbox capabilities through a strategic partnership with Lastline. This enhances HawkEye G’s breach detection by combining industry-leading network sandboxing with its next-generation endpoint detection and response.
- Expanded and flexible deployment options for HawkEye G deployed in the cloud, on-premise, or a hybrid deployment.
- Managed Services Premium now available, providing organizations with continuous security monitoring and management around-the-clock 24/7.
Improved Detection Combines Industry Leading Network Sandboxing Powered by Lastline with HawkEye G Next-Generation Endpoint Detection and Response
HawkEye G 4.0 now offers network sandboxing capabilities powered by Lastline, the only Full System Emulation (FUSE™) malware analysis platform with one of the highest-rated scores for security effectiveness by independent testing company NSS Labs. The integration of network sandboxing powered by Lastline strengthens HawkEye G’s signature-less detection improving an organization’s ability to detect and remediate unknown cyber threats. HawkEye G extracts suspicious multi-protocol content from network traffic and sends it to Lastline’s hosted or on-premise sandbox environment, where it is detonated and analyzed. Release 4.0 includes support for Windows PE executables, Microsoft Office documents, and PDF files in HTTP and STMP traffic; future support will include Mac OS X Mach-O executables and Android APK binaries delivering the most comprehensive coverage of file types and protocols available in the industry.
“The partnership between Hexis and Lastline provides a compelling offering for enterprises of all sizes looking to improve the visibility and detection of unknown threats at both the endpoint and network while eliminating point solutions from their enterprise,” explains Chris Carlson, VP of Product Management, Hexis Cyber Solutions. “This integrated offering provides organizations with industry-leading network sandboxing in addition to our award-winning next-generation endpoint detection and response capabilities.”
The Lastline partnership bolsters our integration capabilities with market-leading security technologies including FireEye™, Palo Alto Networks™ and Splunk™.
HawkEye G’s Next-Generation Endpoint Detection and Response Platform Now Available in Cloud and Hybrid Cloud Deployments
The release of HawkEye G 4.0 also includes a cloud offering. The single tenant cloud deployment provides an easy, secure way to leverage HawkEye G without needing to deploy and manage on-premise equipment. For customers who select the cloud deployment, Hexis offers a choice of geographic data center locations starting with the United States, with forthcoming datacenters in the United Kingdom, Germany, Australia and Japan.
“Whether you leverage HawkEye G in the cloud, on-premise, or a hybrid combination, the enhancements featured in HawkEye G 4.0 position us as the leading threat detection and automated response platform available today,” Chris Carlson states. “As we continue to bring innovative capabilities to the market, customers of all sizes will benefit from the advanced security protection we’re offering.”
Hexis Managed Services Premium Now Provides Continuous Security Monitoring and Management Around-the-Clock 24/7
Hexis also announces the availability of Managed Services Premium, providing customers with access to Hexis cyber security experts 24 hours a day, 7 days a week. This new offering expands comprehensive security management and monitoring of customer environments to include non-traditional business hours.
Snare Agent Updates
The following agents have been updates and are available for our clients in their client area:
Windows Agent (V 4.3.5) Release Notes
- includes new syslog feature – RFC 5424 header versioning and timestamping added as an optional format choice for syslog header
- two bug fixes pertaining to sending custom events and USB events.
Epilog Agent for Windows (V 1.8.6) Release Notes
MS SQL Agent V 1.4.6 Release Notes
- provides for a fix to a possible memory usage issue.
All include a security update to the Open SSL Library.
For more information refer to the release notes or contact us.