Chat with us, powered by LiveChat

Symtrex Inc.

Cyber Security Specialist

Call - 866-431-8972 | Send an Email | Request a Quote
Visit Us On FacebookVisit Us On TwitterVisit Us On Linkedin

Archives for November 2016

Bitdefender Adds Enhanced Anti-Exploit Technologies

by

Enhanced Anti-Exploit provide extra layer of protection against world’s most pervasive types of attacks.

Bitdefender, the innovative security software solutions provider, today announced the addition of a new security feature in the GravityZone product line named Enhanced Anti-Exploit, while also complementing ransomware protection by integrating its ransomware vaccine tool directly in the products. The update is available immediately to existing customers in the latest version of products of the GravityZone line, both Cloud and on-premise.
Advanced persistent threats have not only multiplied over the past years, but also reached new levels of complexity. An attack such as the Monsoon APT which exploits a vulnerability while leaving little to no traces of malicious code, can now be stopped dead in its tracks.
“Advanced persistent threats have completely changed the security game, making it fundamentally more difficult for IT security teams to detect and remediate breaches in the company network,” said Harish Agastya, VP of Enterprise Solutions at Bitdefender. Our innovative take at detecting zero-day threats monitors interactions with specific software, making sure that any anomalous behavior is stopped before it inflicts any damage”.
Bitdefender’s new anti-exploit protection is designed to tackle evasive exploits to help reduce the APT attack surface and minimize the risk of being targeted. The new technology works by zooming in on potentially vulnerable software and running a structural analysis during key execution points. If an anomaly is detected, admins can choose to automatically block the execution or to simply be notified.
With this additional feature, advanced attacks are stopped before the payload actually reaches the client’s infrastructure, thus greatly increasing the costs of attacks for targeted threat actors, be them civilian entities or hostile governments. During the testing stage, the Enhanced Anti-Exploit technology was able to block all Flash Player exploits discovered during the past year, including zero-days.
In the first three months of 2016, spam email with file attachments, the primary vector for ransomware infections, increased by 50%, according to data from the Bitdefender Antispam Lab. To date there are roughly 2.6 million known unique samples of ransomware and the numbers keep growing, with DIY ransomware creation tools readily available.
In order to further enhance our protection against ransomware, we have also complemented our two existing anti-ransomware defense technologies – our engines which use advanced machine learning and the Advanced Threat Control feature– by integrating our ransomware vaccine previously available as a standalone tool directly into the GravityZone products.

Making Security Intelligence a Standard Operating Procedure

by

From our partner LogRhythm’s Blog

By Dan Wilbricht

Protecting our Nation’s Interconnected Critical Infrastructure

National Cyber Security Awareness Month is coming to an end. Hopefully, we have all come away with some ideas on how to better protect ourselves, organizations, and our country. We must not slow down, take a break from building out protection, or pause on protecting our cyber demands. In fact, we need to be more resilient now more than ever.

We live in a world that is more connected than ever before. This interconnectedness touches almost all aspects of daily life—both professionally and personally. We saw how much we depend on the technology that connects us in last week’s DDoS attack on the public internet. We need to ensure that we take measures to protect our critical technology communications infrastructure.

In an article written last week in the San Diego Tribune in response to the attack, LogRhythm’s CTO and co-founder Chris Petersen said, “I’m an entrepreneur and don’t want more regulation. But as a cyberexpert, I don’t see much alternative in order to protect our nation from damaging cyberattacks.”

Improving Defenses by Making Security Intelligence a Standard Operating Procedure

Today we are at the disposal of terabytes of data to tell us who, what, when, where, and how an intrusion may have occurred. But because of the enormous amounts of information, we need to get better at identifying what is a threat and what is just noise.

We often do not know what we are looking for, and therefore, we need assistance in correlating all of the information. What we do know is that we need to make security intelligence a standard operating procedure (SOP) for all agencies, organizations, and individuals in order to effectively and efficiently cut through the noise and determine actionable intelligence to move the defense of our critical infrastructure forward.

Security Intelligence and Analytics in the Public Sector

The white paper Security Intelligence and Analytics in the Public Sector offers up a solution. While it’s not possible to prevent all threats from affecting an agency’s IT environment, this paper outlines the need to make threat detection and response capabilities an essential requirement.

A unified security intelligence and analytics approach is the best possible approach to threat detection and response. To learn more, download the whitepaper .

Sophos Central Adds Support for SIEMs (Splunk, ArcSight, etc)

by

Sophos Central has integrated many of the products a business needs to stay secure. However, they realize that many organizations have products from multiple vendors and leverage a SIEM (security information and event management) to try to make sense of all the security events produced by all those disparate products. With data flowing fast, IT teams face a big challenge when it comes to maintaining some semblance of coherent visibility into the vast amounts of information they’re constantly receiving from all their different vendor products.

In that spirit, they are pleased to announce that SIEM integration has been added to Sophos Central. Whether you use Splunk, ArcSight, or any other major SIEM, you’ll find it easy to connect to Sophos Central. You’ll get real-time insight into the events and alerts for all your Sophos Central products. It’s one integration whether you’re using Endpoint Advanced, or Wireless, or our next gen endpoint, Intercept X, or Email protection, or Encryption… they all work together so it’s a single integration.

Setup couldn’t be easier. Take a look at this short demo video to get an idea of how to get SIEM integration up and running within your organization:

With the recently released audit logs and RBAC features, SIEM integration is yet another step forward to improve the efficiency of IT teams large and small.

Contact us for more information

Behavioral threat assessment means real-time threat detection

by

From TechTarget - Johna Till Johnson

Real-time behavioral threat analytics is the next frontier in security. Learn how a behavioral threat assessment tool can protect your enterprise systems and data.

If yours is like most organizations, your environment is equipped with instruments that detect anomalous behavior by users and systems. You’re logging information and digging through it to find out what has happened.

And you’ve probably discovered a couple of whopping flaws with your approach.

First, it’s expensive and unsustainable. Very few enterprise organizations can afford to hire dozens of security analysts every year, if they can even find them. (And estimates are that the global market is generating a million unfilled security analyst job openings per year.)

Second, and more important, it’s slow. Even if you had the proper staff, the backlog of analysis means that the average breach goes undetected for months, according to many breach reports. And as the time to exploit an attack continues to increase, that could mean trouble.

Behavioral threat assessment to the rescue

The solution? Consider deploying real-time behavioral threat analytics (BTA). Real-time BTA tools come from vendors like Bay Dynamics, Exabeam, Fortscale, Gurucul, LightCyber, Securonix and Splunk (through its Caspida acquisition). Although the algorithms are different from vendor to vendor, real-time BTA products provide a layer of analysis on top of existing monitoring and logging products.

That is, BTA tools create a behavioral threat assessment by plugging into security information and event management tools, intrusion detection systems and intrusion prevention systems and others — like firewalls — and importing their log information. They then perform correlation analysis on that information to determine what behavior is normal for users, devices and systems. The next step for developing a behavioral threat assessment is additional analysis to determine whether anomalous behavior is just that — anomalous, but harmless — or represents a true threat. BTA products do all this by applying machine learning to the data streams so that security analysts don’t need to program in rules about what comprises normal behavior.

That means that one of the huge benefits BTA tools can provide is minimizing the number of alerts and false positives — things that look like threats but aren’t. Organizations that have deployed such systems say they bring the number of false positives down from 500 or more a day — clearly an unmanageable amount — to two or three real threats.

Getting BTA launched

To start deploying a BTA, set up selection criteria, beginning with the existing and planned security architecture. What monitoring and logging tools are core to your environment, and what are the data security tools you’ll count on for the next few years? Integration into those systems will be a critical selection criterion for your BTA products. You should also think about what form factor you’d prefer: on premises or cloud-based. Most security professionals are uncomfortable uploading security logs to the cloud, so on premises may be the best way to go.

Then you’ll want to set up a proof of concept (POC). Ideally, this will be in a self-contained network with a defined set of users, like a stand-alone department or geographical division. Why? Because you’ll be able to get a feel for the BTA tool’s capabilities — and if it works out, the business owner of that division or department will be your top evangelist in advocating for the system in the rest of the company.

Assessing a BTA tool

When you run your POC, look for several factors. First, how long does the BTA tool take to “learn” your environment? Most vendors say the tools begin delivering value in a few days — the sooner, the better.What do you think the main challenge is to installing and using a BTA tool?

Second, what’s the rate of false positives? Are you seeing a dramatic drop or just a minor reduction? In other words, is the data security tool creating a behavioral threat assessment that is of value to you?

Finally, how does the data security tool display information? Are there dashboards that can be used by less-technical folks like business stakeholders? Are threats prioritized clearly? Does the system recommend actions and next steps?

Once you’ve run your POC, you should have a feel for the business benefits such a tool can provide. In addition to reining in the unsustainable growth of security teams, a real-time BTA can enable you to respond to threats in a far timelier fashion — thereby increasing your security stance — and impressing the board with your new agility. Depending on the system, you also may have a more effective approach to documenting threats and compliance concerns.

The bottom line? If you want to understand the threats occurring in your environment, where they’re happening, who’s affected and what you should do about them, it is likely you need a behavioral threat assessment. It’s time to consider a real-time BTA product.

Ransomware Attacks have more than Doubled in Q3, 2016

by

From Dark Reading

Q3 cyber threat study by Kaspersky Lab says ransomware modifications have risen 3.5 times and newer countries are coming under attack.

A study of the cyber threat landscape from July to September 2016 by Kaspersky Lab reveals that ransomware attacks have more than doubled in Q3 with modifications rising 3.5 times and affecting 821,865 people. The Q3 report also points out that banking malware has risen by 5.8% and maximum exploits are being designed to target browsers (45%) and Android OS (19%).

The IT threat evolution report for Q3 says cybercriminals appear to have moved to greener pastures with places like Croatia, South Korea, Tunisia, and Bulgaria featuring for the first time in the list of the top five ransomware-attacked countries.

Also noticeable was Trojan-Downloader.JS.Cryptoload being behind most of the attacks with CTB-Locker, Locky and CryptXXX highly popular.

“Crypto ransomware continues to be one of the most dangerous threats, both to private users and to businesses,” explains Fedor Sinitsyn of Kaspersky Lab.

Have a question on how to prevent ransomware from your network - give us a call, or drop us an email.