[metaslider id=2951] … Read More
Threats Evolve – Your Security Should Too
Threats evolve. One of the first companies I was working for was hit by a ‘denial of service’ attack, an email was sent to a friend of mine which had a script that made sheep dance all over your screen. It was pretty amusing so she decided to send it to the distribution list in the office. Let’s just say that the system administrators were not amused, as it brought the network down completely, and took the afternoon to bring everyone back up. This was in 1995. Now security did evolve to a certain extent, this type of attack would have been caught by either your UTM, email security appliance or end point solution. Over the course of several years, security solutions did evolve – firewalls, end point, network access control and logging. In the early 2000’s, the terms SIM, SEM and SIEM were the rage, and the next best thing for organizations to battle against threat actors, as it was a great solution to review all of the events from your network in one centralized location. That was also when you could back up your logs to a CD.
Fast forward to today, we have embraced BYOD, Cloud technology, IoT devices, and no one actually picks up the phone any more – email or texting is the communication tool providing immediate gratification. (anyone remember what a telex machine is). This explosion of technology, and reliance on said technology, has completely altered the threat landscape. Organizations are subject to ransomware, trojans, APT’s, insider threats and more – which ‘can’ make it through your defenses, and be hard to detect and remediate.
In a recent article from Dark Reading by Kelly Sheridan, it identifies that the current SIEM systems have flaws, and while reading this, I was not surprised. Almost any product that collects event logs identifies themselves as an SIEM, and some SIEM’s now promote the security analytics more than logging portion of the product. In addition, the introduction of a new acronym – SOAPA – which stands for security operations and analytics platform architecture (Network World, November 29, 2016), was created to distinguish themselves from SIEM.
Advances for the SIEM is not moving at the same speed as the threats, or taking into account different threat vectors. Typically event data is sent from the host devices, using either standard syslog or through the use of an agent, to a repository of some sort. This event data is then queried using a set of correlation rules, that will then initiate an alert or a response of some sort. While most SIEM’s identify that they have huge libraries of pre-built reporting, they need to be refined to accommodate your organization AND they need to be regularly reviewed to ensure that any new “threats” will be discovered, and alerted on or have a response of some sort created.
While for some attacks the SIEM will most definitely be advantageous to the organization, and of course, if you are required to collect and monitor logs for a compliance requirement it is a necessity, however the threats today take into account how these platforms work. The threat actors are meticulous; and look at ways to evade the traditional security platforms.
The growth in products that are deemed to include security analytics/behavioural analysis can assist organizations in determining if network activity is malicious. The products look at the typical activity of a network over time, baseline it, and then can provide a relatively good assumption when the activity deviates that there is a potential issue at hand.
By combining behavioural analysis/security analytics, machine learning and threat intelligence, an organization will be provided a more comprehensive review of activity on your network. Using a system that is not based on rules, but rather looking holistically at all of the users, devices, applications and how they all interact, running it through algorithms and machine learning techniques – this will provide a more accurate detection of a threat.
To find out more, contact us.
Gartner acknowledges Sophos’s continued data protection leadership
After being recognized by Gartner as a leader in seven consecutive Magic Quadrants for Mobile Data Protection, we continue our success by being one of the vendors with the most comprehensive solution in the new Gartner report, Market Guide for Information-Centric Endpoint and Mobile Protection.*
This new report by John Girard of Gartner is the replacement for the now retired Gartner Magic Quadrant for Mobile Data Protection. It defines nine different methods for information-centric endpoint protection, ranging from basic device protection to comprehensive file-based protection methods.
Of the 18 representative companies discussed in the report, Sophos is one of only two companies that can provide a solution for every single method with Sophos SafeGuard and Sophos Mobile Control.
Sophos SafeGuard, with its always-on file-based Synchronized Encryption, will protect your files wherever they go, for example when shared across platforms, emailed, or uploaded to cloud-based storage. The secure container technology and personal information management (PIM) capabilities in Sophos Mobile Control provide secure collaboration everywhere, working across mobile devices without compromising security and preventing accidental data leakage.
We agree with Gartner that, considering that information is highly mobile in today’s world, data protection solutions can no longer be centered around full disk encryption but should instead account for the many ways that business information needs protection as it moves.
To find out what Gartner says about the Information-Centric Endpoint and Mobile Protection marketplace, download the complete Market Guide here.
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally, and is used herein with permission. All rights reserved.
*Gartner Market Guide for Information-Centric Endpoint and Mobile Protection, John Girard, 26 October 2016
Sophos Central Adds Support for SIEMs (Splunk, ArcSight, etc)
Sophos Central has integrated many of the products a business needs to stay secure. However, they realize that many organizations have products from multiple vendors and leverage a SIEM (security information and event management) to try to make sense of all the security events produced by all those disparate products. With data flowing fast, IT teams face a big challenge when it comes to maintaining some semblance of coherent visibility into the vast amounts of information they’re constantly receiving from all their different vendor products.
In that spirit, they are pleased to announce that SIEM integration has been added to Sophos Central. Whether you use Splunk, ArcSight, or any other major SIEM, you’ll find it easy to connect to Sophos Central. You’ll get real-time insight into the events and alerts for all your Sophos Central products. It’s one integration whether you’re using Endpoint Advanced, or Wireless, or our next gen endpoint, Intercept X, or Email protection, or Encryption… they all work together so it’s a single integration.
Setup couldn’t be easier. Take a look at this short demo video to get an idea of how to get SIEM integration up and running within your organization:
With the recently released audit logs and RBAC features, SIEM integration is yet another step forward to improve the efficiency of IT teams large and small.
Contact us for more information
Data protection: proactive prevention is better than cure
From SC Magazine – David Angin
With employees and endpoints the weak links in the cyber-security chain, David Angwin says organisations must break away from traditional protection and switch focus to preventing sophisticated attacks before it’s too late.
Businesses and organisations looking to protect themselves against the dire consequences of data breaches in 2016 now face perhaps one of the most complex and rapidly evolving threat landscapes in recent years. Attackers are smarter and more targeted in their approach, and so too are the various forms of malware at their disposal. The threat of compromised security is compounded by the stagnating ‘reactive’ approach that many security solutions continue to employ in their attempts to prevent data loss, an approach which simply is not fit for purpose. As the saying goes: ‘an ounce of prevention is worth a pound of cure’, and in relation to data security, the logical step in keeping up with threats is to focus efforts on preventing an attack before damage has been done.
The weak links in the chain
The factors behind the increased risk to organizations are twofold. First, attackers are aware that employees are often the weak link in a security chain. Users can fall victim to expertly targeted ‘spear-phishing’ campaigns and allow malware in through a web browser, all it can take is one click of a link and the attack can proliferate from that one single point. Not only are spear-phishing attacks tailored to that particular organisation, but careful monitoring from the attackers can allow them to tailor their approach to individual employees.
Second, the network edge and endpoints within an organization are exploited by attackers as the path of least resistance to gain access to sensitive data. A Verizon report has found that 95 percent of threats originated at the endpoint.
There is increasing evidence of endpoint-related security breaches. Earlier this year, Swiss technology firm RUAG recognised a breach which had gone unnoticed since 2014, during which time attackers had obtained 23GB of potentially valuable/sensitive data. In this case, the 2016 report noted that infected endpoints were used as bots to relay information as communication and worker drones, making the attack more difficult to spot and allowing for complex instructions to be relayed without being detected.
Whether the cause is a sophisticated attack or a careless employee, the approach taken by traditional antivirus software is firmly rooted in the idea of ‘detecting and remediating’ the attack, one that crucially relies on the software obtaining a positive ID of the threat before it is able to take action. This is often not fast enough to effectively limit the damage caused by zero-day attacks, and the ability to remediate the attack is particularly limited in small businesses with limited or no IT staff.
Why wait to act?
This is the question that underpins the far more effective preventative approach to data protection. Advanced threat protection predicts potential attacks by utilising machine learning – which is a branch of artificial intelligence – to analyse all files prior to execution, determining which processes are safe before they can run. The software is able to make informed decisions about behavioural characteristics from millions of identifiers within the code, while using only a fraction of valuable system resources.
This approach is perfect for protecting traditional endpoints, and can also be utilised for alternative methods of application delivery, including in virtualised environments using energy-efficient thin clients. For many companies, virtualisation can enhance IT security management and protection, as it enables proactive security patches to be delivered remotely and simultaneously to all endpoints, and ensures company data is secured in the data centre.
Additionally, utilizing a data protection service in conjunction with advanced threat protection software and virtual desktops could create an environment that provides high levels of protection for organizations and mitigates the threats from increasingly sophisticated attacks.
With employees working in a virtualised environment, the enterprise is able to control all endpoints from a centralised management console, with the ability to assess, detect and react more quickly in the event of security issues. Next generation security solutions which adopt a preventative approach can be easily deployed and managed, the result being a comprehensive and future-proof protection strategy for the organisation.
Have questions on endpoint security – contact us.
The 3 Biggest Mistakes in CyberSecurity
August 23, 2016 – Chris Moschovitis – Information Management
Everyone, from the small business owner, to senior executives in businesses of every shape and size are confronting a seemingly insurmountable problem: Constant and rising cyber security breaches. It seems no matter what we do, there is always someone that was hacked, a new vulnerability exploited, and millions of dollars lost.
In an effort to stem the tide people have tried everything: From throwing money at it by buying the latest and greatest tech gizmos promising security, to outsourcing cyber security management, to handing it over to the IT folks to deal with it. And, every time the result is money lost, productivity decreased, and the attacks continue.
Many business people complain that we’re not just losing a battle here and there. We’re losing the war. Is that true?
The truth is that those that keep losing their cyber battles and risk losing the war are making three critical mistakes:
1. They think cyber security is a technology problem.
2. They follow a cyber security check list once-and-done.
3. They don’t have a cyber security awareness training program in place.
First, cyber security is not a technology problem. Far from it. It is a business-critical problem, and more importantly: It’s a people problem, and we need to address it at that level.
Second, cyber security is a constantly evolving battlefield. The threats evolve, the attacks take new paths, the underlying technologies change. A static check list solves yesterday’s problems, not today’s, and certainly not tomorrow’s.
Finally, if people don’t understand the threat they will not even see the attack coming, much less be able to respond and protect themselves. Cyber security awareness training is the only way to prepare everyone for the new reality we live and work in.
Cyber security is not an IT problem either, according to Prosyn. It is a risk management problem. This is easier to understand in your work and in a regulated industry. Therefore, the concept, language, even governance of risk management is part of the daily lexicon. This is why it’s so important that you understand how to respond to risk as well as being aware of what the risks may be before they occur.
Not so with small and mid-market businesses less familiar with the risk management function. It doesn’t help that the very nature of the threat and the way the “payload” of the attack is delivered is via information technologies. It almost makes sense to have IT deal with cyber security. But the victims are not the computers. The victims are the businesses and their people.
More importantly: A company’s Information Technology generates Value. It does so through myriad different ways depending on the business you are in, from the actual delivery of goods to clients (e.g. software businesses, data businesses, media, and technology businesses, etc.) to complementing, enhancing, and realizing the mission and vision of the company (law firms, manufacturing, logistics, healthcare, etc.) Owing to these security breach issues, many businesses tend to opt for services of reliable service providers like Privacera (https://privacera.com/products/centralized-access-control/) and similar others. By having centralized and secure access to all the data of the business, they are most likely to be not affected by cybercrime.
That said, externally sourced IT management could do a better job at regulating data security as well as other IT-based functions. As they are professionals in the field, software facility management may be leveled and managed properly. Besides, the risk involved in such functions may be taken up by the IT outsourcing company, which means that external threats may be mitigated without client company involvement.
Cyber security, like all risk management, is there to protect value. Therefore, you can never have cyber security (the value protector) report to IT (the value creator). That creates a conflict of interest. Just like IT reports directly to the CEO, so must cyber security. They are parallel tracks keeping the business train aligned and moving.
Once you have the reporting structure correctly in place, you need to empower it with executive buy-in and engagement. Cyber security needs your direction on company goals and risk appetite so they can develop the right strategy to protect the company’s assets. Cyber security professionals, working with the board and executives, including IT and business units, will develop the right defense-in-depth strategy that is right for the company.
Cybersecurity is a crucial component of a defensive strategy for businesses that operate online, like e-commerce stores. It is likely that you will need to protect your website or mobile application from cyber threats if you operate such a store. In order to accomplish this, you may need to develop a strong security system to protect customer data and transactions. In the event that you do not have enough funds, you can consult with companies that provide ecommerce financing options to fund your cybersecurity development.
Cyber security doesn’t happen in isolation. It is not a set check list. It is dynamic, adjusting strategy to risk, asset value, and controls. As market conditions change, as company goals change, and as technology changes, so will the cyber security strategy.
Neither structure nor strategy will help if you ignore the most important element in cyber security: People. In 2016 ISACA published the top three cybersecurity threats facing organizations in that year. They were, in order: 52% Social Engineering; 40% Insider Threats; 39% Advanced Persistent Threats.
Excluding the advanced persistent threats typically targeted against large multinationals, governments, military, infrastructure and the like, the other two have one common element: People.
It is people that become the victims of cyber-attacks, and by extension, the businesses they work in or do business with. Be it through social engineering, extortion, or any of the many vulnerabilities that hackers can exploit, it is people that get compromised first. They are the ones that have to pick up the pieces when all the data is gone or when their identity is stolen.
The good news is that cyber security awareness training is one of the most effective controls against hackers. Training and sensitizing people to the threats, the methods used, vulnerabilities, even their own personal privacy risks, has been proven time and again as the one thing that makes a real difference in early detection, quick response and recovery during a cyber-attack. Having a quarterly lunch-and-learn will go a long way in developing a culture of cyber awareness, saving both your business and your employees from cyber-harm.
Avoiding these three mistakes in cyber security won’t help win every single battle. But it will guarantee you win the war.