Cyber Security Specialist
by admin
This video demonstrates the ease and power of LogRhythm, and answers the question – what do you want to be woken up in the middle of the night for
LogRhythm, a leader in security intelligence and analytics, empowers organizations around the globe to rapidly detect, respond to and neutralize damaging cyber threats. The company’s award-winning platform unifies next-generation SIEM, log management, network and endpoint forensics, and advanced security analytics.
by admin
Oxford, UK, June [9] 2015, Sophos today announced that it has acquired Reflexion Networks Inc., a leader in cloud-based email security, archiving, email encryption and business continuity services. The acquisition will enable Sophos to add cloud-based email security to Sophos Cloud, the company’s single, integrated cloud-based management console. Together, Reflexion and Sophos will deliver enterprise-grade email security in one affordable and simple-to-manage solution.
Reflexion Networks offers a complete portfolio of cloud-based email security technologies that help organizations meet their needs for secure communications. Reflexion Total Control blocks spam and viruses before they ever get to the corporate network. Archiving, discovery, and recovery services allow fast search and retrieval capabilities, while encryption services ensure that email communications are only readable by intended recipients. In addition, Reflexion offers business continuity services to ensure uninterrupted business communications in the event of an outage.
Sophos Cloud, which was launched in mid-2013, provides endpoint security, mobile device management and security, server security, and application whitelisting through a single, integrated cloud-based console.
“The Reflexion platform has been built from the ground up to run in the cloud at scale and will strengthen and accelerate our ability to offer email protection when and where the customer wants it,” commented Bill Lucchini, senior vice president of Sophos Cloud Security Group. “As we integrate this technology with Sophos Cloud it will complement our Sophos Secure Email Appliance giving IT professionals the choice of a cloud-based solution, or an on-premise solution. We are excited about the opportunity this brings and welcome the Reflexion Networks team to Sophos.”
by admin
From Health IT Security – Read Full Article
It seems as if every week there is a new top data security issue for healthcare organizations to remain vigilant on. If nothing else, it further underlines why a well-rounded approach to data security is essential, and covered entities must ensure their administrative, technical, and physical safeguards are all current.
A recent report from a law firm shows why employee training and education programs are critical for all industries, including healthcare. Human error was the number one cause of data security issues,according to Baker Hostetler. The firm reviewed cases it had worked on in the last year that related to privacy and data protection, and found that employee negligence was responsible for 37 percent of reported issues. – More ->
Interesting article, however when it comes to Human Error, I believe the issue is really human nature. We can educate our employees to not click on “phishing attempts”, the problem is that some are written so well that even the most educated person will open the email. In these instances the only remediation is to incorporate security products that will detect and remediate any malware or threats to the corporate network, block any communication with a command and control as well as monitor your network for unusual behaviour.
Contact us with any questions on how we can assist.
by admin
Mark Burnette, For The Tennessean 11:11 p.m. CDT April 29, 2015
Today’s companies face a truly daunting task when trying to protect their computer systems and sensitive data from compromise. Attackers are better coordinated and more sophisticated than ever before, and their tools are easier to obtain and use.
While there are many security issues for businesses to be concerned about (some of which are covered in other installments of this series), an all-too-common problem at companies of all sizes is attacks directed at the computer users themselves. The vulnerable users are workers in the company who have user accounts and passwords and use desktops, laptops, tablets and other devices to interact with a company’s data and network. Hackers and other bad guys target these users because they have access to sensitive data and systems, their account passwords are typically easy to guess or crack, and they are often willing to open a malicious file, click on an emailed link or even willingly type their password into a bogus site.
Protecting your company against end-user attacks requires a two-pronged approach: 1) train your users to help them be more aware of how end-user security attacks occur and 2) configure your systems to make it harder for the bad guys to successfully get in if a user slips up. Here’s a list of steps you should take:
•Keep up to date with security patches provided by software vendors for end-user machines. In addition to operating system patches, be sure to patch application software such as Adobe, Java and web browsers, as older versions of those tools have well-known vulnerabilities that are frequent vectors of attack.
•Provide spam filtering for every machine, with sensitivity controls turned up. One of the most common tactics attackers use to make initial entry into a company’s network is enticing end users to click on a spam email link that installs malware. While this won’t stop every phishing attempt, if you can filter out even one, that is one fewer opportunity for an unsuspecting user to click a bad link.
•Remove local administrator rights from end-user machines. Local administrator rights give a user more power to make changes to a computer, and if an attacker gains control of a machine with those rights, damage to the network can be much more significant.
•Make sure there is up-to-date anti-virus/malware protection installed on every machine.
•Require IT personnel to use different passwords when they work on servers. Even IT administrators can fall victim to email phishing attacks when they are working on their own computer. If they click on a bad link while logged in as an administrator, attackers can gain big-time access to your network using their privileged credentials.
•Develop a security awareness program for all personnel to help them understand their responsibilities when using a company computer system and/or handling sensitive data. This training should also teach users how to create good passwords (ones that are easy to remember, but difficult to guess).
•And perhaps most importantly, require “two-factor authentication” for users logging on to the network from a remote location. That means that a password alone is not enough to gain access; another form of authentication is needed. That could take the form of such things as a fingerprint, a token (a physical device that generates a code that is entered on the machine) or a digital certificate. If two-factor authentication is in place, an attacker who successfully captures a user’s access credentials still won’t be able to remotely connect to the network without the second factor (the token).
Taking all these measures will not completely eliminate the possibility of a successful attack, but it will greatly reduce your exposure to this common attack path, which just might make a potential attacker move on to a more vulnerable target.
Mark Burnette is a partner in the Security and Risk Services practice at LBMC, the largest regional accounting and financial services family of companies based in Tennessee, with offices in Brentwood, Chattanooga and Knoxville.
by admin
Better device and data security through innovation and integration
Background
The endpoint has changed. No longer are endpoints just Windows workstations operating within a corporate perimeter and accessing servers that are inside the same perimeter. Instead, organizations are faced with a diverse set of workstation and mobile device platforms that are used everywhere and that routinely access data stored on the network, in the cloud and on the devices themselves.
While attackers have taken advantage of these changes, adapting to new platforms and developing more sophisticated attacks, endpoint security has been slower to evolve. In most cases, the focus is still primarily on preventing malicious files from infecting Windows endpoints. It’s no wonder, then, that businesses are struggling to keep up with the latest threats and to protect their sensitive data.
The Sophos Approach
Sophos is taking a different approach to building security for businesses, anchored by three core beliefs:
Next-Generation Enduser Protection is our vision of applying these principles to deliver better security for enduser devices and data through the integration of innovative endpoint, mobile and encryption technologies. Imagine a system that collects suspicious events from all your devices, correlates the data to identify a compromised system, alerts the administrator, temporarily locks down the system — and access from that system to sensitive network and cloud data — and removes the detected threat, all automatically. That’s what Next-Generation Enduser Protection will make possible.
Next-Generation Enduser Protection represents a fundamental change to how we approach security. Traditional antivirus starts and ends with preventing infected files from running on a computer. If an infected file does run, the attacker is now in a position to cause damage or steal data without being detected. In contrast, we’re looking not just at whether a file is infected, but whether the computer is exhibiting behaviors that indicate the system is under attack or already compromised. We can then bring all our technology to bear on stopping and removing the threat. By focusing on prevention, detection and remediation of the entire system, we can give organizations peace of mind that they will suffer fewer infections and have a lower risk of data breaches and other security incidents.
What’s new
The first next-generation feature to reach the endpoint is Malicious Traffic Detection, which catches compromised computers in the act of communicating with attackers’ command and control servers. Similar technology available in next-generation firewalls — including ours — can alert administrators to the presence of a compromised system on the network. But because we integrate the feature into the endpoint, we can go further by detecting a compromise on or off the network, identifying the specific malicious file, and cleaning up the infection. For customers, this means better detection rates and less time investigating and manually cleaning compromised systems.
Also released is the new Sophos System Protector, which is the “brain” of our updated endpoint agent. It correlates information from the Malicious Traffic Detector and other components to identify threats that might not be deemed “bad” by any one component on its own. This results in better protection against advanced threats, with fewer false positives.
Both Malicious Traffic Detection and Sophos System Protector are rolling out in January 2015 in our Sophos Cloud Enduser Protection and Sophos Cloud Endpoint Protection Advanced products. We expect to introduce both features into the corresponding on-premise products in the first half of 2015.
Download the datasheet or contact us for more information
