Symtrex Inc.

Cyber Security Specialist

Call - 866-431-8972 | Send an Email | Request a Quote
Visit Us On FacebookVisit Us On TwitterVisit Us On Linkedin

Solarwinds honoured - Network & Security Product Excellence

by

AUSTIN, TX -(Marketwired - March 23, 2016) - SolarWinds, a leading provider of powerful and affordable IT management software, today announced several industry accolades for its network and security management products from respected industry publications including, SC Magazine®, Cyber Defense Magazine, Network Computing® and CRN®.

“At SolarWinds, we are proud to provide IT professionals with robust products that equip them with deep visibility and reliable data to help tackle the monitoring and management challenges they are confronting in their environments,” said Nikki Jennings, group vice president, product strategy, SolarWinds. “Receiving these product awards is affirmation that we are listening to our users, taking the time to understand the problems they are facing, and dedicating our time to providing the products they need to solve all their IT problems.”

Network Management

  • SolarWinds® Network Configuration Manager won for “Best Risk/Policy Management Solution” in the 2015 SC Awards U.S.
  • SolarWinds Network Performance Monitor was a finalist for “Network Management Product of the Year” in the 2016 Network Computing UK Awards
  • SolarWinds was a finalist for “Company of the Year” in the 2016 Network Computing UK Awards

Security Management

  • SolarWinds Log & Event Manager won for “Best Product — Security Information Event Management (SIEM)” in the 2016 Cyber Defense Awards
  • SolarWinds was named the “Hot Company — Patch & Configuration Management” for SolarWinds Patch Manager in the 2016 Cyber Defense Awards
  • SolarWinds was named one of the “20 Coolest SIEM and Threat Detection Vendors” in CRN‘s 2016 Security 100
  • SolarWinds Log & Event Manager is a finalist for “Best SIEM Solution” in the 2016 SC Magazine Awards Europe; winners to be announced June 7

To find out more about Solarwinds give us a call at 866-431-8972, send us an email at [email protected],

LogRhythm - Harnessing your Inner SIEM

by

ITWire - Ray Shaw March 21, 2016

Security information and event management (SIEM) is an approach to security management that provides a holistic view of an organization’s IT security.

The buzzword in 2015 was cyber threat intelligence (CTI) - everyone wanted useful data and analytical tools for next-gen cyber security to detect and respond to threats faster. The industry responded by providing a plethora of CTI products.

Matt Willems, a four-year, Labs Engineer, at LogRhythm has written a good overview of CTI and SIEM. Of course it is from a LogRhythm perspective.

He works closely with the Machine Data Intelligence team to collect consistent data for its Co-Pilot Program, develop new rule blocks for advanced correlation and builds parsing rules to support new devices. He also provides Incident Response support—analysing and interpreting data and delivering up-to-date content for the Knowledge Base to neutralize threats faster.

He starts by defining what cyber threat intelligence means and how to leverage successfully the information that is already in the SIEM ecosystem.

What is Cyber Threat Intelligence?

SC Magazine’s free Cyberthreat Intelligence e-book, (registration required) discusses CTI, the benefits of integrating into an organization’s defence strategy, as well as the different threat sharing initiatives and alliances.

Gartner defines CTI as evidence-based knowledge - including context, mechanisms, indicators, implications and actionable advice - about an existing or emerging menace or hazard to assets that can be used to inform decisions regarding the subject’s response to that menace or hazard.

“It can also be described as the process of detecting potential and actual threats using evidenced-based data, responding to them and defeating the attackers using forensic and logical data the attackers themselves leave behind,” according to SC Magazine’s Cyberthreat Intelligence e-book.

Without actionable data, there is no proactive defence. An effective CTI sets up the appropriate countermeasures automatically for drastically improved detection and response times.

Next-Gen Log Management to Facilitate CTI

CTI requires a log management tool [such as LogRhythm] to correlate the information to make the raw data collected actionable.

“The absolute minimum barrier to entry is a security information and event management (SIEM) or log management product of some sort. Then you at least have something to correlate the information that’s coming into your security ecosystem,” says Andrew Hay, CISO at DataGravity.

LogRhythm contextually structures every log message to store and understand what the data means.

Identify Nefarious Activity with a Distributed Set of Data

Every attack is different. All cyber-attacks have indicators of compromise (IOCs). Feeding IOCs into a SIEM provides full visibility into the network. With this information, a SIEM will correlate the logs from across the network to form a distributed set of data.

An effective CTI solution can identify various touch points as a potential hazard using the distributed data set. Instead of looking at the attack pattern as a whole, it should only need one command before automating a response and thwart an attack.

LogRhythm’s AI Engine has over 70 metadata fields that provide highly relevant data for analysis and correlation and over 900 preconfigured, out-of-the-box correlation rule sets. It can accurately define “normal” activities and automatically alarm for nefarious activities.

Make Data Actionable Out-of-the-Box

The goal of cyber threat intelligence is to draw actionable data from the thousands of log files and data streams to identify signs of nefarious behaviour. SIEMs can efficiently correlate log messages and set off alarms. Once these behaviours are detected an effective CTI product will automate your response based on the digital evidence before a breach takes place.

“It’s not just detecting a potential attack or compromise, it’s a question of what you’re going to do about it,” says Michael Orosz, director of Decision System Group, Information Sciences Institute, Viterbi School of Engineering, University of Southern California.

LogRhythm’s SmartResponse operationalizes data out-of-the-box to make it actionable. Once an alarm is set off, it enables an automated response or a semi-automated response with a sophisticated approval process.

Employ Honeypots for an Adaptive and Proactive Response

Honeypots are isolated systems such as web servers designed to look like part of the corporate network. These decoy systems are easy to exploit, to make them an attractive target for opportunist attackers.

Honeypots provide the actionable data necessary for cyber threat intelligence without compromising the network. By monitoring honeypot activity, an organization can learn about targeted threats and use this information to understand who they are being targeted by, what information their adversaries are seeking and how attack patterns will look within the network. This information enables proactive threat defence.

LogRhythm’s Honeypot Security Analytics Suite automatically tracks and analyzes an attacker’s actions to create a behaviour profile. If an observed attacker’s behaviour on the honeypot is mirrored by similar action within the environment, AI Engine automates a SmartResponse.

Cyber threat intelligence combines data left behind by attackers and innovative analytics to create the next-generation of cybersecurity intelligence.

 

Cybercrime trends point to growing sophistication

by

By Robin Wright - Site Editor

Sophos’ James Lyne warns that cybercriminals are becoming more effective, thanks to document-based malware and advanced social engineering techniques.

SAN FRANCISCO — Cybercrime trends point to an alarming increase in advanced social engineering techniques and customized, targeted document-based malware attacks in 2016, according to Sophos research.

James Lyne, head of global security research at Sophos and an instructor with the SANS Institute, spoke about these cybercrime trends during a presentation at RSA Conference 2016 Wednesday and offered several warnings to enterprises about specific emerging threats. Lyne said Sophos’ latest research shows tried and true attack methods and threats, such as drive-by downloads and phishing attacks, are as common as ever.

But Lyne also explained that cybercriminals today are moving to new, greener pastures and becoming much better at making money from stolen information. In fact, he said cybercriminals have built a mature underground economy on the dark Web that puts legitimate ecommerce efforts to shame. Specifically, Lyne offered the example of AlphaBay Market, a site on the dark Web that allows cybercriminals to buy, sell and trade data. He showed how the site would automatically remove credit card numbers for sale when they gets a couple days old because by that time, the account number may have been already changed.

“They also factor the pricing [of the data] according to how many cybercriminals have bought it so far,” Lyne said. “So they have a little bit of a stock market going on the value of the data and the likelihood of you being able to use it for fraud purposes.”

But there’s more, Lyne said. When cybercriminals sign up for the site, they have to provide a PPG or GPG key to authenticate themselves. Lyne said Sophos researchers signed up for the site and purchased some data for testing purposes; within two seconds of purchase, they received an email with PPG encrypted Excel file with all of the credit card account information.

“Frankly, it’s one of the better online shopping experiences I’ve had in my life,” he said. “Using PPG and GPG keys – man, I wish we could get real retailers to do stuff like that. This is impression best practices.”

However, Lyne warned that AlphaBay was offering more than just credit card numbers and email addresses. The most valuable information was credentials. For example, Lyne said that cybercriminals can focus their search for something as specific as VPN access for a company in a designated region or vertical industry.

Even more distressing, according to Lyne, was the advancement Sophos researchers discovered in social engineering attacks. Lyne said at last year’s RSA Conference, he delivered a presentation that show a “slight uptick in quality” of social engineering attacks that had moved beyond stock scam emails regarding Nigerian princes and instead employed more targeted, well-researched intelligence to fool targets.

“That trend is in absolute full brutal force [today],” Lyne said. “It’s staggering how good some of the scams actually are.”

For example, instead of sending scam emails to people offering tax refunds, which no longer have a high success rate, cybercriminals may send a resume or CV file to an organization that has published job openings. And Lyne said that even such emails with obvious misspellings or bad grammar still get clicked on by some users.

Document-based malware on the rise

The resume and CV file attacks are particularly concerning, Lyne said, because of another cybercrime trend: document-based malware. “There’s some interesting things occurring [where] a small subsection of cybercriminals are focused on document-based malware,” he said. “They are producing toolkits, just like we see from mainstream cybercriminals, that are specifically focused on [document] exploits.”

In addition to customizing document-based malware, Lyne said, many cybercriminals are using this type of attack to purposefully limit the distribution of their document-based malware and instead target just two or three thousand people in a specific vertical or company. And document-based malware combined with more advanced social engineering techniques can make for a devastating attack, Lyne said. For example, he said his favorite recent example was a document that was made to look like an encrypted file with confidential data.

“Isn’t that clever—using heightened awareness of security to actually get people to open something? If it’s encrypted, it must be important, right?” Lyne said. “They’ve really upped their game with social engineering techniques.”

Lyne said these cybercrime trends all add up to show an unsettling truth for enterprises: that attack methods are maturing, as is the underground economy around stolen data and credentials. “There are numerous things here that fly in the face of our usual expectations of how cybercrime works,” he said. “Things like only focusing on two or three thousand users, limiting distribution purposefully, custom crafting [of document-based malware] and use of excellence in social engineering.”

 

Hexis Cyber Solutions Enhances HawkEye G Integrated Detection and Automated Response Capabilities

by

HANOVER. Md., March 01, 2016 — Hexis Cyber Solutions Inc. (Hexis), a wholly-owned subsidiary of The KEYW Holding Corporation (NASDAQ:KEYW), and a provider of advanced cybersecurity solutions for commercial companies and government agencies, is committed to the continuous innovation and development of its flagship next-generation endpoint security solution, HawkEye G. With a continued focus on enhancing its integrated malware and threat actor detection modules, enterprise platform support, and ecosystem partners, Hexis is pleased to announce current and forthcoming product enhancements to its HawkEye G solution.

Significant HawkEye G Release 4 Enhancements Demonstrate Continued Innovation

Hexis continues to focus on product innovation and the forthcoming HawkEye G release 4 will include several, significant enhancements.

Expanded network sandboxing integration.

HawkEye G Release 4 will include native, network sandboxing capabilities powered by Lastline, the only Full System Emulation (FUSE™) malware analysis platform. Lastline was recognized by NSS Labs as a leader in Breach Detection in its 2015 Breach Detection System Comparative Evaluation. This technology integration will add multi-protocol content extraction and network sandbox malware analysis to the HawkEye G product line without requiring additional appliances. Network content will be extracted, verified, and submitted from the HawkEye G Network Sensor appliances to Lastline’s malware analysis sandbox for detonation, analysis, and scoring for false positive reduction or response actions based on real-time endpoint event data. Organizations can choose to leverage Lastline’s cloud-based or on-premise offerings for the analysis of Windows PE files, Microsoft Office documents, and PDF files extracted from HTTP and SMTP protocols on a single appliance.

Expanding Platform Coverage to Mac OS.

Hexis’ platform support includes Windows workstation and server, Red Hat Linux, and with Release 4 of HawkEye G, expands coverage to Mac OS X. “We continue to expand our platform support offerings to meet our customers’ growing needs for security on their end-user computing platforms. With the addition of Mac OS X support, we’ve set a high bar enabling organizations to improve their endpoint security posture across multiple operating systems, delivering multiple advanced malware detection engines, an expanding third-party ecosystem, and automated response capabilities from a single technology vendor,” explains Chris Carlson, Hexis VP of Product Management.

YARA Rules Support.

HawkEye G Release 4 adds support for customer-defined YARA rules via a YARA engine embedded in the HawkEye G Host Sensor. This will enable multiple new capabilities including custom threat scoring in detection mode, automated quarantine file in response mode, and a new endpoint prevention module that performs process pre-execution suspension, inspection, and termination before malware begins to execute. The prevention module runs locally on the endpoint in either online or offline modes without requiring connection to the HawkEye G Manager or cloud services to function.

“The team has worked tirelessly to develop these product enhancements for the HawkEye G Release 4. We are confident that these additions to the product will empower our enterprise and government customers to better prevent, detect, and respond to ever-changing malicious attacks,” says Chris Fedde, President, Hexis Cyber Solutions.

Hexis HawkEye G App for Splunk™

Built from the ground up with integration in mind, Hexis strives to continuously expand and improve our technology integrations and partnerships with the goal of increasing the value of our solution and enhancing ROI for customers.

With this in mind, we are pleased to announce the release of Hexis HawkEye G App for Splunk, which is now available for download on the Splunk marketplace. The HawkEye G App for Splunk presents a real-time situational overview of the HawkEye G deployment, including dashboards, reports, search and alerting on endpoint and network threat activity, threat scoring, automated and machine-guided remediation activity, and system health and status

LogRhythm’s Security Intelligence Platform SIEM Product Review

by

by Karen Scarfone - Tech Target

Expert Karen Scarfone examines LogRhythm’s Security Intelligence Platform, a SIEM tool for analyzing collected data

The LogRhythm Security Intelligence Platform is a security information and event management (SIEM) product for enterprise use. It is used to collect security event log data from software throughout an enterprise, including network security controls, operating systems and user applications. The SIEM tool analyzes the data to identify possible signs of malicious activity so humans or automated processes can stop attacks in progress or help recover from successful attacks. SIEM platforms such as LogRhythm’s also generate detailed reports on security events that can be used to document compliance with security regulations, laws and other requirements.

LogRhythm SIEM product versions

LogRhythm’s SIEM platform is available in several formats, including an all-in-one bundle or distributed components, and as hardware-based appliances, server-based software and virtual appliances (supported by VMWare ESX, Microsoft Hyper-V and Citrix XenServer). These last three formats — hardware, virtual and server software — can be mixed

and matched as needed within a single LogRhythm Security Intelligence Platform implementation.

Examples of the major component types are:

  • Platform Manager (PM): Supports centralized management and administration for the LogRhythm implementation
  • Data Processor (DP): Performs log collection and management
  • Data Indexer (DX): Indexes data and metadata
  • AI Engine (AI): Provides correlation and analysis capabilities
  • All-In-One (XM): Combines the PM, DP, DX and AI components
  • Network Monitor (NM): Specializes in deep analysis of network traffic contents
  • Data Collector (DC): Collects log data from remote systems and prepares it for secure transfer to the centralized LogRhythm Security Intelligence Platform implementation

Read the full article ->