Symtrex Inc.

Cyber Security Specialist

Call - 866-431-8972 | Send an Email | Request a Quote
Visit Us On FacebookVisit Us On TwitterVisit Us On Linkedin

LogRhythm Named a Leader – 5th Consecutive Year

by

LogRhythm Named a Leader for Fifth Consecutive Year in Gartner Magic Quadrant for Security Information and Event Management (SIEM)

LogRhythm recognized for completeness of vision and ability to execute

BOULDER, Colo.–(BUSINESS WIRE)–LogRhythm, The Security Intelligence Company, today announced that it has, once again, been positioned as a Leader by Gartner, Inc. in the 2016 “Magic Quadrant for Security Information and Event Management” research report. This is the fifth consecutive year that Gartner has recognized LogRhythm as a Leader among SIEM providers.

Magic Quadrant siem“Organizations are under immense pressure to quickly detect, respond to and neutralize increasingly sophisticated cyber threats,” said Chris Petersen, CTO and co-founder of LogRhythm. “We are honored to be recognized by Gartner and believe this year’s placement in the Leaders quadrant for SIEM speaks volumes about our leadership in the market, and our ability to address the most pressing customer needs in the areas of threat management, security and compliance. I believe this report validates the excellence and dedication of our engineering and product teams. With our latest up-and-to-the-right movement in the leadership quadrant, it is crystal clear that LogRhythm is delivering on our promise to help companies around the globe neutralize today’s cyber threats.”According to Gartner, the SIEM Leaders quadrant is composed of vendors that provide products that are a strong functional match to general market requirements, have been the most successful in building an installed base and revenue stream within the SIEM market, and have a relatively high viability rating (due to SIEM revenue or SIEM revenue in combination with revenue from other sources). In addition to providing technology that is a good match to current customer requirements, Leaders also show evidence of superior vision and execution for emerging and anticipated requirements. They typically have relatively high market share and/or strong revenue growth, and have demonstrated positive customer feedback for effective SIEM capabilities and related service and support.

LogRhythm’s security intelligence and analytics platform unifies next-generation SIEM, including log management, network monitoring and forensics, endpoint monitoring and forensics security analytics, and user, network and endpoint behavioral analytics. In addition to protecting customers from the risks associated with cyber threats, LogRhythm provides innovative compliance automation and assurance, and enhanced IT intelligence.

Reprinted from Business Wire

Average cost of a data breach up 12.5 percent among Canadian Firms

by

IT World Canada – Howard Solomon

Canadian CISOs who want more hard data to convince the C-suite and boards to devote more resources to cybersecurity have a new report to show.

If a study of 24 Canadian organizations is accurate, the total cost over a recent 12 month period of a breach of over 1,000 records went up 12.5 per cent compared to 2014 to just over $6 million.

Another way of looking at it is the average cost per record stolen or lost went up 10.6 per cent to $278 compared to the same period the year before.

These numbers come from a study released last week by the Ponemon Institute that was funded by IBM. The costs were based upon estimates provided by participating victim organizations.

The report is part of an annual global study of breaches in 13 countries (United States, United Kingdom, Germany, Australia, France, Brazil, Japan, Italy, India, the United Arab Emirates, Saudi Arabia, Canada and, for the first time, South Africa), which last year covered 383 organizations. The average cost of a breach across all those firms was US$4 million.

Importantly, the study included the cost of losing customers: Of the Canadian companies studied, for those that lost less than one per cent of their existing customers the average total cost of a breach was $4.77 million, well below the global averae of $6.03 million. When companies had a churn rate of greater than 4 per cent, the average cost was $7.88 million.

There are two cautions: First, Ponemon admits that 24 firms is a small sample for this country, and second, only organizations that suffered a breach of between 1,000 and 100,000 lost or stolen records in 2015 were counted – meaning Ashley Madison isn’t there. That way catastrophic incidents don’t skew the results.

The number of Canadian breached records per incident in the study period ranged from 4,800 to 70,998 and the average number of breached records was 21,200.
“Over the many years studying the data breach experience of more than 2,000 organizations in every industry, we see that data breaches are now a consistent ‘cost of doing business’ in the cybercrime era,” said institute head Larry Ponemon. “The evidence shows that this is a permanent cost organizations need to be prepared to deal with and incorporate in their data protection strategies.”

The report has other interesting numbers:

–It took more than five months to detect that an incident occurred and almost two months to contain the incident;

–54 per cent of the Canadian data breaches studied were caused by malicious or criminal attacks, 25 per cent were caused by human error and 21 per cent by system glitches. Companies that experienced malicious attacks had a per capita data breach cost of $304, which is above the average for all organizations studied. In contrast, companies that experienced system glitches ($250) or employee negligence ($246) had per capita costs below the mean value;

–The more records lost, the higher the cost of the data breach. The cost ranged from $3.59 million for data breaches involving 10,000 or fewer lost or stolen records to $6.88 million for the loss or theft of more than 50,000 records;

–Notification costs increased. These costs include IT activities associated with creation of contract databases, determination of all regulatory requirements, engagement of outside experts, postal expenditures and inbound communication set-up. The average cost increased from $0.12 million in 2015 to $0.18 million in 2016;

–Lost business costs increased. This cost category typically includes the abnormal turnover of customers, increased customer acquisition activities, reputation losses and diminished goodwill. Among all the 383 companies studied these costs increased from an average US$1.99 million in 2015 to US$2.24 million in 2016 — that’s of the overall $4 million average cost.

“The biggest financial consequence to organizations that experienced a data breach is lost business,” says the report.

Both direct and indirect per capita costs increased significantly. The indirect cost of data breach includes costs related to the amount of time, effort and other organizational resources spent to resolve the breach. In contrast, direct costs are the actual expense incurred to accomplish a given activity such as purchasing technology or hiring a consultant.

Direct expenses include engaging forensic experts, outsourcing hotline support and providing free credit monitoring subscriptions and discounts for future products and services. Indirect costs include in-house investigations and communication, as well as the extrapolated value of customer loss resulting from turnover or diminished customer acquisition rates.

 

 

Snare Enterprise Agent Update

by

Intersect Alliance has released the following updates to their Enterprise Snare Agents, plus a new MSI package:

Enterprise Windows Agent V 4.3.6 – This release dealt with the following issues (download complete release notes):

  • Snare Unable to handle network destination starting with numeric value – There was an issue how a network destination is checked for IP address or DNS name. Due to the issue a DNS name starting with a numeric value can be treated as an IP address. Due to this issue, the network destination wont get used correctly to send the logs. This issue only affected sites where the destination address included a DNS name starting with a numeric value. This issue is fixed in this release and now the agent properly distinguishes between a full IP address and DNS name that begins with a numeric value.
  • Fixed same expression comparison – The agent was not correctly processing the 4739 “Account Administration” and the 4707 “A trust to a domain was removed” events internal expression matching via the objective radio buttons. If individual  matching was configured under the any event option then it would still be collected. This patch resolves the collection of these events.
  • Potential memory allocation error in Debug Msg – There was an issue with the memory allocation handling while sending the heartbeat. The issue is more prevalent on machines low on virtual memory. This issue can cause the agent to enter in an infinite heartbeat sending loop and consequently can cause denial of service attack on log collector destination(s). This issue is fixed in this release and now memory allocation error is correctly handled.
  • Potential SnareCore Crash Issue – There was an internal issue with the event log source name checking. Due to this issue the  Snarecore.exe process can crash when event log source name is is set to a null value from the event data which was unexpected from the Windows API. This issue is fixed in this release and now Snare properly handles the issue; logs the warning if event log source name is set to a null value. As a compensating process, as Snare internally knows the name of the event log source name from where it is pulling the events it will use that name as the log source if the Windows API replies with a NULL value.

Enterprise Epilog for Windows V 1.8.6 (download complete release notes) and Enterprise Agent for MS SQL V 1.4.7 (download complete release notes)

  • Snare Unable to handle network destination starting with numeric value – There was an issue how a network destination is checked for IP address or DNS name. Due to the issue a DNS name starting with a numeric value can be treated as an IP address. Due to this issue, the network destination wont get used correctly to send the logs. This issue only affected sites where the destination address included a DNS name starting with a numeric value. This issue is fixed in this release and now the agent properly distinguishes between a full IP address and DNS name that begins with a numeric value.

Enterprise Agent for Linus V 4.1.9 – New Feature was added (download complete release notes)

  • A user should be able to create their own audit.rules file and the Linux Agent should be able to monitor any events it generates – Added the ability to specify a single rule objective with an ‘Any Event’ objective type and use a wildcard (‘*’) which indicates the agent will process all events coming from the audit subsystem. This is useful if the user wishes to use the agent but use a custom audit.rules file.

These updates are now available within your client area.  If you have difficulty accessing please contact our office with your maintenance number.

 

Hexis HawkEye G 4.0 Release Now Available

by

HawkEye G 4.0 Features Network Sandbox Capabilities Powered
by a Partnership with Lastline, a Cloud Offering, and Extended 24/7
Managed Services

HANOVER, Md., May 2, 2016 – Hexis Cyber Solutions Inc. (Hexis), a wholly-owned subsidiary of The KEYW Holding Corporation (NASDAQ: KEYW) and provider of advanced cybersecurity solutions for commercial companies and government agencies, announced today the general availability of HawkEye G 4.0. This release represents a continued focus on expanding the company’s core capabilities of integrated detection and automated response. Major highlights of this release include:

  • Addition of network sandbox capabilities through a strategic partnership with Lastline. This enhances HawkEye G’s breach detection by combining industry-leading network sandboxing with its next-generation endpoint detection and response.
  • Expanded and flexible deployment options for HawkEye G deployed in the cloud, on-premise, or a hybrid deployment.
  • Managed Services Premium now available, providing organizations with continuous security monitoring and management around-the-clock 24/7.

Improved Detection Combines Industry Leading Network Sandboxing Powered by Lastline with HawkEye G Next-Generation Endpoint Detection and Response
HawkEye G 4.0 now offers network sandboxing capabilities powered by Lastline, the only Full System Emulation (FUSE™) malware analysis platform with one of the highest-rated scores for security effectiveness by independent testing company NSS Labs. The integration of network sandboxing powered by Lastline strengthens HawkEye G’s signature-less detection improving an organization’s ability to detect and remediate unknown cyber threats. HawkEye G extracts suspicious multi-protocol content from network traffic and sends it to Lastline’s hosted or on-premise sandbox environment, where it is detonated and analyzed. Release 4.0 includes support for Windows PE executables, Microsoft Office documents, and PDF files in HTTP and STMP traffic; future support will include Mac OS X Mach-O executables and Android APK binaries delivering the most comprehensive coverage of file types and protocols available in the industry.

“The partnership between Hexis and Lastline provides a compelling offering for enterprises of all sizes looking to improve the visibility and detection of unknown threats at both the endpoint and network while eliminating point solutions from their enterprise,” explains Chris Carlson, VP of Product Management, Hexis Cyber Solutions. “This integrated offering provides organizations with industry-leading network sandboxing in addition to our award-winning next-generation endpoint detection and response capabilities.”

The Lastline partnership bolsters our integration capabilities with market-leading security technologies including FireEye™, Palo Alto Networks™ and Splunk™.

HawkEye G’s Next-Generation Endpoint Detection and Response Platform Now Available in Cloud and Hybrid Cloud Deployments
The release of HawkEye G 4.0 also includes a cloud offering. The single tenant cloud deployment provides an easy, secure way to leverage HawkEye G without needing to deploy and manage on-premise equipment. For customers who select the cloud deployment, Hexis offers a choice of geographic data center locations starting with the United States, with forthcoming datacenters in the United Kingdom, Germany, Australia and Japan.

“Whether you leverage HawkEye G in the cloud, on-premise, or a hybrid combination, the enhancements featured in HawkEye G 4.0 position us as the leading threat detection and automated response platform available today,” Chris Carlson states. “As we continue to bring innovative capabilities to the market, customers of all sizes will benefit from the advanced security protection we’re offering.”

Hexis Managed Services Premium Now Provides Continuous Security Monitoring and Management Around-the-Clock 24/7
Hexis also announces the availability of Managed Services Premium, providing customers with access to Hexis cyber security experts 24 hours a day, 7 days a week. This new offering expands comprehensive security management and monitoring of customer environments to include non-traditional business hours.

To read the press release

Snare Agent Updates

by

The following agents have been updates and are available for our clients in their client area:

Windows Agent (V 4.3.5) Release Notes

  • includes new syslog feature – RFC 5424 header versioning and timestamping added as an optional format choice for syslog header
  • two bug fixes pertaining to sending custom events and USB events.

Epilog Agent for Windows (V 1.8.6) Release Notes

MS SQL Agent V 1.4.6 Release Notes

  • provides for a fix to a possible memory usage issue.

All include a security update to the Open SSL Library.

For more information refer to the release notes or contact us.