Symtrex Inc.

Cyber Security Specialist

Call - 866-431-8972 | Send an Email | Request a Quote
Visit Us On FacebookVisit Us On TwitterVisit Us On Linkedin

Next-Generation Enduser Protection - Sophos

by

Better device and data security through innovation and integration

Background
The endpoint has changed. No longer are endpoints just Windows workstations operating within a corporate perimeter and accessing servers that are inside the same perimeter. Instead, organizations are faced with a diverse set of workstation and mobile device platforms that are used everywhere and that routinely access data stored on the network, in the cloud and on the devices themselves.

While attackers have taken advantage of these changes, adapting to new platforms and developing more sophisticated attacks, endpoint security has been slower to evolve. In most cases, the focus is still primarily on preventing malicious files from infecting Windows endpoints. It’s no wonder, then, that businesses are struggling to keep up with the latest threats and to protect their sensitive data.

The Sophos Approach
Sophos is taking a different approach to building security for businesses, anchored by three core beliefs:

  1. Security must be comprehensive. A solution must include all the capabilities required to satisfy a customer’s needs.
  2. Security can be made simple. That simplicity must be reflected in everything about the solution, including deployment, management, licensing, support and the overall user experience.
  3. Security is more effective as a system. New possibilities emerge when technology components communicate and cooperate, instead of each functioning in isolation.

Next-Generation Enduser Protection is our vision of applying these principles to deliver better security for enduser devices and data through the integration of innovative endpoint, mobile and encryption technologies. Imagine a system that collects suspicious events from all your devices, correlates the data to identify a compromised system, alerts the administrator, temporarily locks down the system — and access from that system to sensitive network and cloud data — and removes the detected threat, all automatically. That’s what Next-Generation Enduser Protection will make possible.

Next-Generation Enduser Protection represents a fundamental change to how we approach security. Traditional antivirus starts and ends with preventing infected files from running on a computer. If an infected file does run, the attacker is now in a position to cause damage or steal data without being detected. In contrast, we’re looking not just at whether a file is infected, but whether the computer is exhibiting behaviors that indicate the system is under attack or already compromised. We can then bring all our technology to bear on stopping and removing the threat. By focusing on prevention, detection and remediation of the entire system, we can give organizations peace of mind that they will suffer fewer infections and have a lower risk of data breaches and other security incidents.

What’s new
The first next-generation feature to reach the endpoint is Malicious Traffic Detection, which catches compromised computers in the act of communicating with attackers’ command and control servers. Similar technology available in next-generation firewalls — including ours — can alert administrators to the presence of a compromised system on the network. But because we integrate the feature into the endpoint, we can go further by detecting a compromise on or off the network, identifying the specific malicious file, and cleaning up the infection. For customers, this means better detection rates and less time investigating and manually cleaning compromised systems.

Also released is the new Sophos System Protector, which is the “brain” of our updated endpoint agent. It correlates information from the Malicious Traffic Detector and other components to identify threats that might not be deemed “bad” by any one component on its own. This results in better protection against advanced threats, with fewer false positives.

Both Malicious Traffic Detection and Sophos System Protector are rolling out in January 2015 in our Sophos Cloud Enduser Protection and Sophos Cloud Endpoint Protection Advanced products. We expect to introduce both features into the corresponding on-premise products in the first half of 2015.

Download the datasheet or contact us for more information

 

SolarWinds Automates Key Network Monitoring Tasks

by

From IT World Canada

SolarWinds has added new features to its Network Performance Monitor (NPM) tool to help IT administrators better manage the increasing number of mobile devices connecting to the corporate network.

The ramp up in mobile adoption and the bring-your-own-device trend has added considerable complexity to the enterprise network. However many IT departments are still monitoring networks the way they did about a decade ago. It is not uncommon to see some IT outfit employing a collection of different solutions to keep track of different devices and conduct various monitoring tasks manually.

SolarWinds (NYSE: SWI) said its updated NPM now has wireless heat mapping that allows IT pros to maintain automatic, real-time maps of wireless network signal strengths. The tool also enables continuous wireless coverage and speeds up troubleshooting.

A new forecasting feature also automatically monitors critical network resources to help administrators predict future needs and prevent outages.

With NPM’s new wireless network heat maps, IT pros can automatically map their wireless networks to show signal strength according to their floor plans – whether in a small doctor’s office or a 40,000/sf campus – with a visual display of critical status and performance metrics,” said Chris LaPoint, vice-president, product management, SolarWinds.

With the heat maps, IT departments can now:

  • Troubleshoot client connectivity issues, keeping mobile end-users working with minimal disruption to their productivity
  • Generate user-sourced wireless signal strength surveys for coverage in all network locations, including remote sites
  • Prioritize wireless signal strength where it is most needed and proactively make adjustments such as adding wireless access points,modifying the environment, etc.
  • Use client location tracking to find any wireless-connected device within the network, helping IT keep track of end-users and rogue or misplaced devices

The new capacity forecasting capability automates planning for bandwith, wide area network, circuits and other network needs. IT departments can now:

  • Use historical data from NPM on CPU, memory, volumes,connected wireless clients, node, and interface traffic utilization to provide automated assessments of average and peak use
  • Answer the question, “How many days before I run out of disk space /CPU/bandwidth, etc. and it impacts a user’s network connectivity?”
  • Set customizable alerts to proactively secure the necessary network resources to get ahead of those situations

 

Are SIEM’s Enough?

by

If you are like most companies today, you have followed all the steps to ensure compliance with the myriad of regulations - SOX, PCI DSS, HIPAA, to name a few: Firewall in place, AntiVirus Deployed, Network Segmented, IDS/IPS, with the logs being sent to an SIEM/SIM/SEM. You are capturing event data from systems (Windows, Linux, Applications, etc) and sending that information as well. Reports have been created, and alerts setup for any unusual behaviour. So why according to Verizon Data Breach Report are the number of incidents/breaches climbing every year. In addition, according to the 2014 Cyberthreat Defense Report, by the CyberEdge Group, 60% of respondents were affected by a successful cyberattack in 2013.

Reviewing logs (10 years ago) was the best way to see what was occurring on your network, and for the most part were extremely successful, a jump in activity on a device indicated a form of malware/trojan/virus. So what has changed?

  • Increased sophistication of threats.
  • Proliferation of devices and applications
  • Rise of Social Media
  • Inadequate Data Collection
  • Data overload
  • Over normalization
  • Siloed information and processes.

Organizations are collecting data from a variety of data sources, or trying to, and then create complex queries to generate reports. The problem lies in the fact that you are collecting log data for a compliance regulation,not necessarily for security. Being compliant does not equate to being secured. Log Management truly assist with forensics - after the breach - but most do not assist with predicting or providing Security Analytics. In order to have security intelligence and therefore have anomaly detection, you need historical data to create a more effective baseline of average activity by either the user or the computer (asset), and for most SIEM/SEM/SIM’s the more data collected, the slower they will perform. By utilizing a Data Analytics platform, to augment your SIEM/SEM/SIM, additional alerts can be generated on activity that deviates by specific thresholds, and can be investigated immediately. Allowing a machine to “learn” the habits of the organization will eliminate human error. Have a look at the whitepaper by our partner Hexis Cyber Solutions - Why SIEM’s Are Not Enough,or review the HawkEye AP .

Contact us for web demonstration of the product.

Cyber Attacks On US Companies in 2014

by

By

The spate of recent data breaches at big-name companies such as JPMorgan Chase, Home Depot, and Target raises questions about the effectiveness of the private sector’s information security. According to FBI Director James Comey, “There are two kinds of big companies in the United States. There are those who’ve been hacked…and those who don’t know they’ve been hacked.”

A recent survey by the Ponemon Institute showed the average cost of cyber crime for U.S. retail stores more than doubled from 2013 to an annual average of $8.6 million per company in 2014. The annual average cost per company of successful cyber attacks increased to $20.8 million in financial services, $14.5 million in the technology sector, and $12.7 million in communications industries.

This paper lists known cyber attacks on private U.S. companies since the beginning of 2014. (A companion paper discussed cyber breaches in the federal government.) By its very nature, a list of this sort is incomplete. The scope of many attacks is not fully known. For example, in July, the U.S. Computer Emergency Readiness Team issued an advisory that more than 1,000 U.S. businesses have been affected by the Backoff malware, which targets point-of-sale (POS) systems used by most retail industries. These attacks targeted administrative and customer data and, in some cases, financial data.

Read Full Article - >

Cyber Attacks Article

APT Attacks

by

According to an article in info-security, most security professionals expect an APT attack in the next six months. Within the article, it is quoted:

“The three structures of IT Security used to be ‘prevention’, ‘detection’ and ‘remediation’. However, with prevention an almost impossible task due to the very nature of the way IT is used today, it now falls down to ‘detection’ as the best way to protect systems,”.

Prevention is extremely difficult, however, using a defense in depth will assist - implementing a Unified Threat Management system, endpoint protection, as well as utilizing a NAC solution to see who is on your network, as well as stop communication back to command and control, are great first steps.

Using an Event Log Management system or SIEM will help detect abnormal behaviour, improving detection of not only malware or APTS, but also unusual activity by employees, guests, and other cyber threats. Most ELMs, or SIEMs have the ability to do file integrity monitoring as well - providing you with detailed information on what files were altered and by whom.

Take a look at some of our whitepapers on APT’s, or contact us.