Symtrex Inc.

Cyber Security Specialist

Call - 866-431-8972 | Send an Email | Request a Quote
Visit Us On FacebookVisit Us On TwitterVisit Us On Linkedin

APT Attacks

by

According to an article in info-security, most security professionals expect an APT attack in the next six months. Within the article, it is quoted:

“The three structures of IT Security used to be ‘prevention’, ‘detection’ and ‘remediation’. However, with prevention an almost impossible task due to the very nature of the way IT is used today, it now falls down to ‘detection’ as the best way to protect systems,”.

Prevention is extremely difficult, however, using a defense in depth will assist - implementing a Unified Threat Management system, endpoint protection, as well as utilizing a NAC solution to see who is on your network, as well as stop communication back to command and control, are great first steps.

Using an Event Log Management system or SIEM will help detect abnormal behaviour, improving detection of not only malware or APTS, but also unusual activity by employees, guests, and other cyber threats. Most ELMs, or SIEMs have the ability to do file integrity monitoring as well - providing you with detailed information on what files were altered and by whom.

Take a look at some of our whitepapers on APT’s, or contact us.

 

Snare Agent for Linux

by

We are pleased to announce the updated Snare Agent for Linux has been released. Our clients can login to their client areas to download the latest version.

The latest version has some added features/enhancements:

  • Implement Exclude Rules in Linux agent
  • LastLogins options needs to be implemented
  • Various UI pages are formatted incorrectly
  • Config file permissions need modification

Download the Release Notes for Snare Agent for Linux 4.1.0.

Some of the features of the Snare Enterprise Agent for Linux include:

  • Caching of events in case of a network disruption, ensuring that events are not lost
  • Log message delivery with TCP.
  • Log to multiple destinations
  • Encrypt messages between the agent and the Snare Server.
  • Allowing the event log record to be formatted so it is accepted by a SYSLOG server.
  • UTC (Coordinated Universal Time) timestamp format for events instead of local machine time zone format.
  • Allow security administrators to either locally or remotely monitor changes to the agent’s configuration through a standard web browser.

Contact us with any questions

Enterprise Snare Agent for MS SQL - Update

by

Updated Snare Agent for MS SQL has been released and is available for our clients. This release has the following Bug Fixes

  • Check Group issues for standalone mode
  • Check Group option does not work for another domain

and Enhancements:

  • Improved -x command output in cluster mode
  • Enhanced debug messages

Download the complete Release Notes for MS SQL Version 1.2.8 or contact us for more details.

Snare Agent Updates

by

Please note that the following Snare Agents have been updated and are now available:

  • Enterprise Snare Agent for Windows
  • Enterprise Snare Epilog for Windows
  • Enterprise MS SQL Agent

These release are primarily to address the following issues with the agents:

  • Registry handle leak -Fix the registry handle leak issue that was causing the increasing number of registry handles. In severe cases, this issue could cause the frequent restart of the Snare service.
  • Man-in-the-middle attack in OpenSSL pre v1.0.1h -An attacker can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. This can be exploited by a Man-in-the-middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server. The attack can only be performed between a vulnerable Snare Windows Agent (pre v4.2.5) and a vulnerable third party log collector using TLS. This Snare Windows agent is not vulnerable to this attack if a pre v4.2.5 Snare is communicating with a Snare Server. Snare v4.2.5 is built using OpenSSL v1.0.1h that fixes this issue on Snare Windows agent side. Customers are also encouraged to update their log collectors to OpenSSL v1.0.1h so that vulnerability can be removed from both sides.
  • Objective exclude filter bug (Windows Agent Only) -Objectives allow events to be included or excluded depending on various matching criteria. A bug in previous versions resulted in the exclude option only taking full effect when applied to the ‘Event ID’ match objective. All other exclude options were ignored if a wild card match objective was performed after theexcluded match objective. This fix ensures the exclude option works correctly on the whole event including”event id”, “general match”, “user name” and “event source” fields, so that a wild card match objective after the exclude objective does not permit the excluded data.

For complete release notes ->

New Snare Agents - Released

by

We are pleased to announce the release of three new Enterprise Snare Agents, the Snare Agent for MAC OSX, and two browser Agents - Firefox and Chrome.

Snare for OSX allows event logs from the OSX subsystem to be collected from the operating system, and forwarded to a remote audit event collection facility after appropriate filtering. Snare for OSX operates as an ‘audit dispatcher’ application that receives the audit log data, with Snare directing auditd to generate events that will electively filter out event data that you are not interested in, formats the resulting data into something that is more suited to follow-on processing, and delivers it to one or more remote systems over the network. Snare for OSX is known to work on OSX 10.7 (Lion), OSX 10.8 (Snow Lion), OSX 10.9 (Mavericks).

When you access a web site, your Firefox browser connects to the main destination page, downloads the HTML data, and then attempts to access any additional files referenced by the page in question; these may be images, cascading style sheet files, or a range of other alternatives. Snare will log each of these access requests, and report the details of the transaction.

The Snare for Chrome agent provides a valuable audit trail of user activity, and by association, any malicious activity injected by remote sites into the users’ web requests. Data is passed to a Snare Server, or compatible application, for analysis, and includes information on the URL accessed (ie: the web page, or image, or cascading style sheet), the date/time, the length of the request, the response, and the page from which the resource was requested.

The two browser agents are provided at no cost to those that have already purchased the Snare Product Suite.