Symtrex Inc.

Cyber Security Specialist

Call - 866-431-8972 | Send an Email | Request a Quote
Visit Us On FacebookVisit Us On TwitterVisit Us On Linkedin

Profile

Cybersecurity 101: The criticality of event logs

by

From CSO Online – Dwight Davis

Coaches love to talk about “the basics” – the fundamental skills their athletes need to master before they can move on to more advanced techniques. The basics can seem simple and even dull, but without them as a foundation, ultimate success can prove elusive.

Cybersecurity programs have their own set of “the basics.” Sadly, one of the most critical of these essentials is also one of the most neglected: the collection and regular review of event logs. Good log practices can pay big dividends throughout the entire cybersecurity lifecycle, from helping to profile “normal” activity, to identifying and preventing attacks, to, if necessary, performing post-breach forensics and remediation.

Even organizations that understand the importance of event logging can be overwhelmed by the sheer volume of events that routinely occur across even modest IT environments. Operating systems, firewalls, network routers, applications and dozens of other infrastructure elements can each generate their own event logs. Large corporate environments may log thousands of events per second and millions of events per day. With the proliferation of mobile devices and Internet-of-Things endpoints, today’s staggering log volumes will only continue to grow.

The embarrassment of riches in raw log information can result in operational paralysis more than information insight if organizations fail to implement sophisticated log filtering systems. Such filters need to strike a balance between collecting any and all event information versus filtering out so many logs that potentially meaningful data is lost.

Once the data is collected, organizations need log retention policies that ensure that pertinent data is still available if needed to detect, prevent or analyze some future security incident. Many companies will need outside experts to help them institute optimal log collection and retention policies.

Once they have good log information in hand, organizations can use it to create profiles of typical networking and user activities. When paired with security information and event management (SIEM) systems, this baseline log information can help security professionals identify suspicious activity that falls outside of expected norms. In this way, the logs form the core of an early warning system that can help organizations counter threats before they even gain a foothold.

When suspected or actual breaches do occur, the log data serves to help in the identification and isolation of any intruder or malware. Then it provides an audit trail for tracking which network elements, processes or users were involved in the attack. While of obvious value, this critical log data is often lacking.

In a recent AT&T Cybersecurity Insights report, Todd Waskelis, executive director of Security Consulting Services at AT&T, said, “We consistently go in and find that the evidence [log] data we need just isn’t there or readily accessible. This makes it difficult for us as we try to figure out what happened.”

Log data can even play a crucial role in mitigating the regulatory or legal ramifications associated with any significant breach. The audit trail provided by the logs may help an organization prove that a breach didn’t occur because of its own negligence or through some other internal fault.

In the cybersecurity realm, where attention is often focused on the latest big attack or on the newest cutting-edge security control, lowly event logs can sometimes be overlooked. But without good log collection, retention and analysis capabilities, an organization’s security program will rest on very unstable ground.

For information on the various SIEM technologies available – give us a call at 866-431-8972 or email us at sales@symtrex.com.

The 3 Biggest Mistakes in CyberSecurity

by

August 23, 2016 – Chris Moschovitis – Information Management

Everyone, from the small business owner, to senior executives in businesses of every shape and size are confronting a seemingly insurmountable problem: Constant and rising cyber security breaches. It seems no matter what we do, there is always someone that was hacked, a new vulnerability exploited, and millions of dollars lost.

In an effort to stem the tide people have tried everything: From throwing money at it by buying the latest and greatest tech gizmos promising security, to outsourcing cyber security management, to handing it over to the IT folks to deal with it. And, every time the result is money lost, productivity decreased, and the attacks continue.

Many business people complain that we’re not just losing a battle here and there. We’re losing the war. Is that true?

The truth is that those that keep losing their cyber battles and risk losing the war are making three critical mistakes:

1. They think cyber security is a technology problem.

2. They follow a cyber security check list once-and-done.

3. They don’t have a cyber security awareness training program in place.

First, cyber security is not a technology problem. Far from it. It is a business-critical problem, and more importantly: It’s a people problem, and we need to address it at that level.

Second, cyber security is a constantly evolving battlefield. The threats evolve, the attacks take new paths, the underlying technologies change. A static check list solves yesterday’s problems, not today’s, and certainly not tomorrow’s.

Finally, if people don’t understand the threat they will not even see the attack coming, much less be able to respond and protect themselves. Cyber security awareness training is the only way to prepare everyone for the new reality we live and work in.

Cyber security is not an IT problem either, according to Prosyn. It is a risk management problem. This is easier to understand in your work and in a regulated industry. Therefore, the concept, language, even governance of risk management is part of the daily lexicon. This is why it’s so important that you understand how to respond to risk as well as being aware of what the risks may be before they occur.

Not so with small and mid-market businesses less familiar with the risk management function. It doesn’t help that the very nature of the threat and the way the “payload” of the attack is delivered is via information technologies. It almost makes sense to have IT deal with cyber security. But the victims are not the computers. The victims are the businesses and their people.

More importantly: A company’s Information Technology generates Value. It does so through myriad different ways depending on the business you are in, from the actual delivery of goods to clients (e.g. software businesses, data businesses, media, and technology businesses, etc.) to complementing, enhancing, and realizing the mission and vision of the company (law firms, manufacturing, logistics, healthcare, etc.) Owing to these security breach issues, many businesses tend to opt for services of reliable service providers like Privacera (https://privacera.com/products/centralized-access-control/) and similar others. By having centralized and secure access to all the data of the business, they are most likely to be not affected by cybercrime.

That said, externally sourced IT management could do a better job at regulating data security as well as other IT-based functions. As they are professionals in the field, software facility management may be leveled and managed properly. Besides, the risk involved in such functions may be taken up by the IT outsourcing company, which means that external threats may be mitigated without client company involvement.
Cyber security, like all risk management, is there to protect value. Therefore, you can never have cyber security (the value protector) report to IT (the value creator). That creates a conflict of interest. Just like IT reports directly to the CEO, so must cyber security. They are parallel tracks keeping the business train aligned and moving.

Once you have the reporting structure correctly in place, you need to empower it with executive buy-in and engagement. Cyber security needs your direction on company goals and risk appetite so they can develop the right strategy to protect the company’s assets. Cyber security professionals, working with the board and executives, including IT and business units, will develop the right defense-in-depth strategy that is right for the company.

Cybersecurity is a crucial component of a defensive strategy for businesses that operate online, like e-commerce stores. It is likely that you will need to protect your website or mobile application from cyber threats if you operate such a store. In order to accomplish this, you may need to develop a strong security system to protect customer data and transactions. In the event that you do not have enough funds, you can consult with companies that provide ecommerce financing options to fund your cybersecurity development.

Cyber security doesn’t happen in isolation. It is not a set check list. It is dynamic, adjusting strategy to risk, asset value, and controls. As market conditions change, as company goals change, and as technology changes, so will the cyber security strategy.

Neither structure nor strategy will help if you ignore the most important element in cyber security: People. In 2016 ISACA published the top three cybersecurity threats facing organizations in that year. They were, in order: 52% Social Engineering; 40% Insider Threats; 39% Advanced Persistent Threats.

Excluding the advanced persistent threats typically targeted against large multinationals, governments, military, infrastructure and the like, the other two have one common element: People.

It is people that become the victims of cyber-attacks, and by extension, the businesses they work in or do business with. Be it through social engineering, extortion, or any of the many vulnerabilities that hackers can exploit, it is people that get compromised first. They are the ones that have to pick up the pieces when all the data is gone or when their identity is stolen.

The good news is that cyber security awareness training is one of the most effective controls against hackers. Training and sensitizing people to the threats, the methods used, vulnerabilities, even their own personal privacy risks, has been proven time and again as the one thing that makes a real difference in early detection, quick response and recovery during a cyber-attack. Having a quarterly lunch-and-learn will go a long way in developing a culture of cyber awareness, saving both your business and your employees from cyber-harm.

Avoiding these three mistakes in cyber security won’t help win every single battle. But it will guarantee you win the war.

Average cost of a data breach up 12.5 percent among Canadian Firms

by

IT World Canada – Howard Solomon

Canadian CISOs who want more hard data to convince the C-suite and boards to devote more resources to cybersecurity have a new report to show.

If a study of 24 Canadian organizations is accurate, the total cost over a recent 12 month period of a breach of over 1,000 records went up 12.5 per cent compared to 2014 to just over $6 million.

Another way of looking at it is the average cost per record stolen or lost went up 10.6 per cent to $278 compared to the same period the year before.

These numbers come from a study released last week by the Ponemon Institute that was funded by IBM. The costs were based upon estimates provided by participating victim organizations.

The report is part of an annual global study of breaches in 13 countries (United States, United Kingdom, Germany, Australia, France, Brazil, Japan, Italy, India, the United Arab Emirates, Saudi Arabia, Canada and, for the first time, South Africa), which last year covered 383 organizations. The average cost of a breach across all those firms was US$4 million.

Importantly, the study included the cost of losing customers: Of the Canadian companies studied, for those that lost less than one per cent of their existing customers the average total cost of a breach was $4.77 million, well below the global averae of $6.03 million. When companies had a churn rate of greater than 4 per cent, the average cost was $7.88 million.

There are two cautions: First, Ponemon admits that 24 firms is a small sample for this country, and second, only organizations that suffered a breach of between 1,000 and 100,000 lost or stolen records in 2015 were counted – meaning Ashley Madison isn’t there. That way catastrophic incidents don’t skew the results.

The number of Canadian breached records per incident in the study period ranged from 4,800 to 70,998 and the average number of breached records was 21,200.
“Over the many years studying the data breach experience of more than 2,000 organizations in every industry, we see that data breaches are now a consistent ‘cost of doing business’ in the cybercrime era,” said institute head Larry Ponemon. “The evidence shows that this is a permanent cost organizations need to be prepared to deal with and incorporate in their data protection strategies.”

The report has other interesting numbers:

–It took more than five months to detect that an incident occurred and almost two months to contain the incident;

–54 per cent of the Canadian data breaches studied were caused by malicious or criminal attacks, 25 per cent were caused by human error and 21 per cent by system glitches. Companies that experienced malicious attacks had a per capita data breach cost of $304, which is above the average for all organizations studied. In contrast, companies that experienced system glitches ($250) or employee negligence ($246) had per capita costs below the mean value;

–The more records lost, the higher the cost of the data breach. The cost ranged from $3.59 million for data breaches involving 10,000 or fewer lost or stolen records to $6.88 million for the loss or theft of more than 50,000 records;

–Notification costs increased. These costs include IT activities associated with creation of contract databases, determination of all regulatory requirements, engagement of outside experts, postal expenditures and inbound communication set-up. The average cost increased from $0.12 million in 2015 to $0.18 million in 2016;

–Lost business costs increased. This cost category typically includes the abnormal turnover of customers, increased customer acquisition activities, reputation losses and diminished goodwill. Among all the 383 companies studied these costs increased from an average US$1.99 million in 2015 to US$2.24 million in 2016 — that’s of the overall $4 million average cost.

“The biggest financial consequence to organizations that experienced a data breach is lost business,” says the report.

Both direct and indirect per capita costs increased significantly. The indirect cost of data breach includes costs related to the amount of time, effort and other organizational resources spent to resolve the breach. In contrast, direct costs are the actual expense incurred to accomplish a given activity such as purchasing technology or hiring a consultant.

Direct expenses include engaging forensic experts, outsourcing hotline support and providing free credit monitoring subscriptions and discounts for future products and services. Indirect costs include in-house investigations and communication, as well as the extrapolated value of customer loss resulting from turnover or diminished customer acquisition rates.

 

 

SolarWinds Study Reveals Hybrid IT is the Reality

by

MarketWire – News Room – March 29, 2016

SolarWinds Study Reveals Hybrid IT is the Reality for Majority of Businesses; Security Concerns, New Skillsets Top of Mind for IT Professionals

According to the SolarWinds IT Trends Report 2016, Only 9 Percent of IT Professionals Say Their Organizations Have Not Migrated Any Infrastructure to the Cloud, While 62 Percent Report Security Remains the Greatest Challenge and Three-Quarters Indicate Resources and New Skills Are Still Needed

AUSTIN, TX–(Marketwired – March 29, 2016) – SolarWinds, a leading provider of powerful and affordable IT management software, today released the findings of its IT Trends Report 2016: The Hybrid IT Evolution. The study features insights from IT practitioners, managers and directors proving that the vast majority of businesses have shifted away from on-premises-only infrastructure to hybrid IT environments, creating new concerns and pressures for IT professionals.

“The findings of this year’s study paint a clear picture: cloud adoption is nearly ubiquitous, but it’s not now and will not in the foreseeable future be suitable for all workloads, and even if it were, very few if any companies would convert all of their existing applications to run in the cloud,” said Joel Dolisy, CIO, SolarWinds. “The resulting dynamic — one set of critical on-premises services connected with another set of services in the cloud — is hybrid IT. And at the center of this evolution is the IT professional who needs to ensure always-on performance of applications, devices, networks and systems — regardless of location. They need to be empowered with the support to gain the skills and tools required to properly monitor and manage hybrid IT environments, which in turn will allow businesses to truly unlock the potential of the cloud.”

Download the Solarwinds IT Trends Report 2016: the Hybrid IT Evolution

Read the article

Contact us for more information at 866-431-8972 or via email at sales@symtrex.com

Solarwinds honoured – Network & Security Product Excellence

by

AUSTIN, TX –(Marketwired – March 23, 2016) – SolarWinds, a leading provider of powerful and affordable IT management software, today announced several industry accolades for its network and security management products from respected industry publications including, SC Magazine®, Cyber Defense Magazine, Network Computing® and CRN®.

“At SolarWinds, we are proud to provide IT professionals with robust products that equip them with deep visibility and reliable data to help tackle the monitoring and management challenges they are confronting in their environments,” said Nikki Jennings, group vice president, product strategy, SolarWinds. “Receiving these product awards is affirmation that we are listening to our users, taking the time to understand the problems they are facing, and dedicating our time to providing the products they need to solve all their IT problems.”

Network Management

  • SolarWinds® Network Configuration Manager won for “Best Risk/Policy Management Solution” in the 2015 SC Awards U.S.
  • SolarWinds Network Performance Monitor was a finalist for “Network Management Product of the Year” in the 2016 Network Computing UK Awards
  • SolarWinds was a finalist for “Company of the Year” in the 2016 Network Computing UK Awards

Security Management

  • SolarWinds Log & Event Manager won for “Best Product — Security Information Event Management (SIEM)” in the 2016 Cyber Defense Awards
  • SolarWinds was named the “Hot Company — Patch & Configuration Management” for SolarWinds Patch Manager in the 2016 Cyber Defense Awards
  • SolarWinds was named one of the “20 Coolest SIEM and Threat Detection Vendors” in CRN‘s 2016 Security 100
  • SolarWinds Log & Event Manager is a finalist for “Best SIEM Solution” in the 2016 SC Magazine Awards Europe; winners to be announced June 7

To find out more about Solarwinds give us a call at 866-431-8972, send us an email at sales@symtrex.com,