We’ve got a fresh new look!
Please visit us at our NEW blog: https://www.guidancesoftware.com/resources/blogs
Thoughts on $19B Cybersecurity National Action Plan
Yesterday President Obama signed two executive orders on cybersecurity to strengthen the government’s defenses against cyber attacks and protect citizens’ personal information kept by the government.
Obama asked for $19 billion for cybersecurity efforts in his budget request, a 35 percent increase from current levels, with $3 billion requested to “kick-start an overhaul of federal computer systems.” The Cybersecurity National Action Plan will ensure:
• Americans have the security tools they need to protect their identities online
• Companies can protect and defend their operations and information from hackers
• The U.S. government protects the private information citizens provide for federal benefits and services
Our own CMO, Michael Harris, added his valuable insight:
“The United States must increase its investment in cybersecurity to protect our homeland. We live in a world of instant-anywhere-access. The cyber-terrorists are relentless. They morph. They adapt. They scoff at legacy authorization and hacker prevention systems. The recent wave of breaches to our Federal systems are proof of this reality. Deep forensic data analysis, detection and response technologies are essential for cybersecurity and we encourage congress to carefully evaluate the $19 billion spending initiative to ensure our sensitive, proprietary and military assets are protected from malicious exfiltration.”
What do you think? Share your thoughts below.
Obama asked for $19 billion for cybersecurity efforts in his budget request, a 35 percent increase from current levels, with $3 billion requested to “kick-start an overhaul of federal computer systems.” The Cybersecurity National Action Plan will ensure:
• Americans have the security tools they need to protect their identities online
• Companies can protect and defend their operations and information from hackers
• The U.S. government protects the private information citizens provide for federal benefits and services
Our own CMO, Michael Harris, added his valuable insight:
“The United States must increase its investment in cybersecurity to protect our homeland. We live in a world of instant-anywhere-access. The cyber-terrorists are relentless. They morph. They adapt. They scoff at legacy authorization and hacker prevention systems. The recent wave of breaches to our Federal systems are proof of this reality. Deep forensic data analysis, detection and response technologies are essential for cybersecurity and we encourage congress to carefully evaluate the $19 billion spending initiative to ensure our sensitive, proprietary and military assets are protected from malicious exfiltration.”
What do you think? Share your thoughts below.
- Categories: CNAP , Cyber Attacks , Cybersecurity , Cybersecurity National Action Plan , Data Breach
Get to Know Our New Logo Before the Rest
UPDATE: We have our three winners! Thanks for playing and helping us celebrate our new look and logo, everyone.
How to Streamline a Malware Investigation Down to 30 Minutes or Less
Malware incident response can be a time-consuming and frustrating process. A seasoned investigator, however, has documented steps to help you investigate malware in 30 minutes or less.
Joseph Salazar, an information security practitioner, presented his methodology in a lecture called “Streamlined Malware Incident Response with EnCase®,” at the Enfuse™ conference (formerly known as CEIC®) held earlier this year. This highly rated session outlined a framework to minimize user and system exposure to malware; utilize supporting infrastructures and processes; and leverage the flexibility of not only EnCase Endpoint Security, but even more so, EnCase Enterprise.
Joseph Salazar, an information security practitioner, presented his methodology in a lecture called “Streamlined Malware Incident Response with EnCase®,” at the Enfuse™ conference (formerly known as CEIC®) held earlier this year. This highly rated session outlined a framework to minimize user and system exposure to malware; utilize supporting infrastructures and processes; and leverage the flexibility of not only EnCase Endpoint Security, but even more so, EnCase Enterprise.
EnCase® Enterprise? Isn’t that a digital forensics tool?
- Categories: Malware Analysis
EU Data Protection: When Your Organization's Lifeblood becomes Poisonous
A breaking development in the EU is
creating ripples that have the potential to create a global tsunami. A European
Court of Justice opinion has implications that highlight the pending impact for
any global organization processing EU personal information outside of the EU.
- Categories: Data Privacy , EU data protection
Celebrating Our 5-Star Rating from SC Magazine for EnCase Endpoint Security
We’re chuffed to announce that our EnCase® Endpoint Security product was given a five-star rating in this month’s SC Magazine Endpoint Security group product review. Those of us working in security for a few years have known that “endpoint security” doesn’t equal antivirus anymore, and it’s taken a little while for that to be unanimously accepted. We believe this review validates the need for endpoint detection and response to aid perimeter, network and log tools – and is something of a turning point as well.
- Categories: Endpoint Security , Inside-Out Security
Defending Your Security Program: The FTC, Breach Class Actions, and You
Data breaches continue to fuel major media bonfires, CEOs are resigning, and the FTC is gaining ground in becoming the data-protection enforcers on behalf of consumers and business customers. Now in the wake of the Ashley Madison, Neiman Marcus, and Home Depot cyber-attacks, critical court decisions are occurring that will may raise protection standards and increase corporate liability. The smoke signal arising from the judicial system last month was the Third Circuit’s ruling affirming the data security authority of the Federal Trade Commission (FTC) in Federal Trade Commission v. Wyndham Worldwide Corp.
- Categories: Data Breach , Data Protection Standards , Lawsuits
What Hit OPM? What We Know So Far
It’s been almost a month since the OPM breach, and there’s been much speculation and leaks pointing to the details of the attack. Here is a recap of released information so far:
June 4, 2015
- OPM announces they’ve been breached.
June 8, 2015
- Guidance Software announces that EnCase® was used in OPM’s investigation. I am quoted
by SC Magazine, hinting that the PlugX Remote
Access Trojan (RAT) was utilized by
OPM’s attackers.
- Categories: PlugX , Polymorphic Malware , RATs , Sakula , Zero-day
Office of the Secretary of Defense Calls for Emphasis on Detection and Response
This week, in response to the OPM breach, Chris Carpenter, the Security Director at the Office of the Secretary of Defense called for an emphasis on detection and response capabilities.
The reason, Carpenter noted, is that there is a clear window of opportunity within which to find attackers inside the network and cut off their access before they have a chance to exfiltrate data. This is backed up by the fact that the vast majority of breach disclosures note that the attackers had been inside for a period of time prior the data exfiltration.
- Categories: Anomalies , Baselines , Data Breach , EDR , Endpoint Detection and Response
The OPM Hack: I Smell a RAT
In the wake of the OPM hack, where reports suggest that millions of security clearance records headed directly to Chinese intelligence units, let’s talk about remote administrator tools (RATs). These tools are commonly used in this type of attack, so we'll walk through a common methodology for identifying unknown RATs.
In the broadest sense, RATs are used to remotely access and control computers. System administrators often use these tools for good, but black hats develop specialized RATs that infect, hide, and act as back doors.
Malicious RATs like PlugX, Gh0st, Korplug, Gulpix, Sogu, Thoper, and Destory can be built as zero day attacks that avoid signature detection. The Gh0st RAT user interface (UI), shown below, gives some insight into how easily hackers can build zero day variants to infect sensitive machines. Once infected, command-and-control can be established from anywhere on the internet, with traffic re-routed through servers to avoid identification of the true perpetrator.
- Categories: Entropy , Polymorphic Malware
The OPM Breach: What Went Right
Today the national and federal press announced a “massive” breach of federal personnel data housed at the Office of Personnel Management (OPM) within the Department of Homeland Security (DHS). Following an earlier breach discovered in March 2014, the breach is said to have exposed the personally identifiable information (PII) of up to four million federal employees. The Washington Post reported that U.S. officials suspect the Chinese government to be behind the attack, which represents “the second significant foreign breach into U.S. government networks in recent months.”
- Categories: Anomalies , Baselines , Data Breach , Hacks
CEIC 2015 Highlights: Thwarting Malware, FRCP Rules Changes, Corporate Cyberbullying, Collaborating for the Win
CEIC® 2015 began with a one-day CISO/CLO Summit that gathered security and legal chiefs to collaborate on emerging best practices in defending the enterprise, as well as an energetic CEIC welcome keynote from our president and CEO Patrick Dennis and Roger Angarita, our head of product development. Patrick talked about how the legal, security, and forensic investigation communities are blending together, both to collaborate and even to expand their own professional areas of responsibility. Our data is converging—and so are our professions—which is good news, since as we collaborate, we are turning the tide in the defense of our organizations, our citizens, and our economies.
- Categories: CEIC , Cyber Legal , Cyber Threats , Cybercrime , FRCP , Malware Analysis
Security and IR Labs at CEIC Focus on Advanced Malware and Attack Analysis
CEIC 2015 is just a few weeks away and we’re excited to meet with you face-to-face on the show floor and in the conference sessions earmarked for cybersecurity and incident response professionals. If your cybersecurity journey seems to grow more complicated with each passing CEIC event, this is the year you won’t want to miss.
Incident response as a discipline is still largely misunderstood and under-implemented, mainly because enterprises struggle to understand the changing security landscape and the need to be prepared for the inevitable cyber attack. To help you better understand these changes, we've developed new sessions and labs for CEIC 2015 to help you take incident response to the next level.
Incident response as a discipline is still largely misunderstood and under-implemented, mainly because enterprises struggle to understand the changing security landscape and the need to be prepared for the inevitable cyber attack. To help you better understand these changes, we've developed new sessions and labs for CEIC 2015 to help you take incident response to the next level.
- Categories: CEIC , Cyber Threats , Data Breach , Malware
Why Financial, Retail, and Healthcare Professionals Should Reserve a Seat at a CEIC 2015 Roundtable
By now, you may have heard about our new CEIC industry roundtable sessions for professionals in retail, finance, and healthcare. These focused, media-free sessions provide a forum for security and e-discovery specialists to discuss current trends and challenges that affect their work on a daily basis. First you've heard of our roundtables? Take a look at our previous post.
So why should you spend valuable CEIC time on a roundtable? Here are the three most compelling reasons.
- Categories: CEIC , Financial , Healthcare , Retail
New to CEIC 2015: Financial, Retail, and Healthcare Roundtable Sessions
It’s not too late to sign up for the first-ever roundtable discussions to be held at CEIC 2015 for industry-specific professionals in the financial, retail, and healthcare industry. As part of the new Topics in Management track, the roundtable sessions will provide a forum to discuss pressing cybersecurity and e-discovery challenges that affect today’s organizations and present emerging best practices for addressing them.
- Categories: CEIC
CISO/CLO Summit 2015: One Day that Generates Actionable Intelligence
As legal chiefs around the world get serious about cybersecurity as part of our mission to defend our organizations, we’re learning fast, but it’s time to go beyond education and begin taking action. Four years ago Guidance Software brought legal, security, and risk and compliance chiefs together at the inaugural CISO/CLO Summit to talk strategy and we’ve come a very long way since.
Last year I was privileged to lead a panel discussion on
enabling proactive risk and threat intelligence at CISO/CLO Summit 2014. The
panelists included an information security chief for a major defense
manufacturer, the CISO for a global automaker, security analyst Jon Oltsik of
the Enterprise Strategy Group (ESG), and Ed McAndrew, the Assistant U.S.
Attorney and National Cyber Security Specialist for the Department of Justice.
- Categories: CISO/CLO Summit , Cyber Threats , Cybercrime
New Track at CEIC 2015 Targets Critical Executive-level Legal and Security Issues
The explosion of threats in digital forensics and security is pressuring executives to anticipate, assess, and respond with greater assurance and insight than ever before. Because of this, CEIC® 2015 has developed a new “Topics in Management” conference track for business leaders responsible for legal, security, and risk and compliance initiatives.
The new track expands upon the success of the annual CISO/CLO Summit and is packed with an all-star roster of speakers and topics. We’re eager to share some of the highlights of the management track with you in this blog, but encourage you to review the complete CEIC 2015 conference agenda with session descriptions and speaker bios for all 12 tracks.
The new track expands upon the success of the annual CISO/CLO Summit and is packed with an all-star roster of speakers and topics. We’re eager to share some of the highlights of the management track with you in this blog, but encourage you to review the complete CEIC 2015 conference agenda with session descriptions and speaker bios for all 12 tracks.
- Categories: CEIC , CISO/CLO Summit
The Current Cyber Crisis and the IT Security Budget
Last summer, J.P. Morgan Chase suffered a significant cyber breach of its corporate servers that affected approximately 76 million households. Very bad news and no longer an unprecedented event for a major financial institution. Then, two things happened the following fall that are very interesting when considered together:
- J.P. Morgan Chairman and CEO James Dimon told a panel discussion audience at the Institute of International Finance that his bank would double its cybersecurity spending over the following five years.
- PwC released its latest Global State of Information Security survey that noted that spending on information security fell four percent during a period in which cyber attacks against companies increased 48 percent.
- Categories: Data Breach , Security budgets
AMP Threat Grid Empowers Law Enforcement to Fight Cybercrime
Recognizing the critical need for state and local law enforcement agencies to have state-of-the art technologies to effectively fight digital crime, Cisco is creating the AMP Threat Grid for Law Enforcement Program. The program is designed to empower those working to protect our communities from cybercriminals with its dynamic malware analysis and threat intelligence platform.
Computers are central to modern criminal investigations, whether as instruments to commit the crime, as is the case for phishing, hacking, fraud or child exploitation; or as a storage repository for evidence of the crime, which is the case for virtually any crime. In addition, those using computers for criminal activity continue to become more sophisticated, and state and local law enforcement agencies struggle to keep up with their internal computer forensics/digital investigation capabilities. Malware analysis is also a critical part of digital investigation: to prove or disprove a "Trojan defense" for suspects, wherein the accused rightly or falsely claims a malicious software program conducted the criminal activity and not the user; and to investigate unknown software and suspicious files on the computers of the victims of cybercriminal activity for evidence of the crime.
Computers are central to modern criminal investigations, whether as instruments to commit the crime, as is the case for phishing, hacking, fraud or child exploitation; or as a storage repository for evidence of the crime, which is the case for virtually any crime. In addition, those using computers for criminal activity continue to become more sophisticated, and state and local law enforcement agencies struggle to keep up with their internal computer forensics/digital investigation capabilities. Malware analysis is also a critical part of digital investigation: to prove or disprove a "Trojan defense" for suspects, wherein the accused rightly or falsely claims a malicious software program conducted the criminal activity and not the user; and to investigate unknown software and suspicious files on the computers of the victims of cybercriminal activity for evidence of the crime.
- Categories: Cybercrime , ThreatGRID
