2015: Fighting Adaptive Attacks Requires Adaptive Defense with Response Automation

Anthony Di Bello

Attackers are always looking for new vulnerabilities to exploit technologies with large-scale adoption or use/create/modify malware that changes just enough to avoid known detection methods as it propagates through a corporate network. The same malware or vulnerability is rarely used after public discovery. The identification and sale of new vulnerabilities is a high-revenue enterprise, as is the sale of malware kits which can be customized and use as weapons against unsuspecting organizations. Cybercrime is a high-growth industry and the players are only getting better organized and their attack methods more elaborate.

The defenses widely in use today are limited to technology that is overly reliant on the known, is unable to adapt when attackers change their patterns, or find easier ways to sneak onto our networks undetected. The headline-grabbing hacks of 2014 — Home Depot, JP Morgan Chase, eBay — only serve to highlight this fact.

Striking a Blow against El Machete

Alfred Chung

There’s a renewed weapon of malware destruction in the fields of war, and it goes by the name “Machete.” A targeted attack campaign that kicked off in 2010 and now boasts an improved infrastructure, Machete has mostly hit victims in Ecuador and Venezuela, with a smattering of victims in other countries from the U.S. to Malaysia. Some of those affected are reportedly military and intelligence organizations, embassies, and government agencies.

Machete is cyber-espionage malware that can log keystrokes, capture audio from a computer’s microphone, grab geolocation data, and copy files to a remote server or even to a special USB device, among other things.

How Endpoint Security Analytics Could Have Cut the Target Hack Short

Alfred Chung

Recent intelligence about the Target breach, its scope, and its attack vectors has included the fact that memory-scraping malware was instrumental in hijacking credit-card data prior to its encryption for transmission to remote payment processors. Symantec reported on the registry keys and files dropped by the malware that are even now being used by software vendors to update their signature-based antivirus and alerting systems.

The critical point, however, is that the malware that was undoubtedly designed specifically for Target is probably already morphing into something unrecognizable by those signature-based tools for the next organization being drawn into the hackers’ crosshairs. Each organization that is hit with a form of this malware in the future will be on the receiving end of its own, customized attack for which no signature can be created.

Insider Threats in the Federal Agency: Endpoint Security and Human Analytics

Manning, Snowden, Wikileaks… Recent headlines have made the dangers of insider threats for federal agencies even more of a flashing red light than before. The risk of intentional data breaches is a critical problem, but certainly not the only one. The latest report from the Ponemon Institute, the 2013 Cost of Cyber Crime Study: United States, found that more than one third of all data security breaches at government agencies are caused accidentally by internal employees. Intentional or not, both are problematic.

Human error as insider threat

A study by the Privacy Rights Clearinghouse noted not long ago that government agencies have experienced a steady rise in data breaches caused by employees over the last four years. In addition, employee negligence caused over 150 breaches and the loss of more than 92.5 million records since January 2009.

Barbarians Inside the Gate: Finding the Needle in a Data Haystack

Sam Maccherola

Despite most corporations’ robust perimeter security solutions, advanced persistent threats may already have evaded perimeter detection and be lying in wait for some future launch date. Of even more concern is the fact that some of the barbarians who are already past the gate may not be Ukrainian hackers, they may be someone working at a neighboring desk.

Insider Threats: There is something you can do

Some methods for dealing with insider threats are exercised by managers with good people skills and the ability to spot early signs of attitude or work-satisfaction issues. However, the best source of raw intelligence on potential threats in the modern enterprise is found directly at the endpoints such as laptops and servers—the targets of most serious information-security threats.

Big Data Security Analytics Meets Endpoint Visibility

Ale Espinosa

Gone are the days of one-size-fits-all. Today, everything is about tailor-made and customization. This includes cybersecurity threats.

In the last few years, security has become increasingly more challenging. According to recent Enterprise Strategy Group (ESG) research, “62% of IT security professionals say that security management is somewhat more difficult or significantly more difficult than it was two years ago. ” This is because threats have become more sophisticated and more targeted.

But we don’t know what we don’t know, so how can we locate and expose these needles of unknown threats in the haystack of massive enterprise data? Through the use of Big Data security analytics.

In the recent ESG Brief EnCase Analytics: Big Data Security Analytics Meets Endpoint Visibility, Jon Oltsik, Senior Principal Analyst for ESG, talks about the new reality of security information, which is that guarding enterprise data has become increasingly challenging due to the sophistication of the threats, security staffing shortage, and incident-detection challenges.

Jon then applied his expertise in Big Data and experiences in security to lay out the Big Data security analytics continuum, in which corporations tend to land on the spectrum based on two extremes: real-time vs. asymmetric Big Data security analytics. He also discusses the four pointers in getting Big Data security analytics right, and described how EnCase Analytics —a turn-key solution— is a happy medium in the Big Data security analytics continuum.

To find out how to derive security intelligence through the use of Big Data security analytics, download Enterprise Strategy Group Brief: EnCase Analytics: Big Data Security Analytics Meets Endpoint Visibility from our publication library.

Beyond Reactive: Your Security Game Plan

Sandy Lii The well-known military general and strategist Sun Tzu said it best in The Art of War, “If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.” In today’s war against cybersecurity threats, two types of enemy have been classified: known threats and unknown threats.

The known threats, true to their name, are tracked by their known and readily available signatures and are typically stopped by perimeter security solutions such as antivirus software, firewalls, or SIEM (security information and event management) systems. While these tools are necessary and can be effective at stopping known threats, the unknown threats--the ones with no defined modi operandi or signatures--remain at large within organizations, lurking undetected, waiting for the right moment to strike. Sometimes, these threats can even be a careless or disgruntled employee.

Hello? You’ve Been Breached.

Ale Espinosa Knock, knock. Who’s there? The FBI.

The reality of the world we live and do business in has made us increasingly vulnerable to cyber threats and attacks. Perimeter security and signature-based threat detection tools can only do so much when the threat is brand new or if it morphs as it spreads out through your network, making their signature unrecognizable. Chances are, there is someone lurking in your network right now and you don’t even know it.

In fact, Verizon’s 2013 Data Breach Investigations Report revealed that approximately 70% of cyber breaches go completely undetected by organizations’ security teams, and are instead discovered by external parties like the authorities, FBI, or even the attackers themselves.

Security: It’s All About Philosophy

Sandy Lii Perimeter security solutions are like the walls of a fort: companies have been trying to strengthen these proverbial walls, building them as tall and as thick as possible. But realistically, how tall and thick can these walls be without impacting daily functions? And are these walls really stopping all the intrusions?

Sadly, the answer is no.

Just like bad guys don’t usually knock on your front door, identify themselves truthfully, and wait to be invited in, many of the security threats disguise themselves well and aren’t immediately known to us.

So how do we get rid of these threats without building the walls so high that we no longer see the sun? It’s all about philosophy.

Big Data Starts Small, at the Endpoints

Sandy Lii Welcome to Endpoint Intelligence. You might have noticed the renaming of the blog from “Threat Response” to “Endpoint Intelligence”-- here is why we did it.

Throughout the years, there has been a lot of talk about how to identify, triage, and minimize security threats via incident response. While incident response is critical, it is not sufficient when it comes to an end-to-end approach to manage security risks. Going forward, information and security operations teams are finding that it is a necessity not only to remain tightly focused on incident response, but also on deriving security intelligence out of our endpoints.

But you might ask, “Why focus on endpoints?”