The Department of Homeland Security has named October National Cybersecurity Awareness Month in an attempt to motivate everyone from government organizations and corporations to individual citizens to build stronger cybersecurity defenses. But with shrill “big hack” headlines appearing almost daily, how could any government or corporate organization not be hyper-aware of the rising threat level?
We just got back from Las Vegas, where we were excited to see so many information security, legal, and digital forensics pros at CEIC 2014 at Caesars Palace. But we’re already ramping up to head back to Vegas for Black Hat 2014, the annual confab designed for the InfoSec practitioners we love to work with.
- "A POS Hack: What's in Your Wallet?" with retail security professional Richard Thompson
- "A 360-Degree View of Enterprise Risk"
- "Endpoints Under Attack"
- "Strategies for Verizon DBIR Top Three Breaches," with EnCase Cybersecurity product manager Ransher Singh
- A handful of choice guest speakers to be announced in a later blog post.
And that’s just Wednesday. Careful readers will see a theme emerging: Advances in perimeter security aren’t enough – you need a new endpoint security strategy. Check the blog again later this week for more news on what you can expect in booth #1141 at Black Hat, and let us know if you have any questions in the comments section below (such as, “Hey, are you guys giving away that awesome 'Hunt or Be Hunted' t-shirt again?” and, “What about that ray gun?” Which is for us to know and for readers of future blog posts to find out…).
Recent intelligence about the Target breach, its scope, and its attack vectors has included the fact that memory-scraping malware was instrumental in hijacking credit-card data prior to its encryption for transmission to remote payment processors. Symantec reported on the registry keys and files dropped by the malware that are even now being used by software vendors to update their signature-based antivirus and alerting systems.
Brian Krebs of Krebs on Security just posted an article on RDP hacks that exploit weak or default login credentials, and goes on to describe how that provides the basis for a cybercrime business. His article explains that Makost[dot]net rents access to more than 6000 poorly configured and, therefore, compromised Remote Desktop Protocol (RDP)-enabled servers around the globe. As Krebs says, “…the attackers simply needed to scan the Internet for hosts listening on port 3389 (Microsoft RDP), identify valid usernames, and then try the same username as the password.” It’s a classic brute-force attack and it’s aimed directly at an extremely weak target.
Many people on first reading this would consider this capability a “vulnerability” of Windows, but that’s like saying that an automated teller machine (ATM) has a “vulnerability” that allows you to get cash from your bank account. It’s a feature of the operating system and Windows is not alone in exposing functionality like it.
Despite most corporations’ robust perimeter security solutions, advanced persistent threats may already have evaded perimeter detection and be lying in wait for some future launch date. Of even more concern is the fact that some of the barbarians who are already past the gate may not be Ukrainian hackers, they may be someone working at a neighboring desk.
Insider Threats: There is something you can do
Some methods for dealing with insider threats are exercised by managers with good people skills and the ability to spot early signs of attitude or work-satisfaction issues. However, the best source of raw intelligence on potential threats in the modern enterprise is found directly at the endpoints such as laptops and servers—the targets of most serious information-security threats.
Gone are the days of one-size-fits-all. Today, everything is about tailor-made and customization. This includes cybersecurity threats.
In the last few years, security has become increasingly more challenging. According to recent Enterprise Strategy Group (ESG) research, “62% of IT security professionals say that security management is somewhat more difficult or significantly more difficult than it was two years ago. ” This is because threats have become more sophisticated and more targeted.
But we don’t know what we don’t know, so how can we locate and expose these needles of unknown threats in the haystack of massive enterprise data? Through the use of Big Data security analytics.
In the recent ESG Brief EnCase Analytics: Big Data Security Analytics Meets Endpoint Visibility, Jon Oltsik, Senior Principal Analyst for ESG, talks about the new reality of security information, which is that guarding enterprise data has become increasingly challenging due to the sophistication of the threats, security staffing shortage, and incident-detection challenges.
Jon then applied his expertise in Big Data and experiences in security to lay out the Big Data security analytics continuum, in which corporations tend to land on the spectrum based on two extremes: real-time vs. asymmetric Big Data security analytics. He also discusses the four pointers in getting Big Data security analytics right, and described how EnCase Analytics —a turn-key solution— is a happy medium in the Big Data security analytics continuum.
To find out how to derive security intelligence through the use of Big Data security analytics, download Enterprise Strategy Group Brief: EnCase Analytics: Big Data Security Analytics Meets Endpoint Visibility from our publication library.