EnCase® Cybersecurity and HP ArcSight Express Join Forces to Deliver a Powerful Post-Event Solution

When it comes to integrating with industry-leading technologies, something is always in the works at Guidance Software. This week at HP Protect in Washington, D.C., we announced a powerhouse incident-response bundle that pairs EnCase Cybersecurity with HP ArcSight Express. 

Designed for organizations that have invested in the ability to detect threats, but that are challenged in figuring out which of the alerts in the alert storm are meaningful, our combined solution is a comprehensive, best-of-breed post-event workflow that can help you automatically prioritize and respond to the most critical alerts. 

A Mantra for Data Privacy Day: “Trust, but Verify”

Anthony Di Bello

The National Cyber Security Alliance has deemed today Data Privacy Day, and there probably isn’t anyone with a phone or an internet connection who hasn’t become deeply concerned about this issue in recent months. Guidance Software customers and our fellow information security professionals work in some of the most well-defended organizations on the planet, and we have learned a lot from collaborating with them on security in the age of assumed compromise—since the barbarians have breached the gate.

So although I’m certain that everyone reading this blog post knows far more about data security than the average citizen, I do have some recommendations. To begin with, the chief information security officer (CISO) at one of our customers, a global auto manufacturer, added a very important new facet to his internal data security training program.

How Endpoint Security Analytics Could Have Cut the Target Hack Short

Alfred Chung

Recent intelligence about the Target breach, its scope, and its attack vectors has included the fact that memory-scraping malware was instrumental in hijacking credit-card data prior to its encryption for transmission to remote payment processors. Symantec reported on the registry keys and files dropped by the malware that are even now being used by software vendors to update their signature-based antivirus and alerting systems.

The critical point, however, is that the malware that was undoubtedly designed specifically for Target is probably already morphing into something unrecognizable by those signature-based tools for the next organization being drawn into the hackers’ crosshairs. Each organization that is hit with a form of this malware in the future will be on the receiving end of its own, customized attack for which no signature can be created.

U.K. Announces Engagement in the War With No Front Line

Alex Andrianopoulos

On the day the mighty U.S. government shut down, the U.K. government threw down a colossal gauntlet: it revealed that it has been developing the capacity to carry out cyber attacks. The Financial Times reported today: Philip Hammond, defence secretary, said ahead of the Conservative party conference in Manchester that the UK was "developing a full-spectrum military cyber capability, including a strike capability." It was the first time any country  has made such a sensitive statement in public.

When old processes meet new technology

Josh Beckett

As usual, one article triggered a series of thoughts to connect from various news pieces that have been building up in my head over the past week.  Let's start with the most recent first.  Reading this article on what security concerns the leadership in healthcare the most got me thinking.  Particularly this quote from the article:  “The goal in healthcare generally is treating those patients, not privacy and security. You don’t see the same focus on security in healthcare that you do in the financial sector.”  Yeah, that sounds about right.  Makes sense from what I've seen and experienced.  I'm sure we've all seen that there are signs in hospitals and other health care places that say 'No Smoking, Oxygen In Use' or some such thing.  These rules make sense to all of us.  We all get it.  Problem is, there is no such rule about no hacking hospitals.  'Our pricing model doesn't let us afford ample security staff, so please don't hack us' just doesn't carry the weight as 'don't smoke or you'll blow us all up.'  Patients' health is their primary focus, thankfully, and the data is just a way to describe the current condition and progress so that you can achieve the good health outcome of your client.  Essentially, it is a model that hasn't evolved in light of the data revolution of the computer age.  This brings me to my next thought...government security clearances.

...Or you could fix the software.

Josh Beckett

One of the fundamental realities of security is dealing with vulnerabilities.  In the industry, we have become so jaded to the fact that software makers simply don't want to go to the trouble and expense of churning out secure code that we have just learned to 'abide.'  Consequently, we come up with elaborate ways to measure vulnerabilities and concoct Wile E. Coyote style mitigation plans to bring the risk down to an acceptable level.

Occasionally, I'm reminded that my permanently security-tainted skepticism needs a bit of a challenge to my comfortable position that there is no real security, there is only incident response.  We continue to fight a losing war and resign ourselves to try harder tomorrow.  With nation-states throwing their hats and ample wallets into the ring and anonymously buying bugs and exploits and expecting it to not be reported to the software vendor or public, it seems all is lost.