Showing posts with label Security Analytics. Show all posts
Showing posts with label Security Analytics. Show all posts

Why Signature-Based Cyber-Defenses are Bound to Fail

Sam Maccherola

You will never see an alert from your security information and event management (SIEM) tool for a zero-day attack. There is no signature in your blacklist for the malware that was custom-built for your organization and secretly colonized your mail server a month ago. No indicator, no pattern match, no alert.

Why is this the case? Because malware is constantly morphing, and because the sophisticated and dedicated minds under those black hats are working night and day to design a data breach specifically for each organization it decides to invade. When it hits you, it will be the first time its signature has ever been seen.

RDP Hacks: Thwarting the Bad-Guy Network

Jason Fredrickson

Brian Krebs of Krebs on Security just posted an article on RDP hacks that exploit weak or default login credentials, and goes on to describe how that provides the basis for a cybercrime business. His article explains that Makost[dot]net rents access to more than 6000 poorly configured and, therefore, compromised Remote Desktop Protocol (RDP)-enabled servers around the globe. As Krebs says, “…the attackers simply needed to scan the Internet for hosts listening on port 3389 (Microsoft RDP), identify valid usernames, and then try the same username as the password.” It’s a classic brute-force attack and it’s aimed directly at an extremely weak target.

Many people on first reading this would consider this capability a “vulnerability” of Windows, but that’s like saying that an automated teller machine (ATM) has a “vulnerability” that allows you to get cash from your bank account. It’s a feature of the operating system and Windows is not alone in exposing functionality like it.

Announcing EnCase Analytics, the Industry’s First Proactive Endpoint Security Analytics Solution

Just in time for the Department of Homeland Security’s National Cyber Security Awareness Month, Guidance Software has unleashed one of the most powerful weapons in the war against security risks--EnCase® Analytics. In fact, we announced  the general availability of EnCase Analytics just yesterday. This is big news for information security, incident response, and risk and compliance teams, because EnCase Analytics gives you something you could never get before: an early look at previously unknown and difficult-to-detect threats through the use of “big data” analytical techniques. It does this by analyzing the reams of data generated by your users’ endpoint activity, producing for the first time a clear picture of organization-wide security risk—both internal and external. 

Big Data Security Analytics Meets Endpoint Visibility

Ale Espinosa

Gone are the days of one-size-fits-all. Today, everything is about tailor-made and customization. This includes cybersecurity threats.

In the last few years, security has become increasingly more challenging. According to recent Enterprise Strategy Group (ESG) research, “62% of IT security professionals say that security management is somewhat more difficult or significantly more difficult than it was two years ago. ” This is because threats have become more sophisticated and more targeted.

But we don’t know what we don’t know, so how can we locate and expose these needles of unknown threats in the haystack of massive enterprise data? Through the use of Big Data security analytics.

In the recent ESG Brief EnCase Analytics: Big Data Security Analytics Meets Endpoint Visibility, Jon Oltsik, Senior Principal Analyst for ESG, talks about the new reality of security information, which is that guarding enterprise data has become increasingly challenging due to the sophistication of the threats, security staffing shortage, and incident-detection challenges.

Jon then applied his expertise in Big Data and experiences in security to lay out the Big Data security analytics continuum, in which corporations tend to land on the spectrum based on two extremes: real-time vs. asymmetric Big Data security analytics. He also discusses the four pointers in getting Big Data security analytics right, and described how EnCase Analytics —a turn-key solution— is a happy medium in the Big Data security analytics continuum.

To find out how to derive security intelligence through the use of Big Data security analytics, download Enterprise Strategy Group Brief: EnCase Analytics: Big Data Security Analytics Meets Endpoint Visibility from our publication library.





Beyond Reactive: Your Security Game Plan

Sandy Lii The well-known military general and strategist Sun Tzu said it best in The Art of War, “If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.” In today’s war against cybersecurity threats, two types of enemy have been classified: known threats and unknown threats.

The known threats, true to their name, are tracked by their known and readily available signatures and are typically stopped by perimeter security solutions such as antivirus software, firewalls, or SIEM (security information and event management) systems. While these tools are necessary and can be effective at stopping known threats, the unknown threats--the ones with no defined modi operandi or signatures--remain at large within organizations, lurking undetected, waiting for the right moment to strike. Sometimes, these threats can even be a careless or disgruntled employee.

Hello? You’ve Been Breached.

Ale Espinosa Knock, knock. Who’s there? The FBI.

The reality of the world we live and do business in has made us increasingly vulnerable to cyber threats and attacks. Perimeter security and signature-based threat detection tools can only do so much when the threat is brand new or if it morphs as it spreads out through your network, making their signature unrecognizable. Chances are, there is someone lurking in your network right now and you don’t even know it.

In fact, Verizon’s 2013 Data Breach Investigations Report revealed that approximately 70% of cyber breaches go completely undetected by organizations’ security teams, and are instead discovered by external parties like the authorities, FBI, or even the attackers themselves.

Security: It’s All About Philosophy

Sandy Lii Perimeter security solutions are like the walls of a fort: companies have been trying to strengthen these proverbial walls, building them as tall and as thick as possible. But realistically, how tall and thick can these walls be without impacting daily functions? And are these walls really stopping all the intrusions?

Sadly, the answer is no.

Just like bad guys don’t usually knock on your front door, identify themselves truthfully, and wait to be invited in, many of the security threats disguise themselves well and aren’t immediately known to us.

So how do we get rid of these threats without building the walls so high that we no longer see the sun? It’s all about philosophy.