• Mqdefault
    LRS IT Solutions Security Overview
    Watch Video
    →
  • 13 data breach predictions for 2019

    Today's top stories

    Data breaches are inevitable at any organization. But what form will those breaches take? How will the attackers gain access? What will they steal or damage? What motivates them to attempt the attacks? CSO has gathered predictions from industry experts about where, how and why cyber criminals will attempt to break into networks and steal data during the coming year.

    1. Biometric hacking will rise

    The growing popularity of biometric authentication will make it a target for hackers. We will likely see breaches that expose vulnerabilities in touch ID sensors, facial recognition and passcodes, according to the Experian Data Breach Industry Forecast. “Expect hackers to take advantage not only of the flaws found in biometric authentication hardware and devices, but also of the collection and storage of data. It is only a matter of time until a large-scale attack involves biometrics either by hacking into a biometric system to gain access or by spoofing biometric data. Healthcare, government, and financial industries are most at risk,” said the report’s authors.

    2. A cyber attack on a car will kill someone

    The ability to hack and take control over a connected vehicle has been proven. Such a hack can not only turn off the car’s engine but disable safety features like antilock brakes or the airbags. “As cars become more connected and driverless cars evolve, hackers will have more opportunities of doing real harm,” says James Carder, CISO at LogRhythm Labs.

    3. Attackers will hold the internet hostage

    Someone—likely a hacktivist group or nation-state will take distributed denial of service DDoS to a whole new level in 2019 and attempt to take down a large part of the internet in an extortion attempt. A DDoS attack in 2016 against DNS hosting provider Dyn took down many popular websites including Twitter, Reddit and Amazon.com. Security expert Bruce Schneier noted that attackers were probing other critical internet services for potential weaknesses.

    “A DDoS attack of this magnitude against a major registrar like Verisign could take down an entire top-level domains (TLD) worth of websites,” WatchGuard’s Threat Lab team wrote in a blog post. “Even the protocol that drives the internet itself, Border Gateway Protocol (BGP), operates largely on the honor system. Only 10 percent of the internet addresses have valid resource public key infrastructure (RPKI) records to protect against route hijacking. Even worse, only 0.1 percent of the internet’s autonomous systems … have enabled route origin validation, meaning the other 99.9 percent are wide open for hostile takeover from route hijacking. The bottom line, the internet itself is ripe for the taking by someone with the resources to DDoS multiple critical points on the internet or abuse the underlying protocols themselves.”

    csoonline.com
    Read Article
    →
  • The CSO guide to top security conferences, 2019

    There is nothing like attending a face-to-face event for career networking and knowledge gathering, and we don’t have to tell you how helpful it can be to get a hands-on demo of a new tool or to have your questions answered by experts.

    Fortunately, plenty of great conferences are coming up in the months ahead.

    If keeping abreast of security trends and evolving threats is critical to your job — and we know it is — then attending some top-notch security conferences is on your must-do list for 2019.

    From major events to those that are more narrowly focused, this list from the editors of CSO, will help you find the security conferences that matter the most to you.

    We’ll keep it updated with registration deadlines and new conferences so check back often. While we don’t expect this calendar to be comprehensive, we do aim to have it be highly relevant. If there’s something we’ve missed, let us know. You can email your additions, corrections and updates to Michael Nadeau (michael_nadeau@idg.com).

    January 2019

    SANS Sonoma 2019, Santa Rosa, California: January 14 - 19

    Columbus Cyber Security Conference, Columbus, Ohio: January 17

    Cyber Security for Critical Asstes MENA, Dubai, UAE: January 21 - 22

    CPX 360 Asia 2019, Bangkok, Thailand: January 21 - 23

    SANS Miami 2019, Miami, Florida: January 21 - 26

    Cyber Threat Intelligence Summit & Training, Arlington, Virginia: January 21 - 28

    Houston Cyber Security Conference, Houston, Texas: January 24

    SANS Las Vegas 2019, Las Vegas, Nevada: January 28 - February 2

    Salt Lake City Cyber Security Conference, Salt Lake City, Utah: January 31

    February 2019

    SANS Security East 2019, New Orleans, Louisiana: February 2 - 9

    CPX 360 Americas, Las Vegas, Nevada: February 4 - 6

    Manusec: Cyber Security for Critical Manufacturing Europe, Munich, Germany: February 5 - 6

    Charlotte Cyber Security Conference, Charlotte, North Carolina: February 7

    Cybersecurity Leadership Summit, Washington, DC: February 11 - 13

    SANS Anaheim 2019, Anaheim, California: February 11 - 16

    SANS Northern VA Spring- Tysons 2019, Vienna, Virginia: February 11 - 16

    SecurIT*, Atlanta, Georgia: February 12

    Indianapolis Cyber Security Conference, Indianapolis, Indiana: February 14

    CPX 360 Europe, Vienna, Austria: February 18 - 20

    SANS Dallas 2019, Dallas, Texas: February 18 - 23

    SANS New York Metro Winter 2019, Jersey City, New Jersey: February 18 - 23

    SANS Scottsdale 2019, Scottsdale, Arizona: February 18 - 23

    Cybersec Brussels Leaders' Foresight 2019, Brussels, Belgium: February 20

    Des Moines Cyber Security Conference, Des Moines, Iowa: February 21

    Student260, Maplewood, Minnesota: February 22

    SANS Reno Tahoe 2019, Reno, Nevada: February 25 - March 2

    Open-Source Intelligence Summit & Training 2019, Alexandria, Virginia: February 25 - March 3

    Denver Cyber Security Conference, Denver, Colorado: February 28

    March 2019

    BSides Columbus, Columbus, Ohio: March 1

    SANS Baltimore Spring 2019, Baltimore, Maryland: March 2 - 9

    2019 Global Insider Threat Summit, San Francisco, California: March 4

    RSA Conference 2019, San Francisco, California: March 4 - 8

    Cyber Security for Critical Assets USA, Houston, Texas: March 5 - 7

    TrueSec Security Summit, Stockholm, Sweden: March 6 - 7

    SANS San Francisco Spring 2019, San Francisco, California: March 11 - 16

    SANS St. Louis 2019, St. Louis, Missouri: March 11 - 16

    SecureWorld Charlotte, Charlotte, North Carolina: March 14

    SANS Norfolk 2019, Norfolk, Virginia: March 18 - 23

    ICS Security Summit & Training 2019, Orlando, Florida: March 18 - 23

    DACHciso Summit, Frankfurt, Germany: March 19 - 20

    Detroit Cyber Security Conference, Detroit, Michigan: March 14

    Toronto Cyber Security Conference, Toronto, Ontario: March 21

    Insomni’hack 2019, Geneva, Switzerland: March 22 - 23

    Black Hat Asia 2019, Singapore: March 26 - 29

    SecureWorld Boston, Boston, Massachusetts: March 27 - 28

    Atlanta Cyber Security Conference, Atlanta, Georgia: March 28

    April 2019

    Nordics CISO Executive Summit, TBD: TBD

    Oktane19, San Francisco, California: April 1 - 4

    SANS 2019, Orlando, Florida: April 1 - 8

    Dallas Cyber Security Conference, Dallas, Texas: April 4

    CSO50 Conference + Awards*. Scottsdale, Arizona: April 8 - 10

    SecureWorld Philadelphia, Philadelphia, Pennsylvania: April 10 - 11

    Los Angeles Cyber Security Conference, Los Angeles, California: April 11

    Blue Team Summit & Training 2019, Louisville, Kentucky: April 11 - 18

    SANS Boston Spring 2019, Boston, Massachusetts: April 14 - 19

    SANS Seattle Spring 2019, Seattle, Washington: April 14 - 19

    Hartford Cyber Security Conference, Hartford, Connecticut: April 18

    SecureWorld Houston, Houston, Texas: April 18

    SANS Northern Virginia- Alexandria 2019, Alexandria, Virginia: April 23 - 28

    SecureWorld Toronto, Toronto, Ontario: April 24

    Memphis Cyber Security Conference, Memphis, Tennessee: April 25

    SANS Pen Test Austin 2019, Austin, Texas: April 29 - May 4

    Cloud Security Summit & Training 2019, San Jose, California: April 29 - May 6

    May 2019

    Infosecurity Denmark, Copenhagen, Denmark: May 1 - 2

    Philadelphia Cyber Security Conference, Philadelphia, Pennsylvania: May 2

    THOTCON, Chicago, Illinois: May 3 - 4

    SecureWorld Kansas City, Kansas City, Missouri: May 8

    Chicago Cyber Security Conference, Chicago, Illinois: May 9

    SANS Security West 2019, San Diego, California: May 9 - 16

    ItaliaSec, Rome, Italy: May 14 - 15

    Secure360 Twin Cities, Prior Lake, Minnesota: May 14 - 15

    TechNet Cyber, Baltimore, Maryland: May 14 - 16

    European Identity & Cloud Conference 2019, Munich, Germany: May 14 - 17

    Cybersec Expo, Warsaw, Poland: May 15 - 16

    San Antonio Cyber Security Conference, San Antonio, Texas: May 16

    SecureWorld Cincinnati, Cincinatti, Ohio: May 16

    HackMiami Con 7, Miami Beach, Florida: May 17 - 19

    SANS New Orleans 2019, New Orleans, Louisiana: May 19 - 24

    SANS Northern VA Spring- Reston 2019, Reston, Virginia: May 19 - 24

    IEEE Symposium on Security and Privacy, San Francisco, California: May 20 - 22

    IAPP Canada Privacy Symposium 2019, Toronto, Ontario: May 21 - 22

    RVAsec, Richmond, Virginia: May 22 - 23 

    SANS Atlanta 2019, Atlanta, Georgia: May 28 - June 2

    SANS San Antonio 2019, San Antonio, Texas: May 28 - June 2

    SecureWorld Atlanta, Atlanta, Georgia: May 29 - 30

    Louisville Cyber Security Conference, Louisville, Kentucky: May 30

    June 2019

    Atlanta CISO Executive Summit, Atlanta, Georgia: TBD

    Denver CISO Executive Summit, Denver, Colorado: TBD

    Indianapolis CISO Executive Summit, Indianapolis, Indiana: TBD

    Minneapolis CISO Executive Summit, Minneapolis, Minnesota: TBD

    Ohio CISO Executive Summit, TBD: TBD

    Philadelphia CISO Executive Summit, Philadelphia, Pennsylvania: TBD

    Vancouver CISO Executive Summit, Vancouver, British Columbia: TBD

    Ignite '19, Austin, Texas: June 3 - 6

    Seattle Cyber Security Conference, Seattle, Washington: June 6

    SANS Kansas City 2019, Kansas City, Missouri: June 10 - 15

    Baltimore Cyber Security Conference, Baltimore, Maryland: June 13

    SANSFIRE 2019, Washington, DC: June 15 - 22

    European Symposium on Security and Privacy (EuroS&P), Stockholm, Sweden: June 17 - 19

    UK CISO Executive Summit, TBD: June 19

    Boston Cyber Security Conference, Boston, Massachusetts: June 20

    Security Operations Summit & Training 2019, New Orleans, Louisiana: June 24 - July 1

    Identiverse, Washington, DC: June 25 - 28

    Tampa Cyber Security Conference, Tampa, Florida: June 27

    July 2019

    Minneapolis Cyber Security Conference, Minneapolis, Minnesota: July 11

    RSA Conference 2019 Asia Pacific & Japan, Singapore: July 16 - 18 

    Raleigh Cyber Security Conference, Raleigh, North Carolina: July 18

    Vancouver Cyber Security Conference, Vancouver, British Columbia: July 25

    DFIR Summit & Training 2019, Austin, Texas: July 25 - August 1

    Cyber: Secured Forum 2019, Dallas, Texas: July 29 - 31

    August 2019

    New York City Cyber Security Conference, New York, New York: August 1

    Black Hat USA 2019, Las Vegas, Nevada: August 3 - 8

    BSides Las Vegas, Las Vegas, Nevada: August 6 - 7

    Sacramento Cyber Security Conference, Sacramento, California: August 8

    Def Con 27, Las Vegas, Nevada: August 8 - 11

    Austin Cyber Security Conference, Austin, Texas: August 15

    Pittsburgh Cyber Security Conference, Pittsburgh, Pennsylvania: August 22

    Richmond Cyber Security Conference, Richmond, Virginia: August 29

    September 2019

    Montreal Cyber Security Conference, Montreal, Quebec: September 5

    Atlanta Cyber Security Conference, Atlanta, Georgia: September 12

    Phoenix Cyber Security Conference, Phoenix, Arizona: September 19

    Little Rock Cyber Security Conference, Little Rock, Arkansas: September 26

    October 2019

    Benelux CISO Executive Summit, TBD: TBD

    Milwaukee Cyber Security Conference, Milwaukee, Wisconsin: October 3

    Jacksonville Cyber Security Conference, Jacksonville, Florida: October 10

    Toronto Cyber Security Conference, Toronto, Ontario: October 17

    Omaha Cyber Security Conference, Omaha, Nebraska: October 24

    Cyber Security Summit, TBD: October 28 - 30

    Cybersec Forum, Krakow, Poland: October 29 - 30

    November 2019

    San Diego Cyber Security Conference, San Diego, California: November 7

    Kansas City Cyber Security Conference, Kansas City, Missouri: November 14

    Nashville Cyber Security Conference, Nashville, Tennessee: November 21

    December 2019

    Dallas Cyber Security Conference, Dallas, Texas: December 4

    St. Louis Cyber Security Conference, St. Louis, Missouri: December 5

    Anaheim Cyber Security Conference, Anaheim, California: December 11

    Cincinnati Cyber Security Conference, Cincinnati, Ohio: December 12

    * This event is presented by IDG Communications, the parent company of CSO.

    csoonline.com
    Read Article
    →
  • What is ransomware? How to prevent and remove it

    Ransomware is a form of malicious software (or malware) that, once it's taken over your computer, threatens you with harm, usually by denying you access to your data. The attacker demands a ransom from the victim, promising — not always truthfully — to restore access to the data upon payment. 

    Users are shown instructions for how to pay a fee to get the decryption key. The costs can range from a few hundred dollars to thousands, payable to cybercriminals in Bitcoin.

    How ransomware works

    There are a number of vectors ransomware can take to access a computer. One of the most common delivery systems is phishing spam — attachments that come to the victim in an email, masquerading as a file they should trust. Once they're downloaded and opened, they can take over the victim's computer, especially if they have built-in social engineering tools that trick users into allowing administrative access. Some other, more aggressive forms of ransomware, like NotPetya, exploit security holes to infect computers without needing to trick users.

    There are several things the malware might do once it’s taken over the victim's computer, but by far the most common action is to encrypt some or all of the user's files. If you want the technical details, the Infosec Institute has a great in-depth look at how several flavors of ransomware encrypt files. But the most important thing to know is that at the end of the process, the files cannot be decrypted without a mathematical key known only by the attacker. The user is presented with a message explaining that their files are now are now inaccessible and will only be decrypted if the victim sends an untraceable Bitcoin payment to the attacker.

    In some forms of malware, the attacker might claim to be a law enforcement agency shutting down the victim's computer due to the presence of pornography or pirated software on it, and demanding the payment of a "fine," perhaps to make victims less likely to report the attack to authorities. But most attacks don't bother with this pretense. There is also a variation, called leakware or doxware, in which the attacker threatens to publicize sensitive data on the victim's hard drive unless a ransom is paid. But because finding and extracting such information is a very tricky proposition for attackers, encryption ransomware is by far the most common type.

    Who is a target for ransomware?

    There are several different ways attackers choose the organizations they target with ransomware. Sometimes it's a matter of opportunity: for instance, attackers might target universities because they tend to have smaller security teams and a disparate user base that does a lot of file sharing, making it easier to penetrate their defenses.

    On the other hand, some organizations are tempting targets because they seem more likely to pay a ransom quickly. For instance, government agencies or medical facilities often need immediate access to their files. Law firms and other organizations with sensitive data may be willing to pay to keep news of a compromise quiet — and these organizations may be uniquely sensitive to leakware attacks.

    But don't feel like you're safe if you don't fit these categories: as we noted, some ransomware spreads automatically and indiscriminately across the internet.

    How to prevent ransomware

    There are a number of defensive steps you can take to prevent ransomware infection. These steps are a of course good security practices in general, so following them improves your defenses from all sorts of attacks:

    • Keep your operating system patched and up-to-date to ensure you have fewer vulnerabilities to exploit.
    • Don't install software or give it administrative privileges unless you know exactly what it is and what it does.
    • Install antivirus software, which detects malicious programs like ransomware as they arrive, and whitelisting software, which prevents unauthorized applications from executing in the first place.
    • And, of course, back up your files, frequently and automatically! That won't stop a malware attack, but it can make the damage caused by one much less significant.

    Ransomware removal

    If your computer has been infected with ransomware, you'll need to regain control of your machine. CSO's Steve Ragan has a great video demonstrating how to do this on a Windows 10 machine:

    The video has all the details, but the important steps are to:

    • Reboot Windows 10 to safe mode
    • Install antimalware software
    • Scan the system to find the ransomware program
    • Restore the computer to a previous state

    But here's the important thing to keep in mind: while walking through these steps can remove the malware from your computer and restore it to your control, it won't decrypt your files. Their transformation into unreadability has already happened, and if the malware is at all sophisticated, it will be mathematically impossible for anyone to decrypt them without access to the key that the attacker holds. In fact, by removing the malware, you've precluded the possibility of restoring your files by paying the attackers the ransom they've asked for.

    Ransomware facts and figures

    Ransomware is big business. There's a lot of money in ransomware, and the market expanded rapidly from the beginning of the decade. In 2017, ransomware resulted in $5 billion in losses, both in terms of ransoms paid and spending and lost time in recovering from attacks. That's up 15 times from 2015. In the first quarter of 2018, just one kind of ransomware software, SamSam, collected a $1 million in ransom money.

    Some markets are particularly prone to ransomware—and to paying the ransom. Many high-profile ransomware attacks have occurred in hospitals or other medical organizations, which make tempting targets: attackers know that, with lives literally in the balance, these enterprises are more likely to simply pay a relatively low ransom to make a problem go away. It's estimated that 45 percent of ransomware attacks target healthcare orgs, and, conversely, that 85 percent of malware infections at healthcare orgs are ransomware. Another tempting industry? The financial services sector, which is, as Willie Sutton famously remarked, where the money is. It's estimated that 90 percent of financial institutions were targeted by a ransomware attack in 2017.   

    Your anti-malware software won't necessarily protect you. Ransomware is constantly being written and tweaked by its developers, and so its signatures are often not caught by typical anti-virus programs. In fact, as many as 75 percent of companies that fall victim to ransomware were running up-to-date endpoint protection on the infected machines.

    Ransomware isn't as prevalent as it used to be. If you want a bit of good news, it's this: the number of ransomware attacks, after exploding in the mid '10s, has gone into a decline, though the initial numbers were high enough that it's still. But in the first quarter of 2017, ransomware attacks made up 60 percent of malware payloads; now it's down to 5 percent.  

    Ransomware on the decline?

    What's behind this big dip? In many ways it's an economic decision based on the cybercriminal's currency of choice: bitcoin. Extracting a ransom from a victim has always been hit or miss; they might not decide to pay, or even if they want to, they might not be familiar enough with bitcoin to figure out how to actually do so.

    As Kaspersky points out, the decline in ransomware has been matched by a rise in so-called cryptomining malware, which infects the victim computer and uses its computing power to create (or mine, in cryptocurrency parlance) bitcoin without the owner knowing. This is a neat route to using someone else's resources to get bitcoin that bypasses most of the difficulties in scoring a ransom, and it has only gotten more attractive as a cyberattack as the price of bitcoin spiked in late 2017.

    That doesn't mean the threat is over, however. Barkly explains that there are two different kinds of ransomware attackers: "commodity" attacks that try to infect computers indiscriminately by sheer volume and include so-called "ransomware as a service" platforms that criminals can rent; and targeted groups that focus on particularly vulnerable market segments and organizations. You should be on guard if you're in the latter category, no matter if the big ransomware boom has passed.

    With the price of bitcoin dropping over the course of 2018, the cost-benefit analysis for attackers might shift back. Ultimately, using ransomware or cryptomining malware is a business decision for attackers, says Steve Grobman, chief technology officer at McAfee. “As cryptocurrency prices drop, it’s natural to see a shift back [to ransomware]."

    Should you pay the ransom?

    If your system has been infected with malware, and you've lost vital data that you can't restore from backup, should you pay the ransom? 

    When speaking theoretically, most law enforcement agencies urge you not to pay ransomware attackers, on the logic that doing so only encourages hackers to create more ransomware. That said, many organizations that find themselves afflicted by malware quickly stop thinking in terms of the "greater good" and start doing a cost-benefit analysis, weighing the price of the ransom against the value of the encrypted data. According to research from Trend Micro, while 66 percent of companies say they would never pay a ransom as a point of principle, in practice 65 percent actually do pay the ransom when they get hit.

    Ransomware attackers keep prices relatively low — usually between $700 and $1,300, an amount companies can usually afford to pay on short notice. Some particularly sophisticated malware will detect the country where the infected computer is running and adjust the ransom to match that nation's economy, demanding more from companies in rich countries and less from those in poor regions.

    There are often discounts offered for acting fast, so as to encourage victims to pay quickly before thinking too much about it. In general, the price point is set so that it's high enough to be worth the criminal's while, but low enough that it's often cheaper than what the victim would have to pay to restore their computer or reconstruct the lost data. With that in mind, some companies are beginning to build the potential need to pay ransom into their security plans: for instance, some large UK companies who are otherwise uninvolved with cryptocurrency are holding some Bitcoin in reserve specifically for ransom payments.

    There are a couple of tricky things to remember here, keeping in mind that the people you're dealing with are, of course, criminals. First, what looks like ransomware may not have actually encrypted your data at all; make sure you aren't dealing with so-called "scareware" before you send any money to anybody. And second, paying the attackers doesn't guarantee that you'll get your files back. Sometimes the criminals just take the money and run, and may not have even built decryption functionality into the malware. But any such malware will quickly get a reputation and won't generate revenue, so in most cases — Gary Sockrider, principal security technologist at Arbor Networks, estimates around 65 to 70 percent of the time — the crooks come through and your data is restored.

    Related video:

    Ransomware examples

    While ransomware has technically been around since the '90s, it's only in the past five years or so that it's really taken off, largely because of the availability of untraceable payment methods like Bitcoin. Some of the worst offenders have been:

    • CryptoLocker, a 2013 attack that launched the modern ransomware age and infected up to 500,000 machines at its height
    • TeslaCrypt, which targeted gaming files and saw constant improvement during its reign of terror
    • SimpleLocker, the first widespread ransomware attack that focused on mobile devices
    • WannaCry, which spread autonomously from computer to computer using EternalBlue, an exploit developed by the NSA and then stolen by hackers
    • NotPetya, which also used EternalBlue and may have been part of a Russian-directed cyberattack against Ukraine
    • Locky, which started spreading in 2016, was "similar in its mode of attack to the notorious banking software Dridex."

    And this list is just going to get longer. Even as this article was being put together, a new wave of ransomware, dubbed BadRabbit, spread across media companies in Eastern Europe and Asia. It's important to follow the tips listed here to protect yourself.

    Related video:

    csoonline.com
    Read Article
    →
  • Lrs security preparedness checklist.pdf thumb rect larger
    LRS Security Preparedness Checklist
    Get Infographic
    →
  • Spectre and Meltdown | Salted Hash Ep 17

    Partners

    Top
    infoworld.com
    Read Article
    →
  • Why Endpoint Management Is Critical to Security Strategy

    Endpoint management is typically the responsibility of the IT operations or infrastructure teams, not the security team. So why should security care about endpoint hygiene?

    Pervasive Endpoint Vulnerabilities

    Attacks come from all directions, and many of them originate on endpoints. In fact, according to IDC, 70 percent of successful breaches begin at the endpoint. As of this writing, the National Institute of Standards and Technology (NIST) is tracking 100,311 known CVE vulnerabilities in its National Vulnerability Database (NVD). Of these, 15 percent were new vulnerabilities identified in 2017.

    The Ponemon Institute’s “2017 State of Endpoint Security Risk” report found that 69 percent of companies believe that endpoint security risk to their organizations has significantly increased over the past 12 months, yet only 36 percent have adequate resources to address the risk. Most companies take an average of 100 to 120 days to patch vulnerabilities. In addition, many companies have critical vulnerabilities that go unpatched altogether.

    Further complicating matters, up to 67 percent of systems administrators have trouble determining which patches need to be apply to which systems. A Gartner report titled “It’s Time to Align Your Vulnerability Management Priorities With the Biggest Threats” revealed that many security teams struggle to prioritize the most important threats. It’s no surprise, then, that vulnerability management is one of the most significant problems facing the security industry. Without adequate visibility into potentially infected endpoints across the enterprise, teams often patch these vulnerabilities in a non-directed, broad-based manner, which can leave endpoints vulnerable to the most damaging attack vectors.

    Register for the Feb. 13 Webinar: Show Your Endpoints Some Strategic Love

    Eight Steps to Improve Endpoint Management and Security

    When new vulnerabilities are announced, IT teams must quickly query endpoints to understand which devices are at risk and determine their level of exposure. Once a remediation path is determined, security personnel must collaborate closely with infrastructure teams to ensure that the highest-priority patches are rolled out as quickly as possible to prevent exploitation of these new vulnerabilities. But this can get tricky, especially for organizations with remote locations and low bandwidth, or locations that only occasionally connect to the corporate network.

    Below are eight best practices to help security professionals improve endpoint management:

    1. Use an endpoint management solution that supports bandwidth throttling so that remote endpoints can be continuously patched and secured rather than having to sporadically send IT resources to remote locations. (Hint: Check to see if bandwidth consumption can be set to less than 5 percent. This will ensure that remote productivity is not impacted while reducing IT time spent on patching and minimizing operational expenditures.)
    2. Consider an endpoint management that that delivers patches via the internet – without requiring corporate network access. This ensures that internet-facing systems are patched in a proactive, timely manner rather than IT having to wait for these devices to visit the corporate network before they can be scanned and remediated. (Hint: Look for cloud based content creation capabilities – This saves significant IT staff time that would have been spent creating patch packages.)
    3. Evaluate the scalability and administrative overhead of endpoint management solutions to accommodate tight budgets and future growth. Look for solutions that can support many endpoints using a single management server and make sure to understand how many IT resources will be needed to manage the solution on a daily basis. (Hint: Many companies can manage up to 250,000 endpoints using a single management console with one or two administrators.)
    4. Consolidate endpoint management tools. Use a single tool to patch systems across Windows, Mac and variations of Unix operating systems to simplify administration, minimize the number of open network ports, and reduce the number of active agents on endpoints. (Hint: Look for solutions that require only a single open network port to minimize risk.)
    5. Validate that the endpoint management solution provides accurate, real-time endpoint data and reports. End users make changes to endpoints all the time and information that is hours or days old may not reflect a current attack surface. (Hint: Seconds matter when under attack and real-time querying and reporting enables security teams to better prioritize patches based on actual risk.)
    6. Apply patches that address the highest levels of risk first based on current endpoint status. This gives the biggest impact from remediation efforts. (Hint: Aligning patching order to descending risk levels addresses the biggest and most serious vulnerabilities faster to better reduce overall attack surface.)
    7. Make sure the endpoint management solution enforces regulatory and corporate compliance policies on all endpoints constantly to avoid unintended drift and introduction of new vulnerabilities. (Hint: Not only does this reduce risk, it makes passing security and regulatory audits faster and easier saving IT organizations time and money.)
    8. Finally, check to see what other applications integrate with the endpoint management solution. (Hint: Look for tools that enable security teams to see endpoint data within existing security information and event management (SIEM), incident response and endpoint detection and response (EDR) tools to streamline remediation prioritization.)

    Endpoint Security Is a Daily Battle

    Endpoint landscapes change constantly, and keeping up with these changes can be challenging. End users download unapproved applications all the time, some of which can contain malware. Operating system and application patches are difficult to prioritize and are not always successfully applied the first time, especially on remote or roaming endpoints with low bandwidth or inconsistent corporate network connectivity.

    Visibility into endpoint status can be inaccurate, incomplete and ineffective. This increases the time and effort IT must spend on endpoint management and can impact your budget — as well as your weekends, credibility and even job security. Together, these things make passing regulatory and security audits difficult. What’s worse, it increases your attack surface and risk.

    Let’s face it: Endpoint management and security is a daily battle. That’s why you need a solution that helps you discover, manage and secure your endpoints faster, more easily and more consistently.

    Read the report: CISOs Investigate — Endpoint Security Peer-Authored Research

    securityintelligence.com
    Read Article
    →
  • Security Monitoring and Analytics: Moving Beyond the SIEM

    This is the final installment in a three-part series. Be sure to read Part 1 and Part 2 for more information.

    Improving integration, visibility and analytics with a platform approach to security information and event management (SIEM) is the means to the business value of security, compliance and operational efficiency.

    Security teams are operating in an evolving macro environment, which presents three challenges:

    1. The incredible rate of change in information technology infrastructure has led to such complexity in our networks, systems and applications that most organizations struggle with the in-house capabilities and resources to keep up.
    2. Regulatory and legal responses to these issues can literally be years behind, and yet the intensifying requirements for demonstrating compliance represent another significant demand on limited in-house resources.
    3. At the same time, the attackers are increasingly sophisticated, focused and disruptive.

    These forces — in combination with a critical skills shortage in cybersecurity — are driving a significant shift in how enterprise security operations centers (SOCs) are evolving.

    Download the Report: The Business Value of a Security Analytics Platform

    Four Capabilities to Build a More Efficient Security Operations Center

    To keep up with the complexity and compliance of their computing infrastructures — and to get ahead of the current time advantage of the attackers — enterprise SOCs need to build on the foundation of their existing SIEM platforms with additional capabilities such as:

    • Advanced threat monitoring that leverages the rules engines of the leading SIEM platforms, in combination with the specialized expertise and focus of full-time threat hunters, to make continuous improvements in use cases;
    • Advanced threat detection that combines context-specific data with analytics and machine learning to look for suspicious patterns, behaviors and anomalies across a wider range of both historical and real-time data;
    • Accelerated incident investigation of suspected incidents with increasingly automated triage, prioritization and validation of alerts based on context-specific data — in addition to a final review and validation by human security analysts; and
    • Faster incident response by replacing purely ad hoc activities with common playbooks, analytical tools, incident management tools and reporting, which liberates security analysts to spend less time doing research and more time doing analysis.

    Ultimately, these capabilities help to deliver value by reducing the total time needed to detect, investigate, respond and remediate security-related incidents — from the status quo of weeks and months to as short as hours and days.

    Taking SIEM to the Next Level

    Many organizations lack the resources — both bandwidth of existing personnel and specialized technical expertise — and the tactical focus to perform well at these types of activities. Their primary strategic focus is on running and growing their business, not security, compliance, privacy and risk.

    Even if a given organization is capable of traditional, do-it-yourself integration of on-premises security solutions using in-house resources, is it really better off doing these activities on its own? A growing number of companies choose to leverage the expertise, scale and scope of a specialized, third-party security services provider and prioritize other activities for their own staff. Regardless of how you implement — whether in-house, software-as-a-service (SaaS) or fully outsourced — what’s important is that you address these needs by taking your SIEM platform to the next level.

    Either way, the platform approach to security monitoring and analytics is well-aligned with these capabilities, while a traditional, tools-based approach is not.

    Download the Report: The Business Value of a Security Analytics Platform

    feedproxy.google.com
    Read Article
    →