SC Magazine's reporter Adam Greenberg published an article today about a recent APT that steals user login credentials from oil companies to penetrate their systems and gain access to documentation that can be used in a profit-making scam. Adam's source, Luis Corrons, PandaLabs technical director, says that the infiltration is not malware rather its carrier is a PDF that launches scripts that steals the user credentials.
Not every security technology will thwart off every attack. This happens to be a real-life use case that does lend itself to technology that Viewfinity offers.
Here's the Reader's Digest version:
Typically in order to obtain user credentials, the attacker must use techniques such as pass the hash, which requires admin rights. If admin rights are removed, you've closed down that loophole.
Application control/whitelisting would block the unknown application. Our file history tracking capabilities will identify the source of the URL from which the PDF was introduced, and our integration with network security vendors will subsequently update the firewall policies to block this URL.
The PDF with the rogue scripts would be found, its propagation path traced, and all corporate resources that it identified would be logged. Follow-up block or restrict policies would be invoked to remediate any further damage.
In fact, we'll be showing this use case in a 30 minute webinar this week:
Be Your Own Forensics Expert
Thursday, May 21st at 2:00 pm ET
Register here: http://www.techrepublic.com/resource-library/webcasts/webcast-be-your-own-forensics-expert/?promo=5101
Juniper Research published new research on May 12, 2015 suggesting that the collective costs of data breaches will increase to $2.1 trillion globally by 2019.
In its May 12th press release, Juniper highlights points of interest from the report, stating that the majority of threats will still focus on existing and established infrastructures vs. mobile or IoT because the latter has yet to be monetized:
‘Currently, we aren’t seeing much dangerous mobile or IoT malware because it’s not profitable’, noted report author James Moar. ‘The kind of threats we will see on these devices will be either ransomware, with consumers’ devices locked down until they pay the hackers to use their devices, or as part of botnets, where processing power is harnessed as part of a more lucrative hack. With the absence of a direct payout from IoT hacks, there is little motive for criminals to develop the required tools.’
Other key findings include:
- Nearly 60% of anticipated data breaches worldwide in 2015 will occur in North America, but this proportion will decrease over time as other countries become both richer and more digitised.
- The average cost of a data breach in 2020 will exceed $150 million by 2020, as more business infrastructure gets connected.
Read the full press release here: http://www.juniperresearch.com/press/press-releases/cybercrime-cost-businesses-over-2trillion?utm_source=gorkanapr&utm_medium=email&utm_campaign=cybercrime15pr1
Earlier this spring Viewfinity
announced our latest network security integration, this time with Check
Point Anti-bot Blade. This integration brings the ability to remediate threats
across all endpoints within a network, something previously impossible. The
advanced remediation, successful due to this integration, allows Viewfinity to
provide a full circle threat management solution which can also reduce costs by
eliminating the need to reimage infected computers.
running a 20 minute sneak preview demo on Thursday 5/14 – reserve your seat
Here’s a quick overview of how the collaboration works to
accelerate remediation within any network:
If you’d like to learn more, be
sure to attend our 20 minute
Cyber Security Ventures, a R&D firm out of Silicon
Valley just released its latest report on the top cyber security firms around
the world. Not only did Viewfinity make the list, it landed itself in the top 3rd
of companies, and in the top 20 for Massachusetts.
more about what landed Viewfinity on the list.
Viewfinity, along with 34 other innovative companies have
made the Boston-area the 3rd largest cyber security hub in the US,
just behind Virginia and California, respectively.
On their website Cyber Security
Ventures explains a bit more about this list,
“The Cybersecurity industry is
growing from $71 Billion in 2014 to $155+ Billion in 2019, according to
consolidated estimates by IT research firms and analysts cited in the
Cybersecurity Market Report, published quarterly by Cybersecurity Ventures.
There are many new entrants as well as M&A, investment and IPO activity,
that is constantly changing the vendor and service provider landscape. The
Cybersecurity 500 creates awareness and recognition for the most innovative
cybersecurity companies – ranging from the largest and most recognizable
brands, to VC backed start-ups and emerging players, to small firms with
potentially game-changing technologies, to solution providers poised for growth
around productized or vertically focused services.”
Viewfinity is thrilled to be announced as one of the top
global cyber security firms, especially in the wake of our latest product
innovations. Viewfinity offers advanced endpoint protection that focuses on
lessening the impact of IT security breaches before, during, and after an
attack. Our core capabilities aim to reduce the attack surface and proactively
deter advanced persistent threats by:
Managing administrative rights once local admin
rights have been removed from users machines
Monitoring and controlling all applications
being installed or run within an environment (can be used as a precursor to
Accelerated detection, incident response, and
remediation efforts via threat management capabilities that collaborate with
network security sandboxes and firewalls, reputation database services, and
Lawrence Pingree, Neil MacDonald and Peter Firstbrook published a new research report today.
Gartner Research: Best Practices for Detecting and Mitigating Advance Persistent Threats
From Lawrence Pingree's blog:
Information security practitioners must implement specific strategic and tactical best practices to detect and mitigate advanced persistent threats and targeted malware by leveraging both existing and emerging security technologies in their security architectures.Management silos between network, edge, endpoint and data security systems can restrict an organization’s ability to prevent, detect and respond to advanced attacks. Adversaries continue to use social engineering and social networks to target sensitive roles or individuals within …
Gartner clients can access this research by clicking here.
Year after year RSA has no trouble creating buzz, as
industry experts share knowledge and innovations related to IT security theories,
trends and facts. However, above and beyond this year, a favorite story comes
from John Pescatore of the SANS Institute. In the wake of so many data breaches
over the past few years, organizations are losing faith in the ability to stop
these infiltrations. Despite the pessimison, at RSA John Pescatore explained,
measure by measure, that data breach prevention is possible and that
organizations should not give up.
During his talk, Pescatore stressed the importance of having
a strong security portfolio which takes on security from various angles. He
used real-life examples of organizations who have been able to successfully
prevent data breaches using a multitude of approaches.
One of the organizations which Pescatore featured in his
talk was the Australian Government’s Department of Defense. According to
Pescatore, this governing body was able to realize
a number of measurable reductions in “the rate of successful malware
execution by nearly two-thirds by layering three security technologies” (Shea, 2015). These three
security technologies included Application Whitelisting, adding least privilege
users access, and OS patch management.
Here is a quick breakdown on the results which they saw:
We’ve long been speaking about the top
4 mitigation strategies that the Australian Government has been
implementing for a long time now, and it’s great to see that they have realized
some strong measurable results. Clearly a layered security approach which
handles management of both users and applications is a key factor in preventing
these data breaches.
Viewfinity offers the only solution to combine the strength
of both privilege management and application control within the architectural
integrity of one single agent. If you’d like to find out more, join
us on Tuesday, April 28th at 2pm ET for a live webcast event: Advanced Endpoint Protection: Full Circle
Prevention-Detection-Remediation Based on a single Agent.
Shea, S. (2015, April 23). Pescatore on security
success: Breach prevention is possible. Retrieved from Tech Target:
The week before RSA, 60 Minutes dug in a bit deeper into the
hack which effected Sony last fall, revealing the tactics taken related to the
incident. FireEye, a renowned IT
security company, had its newly acquired company, Mandiant, share what they
learned through their forensics investigation.
If you missed the
segment, you can view it online here:
What is most revealing about this report is that the hackers
didn’t focus on stealing credit card or social security numbers and personal
data, they exposed a different type of vulnerability. This cyberattack almost had an “an eye for an
eye” feel to it; the North Koreans were embarrassed by a film that Sony would
soon release, so they wanted to embarrass Sony in retaliation.
Because emails containing scandalous gossip were also made
public as part of this breach, causing deep embarrassment for the authors and
the persons of subject, FireEye reports that this hack has scared CEOs in a new
way. “Now every CEO is walking around
saying, how do I feel if my email is out on the internet?” CISOs are now having a new kind of dialog
with the board of directors because of this twist on “breached data.”
The report goes on to state that a hacker only needs to
break into one machine and then he’s inside your infrastructure, followed by a
screen capture of passwords being stolen.
It’s cited that even an unsuspecting routine activity like an Adobe Flash
updater is all it takes for an infiltration – it’s that one machine that it
uses as a passageway. “Every
corporation's network is only as strong as its weakest link.” That’s all it took to get going, and the
hackers took off from there.
This is a real-life, compelling use case for why admin rights
need to be removed from your endpoint devices and all advanced endpoint
security solutions need to be evaluated for how effective they can be in
preventing, detecting and responding to these advanced persistent threats.
Viewfinity is helping a lot of companies manage least
privilege environments as well as integrating endpoint forensics with network
security vendors. Viewfinity
is at RSA. Stop by our booth #1046
in the South Hall.
week Viewfinity announced the release of version 5.5 for Privilege Management
and Application Control GPO solutions. This latest release brings together an easy
to manage policy GUI, powerful forensic tools, and threat management and
remediation via collaboration with network security vendors.
release continues Viewfinity’s model to provide a full circle
prevention-detection-remediation solution based on the architectural integrity
of a single agent.
latest release includes:
will be previewing this latest release next week at RSA. Stop by booth #1046 in
the South Hall to see new capabilities first hand, or contact a Viewfinity representative today for a
Last week Lysa Myers, of We
Live Security, published an article highlighting the increase in breaches
targeting medical based organizations. Premera
Breach: Healthcare Businesses in the Crosshairs discusses some of the
most high profile data breaches so far this year, affecting millions of
records. Myers cites the high quantity and high value of medical records as a
driving factor in many of these advanced attacks.
Viewfinity works with healthcare companies to offer advanced endpoint
Myers stresses the importance of risk mitigation as part of
a solid security strategy; understanding security must be approached from
various angles to achieve comprehensive protection. Myers uses the article to
call out and explain the top strategies that organizations should employ to
- Regular and timely software updates / patch
- Two-factor authentication of sensitive data
- The principle
of least privileges
- Comprehensive data encryption
- Layered security: anti-malware + firewall + etc.
In line with Myers’ suggestions, Viewfinity offers advanced endpoint
protection that focuses on lessening the impact of IT security breaches before,
during, and after an attack. Our core capabilities aim to reduce the attack
surface and proactively deter advanced persistent threats by:
- Managing administrative rights once local admin
rights have been removed from user machines.
- Monitoring and controlling all applications
being installed or run. This can be used as a precursor to default deny.
- Accelerating detection, incident response, and
remediation efforts via threat management capabilities that collaborate with
network security sandboxes and firewalls, reputation database services, and
out more here.
Defense Essentials: Prevention-Detection-Remediation Practices
IBM did the math, over
1 billion records were leaked in 2014 as a result of cyber-attacks. To put
that into perspective, that’s like having every single person in the US have
data stolen… 3 times.
While each cyber-attack deploys different infiltration
methods, for different motivations, one thing can be agreed upon: defending the
endpoint is paramount in the war against cyber criminals.
Today, Viewfinity will run a live webinar with Mike Rothman,
Analyst and President of Securosis, to discuss endpoint defense essentials. The
discussion will focus on prevention, detection, and remediation practices that
you can be implementing within your organization right now.
Here are some of the essentials that you need to be
considering to ensure your endpoints are protected from advanced attacks:
- Solid hygiene and configuration practices
- Focusing on least privilege to prevent
- More effective detection
- Working closely with network-based defenses
- Investigating and remediating the inevitable
Viewfinity offers a closed-loop security solution which
works to protect organizations before, during, and after an attack, all within
a single agent on the endpoint. This comprehensive solution provides
unparalleled protection while still maintaining the architectural integrity of
the endpoint. Which in laymen’s terms means that the Viewfinity agent is a
one-stop shop for prevention, detection, and remediation.
After Mike Rothman’s presentation you’ll also get a chance
to hear from Viewfinity VP of Product Management, Alex Shoykhet as he explains:
- Managing privilege elevation after closing down
the security loophole related to admin rights
- Application control (above and beyond whitelisting)
and the important role that monitoring and forensics play
- Advanced threat management that shares endpoint
information with firewall technology to update firewall policies.
Reserve your seat here,
or request a recording if you can’t
make it today.