Archive for February, 2017

SentinelOne Receives Coveted ‘Recommended’ Rating for Advanced Endpoint Protection Solutions from NSS Labs

Monday, February 20th, 2017

SentinelOne’s Endpoint Protection Platform Protects Against Malware and Exploits Achieving a 100% Rating in Six of Seven Tested Categories.

SentinelOne, the company transforming endpoint security by delivering unified, multi-layer protection driven by machine learning and intelligent automation, today announced it has received a “recommended” rating for Advanced Endpoint Protection from NSS Labs. SentinelOne was recommended for its combined total cost of ownership and security effectiveness in the first public test of its kind. This rating reinforces SentinelOne’s innovation and leadership in the next-generation endpoint protection market.

“It goes without saying that the endpoint remains the most critical line of defence against the latest cyberattacks and the old way of protecting the endpoint through ageing antivirus technology simply doesn’t cut it anymore. SentinelOne’s powerful machine-learning applied to both static prevention and dynamic behaviour detection is what helps us to stand apart from the competition in a very crowded field,” said Tomer Weingarten, co-founder and CEO of SentinelOne.

“This ‘recommended’ rating from NSS Labs is proof that we are outperforming traditional AV solutions and other next-generation endpoint protection platforms,” continued Weingarten. “We take pride in knowing that our technology can withstand any attack and we have the third-party validation to back our claims.”

SentinelOne’s Endpoint Protection Platform (EPP) unifies prevention, detection and response in a single platform driven by sophisticated machine learning and intelligent automation. With SentinelOne, organisations can prevent and detect attacks across all major vectors, rapidly eliminate threats with fully automated, policy-driven response capabilities, and gain complete visibility into the endpoint environment with full-context, real-time forensics.

The company recently launched a major new enhancement to its machine-learning capabilities with its Deep File Inspection (DFI) engine. The DFI engine identifies and prevents the execution of advanced threats and performs powerful, on-access static analysis to uncover and block file-based malware prior to execution and without any dependence on signatures. The DFI engine makes it the SentinelOne EPP the only next-generation endpoint protection offering to seamlessly pair advanced static prevention with dynamic behavior-based detection within a single platform.

NSS Labs’ Advanced Endpoint Protection evaluation analysed the security efficacy, total cost of ownership per protected agent, stability and reliability of next-generation protection platforms. As advanced threats and targeted attacks continue to surge, the NSS Labs report provides customers with an impartial, third-party resource establishing SentinelOne EPP as a sophisticated solution for detecting and defending against complex cyberattacks.

Highlights of SentinelOne’s results from the Advanced Endpoint Protection NSS Labs report includes:

  • 100% block rating against malware and exploits in six of seven tested categories
  • Leading TCO rating
  • “SentinelOne’s Endpoint Protection Platform demonstrated excellent protection in an exhaustive series of tests by our team,” said Vikram Phatak, CEO of NSS Labs, Inc. “As cyberattacks continue to increase in sophistication, organisations should look for solutions that demonstrate both effectiveness and accuracy in identifying and stopping these threats before they can cause damage. We believe that SentinelOne demonstrated its capabilities well, earning it a ‘recommended’ rating in our Advanced Endpoint Protection group test.”

    This news comes on the heels of other recent momentous distinctions for SentinelOne:

  • Earlier this month the company announced it had been placed furthest for “completeness of vision” in the Gartner Magic Quadrant for Endpoint Protection Platforms. This was the second straight year that SentinelOne has been named a Visionary in the Gartner report.
  • In January, SentinelOne also announced it had secured an additional $70 million (USD) in series C funding led by Redpoint Ventures, bringing total funding to date to more than $110 million. The company plans to use this influx of funding to aggressively expand its sales and marketing efforts to drive more than 400% global sales growth in 2017, while continuing to maintain a strong investment in its research and development initiatives towards its next-generation endpoint protection platform.
  • For more information, or to download a complimentary copy of the NSS Labs report of SentinelOne’s Advanced Endpoint Protection test results, visit: https://go.sentinelone.com/NSSLabsResult_2017.html.

    About SentinelOne

    SentinelOne is shaping the future of endpoint security with an integrated platform that unifies the detection, prevention and remediation of threats initiated by nation states, terrorists, and organised crime. SentinelOne’s unique approach is based on deep inspection of all system processes combined with innovative machine learning to quickly isolate malicious behaviours, protecting devices against advanced, targeted threats in real time. SentinelOne was formed by an elite team of cyber security and defence experts from IBM, Intel, Check Point Software Technologies, McAfee, Palo Alto Networks and the Israel Defense Forces.

    Ruckus Introduces Cloudpath 5.1 to Secure Connected IOT Devices

    Thursday, February 16th, 2017

    Ruckus Wireless™, a part of Brocade, today announced version 5.1 of its Cloudpath™ ES security and policy management software. The latest software release enables organisations to automatically and securely connect Internet of Things (IoT) devices using certificates—the gold standard of device security—allowing IT to establish policies governing the behaviour of those devices. In conjunction with the Cloudpath software certificate authority (CA) and supported standards-based protocols, the new capabilities allow organisations and IoT device manufacturers to easily and automatically secure a wide range of connected IoT devices without changing existing security infrastructure.

    Gartner reports that IoT endpoints will reach an installed base of 20.4 billion units by 2020. In addition, AT&T’s Cybersecurity Insights Report, which surveyed more than 5,000 enterprises around the world, found that 85 percent of enterprises are in the process of or intend to deploy IoT devices. Yet, according to the report, a mere 10 percent of those surveyed feel confident that they could secure those devices against hackers.

    “The use of IoT-connected devices is now poised to grow exponentially, with IoT technology investments expected to reach $1.29 trillion by the year 2020 across multiple vertical segments and industries,” said Rohit Mehra, vice president, network infrastructure, IDC. “As with other aspects of IT infrastructure and applications, security risks and vulnerabilities associated with IoT are now a key area of focus for enterprise IT and LoB managers on an ongoing basis. These enterprises, along with their technology solution providers, need to find reliable, cost-effective ways to better secure their connected IoT applications and infrastructure, a challenge that Ruckus seeks to address with these new capabilities.”

    Cloudpath ES 5.1 software introduces device fingerprinting, a technique that allows IT to automatically identify IoT device types by comparing the device profile to a device fingerprint database.

    Together with other Cloudpath software features, the new release delivers the following benefits:

    IT can automatically secure, using certificates, fingerprint-identified IoT devices. If the device is unable to use a certificate, a Ruckus Dynamic Pre-Shared Key™ can be used to secure it. Both approaches enable IT to establish IoT device-specific policies. For example, IoT devices may be authorised to connect only to the cloud service with which they’re associated.

    IT can continue to use existing RADIUS and CAs to secure non-IoT devices. By using Cloudpath software and its dedicated CA to secure IoT devices, organisations avoid reconfiguring their current AAA and CA security implementation or, worse, creating custom middleware to secure devices using an existing CA.

    Manufacturers can improve the security readiness of their IoT devices. They can leverage standards-based certificate retrieval protocols such as SCEP and EST, which are native to the Cloudpath CA.

    Managed service providers (MSPs) can add new tenants at will. MSPs can utilise the multitenant capabilities in the Cloudpath virtual deployment implementation, thereby reducing deployment costs and management overhead compared to deploying a separate instance of security and policy management software for each end customer.

    “Traditionally, configuring IoT devices has been a huge headache for IT. These devices not only expose organisations to new security threats, but often require manual onboarding, assuming they can be onboarded at all,” said Kevin Koster, chief Cloudpath architect, Ruckus Wireless Business Unit, Brocade. “Cloudpath helps IT departments ensure their IoT devices don’t put their network and their users at risk, while enabling IoT device manufacturers to meet their own customers’ need for IoT device security.”

    The latest release of Cloudpath ES software will be generally available in the second quarter of 2017.

    World’s Most Common Password Hasn’t Changed in Years

    Tuesday, February 14th, 2017

    At this point, it’s not even funny. In 2016, the world’s most common password was “123456.” Surprise galore, “123456” was also the most common password in 2015. In 2014, you may be shocked to learn, the most common password was also “123456.” That sound you’re hearing is the noise a broken record makes.

    At this point, maybe let’s not focus on the sheer ridiculousness of this statistic. It’s overplayed—passwords are obsolete and people choose bad ones when given the choice. Instead, let’s look at some background facts. How are these “most common passwords” lists made, anyway? Does using a common password really make you insecure? How secure does using a “secure” password make you, anyway?

    How do these “Most Common Password” Lists Even Get Made?

    The first thing that you should know is that, while a lot of data gets stolen, not all of that data is valuable. Even lists of passwords aren’t necessarily that great. Hackers, as we’ve often said, are lazy. If you have an email address and a password, you might eventually be able to find someone’s address, get their credit card number, and start committing identity theft—but that takes a lot of work. Why’s this important?

    Due to the rather fungible value of password lists, hacking groups will often post their spoils directly to the internet. This is usually for bragging rights, although it also might be a free sample. Either way, the venue for these postings is usually a site called Pastebin. The public nature of these posts means that companies are able to look for the most common passwords, and therefore assemble these yearly scorecards.

    If You Use a Weak Password, Will You Get Hacked?

    You’re not guaranteed to get hacked if you use one of the most common passwords from 2016—but you’ll make it very easy for any hacker who tries to target you. Here’s how this works:

    Normally, when an attacker steals a list of passwords, they’ll come out as a list of encrypted phrases, called hashes. By design, hashes are one-way encryption—you’re not supposed to be able to use math to turn a hash back into plaintext. The problem, however, is that hashes with the same input always return the same output. In other words, if you take the password “123456” and run it through an MD5 hash generator, you’ll always get the output “e10adc3949ba59abbe56e057f20f883e.”

    If you’re a hacker, and you’ve just stolen a bunch of hashed passwords, you know that the odds are that a bunch of the hashes in there are from people who picked “123456” as their password. If you know that the hashing algorithm was MD5, you can just do CTRL-F for “e10adc3949ba59abbe56e057f20f883e” and steal all those passwords right away. Hackers will usually do this with a whole bunch of the most common passwords, in what’s known as a “pre-computed dictionary attack.”

    Is Your “Secure” Password As Secure As You Think It Is?

    A lot of people are now wise to the fact that you shouldn’t choose a simple password. There’s a huge but coming up, however—the passwords that we generally think of as secure, aren’t. Choosing a password with capital letters, numbers, and symbols probably will pose a minor impediment to a hacker who seriously wants your information.

    First of all, you’ve probably chosen a password that looks like this: 11Passw0rd! It’s got all of the “secure” elements, but the numbers are at the front, the zero replaces the “O,” and the symbol is at the back. It’s very common to use those elements in that order, which makes it easy for brute-force password-guessing software to reverse engineer even a relatively complex password—especially since it’s based on a word from the dictionary.

    Second of all, a lot of websites do password security… poorly. For example, we used MD5 as an example hash. MD5 has been nearly obsolete since about the 1990s, and takes seconds to crack—but a lot of companies use it anyway. There’s actually a sizeable contingent of companies which store passwords in plain text. You could be using the most secure password on Earth, and still get burned by malfeasance.

    If even “secure” passwords fail the sniff test, how should you protect your data? Establish fail-safes. A strong password on its own is no defense against malware, ransomware, or any of the other numerous ways that attackers can hack your systems. Choose a strong passwords, and choose to educate yourself about the importance of combatting insider threats with this whitepaper on Shadow IT and Security Information.

    View the original article published by SentinelOne.

    Palo Alto Networks Raises Bar with New Threat Prevention Capabilities for Its Next-Generation Security Platform

    Friday, February 10th, 2017

    New PAN-OS 8.0 Extends Safe Application Enablement and Successful Attack Prevention Capabilities of the Platform; Simplifies Security Operations

    Palo Alto Networks, the next-generation security company, today announced advancements to its Next-Generation Security Platform that extend the ability for customer organisations to safely enable applications, prevent successful cyberattacks, simplify security operations, and safely embrace the cloud.

    Cyber adversaries often use commoditized compute power and automated tools and evasion techniques to deploy sophisticated attacks at massive scale and little cost. Security teams can find themselves struggling to address the sophistication, speed and volume of these threats – both known and unknown – using a collection of legacy security point products, manual resources and tools that fail to provide thorough application visibility and control, can’t adequately identify and stop advanced attacks in an automated and timely manner, complicate security workflows, and require too much manual intervention.

    These challenges are compounded as network perimeters become more vulnerable with the rapid adoption of cloud deployments – public, private, hybrid or SaaS – resulting in applications and data moving across networks and endpoints to and from the cloud with users accessing data dynamically from anywhere and any device. This dramatically expands and complicates the landscape customer organisations must protect against a growing volume and variety of threats.

    The natively engineered Palo Alto Networks Next-Generation Security Platform addresses these challenges by safely enabling applications, content and users regardless of location, preventing successful attacks from known and unknown threats, while simplifying security operations and infrastructure, and giving organisations the freedom to safely embrace new cloud infrastructures.

    Building upon the existing capabilities of the platform, new advancements included in the Palo Alto Networks PAN-OS® operating system version 8.0 take advantage of added automation, machine learning and threat prevention capabilities, among others.

    Among the more than 70 new features introduced to the Next-Generation Security Platform as part of PAN-OS 8.0, threat prevention feature highlights include:

  • Stopping sandbox evasion techniques with a new 100 percent custom-built hypervisor and bare metal analysis environment for the WildFire™ service, designed to automatically identify and prevent the most evasive threats.
  • Automated command-and-control signatures using a new and unique payload-based signature generation engine. This new approach delivers researcher-grade, payload-based signatures in a delivery mechanism that is automated end to end for faster time to prevention of adversary phone home attempts.
  • Automated integration of threat intelligence delivered through the integration of the MineMeld application with the AutoFocus™ service, whereby security operations teams can easily ingest multiple data feeds, accelerate the digestion of all the threat intelligence, create customizable fields, and quickly automate remediation to the next-generation firewall, as well as alert SOC groups via third-party SIEM solutions or asset management products.
  • Management features that provide administrators fast and accurate insight delivered by Panorama™ network security management and now include ingestion of Traps™ advanced endpoint protection logs, as well as additional firewall logs. This enriches correlation of indicators of compromise and automates actions to update the next-generation firewall with new automated actions to prevent adversary lateral movement and alert IT via third-party IT service management and security response systems, such as ServiceNow, lowering operational burden for security teams.
  • Additional cloud security, hardware highlights and credential theft advancements are also available with the introduction of PAN-OS 8.0. See these related press releases:

  • Palo Alto Networks Extends Safe Application Enablement and Breach Prevention From the Network to the Cloud with Enhancements to Its Next-Generation Security Platform
  • Palo Alto Networks Delivers Industry-first Capabilities to Prevent Credential Theft and Abuse
  • Palo Alto Networks Expands Range of Next-Generation Firewall Devices with New Hardware and Virtual Appliances
  • QUOTES

    “With attackers adopting more sophisticated tactics and tools, it’s important that our security solutions are able to keep pace without requiring volumes of manual resources or chair swiveling from one product console to another, and that we have timely prevention mechanisms. The extended threat prevention capabilities introduced today in the Palo Alto Networks Next-Generation Security Platform allow us to better protect against advanced threats at the pace of our adversaries, safely enable application usage for our employees where ever they are, and reduce our management overhead.”
    – Eugene Purugganan, systems engineer, Animal Logic

    “Cloud and SaaS are revolutionising IT, but our customers, while eager to implement these technologies in their own network environments, are hesitant to adopt them due to cybersecurity concerns. Both current and prospective customers who currently leverage Palo Alto Networks Next-Generation Security Platform will be excited about how the newest innovations combine strong threat detection and prevention capabilities with automated features to ensure customers can secure their organisations against known and unknown cyberattacks targeting cloud, hybrid cloud and physical network environments.”
    – Luanne Tierney, managing member, Fivesky

    “Cyber adversaries are constantly finding new ways to evade detection by dynamic analysis environments, many of which share common open-source components. This has allowed advanced attackers to develop techniques to identify various analysis environments and evade detection. Custom analysis environments make it difficult for cyber criminals to predict system responses to these evasions – which should ultimately provide more protection for customers.”
    – Jason Pappalexis, distinguished research director, NSS Labs, Inc.

    “Using legacy security products and tools, organisations today face seemingly insurmountable challenges in protecting themselves from a growing volume of sophisticated threats. We are pleased to offer them an entirely different approach with our natively engineered Next-Generation Security Platform that raises the bar for organisations with new advancements in preventing malware sandbox evasion, automation of command-and-control protection, and threat intelligence ingestion that help our customers prevent successful attacks.”
    – Lee Klarich, executive vice president, Product Management, Palo Alto Networks

    AVAILABILITY

    PAN-OS 8.0 is now available globally to customers of Palo Alto Networks with a current support contract.
    To learn more about the Palo Alto Networks Next-Generation Security Platform, visit: https://www.paloaltonetworks.com/products/platforms.html.

    Palo Alto Networks Expands Range of Next-Generation Firewall Devices with New Hardware and Virtual Appliances

    Thursday, February 9th, 2017

    Palo Alto Networks® (NYSE: PANW), the next-generation security company, today announced availability of new purpose-built hardware and virtual next-generation firewall appliances that safely enable applications and redefine security performance for both threat prevention and SSL decryption, enabling customers to safely embrace the cloud and prevent successful cyberattacks across network, endpoint and cloud environments.

    The new models complement enhancements to the Palo Alto Networks Next-Generation Security Platform PAN-OS® operating system version 8.0, also introduced today, which includes more than 70 new features that deliver threat and credential theft prevention, secure cloud enablement, and more. As organisations look to modernise their physical data centres, embrace hybrid cloud environments, and apply advanced security measures across their infrastructure, they require greater performance to handle the tremendous amount of traffic generated by the growing number of users, applications and devices. The introduction of new SaaS applications running at higher throughputs further increases demand for bandwidth performance to and from the network.

    Complicating matters, as more and more traffic is encrypted by SSL, enterprises are left blind to the applications and content their users are accessing, and advanced cyber adversaries are increasingly leveraging SSL encryption to obscure malicious activity, leaving organisations unaware of the hidden dangers lurking on their networks. Legacy security products are simply unable to perform at rates high enough to decrypt this traffic and restore the visibility required to prevent cyber breaches.

    To address these needs and more, six new hardware firewall appliances join the existing hardware family of 16 appliances to safely enable applications and offer threat prevention in large data centres, small branches and remote locations, all managed centrally from Panorama™ network security management. The new and powerful hardware appliances enable advanced security protections applied at speed and scale by delivering predictable performance with deep visibility into and control over all traffic, including encrypted traffic.

    The VM-Series virtualized next-generation firewall family also has been optimised and expanded with three new models to support customer organisations expanding cloud and virtualization initiatives – from virtualized branch offices to data centre and service provider deployments – that require high throughput and capacity. With the new additions, the VM-Series now represents the industry’s broadest line of virtualized firewall appliances, delivering groundbreaking cloud security performance of up to 16 Gbps with App-ID™ technology visibility and over 10 Gbps with full threat prevention enabled.

    Highlights of the new hardware and virtual firewalls include:

    New PA-5200 Series: This new series includes three devices: the PA-5260, PA-5250 and PA-5220. This new advanced architecture delivers 72 Gbps App-ID and 30 Gbps Threat Prevention performance, up to 32M sessions, 3.2M SSL-decrypt session capacity and 6.5 Gbps SSL-decrypt throughput on the PA-5260 model. Higher 10G port density and 40G and 100G interface supports diverse deployments. These models deliver security for high throughput environments within a compact form factor, making them ideal for data centre consolidation, increased gateway demands, and inspecting encrypted traffic.

    New PA-800 Series: The new PA-800 series includes two devices: the PA-850 and PA-820. This new architecture delivers 1.9 Gbps App-ID and 780 Mbps Threat Prevention performance on the PA-850. A high-performance management plane leverages multiple CPU cores and 8GB memory. The PA-850 features redundant power for additional hardware resiliency. These models are ideal for medium-sized networks, and branch and remote office environments.

    New PA-220 delivers full PAN-OS capabilities in a small desktop footprint with increased port density. The PA-220 features built-in resiliency via dual power adapters and complete high availability support for active/active and active/passive clusters. Passive and silent cooling eliminates noise and increases reliability. The small footprint makes these models ideal for small branch offices and remote locations.

    Three new VM-Series virtual firewall models: These new models deliver industry-leading cloud security performance options ranging from 200 Mbps up to an industry-leading 16 Gbps to deliver predictable performance in cloud deployments and address a variety of use cases, from virtualized branch office to data centre and service provider deployments.

    New VM-50 is optimised to consume minimal resources yet delivers 200 Mbps of App-ID performance for customer scenarios that range from virtual branch office/customer premise equipment (CPE) to high-density, multi-tenancy environments.

    Faster VM-100, VM-200, VM-300 and VM-1000-HV have been optimised to deliver 2-4 times their previous performance with 2 Gbps and 4 Gbps of App-ID performance for hybrid cloud, segmentation and internet gateway use cases.

    New VM-500 and VM-700 deliver an industry-leading 8 Gbps to 16 Gbps of App-ID performance, respectively, and can be deployed as NFV security components in fully virtualized data centre and service provider environments.

    Complementing these firewall introductions is the release of Palo Alto Networks Next-Generation Security Platform PAN-OS® operating system version 8.0, which includes threat and credential theft prevention, cloud security and management advancements. See these related press releases:

  • Palo Alto Networks Extends Safe Application Enablement and Breach Prevention From the Network to the Cloud with Enhancements to Its Next-Generation Security Platform
  • Palo Alto Networks Raises Bar with New Threat Prevention Capabilities for Its Next-Generation Security Platform
  • Palo Alto Networks Delivers Industry-First Capabilities to Prevent Credential Theft and Abuse
  • Quotes

    “Cloud migration is a dynamic, bi-directional, and continuous process – sending workloads back and forth between the multiple clouds and data centres. The advancements announced today by Palo Alto Networks, including their new VM-series firewalls, provide customers a critical solution that is flexible enough to facilitate efficient movement between private networks and public/private clouds as new use cases are implemented.”
    – Jeff Wilson, senior research director, Cybersecurity Technology, IHS Markit

    “Palo Alto Networks understands the growing performance and capacity needs as customer organisations look to expand cloud use cases and implement advanced security capabilities throughout their data centres and distributed organisations. We are pleased to expand the performance range and use case possibilities with our newest hardware and virtual firewall models.”
    – Lee Klarich, executive vice president, Product Management, Palo Alto Networks

    Pulse Policy Secure the leading NAC and BYOD solution for your enterprise

    Friday, February 3rd, 2017

    Network access control (NAC) is no longer just about role-based user access control, device authentication, and guest management. The Pulse Policy Secure (PPS) solution offers pre and post connect features to assess, characterise and correct operating system and software configurations in real time.

    Organisations can identify unhealthy endpoints, such as systems missing important security updates, running unauthorised software, or having other high-risk elements, and segment them away from the rest of the network.

    As more organisations adopt bring your own device (BYOD) policies and wireless initiatives, there is greater demand for continuous endpoint compliance, or knowing what is running on the endpoint at all times. With PPS in your network, you have real-time visibility into all the devices connecting to the network and to be able to enforce
    security policies on the devices.

    Benefits of Pulse Policy Secure

  • Centralised management of access and compliance policies.
  • Easy integration with several Authentication, Authorisation, and Accounting (AAA) servers.
  • Role-based, application-level enforcement.
  • Distributed enforcement of network access policies.
  • Supports leading global-device management solutions from MobileIron and AirWatch.
  • PPS works with the MDM solution to evaluate whether the BYOD or corporate devices are compliant with organisational and Mobile Device Management (MDM) policies.
  • Allows context-aware policy enforcement for wired and wireless connections across desktop and mobile platforms.
  • Supports captive portal capabilities for allowing users onto their guest networks and capturing relevant information.
  • Supports automated device on-boarding, self-service enrollment, and integration with existing infrastructure to simplify deployments.
  • Dynamic endpoint assessment and enforcement.
  • Supports Profiler functionality, which helps you to get visibility and enforce your security policies for corporate access, BYOD, and guest access.
  • Supports comprehensive network visibility with simplified auditing, and monitoring of devices.
  • Supports interoperability with existing network infrastructure such as switches, wireless controllers, AD, firewalls, IDS, and Security information and event management (SIEM).
  • For more information on Pulse Policy Secure, see https://www.pulsesecure.net/policy-secure/tech-info/

    New Malware Threats: Ransomworm Is Coming, Are You Ready?

    Friday, February 3rd, 2017

    In 2016, there were over 4,000 ransomware attacks every day. This was a 300% increase over 2015, when there were 1,000 attacks every day, and it’s likely to get worse in 2017.

    In the first quarter of 2016, cyber criminals used ransomware to steal $209 million from US businesses with an expected $1B for the entire year. Crypto ransomware has grown in popularity since it started with Cryptolocker in 2013, and we can expect to see more clever ransomware as cyber criminals try to make money in 2017.

    Ransomware: No Skills Required
    When ransomware first came out, it required some skill in order to create an attack. Now, with the growth of ransomware as a service (RaaS), it has become a business model that makes it easy for cyber criminals to attack without requiring technical knowledge of how to create ransomware.

    To launch an attack on a group of victims, the cyber thief simply needs a credit card and a mailing list of targets that they want to attack. The user-friendly service allows criminals to download a ransomware tool for a small fee, set the ransom, and enter a deadline for the payment. For every victim that pays a ransom, the service provider gets a cut and the rest goes to the attacker. Some of the RaaS companies even provide training and support.

    Ransomware Gets More Personal
    “Ransomware is unique among cybercrime because in order for the attack to be successful, it requires the victim to become a willing accomplice after the fact.” – James Scott, Sr. Fellow, Institute for Critical Infrastructure Technology

    In the past, many ransomware attacks were blasted to huge lists in hopes that someone would open the email. You can expect more targeted, personalised attacks in 2017. With newer versions of ransomware, once it identifies whether it is attacking a business or personal machine, it will adapt its ransom demands to match the victim.

    For example, it may choose different types of files to encrypt based upon whether it is a personal or business machine. In addition to encrypting these files, it may post your confidential data to social media or a file space if you don’t pay the ransom.

    Ransomworm: Ransomware That Spreads Across Your Network
    In 2017, it’s likely to get worse as more ransomware is augmented with code from traditional network worms like SQL Slammer, CodeRed, and Conficker to create new ransomware that is able to spread across a network. This will effectively increase the amount of damage that can be done with ransomware.

    Using this method, after infecting one computer, the malware will be able to spread to additional computers on the network. It will allow an initial machine to become infected, have a ransom paid, and then wait on other machines undetected until it is ready to attack again. This means you may end up paying ransoms multiple times to the same criminals.

    Ransomworms that can infect multiple machines on a network already exist. A good example is ZCryptor. This malware does not require an email in order to infect machines. It takes advantage of attack vectors that were created by other malware and then self-propagates to the network from the compromised machine.

    SamSam is another example. It is spread via unpatched vulnerabilities on servers, allowing it to infect a machine and then go undetected, causing more damage on their internal network.

    Preventing A Ransomware Attack
    “Ransomware is more about manipulating vulnerabilities in human psychology than the adversary’s technological sophistication.” – James Scott

    Becoming a victim of a ransomware attack can be time-consuming, costly, and damaging to a company’s reputation. Here are some tips to thwart the next ransomware attack:

    Educate your users: According to a Verizon 2015 Breach Investigation Report, 11% of users will open an attachment from someone they don’t know. Infections are often caused by end-users. They open an infected attachment, or click on a link that takes them to an infected site.

    Offer security awareness training for your end users. If they receive an unsolicited or unexpected email with an attachment from the sender, have them call the sender to verify they sent it. If they receive an email with a link they were not expecting, they should never click on it.

    Backup your data: There will never be a 100% guarantee that malware like ransomworm will not successfully infiltrate your network. Backing up your data and keeping it off site and disconnected from your network is the safest way to ensure you can recover after a ransomware attack. Consider using a service like Amazon Glacier Cloud Storage for off-site backups.

    Keep your software patches up-to-date: Once your users are trained to avoid opening email attachments or clicking on links, exploiting software flaws is another common way for malware to spread over your network. Keeping your software patches up to date will help prevent the spread of ransomworms that exploit a network or software flaws.

    Enforce the principle of least privilege: The principle of least privilege gives programs and users access to the programs they need, but no more. Combining least privilege management with application controls can allow you to revoke local administrator rights on workstations in many cases. This will minimise the spread of unwanted software.

    Use endpoint security software: Some people assume that if they keep security and software patches up-to-date and enforce least privilege, they will have things adequately locked down. This is not the case.

    Don’t think you have to worry about security because of your company’s size? After all, only large companies are in the news saying they’ve been breached, right? Don’t fall victim to this fallacy.

    In the case of the Target breach, it was a small HVAC contractor that opened the email that allowed them to get hacked. Companies of all sizes need to have endpoint security like SentinelOne regardless of their size.

    Keeping New Malware Threats At Bay
    Expect several new malware threats in 2017 as cyber thieves try to increase their revenues by improving ransomware. Following these tips will help reduce the risk for your business and check out this guide to protecting virtualized environments and cloud infrastructure to minimise damage from cyber threats.

    Is your business ready for the next new malware threat?

    This article has been taken from the SentinelOne webiste. To view the original article, please click here.

    SentinelOne Named a Visionary for Second Straight Year in the Gartner Magic Quadrant for Endpoint Protection Platforms

    Friday, February 3rd, 2017

    SentinelOne Placed Furthest in “Completeness of Vision”

    SentinelOne, the company transforming endpoint security by delivering real-time protection powered by machine learning and dynamic behaviour analysis, today announced it has been positioned by Gartner, Inc. in the Visionary quadrant of the Magic Quadrant for Endpoint Protection Platforms (EPP) for the second straight year.*

    SentinelOne’s Endpoint Protection Platform (EPP) unifies endpoint threat prevention, detection and response in a single platform driven by sophisticated machine learning and intelligent automation. With SentinelOne, organisations can detect malicious behaviour across multiple vectors, rapidly eliminate threats with fully-automated, integrated response capabilities, and adapt their defences against the most advanced cyber attacks.

    “We have long held a culture of innovation within SentinelOne and are thrilled to be recognised for that commitment and record of execution towards a disruptive vision,” said Tomer Weingarten, CEO of SentinelOne. “Our vision from day one has been based on the belief that this problem can only be solved through a multi-layered approach that combines behaviour and static-based detection into a single integrated solution. This is the only way to protect against attacks that are rapidly evolving towards a multi-vector approach that combine file and file-less malware with other advanced techniques such as the use of scripting languages. In doing so we’ve positioned SentinelOne to be a true replacement for antivirus solutions, not simply another tool to augment antivirus’ weaknesses.

    “We are truly honoured to be recognised as a visionary in this year’s Gartner Magic Quadrant, and we will continue to work with organisations around the globe that are actively seeking strong solutions to help combat today’s sophisticated attacks,” continued Weingarten.

    This latest news comes one week after the company announced it has secured an additional $70 million (USD) in a Series C round led by Redpoint Ventures, bringing total investment in SentinelOne to more than $110 million.

    For a copy of the Gartner Magic Quadrant for Endpoint Protection Platforms, please click here.

    *Gartner Inc., “Magic Quadrant for Endpoint Protection Platforms” by Eric Ouellet, Ian McShane, Avivah Litan, Jan. 30, 2017.

    About the Magic Quadrant

    Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organisation and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

    About SentinelOne

    SentinelOne is shaping the future of endpoint security with an integrated platform that unifies the detection, prevention and remediation of threats initiated by nation states, terrorists, and organised crime. SentinelOne’s unique approach is based on deep inspection of all system processes combined with innovative machine learning to quickly isolate malicious behaviours, protecting devices against advanced, targeted threats in real time. SentinelOne was formed by an elite team of cyber security and defence experts from IBM, Intel, Check Point Software Technologies, McAfee, Palo Alto Networks and the Israel Defense Forces. To learn more visit sentinelone.com or follow us at @SentinelSec.