Archive for November, 2017

Your Worst Nightmare: Fileless Malware

Thursday, November 30th, 2017

By now, everyone pretty much knows what malware is and how it works: Victims receive an email telling them that if they just open the attached PDF, their entire life will morph into heaven on earth. Or they get an email telling them that they need to click on a link to avoid blowing up the universe, or some such catastrophe. In any event, the malware can be stymied by simply not opening the attachment, clicking on the link or whatever. It’s pretty simple. Just educate the users not to open attachments from unfamiliar email senders, links from what appear to be legitimate e-commerce sites and so on. Bad actors defeated. World safe again.

Unfortunately, the bad guys are hip to this, which is why a new type of cyberattack is taking hold: fileless malware. Unlike the malware described in the opening paragraph, fileless malware does not depend on the victim downloading any files. That’s because it doesn’t require any files. It invades systems in two ways:

  • The malware’s code resides in RAM or in the system registry.
  • The malware infects its host through scripts.

Conventional Delivery Methods and Unconventional Purposes

Even though files are not used to deliver the malicious code, phishing schemes can still be used to allow the code to infiltrate systems. For example, malicious code can be delivered in the form of a Word document, which, when opened, releases the malware. Of further concern is that fileless malware often uses anti-forensics techniques to erase its tracks, thus making it completely invisible.

The purpose of fileless malware is most often similar to that of conventional attacks: get access to credentialed data and personal information. However, because of its stealthy and persistent nature, there is some suspicion that fileless malware will be used to support espionage activities and to set the stage for future acts of sabotage.

Can Fileless Malware Be Stopped?

The problem is complex. To begin with, organizations have to realize that processes that run scripts, like Microsoft PowerShell, are just as capable of delivering malware as processes that execute them, like opening a PDF. Secondly, companies must make sure that their employees are educated about the dangers of opening ANY attachments that aren’t from known senders, and third, every patch issued by any vendor must be installed immediately. This includes, of course, the antivirus software on the system, as well as the operating system itself. Simple steps like these can prevent a lot of future pain.

Pick the Right Security Software

It’s essential to realize that the threat is getting more common and the attackers more creative. Whether it’s through email spam with attachments, PowerShell or the Windows Registry database, fileless malware may very well try to find a home in the systems environment. The best defence against any type of malware attack is proper education and a multi-layered security software. When evaluating different security solutions to hinder the threat of fileless malware, there are several things to consider, including, but not limited, to:

  • What’s the vendor’s level of sophistication with regard to understanding the threat?
  • Will the vendor provide access to current users?
  • Is the software user reviewed? This can reveal things like ease of implementation and customer service.
  • Does it emphasize endpoint protection?
  • What’s the upgrade history? Once a year won’t hack it (no pun intended) in this environment.
  • Does the vendor offer a cyber warranty? Not many do, and this can tell a lot (mainly because it requires an insurance underwriter).

The threat vectors are ever-increasing, but due diligence in employee education, and choosing the right security solution still offers the best chance of not becoming the next victim of the new bad kid on the block, fileless malware.

Want to see how SentinelOne can stop file-less attacks? Request a Demo Now.

View the original article by SetinelOne.

Majority of consumers would stop doing business with companies following a data breach, finds Gemalto

Wednesday, November 29th, 2017

A majority (70%) of consumers would stop doing business with a company if it experienced a data breach, according to a survey of more than 10,000 consumers worldwide conducted on behalf of Gemalto, the world leader in digital security. In addition, seven in ten consumers (69%) feel businesses don’t take the security of customer data very seriously.

Despite these concerns, the Gemalto study found that consumers are failing to adequately secure themselves, with over half (56%) still using the same password for multiple online accounts. Even when businesses offer robust security solutions, such as two-factor authentication, two fifths (41%) of consumers admit to not using the technology to secure social media accounts, leaving them vulnerable to data breaches.

This may be because the majority of consumers (62%) believe the business holding their data is mostly responsible for its security. This is resulting in businesses being forced to take additional steps to protect consumers and enforce robust security measures, as well as educate them on the benefits of adopting these. Retailers (61%), banks (59%) and social media sites (58%) were found to have a lot of work to do, with these being sectors that consumers would leave if they suffered a breach.

“Consumers are evidently happy to relinquish the responsibility of protecting their data to a business, but are expecting it to be kept secure without any effort on their part,” says Jason Hart, CTO, Identity and Data Protection at Gemalto. “In the face of upcoming data regulations such as GDPR, it’s now up to businesses to ensure they are forcing security protocols on their customers to keep data secure. It’s no longer enough to offer these solutions as an option. These protocols must be mandatory from the start – otherwise, businesses will face not only financial consequences but a potential legal action from consumers.”

Despite their behaviour, consumers’ security concerns are high, as two thirds (67%) worry they will be victims of a data breach in the near future. Consequently, consumers now hold businesses accountable – if their data is stolen, the majority (93%) of consumers would take or consider taking legal action against the compromised business.

Consumers Trust Some Industries More Than Others

When it comes to the businesses that consumers trust least, over half (58%) believe that social media sites are one of the biggest threats to their data, with one in five (20%) fearful of travel sites – worryingly, one in ten (9%) think no sites pose a risk to them.

On the other hand, a third (33%) of consumers trust banks the most with their personal data, despite them being frequent targets and victims of data breaches, with industry certified bodies (12%), device manufacturers (11%) and the government (10%) next on the list.

Hart continues, “It’s astonishing that consumers are now putting their own data at risk, by failing to use these measures, despite growing concerns around their security. It’s resulting in an alarming amount of breaches – 80% – being caused by weak or previously stolen credentials. Something has to change soon on both the business and consumer sides or this is only going to get worse.”

Additional Resources

About the Survey

10,500 Adult con sumers were interviewed by Vanson Bourne globally. Countries included were the US, UK, France, Germany, India, Japan, Australia, Brazil, Benelux, UAE and South Africa. All of those surveyed actively use online/mobile banking, social media accounts or online retail accounts.

View the original post by Gemalto.

The Cybersecurity Skills Gap Is Putting Businesses at Risk

Friday, November 24th, 2017


The gap between the supply of trained cybersecurity professionals and the demand for their skills is steadily widening. The ISACA reports that by 2019 the global cybersecurity shortage will reach two million jobs, and a Brocade global study reveals that 54% of businesses expect to struggle in the next year due to a lack of cybersecurity skills.

Additionally, the rise of cyber-attacks over the last several years shows no sign of letting up. Not only are more and more attacks being created, but their sophistication continues to grow. Juniper Research reports that the average cost of a data breach could exceed $150 million by 2020 as more business infrastructure becomes connected, while globally the annual cost of cybercrime will rise above $21 trillion in 2019.

Numbers aren’t everything, but it’s clear that many businesses will struggle to secure the talented individuals they need to protect their organisation – and further casualties are highly likely. At a time when cybersecurity skills are stretched, this could prove disastrous for many businesses.

What does the cybersecurity skills gap mean for businesses?

A Skills Gap Significantly Increases Cybersecurity Risk

The lack of skilled cybersecurity experts is going to increase a business’ risk in several ways.

To begin, fewer employees mean fewer eyes monitoring and fewer man-hours spent working. This increases the risk of a vulnerability lying unfixed until it is too late and, consequently, increases the overall likelihood of a breach occurring.

Second, fewer workers mean businesses will be less prepared to respond in the event that a breach does occur. For many businesses, especially small to medium-sized enterprises, this can be devastating as long periods of downtime could spell potential bankruptcy for companies already in a weakened state following a breach.

Ultimately, no matter the size or status of a business the skills gap overall effect is a significant increase in risk. It is highly likely that over the next few years, as threat actors become more sophisticated in their attack methods that we will see the effects of the skill gap amplified resulting in breaches that are even more damaging than those in recent memory.

As Demand Increases, So Will Wages

In addition to having to cope with a skills gap and the resulting risk this creates, businesses will also struggle to hold on to their top professionals.

The high demand for cybersecurity talent, relative to supply, will cause wages and competition amongst employers to increase. Organisations that do not provide competitive offers will struggle to attract and retain skilled workers. When this happens organisations tend to fill the gaps by hiring less qualified professionals that they train to bring up to speed. The problem with this is as the individual’s skill set increases so do their demand in a competitive marketplace which means that the employer will still be forced to pay a higher wage or risk losing the time they have invested in that employee to a better offer.

Technology Must Fill the Gap

With the number of trained professionals forecast to fall far below demand, businesses will need to rely on their security tools to fill in the gaps more than ever before. Businesses should be constantly reviewing new tools on the market to see if emerging technologies offer any opportunity to fill in some of these gaps and provide more effective and efficient protection for critical systems.

Ideally, an organisation’s security tools should augment their security team’s efforts and protect them against a broad array of attacks (including executables, document exploits, scripts and false credentials) throughout the entire threat life-cycle: pre-execution through post-execution.

Conclusion

The gap between the supply of trained cybersecurity professionals and the demand for their skills is only going to continue to widen as we move forward. As a result of this, businesses will face increased risk, increased employment costs, and a growing reliance on tools that improve security efforts. Businesses need to be aware of and have a plan for dealing with these challenges, otherwise, we will continue to see more and more high profile breaches over the next several years.

View the original article by SentinelOne.

Ruckus Launches New Versatile Switch Family for Next Generation Networks

Monday, November 20th, 2017

Ruckus, today announced a new family of switches to support next-generation network edge and aggregation/core requirements. The Ruckus ICX® 7650 family delivers high-performance switching capabilities to meet current and future network demands, including high-density 802.11ac / 802.11ax Wi-Fi deployments, UHD video streaming, line rate encryption and single point of management.

The Ruckus ICX 7650 is the industry’s highest performing, scalable edge switch to deliver support for 100 Gigabit Ethernet—the highest port density for IEEE 802.3bz (multi-gigabit) Ethernet ports, along with the highest number of IEEE 802.3bt-ready (90 W PoE) ports on the market today. This family is the first fixed configuration switch to offer 100 Gigabit Ethernet for campus networks.

“As more wireless users access cloud and data-intensive applications on their devices, the demand for high-speed, resilient edge networks continues to increase,” said Siva Valliappan, vice president of campus product management, Ruckus. “The innovative technology behind the ICX 7650 switch family captures all these requirements, enabling users to scale and future-proof their network infrastructure to meet the increasing demand of wired and wireless network requirements for seven to ten years.”

The high-performance Ruckus ICX 7650 family offers a flexible, scalable architecture for simplified management and is available as a multi-gigabit access switch or a medium core/aggregation switch. The ICX 7650 is the industry’s first multi-gigabit (IEEE 802.3bz) Ethernet stackable switch with 100GbE connectivity, In-Service Software Upgrades (ISSU) for high availability in a stack, up to 90 Watts (IEEE 802.3bt ready) of PoE power per port and dual hot-swappable power supplies and fans for added resiliency. The ICX 7650 has fixed 40 Gigabit and 100 Gigabit Ethernet ports that can be used as uplinks or stacking ports, further supplementing user bandwidth requirements by providing modular uplinks that can scale from 10 to 100 Gigabits. With all the features of ICX switches, such as simplified management with campus fabric and advanced stacking capabilities, these switches are ideal for customers in markets with high-bandwidth requirements including education, hospitality, federal government and small-to-medium enterprise (SME).

“The new Ruckus ICX 7650 switch expands Ruckus’ offering in multi-gigabit Ethernet switching, delivering more multi-gigabit ports, higher performance with up to 100G uplinks and more PoE power to support high density wireless deployments, including future Wi-Fi standards such as 802.11ax and beyond,” said Nolan Greene, senior research analyst, enterprise networks, IDC. “This new family of switches is well suited for many vertical segments including Primary and Higher Education, Carpeted Enterprise, Large Public Venues and Government markets that value a high-performance, future-proof network platform.”

Features for Ruckus ICX 7650 Family

The new ICX 7650 family includes three new models including:
1) the ICX 7650-48ZP multi-gigabit access switch.
2) the ICX7650-48F core/aggregation switch.
3) ICX 7650-48P high-performance gigabit switch.

  • The ICX 7650-48ZP access switch provides 24 ports of multi-gigabit (IEEE 802.3bz) Ethernet ports to also support 90 W of PoE power (IEEE 802.3bt ready), as well as 24 ports of Gigabit Ethernet to support PoE+.
  • The ICX 7650-48F core/aggregation switch provides a high-performance platform with up to 24 10G and 24 1G fiber ports with the premium L3 features of a large core switch as well as 256-bit MACsec line rate encryption.
  • The ICX 7650-48P can be flexibly deployed in multiple management models – as a stack of up to 12 switches, stacked over long distances up to 10 km, or in a fabric bringing the ease of plug-and-play while retaining a secure and scalable design.
  • ​With the advancement of Wi-Fi technologies delivered by 802.11ac and 802.11ax capable APs, customers require networks that will support their current and future needs. The ICX 7650 provides the right network infrastructure delivering high-performance connectivity for existing and future Wi-Fi networks where reliability, simplified management and future-proofing is essential.

    What’s Wrong with PSKs and MAC Authentication for BYOD?

    Monday, November 20th, 2017

    When a BYOD user or visitor needs network access, how do you roll out the welcome mat without leaving the door wide open to anyone who wanders by? Plenty of organizations use conventional pre-shared keys or MAC authentication to get BYOD users and visitors on the network. Seems reasonable—until you learn that these mechanisms come with serious security flaws. What’s so bad about traditional pre-shared keys (PSKs) and MAC authentication for guest and BYOD onboarding from an IT security perspective? Let’s find some answers.

    What’s the problem with pre-shared keys?

    When users ask for “the Wi-Fi password”, they are using the common vernacular for pre-shared keys. Suppose an IT administrator sets up a Wi-Fi SSID with an assigned PSK, and then simply gives that PSK to anyone who requires network access. Maybe you even use this approach yourself—why not? Well, for a few reasons.

    Start with the fact that when you have a single Wi-Fi password, you have no way to control who has access to it. Users can—and do—share Wi-Fi passwords with others, even people you might not want to have access to your network.

    When everybody’s sharing the same password, there’s also no way to revoke access to an individual user—say, when someone leaves the organization. Do you really want former employees to be able to just hop on your network after they’ve left? Probably not. But you can’t change that password without disrupting access for everyone—so you might be tempted never to change it. Not a good policy.

    OK, then what about MAC Authentication?

    At least PSKs encrypt data traffic in transit over the air. When you use MAC authentication to provide network access for BYOD and guest users, that’s not the case. Anyone can intercept that data traffic. Attackers also find it easy to spoof MAC addresses and thereby gain unauthorized access to the network.

    Heard enough? There’s more.

    With both PSKs and MAC authentication, you have no way to associate each device with a user. Suppose you become aware of a device that’s wasting bandwidth by downloading huge video files—and, even worse, it’s copyrighted content being downloaded illegally over your network. You would want to put a stop to that right away. If you have no way to link that device with a specific person, good luck figuring out who it is.

    Secure environments use “role-based access” to control what different types of users can do on the network. On a K-12 school network, for example, you might want to let teachers access Netflix to play a documentary but block that application for students. Or you might need to restrict access to a server housing sensitive student data to only a few privileged users. If you use PSKs or MAC authentication to grant access, you can forget it—neither works with your infrastructure to support granular policy enforcement.

    Additionally, neither traditional PSKs nor MAC authentication let you perform an up-front assessment of a device’s security posture, or automatically remediate any issues discovered. For example, before you let a BYOD user on the network, you probably want to make sure that tablet he’s about to connect has a passcode enabled. Otherwise, when it’s lost or stolen, an unauthorized user can get unfettered access to confidential data on your network. You also probably want to make sure that laptop a contractor just brought into your environment has the desktop firewall turned on, and current anti-malware protection in place, before you allow it to connect. These are sound, straightforward IT security practices—and you can’t use them if you’re using traditional PSKs or MAC authentication.

    There’s a better way to do this.

    A secure onboarding solution is an important element of a layered approach to IT security—and traditional PSKs and MAC authentication just don’t get the job done. Fortunately, Ruckus offers a solution that does: Cloudpath Enrollment System (ES). Cloudpath ES provides secure network access with role-based policy control for any user and any device—and you don’t have to swap out your WLAN or wired infrastructure to use it.

    You’ll always need to get BYOD users and guests up and running. By putting aside legacy access methods, you can do it without giving away the keys to the kingdom.

    Learn more about Cloudpath ES. You can also check out the product overview video:

    What is the real cost of a data breach?

    Monday, November 20th, 2017

    It seems like not a day goes by without news of a data breach. Companies of all industries from financial services to healthcare are continuously targeted for bits of valuable customer data. As customers, we depend on companies we entrust with our data to keep it safe. Many times companies would rather gamble and take the “it won’t happen to us” approach than bet with the odds and realize there is a very good chance that it indeed WILL happen to them.

    It’s only a matter of time. And it may be days, weeks or even months before the intruder is even discovered, giving him/her plenty of time to gather massive amounts of data. One of the latest victims of a breach was U.S. fast food chain Sonic, which learned of the breach after discovering what they described as a “fire sale” of millions of stolen credit and debit card numbers on the Dark Web.

    The consumer is the biggest loser

    Who really suffers when a breach happens? First and foremost, the customer. Hackers can use a small bit of information, such as an address, to string together a full profile and in no time, they’re opening a credit card in the victim’s name. Make no mistake, the customer is the real victim, and having personal information stolen can cause years and years of financial distress and agony for the victim.

    Through the eyes of the breached company

    That being said, I want to take a closer look from the perspective of a breached company. The negative impact can spread like wildfire. Here’s a list of possibilities off the top of my head.

  • Increased spending to improve security
  • Lost sales
  • Lost customer base
  • Dramatic stock decline
  • Financial loss from fines
  • Financial loss for retributions
  • Financial loss from lawsuits and legal fees
  • Little is more detrimental to a company than the loss of reputation. An interesting study, The Ponemon Data Breach: Business & Financial Impact Report, collected information from three diverse groups; U.S. Marketers, IT Practitioners and Consumers. All three groups were asked to weigh in on how a company’s reputation and share value can be affected by a data breach. Of chief marketing officers (CMOs) interviewed, 71% believed the biggest cost of a security incident is the loss of reputation and brand value (49% of IT managers said the same). And on the consumer side, 65% of those surveyed said they lost trust in an organization following a data breach and 31% said they discontinued the relationship with the organization.

    Small to medium size companies and the hard recovery

    It is interesting to me how larger, well-known brands seam to fare better than smaller businesses. According to the 2017 Verizon Data Breach Investigations Report, 61% of victims in this year’s assessment were small to medium size business of less than 1,000 employees. Although most of the news centers around massive company hacks such as Target and Home Depot, it’s really smaller businesses that seem to suffer the worst. One breach could financially bankrupt a small business, where a larger TJX or eBay can survive.

    Stock price after a breach

    Another interesting point is a consistent drop in stock price after a breach. Ponemon found breached companies face on average a 5% drop in stock price, but how quickly the stock recovers depends on how the company’s security posture (overall security approach/plan). Companies with better security postures saw stocks price quickly rebound, often within a week. Those with inferior security postures saw stocks take up to 90 days to recover.

    Historically we’ve seen the big, established firms withstand the stock downfall, pay the fees and fines and come out fine on the other side. Companies such as Adobe, Target, eBay, and Home Depot all faced short-term dips in stock price following their breaches, but recovered. For example, the September, 2014 Home Depot breach cost the company around $62 million, but only resulted in a two week drop in stock price. By the end of 2014, the company had quickly bounced back with a 20% increase in earnings for the year.

    Put the cause before the breach

    So that was an interesting look at breaches from the company perspective. It’s worth noting that hackers are getting smarter, faster, and craftier every day. It’s also important to note the major culprit that allows hackers such success is the rusty, outdated, insecure password. Yes, the password. Going back to the Verizon Data Breach Investigation Report,

    80% of hacking-related breaches leveraged either stolen passwords and/or weak or guessable passwords.

    So stay safe out there and remember to use multi-factor authentication.

    View the original press release from Gemalto.

    A One-Two Punch For Multi-Gigabit Network Switches

    Tuesday, November 14th, 2017

    By: Rick Freedman, Sr. Manager, ICX Product Marketing

    Working for a technology vendor, we’re always writing about and selling the very latest technologies. “New” is, after all, exciting! As a consumer though, I’m more cautious and usually wait until technologies mature and prices come down. I won’t be tempted to buy a 4K TV, for example, until the majority of content is 4K and the prices are comparable to today’s HDTVs. I say I’m pragmatic. My wife says I’m an old fogey.

    So who’s right? In reality, there’s no right answer here—it’s all about priorities. If like me, you just want the best bang for your buck right now, 4K can wait. If, however, you have a hard drive with a Terabyte of beautiful 4K video, or you only buy a new TV once per decade, it may make sense to spend more upfront.

    Why am I telling you all this? Because the market for 4K TVs is a lot like the market for multi-gigabit switches. If you’re looking to beef up your access bandwidth, the question isn’t whether high-end multi-gigabit switching is objectively “worth it.” It’s about what matters most to your organisation.

    Expanding Multi-Gigabit Technology… at a Price

    Let’s pause for a second to review: Multi-gigabit arose to accommodate the latest Wi-Fi standards that are capable of aggregating more than 1 Gbps of traffic—exceeding the 1G port limit of most edge switches deployed today. The IEEE ratified the 802.3bz standard last year, and vendors have rushed to crank out switches with multi-gigabit ports. Listen to those vendors, and you’ll hear dire warnings about the avalanche of access traffic coming your way and the urgent need to future-proof your infrastructure.

    However, like those shiny 4K TVs playing plain old HD content, dig a little deeper and you’ll find that most people aren’t actually using that extra capacity yet.

    Most of the multi-gigabit switches now on the market are, in some ways, luxury items. These vendors offer combined 2.5/5/10GbE ports—but only on their top-of-the-line switches. They’re targeting early adopters willing to pay a premium for the latest and greatest tech. That’s a sound choice for some organisations, but do you really “need” that capacity right now? Maybe, maybe not. According to the Dell’Oro Group, while the market for multi-gigabit ports is growing, it will remain a small portion of the total access market for several years.

    At Ruckus, we know that one size definitely does not fit all. So we took a different approach.

    Top-End Multi-Gigabit Switching, for Less than the Competition

    If your organisation really does need top-tier performance—if you’re planning to migrate to new generations of Wi-Fi (such as 802.11ax and beyond), have a very high-density deployment or just want something that you won’t have to touch for another 7-10 years—it makes sense to go big. In that case, Ruckus is very excited to introduce the ICX 7650 Z-Series, our new high-performance switch designed for the most demanding edge and aggregation requirements.

    The ICX 7650 packs the full multi-gigabit punch, supporting 2.5, 5 and up to 10 GbE. It adds the latest power-over-Ethernet (PoE) technology (the IEEE 802.3bt standard, pending ratification) to deliver up to 90 Watts per port and a total PoE budget of 1500 Watts, along with 100 GbE uplinks. Drop it into the densest, most demanding environments and rest easy—it will take on whichever new devices you and your end-users throw at it for the foreseeable future.

    All the Multi-Gigabit Performance You Need, at an Affordable Price

    But what if you’re in the other camp? You want to boost your access bandwidth, but you don’t need top-end speeds, and you’re looking for the best value for your money right now We’ve got you covered there too. Ruckus is the only vendor to offer multi-gigabit ports in an affordable, entry-level switch: the ICX 7150 Z-Series. These switches don’t have quite as much headroom as top-end multi-gigabit switches, maxing out at 2.5 GbE. But access points that exceed 2.5 GbE aren’t even on the market yet. So for the near- and mid-term, you can get ample multi-gigabit speeds at less than half the cost of the competition.

    The Industry’s Only One-Two Punch for Multi-Gigabit Connectivity

    You won’t find these multi-gigabit options from any other vendor. If you want a high-end switch that can get you to 5 or 10 Gbps connectivity, with advanced features and manageability that outperforms the competition (at a better price), the ICX 7650 delivers. But if you’re more focused on getting great value for your money today—while still more than doubling the capacity of current 1G ports—the ICX 7150 can’t be beaten.

    Which way should you go? I can only speak for myself. Like with 4K TVs, I may not be ready now, but other people are. There is a ready and growing market for the latest and greatest TV technology, just as there are organisations that genuinely need and will use high-end multi-gigabit capacity.

    Here’s what I do know: no matter where you live on the spectrum between value-focused and early adopter, there’s a Ruckus multi-gigabit switch that’s the perfect choice for your organisation.

    Learn more about Multi-Gigabit wired and wireless access.

    You’ve Already Been Breached

    Thursday, November 9th, 2017


    Cybercrime is not showing any signs of slowing down, in fact, it’s estimated that the global impact of computer crime and data breaches will exceed $2 trillion by 2020. Criminals breach the networks, steal the data and then offer it for sale on the dark web, and it’s proving to be a profitable business model. Is there any way to prevent a breach? Who are the targets of these criminals?

    Year’s Biggest Breaches

    The year isn’t over yet, but in 2017 has already seen the largest data breaches in history. And it isn’t industry-specific. By far the data breach that gained the most attention and could have the farthest-reaching impacts in the near term was the Equifax breach, where almost 150 million records were stolen, and because of the nature of Equifax’s company, the records contained everything needed to steal users identities.

    Duns and Bradstreet, a company specializing in business information and records, also recorded a significant breach this year when a database containing 33 million customer records was stolen. The database came from a company that Duns and Bradstreet had purchased in a merger and has business information, including contact information and registration numbers, of major businesses.

    Finally, in an ironic twist, Hitachi Payment Solutions was the victim of a data breach where 3 million personal and financial records of customers were stolen. Hitachi also runs a very large managed security services company, so this shows you that nobody is immune.

    How They Get In

    Hackers can get into the network in a variety of ways. The easiest way is through exploiting the human factor by sending phishing emails that have a malware attached.

    Another way the malware gets installed is through watering hole attacks, which are when someone creates a website that is loaded with malicious software and then published content that would appeal to a particular industry, like a finance website with free templates for annual reports. When the user downloads the “free template,” it executes a piece of code that enslaves the computer or worse: installs a keylogger, and all information that the user types in at that point is now being seen by the hacker, including usernames and passwords.

    Aside from software installations, the other way hackers gain access is through stolen credentials. This happens usually from another data breach of a different company, but since users tend to use the same password for all of their sites, it’s a matter of trial and error for hackers to discover credentials.

    How to Protect Yourself

    Protecting yourself from data breaches isn’t as complicated as it would seem. Ensuring that your operating systems and applications have the latest patches applied is a simple, straightforward technique that will protect you against any known exploits.

    Educating users about phishing techniques and password security will go a long way in preventing breaches due to human error. Using a phishing simulator to reinforce that training is a good investment as well.

    Most importantly, an integrated and automated platform like Sentinel One allows you to efficiently manage the security of your endpoints in real time. This platform offers advanced threat intelligence and threat hunting capabilities that protect your entire infrastructure against exploits before they have a chance to impact your data. It also uses the information it gathers from attacks to improve itself in the future, using pattern and heuristic analysis of the malware it encounters.

    An attack on your network is inevitable, but with awareness and protection you can put up a wall large enough to warrant off even the most determined of hackers.

    By SentinelOne – November 8, 2017. View the original post.

    Palo Alto Networks Webinar: A Day in the Life of a Modern Cyber Attack

    Wednesday, November 8th, 2017

    Palo Alto Networks will be running a webinar on the 16th November at 10.30-11.10. They will be investigating and reviewing the lucrative business of exploits, ransomware and the ever-evolving threat landscape.

    Register Now

    The session is being run by Alex Hinchliffe, Threat Intelligence Analyst with Palo Alto Networks® Unit 42 threat intelligence team.

    During this exclusive event, Alex will dive into a real-life scenario of a cyber-attack and analyse who the criminals are and how vulnerable your organisation may be.

    In this webinar, you will get an understanding of:

    • How the lucrative business of cyberattacks is evolving
    • What the new cyber-threats are and how they penetrate your systems
    • Solid prevention strategy to avoid your organisation falling victim to cyber-attacks

    Register Now

     

     

    AV-Comparatives Names SentinelOne an Approved Business Product

    Monday, November 6th, 2017

    New Report from AV-Comparatives Recognizes SentinelOne’s Best-in-Class Approach to Endpoint Security.

    SentinelOne, a pioneer in delivering autonomous AI-powered security for the endpoint, datacenter and cloud, today announced that it has been named an Approved Business Product in an independent test from AV-Comparatives.

    To receive the certification, endpoint protection vendors must achieve a detection rate of 90 percent or higher with no false positives in an extensive Real-World Protection Test, which measures providers’ ability to defend against constantly shifting “in-the-wild” malware attacks. Success in this high-standard test is a testament to the effectiveness of the next-generation approach SentinelOne uses for endpoint security. This approach is quickly displacing legacy antivirus (AV) solutions that can no longer keep up with modern threats and validates the value of using machine learning and dynamic behavioural analysis to combat the advanced strategies that hackers continue to refine.

    “Being named an Approved Business Product validates SentinelOne’s commitment to public testing,” said Nick Warner, Chief Revenue Officer of SentinelOne. “It’s our industry’s duty to provide third-party validated benchmarks so customers can cut through the marketing hype and make better-informed decisions.”

    Given the current security industry talent gap crisis, companies are looking to automated solutions to comprehensively protect their networks without requiring increased manpower. While traditional AV and endpoint protection services require manual updates in order to block new threats, machine learning and automated intelligence on the SentinelOne platform automatically detect malicious behaviour from increasingly sophisticated attacks. By reducing the time security teams spend sifting alerts, organizations using the SentinelOne Endpoint Protection Platform can spend more resources on projects that keep their business safeguarded and operating efficiently.

    It’s important to remember that even with such accolades, customers should always feel empowered to test for themselves to see exactly how a unified EPP and EDR solution can save them precious time and dramatically improve their overall security posture,” said Warner.

    To access the report click here.

    Additional Resources:

    Learn more about SentinelOne’s Endpoint Protection Platform online or read the datasheet.