endpoint security: amplified

Final-Connect-Image.jpg

CryptoLocker: What's Old is New Again (in cyber years)

It’s been a few years since we have seen CryptoLocker on a regular basis, but now it seems to be making its rounds again via a new spam campaign. The new CryptoLocker variant has been around for many years, and has evolved over that time.

CryptoLocker used to be very popular back when the Zeus botnet was making its rounds. The way it worked was once a computer was infected with the Zeus malware, it would be used to push the CryptoLocker ransomware onto the machine.

Read More

Topics: malware analysis, endpoint security, CounterTack, EDR, endpoint detection and response, Ransomware, endpoint software, threat scan, ETP, CryptoLOcker, enterprise security, threat hunting, malware detection, Endpoint Threat Platform, Micah Graf, endpoint security solution, memory analysis

The Tall Tale of Endpoint Security: How Do We get from Nice-to-Have to Need-to-Have

After spending two days at the Gartner Security & Risk Summit in DC this week, a few very interesting topics stood out. (I’ll post more on specific talks from the events later)

First, as if RSA and InfoSec Europe weren’t enough to prove this, its clear that easily 50% of cybersecurity vendors are starting to tell an endpoint story - whether they can actually collect valuable, actionable system-level data or not – they are saying they can.

Read More

Topics: endpoint security, Gartner Security and Risk Management Summit 2015, threat detection and response

Attacker Lateral Movement: Visualize Infiltration and Treat as Behaviors

In the game of whack-a-mole, the player’s objective is to hit a target that keeps popping up in different places. It’s a fun game that exercises one’s reflexes and motor skills.

Unfortunately, similar games are played every day in security operation centers across many organizations, irrespective of their size (which is not fun). What makes it hard for the incident responders is the movement of the adversary – hopping from one endpoint to another, from one workstation to another. This is called lateral movement. There are many reasons why attackers move laterally – they do so to establish another persistence point in the network (the so-called “beachhead”), to steal data from a server, and sometimes to prepare the workstation for the next phase of attack (network enumeration or credentials stealing, for example).

Read More

Topics: endpoint security, endpoint security solutions

The Thin Line Between the Insider and the Outsider

Two very recent defining events are helping the industry see the bigger picture of the state of cybersecurity: the Verizon Business’ DBIR report and the RSA conference. Both the report and the conference reinforce the fact that cybersecurity has now reached boardroom level.

This year, yet again, one common denominator between the two was the message that organizations now do understand that being attacked is not a matter of “if” but “when”1. That awakening is good news.

Read More

Topics: endpoint security, RSA Conference 2015, Verizon DBIR Report

The Next Generation Endpoint Is Truly Here

The RSA Conference was an interesting experience, particularly for those in the endpoint security market, or those attempting to break into this emerging market. It seems everyone at this point has some type of endpoint play, regardless of their technology heritage, or prior security focus.

It was at the America’s Growth Capital conference, a simultaneous gathering of investors and security types, that perhaps one of the more interesting panels took place, albeit, the final panel session of the day. With 1 billion endpoints in need of help, its clear this is the hottest market across the broadening security industry. 

Read More

Topics: Cyber Attack, APT, cybersecurity, Tom Bain, Sentinel, endpoint security, CounterTack, Breaches, Zero-day Attack, Neal Creighton, data breach, Big Data Security, EDR, Big Data EDR, RSA Conference 2015, endpoint detection and response, AGC

Endpoint Security Makes Quantum Shift: Part IV - Resolution

Process Matters

Gartner has been the most vocal about the need for a process shift, advocating what it calls an “adaptive security architecture.” The idea is to balance efforts among attempting to predict when a breach will occur, prevent­ing the ones you can, detecting what a suc­cessful attacker has done on the endpoint, and ultimately responding to the attack in some way. You need to be doing all of these, all the time, with a variety of technologies, so you can respond appropriately.

“How you protect yourself from a shotgun blast is very different than how you protect yourself from a sniper’s bullet,” says Neal Mac­Donald, VP distinguished analyst at Gartner.

Let’s look at a real-world example of why you need change now, before you get stuck in the quicksand of a disastrous endpoint breach your prevention tools missed.

Read More

Topics: Cyber Security, endpoint security

Endpoint Security Makes Quantum Shift: Part III - Not Just for Ops

The SANS study asked respondents what percentage of their incident response pro­cesses are automated through the use of purpose-built tools for remediation workflow. Just 16% automate more than 51% of inci­dent response tasks. No wonder attackers go undetected for months or even years. And, no wonder we can’t deliver even the most fundamental answers to what happened in a breach.

Automation tends to spook IT profession­als. But you should be more afraid of what happens without it. We discuss automation in depth in our 2014 DevOps Survey report. DevOps is all about automation, and it can be a boon for security. It opens up architectural discussions and forces entrenched IT constit­uencies into a mature process, getting people to trust in repeatable and reliable automated processes.

Read More

Topics: Cyber Attack, endpoint security

Endpoint Security Makes Quantum Shift: Part II - Up The Stack

Given the endless game of whack-a-mole that is IT security, it makes sense that, as anti-virus effectiveness waned, security software vendors moved to network-level prevention. The idea: We won’t need to scramble to keep malware off endpoints if we can block the exploit or malware at the email server or web gateway.

From network-based anomaly detection to advanced sandboxing, these tools flooded the market and worked great — for a while. As they always do, attackers adjusted, adding new techniques, such as encryption and fast-flux DNS. It is an arms race, after all. Some attackers started to obscure their exploits, hiding in plain sight by blending with innocuous network traffic. Others simply stopped aiming at the network. No network traffic means no results from network detection tools.effectiveness waned, security software vendors moved to network-level prevention. The idea: We won’t need to scramble to keep malware off endpoints if we can block the exploit or malware at the email server or web gateway.

Read More

Topics: endpoint security

Endpoint Security Makes Quantum Shift: Part I

Rest in peace, antivirus tools. You had a good run for a security technol­ogy — 1987 to 2014.

In case you missed it, in May, Sy­mantec called time of death for antivirus software. It did so not because AV technologies suddenly became less effective. Rather, the company finally acknowledged that it’s not a matter of if, but when, an orga­nization will be targeted and that antivirus products will stop only some attacks. Plenty of security bloggers and pundits reacted with glee, given that antivirus software reportedly represents 40% of Symantec’s revenue.

Read More

Topics: endpoint security

“The Internet of Things” – Security Vulnerabilities Can Cause Bodily Harm?

We may have hit a ‘data breach fatigue’ saturation point across the market as of late, but there were a few other security vulnerability stories swirling this past week that seemed to deviate from the standard reports.

DHS is actually probing a number of medical device manufacturers to see if there are legitimate cybersecurity vulnerabilities in a number of pumps and implantable heart devices.

One thing that comes to mind with respect medical devices with internet connectivity, is that devices, like any other technology, have evolved. Medical devices are now programmable, configurable and are more advanced to accommodate so many patient conditions, complete with automation, data collection and storage requirements.

Read More

Topics: Cyber Security, endpoint security

Subscribe to Email Updates

Posts by Topic

see all