The Thin Line Between the Insider and the Outsider

Posted by Nenad Kreculj    May 18, 2015 10:57:17 AM

Two very recent defining events are helping the industry see the bigger picture of the state of cybersecurity: the Verizon Business’ DBIR report and the RSA conference. Both the report and the conference reinforce the fact that cybersecurity has now reached boardroom level.

This year, yet again, one common denominator between the two was the message that organizations now do understand that being attacked is not a matter of “if” but “when”1. That awakening is good news.

Read More

Topics: endpoint security, RSA Conference 2015, Verizon DBIR Report

Detecting and Remediating Against File Distribution Attacks

Posted by Kirby Kuehl    May 5, 2015 3:23:54 PM

Enterprise teams have varying means to some degree, of how they “see” attacks. There is often incongruence between what events they can detect, what their intelligence means, and the potential impact of an attack. 

At CounterTack, we are developing new technologies to help customers better detect and understand their threat tolerance. We are innovating methods to help customers improve security response by contextualizing threat impact into actionable intelligence.

Read More

Topics: cybersecurity, Sentinel, CounterTack, EDR, endpoint detection and response, Shamoon, file distribution attacks, Kirby Kuehl, cyber attacks

The Next Generation Endpoint Is Truly Here

Posted by Tom Bain    Apr 27, 2015 10:09:00 PM

The RSA Conference was an interesting experience, particularly for those in the endpoint security market, or those attempting to break into this emerging market. It seems everyone at this point has some type of endpoint play, regardless of their technology heritage, or prior security focus.

It was at the America’s Growth Capital conference, a simultaneous gathering of investors and security types, that perhaps one of the more interesting panels took place, albeit, the final panel session of the day. With 1 billion endpoints in need of help, its clear this is the hottest market across the broadening security industry. 

Read More

Topics: Cyber Attack, APT, cybersecurity, Tom Bain, Sentinel, endpoint security, CounterTack, Breaches, Zero-day Attack, Neal Creighton, data breach, Big Data Security, EDR, Big Data EDR, RSA Conference 2015, endpoint detection and response, AGC

Endpoint Security Makes Quantum Shift: Part IV - Resolution

Posted by Michael Davis    Mar 18, 2015 12:00:00 PM

Process Matters

Gartner has been the most vocal about the need for a process shift, advocating what it calls an “adaptive security architecture.” The idea is to balance efforts among attempting to predict when a breach will occur, prevent­ing the ones you can, detecting what a suc­cessful attacker has done on the endpoint, and ultimately responding to the attack in some way. You need to be doing all of these, all the time, with a variety of technologies, so you can respond appropriately.

“How you protect yourself from a shotgun blast is very different than how you protect yourself from a sniper’s bullet,” says Neal Mac­Donald, VP distinguished analyst at Gartner.

Let’s look at a real-world example of why you need change now, before you get stuck in the quicksand of a disastrous endpoint breach your prevention tools missed.

Read More

Topics: Cyber Security, endpoint security

Endpoint Security Makes Quantum Shift: Part III - Not Just for Ops

Posted by Michael Davis    Mar 12, 2015 11:00:00 AM

The SANS study asked respondents what percentage of their incident response pro­cesses are automated through the use of purpose-built tools for remediation workflow. Just 16% automate more than 51% of inci­dent response tasks. No wonder attackers go undetected for months or even years. And, no wonder we can’t deliver even the most fundamental answers to what happened in a breach.

Automation tends to spook IT profession­als. But you should be more afraid of what happens without it. We discuss automation in depth in our 2014 DevOps Survey report. DevOps is all about automation, and it can be a boon for security. It opens up architectural discussions and forces entrenched IT constit­uencies into a mature process, getting people to trust in repeatable and reliable automated processes.

Read More

Topics: Cyber Attack, endpoint security

Endpoint Security Makes Quantum Shift: Part II - Up The Stack

Posted by Michael Davis    Mar 6, 2015 9:00:00 AM

Given the endless game of whack-a-mole that is IT security, it makes sense that, as anti-virus effectiveness waned, security software vendors moved to network-level prevention. The idea: We won’t need to scramble to keep malware off endpoints if we can block the exploit or malware at the email server or web gateway.

From network-based anomaly detection to advanced sandboxing, these tools flooded the market and worked great — for a while. As they always do, attackers adjusted, adding new techniques, such as encryption and fast-flux DNS. It is an arms race, after all. Some attackers started to obscure their exploits, hiding in plain sight by blending with innocuous network traffic. Others simply stopped aiming at the network. No network traffic means no results from network detection tools.effectiveness waned, security software vendors moved to network-level prevention. The idea: We won’t need to scramble to keep malware off endpoints if we can block the exploit or malware at the email server or web gateway.

Read More

Topics: endpoint security

Endpoint Security Makes Quantum Shift: Part I

Posted by Michael Davis    Feb 24, 2015 12:17:50 PM

Rest in peace, antivirus tools. You had a good run for a security technol­ogy — 1987 to 2014.

In case you missed it, in May, Sy­mantec called time of death for antivirus software. It did so not because AV technologies suddenly became less effective. Rather, the company finally acknowledged that it’s not a matter of if, but when, an orga­nization will be targeted and that antivirus products will stop only some attacks. Plenty of security bloggers and pundits reacted with glee, given that antivirus software reportedly represents 40% of Symantec’s revenue.

Read More

Topics: endpoint security

Intelligent Algorithms and Feature Design

Posted by Yan Glina    Jan 27, 2015 2:16:45 PM

If you live and breathe at the intersection of Cyber Security and Data Science, you have probably seen Alexandre Pinto’s DefCon22 talk, #SecureBecauseMath (https://www.youtube.com/watch?v=TYVCVzEJhhQ).  In this talk, Alex makes great points regarding some blatantly poor yet commonplace practices. #MathIsAwesome, but pushing not-quite-real science by overeager marketing departments, or being an overly receptive, starry-eyed audience waiting for pronouncements from the next super-genius, are still problems.  Alex also alludes to some things that are of immediate consequence to algorithms and Machine Learning researchers operating in the security space.  For example, Feature Design.

Read More

Topics: Cyber Security, data science, feature design

The Era of Big Data EDR

Posted by Nate Buell    Jan 13, 2015 10:00:00 AM

Looking ahead to 2015 in cybersecurity, it really is vital to understand how the threat environment impacted organizations through exploits and breaches in 2014.

Toward the tail-end of the year it seemed like there was a new, major data leak or cyberattack in the headlines every week.  There was no pattern, no single industry targeted (no pun intended) and no actions taken to punish those involved, even if the attribution was defined and accurate, and there was a definitive perpetrator or organization to charge in the criminal act. (http://www.justice.gov/opa/pr/us-charges-five-chinese-military-hackers-cyber-espionage-against-us-corporations-and-labor)

Is there knowledge that can be gained from the cyberattacks of 2014? Yes. There's certainly a large amount of information that can be applied from the numerous hacks and breaches to understand trends and techniques, but the most important lesson to be learned from this past year may just be the fact that enterprise organizations are heading towards a new approach to endpoint security – Big Data Endpoint Detection and Response (EDR). 

Read More

Topics: Big Data Security, Big Data Analytics, EDR, Big Data EDR

Don't Look Back in Anger: Make Security a Priority in 2015

Posted by Tom Bain    Jan 7, 2015 3:43:58 PM

It’s typical at this time of year to look back at the previous years’ data breaches and high-profile exploits, and say things got worse. However in 2014, things really did get worse from the standpoint of damage to some of the biggest organizations globally.

From the direct impact on enterprises to the direct impact on consumers in the wake of retail industry breaches. From the indirect impact on businesses like wasted time cycles, downtime and mis-allocated resources, to indirect overall impact felt by consumers - like NOT making purchases at specific retail stores or websites, or perhaps NOT investing money or doing business with financial organizations based on a security breach - we all felt the pain.

We've seen enormous swings financially, and in confidence of organizations, attributed to this year's attacks. But it’s not really just about the attacks. They are going to happen. I'd argue that its more about the nexus of forces around the way organizations and employees are computing, and the devices that are used (endpoints) for multiple purposes within the corporate network.

Read More

Topics: Cyber Security, data breach

Blog covers topics related to detecting and monitoring in-progress cyber attacks for IT security operations teams.

Subscribe to Email Updates

2014 Gartner Cool Vendor Report

451 Report CTA

Posts by Topic

see all