Cyber Resiliency is a Message That Resonates

Posted by Tom Bain    Sep 17, 2014 7:50:40 PM

I've been attending the Inbound Conference, hosted by HubSpot this week, to brush up on a few things in my discipline (Marketing). Speakers present new Marketing strategies, and mainly inspiration for Marketers to find truly different ways to communicate to audiences. Every session focuses on specific tactics, like blogging or email or telling better stories.

Read More

Topics: Cyber Crime, Cyber Defense, Cyber Security, Cyber Attack, APT, cybersecurity, Tom Bain, Sentinel, endpoint security, CounterTack, threat detection, Zero-day Attack, Security Intelligence, Breach, Gartner Cool Vendor

Endpoint + Network Detection: Better Together

Posted by Michael Davis    Sep 5, 2014 6:00:00 PM

Defense in Depth is touted in the security industry daily. Every engineer learns about the concept in university and countless whitepapers will expound that it can save your butt when an attack occurs.

Read More

Topics: cybersecurity, Sentinel, endpoint security, Gartner Cool Vendor, endpoint security integration

Understand Your Data and Don't Wait Until After You Are Breached

Posted by Tom Bain    Aug 19, 2014 9:47:00 AM

Another day, another data breach. I'd like to offer two opinions with respect to breaches we read about regularly.

1) Its really not about the data with some data breaches - its about the money.

2) Why is it that so many organizations don't take a proactive, continuous stance in protecting their assets? You don't have to wait for a post-breach forensics investigation to understand what went wrong. 

It was reported late yesterday that Community Health Systems experienced a data breach that impacted 4.5M customers across potentially 28 states. This attack is in fact interesting, given that the same attackers have been attributed to pilfering trade secrets within the healthcare industry in successfully executed hacks previously. It looks like by all accounts, the attackers used some targeted malware to break into Community Health Systems to steal patient data and not exactly IP that ultimately may get sold to China.

Read More

Trends in the Information Security Industry

Posted by Tom Bain    Jul 11, 2014 12:24:00 PM

CounterTack has been buzzing lately based on our rising position within the endpoint threat detection market. We're in the news more often now, but we also are on the radar of the investment community, who is hot after innovative cyber security companies who are helping global organizations defend their businesses against increasingly persistent attackers and insiders.

There are a number of media outlets taking note of how investors have started to focus more on cybersecurity, like XConomy, who recently referenced CounterTack as having a $5M addition to a funding round. The reality is the larger technology companies simply can't innovate as quickly as smaller, more agile startups, who are tailoring their approach to solve very specific problems leveraging in new ways to get it done. 

As a guest blogger on VentureFizz, a leading news, networking and information site for the technology startup and VC community, I interviewed Mark Spoto, General Manager at Razor's Edge Ventures. Razor's Edge is part of CounterTack's investment syndicate, and he elaborated on what drew him to CounterTack, the challenges he sees organizations trying to solve and the impact that startup innovation is having on the industry. 

Read More

Topics: Cyber Security, Sentinel, CounterTack, Gartner Cool Vendor

State of Montana Department of Public Health and Human Services Data Breach

Posted by Tom Bain    Jun 26, 2014 11:30:00 AM

Today the State of Montana Department of Public Health and Human Services issued an announcement  that hackers broke into a server containing sensitive information the state was housing.

It was reported that the breach happened in May, and due to the number of records potentially breached, which they are estimating at 1.3 million.

The fact that they are tracing an attack to a singular server compels me to write not just for the benefit of CounterTack, and not just to say ‘I told you so’ either. But really, its yet another example of how organizations simply do not have a visible way to trace behavior when an attack starts.

Read More

Topics: Breach, Healthcare

CounterTack is Now a Gartner Cool Vendor!

Posted by Tom Bain    May 6, 2014 2:06:00 PM

Its not everyday that you get to say that you have been selected as a Gartner Cool Vendor. But today, for CounterTack, we can! Gartner has selected CounterTack as one of only five featured vendors in the Garnter Cool Vendors for Application and Endpoint Security 2014 report. 

Read More

Topics: cybersecurity, malware analysis, endpoint security, CounterTack, Gartner, Gartner Cool Vendor

What I Learned at InfoSec Europe 2014

Posted by Tom Bain    May 2, 2014 1:45:00 PM

Wrapping up three days at the InfoSec Europe 2014 conference in London today, its clear that the same issues plague European organizations that we also see in North America: detecting advanced and swiftly-moving attacks, mitigating overall security risk and integrating the right tools within a SOC that powers a robust security model.

The threats may be the same, but there are clear differences in mindsets that European companies bring in their perspectives on security.

I learned a few things that I wasn't expecting at this year's conference:

Read More

Topics: InfoSec, InfoSecurity 2014

Big Data from Our Point of View

Posted by Amir Szekely    Apr 8, 2014 2:33:00 PM

The words Big Data get thrown around a lot these days.  Large players in the security space have been using the term to talk about their ability to collect huge amounts of data at scale because of their cloud infrastructures.  This raises concerns for enterprise companies who do not in fact, want to have their critical information assets sent to an off-premise cloud, where they don't control how its stored or secured.


At CounterTack we also talk about Big Data, but unlike the majority of other security organizations, we leverage Big Data technology in a unique way.  Our ability to collect data on behaviors across thousands of endpoints is one way we leverage this Big Data approach.

Where we differentiate ourselves is that all of our data collection is located on-premise, allowing our customers to have complete control over where their information is being stored.  Data storage will continue to be one of the biggest concerns facing the market right now because data never stops coming in.

Here's a quick look behind the curtain at an example of CounterTack's work with Hadoop, where our goal is to consistently push the envelope in terms of improving speed and performance of our CounterTack Sentinel endpoint threat detection and response platform. There are many processes that we implement, and many challenges we solve daily - some big and some small. Here's an interesting issue I came across that I wanted to share.

I had a problem where HDFS would fill up really fast on my small test cluster. Using hdfs dfs -du I was able to track it down to the MapReduce staging directory under /user/root/.staging. For some reason, it wasn’t always deleting some old job directories. I wasn’t sure why this kept happening on multiple clusters, but I had to come up with a quick workaround.

I created a small Python script that lists all staging directories and removes any of them not belonging to a currently running job. The script runs from cron and I can now use my cluster without worrying it’s going to run out of space.

This script is pretty slow and it’s probably possible to make it way faster with Snakebite or even some Java code. That being said, for daily or even hourly clean-up, this script is good enough.

Read More

True Analytics with Context Are a Game-Changer in Security

Posted by Tom Bain    Apr 1, 2014 2:44:00 PM

Analytics are an incredibly powerful source of information that can help teams drill down into often obscure or hard-to-analyze information, and make sense of data they wouldn’t normally have collected and organized. 

In security, its becoming more important to manage information so teams can review, digest and react to prioritized data sets that might map to areas of expertise across the team, certain types of attacks or even responsibilities such as network vs. applications. 

Read More

Topics: APT

RSA 2014: Looking for True Innovation in Endpoint Security?

Posted by Tom Bain    Feb 25, 2014 12:58:00 PM

RSA is here. It’s all about the latest and greatest security technologies, big personalities, networking, education. But really, it’s about opportunity and innovation.

Global attackers have afforded us that opportunity, and have put organizations in such a state of continuous compromise that now more than ever, it’s time for companies to re-think traditional security models.

Read More

Topics: cybersecurity, Sentinel, endpoint security, CounterTack, threat detection

Blog covers topics related to detecting and monitoring in-progress cyber attacks for IT security operations teams.

Subscribe to Email Updates