Trends in the Information Security Industry

Posted by Tom Bain    Jul 11, 2014 12:24:00 PM

CounterTack has been buzzing lately based on our rising position within the endpoint threat detection market. We're in the news more often now, but we also are on the radar of the investment community, who is hot after innovative cyber security companies who are helping global organizations defend their businesses against increasingly persistent attackers and insiders.

There are a number of media outlets taking note of how investors have started to focus more on cybersecurity, like XConomy, who recently referenced CounterTack as having a $5M addition to a funding round. The reality is the larger technology companies simply can't innovate as quickly as smaller, more agile startups, who are tailoring their approach to solve very specific problems leveraging in new ways to get it done. 

As a guest blogger on VentureFizz, a leading news, networking and information site for the technology startup and VC community, I interviewed Mark Spoto, General Manager at Razor's Edge Ventures. Razor's Edge is part of CounterTack's investment syndicate, and he elaborated on what drew him to CounterTack, the challenges he sees organizations trying to solve and the impact that startup innovation is having on the industry. 

Use your introduction as a way to tell the reader how this collection of ideas will help them. Keep it light by including a personal story. If you have any data that you can include relating to your list, include that in your introduction, too.

Read More

Topics: Cyber Security, Sentinel, CounterTack, Gartner Cool Vendor

State of Montana Department of Public Health and Human Services Data Breach

Posted by Tom Bain    Jun 26, 2014 11:30:00 AM

Today the State of Montana Department of Public Health and Human Services issued an announcement  that hackers broke into a server containing sensitive information the state was housing.

It was reported that the breach happened in May, and due to the number of records potentially breached, which they are estimating at 1.3 million.

The fact that they are tracing an attack to a singular server compels me to write not just for the benefit of CounterTack, and not just to say ‘I told you so’ either. But really, its yet another example of how organizations simply do not have a visible way to trace behavior when an attack starts.

Read More

Topics: Breach, Healthcare

CounterTack is Now a Gartner Cool Vendor!

Posted by Tom Bain    May 6, 2014 2:06:00 PM

Its not everyday that you get to say that you have been selected as a Gartner Cool Vendor. But today, for CounterTack, we can! Gartner has selected CounterTack as one of only five featured vendors in the Garnter Cool Vendors for Application and Endpoint Security 2014 report. 

Read More

Topics: cybersecurity, malware analysis, endpoint security, CounterTack, Gartner, Gartner Cool Vendor

What I Learned at InfoSec Europe 2014

Posted by Tom Bain    May 2, 2014 1:45:00 PM

Wrapping up three days at the InfoSec Europe 2014 conference in London today, its clear that the same issues plague European organizations that we also see in North America: detecting advanced and swiftly-moving attacks, mitigating overall security risk and integrating the right tools within a SOC that powers a robust security model.

The threats may be the same, but there are clear differences in mindsets that European companies bring in their perspectives on security.

I learned a few things that I wasn't expecting at this year's conference:

Read More

Topics: InfoSec, InfoSecurity 2014

Big Data from Our Point of View

Posted by Amir Szekely    Apr 8, 2014 2:33:00 PM

The words Big Data get thrown around a lot these days.  Large players in the security space have been using the term to talk about their ability to collect huge amounts of data at scale because of their cloud infrastructures.  This raises concerns for enterprise companies who do not in fact, want to have their critical information assets sent to an off-premise cloud, where they don't control how its stored or secured.

Big_Data_-_small_-_v2

At CounterTack we also talk about Big Data, but unlike the majority of other security organizations, we leverage Big Data technology in a unique way.  Our ability to collect data on behaviors across thousands of endpoints is one way we leverage this Big Data approach.

Where we differentiate ourselves is that all of our data collection is located on-premise, allowing our customers to have complete control over where their information is being stored.  Data storage will continue to be one of the biggest concerns facing the market right now because data never stops coming in.

Here's a quick look behind the curtain at an example of CounterTack's work with Hadoop, where our goal is to consistently push the envelope in terms of improving speed and performance of our CounterTack Sentinel endpoint threat detection and response platform. There are many processes that we implement, and many challenges we solve daily - some big and some small. Here's an interesting issue I came across that I wanted to share.

I had a problem where HDFS would fill up really fast on my small test cluster. Using hdfs dfs -du I was able to track it down to the MapReduce staging directory under /user/root/.staging. For some reason, it wasn’t always deleting some old job directories. I wasn’t sure why this kept happening on multiple clusters, but I had to come up with a quick workaround.

I created a small Python script that lists all staging directories and removes any of them not belonging to a currently running job. The script runs from cron and I can now use my cluster without worrying it’s going to run out of space.

This script is pretty slow and it’s probably possible to make it way faster with Snakebite or even some Java code. That being said, for daily or even hourly clean-up, this script is good enough.

Read More

True Analytics with Context Are a Game-Changer in Security

Posted by Tom Bain    Apr 1, 2014 2:44:00 PM

Analytics are an incredibly powerful source of information that can help teams drill down into often obscure or hard-to-analyze information, and make sense of data they wouldn’t normally have collected and organized. 

In security, its becoming more important to manage information so teams can review, digest and react to prioritized data sets that might map to areas of expertise across the team, certain types of attacks or even responsibilities such as network vs. applications. 

Read More

Topics: APT

RSA 2014: Looking for True Innovation in Endpoint Security?

Posted by Tom Bain    Feb 25, 2014 12:58:00 PM

RSA is here. It’s all about the latest and greatest security technologies, big personalities, networking, education. But really, it’s about opportunity and innovation.

Global attackers have afforded us that opportunity, and have put organizations in such a state of continuous compromise that now more than ever, it’s time for companies to re-think traditional security models.

Read More

Topics: cybersecurity, Sentinel, endpoint security, CounterTack, threat detection

Show Us the Way CryptoLocker!

Posted by Sean Bodmer    Nov 22, 2013 3:38:00 PM

Ransomware is a class of crimeware that locks down an infected system by preventing user’s access to their data stored locally or via accessible shared network drives. Access is only sometimes restored to the victim after a sum of money is transferred to a digitally remote blackmailer.

CryptoLocker is one of the latest variants in this family surfacing over the last few months has recently made some noise across the industry. Ransomware is one of the busiest (and most annoying) threats of 2013, and is experiencing another comeback tour so we decided it’s time to take a peek under the hood of the latest variant’s campaign to see what the author team is up to as of late and how different is the actual threat compared to the evasion techniques.

Read More

Topics: Cyber Crime, Cyber Security, malware, Cyber Attack, APT, cybersecurity, malware infection, malware analysis, Scout, Sentinel, endpoint security, CounterTack, Breaches, Zero-day Attack, in-progress attacks, Sean Bodmer

You Don't Need to Break Your Toys Because They 'Don't Work'

Posted by Tom Bain    Jul 12, 2013 10:26:00 AM

Sometimes you can equate certain situations to others, i.e., actions you may take in your professional life might mimic actions you took as a child. 

Read More

Topics: cybersecurity, Tom Bain, malware infection, malware analysis, Scout, Sentinel, automated security intelligence, automated security, endpoint security, CounterTack

Reducing 'Attack Dwell Time' is Critical in Limiting an Attacker's Effectiveness

Posted by Jim Ishikawa    May 24, 2013 9:54:00 AM

Last week, the New York Times reported that just three months after hackers working for the Chinese People’s Liberation Army went dark, they’re back at it again, targeting countless American companies and government agencies. The group is responsible for many high profile breaches – from Coca-Cola to RSA to Lockheed Martin.  While many of us were not surprised by this recent resurgence of attacks, it is very troubling to note that “the victims were many of the same ones the unit had attacked before.”

So they’re back in.  What’s the problem?  I don’t think it’s for lack of trying.  Certainly among our enterprise customers, everyone is heavily invested in the latest advanced threat tools and sophisticated security analysis and incident response teams.  And I don’t think it’s because the Chinese have better attack tools. Our research indicates that their weapons are generally no more (or less) sophisticated than those of other criminal enterprises around the world. 

Read More

Topics: cybersecurity, Dwell time, threat detection

Blog covers topics related to detecting and monitoring in-progress cyber attacks for IT security operations teams.

Subscribe to Email Updates