NEWS

news-header.jpg

Cost of Cybersecurity: The Disaster That is a Long-Term Breach

Jeff Peters of HackSurfer reports on the Cost of Cybersecurity: The Disaster That is a Long-Term Breach. Sean Bodmer, chief researcher at CounterTack says
“Their biggest concern is the dwell time, detecting the threat soon enough before it has time to propagate across the network, establish more of a beachhead, additional resilient points,” said Sean Bodmer, chief researcher, counter-exploit intelligence at CounterTack. “That period of catching the threat soon enough before it has time to dwell, that is one of the biggest things they all talk about.” - See more at: http://hacksurfer.com/amplifications/99#sthash.KcGE3LEh.dpuf
“Their biggest concern is the dwell time, detecting the threat soon enough before it has time to propagate across the network, establish more of a beachhead, additional resilient points,” said Sean Bodmer, chief researcher, counter-exploit intelligence at CounterTack. “That period of catching the threat soon enough before it has time to dwell, that is one of the biggest things they all talk about.” - See more at: http://hacksurfer.com/amplifications/99#sthash.KcGE3LEh.dpuf
“Their biggest concern is the dwell time, detecting the threat soon enough before it has time to propagate across the network, establish more of a beachhead, additional resilient points,” said Sean Bodmer, chief researcher, counter-exploit intelligence at CounterTack. “That period of catching the threat soon enough before it has time to dwell, that is one of the biggest things they all talk about.” - See more at: http://hacksurfer.com/amplifications/99#sthash.KcGE3LEh.dpuf
“Their biggest concern is the dwell time, detecting the threat soon enough before it has time to propagate across the network, establish more of a beachhead, additional resilient points,” said Sean Bodmer, chief researcher, counter-exploit intelligence at CounterTack. “That period of catching the threat soon enough before it has time to dwell, that is one of the biggest things they all talk about.” - See more at: http://hacksurfer.com/amplifications/99#sthash.KcGE3LEh.dpuf
the "biggest concern is dwell time, detecting the threat soon enough before it has time to propagate across the network, establish more of a beachhead, additional resilient points. That period of catching the threat soon enough before it has time to dwell, that is one of the biggest things they all talk about."

SCADA Security: No One Wants to Start a War, But They Could

HackSurfer logo"Instead of fixing all their software problems, they're just trying to layer in security in the middle," said Sean Bodmer, chief researcher at CounterTack, in this article by Jeff Peters on HackSurfer: SCADA Security: No One Wants to Start a War, But They Could. Bodmer continues, "Some of these programs and some of these turbines are still running on Windows 98 believe it or not. I saw one a year and a half ago out in Washington state. The cost of these SCADA companies, energy companies, to actually turn off those turbines and do the software upgrade from Windows 98, in 2012 – the last year that I saw it – it costs them so much money they’d rather just wait until it crashes before actually stopping the turbine. It costs millions of dollars to stop and clean and get back going and the load balancing.”

Carberp Source Code Leak Likely To Spawn Malware Variants, Innovation

In Brian Prince's coverage of the Carberp source code leak on Dark Reading, Carberp Source Code Leak Likely To Spawn Malware Variants, Innovation, CounterTack Chief Researcher Sean Bodmer weighs in. Bodmer says "not only was the Carberp code revealed in that .rar, there was also a large amount of Russian banking application code for the BSS thick client, likely exfiltrated from that organization directly. Additionally, there are many other source compilations from bootkit techniques to anti-AV modules, which quickly become a security researcher's goldmine."

Experts Weigh In: Cybersecurity trends 2-3 years down the road?

Jeff Peters asks several security experts "what stands out when you think of cybersecurity 2-3 years down the road?" in this article on HackSurfer: Experts Weigh In: Cybersecurity trends 2-3 years down the road?CounterTack Chief Researcher Sean Bodmer says
“I believe Wi-Fi and wireless in and of itself is going to be one of the biggest problems that we’re going to have to deal with, especially if the FCC implements [it's plan to relieve crowed Wi-Fi networks] across the nation. It’s going to open up so no matter where you are your device can be reached, you can be tracked, and we already have the problems now with cellular tracking. That was a big thing at DEFCON and Black Hat a couple years ago. Well, when they open up all of these phones to Wi-Fi and everyone is walking around with an IP address and driving around with an IP address or jogging around with an IP address, there are a whole bunch of privacy and security concerns.” - See more at: http://hacksurfer.com/amplifications/69#sthash.RP5bOFaY.dpuf
"
“I believe Wi-Fi and wireless in and of itself is going to be one of the biggest problems that we’re going to have to deal with, especially if the FCC implements [it's plan to relieve crowed Wi-Fi networks] across the nation. It’s going to open up so no matter where you are your device can be reached, you can be tracked, and we already have the problems now with cellular tracking. That was a big thing at DEFCON and Black Hat a couple years ago. Well, when they open up all of these phones to Wi-Fi and everyone is walking around with an IP address and driving around with an IP address or jogging around with an IP address, there are a whole bunch of privacy and security concerns.” - See more at: http://hacksurfer.com/amplifications/69#sthash.RP5bOFaY.dpuf
“I believe Wi-Fi and wireless in and of itself is going to be one of the biggest problems that we’re going to have to deal with, especially if the FCC implements [it's plan to relieve crowed Wi-Fi networks] across the nation. It’s going to open up so no matter where you are your device can be reached, you can be tracked, and we already have the problems now with cellular tracking. That was a big thing at DEFCON and Black Hat a couple years ago. Well, when they open up all of these phones to Wi-Fi and everyone is walking around with an IP address and driving around with an IP address or jogging around with an IP address, there are a whole bunch of privacy and security concerns.” - See more at: http://hacksurfer.com/amplifications/69#sthash.RP5bOFaY.dpuf
I believe Wi-Fi and wireless in and of itself is going to be one of the biggest problems that we're going to have to deal with, especially if the FCC implements [its plan to relieve crowed Wi-Fi networks] across the nation. It's going to open up so no matter where you are your device can be reached, you can be tracked, and we already have the problems now with cellular tracking. That was a big thing at DEFCON and Black Hat a couple years ago. Well, when they open up all of these phones to Wi-Fi and everyone is walking around with an IP address and driving around with an IP address and jogging around with an IP address, there are a whole bunch of privacy and security concerns."

Pesky Bug Drags Facebook Shadow Profiles Into the Spotlight

In Richard Adhikari's coverage of Facebook shadow profiles in TechNewsWorld, Pesky Bug Drags Facebook Shadow Profiles Into the Spotlight, CounterTack Chief Researcher Sean Bodmer offers his expert insight. Finding secret shadow files among the data that seem to be analyzed and correlated data points of every user ranging from their real-life details to private information input by members "is shocking, although not surprising," Bodmer says.

Facebook Security Glitch Exposes Millions of Users' Data

Chief Researcher for CounterTack, Sean Bodmer, provides commentary in Jennifer LeClaire's article in Newsfactor, Facebook Security Glitch Exposes Millions of Users' Data, on the recent Facebook security glitch exposing millions of users' data.

CounterTack Bolsters Active Defense Strategy with Scout Knowledge Library 1.0

 Comprehensive Collection of Stateful Compromise Indicators Powers Scout Analytics Engine to Better Understand and Counter Advanced Threats

WALTHAM, Mass. (June 24, 2013)CounterTack, the industry’s first and only provider of in-progress cyber attack intelligence and response solutions, today introduced the Scout Knowledge Library, a robust collection of stateful compromise indicators (SCIs) that correlate behavioral and technical characteristics of advanced threats to provide organizations with rich attack intelligence through conclusive attack evidence.

 With the recent release of Scout 4, CounterTack is taking a dramatically different approach to endpoint protection, providing unprecedented visibility into attackers through its patented Deep System Inspection (DSI) technology. CounterTack enables organizations to detect previously undetectable advanced threats and attacks that most other solutions miss.

 The Scout Knowledge Library is a compilation of SCIs, attack and malware profiles and conditions. Collectively, they serve as the intelligence foundation of Scout’s powerful analytics engine, enabling customers to quickly classify malware and malicious activity based on correlated actions exhibited by the attack.

 “CounterTack’s Scout Knowledge Library gives organizations the ability to quickly and accurately determine the scope of an attack by understanding what type of malware is launched, and what type of process it follows,” said Neal Creighton, CEO, CounterTack. “Correlating malware characteristics through Scout helps enterprises react with confidence to attacks, shortening the gap from detection to intelligence to response, by giving them the ability to know precisely what will happen relative to that specific malware, bot, trojan or condition identified.”

 Based on the breadth of Scout’s real-time monitoring of historical attacker behavior and malware processes, the Scout Knowledge Library’s SCIs can help rapidly classify attacks and provide intelligence on specific tools and techniques associated with threats both known and unknown. These classifications are integrated into Scout 4, where the threat and attack profiles are correlated with attack activity in real-time.

 “CounterTack’s unique approach is to shorten the cycle to remediation for customers impacted by sophisticated threats and persistent malware campaigns,” said Sean Bodmer, chief researcher, CounterTack. “Through our library, we provide the capability to correlate key events and characteristics of malware. A single SCI can detect millions of variants of Zeus, like Ice9 or Citadel, but what matters most are the key characteristics and the modular functionalities of the malware. For example, knowing whether the malware is configured with Remote Desktop Protocol (RDP), Webinjects (secure form login stealer), DDOS, FormGrabbers, or JabberUpdater can help customers quickly identify the motive, intent and capability of a threat — so they react appropriately.”

 In the event that a critical endpoint is compromised, Scout’s real-time analysis identifies files, processes and network activity the attacker is targeting at the OS level on production systems. That behavior is then correlated with indicators in the Knowledge Library to provide conclusive intelligence about the attack.

 The Scout Knowledge Library will be sold as part of base Scout deployments, and updates will be available as part of a subscription model.

 About CounterTack

CounterTack, the industry’s first and only in-progress attack intelligence and response solution provider, was born out of the critical need to develop new security approaches for enterprise and government organizations. The detection gap persists despite massive investments and continuing advancements in security technologies, with cyber attacker innovation outpacing cyber defenses. CounterTack is leading the way on new approaches for deeper security intelligence monitoring and faster attack response.

 To learn more, visit www.countertack.com.  

###

CounterTack Partners with rSolutions to Help Companies Dramatically Improve Attack Detection and Counter Targeted Enterprise Threats

CounterTack Scout to Provide Enhanced Visibility to Help Reduce Attacker ‘Dwell Time’

WALTHAM, Mass. (June 18, 2013)CounterTack, the industry’s first and only provider of in-progress cyber attack intelligence and response solutions, today announced its partnership with rSolutions, an information security firm that provides a broad range of enterprise security solutions and professional consulting services. rSolutions will be reselling CounterTack’s Scout Solution for advanced threat detection and intelligence.

This partnership will expand rSolutions’ product portfolio and augment its offerings for enterprise customers. The addition of CounterTack’s Deep System Inspection (DSI) technology will help rSolutions customers not only reduce dwell time, but in the process give them access to the critical intelligence they need to better understand and combat advanced, and even unknown, threats. In partnering with rSolutions, CounterTack is expanding its presence into the government, mining and energy markets in Canada.

Security-savvy organizations understand that advanced threats are persistent, rendering many systems as continuously compromised. The more frequently companies are attacked, the more they become prone to follow-up attacks, underscoring the reality that blocking or alerting is no longer good enough. With deep behavioral analysis, CounterTack helps companies actively engage with attackers to defend critical systems at the endpoint.

"At rSolutions, we are constantly looking for unique and innovative solutions to help address our customers' biggest problems," said Richard Baker, managing partner at rSolutions.  "Despite investing in the latest advanced threat detection offerings, our customers have crucial unanswered questions about how to assess, contain, and stop attacks that are still getting through.  We believe CounterTack's revolutionary approach to endpoint security is a perfect complement to our current network-based solutions and will provide our customers with the critical intelligence needed to stop attacks."

“The ability to identify advanced attacks is essential. But that is only half the security battle,” said Neal Creighton, CEO, CounterTack. “The capability to minimize the impact of an attack by limiting its length or ‘dwell time’ in a system by actively engaging with attackers is now essential in limiting potential damage, understanding what the attacker is doing and targeting, and ultimately, diverting the attacker from production assets. The rSolutions and CounterTack partnership will provide companies with the tools and intelligence they need to identify and understand advanced attacks – empowering them to actively defend their businesses.”

About rSolutions

rSolutions is a boutique Information Secuirty firm providing enterprise security solutions and professional consulting services. As a results-driven organization, we help our customer’s meet their business objectives. A partner of several industry leaders, such as CounterTack, Splunk, FireEye, Qualys, Mobile Iron, Guidance Software and Accellion, rSolutions offers a suite of security assessment services including vulnerability assesments, penetration testing, web application testing and more. To learn more, visit www.rsolutions.com.

 

CIO Today: Google Reports Iranian Phishing on Eve of Elections

Google has been reporting on phishing activity out of Iran since 2011. Jennifer LeClaire reports on CIO Today that the latest phishing campaigns are likely tied to the Iranian presidential election. According to Sean Bodmer, chief researcher of CounterTack, “There are always observable traits and effects in every campaign, incident or attack that infer the possible aggressor, and it would appear that political implications and motives may indeed be one of them in this particular case.”

Dark Reading: 12 Endpoint Security Myths Dispelled

Ericka Chickowski reports on Dark Reading: 12 Endpoint Security Myths Dispelled . There are plenty of misapprehensions and delusions about endpoint security receive little attention from security pundits. Sean Bodmer, chief researcher for CounterTack, weighs in on two of them – AV Is Outdated And Useless, and Some Endpoints Aren’t Important Enough To Be Attacked.

For Media Inquiries

Please email press@countertack.com

View News Mentions from Previous Years:

2015 News Mentions

2014 News Mentions

2013 News Mentions