"Instead of fixing all their software problems, they're just trying to layer in security in the middle," said Sean Bodmer, chief researcher at CounterTack, in this article by Jeff Peters on HackSurfer: SCADA Security: No One Wants to Start a War, But They Could. Bodmer continues, "Some of these programs and some of these turbines are still running on Windows 98 believe it or not. I saw one a year and a half ago out in Washington state. The cost of these SCADA companies, energy companies, to actually turn off those turbines and do the software upgrade from Windows 98, in 2012 – the last year that I saw it – it costs them so much money they’d rather just wait until it crashes before actually stopping the turbine. It costs millions of dollars to stop and clean and get back going and the load balancing.”
Comprehensive Collection of Stateful Compromise Indicators Powers Scout Analytics Engine to Better Understand and Counter Advanced Threats
WALTHAM, Mass. (June 24, 2013) – CounterTack, the industry’s first and only provider of in-progress cyber attack intelligence and response solutions, today introduced the Scout Knowledge Library, a robust collection of stateful compromise indicators (SCIs) that correlate behavioral and technical characteristics of advanced threats to provide organizations with rich attack intelligence through conclusive attack evidence.
With the recent release of Scout 4, CounterTack is taking a dramatically different approach to endpoint protection, providing unprecedented visibility into attackers through its patented Deep System Inspection (DSI) technology. CounterTack enables organizations to detect previously undetectable advanced threats and attacks that most other solutions miss.
The Scout Knowledge Library is a compilation of SCIs, attack and malware profiles and conditions. Collectively, they serve as the intelligence foundation of Scout’s powerful analytics engine, enabling customers to quickly classify malware and malicious activity based on correlated actions exhibited by the attack.
“CounterTack’s Scout Knowledge Library gives organizations the ability to quickly and accurately determine the scope of an attack by understanding what type of malware is launched, and what type of process it follows,” said Neal Creighton, CEO, CounterTack. “Correlating malware characteristics through Scout helps enterprises react with confidence to attacks, shortening the gap from detection to intelligence to response, by giving them the ability to know precisely what will happen relative to that specific malware, bot, trojan or condition identified.”
Based on the breadth of Scout’s real-time monitoring of historical attacker behavior and malware processes, the Scout Knowledge Library’s SCIs can help rapidly classify attacks and provide intelligence on specific tools and techniques associated with threats both known and unknown. These classifications are integrated into Scout 4, where the threat and attack profiles are correlated with attack activity in real-time.
“CounterTack’s unique approach is to shorten the cycle to remediation for customers impacted by sophisticated threats and persistent malware campaigns,” said Sean Bodmer, chief researcher, CounterTack. “Through our library, we provide the capability to correlate key events and characteristics of malware. A single SCI can detect millions of variants of Zeus, like Ice9 or Citadel, but what matters most are the key characteristics and the modular functionalities of the malware. For example, knowing whether the malware is configured with Remote Desktop Protocol (RDP), Webinjects (secure form login stealer), DDOS, FormGrabbers, or JabberUpdater can help customers quickly identify the motive, intent and capability of a threat — so they react appropriately.”
In the event that a critical endpoint is compromised, Scout’s real-time analysis identifies files, processes and network activity the attacker is targeting at the OS level on production systems. That behavior is then correlated with indicators in the Knowledge Library to provide conclusive intelligence about the attack.
The Scout Knowledge Library will be sold as part of base Scout deployments, and updates will be available as part of a subscription model.
CounterTack, the industry’s first and only in-progress attack intelligence and response solution provider, was born out of the critical need to develop new security approaches for enterprise and government organizations. The detection gap persists despite massive investments and continuing advancements in security technologies, with cyber attacker innovation outpacing cyber defenses. CounterTack is leading the way on new approaches for deeper security intelligence monitoring and faster attack response.
To learn more, visit www.countertack.com.
CounterTack Scout to Provide Enhanced Visibility to Help Reduce Attacker ‘Dwell Time’
WALTHAM, Mass. (June 18, 2013) – CounterTack, the industry’s first and only provider of in-progress cyber attack intelligence and response solutions, today announced its partnership with rSolutions, an information security firm that provides a broad range of enterprise security solutions and professional consulting services. rSolutions will be reselling CounterTack’s Scout Solution for advanced threat detection and intelligence.
This partnership will expand rSolutions’ product portfolio and augment its offerings for enterprise customers. The addition of CounterTack’s Deep System Inspection (DSI) technology will help rSolutions customers not only reduce dwell time, but in the process give them access to the critical intelligence they need to better understand and combat advanced, and even unknown, threats. In partnering with rSolutions, CounterTack is expanding its presence into the government, mining and energy markets in Canada.
Security-savvy organizations understand that advanced threats are persistent, rendering many systems as continuously compromised. The more frequently companies are attacked, the more they become prone to follow-up attacks, underscoring the reality that blocking or alerting is no longer good enough. With deep behavioral analysis, CounterTack helps companies actively engage with attackers to defend critical systems at the endpoint.
"At rSolutions, we are constantly looking for unique and innovative solutions to help address our customers' biggest problems," said Richard Baker, managing partner at rSolutions. "Despite investing in the latest advanced threat detection offerings, our customers have crucial unanswered questions about how to assess, contain, and stop attacks that are still getting through. We believe CounterTack's revolutionary approach to endpoint security is a perfect complement to our current network-based solutions and will provide our customers with the critical intelligence needed to stop attacks."
“The ability to identify advanced attacks is essential. But that is only half the security battle,” said Neal Creighton, CEO, CounterTack. “The capability to minimize the impact of an attack by limiting its length or ‘dwell time’ in a system by actively engaging with attackers is now essential in limiting potential damage, understanding what the attacker is doing and targeting, and ultimately, diverting the attacker from production assets. The rSolutions and CounterTack partnership will provide companies with the tools and intelligence they need to identify and understand advanced attacks – empowering them to actively defend their businesses.”
rSolutions is a boutique Information Secuirty firm providing enterprise security solutions and professional consulting services. As a results-driven organization, we help our customer’s meet their business objectives. A partner of several industry leaders, such as CounterTack, Splunk, FireEye, Qualys, Mobile Iron, Guidance Software and Accellion, rSolutions offers a suite of security assessment services including vulnerability assesments, penetration testing, web application testing and more. To learn more, visit www.rsolutions.com.
Google has been reporting on phishing activity out of Iran since 2011. Jennifer LeClaire reports on CIO Today that the latest phishing campaigns are likely tied to the Iranian presidential election. According to Sean Bodmer, chief researcher of CounterTack, “There are always observable traits and effects in every campaign, incident or attack that infer the possible aggressor, and it would appear that political implications and motives may indeed be one of them in this particular case.”
Ericka Chickowski reports on Dark Reading: 12 Endpoint Security Myths Dispelled . There are plenty of misapprehensions and delusions about endpoint security receive little attention from security pundits. Sean Bodmer, chief researcher for CounterTack, weighs in on two of them – AV Is Outdated And Useless, and Some Endpoints Aren’t Important Enough To Be Attacked.