Taking down the threatImage by ThinkstockAdvanced Persistent Threats (APT) are able to slip past even the most cutting-edge security defenses thanks to a diabolically clever strategy. Hackers may try to breach your defenses thousands of times until they finally get in. Once a network is breached, most APTs go into stealth mode. They move slowly, laterally compromising other systems and inching toward their goals. But what if you could hunt down these active, but hidden threats before they can do real damage? For this review, we tested threat hunting systems from Sqrrl, Endgame and Infocyte. Read the full review as well.To read this article in full or to leave a comment, please click here
Advanced Persistent Threats are able to slip past even the most cutting-edge security defenses thanks in large part to a diabolically clever strategy. The threat actors behind successful APTs research the employees, practices and defenses of the organizations they want to attack. They may try to breach the defenses hundreds or thousands of times, then learn from their mistakes, modify their behavior, and finally find a way to get in undetected.Once a network is breached, most APTs go into a stealth mode. They move slowly, laterally compromising other systems and inching toward their goals. Post-mortems from successful attacks often show that the time an APT breached a system to the time it was detected could be anywhere from six months to a year or more. And, they are often only detected after making that final big move where there is a huge exfiltration of critical data.To read this article in full or to leave a comment, please click here(Insider Story)
The best way to get experience with most jobs or tasks is to do them. It’s difficult to learn how to drive a car without getting behind the wheel. Soldiers need to face the enemy in order to gain combat experience. And IT administrators have to experience and mitigate attacks to learn how to best defend their networks.
The problem with these scenarios is that they involve a degree of risk. It’s not all that helpful to learn how to counter a cyberattack if the first one you experience puts your company out of business.
That’s where the SafeBreach continuous security validation platform comes in. Deployed as a service, through the cloud or internally, it can show cybersecurity teams exactly where the network vulnerabilities are and how to plug those holes. It can even run wargames so that IT teams can learn the best ways to respond to attacks on their actual networks.To read this article in full or to leave a comment, please click here(Insider Story)
The best way to get experience with most jobs or tasks is to do them. It’s difficult to learn how to drive a car without getting behind the wheel. Soldiers need to face the enemy in order to gain combat experience. And IT administrators have to experience and mitigate attacks to learn how to best defend their networks.To read this article in full or to leave a comment, please click here(Insider Story)
Most security tools are focused on keeping external attackers at bay. But what about the sensitive data that lives inside your network? How do you make sure it doesn’t get out, either intentionally or by accident?That’s where Data Loss Prevention (DLP) comes into play. DLP tools are designed to block protected data from being shared in various ways, everything from e-mail attachments to printing to even screen captures. DLP can protect core network stores as well as connected endpoints which might have confidential information.We looked at DLP solutions from Comodo, Digital Guardian and Forcepoint. Symantec was invited to participate, but declined.To read this article in full or to leave a comment, please click here(Insider Story)
Data loss prevention toolsImage by ThinkstockWe tested data loss prevention (DLP) tools from Comodo, Digital Guardian and Forcepoint. These products are designed to stop protected data from being shared in multiple ways, everything from e-mail attachments to printing to even screen captures. Forcepoint Triton was the most mature, easiest to setup and had the most features. Digital Guardian DLP was able to eliminate almost all false positives and would be a good choice for organizations with huge amounts of intellectual property. Comodo DLP offered a lot of flexibility as well as extras like a VPN, firewall, patch and mobile device manager, making it a good choice for organizations getting up to speed with their overall cybersecurity defenses. Read the full review.To read this article in full or to leave a comment, please click here
Most security tools are focused on keeping external attackers at bay. But what about the sensitive data that lives inside your network? How do you make sure it doesn’t get out, either intentionally or by accident?To read this article in full or to leave a comment, please click here(Insider Story)
Data loss prevention toolsImage by ThinkstockWe tested data loss prevention (DLP) tools from Comodo, Digital Guardian and Forcepoint. These products are designed to stop protected data from being shared in multiple ways, everything from e-mail attachments to printing to even screen captures. Forcepoint Triton was the most mature, easiest to setup and had the most features. Digital Guardian DLP was able to eliminate almost all false positives and would be a good choice for organizations with huge amounts of intellectual property. Comodo DLP offered a lot of flexibility as well as extras like a VPN, firewall, patch and mobile device manager, making it a good choice for organizations getting up to speed with their overall cybersecurity defenses. Read the full review.To read this article in full or to leave a comment, please click here
Lurking insideImage by Flickr/Dennis SkleyWe tested three products, each concentrating on a different aspect of the insider threat problem. Fortscale did an amazing job protecting a traditional network. Its machine learning capabilities and concentration on access and authentication logs gives it an extremely high accuracy rate. Cloud-based insider threats can be even harder to detect, yet Avanan uniquely protects against threats related to trusted insiders within the cloud. PFU Systems applies insider threat security to mobile devices with their iNetSec system. (Read the full review.) Here are the individual reviews:To read this article in full or to leave a comment, please click here
In the 1979 film When a Stranger Calls, the horror is provided when police tell a young babysitter that the harassing phone calls she has been receiving are coming from inside the house. It was terrifying for viewers because the intruder had already gotten inside, and was presumably free to wreak whatever havoc he wanted, unimpeded by locked doors or other perimeter defenses. In 2016, that same level of fear is being rightfully felt towards a similar danger in cybersecurity: the insider threat.To read this article in full or to leave a comment, please click here(Insider Story)
Lurking insideImage by Flickr/Dennis SkleyWe tested three products, each concentrating on a different aspect of the insider threat problem. Fortscale did an amazing job protecting a traditional network. Its machine learning capabilities and concentration on access and authentication logs gives it an extremely high accuracy rate. Cloud-based insider threats can be even harder to detect, yet Avanan uniquely protects against threats related to trusted insiders within the cloud. PFU Systems applies insider threat security to mobile devices with their iNetSec system. (Read the full review.) Here are the individual reviews:To read this article in full or to leave a comment, please click here
In the 1979 film When a Stranger Calls, the horror is provided when police tell a young babysitter that the harassing phone calls she has been receiving are coming from inside the house. It was terrifying for viewers because the intruder had already gotten inside, and was presumably free to wreak whatever havoc he wanted, unimpeded by locked doors or other perimeter defenses. In 2016, that same level of fear is being rightfully felt towards a similar danger in cybersecurity: the insider threat.An entire industry has sprung up to provide a defense against insider threats. We tested products from Fortscale, Avanan, and PFU Systems, with each one concentrating on a different aspect of the problem.To read this article in full or to leave a comment, please click here(Insider Story)
Over the past few months, we’ve reviewed a variety of cutting-edge security tools that combat advanced persistent threats (APTs); everything from threat intelligence to virtual sandboxing to privileged identity management. And while all of these programs have been powerful, they all had varying degrees of complexity when it came to usability and customization.To read this article in full or to leave a comment, please click here(Insider Story)
ID managementPrivileged Identity Management is based on a common link in the chain of almost every advanced threat: obtaining the credentials of an administrator, super-user or even a program with local admin rights. PIM tools lock down those special user credentials. Some PIM systems concentrate on auditing or anomaly detection so that even trusted insiders who have gone turncoat can be caught. Others look at the password aspect of identity management, cycling impossibly long randomized passwords. Some concentrate on Linux environments, while others are Windows-based. Almost all PIM tools embrace the concept of least-privilege, giving users only the level of access and privilege that they need to run a specific command. Read the full review.To read this article in full or to leave a comment, please click here
Privileged Identity Management is based on the idea that a common element of most advanced threats involves obtaining the credentials of an administrator, super-user or even a program with local admin rights. Armed with those credentials, the attacker can turn internal systems against themselves, rewrite security policies and remain undetected.Privileged Identity Management tools lock down those special user credentials so that even successful breaches are only done against low-level endpoints that can’t do much harm. Should attackers on a compromised system attempt to elevate those privileges, not only will they be quickly detected, but any process that attempts to run will be blocked.To read this article in full or to leave a comment, please click here(Insider Story)
In recent reviews, we looked at the advancements in endpoint security, including new ways companies are employing technology like virtual machines to get a leg up on potential attackers. But despite impressive new defensive technologies, the bad guys still seem to be getting through.
According to security engineers we’ve talked with, the problem with network defense these days is two-fold. First, no matter how innovative the defensive technology deployed, it will eventually be breached or circumvented. And because most of the top attackers and groups collaborate, the tools and techniques used to successfully break down defenses are quickly shared.To read this article in full or to leave a comment, please click here(Insider Story)
Despite advances in malware protection, endpoints get infected every day, even those running some form of anti-virus or other defense that the threat is able to circumvent.
In our recent roundup of anti-virus programs, we discovered several new techniques being employed by anti-virus companies to make PCs safer against advanced threats. Even so, many anti-virus companies we talked with acknowledged that their software can’t catch everything, especially within those commonly exploited areas that are tricky to defend.To read this article in full or to leave a comment, please click here(Insider Story)
Despite advances in malware protection, endpoints get infected every day, even those running some form of anti-virus or other defense that the threat is able to circumvent.
In our recent roundup of anti-virus programs, we discovered several new techniques being employed by anti-virus companies to make PCs safer against advanced threats. Even so, many anti-virus companies we talked with acknowledged that their software can’t catch everything, especially within those commonly exploited areas that are tricky to defend.To read this article in full or to leave a comment, please click here(Insider Story)
In an era when businesses are scrambling to defend against sophisticated advanced persistent threats, old school anti-virus may seem like a relic. But traditional anti-virus companies are changing with the times, delivering defense-in-depth for a BYOD world.In this review, we looked at products from seven of the original anti-virus vendors, each dating back to at least the 1990s: AVG, ESET, Kaspersky, McAfee, Symantec, Panda Software and Trend Micro. We focused on ease of installation and management, ease of use, plus the protection each suite offered beyond traditional signature-based anti-virus. Special emphasis was placed on the software’s ability to also protect mobile devices running both iOS and Android. (Read an analysis of the antivirus market.)To read this article in full or to leave a comment, please click here(Insider Story)
New tools can detect hidden malwareImage by ShutterstockWe tested new security appliances from Damballa, Lancope and LightCyber that are designed to detect the latest cyber-attacks by monitoring network traffic and identifying when a piece of malware is communicating back to its command and control center. (Read the full review here.)To read this article in full or to leave a comment, please click here