The days of simple endpoint protection are over. Scanning and screening for malware has become a very complex process, and most traditional anti-malware tools only find a small fraction of potential infections.Nowadays there are numerous advanced endpoint detection and response (EDR) tools, all claiming to find and block the most subtle attacks, even ones that don’t leave many fingerprints.As we wrote last fall, there are two basic approaches: hunting (looking for some odd behavior) and sifting and gathering particular trends or activities (which has its roots in traditional anti-virus).To read this article in full or to leave a comment, please click here
In our testing of 10 endpoint security products, we found that no one product does everything. You will have to make compromises, depending on what other security tools you already have installed and the skill levels of your staff. While there is no single product that can suit all situations, endpoint configurations and IT requirements, there are a few key things to consider in your purchase:1. Going agent or agentless. A few of the products we tested don’t require endpoint agents, but the trade off is that you will need to setup LDAP or clean up your Active Directory domain and make use of network switch SNMP management and other connections to your network fabric.To read this article in full or to leave a comment, please click here(Insider Story)
After extensive testing of 10 advanced endpoint protection products, we have identified a series of broad industry trends:1. Virus signatures are passé. Creating a virus with a unique signature is child’s play, thanks to the nearly automated virus construction kits that have filled the internet over the past several years. Instead, many of today’s advanced endpoint protection products make use of security news feeds that report on the latest attacks such as VirusTotal.com and other reputation management services. Some, like CrowdStrike, have a long list of integrations with security and log management tools to make them more effective at spotting attack trends.To read this article in full or to leave a comment, please click here
Endpoint protectionThe days of simple endpoint protection based on traditional anti-malware tools are over. There are now advanced endpoint detection and response (EDR) tools that go beyond proactive monitoring and endpoint protection. They evaluate threats in a larger ecosystem, combining the best aspects from network intrusion detection and examining the individual process level on each computer. That is a tall order, and the 10 products tested are all very capable. However, no one product does everything. You will have to make compromises, depending on what other security tools you already have installed and the skill levels of your staff. Here are capsule reviews of 10 advanced endpoint protection products (see the full review):To read this article in full or to leave a comment, please click here
Endpoint protectionThe days of simple endpoint protection based on traditional anti-malware tools are over. There are now advanced endpoint detection and response (EDR) tools that go beyond proactive monitoring and endpoint protection. They evaluate threats in a larger ecosystem, combining the best aspects from network intrusion detection and examining the individual process level on each computer. That is a tall order, and the 10 products tested are all very capable. However, no one product does everything. You will have to make compromises, depending on what other security tools you already have installed and the skill levels of your staff. Here are capsule reviews of 10 advanced endpoint protection products (see the full review):To read this article in full or to leave a comment, please click here
Attackers can exploit vulnerabilities in Android devices with Qualcomm chipsets in order to extract the encrypted keys that protect users' data and run brute-force attacks against them.The attack was demonstrated last week by security researcher Gal Beniamini and uses two vulnerabilities patched this year in Qualcomm's implementation of the ARM CPU TrustZone.The ARM TrustZone is a hardware security module that runs its own kernel and Trusted Execution Environment independent of the main OS. On Qualcomm chips, the Trusted Execution Environment is called QSEE (Qualcomm Secure Execution Environment).The full-disk encryption feature on Android devices relies on a randomly generated key called the device encryption key (DEK). This key is itself encrypted with another key derived from the user's PIN, password or swipe pattern.To read this article in full or to leave a comment, please click here
New products of the weekOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.Alight Enterprise CloudKey features: a platform for deploying vertical applications for mortgage banking, mining/energy, telecommunications and high tech that show the financial ripples of potential decisions across the enterprise. More info.To read this article in full or to leave a comment, please click here
A second man has pleaded guilty to using a phishing scheme to get access to private and sensitive videos and photographs of people in the entertainment industry in Los Angeles.Edward Majerczyk, 28, a resident of Chicago and Orland Park, Illinois, has admitted in a plea agreement entered in the U.S. District Court for the Central District of California that between Nov. 23, 2013 through August 2014, he had engaged in a phishing scheme to obtain usernames and passwords from his victims, according to the U.S. Attorney’s Office for the Central District of California.Majerczyk gained access to the victims’ usernames and passwords after he sent them emails that appeared to be from security accounts of internet service providers. These mails directed the victims to a website that would collect their usernames and passwords. After illegally accessing the email accounts, he obtained personal information including sensitive and private photographs and videos, according to his plea agreement.To read this article in full or to leave a comment, please click here
If you have an Android device running 5.0 (Lollipop) or later, and powered by a Qualcomm Snapdragon processor, then you should know that a security researcher demonstrated how to crack the full-disk encryption (FDE) with brute-force attacks; the fix is not necessarily as simple as installing new firmware and might require changes to hardware.Full-disk encryption, which is supported on devices running Lollipop on up, is supposed to protect files on the storage drive. Android uses a randomly chosen 128-bit device encryption key which is further encrypted using a user’s PIN, password or swipe pattern. The master key, or Device Encryption Key (DEK), is stored on a user’s device; it is bound to the device’s hardware though Android’s KeyMaster, which runs in the TrustZone. In other words, an attacker should not be able to extract the crypto key for this walled-off and protected section.To read this article in full or to leave a comment, please click here
Car hacking is not only a “thing” but it's also a thing that’s in its early days and because there’s the potential for exploits with serious and quite possibly life-threatening consequences, automotive cybersecurity is something we should all be very concerned about. Just imagine your own car traveling at speed and having your ability to steer, alter speed, and brake, taken away and then being ransomed to regain control. Charles01 / Wikipedia
Chrysler Jeep CherokeeTo read this article in full or to leave a comment, please click here
Attackers are developing an aggressive new ransomware program for Windows machines that encrypts user files as well as the computer's master boot record (MBR), leaving devices unable to load the OS.The program is dubbed Satana -- meaning "Satan" in Italian and Romanian -- and, according to researchers from security firm Malwarebytes, it is functional but still under development.Satana is the second ransomware threat affecting the MBR and seems inspired by another program, Petya, that appeared in March.To read this article in full or to leave a comment, please click here
A newly released exploit can disable the write protection of critical firmware areas in Lenovo ThinkPads and possibly laptops from other vendors as well. Many new Windows security features, like Secure Boot, Virtual Secure Mode and Credential Guard, depend on the low-level firmware being locked down.The exploit, dubbed ThinkPwn, was published earlier this week by a researcher named Dmytro Oleksiuk, who did not share it with Lenovo in advance. This makes it a zero-day exploit -- an exploit for which there is no patch available at the time of its disclosure.ThinkPwn targets a privilege escalation flaw in a Unified Extensible Firmware Interface (UEFI) driver, allowing an attacker to remove the flash write protection and to execute rogue code in the SMM (System Management Mode), a privileged operating mode of the CPU.To read this article in full or to leave a comment, please click here
Enterprises are fighting a cyber war against very sophisticated and highly organized adversaries. Yet companies still approach cybersecurity with a strictly defensive mindset. They operate under the belief that having the best defense will keep them safe from advanced adversaries. But attackers know how to break any defense, guaranteeing they’ll eventually infiltrate a company.Organizations need to approach security by thinking about how they can stop offense. How is this different from having a strong defense? When you’re stopping offense, you don’t stand on the sidelines waiting for an attacker to breach your network, hoping that the security measures you have in place will be enough to stop them.To read this article in full or to leave a comment, please click here
This column is available in a weekly newsletter called IT Best Practices. Click here to subscribe.
The advent of worker mobility and cloud computing have played havoc with the traditional network perimeter. At one time the perimeter was a well-established concept. All of our users, locations, data centers and applications were inside this zone protected by strong network security. That notion seems almost quaint today.
With mobile users and data and applications in the cloud, the old perimeter has basically dissolved, leading to the development of entirely new security tools—secure web gateways, cloud access security brokers, enterprise mobility management, and so on. These new products and services augment the traditional network security stack of firewalls, anti-virus, email and web filtering, etc.To read this article in full or to leave a comment, please click here
DARPA recently said that it had finished integrating seven space-watching networks that will feed tons of new Earth-orbiting junk data into what the agency calls “the largest and most diverse network of space situational awareness networks ever assembled.”+More on Network World: NASA’s hot Juno Jupiter mission+DARPA’s OrbitOutlook (O2) program brings seven previously separate new space sensor networks together that could ultimately feed into the United States Space Surveillance Network (SSN), a worldwide network of 29 military radar and optical telescopes operated by the Air Force as well as NASA, the FAA and other entities that could use the information.To read this article in full or to leave a comment, please click here
Freshly minted CISOs as well as other mid-career professionals with a need for a broad grounding in cybersecurity can get an advanced degree in the topic through a new program at Brown University.
The Executive Master in Cybersecurity set to launch in October is a 16-month program to instruct students in technology, law and policy, human behavior, and leadership-skills development. “What the industry is crying out for is interdisciplinary training,” says Alan Usas, the program director.
The idea is to prepare cybersecurity leaders who not only understand the technical needs of protecting data and privacy but who can also talk effectively to the boards of directors about these issues in a way that nets results for security and for business goals, he says.To read this article in full or to leave a comment, please click here
Data stolen from a bank quickly becomes useless once the breach is discovered and passcodes are changed. But data from the healthcare industry, which includes both personal identities and medical histories, can live a lifetime.Cyberattacks will cost hospitals more than $305 billion over the next five years and one in 13 patients will have their data compromised by a hack, according to industry consultancy Accenture. Accenture
And a study by the Brookings Institution predicts that one in four data breaches this year will hit the healthcare industry.To read this article in full or to leave a comment, please click here
Malware that secretly installs porn apps on your phone is infecting devices by the millions, becoming the world’s largest mobile Trojan.The malware, called "Hummer," is a family of Trojans that imitate Android apps before striking, according to Cheetah Mobile, a maker of security and utility apps.The company’s researchers have been tracking Hummer since 2014. It's been infecting more than 1 million devices per day, far outpacing other kinds of mobile Trojans, the company said in a post on Wednesday.India, Indonesia, Turkey, China and Mexico are the top five countries where the Trojan has been spreading the most, but it's also hit victims in the U.S. and Europe.To read this article in full or to leave a comment, please click here
The hacker who claims to have breached the Democratic National Committee’s networks is trying to beat back accusations that he’s linked with the Russian government.The intrusion, which stole confidential files from the DNC, was his “personal project,” hacker Guccifer 2.0 said in a Thursday blog post.Security firms and the DNC may be trying to blame the attack on Russia, but “they can prove nothing!” Guccifer 2.0 added.“All I hear is blah-blah-blah, unfounded theories, and somebody’s estimates,” he wrote.Guccifer 2.0 appeared on the web just a day after the DNC revealed it had been hacked. To prove he was behind the breach, the hacker began posting the files he stole. This included opposition research on presidential candidate Donald Trump, along with donor lists and foreign policy files. To read this article in full or to leave a comment, please click here
After dropping slightly in the previous year, the number of federal and state wiretaps increased nearly 17% in 2105 over 2014, according to an annual report submitted to Congress by the Administrative Office of the U.S. Courts.
+More on Network World: NASA’s hot Juno Jupiter mission+
A total of 4,148 wiretaps were reported in 2015 versus 3,554 the previous year. Of those, 1,403 were authorized by federal judges, 10% more than in 2014, and 2,745 were authorized by state judges, an increase of 21%. The report said 4,448 persons had been arrested in wiretap investigations, a 26% increase from 2014. The number of convictions rose 7%, to 590. Federal wiretaps were responsible for 29 %of the arrests, and 19 % of the convictions, according to the report.To read this article in full or to leave a comment, please click here