Monthly Archives: March 2016

  • 0

Ensuring Your Security Infrastructure Can Support Next-Generation Networks

Category : Gigamon

Data networks are undergoing the most fundamental changes since many of them were deployed decades ago.  Traffic and bandwidth growth may be the most obvious, but the use of Software Defined Networks (SDN) and the cloud is causing even more fundamental disruption.  And the impact of these changes is likely to continue unabated for some time.

Traffic growth is a given, of course.  According to Cisco, IP traffic is expected to grow by 300% in the next five years.  Some consider even that an understatement as the explosive growth of mobility, Big Data and the Internet of Things has the potential to hasten in the “Zetabyte Era” more quickly than anticipated.

The use of SDNs is likely the most important change in the “modern” network that impacts security.  In most networks, security infrastructure has been deployed in line with the physical network and the traffic on that network.  However, as traffic now becomes “mobile” and the physical network layer is abstracted, delivering the right amount and type of traffic to security appliances becomes very problematic.  In many cases, deploying an SDN can result in “blind spots” since traffic no longer uses the same physical network.  And simply adding new security appliances is not only expensive, but it may not improve your security posture.

A good example of these blind spots is when the use of Virtual Extensible Local Area Networks (VXLAN) hides traffic in a tunnel. Monitoring can become difficult, and individual applications flowing within the tunnel can’t be monitored.  It is possible to strip out the encapsulations, but that will negatively impact the performance of analysis and monitoring tools.

What’s more, the security infrastructure must deal not only with more traffic, but with new threat types as well.  To counter these threats, it is more important than ever to ensure that your traffic visibility and monitoring tools can deliver the right type and amount of traffic to your security appliances.  And as the breadth of these threats increases, bringing tools inline is often the best course, as out-of-band deployments may miss malware or only find it after it has infested your systems.

Finally, the growth in encrypted traffic, as part of overall traffic growth, presents special challenges for security infrastructure.  Forcing security appliances to decrypt, analyze and re-encrypt traffic often overloads these appliances.

The Unified Visibility Fabric Responds to These Demands

It is precisely these issues that have driven the design of Gigamon’s Unified Visibility Fabric (UVF).  The complexity of modern infrastructure makes the UVF’s ability to provide visibility into physical, virtual and remote sites, as well as emerging SDN/NFV infrastructure, as a single unified fabric with a common management and policy model central to effective security.  A unified management model also allows rapid visibility into infrastructure blind spots.

The Unified Visibility Fabric has functionality that is directly focused on improving your security posture. It starts with intelligent traffic delivery to security appliances, optimizing their operation and allowing them to be inline without being overloaded. This supports real-time malware detection and remediation.  In addition, the UVF makes it possible to automate many elements of traffic management and delivery, which reduces the workload on limited IT and security resources while providing more consistent traffic delivery and monitoring.  Using Gigamon’s unique and enhanced metadata, the UVF enhances the effectiveness of security appliances and improves threat detection.

For the SDN powered networks, UVF can also support de-capsulating or filtering some of these new overlay encapsulations (like VXLAN, which is used in Cisco ACI or VMware NSX) before delivering traffic to the monitoring tools, thereby eliminating additional blind spots created by next-generation networks.

Providing a consistent approach to end-to-end traffic visibility and management is critical to a strong security infrastructure. The UVF is also positioned to meet increasing network speeds and throughput with the ability to support 1Gb, 10Gb, 40Gb and 100Gb networks.

Given the fundamental changes occurring in modern networks, the new approach to traffic management and visibility provided by the UVF is required to support the security infrastructure that protects these networks.

Source: http://www.cio.com/native?prx_t=FRUCAAAAAAe9wLA


  • 0

Phishing Email Nets Two Thirds of Staff at One Company

Category : FireEye

A new IT security penetration testing service has given an alarming glimpse at the ease with which cyber adversaries can compromise companies and government agencies.

FireEye’s newly launched Mandiant Red Team Operations has revealed that it was able to use a phishing email to fool two thirds of 600 staff at a Silicon Valley company into divulging their passwords to a spoofed login portal.

It said it was also able to use a similar technique to “compromise a foreign government” by creating a more secure version of the administration’s self-service web portal.

Marshall Heilman, FireEye’s vice president and executive director of incident response and red team operations, said that the trend showed no sign of abating.

“As we have seen over the last 12 years, determined threat actors will find a way into networks to carry out intellectual property theft, destroy systems, ransom or steal data, or conduct espionage and ultimately maintain their presence for as long as possible,” Mr Heilman said.

The revelations underscore a growing trend toward socially engineered cyber attacks on senior staff within large organisations.

IT security provider BAE systems said that it was facing a continuing trend in which its clients were facing so-called “whaling attacks” – social engineering attacks aimed at senior executives with the ability to authorise large cash transfers.

Rajiv Shah, General Manager of BAE Systems Australian and New Zealand said that while attacks could involve the loss of large sums of money it was a largely an invisible problem because victim companies were often embarrassed about disclosing them.

“Certainly we’ve seen more cases of it in the last year or so. It’s difficult to get accurate information on this because it’s not openly reported – if something happens then they try to keep it quiet,” Mr Shah said.

Attackers could typically cover their tracks within a few days making it difficult for law enforcement authorities act to recover lost funds, Mr Shah explained.

In particular, he said that cyber attackers were getting better at cloaking attribution and misdirecting investigators.

Companies and large organisation needed to do more to investigate for weaknesses in their business process and arm employees with information that can help them detect suspicious transactions, Mr Shah said.

“They have to make sure that those with authority to authorise these sorts of transactions are aware of these sorts of scams. It could just be asking a couple of questions like ‘that looks a bit unusual, we’ve never done that before’. Maybe I should pick up the phone and talk to someone,” he explained.

Source: http://www.cso.com.au/article/596938/phishing-email-nets-two-thirds-staff-one-company/

 


  • 0

Honeywell And Palo Alto Networks Team To Protect Industrial Control Systems From Cyber Attacks

Category : Palo Alto

Honeywell Process Solutions (HPS) and Palo Alto Networks® are collaborating to boost the cyber security capabilities of control systems used by industrial facilities and critical infrastructure.

Honeywell’s Industrial Cyber Security business is now offering the Palo Alto Networks Next-Generation Security Platform to industrial customers. The collaboration enables customers to better prevent cyberattacks against their Process Control Networks (PCN) and Operational Technology (OT) environments in order to protect their assets and maximize production uptime and safety.

The joint solution offers unrivaled process network traffic monitoring and advanced threat prevention across the automation environment. It combines Palo Alto Networks’ advanced and natively integrated security platform with Honeywell’s unique process control domain expertise to provide a cyber security solution tailored for industrial customers. This next-generation offering enhances Honeywell’s comprehensive portfolio of cyber security solutions, including its Industrial Cyber Security Risk Manager platform.

 

QUOTES

  • “The collaboration with Palo Alto Networks expands our ability to provide proactive intrusion prevention resulting in more robust protection for our customers. It is an example of Honeywell’s unique multi-vendor approach that integrates state-of-the-art technology with proven expertise so that customers can confidently rely on our cyber security capabilities, quickly and effectively prevent threats, and focus on their daily operations.”

    – Jeff Zindel, vice president and general manager, cyber security, Honeywell Process Solutions

  • “Connecting vital infrastructure to the Industrial Internet of Things (IIoT) comes with tremendous benefit, but also associated cyber risks. Our work with Honeywell addresses the cyber risk with next-generation security designed to meet the needs of industrial customers and provide them with threat detection and prevention capabilities previously unseen in the industry.”

    – Chad Kinzelberg, senior vice president of business and corporate development, Palo Alto Networks

Honeywell Industrial Cyber Security is the leading provider of cyber security solutions that help protect the availability, safety, and reliability of industrial facilities, critical infrastructure and the Industrial Internet of Things. Leveraging industry-leading process control and cyber security expertise and experience, highly advanced technology, and integrated partner security products, Honeywell delivers proven, complete solutions designed for the specific needs of industrial environments.


  • 0

Gartner Best Practices for Managing ‘Insider’ Security Threats

Category : Imperva

Read Gartner’s Best Practices for Managing ‘Insider’ Security Threats and get threat prevention strategies to protect your enterprise from security breaches by internal users. Learn what drives these attacks such as the prevalence of bring your own device (BYOD) and cloud.

Find out how to minimize breach opportunities, increase detection, and build support among staff.

The report shares why the most successful approach combines technology, process and an understanding of human behavior.


  • 0

The First True Centralized Management Approach to Endpoint Security

Category : McAfee

Intelligent, collaborative, advanced threat defenses

Siloed endpoint security products from multiple vendors can bog down productivity, increase complexity, and leave protection gaps. ESG research states that 58% of enterprises are looking for a better way to manage and fortify endpoint security.

If you’re among those, McAfee® Endpoint Security 10 is a smart choice, with only one console and one database to achieve true centralized management. McAfee Endpoint Security 10 offers an intelligent and collaborative endpoint protection framework. Defenses communicate, share intelligence, and work together to combat advanced threats and deliver improved performance.

  • Simplifies administration with a single client that can be managed in the cloud or on premises.
  • Leverages McAfee Global Threat Intelligence to correlate real-world data and the latest threat information to detect, protect, and correct across Intel Security products, as well as third-party solutions.
  • Improves protection and performance by reducing redundancy and minimizing impact on systems and users.


  • 0

Why You Need Software Defined Segmentation

Category : Cisco

Business demand for cloud services, mobility, and the Internet of Things (IoT) has created exponential network growth and complexity. It has introduced risk, too. Each new user, device, and data connection represents a potential attack entry point. Your attack surface is expanding.
To control the situation, you need dynamic security that moves at the pace of your business, giving the right level of access to the right people at the right time. Many organizations are turning to software defined segmentation. But, what is software defined segmentation? How is it different? Why is it necessary in today’s network environments? In this program, we answer those questions and more with two of the industry’s leading experts – Gartner Research Vice President Phil Schacter and Cisco Security Product Management Director Kevin Skahill. How have other organizations implemented software-defined segmentation? And how do you get started?

Register!


  • 0

The Total Economic Impact of Forcepoint’s SureView Insider Threat

Category : Forcepoint

What’s the real economic impact of using Forcepoint SureView Insider Threat? We commissioned Forrester Consulting to conduct a Total Economic Impact™ (TEI) study. For it, they interviewed a retail customer with multiple years’ experience with this solution. This webcast provides a framework to evaluate the potential financial impact of SureView on other organizations.

Speaker: Shaheen Parks, Principal Consultant – Forrester Consulting

Shaheen is a principal consultant and manager with Forrester’s Total Economic Impact™ (TEI) consulting practice. She works with Forrester clients to measure and communicate the value of vendor solutions for IT and business initiatives, providing ROI business cases based on the costs, benefits, flexibility, and risk associated with specific investments. Shaheen also works with clients to evaluate business and technology investment opportunities through financial analysis.

Shaheen came to Forrester with experience in research, consulting, and marketing. As an analyst, Shaheen has written research on supporting innovation, the financial implications of cloud computing, and IT budgeting and chargeback practice. Additionally, she has experience as a software implementation consultant and as an engineering product manager.

Shaheen earned a B.A. in mechanical and materials science engineering from Harvard University. She also holds an M.S. in materials science engineering from the Massachusetts Institute of Technology and an M.B.A. from the Sloan School of Management, Massachusetts Institute of Technology.

Register!


  • 0

Mastering Your Web Asset Protection with DevOps

Category : Imperva

Today’s software challenges require companies to offer a wider feature set while shortening the time to market of their products. Small startups as well as large corporates invest more time and resources in formalizing their deployment cycle to deliver more quantity in less time. There is a continuous pressure from the business to deliver more content, which would hopefully yield more profit, often at the cost of quality and security. Business owners who are measured by ROI, would always prefer to invest their resources in more features rather than in enhanced security.

As today’s IT environments become more dynamic and continuously evolving, they are faced with ever-increasing security challenges. In a typical environment new applications are deployed regularly and existing applications are changed around the clock, many times without notifying the security teams. In-house applications along with third party services form a spaghetti code across on-premises, private and public clouds that easily become the CISO’s worst nightmare. Even if you manage to get all the pieces working perfectly in sync, how can you assure that future architecture changes, software updates, vulnerability patches, or security policy updates will not break your production environment at the most critical time and lead to a catastrophe?

Ensuring the stability and reliability of your production environment requires a holistic approach. This holistic approach covers the entire gamut of architecture changes, software code changes, security policy and provisioning changes in itself. Each piece of new code or change in configuration must go through a number of intermediate testing environments before hitting the precious production server. Some companies enforce code control through Development, System Integration Testing (SIT), User acceptance Test (UAT), and Staging (pre-production), where successful deployment in one environment is a prerequisite for being deployed on the following environment.

But how can I do this on a larger scale ensuring that all my web assets are always protected?

The secret is by using the DevOps approach. Having a truly DevOps environment means that your full deployment environment can be automated from scratch, spinning up and tearing down the entire deployment on the fly from top to bottom leveraging a no-touch install. Regardless of if you deploy a new server, a new application, or move an existing service from one server to another, the security policies and provisioning layer linked to this service must be taken into consideration as well.

Choosing a perimeter defense approach using a “DevOps-friendly” security product assures that whenever deploying a new service, changing security policies, or applying the latest security vulnerability patch, you would be able to create and provision its security layer automatically via Restful APIs. Applying a DevOps approach to protect your web assets would not only save you time and resources, but would also assure that your organization can scale without compromising on security. A company that launches new applications on regular basis should be able to automate not only the launch process, but also the security layer to protect these applications. Protecting new applications data from cyber-attacks, dynamically learning your applications’ “normal” behavior and correlating this with the threat intelligence crowd-sourced from around the world, should be done automatically and seamlessly as soon as you push the launch button and fire your applications into production.

The Imperva customer base includes many companies who protect thousands of applications in the cloud and on-premises and manage their entire perimeter defense using DevOps tools. Whether you want to add new pattern based signature policy, to set up a dynamic profile learning, to apply virtual patching, or to provision your security policy automatically, DevOps allows you to achieve these goals.


  • 0

Visy Sleeps Better at Night: Chooses SteelFusion and Azure for Cloud Backup of Remote Sites

Category : Riverbed

Earlier this month, we proudly announced the ability to extend cloud services to the remote office/ branch office (ROBO) edge with SteelFusion 4.3. Well folks, these weren’t just aspirational words of features and capabilities in order to get customers excited about what was coming down the pipeline. Yes, this is cool technology that is unique to Riverbed, but more importantly we strive to meet real customer requirements that positively impacts how business gets done.

Wait no more…

Visy, a privately owned packaging and recycling company based in Australia saw the value in this unique solution and chose Riverbed SteelFusion and Microsoft Azure to address a very painful and unreliable backup process that was different at each of their 20 remote sites. Not only did Visy eliminate on-site servers, local storage, and backup software, they were able to achieve better enterprise-wide cost per gigabyte by embracing the Azure public cloud via the StorSimple gateway to augment their data center storage needs. SteelFusion centrally protects all of Visy’s critical corporate data using consistent backup tools that the data center administrators are already familiar with.

Too good to be true you might ask? No not at all. Read the press release for more information on this groundbreaking solution with details from each company involved—Visy, Microsoft, and Riverbed.

Nobody predicts that enterprise IT infrastructures will get less complicated. We all know that the volume, variety, speed, and criticality of business data will only grow as the needs of the business evolve. A forward-thinking approach to data protection such as the one deployed by Visy, is required to keep pace with business continuity requirements that enterprises demand.

In these rapidly changing times for IT, I thought it only fitting to remind readers of the incredibly unique benefits that only SteelFusion offers:

  • Leverages data center or cloud storage at ROBO Edge without any application performance penalty
  • Eliminates the need for local servers, storage, and backup software
  • Instant provisioning and recovery of entire remote site(s) or particular application(s)
  • Encrypts data in flight across WAN and at rest securely at the data center
  • Continuous ROBO operations even with WAN slowdowns or failures

While Visy was the first to complete their deployment with SteelFusion and the public cloud, there are many others who are well on their way. Join them—and you too can kick back and not have to worry about where your data is, whether or not it’s protected, or how to rapidly recover in order to keep the business humming along. For more information, click here to start your journey to peaceful nights, happy users, and ultimately a transformed business


  • 0

CyberArk Earns U.S. Department of Defense UC APL Certification

Category : Cyber-Ark

CyberArk is the First Comprehensive Privileged Account Security Solution Provider on the List of Cyber Security Products Approved for Use within Federal Agency Infrastructures

CyberArk the company that protects organizations from cyber attacks that have made their way inside the network perimeter, today announced the CyberArk Privileged Account Security Solution has been added to the U.S. Department of Defense (DoD) Unified Capabilities Approved Products List (UC APL). CyberArk has the only comprehensive privileged account security solution on the list.

The UC APL is administered by the Defense Information Systems Agency (DISA) and includes only those products approved for use with DoD agencies’ technology infrastructure. This designation identifies products that have undergone a rigorous testing process conducted by the DoD that assures acceptable levels of information assurance and interoperability capabilities.

The CyberArk Privileged Account Security Solution helps identify, lock down and secure existing privileged credentials across networks, and utilizes continuous monitoring of privileged credentials to help detect anomalous behavior and stop an attack early in the cycle to reduce damage. CyberArk was previously granted Common Criteria Evaluation Assurance Level EAL 2+ for the CyberArk Privileged Account Security Solution.

As evidenced by the U.S. Office of Personnel Management (OPM) breach, cyber attackers continue to evolve tactics to target, steal and exploit privileged accounts – the keys to successfully gaining access to an organization’s most sensitive and valuable data. The UC APL milestone is important for CyberArk as new federal mandates and directives emerge to strengthen cyber security controls.

For example, while multi-factor authentication methods like the Common Access Card (CAC) are mandated for validating user identities, there are limitations in securing accounts that do not support CAC authentication natively. CyberArk helps organizations meet these mandates by enabling CAC card authentication to all systems and applications managed by a privileged account security solution – even applications that cannot directly support public key infrastructure (PKI) or two-factor authentication.

“Being added to the UC APL is a significant accomplishment that accelerates CyberArk’s ability to deliver innovative cyber security solutions to the federal sector. CyberArk is on an exclusive list of DoD-approved solutions that reinforces CyberArk as a trusted solutions provider for their most critical cyber security initiatives,” said Kevin Corbett, director of U.S. Federal Business at CyberArk. “This achievement will assist DoD security decision making by demonstrating the ability to help close security gaps associated with enforcing multi-factor authentication across all system types.”

Corsec Security, a global leader in product hardening through security certifications and validations, was CyberArk’s strategic advisor in the UC APL processes. “By completing STIG and JITC testing, CyberArk surpassed all information assurance and interoperability requirements set forth by the U.S. DoD. Following its Common Criteria certification, the UC APL listing is further evidence of CyberArk’s commitment to product security,” said Darcy Dinga, executive vice president, Corsec.

Further reinforcing the benefits of CyberArk’s innovative cyber security solutions for the federal sector, in addition to achieving Common Criteria certification, the company was recently named a winner in the 2015 GSN Homeland Security Awards in two categories: Best Privileged Access Management Solution and Best Continuous Monitoring and Mitigation System.


Support