Monthly Archives: August 2016

  • 0

Top Things to Learn About Improving Database Performance

Category : NetApp

Are you tired of the endless string of database and software upgrades that you’re constantly faced with?

Learn to:

  • Evaluate flash storage options and the considerations for each
  • Improve database performance and response times
  • Recognize database challenges in the cloud

Download now


  • 0

7 Database Security Best Practices

Category : Imperva

Database security has never been more important, given the high value hackers place on data. These database security best practices will help protect your data.

Databases – by definition – contain data, and data such as credit card information is valuable to criminals. That means databases are an attractive target to hackers, and it’s why database security is vitally important.

Here are seven useful database security best practices that can help keep your databases safe from attackers.

Ensure Physical Database Security

In the traditional sense this means keeping your database server in a secure, locked environment with access controls in place to keep unauthorized people out. But it also means keeping the database on a separate physical machine, removed from the machines running application or web servers.

A web server is more likely to be attacked since it is located in a DMZ and therefore publicly accessible. And if a web server is compromised and the database server runs on the same machine, the attacker would have access as a root user to your database and data.

Use Web Application and Database Firewalls

Your database server should be protected from database security threats by a firewall, which denies access to traffic by default. The only traffic allowed through should come from specific application or web servers that need to access the data. The firewall should also protect your database from initiating outbound connections unless there is a specific need to do so.

In addition to protecting the database with a firewall, you should also deploy a web application firewall. That’s because attacks such as SQL injection attacks directed at a web application can be used to exfiltrate or delete data from the database. A database firewall won’t necessarily prevent this from happening if the SQL injection attack comes from an application which is an allowed source of traffic, but a web application firewall may.

Harden Your Database to Fullest Extent Possible

Clearly it’s important to ensure that the database you are using is still supported by the vendor or open source project responsible for it, and that you are running the most up-to-date version of the database software with all database security patches installed to remove known vulnerabilities.

But that’s not sufficient. It’s also important to uninstall or disable any features or services that you don’t need to use, and ensure that you change the passwords of any default accounts from their default values – or better still, delete any default accounts that you don’t need.

Finally, ensure that all database security controls provided by the database are enabled (most are enabled by default) unless there is a specific reason for any to be disabled.

Once you have done all this, you should audit the hardened configuration — using an automated change auditing tool if necessary — to ensure that you are immediately aware if a change to the hardened configuration is made that compromises your database security.

Encrypt Your Data

It is standard procedure in many organizations to encrypt stored data, but it’s important to ensure that backup data is also encrypted and stored separately from the decryption keys. (Not, for example, stored in encrypted form but alongside the keys in plaintext.) As well as encrypting data at rest, it’s also important to ensure confidential data is encrypted in motion over your network to protect against database security threats.

Minimize Value of Your Database

Attackers can only get their hands on what is stored in a database, so ensure that you are not storing any confidential information that doesn’t need to be there. Actively manage the data so you can delete any information that you don’t need from the database. Data that must be retained for compliance or other purposes can be moved to more secure storage – perhaps offline — which is less susceptible to database security threats.

In a similar vein, ensure you delete any history files (such as the MySQL history file ~/.mysql_history) that are written by a server during the original install procedure. While these files are useful to analyze if the install fails, if installation is successful they have no value to you but can contain information which is valuable to attackers.

Manage Database Access Tightly

You should aim for the least number of people possible to have access to the database. Administrators should have only the bare minimum privileges they need to do their job, and only during periods while they need access. For smaller organizations this may not be practical, but at the very least permissions should be managed using groups or roles rather than granted directly.

If yours is a larger organization, you should consider automating access management using access management software. This can provide authorized users with a temporary password with the privileges they require each time they need to access a database. It also logs the activities carried out during that period and prevents administrators from sharing passwords. While admins may find sharing passwords convenient, doing so makes proper database security and accountability almost impossible.

On top of this, it is wise to ensure standard account security procedures are followed:

  • Strong passwords should be enforced
  • Password hashes should be stored encrypted and salted
  • Accounts should be locked after three or four login attempts
  • A procedure should be put in place to ensure that accounts are deactivated when staff leave or move to different roles

Audit and Monitor Database Activity

This includes monitoring logins (and attempted logins) to the operating system and database and reviewing logs regularly to detect anomalous activity.

Effective monitoring should allow you to spot when an account has been compromised, when an employee is carrying out suspicious activities or when your database is under attack. It should also help you determine if users are sharing accounts, and alert you if accounts are created without your permission (for example, by a hacker).

Database activity monitoring (DAM) software can help with this by providing monitoring which is independent of native database logging and audit functions; it can also help monitor administrator activity.


  • 0

CyberArk & ForeScout Technologies

Category : Cyber-Ark

Pedro Abreu, Sr. Vice President, Chief Strategy Officer of ForeScout Technologies, explains the value of integrating ForeScout CounterACT™ with CyberArk Application Identity Manager™. Abreu highlights the advantages of leveraging credentials from a secured enterprise password vault including the ability to accelerate deployment cycles. ForeScout Technologies is a member of the C³ Alliance, CyberArk’s Global Technology Partner Program.


  • 0

OMB’s Updated Information Management Guidance Focuses on Cybersecurity

Category : HP Security

Each day, federal agencies are filtering through unprecedented quantities of data–of varying sensitivity–to meet missions. As our government continues to optimize use of the best technological resources available, it is critical that policy supports this adaptation and growth.

On July 27, 2016, the Office of Management and Budget (OMB) released an updated version of Circular A-130 – the federal government’s guiding policy for managing and maintaining federal IT resources.

Initiated in 1985 and last updated in 2000, the new A-130 emphasizes cybersecurity, information governance, privacy, records management, open data and acquisitions, while also addressing new legislation like the Federal IT Acquisition Reform Act (FITARA) and the Digital Accountability and Transparency Act (DATA Act). The revisions also aim to fill the significant gaps that have formed in the document as technology systems and security needs have drastically evolved in the last 16 years.

The updates are divided into three main focus areas:

  1. Real-time knowledge of the environment – Shifting the tech-maintenance zeitgeist away from routine checkups and toward constant monitoring is critical in adapting to more modern, sophisticated hacking threats. Through the implementation of real-time analytics, federal agencies can constantly be aware of the state of sensitive data.
  2. Proactive risk management – The unprecedented growth of data volume in the early 2000s requires new methods of storing, transferring and managing information. The updated policy aims to help modernize the way government identifies, categorizes and handles risk to assist innovation of the government’s legacy IT.
  3. Shared responsibility – Because of increasing interconnectivity of information, the new A-130 ensures that managers, employees and citizens interacting with government data are held accountable for assuring privacy and security standards are upheld.

“As government continues to digitize, we must ensure we manage data to not only keep it secure, but also allow us to harness this information to provide the best possible service to our citizens,” said U.S. Chief Information Officer Tony Scott and colleagues in the official White House blog announcement.

We couldn’t agree more. It is critically important for federal agencies to stay ahead of the curve when it comes to analyzing and protecting data. When agencies implement cutting-edge security and data management technology, our government will have the upper hand in the ever-evolving cybersecurity threat landscape.


  • 0

FireEye Email Threat Prevention (ETP) + Splunk

Category : FireEye

Every organization wants that single pane of glass that provides complete visibility using one set of credentials; however, achieving this can be a challenge even when all of the appliances are on premise. Now consider the difficulty when some of the security services are hosted in the cloud. Fortunately, it is only challenging and not impossible – the latest release of the FireEye App for Splunk Enterprise now supports ingestion of FireEye’s cloud-based Email Threat Prevention (ETP) event notification.

Setup

There are many approaches depending on architecture, and the following (Figure 1) is just one possibility:

  1. Setup a forwarder in the DMZ and whitelist the ETP Cloud IP destined to TCP port 6514
  2. Generate the required SSL certificates for Splunk (Figure 2)
  3. Configure the listener via inputs.conf (Figure 3)
  4. Contact ETP customer support to forward alert notifications

Figure 1: A FireEye ETP and Splunk setup

mkdir /opt/splunk/etc/certs
export OPENSSL_CONF=/opt/splunk/openssl/openssl.cnf
/opt/splunk/bin/genRootCA.sh -d /opt/splunk/etc/certs

/opt/splunk/bin/genSignedServerCert.sh -d /opt/splunk/etc/certs -n splunk -c splunk -p

Figure 2: Generating SSL certificates

[tcp-ssl://6514]
Sourcetype = fe_etp

[SSL]
rootCA = $SPLUNK_HOME/etc/certs/cacert.pem
serverCERT = $SPLUNK_HOME/etc/certs/splunk.pem
password = <The password that was used in the genSignedServerCert>

Figure 3: Create the listener using inputs.conf

Results

This effort provides a single pane of glass by consuming data from on premise and cloud based protection. Alert notifications appear in the main analytics screen, as shown in Figure 4.

Figure 4:  Analytics heads up display with ETP

Additional information can be gleaned from the ETP analytics screen, as shown in Figure 5.

Figure 5:  ETP Analytics screen

More detailed information is displayed in the ETP analysis screen shown in Figure 6.

Figure 6:  ETP Analysis Screen

Lastly, similar to other FireEye appliance data, we enable responders to pivot from the UrlHash field shown in Figure 6 to obtain a second opinion using a third party reputation databases. This quick pivoting helps shorten the time required to confirm maliciousness and complete an investigation.

Conclusion

FireEye continues to innovate and integrate with partner solutions to bring convenience to our customers. We hope you enjoy our latest efforts and gain additional insight from the dashboards. Feel free to send feedback within the Splunk app by using Help à Send Feedback. We leave you with these helpful links:


  • 0

Securing the Promise of SDDC Micro-segmentation with Automated Traffic Visibility

Category : Gigamon

It is VMworld time again! Which means the world will be focused on all things virtualization, agile software-defined data center (SDDC), private cloud, hyper-converged infrastructure etc.

But, we at Gigamon have always had a singular focus on visibility – the type of pervasive visibility that uncovers blind spots to help detect threats in the infrastructure. How does this world of Visibility extend into some of the topics that will be discussed and show cased at VMworld, specifically around server and network virtualization and agile SDDC? Why should your organization care for this overlap?

We had previously written about the promise of Micro-Segmentation that VMware NSX brings to the data center. The formidable reach of our Unified Visibility Fabric™, which underpins our Security Delivery Platform, becomes even more compelling when a SecOps or NetOps team can now automate the traffic visibility for out-of-band inspection services like Intrusion Detection, Forensics or Security Analytics for these micro-segments that grow dynamically as applications scale out.

At VMworld, we are pleased to announce that this solution, which was jointly developed with VMware and enabled by GigaVUE-VM using NSX and NetX integration, is now Generally Available and certified under the “VMware Ready Networking and Security” program.

Let us dig a little bit into how this solution really works and what use cases this specifically addresses.

SDDC1

  • Insert a “Traffic Visibility Service” using GigaSECURE’s Virtual Visibility component, GigaVUE-VM
  • Define security or traffic policies that select, filter and forward the tenant’s virtual traffic to security and monitoring tools for analysis.

This service and the traffic policies can be auto-updated as new tenants come on board or existing tenant’s security groups scale dynamically.

But, what is the specific use case and why now? VMware NSX now has 1700+ customers and is doubling in year-over-year growth (based on Q2 2016 results). As customers migrate their legacy DCs to the new agile SDDC and private clouds powered by NSX, this solution helps remove blind spots by providing visibility, inspection and security services into the micro-segment’s virtual traffic as shown below.

SDDC2

To see this solution in action or find out more, please visit our booth (#727) at VMworld, or join us at the following speaking sessions:

– See more at: https://www.gigamon.com/blog/2016/08/29/securing-promise-sddc-micro-segmentation-automated-traffic-visibility/#sthash.Z14aloDU.dpuf


  • 0

Managing Insider Threats Is a Key Component to Cyber Security

Category : Forcepoint

Most directors recognize the growing importance of cyber security, but not enough boards take the right steps to ensure an effective risk management process is in place, particularly when it applies to insider threats.

Insider threats may be overlooked, but they are critical.

These threats can take the form of a malicious employee downloading sensitive intellectual property, an unhappy employee destroying data before quitting, or simply a rule bender who intentionally bypasses a defensive system or policy they find inconvenient, such as by e-mailing sensitive documents home to work on over the weekend.

Thomas Kennedy, Chairman and CEO of Raytheon, gives his view of the insider threat, how managing this is a key component of an organisation’s cyber security, and how the Board and management need to address the issue.

Download


  • 0

McAfee Positioned in Leaders Quadrant of the Magic Quadrant for SIEM

Category : McAfee

Broad adoption of SIEM technology is being driven by the need to detect threats and breaches, as well as by compliance needs. Early breach discovery requires effective user activity, data access and application activity monitoring. Vendors are improving threat intelligence and security analytics.

Read this report to learn how Gartner’s Magic Quadrant for SIEM can help you evaluate the market, technology and service providers, and why McAfee Enterprise Security Manager (ESM) is positioned in the SIEM Leaders Quadrant.

[Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.]


  • 0

The Evolution of a Complete Enterprise Platform

Category : Mobile Iron

iOS 10 Blog

iOS 10 showcases Apple’s commitment to improving every aspect of the device and app experience for enterprise customers. Beyond just the feature updates, Apple has continued to expand its partner ecosystem so customers can access a broader pool of industry-leading apps and quickly deploy them on any iOS device. Apple has also added more usability features that creates a seamless experience between all types of Apple devices – from iOS to macOS, watchOS and TVOS.

 

Apple’s recent integration with Cisco is a great example of how Apple’s partnerships help enterprises change the way they do business by making mobile management faster, smarter, and easier for developers, IT admins, and end users. iOS has rapidly evolved into a full-featured, mature computing platform for the enterprise. As a result, Apple is shifting its efforts towards strengthening its broad partner ecosystem to help customers seamlessly deploy leading apps and services across their entire iOS fleet. With iOS 10, Apple is aligning with market-leading partners to deliver a broad range of fully vetted and integrated apps so customers can focus more on meeting business needs and less on backend management.

With its commitment to Mobility Partner Program (MPP), which includes fully integrated apps from many leading vendors including MobileIron, Apple has made it easy for enterprise customers to simply choose the app they want without having to go through the trouble of seeing if that app meets their business requirements. All that work is done upfront, so the customers can focus on their business workflows. Apple has also continued to emphasize the AppConfig Community, which provides tools and best practices for mobile app developers to make it easier to develop, configure, and secure mobile apps for the enterprise.

Enhanced Interoperability Across Devices

iOS 10 enables Apple devices to work together more seamlessly than ever before. New features allow users to easily download apps and share data across all of their devices, which may include iPhone, iPad, Apple Watch, Mac laptops, and more. Key features include:

Universal Clipboard: iOS 10 extends Continuity by making it easier to move content back and forth between Mac and iOS devices without the need for AirDrop or other solutions. The process is virtually seamless. For instance, if a user copies text, photos, or videos onto a device clipboard, that content is automatically uploaded to iCloud so it can be pasted onto another device. To avoid unintended data loss, MobileIron supports stricter copy/paste controls for existing customers that need additional protection.

Auto Unlock: macOS Sierra includes the Auto Unlock feature that allows a user to securely and automatically unlock a Mac computer with Apple Watch without having to type in a password. Once the user unlocks the device with Apple Watch, it needs to stay in contact with the user’s skin to stay unlocked — if the user takes it off, it locks back down. This can help improve the user experience for users.

New Developer Features

Apple has also added new features that will help developers create more integration with the platform. Highlights include:

CallKit API with Cisco Spark: The developer toolkit for iOS 10 will include CallKit, a framework that lets VoIP app developers build apps that allow iOS devices to take calls from communication apps such as Cisco Spark. For example, an incoming Spark call will ring on the iPhone lock screen just like a cellular call. The user can also select a contact in the address book or ask Siri to call the contact over Spark.

App Transport Security (ATS) requirement: At WWDC, Apple announced that by Jan. 1, 2017, all apps submitted to the App Store must include ATS to ensure web connections are encrypted and less vulnerable to hijacking. This will significantly improve the security of apps over the network.

Integration with Messages app: Messages now has its own Messages App Store, so developers can create apps to be used in iMessages. These apps add a broad range of capabilities that includes everything from sending stickers and GIFs to paying bills and making group dinner reservations.


  • 0

From The Office Of The CSO

Category : Forcepoint

“It’s Never Happened Before” is a Terrible Excuse for Ignoring Cybersecurity

When you buy auto insurance, do you think about the possibility of a future crash? When you buy homeowners insurance, do you think about the potential for a house fire or flood? You probably don’t spend much time contemplating crashes or fires. Of course you know there is a chance these things may happen, even though it’s likely a small one. Why buy insurance otherwise?  However, the consequence of either of any of these happening can be significant. Rebuilding a house, buying new clothes, electronics and appliances, is very expensive. Buying insurance is rational, and in some instances, it’s even required. The bottom line: if something has a high chance of occurring resulting in a costly impact, it correctly gets first priority. However, even if something has a lower chance of occurring (i.e., a breach) it should get similar attention when the impact is equally detrimental.

Recently I read an announcement from a medical provider about a data breach they’d suffered, and one sentence particularly stood out:

“In the ten years of having electronic medical records this [a data breach] had never happened.”

They then spoke about the numerous steps they are now taking in the wake of this breach to enhance their cybersecurity, including the purchase of cybersecurity equipment. Prior to the breach the assumption appeared to be that because they hadn’t yet experienced a breach they were either 1) doing the right thing or 2) were not a target (and therefore would continue not to be).

Clearly neither of these assumptions proved correct since following the breach they realized they needed to take multiple actions. Perhaps they only thought of big companies or government agencies as targets and that they were too small or unimportant to be singled out. Let me state unequivocally: If you connect anything (PC, TV set, car, thermostat, baby monitor, toaster, mobile phone, etc.) to the Internet, you are a target. Every company, no matter the size or the industry, is a potential to be a target to the right criminal.

Just like auto or homeowner’s insurance, don’t assume cybersecurity is unnecessary because you haven’t yet had to rely on it.  Cybersecurity is a continual. Don’t wait for a breach to happen to find that out.


Support