Author Archives: AdminDCS

  • 0

Gigamon Introduces the First Scalable SSL Decryption Solution for 100Gb Networks

Category : Gigamon

Reduces Costs and Time-to-Threat Detection via Architectural Approach that Enables Traffic to be Decrypted Once and Sent to Multiple Security Tools for Inspection

Gigamon Inc., the leader in traffic visibility solutions for cybersecurity and monitoring applications, today announced the industry’s first visibility solution to support SSL/TLS decryption for high speed 100Gb and 40Gb networks. Part of the GigaSECURE Security Delivery Platform, the solution empowers companies to decrypt and re-encrypt their data once and inspect it with multiple best-of-breed security tools. This helps to expose hidden threats in SSL/TLS sessions, reduce security tool overload, and extend the value and return-on-investment (ROI) of existing security tools.

With the volume of data flowing through corporate networks having increased significantly in recent years, companies have upgraded to higher speed networks running at 40Gb and 100Gb. Meanwhile, there is a dramatic rise in the volume of data running on these high-speed networks that is encrypted, driven by the increased use of SaaS applications such as Microsoft Office365 and Dropbox. Gartner estimates that, through 2019, more than 80 percent of enterprises’ web traffic will be encryptedi.

“Traditional network security architectures are ineffective at supporting the explosive growth in high speed traffic and, more importantly, at identifying and stopping malware and data exfiltration that use encryption,” said Ananda Rajagopal, vice president of products for Gigamon. “Many security and monitoring tools become overloaded in 100Gb network environments, so it’s clear a new approach is needed. Our new solution enables enterprises to stop the sprawl by redeploying security tools from the edge of their network to the core, where it’s easier to spot lateral attacks and more quickly identify threats.”

Malware leverages SSL/TLS encryption to hide and avoid inspection. A Trustwave 2017 reportii estimates that 36 percent of malware samples analyzed used some form of encryption. In 40Gb and 100Gb networks, decrypting, exposing and identifying hidden threats in encrypted traffic is increasingly more challenging since most security and monitoring tools do not support such speeds. In addition, a tool-by-tool approach is very complex, costly and inefficient. Research from NSS Labsiii indicates a performance degradation of up to 80 percent when security tools decrypt traffic and perform their specific security function.

“By utilizing Check Point’s Infinity architecture, which manages Next-Generation Threat Prevention gateways worldwide, Gigamon provides world-class performance and a resilient security architecture, enabling inline SSL protection for our largest customer deployments,” said Jason Min, head of business and corporate development, Check Point Software. “Our partnership with Gigamon delivers optimal performance and advanced threat prevention which is critical for enterprises in this era of veiled cyber threats.”

“It’s great to see the ‘decrypt once, inspect many times’ architectural approach that Gigamon is taking to inline SSL decryption. It’s an efficient approach that will help our customers and solution provider community take advantage of whichever security solutions best suit their business need,” said Matt Rochford, vice president of the cybersecurity group in Arrow Electronics’ enterprise computing solutions business.

The expansion of the GigaSECURE Security Delivery Platform is a continuation of the Gigamon security strategy which debuted in 2015 and was extended with metadata and public cloud visibility last year. This year the company announced its inline SSL/TLS decryption solution and introduced the Defender Lifecycle Model. When implemented, the Defender Lifecyle Model empowers cybersecurity professionals to use continuous network visibility to control and automate tasks between best-of-breed security tools in the continuum of prevention, detection, prediction and containment. Recently the company announced the extension of its public cloud offerings and new applications for Splunk and Phantom in support of the Defender Lifecycle Model. Gigamon continues to build on its vision with the expansion of its security offerings for both public cloud and on-premises infrastructure.

GigaSECURE, a Security Delivery Platform

This solution includes:

  • GigaVUE® visibility nodes, such as the GigaVUE-HC2 or GigaVUE-HC3.
  • GigaSMART® module corresponding to the selected visibility node.
  • An inline bypass module to provide resiliency in 10, 40 or 100Gb networks.
  • Ability to activate desired security modules including SSL/TLS Decryption, Application Session Filtering, and NetFlow/Metadata Generation.

Resources

  • Blog post: Stop the Sprawl, Security at the Speed of the Network
  • Feature brief: SSL/TLS Decryption
  • Web page: SSL/TLS Decryption

Source: https://www.gigamon.com/company/news-and-events/newsroom/100gb-ssl-decryption.html?utm_content=buffer622e4&utm_medium=social&utm_source=linkedin.com&utm_campaign=buffer


  • 0

The Future of COBOL applications

Category : HP Security

Digital is driving faster change across every aspect of IT and business. But what does this mean for the future of COBOL applications? We asked and you answered.

Join us on Thursday, December 14th to see the Future of COBOL applications as we unveil and discuss highlights from the 2017 COBOL market survey.

Our COBOL experts, Ed Airey and Scot Nielsen, will provide their market insights into the latest trends, technologies and practices influencing change and innovation for COBOL systems.

You’ll also have a chance to pose your questions to our panel of experts. During this webinar, you’ll…

• Understand how COBOL is connected to core business strategy

• Discover how the latest technologies are inspiring COBOL innovation

• View the top priorities for application development and modernization

• Learn how your peers are responding to digital transformation across their COBOL systems

• Start planning your future application roadmap

• Get your free copy of the 2017 COBOL survey results

Register today for a first look at the next generation of COBOL applications and see how your COBOL systems can take full advantage of this new digital opportunity.


  • 0

Preventing Attacks Launched Deep Within the Network

Category : Cyber-Ark

Attacks that exploit Kerberos, a Windows authentication protocol, have been behind some of the biggest breaches in recent history. These attacks are troublesome for many different reasons, including a complete and total loss of control over the domain controller. Threat actors have uncovered a number of different vulnerabilities that exist within the Kerberos protocol, and when successful, they’re able to elevate unprivileged domain accounts to those of the domain administrator account. The intent of the attacker is to leverage Kerberos tickets to appear to be a legitimate, fully authorized user when authenticating to various systems within the network.

These attacks are extremely difficult to detect, and even more difficult to prevent. Other solutions in the market have the ability to detect Kerberos attacks but come with limited functionality, agent-based performance issues, and well documented by-passing techniques calling into question the value and effectiveness of these solutions. CyberArk Privileged Threat Analytics is the only solution able to detect, alert, prevent and remediate a variety of different flavors of Kerberos-style attacks (Golden Ticket, Overpass-the-Hash, DCSync and PAC [MS14-068] attacks).

Attackers will get inside. It’s what they do. Far too many organizations continue to focus on defending solely against perimeter attacks without considering the impact and devastation of an attack launched from deep within the network. Moreover, while vaulting credentials is certainly a best practice, privileged credentials are often not required for the attacker to be successful in this type of an attack so organizations will undoubtedly benefit from the analytics capabilities CyberArk can provide. This type of attack needs to be prioritized and top of mind for every security operations teams.

In this demo, we walk through an example of how CyberArk Privileged Threat Analytics is able to not only detect, but also automatically stop an attack, preventing further damage to a domain controller. This scenario presents a situation where an attacker gains access to a compromised machine and utilizes a post-exploitation tool to move laterally to a domain controller. The attacker then uses a hash stolen from a logged-in user on the compromised machine, performs an Overpass-the-Hash attack, and gains access to the domain controller. Watch the video below to see how CyberArk detects this activity and breaks the attack chain before irreparable damage is done.

Request a live demo to see Privileged Threat Analytics in action or download the Data Sheet for more information.

Source: https://www.cyberark.com/blog/preventing-attacks-launched-deep-within-network/

Author: Corey OConnor


  • 0

Security Rule Zero: A Warning about X-Forwarded-For

Category : F5

Proxies operate on the premise that they exist to forward requests from one system to another. They generally add some value – otherwise they wouldn’t be in the middle – like load balancing (scale), data leak prevention (security), or compression (performance).

The thing is that the request sent by the client is otherwise passed, unmodified, to its target destination.

Here’s where things can get dicey. Today, we see more than half of all apps delivered via a proxy make use of X-Forwarded-For. 56% of real, live apps are using it, which makes it a pretty significant piece of data. X-Forwarded-For is the custom HTTP header that carries along the original IP address of a client so the app at the other end knows what it is. Otherwise it would only see the proxy IP address, and that makes some apps angry.

That’s because a good number of applications rely on knowing the actual IP address of a client to help prevent fraud and enable access. If you’ve logged into your bank, or Gmail, or your Xbox account lately (hey, it’s where Minecraft lives, okay?) from a device other than the one you typically use, you might have gotten a security warning. Because the information about where you log in from is also tracked, in part to detect attempted fraud and misuse.

Your actual IP address is also used to allow or deny access in some systems, and as a means of deducing your physical location. That’s why those e-mail warnings often include “was that you logging in from Bulgaria?”

Some systems also use X-Forwarded-For to enforce access control. WordPress, for example, uses the .htaccess file to whitelist access based on IP addresses. No, it’s not the best solution, but it’s a common one, and you have to at least give them props for trying to provide some app protection against misuse.

Irrespective of whether it’s a good idea or not, if you’re going to use X-Forwarded-For as part of your authentication or authorization scheme, you should probably make a  best effort attempt to ensure it’s actually the real client IP address. It is one of the more commonly used factors in the overall security equation; one that protects the consumer as much as it does corporate interests.

But if you are blindly accepting whatever the client sends you in that header, you might be enabling someone to spoof the value and thereby bypass security mechanisms meant to prevent illegitimate access. I can spoof just about anything I want, after all, by writing a few lines of code or grabbing one of the many Chrome plug-ins that enables me to manipulate HTTP headers with ease.

One of the ways to ensure that you’re getting the actual IP address is to not trust user input. Yes, there’s that Security Rule Zero again. Never trust user input. And we know that HTTP headers are user input, whether they appear to be or not.

If you’ve got a proxy already, great. If not, you should get one. Because that’s how you extract and put the right value in X-Forwarded-For and stop spoofers in their tracks.

Basically, you want your proxy to be able to reach into a request and find the actual, IP address that’s hidden in its IP packet. Some proxies can do that with configuration or policies, others require some programmatic magic. However you get it, that’s the value you put into the X-Forwarded-For HTTP header, and proceed as normal. Doing so ensures that the apps or downstream services have accurate information on which to make their decisions, including those regarding access and authorization.

For most architectures and situations, this will mitigate the possibility of a spoofed X-Forwarded-For being used to gain unauthorized access. As always, the more pieces of information you have to form an accurate understanding of the client – and its legitimacy – the better your security. Combining IP address (in the X-Forwarded-For) with device type, user-agents, and other tidbits automatically carried along in HTTP and network protocols provides a more robust context in which to make an informed decision.

Stay safe!

Resources for handling X-Forwarded-For:

Source: https://f5.com/about-us/blog/articles/security-rule-zero-a-warning-about-x-forwarded-for-28596?sf175780091=1

Author: LORI MACVITTIE


  • 0

Security Predictions 2018

Category : FireEye

Cyber crime is a business that threat actors take very seriously. Cyber security is its opposing force. To be effective in the battle against cyber attacks, trusted security partners such as FireEye must hold their secrets close.

But to equip the world-at-large against an ever-expanding and continually diversifying collection of threats, some information must be shared freely.

The Security Predictions for 2018 paper offers unique insights into what we can expect from attackers, victim organizations, security vendors and nation-states in the coming year.

  • Who is likely to instigate cyber attacks, and who are their targets
  • What cyber attack techniques are likely to be most popular, and under what conditions
  • Which nation-states are likely to engage in cyber warfare and cyber crime, and their reasons for doing so
  • What options are available to deal with cyber attacks, and which activities will be most effective

Take notes. Take guidance. Take the edge away from the criminals working against you in the coming year.

Download the paper today.


  • 0

Forcepoint GDPR Resource Pack

Category : Forcepoint

The Forcepoint GDPR Resource Pack will help your organization prepare for compliance with the new regulation.

The pack is divided into 3 sections; An Introduction to GDPR, Considerations to Meet Compliance and How Forcepoint Can Help. Highlights include:

  • Whitepapers and webcasts that discuss the key requirements for GDPR to assist you in developing your organizational and technological strategy
  • An explanation and evaluation of the key articles of GDPR by experts from Hunton & Williams
  • Forcepoint Product Mapping Guides that demonstrate how our solutions align to the 5 key steps to prepare for GDPR: Identify, Protect, Detect, Respond & Recover

Access the GDPR Resource Pack


  • 0

Cities Exposed in Shodan

Category : Trend Micro

Western European, UK, French, German, and US cities exposed. Are your connected devices searchable on the internet? Find out what you are risking.

Shodan Reveals Exposed Cyber Assets

Using Shodan data, the Trend Micro Forward-looking Threat Research (FTR) team assessed which types of cyber assets found in cities across the globe are the most exposed. When a cyber asset like a webcam or a printer is searchable, threat actors can look for means to compromise the device or find out whether the device itself or its software version is known to be vulnerable. Affected parties can use the results of our research to justify investments such as the implementation of the necessary security measures that will better protect their data and assets from future compromise.

What is Shodan?

Shodan is an online search engine that catalogs cyber assets or internet-connected devices. Shodan finds and lists devices and systems such as webcams, baby monitors, medical equipment, industrial control system (ICS) devices, home appliances, and databases, among others. Shodan collates and makes searchable both device metadata and banner information that internet-connected devices and systems are freely sharing over the public internet—and with anyone who queries them.

What are exposed cyber assets?

We define “exposed cyber assets” as internet-connected devices and systems that are discoverable on Shodan or similar search engines, and can be accessed via the public internet. When a certain device or protocol is exposed, it does not necessarily mean that the cyber asset is automatically vulnerable or compromised.

However, since an exposed device is searchable and visible to the public, attackers can take advantage of the available information on Shodan in order to mount an attack. For instance, an attacker may check if the associated software of a device is vulnerable, or if the admin console’s password is easy to crack.

Cities Exposed Worldwide

We have looked at different developed countries in the world to see whether exposure levels differ across countries and in what ways. We have been able to analyze the exposed cyber assets in the United States, Western Europe as a region, the United Kingdom, France, and Germany.

Western European Cities Exposed

We presented data on exposed cyber assets in the top 10 most populous cities in Western Europe—London, Berlin, Athens, Madrid, Rome, Paris, Stockholm, Oslo, Amsterdam and Lisbon. London and Berlin had more than 2.5 million exposed systems while Amsterdam and Madrid had numbers in the region of a million.

US Cities Exposed

We presented data on exposed cyber assets in the top 10 largest U.S. cities by population—New York City, Los Angeles, Chicago, Houston, Philadelphia, Phoenix, San Antonio, San Diego, Dallas, and San Jose. Los Angeles, Houston, Chicago, and Dallas each had more than 2 million exposed cyber assets that make them vulnerable to exploitation and compromise.

For each research project, we answered the following questions:

  • Which capital or city has the most number of exposed cyber assets?
  • What are the most common connections, operating systems, and exposed and vulnerable products/software and device types in this country/region?

Then for each capital or city, we drilled down to analyze:

  • Different exposed device types such as webcams, network-attached storage (NAS) devices, routers, printers, Voice over IP (VoIP) phones, and media recording devices
  • Different exposed web services like email databases and other database types like MySQL, PostgreSQL, CouchDB, and MongoDB
  • Different exposed services like NTP, UPnP, SNMP, SSH, RDP, Telnet, and FTP

Lastly, we also went into detail about what home office owners and enterprise network defenders can do to safeguard their networks from attacks that different threat actors can launch.

Source: https://www.trendmicro.com/vinfo/us/security/news/internet-of-things/cities-exposed-in-shodan?utm_source=trendlabs-social&utm_medium=smk&utm_campaign=11-2017-cities-exposed

 


  • 0

Forrester’s 2018 Cyber Security Threat Predictions

Category : Check Point

Bigger Cyber Threats and Higher Risk

Webinar: Thursday, December 14 at 8:30 AM PT | 11:30 AM ET | 5:30 PM CET

2018 is around the corner, are you ready for the cyber security threats that come with it? The current threat forecast looks grim for consumers and businesses. Check Point is hosting a webinar featuring guest Forrester to bring you the Cyber Security Threat Predictions for 2018. Hosted by: Check Point Head of Threat Prevention Product Marketing, Tal Eisner, and featuring guest speaker, Forrester Senior Analyst Josh Zelonis.

Watch this webinar to learn about:

  • The financial motivation of IoT attacks
  • Extortion becoming the new normal is cybercrimes
  • Ransomware exposing lack of cybersecurity
  • Cybercriminals using ransomware to shut down point of sale systems (POS)
  • Cybercriminals sabotaging the US 2018 mid-term elections
  • How Check Point SandBlast prevents cyberattacks

Source: http://pages.checkpoint.com/webinar-cybersecurity-threat-predictions-forrester.html?utm_source=linked-unpaid&utm_medium=social%20media&utm_campaign=PM_WB_17Q4_WW_Forrester%202018%20Cybersecurity%20Threat%20Predictions


  • 0

You already own the most powerful security tool. Are you really using it? Really?

Category : Cisco

See and stop threats using your existing network.

If you live in the United States, there’s a 44% chance your most valuable personal data were recently compromised[1]. The silver lining, if there is one, is that this breach compelled many to start actively monitoring their credit report for signs of suspicious activity. It often takes a mega breach – such as that of a major credit reporting agency – to incite action. This is despite the fact that identity theft was already a $15 billion problem and the likelihood of being victimized was significant even before the new breach. One of the reasons identity theft can be so damaging is that most people don’t have the appropriate precautions in place, and by the time they realize they’ve been owned, it’s too late.

A similar dynamic exists with organizations. The likelihood of a network compromise has never been higher. It’s not a matter of “if” you’ll be breached, but rather “when”.  And in the event of a breach, companies often have open networks, making it easier for threats to move laterally throughout the network. Or there’s simply no mechanism to see malicious activity after it breaks through the perimeter. This all means free reign for threats to reach and exploit your critical data, unimpeded. This is a key reason why the industry average time-to-detection and containment are 191 and 70 days, respectively. And these time-to-detection lag times make expensive breaches even costlier at an average of $3.62 million in 2017.[2]

Since the invention of the network, security has been a prime concern. Ironically, the recent trend is to manage networking and security separately, and call it network security. This approach has led to fragmented defense postures, which are challenging to implement and too easy for hackers to circumvent. The two shouldn’t be mutually exclusive.

Cisco has long believed enhancing the network itself is the most effective and practical way to safeguard your data. And despite the fact that both networking and security have dramatically evolved, it’s now more important than ever to streamline your network defenses with built-in security solutions. We’re pleased to announce the official launch our Network Visibility and Enforcement solution, which features Cisco Stealthwatch, the Identity Services Engine (ISE) and TrustSec. Only Cisco is positioned to offer the most effective way to achieve the following key outcomes that will minimize the impact of a breach:

  • Prepare as though you will be breached
  • Detect threats sooner
  • Achieve rapid threat containment

Prepare as though you will be breached

When the day comes (and likely, it already has) that a threat presents itself in your network, you want to make sure that any damage is limited to the specific part of the network where the breach occurred, and nowhere else. This is why a segmented network is so critical. But not all approaches to segmentation are created equal. More on that in a minute. Cisco Identity Services Engine (ISE) in conjunction with Cisco TrustSec provides role-based segmentation for simplified access control that scales with your business. And Cisco Stealthwatch provides the assurance necessary for effective segmentation monitoring.

Detect Threats Sooner

Do you know if you’ve been breached? How do you know? Whether it’s an insider threat or malware, there’s indicators of compromise that are manifested in your network traffic. You just need the visibility and detection capabilities to discover these bad actors. Cisco Stealthwatch lights up the dark corners of your network by gathering network telemetry, using multi-layer machine-learning to analyze and detect malicious activity. Integration with ISE makes it possible for Stealthwatch to ingest user and device details for more actionable reporting. This includes our new Cisco Encrypted Traffic Analytics solution that leverages Stealthwatch to provide visibility and security analytics to encrypted traffic. So even when the inevitable a breach occurs, you’ll know it – faster.

Rapid Threat Containment

When Stealthwatch raises a security event, you have the power to respond…. at the click of a button. Within the Stealthwatch management console, ISE is alerted to immediately quarantine any compromised devices and the impact of the attack is contained. This is where software-defined segmentation plays such a critical role. TrustSec the agility to automatically remove a given device from the network is very challenging to execute at scale with access control lists (ACLs). Central policy management is maintained in ISE, which leverages TrustSec software-defined segmentation technology to dynamically enforce across the network without all the manual configuration.

Customers are already enjoying the benefits of Network Visibility and Enforcement. Read more about how Sentara Healthcare has dramatically improved their security posture.

Digital transformation is demanding change at an unprecedented pace and putting extraordinary pressure on the network. This network complexity is increasing the attack surface, impeding visibility and making organizations more vulnerable to attacks. Network Visibility and Enforcement is a strategy to proactively safeguard your data from the inevitable breach. The inability to anticipate every breach and minimize its impact is too costly to ignore. You should start developing these capabilities today!

Learn how you can see and stop threats using the power of your network. Find out more about Cisco Network Visibility and Enforcement at cisco.com/go/nve.

[1] AP News

[2] Ponemon Institute

Source: https://blogs.cisco.com/security/you-already-own-the-most-powerful-security-tool-are-you-really-using-it-really?CAMPAIGN=Security&Country_Site=us&POSITION=Social+Media&REFERRING_SITE=LinkedIn&CREATIVE=Cisco%20Security

Author: Dan Stotts


  • 0

Unify endpoint management under a single console

Category : Citrix

Is your endpoint management strategy ready for the digital workspace?

Traditional Client Management Tools (CMT) are no longer sufficient to manage the increasing diversity of platforms and devices, BYOD, and Windows 10 updates. Unified Endpoint Management (UEM) allows organizations to deploy a single set of enterprise management and security policies across all endpoints.

Download the kit to learn:

  • When it’s time to begin evaluating a UEM solution
  • How UEM can help simplify workspace administration
  • How your organization can benefit from delivering UEM via Citrix Workspace

 


Support