Category Archives: Forcepoint

  • 0

Security in the Golden Age of Cybercrime

Category : Forcepoint

An Exploration of Network Security in the Federal Government – Conducted by the Government Business Council (GBC)

The federal government faces a critical cybersecurity moment: as the American public’s confidence in agencies’ digital defenses wanes, the threats it must mitigate are growing.

Ransomware, state-sponsored attacks, and insider threats remain pervasive, and the sensitive information held by our nation’s public entities is a favorite target for cybercriminals. Still, this challenge presents an opportunity for federal organizations ― by implementing next-generation tools, IT managers can enhance network security and navigate the cyber minefield.

Download this GBC Top 5 Issue Brief to learn about:

  • Evolving threats and vulnerabilities aimed at federal government
  • The tools organizations use to defend themselves from cyber threats
  • Strategies agencies can leverage to optimize network security

  • 0

DMARC Email Authentication: What Federal Agencies Need to Know

Category : Forcepoint

Domain-based Message Authentication, Reporting and Conformance (DMARC) is an email authentication policy and reporting protocol designed to detect and prevent email phishing and spoofing.

What is DMARC, who does it affect, why is it important and when are the key deadlines? Read our infographic to find out more.

Organizations using DMARC can specify what happens to unauthenticated inbound messages: they can be monitored but still delivered to the recipient’s inbox (ALLOW); moved to the spam or junk folder (QUARANTINE); or their delivery can be blocked completely (REJECT).

At minimum, U.S. Government agencies must implement a DMARC policy that is set to “allow” by January 16th, 2018; at least one address must be configured to receive aggregate and/or failure reports by this date. The DMARC policy must be set to “reject” all unauthenticated inbound emails by October 15th, 2018.

In the same timeframe, DHS is requiring all second-level agency domains to have valid DomainKeys Identified Mail (DKIMrecords, which enables validation of a domain name identity through cryptographic authentication.

Manage DMARC Requirements with Forcepoint Email Security

Forcepoint Email Security enables quick and seamless DMARC compliance right out of the box. Users gain the ability to check all inbound email for DMARC validation and easily set policies to “allow,” “quarantine” or “reject.” Forcepoint Email Security also manages all DKIM signing for outbound email messages, to achieve full compliance with DMARC standards.

Scalable for agencies of any size, Forcepoint Email Security offers cloud, on-premises and hybrid deployment options, and is now available on the FedRAMP marketplace.

Source: https://www.forcepoint.com/dmarc-email-authentication-what-federal-agencies-need-know?utm_source=LinkedIn&utm_medium=Organic__Social_&utm_content=DMARC-Landing-Page&utm_campaign=FED%3A_Website_Demo_Request_DMARC_Q4_2017&sf_src_cmpid=70137000000NIh3&Agency=none&Region=GOVT&adbsc=social_20180111_75241057&adbid=6357234566004121600&adbpl=li&adbpr=7584467

 


  • 0

This Year’s Big Cyber Target Could Be the Factory Floor

Category : Forcepoint

We’ve all witnessed the steady stream of high-profile cyber breaches in the past few years, from the attack on federal personnel records in 2015 to Equifax in 2017. Yet despite the theft of hundreds of millions of personal data points and the billions of dollars spent repairing the damage, there is one major economic sector that remains dangerously open to cyber-attack: Manufacturing.

American manufacturing is at risk of becoming the big cyber-hack headline in 2018, as companies balance the drive to automate with the need to keep factory floors cyber-secure. Sales of automated manufacturing equipment, from robotic arms on assembly lines to computer systems that manage supply chain logistics, grew 40 percent between 2012 and 2016, according to data from the Robotic Industries Association. Those automated systems are increasingly connected to the global Internet of Things. That leaves them vulnerable to attack.

When computer systems were introduced to factory floors a generation ago, the networks were typically walled off from business operations. But the new generation of automated and smart systems is designed to closely integrate with the business side. As a result, older firewalls are being torn down, opening new, potential online attack vectors.

In October, I compared cyber risks to an iceberg. It’s easy to navigate around the threats we can see. It’s those jagged edges below the water line that are the real dangers.

Every connected system or piece of machinery is a target for outside bad actors – nation-states, hacktivists or organized crime rings, for example – as well as from the insider threat – careless employees, employees with a grudge or third-party contractors with access to critical systems. So it’s not if you’ll be hacked, it’s when.

It’s important that manufacturers fully understand the cyber risks associated with connected systems, including production shutdowns; manufacturing defects; damage to machines or systems; employee injury; loss of intellectual property; or reputational harm.

Staying ahead of the cybersecurity threat is a business imperative that requires the full attention of managers and C-suite level executives, all the way up to the board of directors. That’s our approach at Raytheon in our manufacturing and all areas of operations.

Here are a few areas management and boards should take a long hard look at in the new year:

  • Architecture: Ideally, the factory network needs to be logically segregated from the rest of the business. But when there have to be connections, it’s critical to lower defenses as little as possible, as well as establish access controls. Not every employee needs to be able to access every system.
  • People: Your people are the best line of defense against cyber threats. A good IT team can oversee network-enabled factory assets. The factory team can be trained to change default passwords, turn off unneeded services and identify the underlying software so vulnerabilities and patches can be tracked.
  • Suppliers: As businesses toughen their defenses, hackers are increasingly looking down the supply chain to identify weaknesses. Supplier assets shouldn’t be added to your network without first conducting a vulnerability assessment. Also, monitor what data is being sent back to the vendor and how it’s being transmitted.
  • Process: Above all, ensure someone is in charge of and focused on the security of your factory floors. Your CISO should be working collaboratively with your operations manager as equipment is moved in and out.

No industry, from global tech leaders to small family-owned businesses, is immune from the growing cyber threat. But proactive steps can be taken to identify potential vulnerabilities and cyber-secure your systems before your business becomes a headline in 2018.

 Source: https://www.linkedin.com/pulse/years-big-cyber-target-could-factory-floor-tom-kennedy/?trackingId=SyOhxYLVcTBHumRkdfDzWg%3D%3D
Author: Tom Kennedy

  • 0

Critical Capabilities for Enterprise Data Loss Prevention 2017

Category : Forcepoint

Forcepoint Received Highest Product Score For Regulatory Compliance Use Case in Gartner’s Critical Capabilities Report

According to Gartner: “Security and risk management leaders deploy enterprise DLP for three major use cases: regulatory compliance, intellectual property protection and visibility into how users handle sensitive data. This research evaluates DLP products for the three use cases, derived from nine critical capabilities.” *

Forcepoint took a top three spot in each of these categories:

  • Regulatory Compliance (4.08 out of 5)
  • Data Visibility and Monitoring (4.07 out of 5)
  • Intellectual Property Protection (4.06 out of 5)

Read the report for insight into Gartner’s evaluation of Forcepoint DLP.

This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Forcepoint.

*Gartner, “Critical Capabilities for Enterprise Data Loss Prevention”, by Brian Reed and Deborah Kish, 10 April 2017

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally, and is used herein with permission. All rights reserved.


  • 0

Forcepoint GDPR Resource Pack

Category : Forcepoint

The Forcepoint GDPR Resource Pack will help your organization prepare for compliance with the new regulation.

The pack is divided into 3 sections; An Introduction to GDPR, Considerations to Meet Compliance and How Forcepoint Can Help. Highlights include:

  • Whitepapers and webcasts that discuss the key requirements for GDPR to assist you in developing your organizational and technological strategy
  • An explanation and evaluation of the key articles of GDPR by experts from Hunton & Williams
  • Forcepoint Product Mapping Guides that demonstrate how our solutions align to the 5 key steps to prepare for GDPR: Identify, Protect, Detect, Respond & Recover

Access the GDPR Resource Pack


  • 0

Top Network Security Products Revealed in Latest Tests

Category : Forcepoint

  • Tuesday, December 5th, 2017 at 3:30 PM EST (20:30:00 UTC)
  • Thomas Skybakmoen

An industry leader in third-party assessments of NGFWs, NSS Labs recently released the results of their Next Generation Intrusion Prevention Systems (NGIPS) Report, which measures security effectiveness against evasions and exploits.

Join Thomas Skybakmoen, Distinguished Research Director for NSS Labs, as he shares the latest results from the NSS Labs NGIPS Report and the NGFW report earlier this year. Find out where your current solution ranks for security efficacy and TCO and find out why NSS Labs recommends the Forcepoint NGFW to be on every company’s short list.

Participate

 


  • 0

Massive E-mail Campaign Spreads Scarab Ransomware

Category : Forcepoint

In a similar fashion to the Jaff ransomware, Forcepoint Security Labs have observed another piece of ransomware called “Scarab” being pushed by the infamous Necurs botnet. The massive email campaign started at approximately 07:30 UTC and is active as of 13:30 today, totalling over 12.5 million emails captured so far.

The graph below shows the per-hour volume of Scarab/Necurs emails blocked by Forcepoint between 07:00 and 12:00 UTC:

Figure 1: Scarab/Necurs emails intercepted per hour

Based on our telemetry, the majority of the traffic is being sent to the .com top level domain (TLD). However, this was followed by region-specific TLDs for the United Kingdom, Australia, France and Germany:

Figure 2: Target TLD distribution for Scarab malicious email

The email uses the subject “Scanned from {printer company name}” – a theme that is known to have been utilised for previous Locky ransomware campaigns distributed via Necurs. The email contains a 7zip attachment containing a VBScript downloader.

Figure 3: Sample malicious email

As has been previously observed in Necurs campaigns, the VBScript contained a number of Game of Thrones references, in particular the strings “Samwell” and “JohnSnow”:

Figure 4: ‘Game of Thrones’ references within malicious VBScript

The download domains used as part of this campaign were compromised sites which have previously been used by Necurs-based campaigns.

SCARAB RANSOMWARE

The payload itself – Scarab – is a relatively new ransomware family that was discovered in June by Michael Gillespie. In the particular variant observed being distributed today, the ransomware drops the following copy of itself upon execution:

%Application Data%\sevnz.exe

It then creates a registry entry as an autostart mechanism:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
uSjBVNE = "%Application Data%\sevnz.exe

Once installed it proceeds to encrypt files, adding the extension “.[suupport@protonmail.com].scarab” to affected files. A ransom note with the filename “IF YOU WANT TO GET ALL YOUR FILES BACK, PLEASE READ THIS.TXT” (Figure 5, below) is dropped within each affected directory. The misspelling of “support” is present in both the modified filenames and the ransom note, and is presumably a result of the availability of email addresses on the Protonmail service.

Unusually, the note does not specify the amount being demanded, instead simply stating that “the price depends on how fast you write to us”. This note is also automatically opened by the malware after execution.

Figure 5: Ransom message displayed by Scarab malware

The use of an email-based payment system has been observed in a number of campaigns already this year (most notably the NotPetya attack in June) and proven – for both the malware authors and victims – to be a potential single point of failure in the payment system, with providers often moving quickly to shut down the addresses associated with ransomware campaigns. In the case of Scarab, it appears that this possibility has been considered already, with the ransom note providing a secondary contact mechanism via BitMessage should the email address become unavailable.

When running, Scarab executes the following commands to disable default Windows recovery features:

cmd.exe /c wbadmin DELETE SYSTEMSTATEBACKUP -keepVersions:0
cmd.exe /c wmic SHADOWCOPY DELETE
cmd.exe /c vssadmin Delete Shadows /All /Quiet
cmd.exe /c bcdedit /set {default} recoveryenabled No
cmd.exe /c bcdedit /set {default} bootstatuspolicy ignoreallfailures

Finally, once the encryption process is complete, it deletes the original copy of itself. 

PROTECTION STATEMENT

Forcepoint customers are protected against this threat via TRITON® ACE at the following stages of attack:

Stage 2 (Lure) – Malicious e-mails associated with this attack are identified and blocked.
Stage 5 (Dropper File) – Scarab variants are prevented from being downloaded.

CONCLUSION

By employing the services of larger botnets such as Necurs, smaller ransomware players such as the actors behind Scarab are able to run a massive campaign with a global reach. It remains a question whether this is a temporary campaign, as was the case with Jaff, or if we will see Scarab increase in prominence through Necurs-driven campaigns.

Either way, as we noted in our recent 2018 Security Predictions, we can expect ransomware to continue to make up a significant portion of the threat landscape for some time to come.

As always, Forcepoint Security Labs will continue to monitor developments to this threat and provide updates as necessary.

Source: https://blogs.forcepoint.com/security-labs/massive-email-campaign-spreads-scarab-ransomware

Authors: Ben Gibney & Roland Dela Paz

INDICATORS OF COMPROMISE

VBScript SHA-256

c7e3c4bad00c92a1956b6d98aae0423170de060d2e15c175001aaeaf76722a52

Scarab SHA-256

7a60e9f0c00bcf5791d898c84c26f484b4c671223f6121dc3608970d8bf8fe4f

Download Locations

hard-grooves[.]com/JHgd476?
pamplonarecados[.]com/JHgd476?
miamirecyclecenters[.]com/JHgd476?

  • 0

2018 Security Predictions

Category : Forcepoint

New security challenges in 2018

Hackers are already scheming their next wave of targets: will they replicate the colossal Equifax breach and cash in on reams of personal data or freeze up IoT devices simply in order to disrupt critical systems?

Join Forcepoint’s Bob Hansmann, Director, Security Technologies for a Forcepoint 2018 Security Predictions Report webcast on the most pressing security issues for the upcoming year.

You’ll receive an advance copy of the Forcepoint 2018 Security Predictions Report just for attending.

Live online Nov 30 2:00 pm
or after on demand 60 mins

  • 0

2017 NSS Labs Next Generation Intrusion Prevention System Report

Category : Forcepoint

Once again, Forcepoint NGFW is shown to be a highly-effective, secure network security solution, having received another “Recommended” rating for overall security effectiveness, performance and total cost of ownership (TCO) in the NSS Labs 2017 Next Generation Intrusion Prevention System (NGIPS) Comparative Report.

In this year’s test, NSS Labs examined products from 8 vendors ranging from next generation firewalls to dedicated IPS boxes, and measured their ability to stop exploits and attack techniques that compromise servers, workstations, databases and other systems. The results display a stark contrast between products designed to defeat evasions and those which leave networks exposed to attack.

Forcepoint NGFW, which pioneered the defense against evasions, achieved an overall 99.9% security effectiveness score. Forcepoint NGFW not only performed well against dedicated-purpose IPS devices for the second year in a row, it continued its unbroken streak of stopping 100% of evasion techniques.

In addition, Forcepoint NGFW obtained one of the lowest TCO scores, reflecting its deep integration of manageability into all aspects of operations. With Forcepoint NGFW, highly distributed enterprises and governments can deploy advanced intrusion prevention with inspection of encrypted traffic, high performance firewalling (on-premises and in the cloud), rapid-setup VPNs and SD-WAN link clustering — all managed from a single console.

According to the 2017 NSS Labs NGIPS test, Forcepoint NGFW:

  • Blocked 99.91% of exploits, even in the face of advanced evasions
  • Blocked 100% of evasions, 99.86% of NSS CAWS live exploits and 99.91% attacks overall
  • Passed all stability and reliability tests

In NSS Labs’ 2017 NGFW testing which took place earlier this year, Forcepoint NGFW achieved a 99.9% score for Security Effectiveness and a low TCO.

Forcepoint NGFW is, once again, a leader in network security.

Read the full report.


  • 0

Mission-Critical Network Security, Evolved

Category : Forcepoint

Realize the synergetic potential of integrating traditional firewalls with Forcepoint NGFW.

For governments and businesses continuing down the digital transformation path, next-generation technologies play a pivotal role in modernizing legacy network security infrastructure. IT security leaders should target a next-generation firewall that seamlessly integrates with their current firewall architecture in order to avoid security gaps that could potentially lead to compromise.

Firewalls play a fundamental role in protecting networks, and for decades, Forcepoint Sidewinder proxy firewalls have secured the most sensitive mission-critical environments on the planet. Government agencies, critical infrastructure organizations and commercial enterprises continue to trust Sidewinder due to its unmatched level of protection—there’s simply no other solution that delivers the same caliber of application-level network traffic security.

Forcepoint NGFW now incorporates the best of Sidewinder so you can leverage next-generation capabilities without sacrificing the application-level security you rely on to protect your critical data. Read this whitepaper to gain a full understanding of the benefits of Sidewinder + Forcepoint NGFW.


Support