Tag Archives: tools

My latest Gartner research:Competitive Landscape: Endpoint Detection and Response Tools

5 January 2017  |  …EPP providers starting to offer EDR features. At least 50% of endpoint detection and responseproviders will incorporate enhanced analytics of user and attacker…the next 12 to 24 months, up from less than 15% today. The endpoint detection and response (EDR…

Gartner clients can access this research by clicking here.




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] GAO: Early look at fed’s ‘Einstein 3’ security weapon finds challenges

http://www.networkworld.com/article/2946040/security0/gao-early-look-at-feds-einstein-3-security-weapon-finds-challenges.html By Michael Cooney Network World July 9, 2015 When it comes to the government protecting all manner of state and personal information, the feds can use all the help it can get. One of the most effective tools the government has is the National Cybersecurity Protection System (NCPS), known as “EINSTEIN.” In a nutshell EINSTEIN is a suite of technologies intended to detect and prevent malicious network traffic from entering and exiting federal civilian government networks. The Government Accountability Office has been tracking EINSTEIN’s implementation since about 2010 and will later this year issue an update on the status of the system. But this week, it included some details of its report in an update on the state of federal security systems, and all is not well. Preliminary EINSTEIN observations from the GAO: •The Department of Homeland Security [which administers EINSTEIN] appears to have developed and deployed aspects of the intrusion detection and intrusion prevention capabilities, but potential weaknesses may limit their ability to detect and prevent computer intrusions. For example, NCPS detects signature anomalies using only one of three detection methodologies identified by NIST: signature-based, anomaly-based, and stateful protocol analysis. Further, the system has the ability to prevent intrusions, but is currently only able to proactively mitigate threats across a limited subset of network traffic (i.e., Domain Name System traffic and e-mail). […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Evident.io encourages startups to boost AWS security

http://www.cloudpro.co.uk/cloud-essentials/cloud-security/5177/evidentio-encourages-startups-to-boost-aws-security By Clare Hopping Cloud Pro June 25, 2015 Evident.io has announced a startup and small business AWS Cloud Security platform to help those without a dedicated security resource ensure their Amazon cloud infrastructure is protected. Adrian Sanabria, an analyst with 451 Research, commented: “The rise of cloud computing has enabled small businesses to grow and thrive with affordable cloud infrastructure and powerful cloud-based tools, but it’s also created unprecedented security threats.” He explained that startups often set up multiple severs in the cloud before even thinking about the security implications this has, employing a security expert or buying even basic equipment for the office. It’s this ‘cloud-first’ attitude that can get organisations into trouble when it comes to securing their systems. “The biggest risk with cloud infrastructure, especially for ‘cloud-first’ businesses, is the management plane,” he commented. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Why an Arms Control Pact Has Security Experts Up in Arms

http://www.wired.com/2015/06/arms-control-pact-security-experts-arms/ By Kim Zetter Security Wired.com June 24, 2015 SECURITY RESEARCHERS SAY a proposed set of export rules meant to restrict the sale of surveillance software to repressive regimes are so broadly written that they could criminalize some research and restrict legitimate tools that professionals need to make software and computer systems more secure. Critics liken the software rules, put forth by the US Commerce Department, to the Crypto Wars of the late ’90s, when export controls imposed against strong encryption software prevented cryptographers and mathematicians from effectively sharing their research abroad. At issue is the so-called Wassenaar Arrangement, an international agreement on which the proposed US rules are based. Other countries are in the process of developing their own rules around the WA, potentially putting researchers overseas in the same troubled boat as ones in the US. To clarify why people are alarmed about the WA and the proposed US rules, we’ve compiled a primer on what they are and why they could harm not only researchers and security companies but the state of computer security itself. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Hard to Sprint When You Have Two Broken Legs

http://carnal0wnage.attackresearch.com/2015/06/hard-to-sprint-when-you-have-two-broken.html By Valsmith June 14, 2015 Now as a disclaimer, I don’t work for the government so there is a lot I don’t know but I have friends who do or who have in the past and you hear things. I also pay attention and listen to questions I get in my training classes and conference talks. This directive from the White House is laughable for a number of reasons and demonstrates just how out of touch decision makers in the Government are on these issues. 1.) Technically skilled people have been BEGGING to improve cyber security in the government for well over 15 years. I don’t think this is any kind of secret, just google for a bit or talk to anyone who works in government in the trenches. Asking for staff, tools, budget, authority, support and getting little of it. In a way, this directive is insulting to them after years of asking, trying and failing suddenly someone says: “oh hey I have an idea, why don’t you go and secure stuff!”. Right. Unless you are going to supply those things they need RIGHT NOW, they will fail. And government procurement and hiring organizations are notoriously slow so the chances of that happening are slim. 2.) IT Operations. The first thing that has to be in place for there to be any real chance is solid IT operations. Organizations have to be able to push out images and patches quickly, orderly, and with assurance. Backup recovery, knowledge of inventory, well managed systems, etc. are all paramount. Do you know how most government IT operations are managed? By contractors, aka the lowest bidder. These are the Raytheons, Booz Allens, Boeings, Lockheeds, etc. who bid on large omnibus support contracts, win them, and THEN try to fill the staffing requirements. How do you win the lowest bid in services / support contracts? By keeping staffing costs down, aka paying the lowest possible salaries. This results in some of the most piss-poor IT operations in the world. You want to know why Hilary Clinton, former Secretaries of Defense, and numerous other government staff run their own private mail servers? Most likely its because their work provided email DOESN’T work. Slow systems, tiny inbox quotas, inability to handle attachments, downtime, no crypto or crypto incompatible with anyone else, these are just a few of the issues out there. And its not just email. I have personally seen a government conference room system take 15-20 minutes to log in at the windows login prompt, due too poor IT practices. I was told that most of the time people resorted to paper hand outs or overhead projectors. Yeh like the ones you had in highschool in the 90s with the light bulbs and transparencies. Essentially what this directive is saying: “Hey you low end IT staff, winners of the lowest bid, who can barely keep a network up or run a mail server, make sure you become infosec experts and shore up our defenses, and you have 30 days to do it.” Right. I have heard horror stories from acquaintances in the government of waiting 6 months for an initial account setup ticket to get performed. Weeks to get a new desktop deployed. It is idiotic to think that current IT operations can support this kind of request. But that is who typically manages servers, network and desktops, and who would have to deploy whatever security tools would be needed to do this in support of pitifully small infosec teams. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] FBI, Europol and NCA gunning for top 200 black hats making exploit kits for criminals

http://www.v3.co.uk/v3-uk/news/2411419/fbi-europol-and-nca-gunning-for-top-200-black-hats-making-exploit-kits-for-criminals By Alastair Stevenson V3.co.uk 03 Jun 2015 Law enforcement agencies need to mount a coordinated effort to shut down the exploit developers and hosting sites powering organised crime, according to experts from the FBI, Europol and the UK’s National Crime Agency (NCA). The experts made the claim during a panel discussion at InfoSec 2015, when FBI assistant legal attaché Michael Driscoll listed taking down the “core group” of 200 black hats creating exploit kits as one of the biggest challenges facing law enforcement. “We’re looking to stop that marketplace of tools. There’s a small group creating the core technologies that feed the criminal world,” he said. “The problem is they’re easily bought on the criminal marketplace and distributed. I could go now and pick them up for $200. We’re focusing our resources on taking out the people that do the most damage.” […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Lawmakers criticize FBI’s request for encryption back doors

http://www.computerworld.com/article/2916895/encryption/lawmakers-criticize-fbis-request-for-encryption-back-doors.html By Grant Gross IDG News Service April 29, 2015 U.S. lawmakers are skeptical of an FBI request for Congress to mandate encryption workarounds in smartphones, with critics saying Wednesday that back doors would create new vulnerabilities that bad guys can exploit. It’s currently impossible for smartphone makers to build in back doors that allow law enforcement agencies access to encrypted communications but also keep out cybercriminals, witnesses and lawmakers said during a hearing before the IT subcommittee of the House Oversight and Government Reform Committee. Law enforcement representatives called on lawmakers to find a way to allow access to encrypted data as a way to prevent serious crime. Late last year, FBI Director James Comey called for a public debate on encryption after Apple and Google announced they would offer new encryption tools on their smartphone OSes. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] RSA Hammers Home Fact That Hackers Are Winning

http://www.eweek.com/security/rsa-hammers-home-fact-that-hackers-are-winning.html By Sean Michael Kerner eWEEK.com 2015-04-27 There was a pall of darkness that hung over the RSA Conference that ran at San Francisco’s Moscone Center from April 20 to 24. Speaker after speaker, session after session, vendor booth after vendor booth, there was one overriding message that I heard time and again—the attackers are winning. The most clichéd saying of the week was that there are only two kinds of organizations—those that have been breached and those that haven’t yet discovered that they have been breached. It’s an air of defeatism that frankly I find appalling. How could the security industry with all its myriad vendors, tools and money not be succeeding in stopping attackers? Where is all the money going that enterprises are investing in security if it’s not going to stopping attackers? The near-endless drumbeat of breach disclosures in the media (and here at eWEEK we have covered our fair share of breaches) has helped to create a climate of fear, where enterprises fear that they will be the next Sony or Target, the next breach waiting to be discovered. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail