Monthly Archives: October 2017

Charles Leaver – You Have Heard Of The KRACK Vulnerability Here Is What You Do

Published by:

Written By Dr Al Hartmann And Presented By Charles Leaver

 

Enough media attention has actually been generated over the Wi-Fi WPA2-defeating Key Reinsertion Attack (KRACK), that we do not have to re-cover that ground. The original discoverer’s website is a good location to review the problems and link to the in-depth research paper. This might be the greatest attention paid to a fundamental communications security failure since the Heartbleed attack. In that earlier attack, a patched variation of the vulnerable OpenSSL code was released on the same day as the public disclosure. In this brand-new KRACK attack, similar accountable disclosure guidelines were followed, and patches were either currently released or quickly to follow. Both wireless end points and wireless network devices should be appropriately patched. Oh, and good luck getting that Chinese knockoff wireless security camera bought off eBay patched quickly.

Here we will simply make a couple of points:

Take inventory of your wireless devices and take action to ensure proper patching. (Ziften can carry out passive network stock, including wireless networks. For Ziften monitored endpoints, the available network interfaces in addition to applied patches are reported.) For business IT personnel, it is patch, patch, patch every day anyhow, so absolutely nothing new here. However any unmanaged wireless devices ought to be identified and verified.

Windows and iOS end points are less susceptible, while unpatched Linux and Android end points are extremely prone. A lot of Linux endpoints will be servers without wireless networking, so not as much direct exposure there. However Android is another story, particularly given the balkanized state of Android updating across device producers. Most likely your business’s biggest direct exposure will be IoT and Android devices, so do your risk analysis.

Prevent wireless access by means of unencrypted protocols such as HTTP. Adhere to HTTPS or other encrypted protocols or utilize a secure VPN, but know some default HTTPS sites allow jeopardized devices to coerce downgrade to HTTP. (Note that Ziften network monitoring reports IP addresses and ports used, so have a look at any wireless port 80 traffic on endpoints that are unpatched.).

Continue whatever wireless network hygiene practices you have been employing to identify and silence rogue access points, unapproved wireless devices, and so on. Grooming access point placement and transmission zones to lessen signal spillage outside your physical boundaries is likewise a smart practice, considering that KRACK aggressors should be present locally within the wireless network. Don’t give them advantaged placement chances inside or near your environment.

For a more wider conversation around the KRACK vulnerability, have a look at our current video on the topic:

Charles Leaver – Train Your Staff Effectively About Security

Published by:

Written By Charles Leaver Ziften CEO

 

Effective corporate cybersecurity assumes that people – your staff members – do the best thing. That they do not turn over their passwords to a caller who claims to be from the IT department doing a “qualifications audit.” That they do not wire $10 million to an Indonesian checking account after getting a midnight demand from “the CEO”.

That they do not set up an “immediate upgrade” to Flash Player based upon a pop-up on a porn website. That they do not overshare on social networks. That they do not save business details on file sharing services outside the firewall. That they don’t link to unsecure WiFi networks. And they don’t click on links in phishing e-mails.

Our research study reveals that 75+% of security incidents are triggered or helped by staff member errors.

Sure, you’ve installed endpoint security, email filters, and anti-malware solutions. Those precautions will probably be for nothing, however, if your employees do the wrong thing time and again when in a hazardous scenario. Our cybersecurity efforts are like having an elegant automobile alarm: If you don’t teach your teenager to lock the vehicle when it’s at the mall, the alarm is worthless.

Security awareness isn’t enough, of course. Employees will make errors, and there are some attacks that do not need a worker bad move. That’s why you need endpoint security, email filters, anti-malware, and so on. But let’s speak about reliable security awareness training.

Why Training Frequently Fails to Have an Effect

Initially – in my experience, a lot of staff member training, well, is poor. That’s particularly true of online training, which is usually dreadful. However for the most parts, whether live or canned, the training does not have credibility, in part due to the fact that lots of IT experts are poor and unconvincing communicators. The training often focuses on communicating and implementing rules – not altering dangerous behavior and habits. And it’s like getting mandatory copy machine training: There’s nothing in it for the staff members, so they don’t accept it.

It’s not about implementing rules. While security awareness training might be “owned” by various departments, such as IT, CISO, or HR, there’s often an absence of knowledge about what a safe awareness program is. First of all, it’s not a checkbox; it needs to be ongoing. The training should be delivered in different ways and times, with a mix of live training, newsletters, small-group conversations, lunch-and-learns, and yes, even online resources.

Safeguarding yourself is not complicated!

But a big problem is the absence of objectives. If you do not know exactly what you’re attempting to do, you cannot see if you have actually done an excellent job in the training – and if dangerous habits in fact alter.

Here are some sample goals that can result in effective security awareness training:

Offer staff members with the tools to acknowledge and handle ongoing day-to-day security dangers they may receive online and via e-mail.

Let workers understand they belong to the group, and they can’t just rely on the IT/CISO teams to deal with security.

Halt the cycle of “unintended ignorance” about safe computing practices.

Modify state of minds toward more safe practices: “If you observe something, say something”.

Review of company guidelines and procedures, which are described in actionable terms which relate to them.

Make it Appropriate

No matter who “owns” the program, it’s important that there is visible executive backiong and management buy-in. If the officers don’t care, the staff members will not either. Effective training won’t talk about tech buzzwords; rather, it will concentrate on changing behaviors. Relate cybersecurity awareness to your staff members’ individual life. (And while you’re at it, teach them the best ways to keep themselves, their family, and their house safe. Odds are they don’t know and hesitate to ask).

To make security awareness training truly relevant, obtain employee ideas and motivate feedback. Step success – such as, did the variety of external links clicked by workers decrease? How about calls to tech assistance originating from security violations? Make the training prompt and real-world by consisting of recent rip-offs in the news; unfortunately, there are so many to select from.

In other words: Security awareness training isn’t fun, and it’s not a silver bullet. However, it is important for guaranteeing that risky staff member habits do not weaken your IT/CISO efforts to protect your network, devices, applications, and data. Make certain that you continually train your employees, and that the training works.

Charles Leaver – Feel The Excitement Of The Latest Splunk .conf

Published by:

Written By Josh Applebaum And Presented By Charles Leaver

 

Like so many of you, we’re still recuperating from Splunk.conf recently. As usual,. conf had terrific energy and the people who remained in participation were passionate about Splunk and the many usage cases that it offers through the large app ecosystem.

One crucial statement throughout the week worth discussing was a new security offering called “Content Updates,” which basically is pre-built Splunk searches for assisting to detect security events.

Basically, it has a look at the most recent attacks, and the Splunk security group produces new searches for how they would look through Splunk ES data to discover these types of attacks, and after that ships those brand-new searches to consumer’s Splunk ES environments for automatic notifications when seen.

The best part? Because these updates are using mainly CIM (Common Info Model) data, and Ziften populates a great deal of the CIM models, Ziften’s data is already being matched versus the new Content Updates Splunk has actually produced.

A fast demonstration revealed which vendors are adding to each type of “detection” and Ziften was pointed out in a great deal of them.

For instance, we have a current blog post that shares how Ziften’s data in Splunk is utilized to identify and react to WannaCry.

Overall, with the around 500 individuals who came by the booth over the course of.conf I have to say it was one of the very best occasions we have actually done in terms of quality discussions and interest. We had nothing but positive reviews from our thorough discussions with all walks of business life – from extremely technical experts in the public sector to CISOs in the monetary sector.

The most typical conversation usually began with, “We are just beginning to roll out Splunk and are new to the platform.” I like those, because people can get our Apps totally free and we can get them an agent to try out and it gets them something to use right out of the box to show value right away. Other folks were extremely skilled and actually liked our approach and architecture.

Bottom line: People are genuinely thrilled about Splunk and real services are offered to assist people with real problems!

Want to know more? The Ziften ZFlow App and Technology Add-on assists users of Splunk and Splunk ES usage Ziften-generated extended NetFlow from end points, servers, and cloud VMs to see what they are missing out on at the perimeters of their network, their data centers, and in their cloud implementations.

Charles Leaver – Find Out How Ziften Services Can Protect You

Published by:

Written By Josh Harriman And Presented By Charles Leaver

 

Having the correct tools to hand is a given in our industry. However having the right tools and services is one thing. Getting the best worth from them can be a challenge. Even with all the right intentions and properly experienced personnel, there can be spaces. Ziften Services can assist to fill those spaces and maintain your path for success.

Ziften Services can augment, or even straight-out lead your IT Operations and Security groups to better equip your company with 3 fantastic offerings. Every one is customized for a particular requirement and given the stats from a recent report by ESG (Enterprise Strategy Group) entitled “Trends in Endpoint Security Study”, which stated 51% of responders in the study said they will be deploying and using an EDR (endpoint detection and response) solution now and 35% of them plan to use managed services for the execution, proves the need is out there for appropriate services around these products and services. Therefore, Ziften is providing our services understanding that many companies lack the scale or competence to execute and completely use needed tools such as EDR.

Ziften services are as follows:

Ziften Assess Service
Ziften Hunt Service
Ziften Respond Service

While each of the three services cover a special purpose, the latter 2 are more complementary to each other. Let’s look at each in a bit more information to better comprehend the advantages.

Assess Service

This service covers both IT functional and security groups. To determine your success in proper documentation and adherence of procedures and policies, you need to begin with a good solid base line. The Assess services start by carrying out thorough interviews with key decision makers to actually comprehend exactly what is in place. From there, a Ziften Zenith release provides tracking and data collection of crucial metrics within client device networks, data centers and cloud deployments. The reporting covers asset management and performance, licensing, vulnerabilities, compliance and even anomalous habits. The result can cover a series of issues such as M&An assessments, pre cloud migration preparation and regular compliance checks.

Hunt Service

This service is a true 24 × 7 managed endpoint detection and response (MDR) offering. Organizations struggle to completely cover this crucial aspect to security operations. That could be because of minimal personnel or important proficiency in danger hunting techniques. Again, making use of the Ziften Zenith platform, this service utilizes continuous tracking across client devices, servers, cloud VMs supporting Windows, Mac OSX and Linux operating systems. Among the main results of this service is considerably minimizing risk dwell times within the environment. This has been talked about quite often in the past couple of years and the numbers are shocking, typically in the order of 100s of days that hazards remain hidden within organizations. You need somebody that can actively look for these enemies and even can retrospectively recall to past occasions to find behaviors you were not knowledgeable about. This service does use some hours of dedicated Incident Response as well, so you have all your bases covered.

Respond Service

When you are against the ropes and have a true emergency situation, this service is what you need. This is a tried and true IR group prepared for war 24 × 7 with a broad range of response tool sets at their disposal. You will get instant event examination and triage. Recommended actions line up with the seriousness of the threat and what response actions need to happen. The groups are extremely versatile and will work remotely or if required, can be on site where conditions necessitate. This could be your whole IR group, or will augment and mix right in with your current team.

At the end of the day, you require services to assist optimize your possibilities of success in today’s world. Ziften has three terrific offerings and desires all our clients to feel secured and aligned with the very best operational and security posture readily available. Please reach out to us so we can help you. It’s exactly what we love to do!