Archive for October, 2017

Chuck Leaver – KRACK Vulnerability 4 Steps To Protect Yourself

Written By Dr Al Hartmann And Presented By Chuck Leaver

 

Enough media attention has actually been generated over the Wi-Fi WPA2 defeating Key Reinsertion Attack (KRACK), that we do not need to re-cover that again. The original finder’s website is a good place to review the concerns and connect to the comprehensive research paper. This might be the most attention paid to a core communications security failure since the Heartbleed attack. During that earlier attack, a patched variation of the vulnerable OpenSSL code was launched on the very same day as the general disclosure. In this brand-new KRACK attack, similar accountable disclosure guidelines were followed, and patches were either already released or soon to follow. Both wireless end points and wireless network devices need to be properly patched. Oh, and best of luck getting that Chinese knockoff wireless security web cam bought off eBay patched quickly.

Here we will just make a few points:

Take stock of your wireless devices and follow up to ensure correct patching. (Ziften can carry out passive network inventory, consisting of wireless networks. For Ziften-monitored endpoints, the offered network interfaces along with applied patches are reported.) For business IT personnel, it is patch, patch, patch every day anyway, so nothing new here. However any unmanaged wireless devices should be located and vetted.

iOS and Windows endpoints are less susceptible, while unpatched Linux and Android end points are highly prone. The majority of Linux endpoints will be servers without wireless networking, so not as much direct exposure there. But Android is another story, especially given the balkanized state of Android upgrading across device manufacturers. Most likely your enterprise’s biggest direct exposure will be Android and IoT devices, so do your danger analysis.

Prevent wireless access through unencrypted protocols such as HTTP. Adhere to HTTPS or other encrypted protocols or utilize a safe VPN, however know some default HTTPS websites permit compromised devices to force downgrade to HTTP. (Note that Ziften network monitoring reports IP addresses and ports used, so take a look at any wireless port 80 traffic on unpatched endpoints.).

Continue whatever wireless network hygiene practices you have actually been employing to recognize and silence rogue access points, wireless devices that are unapproved, etc. Grooming access point placement and transmission zones to decrease signal spillage outside your physical limits is also a wise practice, considering that KRACK hackers must be present locally within the wireless network. Do not give them advantaged positioning opportunities within or close by to your environment.

For a more broad discussion around the KRACK vulnerability, have a look at our recent video on the topic:

 

Chuck Leaver – Make Your Security Awareness Training Count

Written By Chuck Leaver Ziften CEO

 

Reliable business cybersecurity assumes that people – your workers – do the best thing. That they don’t turn over their passwords to a caller who declares to be from the IT department doing a “credentials audit.” That they do not wire $10 million to an Indonesian savings account after getting a midnight demand from “the CEO”.

That they don’t install an “immediate update” to Flash Player based on a pop-up on a porn site. That they do not overshare on social media. That they don’t save company information on file-sharing services outside the firewall software. That they don’t link to unsecure WiFi networks. And they don’t click on links in phishing emails.

Our research study reveals that over 75% of security incidents are triggered or helped by employee errors.

Sure, you’ve set up endpoint security, email filters, and anti-malware options. Those precautions will most likely be for nothing, though, if your staff members do the incorrect thing time and again when in a hazardous circumstance. Our cybersecurity efforts are like having a fancy vehicle alarm: If you don’t teach your teenager to lock the vehicle when it’s at the shopping mall, the alarm is worthless.

Security awareness isn’t really enough, obviously. Employees will make errors, and there are some attacks that do not need a worker misstep. That’s why you need endpoint security, email filters, anti-malware, and so on. But let’s discuss reliable security awareness training.

Why Training Often Doesn’t Have an Effect

First – in my experience, a lot of employee training, well, sucks. That’s especially true of training online, which is normally awful. However in most cases, whether live or canned, the training lacks credibility, in part due to the fact that many IT specialists are poor and unconvincing communicators. The training frequently focuses on interacting and enforcing rules – not changing risky behavior and habits. And it resembles getting necessary copy machine training: There’s absolutely nothing in it for the staff members, so they don’t take it on board it.

It’s not about imposing rules. While security awareness training might be “owned” by various departments, such as IT, CISO, or HR, there’s often a lack of knowledge about exactly what a safe awareness program is. First of all, it’s not a checkbox; it has to be continuous. The training must be delivered in various methods and times, with a combination of live training, newsletters, small-group conversations, lunch-and-learns, and yes, even online resources.

Safeguarding yourself is not complicated!

However a huge issue is the lack of goals. If you have no idea what you’re aiming to do, you can’t see if you have actually done a good job in the training – and if risky behaviors really alter.

Here are some sample goals that can cause reliable security awareness training:

Offer staff members with the tools to acknowledge and handle continuous day-to-day security dangers they may receive online and by means of email.

Let workers know they become part of the group, and they cannot just rely on the IT/CISO groups to manage security.

Stop the cycle of “unexpected lack of knowledge” about safe computing practices.

Modify mindsets toward more safe and secure practices: “If you see something, state something”.

Evaluation of business guidelines and procedures, which are described in actionable ways that are relevant to them.

Make it Appropriate

No matter who “owns” the program, it’s necessary that there is visible executive support and management buy-in. If the officers don’t care, the staff members won’t either. Effective training won’t talk about tech buzzwords; instead, it will concentrate on changing habits. Relate cybersecurity awareness to your staff members’ personal life. (And while you’re at it, teach them how to keep themselves, their household, and their home safe. Chances are they do not know and are reluctant to ask).

To make security awareness training really pertinent, obtain employee concepts and motivate feedback. Procedure success – such as, did the number of external links clicked by staff members decrease? How about calls to tech assistance originating from security offenses? Make the training timely and real-world by including current frauds in the news; unfortunately, there are so many to select from.

In other words: Security awareness training isn’t really fun, and it’s not a silver bullet. Nevertheless, it is necessary for making sure that dangerous worker habits don’t weaken your IT/CISO efforts to secure your network, devices, applications, and data. Make sure that you continually train your employees, which the training works.

 

Chuck Leaver – So Much Energy And Interest At Splunk .conf

Written By Josh Applebaum And Presented By Chuck Leaver

 

 

Like a lot of you, we’re still recuperating from Splunk.conf last week. As usual,. conf had terrific energy and the individuals who remained in attendance were enthusiastic about Splunk and the numerous usage cases that it provides through the large app ecosystem.

One important announcement throughout the 7 days worth discussing was a brand-new security offering known as “Content Updates,” which essentially is pre-built Splunk searches for helping to discover security occurrences.

Generally, it has a look at the latest attacks, and the Splunk security team produces new searches for how they would hunt through Splunk ES data to find these kinds of attacks, and then ships those brand-new searches down to client’s Splunk ES environments for automated notifications when seen.

The best part? Since these updates are using primarily CIM (Common Info Model) data, and Ziften populates a lot of the CIM models, Ziften’s data is currently being matched against the brand-new Content Updates Splunk has produced.

A fast demonstration revealed which suppliers are contributing to each type of “detection” and Ziften was discussed in a great deal of them.

For instance, we have a current post that shares how Ziften’s data in Splunk is used to spot and react to WannaCry.

Overall, with the roughly 500 people who visited the cubicle over the course of.conf I need to say it was one of the very best occasions we have actually carried out in terms of quality discussions and interest. We had nothing but positive evaluations from our extensive discussions with all walks of corporate life – from highly technical experts in the public sector to CISOs in the monetary sector.

The most typical conversation normally began with, “We are just starting to roll out Splunk and are new to the platform.” I like those, given that individuals can get our Apps totally free and we can get them an agent to try and it gets them something to use right out of the box to demonstrate value right away. Other folks were very skilled and truly liked our technique and architecture.

Bottom line: Individuals are genuinely delighted about Splunk and real options are offered to help people with genuine problems!

Curious? The Ziften ZFlow App and Technology Add-on assists users of Splunk and Splunk ES usage Ziften-generated prolonged NetFlow from end points, servers, and cloud VMs to see exactly what they are missing out on at the perimeters of their network, their data centers, and in their cloud implementations.

Chuck Leaver – Our Services Will Help You

Written By Josh Harriman And Presented By Chuck Leaver

 

Having the right tools to hand is a given in our market. But having the correct tools and services is one thing. Getting the most worth out of them can be a difficulty. Even with all the best objectives and effectively experienced personnel, there can be spaces. Ziften Services can assist to fill those spaces and keep you on track for success.

Ziften Services can enhance, or perhaps outright lead your IT Operations and Security teams to better equip your organization with three great offerings. Every one is customized for a particular need and in light of the stats from a recent report by ESG (Enterprise Strategy Group) entitled “Trends in Endpoint Security Study”, which mentioned 51% of responders in the research study said they will be deploying and using an EDR (endpoint detection and response) option now and 35% of them plan to use managed services for the implementation, proves the requirement is out there for correct services around these products and solutions. Therefore, Ziften is providing our services understanding that numerous companies lack the scale or know-how to implement and completely use needed tools such as EDR.

Ziften services are as follows:

Ziften Assess Service
Ziften Hunt Service
Ziften Respond Service

While each of the three services cover a special function, the latter 2 are more complementary to each other. Let’s look at each in a little bit more detail to much better comprehend the benefits.

Assess Service

This service covers both IT operational and security teams. To measure your success in proper documents and adherence of processes and policies, you need to start with a good solid base line. The Assess services start by conducting extensive interviews with crucial decision makers to really understand what remains in place. From there, a Ziften Zenith release provides tracking and data collection of essential metrics within customer device networks, data centers and cloud implementations. The reporting covers asset management and efficiency, licensing, vulnerabilities, compliance as well as anomalous habits. The result can cover a range of concerns such as M&An evaluations, pre cloud migration planning and periodic compliance checks.

Hunt Service

This service is a real 24 × 7 managed endpoint detection and response (MDR) offering. Organizations struggle to completely cover this key element to security operations. That could be because of minimal personnel or crucial know-how in risk hunting techniques. Once again, using the Ziften Zenith platform, this service utilizes continuous tracking throughout client devices, servers, cloud VMs supporting Windows, Mac OSX and Linux operating systems. One of the primary outcomes of this service is dramatically minimizing threat dwell times within the environment. This has actually been discussed on a regular basis in the past few years and the numbers are shocking, normally in the order of 100s of days that dangers stay concealed within organizations. You require somebody that can actively search for these enemies and even can historically recall to previous occasions to find habits you were not aware of. This service does offer some hours of dedicated Incident Response too, so you have all your bases covered.

Respond Service

When you are against the ropes and have a real emergency situation, this service is what you require. This is a proven and true IR team all set for battle 24 × 7 with a broad series of response tool sets at hand. You will get instant event evaluation and triage. Advised actions line up with the intensity of the risk and what response actions have to occur. The groups are very flexible and will work remotely or if needed, can be on-site where conditions require. This could be your whole IR team, or will enhance and blend right in with your current group.

At the end of the day, you need services to assist optimize your chances of success in today’s world. Ziften has three great offerings and wants all our clients to feel safeguarded and lined up with the very best functional and security posture offered. Please reach out to us so we can help you. It’s exactly what we love to do!