Archive for the ‘Breaches Of Security’ Category

Chuck Leaver – Why You Must Have Flexibility With SysSecOps

Written by Chuck Leaver

 

You will discover that endpoints are everywhere. The device you read this on is an endpoint, whether it’s a desktop, notebook, tablet, or phone. The HEATING AND COOLING controller for your structure is an endpoint, assuming it’s linked to a network, and the WiFi access points and the security cams too. So is the linked vehicle. So are the Web servers, storage servers, and Active Directory servers in the data center. So are your IaaS/PaaS services in the cloud, where you are in control of bare-metal servers, VMware virtual machines, or containers working on Windows and/or Linux.

All of them are endpoints, and each and every one is very important to manage.

They have to be handled from the IT side (from IT administrators, who ideally have appropriate IT-level visibility of each connected thing like those security cams). That management means making sure they’re connected to the right network zones or VLANs, that their software and setups are up to date, that they’re not creating a flood on the network with bad packets due to electrical faults and so-on.

Those endpoints also need to be handled from the security perspective by CISO teams. Every endpoint is a prospective entrance into the business network, which indicates the devices should be locked down – default passwords never used, all security patches used, no unapproved software set up on the device’s embedded web server. (Kreb’s outlines how, in 2014, hackers got into Target’s network via its HVAC system.).

Systems and Security Operations.

Systems Security Operations, or SysSecOps, brings those two worlds together. With the best kind of SysSecOps frame of mind, and tools that support the correct workflows, IT and security workers get the exact same data and can collaborate together. Sure, they each have various tasks, and react differently to problem signals, however they’re all managing the same endpoints, whether in the pocket, on the desk, in the energy closet, in the data center, or in the cloud.

Ziften Zenith Test Report.

We were thrilled when the just recently released Broadband-Testing report applauded Zenith, Ziften’s flagship endpoint security and management platform, as being perfect for this kind of situation. To quote from the recent report, “With its Zenith platform, Ziften has a solution that ticks all the SysSecOps boxes and more. Because its meaning of ‘endpoints’ extends into the Data Centre (DC) and the world of virtualisation, it holds true blanket protection.”.

Broadband-Testing is an independent testing facility and service based in Andorra. They explain themselves as, “Broadband-Testing communicates with suppliers, media, investment groups and VCs, experts and consultancies alike. Testing covers all elements of networking hardware and software, from ease of use and performance, through to progressively important aspects such as device power intake measurement.”

Back to flexibility. With endpoints all over (once again, on the desk, in the energy closet, in the data center, or in the cloud), a SysSecOps-based endpoint security and management system should go everywhere and do anything, at scale. Broadband-Testing wrote:

“The configuration/deployment options and architecture of Ziften Zenith permit a really flexible implementation, on or off-premise, or hybrid. Agent deployment is simpleness itself with zero user requirements and no endpoint invasion. Agent footprint is also very little, unlike numerous endpoint security services. Scalability also looks to be excellent – the most significant customer implementation to this day remains in excess of 110,000 endpoints.”

We cannot help but be proud of our product Zenith, and exactly what Broadband-Testing concluded:

“The introduction of SysSecOps – integrating systems and security operations – is an uncommon moment in IT; a hype-free, sound judgment approach to refocusing on how systems and security are managed inside a business.

Key to Ziften’s endpoint technique in this category is total visibility – after all, how can you protect what you can’t see or do not know exists in the first place? With its Zenith platform, Ziften has a product that ticks all the SysSecOps boxes and more.

Deployment is simple, specifically in a cloud-based situation as evaluated. Scalability also looks to be excellent – the most significant customer implementation to this day is in excess of 110,000 endpoints.

Data analysis options are comprehensive with a huge quantity of info offered from the Ziften console – a single view of the whole endpoint infrastructure. Any object can be analysed – e.g. Binaries, applications, systems – and, from a procedure, an action can be defined as an automated function, such as quarantining a system in case of a possibly harmful binary being found. Several reports are predefined covering all aspects of analysis. Alerts may be set for any occurrence. Furthermore, Ziften provides the principle of extensions for customized data collection, beyond the reach of a lot of vendors.

And with its External API performance, endpoint data gathered by Ziften can be shared with most third party applications, thus including more worth to a client’s existing security and analytics infrastructure investment.

Overall, Ziften has an extremely competitive offering in what is a really worthwhile and emerging IT classification through SysSecOps that is extremely deserving of evaluation.”.

We hope you’ll think about an assessment of Zenith, and will concur that when it concerns SysSecOps and endpoint security and management, we do tick all the boxes with the true blanket coverage that both your IT and CISO teams have actually been looking for.

Chuck Leaver – Ziften Can Assist With Meltdown And Spectre

Written By Josh Harriman And Presented By Chuck Leaver

 

Ziften is aware of the latest exploits impacting practically everyone who deals with a computer system or digital device. While this is a very large statement, we at Ziften are working diligently assisting our clients find susceptible assets, repairing those vulnerable systems, and keeping an eye on systems after the repair for prospective performance concerns.

This is an ongoing investigation by our group in Ziften Labs, where we keep up to date on the most recent harmful attacks as they develop. Today, the majority of the conversations are around PoC code (Proof of Concept) and exactly what can in theory take place. This will quickly change as hackers benefit from these opportunities. The exploits I’m speaking, of course, are Meltdown and Spectre.

Much has actually been written about how these exploits were found and exactly what is being done by the market to discover workarounds to these hardware concerns. To get more information, I feel it’s appropriate to go right to the source here (https://spectreattack.com/).

What Do You Need To Do, and How Can Ziften Help?

A key area that Ziften helps with in case of an attack by either method is keeping track of for data exfiltration. Given that these attacks are essentially taking data they should not have access to, our company believe the first and simplest techniques to protect yourself is to take this confidential data and remove it from these systems. This data might be passwords, login qualifications or perhaps security keys for SSH or VPN access.

Ziften checks and alerts when processes that typically do not make network connections begin showing this uncommon behavior. From these notifications, users can quarantine systems from the network and / or eliminate procedures connected with these circumstances. Ziften Labs is keeping an eye on the development of the attacks that are likely to become readily available in the real world related to these vulnerabilities, so we can better safeguard our consumers.

Discover – How am I Susceptible?

Let’s look at areas we can monitor for susceptible systems. Zenith, Ziften’s flagship product, can easily and quickly find Operating Systems that need to be patched. Although these exploits remain in the CPU chips themselves (Intel, AMD and ARM), the repairs that will be available will be upgraded to the Operating System, and in other cases, the web browser you use as well.

In Figure 1 below, you can see one example of how we report on the readily available patches by name, and what systems have actually successfully installed each patch, and which have yet to set up. We can also track patch installs that stopped working. The example shown below is not for Meltdown or Spectre, however the KB and / or patch number for the environment could be populated on this report to reveal the vulnerable systems.

The same is true for browser updates. Zenith keeps an eye out for software application variations running in the environment. That data can be utilized to comprehend if all browsers are up to date once the fixes appear.

Speaking of internet browsers, one area that has actually already picked up steam in the attack scenarios is utilizing Javascript. A working copy is shown here (https://www.react-etc.net/entry/exploiting-speculative-execution-meltdown-spectre-via-javascript).

Products like Edge browsers do not use Javascript any longer and mitigations are readily available for other web browsers. Firefox has a fix offered here (https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/). A Chrome fix is coming out soon.

Fix – Exactly What Can I Do Now?

Once you have actually recognized susceptible systems in your environment you certainly want to patch and repair them as soon as possible. Some safeguards you have to take into consideration are reports of specific Anti-Virus products causing stability issues when the patches are applied. Details about these problems are here (https://www.cyberscoop.com/spectre-meltdown-microsoft-anti-virus-bsod/) and here (https://docs.google.com/spreadsheets/u/1/d/184wcDt9I9TUNFFbsAVLpzAtckQxYiuirADzf3cL42FQ/htmlview?usp=sharing&sle=true).

Zenith also has the ability to help patch systems. We can monitor for systems that require patches, and direct our solution to apply those patches for you and then report success / failure and the status of those still requiring patching.

Considering that the Zenith backend is cloud-based, we can even track your endpoint systems and use the needed patches when and if they are not linked to your business network.

Track – How is it all Running?

Last but not least, there could be some systems that exhibit performance degradation after the OS repairs are applied. These problems seem to be restricted to high load (IO and network) systems. The Zenith platform assists both security and operational groups within your environment. What we want to call SysSecOps (https://ziften.com/introducing-systems-security-operations-syssecops/).

We can help reveal issues such as hangs or crashes of applications, and system crashes. Plus, we monitor system usage for Memory and CPU gradually. This data can be utilized to monitor and notify on systems that start to exhibit high usage compared with the period prior to the patch was used. An example of this tracking is shown in Figure 2 below (system names deliberately removed).

These ‘defects’ are still new to the public, and far more will be gone over and discovered for days / weeks / months to come. Here at Ziften, we continue to monitor the circumstance and how we can best educate and secure our clients and partners.

Chuck Leaver – Why You Need SysSecOps

Written By Alan Zeichick And Presented By Chuck Leaver

 

SysSecOps. That’s a new phrase, still unseen by many IT and security administrators – however it’s being discussed within the market, by analysts, and at technical conferences. SysSecOps, or Systems & Security Operations, describes the practice of combining security groups and IT operations groups to be able to make sure the health of enterprise technology – and having the tools to be able to respond most effectively when issues happen.

SysSecOps concentrates on taking down the info walls, disrupting the silos, that get between security groups and IT administrators.

IT operations personnel are there to make sure that end-users can access applications, and that important infrastructure is running at all times. They want to optimize access and availability, and require the data required to do that job – like that a new employee needs to be provisioned, or a hard disk drive in a RAID array has actually stopped working, that a new partner needs to be provisioned with access to a secure document repository, or that an Oracle database is ready to be moved to the cloud. It’s everything about innovation to drive business.

Very Same Data, Various Use-Cases

While using endpoint and network monitoring details and analytics are clearly customized to fit the diverse needs of IT and security, it ends up that the underlying raw data is in fact the exact same. The IT and security groups simply are looking at their own domain’s issues and scenarios – and doing something about it based upon those use-cases.

Yet in some cases the IT and security groups have to interact. Like provisioning that brand-new organization partner: It must touch all the ideal systems, and be done securely. Or if there is a problem with a remote endpoint, such as a mobile phone or a mechanism on the Industrial Internet of Things, IT and security might have to work together to identify exactly what’s going on. When IT and security share the exact same data sources, and have access to the very same tools, this job becomes a lot easier – and hence SysSecOps.

Envision that an IT administrator spots that a server hard drive is nearing full capacity – and this was not anticipated. Perhaps the network had actually been breached, and the server is now being utilized to steam pirated films throughout the Web. It happens, and finding and resolving that issue is a task for both IT and security. The data gathered by endpoint instrumentation, and showed through a SysSecOps-ready tracking platform, can assist both sides working together more effectively than would happen with conventional, distinct, IT and security tools.

SysSecOps: It’s a brand-new term, and a brand-new idea, and it’s resonating with both IT and security groups. You can discover more about this in a brief 9 minute video, where I talk with numerous market specialists about this subject: “Exactly what is SysSecOps?”

Chuck Leaver – Collaboration With Microsoft To Defend You Against Attacks

Written By David Shefter And Presented By Chuck Leaver

 

Recently we announced a partnership with Microsoft that combines Ziften’s Zenith ® systems and security operations platform, and Windows Defender Advanced Threat Protection (ATP) delivering a cloud-based, “single pane of glass” to find, see, examine, and respond to innovative cyber attacks and breaches on Windows, macOS, and Linux-based devices (desktops, laptop computers, servers, cloud, etc).

Windows Defender ATP plus Ziften Zenith is a security service that enables business clients to spot, investigate, respond and remediate sophisticated hazards on their networks, off-network, and in the data center and cloud.

Imagine a single solution throughout all the devices in your business, offering scalable, cutting-edge security in a cost-effective and simple to use platform. Making it possible for enterprises across the globe to protect and handle devices through this ‘single pane of glass’ provides the pledge of lower operational expenses with real improved security providing real time worldwide threat security with information collected from billions of devices worldwide.

The Architecture Of Microsoft And Ziften

The diagram listed below provides an introduction of the service parts and integration between Windows Defender ATP and Ziften Zenith.

Endpoint investigation capabilities let you drill down into security notifications and understand the scope and nature of a potential breach. You can submit files for deep analysis, get the results and take remediation without leaving the Windows Defender ATP console.

Discover and Contain Hazards

With the Windows Defender ATP and Ziften Zenith integration, companies can readily detect and contain dangers on Windows, macOS, and Linux systems from an individual console. Windows Defender ATP and Ziften Zenith offer:

Behavior-based, cloud-powered, sophisticated attack detection. Discover the attacks that make it past all other defenses (after a breach has been detected).

Abundant timeline for forensic investigation and mitigation. Quickly examine the scope of any breach or believed behaviors on any device through a rich, 6-month machine timeline.

Built in unique danger intelligence knowledge base. Hazard intelligence to quickly identify attacks based upon tracking and data from millions of devices.

The image below shows many of the macOS and Linux threat detection and response capabilities now available with Windows Defender ATP.

At the end of the day, if you’re seeking to secure your endpoints and infrastructure, you have to take a tough look at Windows Defender ATP and Ziften Zenith.

Chuck Leaver – KRACK Vulnerability 4 Steps To Protect Yourself

Written By Dr Al Hartmann And Presented By Chuck Leaver

 

Enough media attention has actually been generated over the Wi-Fi WPA2 defeating Key Reinsertion Attack (KRACK), that we do not need to re-cover that again. The original finder’s website is a good place to review the concerns and connect to the comprehensive research paper. This might be the most attention paid to a core communications security failure since the Heartbleed attack. During that earlier attack, a patched variation of the vulnerable OpenSSL code was launched on the very same day as the general disclosure. In this brand-new KRACK attack, similar accountable disclosure guidelines were followed, and patches were either already released or soon to follow. Both wireless end points and wireless network devices need to be properly patched. Oh, and best of luck getting that Chinese knockoff wireless security web cam bought off eBay patched quickly.

Here we will just make a few points:

Take stock of your wireless devices and follow up to ensure correct patching. (Ziften can carry out passive network inventory, consisting of wireless networks. For Ziften-monitored endpoints, the offered network interfaces along with applied patches are reported.) For business IT personnel, it is patch, patch, patch every day anyway, so nothing new here. However any unmanaged wireless devices should be located and vetted.

iOS and Windows endpoints are less susceptible, while unpatched Linux and Android end points are highly prone. The majority of Linux endpoints will be servers without wireless networking, so not as much direct exposure there. But Android is another story, especially given the balkanized state of Android upgrading across device manufacturers. Most likely your enterprise’s biggest direct exposure will be Android and IoT devices, so do your danger analysis.

Prevent wireless access through unencrypted protocols such as HTTP. Adhere to HTTPS or other encrypted protocols or utilize a safe VPN, however know some default HTTPS websites permit compromised devices to force downgrade to HTTP. (Note that Ziften network monitoring reports IP addresses and ports used, so take a look at any wireless port 80 traffic on unpatched endpoints.).

Continue whatever wireless network hygiene practices you have actually been employing to recognize and silence rogue access points, wireless devices that are unapproved, etc. Grooming access point placement and transmission zones to decrease signal spillage outside your physical limits is also a wise practice, considering that KRACK hackers must be present locally within the wireless network. Do not give them advantaged positioning opportunities within or close by to your environment.

For a more broad discussion around the KRACK vulnerability, have a look at our recent video on the topic:

 

Chuck Leaver – Make Your Security Awareness Training Count

Written By Chuck Leaver Ziften CEO

 

Reliable business cybersecurity assumes that people – your workers – do the best thing. That they don’t turn over their passwords to a caller who declares to be from the IT department doing a “credentials audit.” That they do not wire $10 million to an Indonesian savings account after getting a midnight demand from “the CEO”.

That they don’t install an “immediate update” to Flash Player based on a pop-up on a porn site. That they do not overshare on social media. That they don’t save company information on file-sharing services outside the firewall software. That they don’t link to unsecure WiFi networks. And they don’t click on links in phishing emails.

Our research study reveals that over 75% of security incidents are triggered or helped by employee errors.

Sure, you’ve set up endpoint security, email filters, and anti-malware options. Those precautions will most likely be for nothing, though, if your staff members do the incorrect thing time and again when in a hazardous circumstance. Our cybersecurity efforts are like having a fancy vehicle alarm: If you don’t teach your teenager to lock the vehicle when it’s at the shopping mall, the alarm is worthless.

Security awareness isn’t really enough, obviously. Employees will make errors, and there are some attacks that do not need a worker misstep. That’s why you need endpoint security, email filters, anti-malware, and so on. But let’s discuss reliable security awareness training.

Why Training Often Doesn’t Have an Effect

First – in my experience, a lot of employee training, well, sucks. That’s especially true of training online, which is normally awful. However in most cases, whether live or canned, the training lacks credibility, in part due to the fact that many IT specialists are poor and unconvincing communicators. The training frequently focuses on interacting and enforcing rules – not changing risky behavior and habits. And it resembles getting necessary copy machine training: There’s absolutely nothing in it for the staff members, so they don’t take it on board it.

It’s not about imposing rules. While security awareness training might be “owned” by various departments, such as IT, CISO, or HR, there’s often a lack of knowledge about exactly what a safe awareness program is. First of all, it’s not a checkbox; it has to be continuous. The training must be delivered in various methods and times, with a combination of live training, newsletters, small-group conversations, lunch-and-learns, and yes, even online resources.

Safeguarding yourself is not complicated!

However a huge issue is the lack of goals. If you have no idea what you’re aiming to do, you can’t see if you have actually done a good job in the training – and if risky behaviors really alter.

Here are some sample goals that can cause reliable security awareness training:

Offer staff members with the tools to acknowledge and handle continuous day-to-day security dangers they may receive online and by means of email.

Let workers know they become part of the group, and they cannot just rely on the IT/CISO groups to manage security.

Stop the cycle of “unexpected lack of knowledge” about safe computing practices.

Modify mindsets toward more safe and secure practices: “If you see something, state something”.

Evaluation of business guidelines and procedures, which are described in actionable ways that are relevant to them.

Make it Appropriate

No matter who “owns” the program, it’s necessary that there is visible executive support and management buy-in. If the officers don’t care, the staff members won’t either. Effective training won’t talk about tech buzzwords; instead, it will concentrate on changing habits. Relate cybersecurity awareness to your staff members’ personal life. (And while you’re at it, teach them how to keep themselves, their household, and their home safe. Chances are they do not know and are reluctant to ask).

To make security awareness training really pertinent, obtain employee concepts and motivate feedback. Procedure success – such as, did the number of external links clicked by staff members decrease? How about calls to tech assistance originating from security offenses? Make the training timely and real-world by including current frauds in the news; unfortunately, there are so many to select from.

In other words: Security awareness training isn’t really fun, and it’s not a silver bullet. Nevertheless, it is necessary for making sure that dangerous worker habits don’t weaken your IT/CISO efforts to secure your network, devices, applications, and data. Make sure that you continually train your employees, which the training works.

 

Chuck Leaver – So Much Energy And Interest At Splunk .conf

Written By Josh Applebaum And Presented By Chuck Leaver

 

 

Like a lot of you, we’re still recuperating from Splunk.conf last week. As usual,. conf had terrific energy and the individuals who remained in attendance were enthusiastic about Splunk and the numerous usage cases that it provides through the large app ecosystem.

One important announcement throughout the 7 days worth discussing was a brand-new security offering known as “Content Updates,” which essentially is pre-built Splunk searches for helping to discover security occurrences.

Generally, it has a look at the latest attacks, and the Splunk security team produces new searches for how they would hunt through Splunk ES data to find these kinds of attacks, and then ships those brand-new searches down to client’s Splunk ES environments for automated notifications when seen.

The best part? Since these updates are using primarily CIM (Common Info Model) data, and Ziften populates a lot of the CIM models, Ziften’s data is currently being matched against the brand-new Content Updates Splunk has produced.

A fast demonstration revealed which suppliers are contributing to each type of “detection” and Ziften was discussed in a great deal of them.

For instance, we have a current post that shares how Ziften’s data in Splunk is used to spot and react to WannaCry.

Overall, with the roughly 500 people who visited the cubicle over the course of.conf I need to say it was one of the very best occasions we have actually carried out in terms of quality discussions and interest. We had nothing but positive evaluations from our extensive discussions with all walks of corporate life – from highly technical experts in the public sector to CISOs in the monetary sector.

The most typical conversation normally began with, “We are just starting to roll out Splunk and are new to the platform.” I like those, given that individuals can get our Apps totally free and we can get them an agent to try and it gets them something to use right out of the box to demonstrate value right away. Other folks were very skilled and truly liked our technique and architecture.

Bottom line: Individuals are genuinely delighted about Splunk and real options are offered to help people with genuine problems!

Curious? The Ziften ZFlow App and Technology Add-on assists users of Splunk and Splunk ES usage Ziften-generated prolonged NetFlow from end points, servers, and cloud VMs to see exactly what they are missing out on at the perimeters of their network, their data centers, and in their cloud implementations.

Chuck Leaver – Our Services Will Help You

Written By Josh Harriman And Presented By Chuck Leaver

 

Having the right tools to hand is a given in our market. But having the correct tools and services is one thing. Getting the most worth out of them can be a difficulty. Even with all the best objectives and effectively experienced personnel, there can be spaces. Ziften Services can assist to fill those spaces and keep you on track for success.

Ziften Services can enhance, or perhaps outright lead your IT Operations and Security teams to better equip your organization with three great offerings. Every one is customized for a particular need and in light of the stats from a recent report by ESG (Enterprise Strategy Group) entitled “Trends in Endpoint Security Study”, which mentioned 51% of responders in the research study said they will be deploying and using an EDR (endpoint detection and response) option now and 35% of them plan to use managed services for the implementation, proves the requirement is out there for correct services around these products and solutions. Therefore, Ziften is providing our services understanding that numerous companies lack the scale or know-how to implement and completely use needed tools such as EDR.

Ziften services are as follows:

Ziften Assess Service
Ziften Hunt Service
Ziften Respond Service

While each of the three services cover a special function, the latter 2 are more complementary to each other. Let’s look at each in a little bit more detail to much better comprehend the benefits.

Assess Service

This service covers both IT operational and security teams. To measure your success in proper documents and adherence of processes and policies, you need to start with a good solid base line. The Assess services start by conducting extensive interviews with crucial decision makers to really understand what remains in place. From there, a Ziften Zenith release provides tracking and data collection of essential metrics within customer device networks, data centers and cloud implementations. The reporting covers asset management and efficiency, licensing, vulnerabilities, compliance as well as anomalous habits. The result can cover a range of concerns such as M&An evaluations, pre cloud migration planning and periodic compliance checks.

Hunt Service

This service is a real 24 × 7 managed endpoint detection and response (MDR) offering. Organizations struggle to completely cover this key element to security operations. That could be because of minimal personnel or crucial know-how in risk hunting techniques. Once again, using the Ziften Zenith platform, this service utilizes continuous tracking throughout client devices, servers, cloud VMs supporting Windows, Mac OSX and Linux operating systems. One of the primary outcomes of this service is dramatically minimizing threat dwell times within the environment. This has actually been discussed on a regular basis in the past few years and the numbers are shocking, normally in the order of 100s of days that dangers stay concealed within organizations. You require somebody that can actively search for these enemies and even can historically recall to previous occasions to find habits you were not aware of. This service does offer some hours of dedicated Incident Response too, so you have all your bases covered.

Respond Service

When you are against the ropes and have a real emergency situation, this service is what you require. This is a proven and true IR team all set for battle 24 × 7 with a broad series of response tool sets at hand. You will get instant event evaluation and triage. Advised actions line up with the intensity of the risk and what response actions have to occur. The groups are very flexible and will work remotely or if needed, can be on-site where conditions require. This could be your whole IR team, or will enhance and blend right in with your current group.

At the end of the day, you need services to assist optimize your chances of success in today’s world. Ziften has three great offerings and wants all our clients to feel safeguarded and lined up with the very best functional and security posture offered. Please reach out to us so we can help you. It’s exactly what we love to do!

Chuck Leaver – You Must Take Care Of Vulnerability Lifecycle Management

Written By Dr Al Hartmann And Presented By Chuck Leaver

The following heading struck the news recently on September 7, 2017:

Equifax Inc. today revealed a cyber security incident possibly impacting approximately 143 million U.S. customers. Bad guys made use of a U.S. website application vulnerability to gain access to certain files. Based upon the business’s examination, the unauthorized access happened from mid-May through July 2017.

Lessons from Past Debacles

If you like your career, appreciate your role, and wish to keep it, then do not leave the door open to hackers. A major data breach often begins with an unpatched vulnerability that is easily exploitable. And after that the inescapable happens, the hackers are inside your defenses, the crown jewels have actually left the building, the press launches fly, expensive experts and external legal counsel rack up billable hours, regulators come down, suits are flung, and you have “some major ‘splainin’ to do”!

We are unsure if the head splainer in the present Equifax debacle will survive, as he is still in ‘splainin’ mode, asserting the infiltration started with the exploitation of an application vulnerability.

In such cases the normal rhumba line of resignations is – CISO initially, followed by CIO, followed by CEO, followed by the board of directors shakeup (specifically the audit and corporate duty committees). Do not let this occur to your career!

Steps to Take Immediately

There are some common sense steps to take to prevent the unavoidable breach catastrophe resulting from unpatched vulnerabilities:

Take inventory – Stock all system and data assets and map your network topology and connected devices and open ports. Know your network, it’s division, what devices are connected, exactly what those devices are running, what vulnerabilities those systems and apps expose, what data assets they access, the sensitivity of those assets, what defenses are layered around those assets, and what checks remain in place along all possible access paths.

Improve and toughen up – Implement best practices recommendations for identity and access management, network segmentation, firewall and IDS configurations, operating system and application setups, database access controls, and data encryption and tokenization, while simplifying and cutting the number and complexity of subsystems across your enterprise. Anything too intricate to handle is too complex to protect. Select setup solidifying heaven over breach response hell.

Constantly monitor and scrutinize – Periodic audits are needed but inadequate. Continually monitor, track, and evaluate all relevant security events and exposed vulnerabilities – create visibility, event capture, analysis, and archiving of every system and session login, every application launch, every active binary and vulnerability exposure, every script execution, every command issued, every networking contact, every database transaction, and every delicate data access. Any holes in your security event visibility produce an opponent free-fire zone. Develop essential efficiency metrics, monitor them ruthlessly, and drive for ruthless enhancement.

Do not accept functional reasons for inadequate security – There are constantly protected and effective operational policies, however they may not be pain-free. Not suffering a catastrophic data breach is way down the organizational pain scale from the alternative. Operational expedience or operating legacy or misaligned top priorities are not valid excuses for extenuation of poor cyber practices in an intensifying risk environment. Make your voice heard.

Chuck Leaver – Here Is How To Protect Yourself After The Equifax Breach

Written By Michael Levin And Presented By Chuck Leaver

 

Equifax, among the three significant U.S. based credit reporting services just revealed a major data breach where cyber criminals have stolen delicate information from 143 million United States customers.

Ways that the Equifax security infiltration WILL impact you:

– Personal – Your individual and family’s identity info is now at risk and will be targeted!

– Business – Your businesses could be affected and targeted.

– Nationally – Terrorist, Country States and organized crime groups could be involved or utilize this data to commit cybercrime to acquire funds.

Safeguarding yourself is not complicated!

5 recommendations to protect yourself immediately:

– Sign up for a credit monitoring service and/or lock your credit. The quickest way to be informed that your credit is jeopardized is through a credit tracking service. Equifax has currently started the process of setting up complimentary credit monitoring for those impacted. Other credit tracking services are offered and should be thought about.

– Track all your financial accounts including credit cards and all checking accounts. Guarantee that all alerts are switched on. Ensure you are getting instant text and e-mail notices for any modifications in your account or enhanced balances or transactions.

– Secure your bank and monetary accounts, ensure that two level authentication is turned on for all accounts. Find out about two level authentication and turn it on for all monetary accounts.

– Phishing email messages can be your greatest daily risk! Slow down when managing e-mail messages. Stop immediately clicking every email link and attachment you get. Instead of clicking on links and attachments in e-mail messages, go separately to the websites beyond the email message. When you receive an email, you were not expecting from a name you recognize think about getting in touch with the sender separately before you click links or attachments.

– Strong passwords – consider altering all your passwords. Develop strong passwords and protect them. Utilize various passwords for your accounts.

Other Security Considerations:

– Backup all computers and update operating systems and software frequently.

– Social network security – Sharing too much info on social networks increases the risk that you will be preyed on. For example, telling the world, you are on a getaway with images opens the risk your house will be robbed.

– Protect your devices – Don’t leave your laptop, phone or tablet unattended even for a second. Do not leave anything in your automobile you do not want stolen because it’s just a matter of time.

– Internet of things and device management – Understand how all your devices connect to the Internet and what information you are sharing. Inspect security settings for all devices including smart watches and fitness bands.

The worth of training on security awareness:

– This is another crime, where security awareness training can assist to reduce risk. Understanding brand-new criminal activities and rip-offs in the news is an essential part of security awareness training. Making sure that workers, friends and family understand this fraud will greatly minimize the possibility that you will be victimized.

– Sharing new rip-offs and crimes you hear about in the news with others, is very important to ensure that individuals you appreciate do not come down with these kinds of crimes.