STE WILLIAMS

MOUNTAIN VIEW, Calif., September 9, 2013 — HyTrust Inc., the Cloud Security Automation Company, today announced the official release of HyTrust Appliance 3.5, a major upgrade that enables enterprises to more easily virtualize mission-critical applications and deploy multi-tenant private clouds without taking on unacceptable risks. This market-leading solution for policy enforcement in virtualized environments builds on innovation pioneered by HyTrust in the area of role-based monitoring. It provides a unique level of visibility into the operation by monitoring, logging, and evaluating every administrative action initiated by every user to detect suspicious activity as it occurs. With this feature, the solution issues an immediate alert when administrative actions or behavior patterns conflict with a user’s assigned role, helping prevent the theft of confidential information or a pending data center disaster.

“We welcome the current national interest in issues around data security, but at HyTrust our focus has always been on developing security automation technologies that enable organizations to benefit from large-scale virtualized datacenters without taking on additional risks,” said Hemma Prafullchandra, CTO and senior vice president of products at HyTrust. “The release of HyTrust Appliance 3.5 is exactly in line with that mission–it provides enhanced insider threat detection for a virtual infrastructure without relying on integration with associated technologies, such as Security Information and Event Management (SIEM) systems, which are blind to the administrative activities of cloud environments. The customizable behavior-based and potential threat detection algorithms in this version automatically uncover risks missed by other solutions because it has the real-time context of all administrator activity and an inventory of the protected cloud and virtual infrastructures.”

The new features in HyTrust Appliance 3.5 enable private clouds and virtualized data centers to prevent or contain damage caused by both employees and outsiders misusing administrator privileges. This might include copying a virtual machine with confidential data, deleting the entire virtual data center, or misconfiguring tenant specific workloads in shared infrastructure. The technology builds on the ‘two-man rule’ defense prized in a virtual infrastructure (the National Security Administration is currently implementing similar safeguards in its networks). The release also has a high level of flexibility: for example, organizations that want to quickly start observing and logging administrative activity before defining granular roles and access rules can simply use the new “monitor only” mode, which lets them remedy undesirable user behavior and refine roles before beginning to enforce strict access policies.

“As cloud-based and virtual infrastructures become the norm, customers need more advanced security technologies to reduce risks. One of the best methods of risk reduction is through role-based monitoring,” said Judith Hurwitz, president of analyst and research firm Hurwitz Associates. “Monitoring all operations based on assigned roles and issuing automatic alerts when behavioral patterns change is a good way to deflect risk without negatively affecting the workflow.”

HyTrust Appliance 3.5 has additional features, such as enhanced capabilities to strengthen the security and compliance posture of cloud and virtual infrastructures by implementing support for VMware’s Security Hardening Guide 5.1. The new release conducts more than three times as many configuration checks and remediation operations than it did before.

Availability Pricing

HyTrust Appliance 3.5 is generally available now. Enterprise pricing starts at $63,750 for a single datacenter site with 20 ESXi CPU sockets. HyTrust Appliance Community Edition is also offered as a free version of the product that supports up to three hosts and is downloadable from the Web at www.hytrust.com/freetrial.

About HyTrust (www.hytrust.com)

Cloud Under Controltrade

Headquartered in Mountain View, CA, HyTrust is the Cloud Security Automation (CSA) company. HyTrust delivers the essential real-time control, security, administrative account monitoring, logging and compliance assurance necessary to enable the benefits of cloud adoption and virtualization of critical workloads. The Company is backed by top tier investors VMware, Cisco Systems, Intel Corporation, In-Q-Tel, Fortinet, Granite Ventures, Trident Capital, and Epic Ventures; its partners include VMware, VCE, Symantec, CA, McAfee, Splunk; HP Arcsight, Accuvant, RSA and Intel Corporation.

Article source: http://www.darkreading.com/management/hytrust-appliance-35-announced-reduces-o/240161098

SAN FRANCISCO – September 9, 2013 – Appthority, the leader in App Risk Management, today announced the industry’s first all-in-one app risk management solution combining app reputation analysis with a new policy management functionality, enabling organizations to create custom app risk policies. Together with Appthority’s app reputation service, the new policy functionality gives IT administrators unprecedented control over mobile device management by providing both immediate app behavior insights as well as the ability to customize and directly enforce actions to neutralize app risk.

Appthority’s comprehensive App Risk Management solution integrated with a mobile device management (MDM) solution now gives IT administrators the tools needed to maximize the productivity gains of the Mobile First and BYOD (Bring Your Own Device) movements by mitigating app risk. Using the Appthority Portal, IT can quickly get a complete inventory of the apps and their risky behaviors currently present on employee devices and take immediate enforcement action without impacting employee satisfaction or device performance and capability.

According to Gartner, by 2015, the number of employees using mobile applications in the workplace will double.* With more organizations adopting a Mobile First strategy, employees both bringing their own mobile devices and downloading apps from the millions of apps in the global app ecosystem onto company issued devices, the cost and complexity of manually managing app policy functions is enormous.

“IT Managers tell us they have no idea which apps to have their MDM vendors block. One company we spoke with was only able to manually analyze 40 apps a year to try to understand risky app behaviors. Now, organizations can make the most of their MDM investment with the Appthority Trust Score ratings of nearly two million apps, the ability to analyze new apps in seconds, and the first app policy settings based on the actual behavior of each app,” said Domingo Guerra, president and co-founder, Appthority. “Mobile policy cannot be one size fits all. Our new app policy management allows IT managers to easily create smart, turn-key mobile app policies that are customized to their unique company culture and risk profile.”

Using Appthority’s analysis, IT administrators can now take the next step of creating custom and unique app policies for all devices under management. This includes generating blacklists and whitelists that auto-populate based on the behavior of new apps entering the environment.

“Equifax is a data and analytics driven company with high security and regulatory requirements. We are taking that same scientific approach to how we manage the enterprise app strategy issue for our organization,” said Robert Bowen, enterprise mobility architect, Equifax. “By adding policy functionality to their app risk analysis platform, Appthority has given us the critical tool needed to reduce mobile app risk while allowing our employees to maximize their mobile productivity potential with confidence.”

MDM solutions have the capability to block apps, but enterprises have previously been faced with a complete lack of visibility into which apps contain risky behaviors, such as accessing corporate data, file sharing, sending sensitive information, using cloud file storage and others. With Appthority, organizations can face the consumerization of IT with the tools needed to make informed policy decisions and immediately enforce them, such as blocking any app that supports cloud file storage or messaging employees with risky apps on their devices to uninstall or face access removal from the organization’s resources.

Appthority’s new policy management addition is the next step in the evolution of App Risk Management – from discovering and analyzing risky app behaviors to automated enforcement capabilities.

*Gartner “Bring Your Own Device: The Facts and Future,” by David A. Willis. Published April 11, 2013.

About Appthority

Appthority provides the industry’s first all-in-one App Risk Management service that employs static, dynamic and behavioral analysis to immediately discover the hidden actions of apps and empower organizations to apply custom policies to prevent unwanted app behaviors. Only Appthority combines the largest global database of analyzed public and private apps with advanced policy management tools to automate control over risky app actions and protect corporate data. Named the Most Innovative Company of RSA Conference 2012, Appthority has analyzed nearly two million apps for its Global 2000 and government customers. By delivering trust to the app ecosystem, Appthority allows enterprises to securely benefit from the proliferation of useful apps. Headquartered in San Francisco, Appthority is venture-backed by U.S. Venture Partners and Venrock. More information on Appthority can be found at www.appthority.com.

Article source: http://www.darkreading.com/management/appthority-launches-app-risk-and-policy/240161100

Encryption remains a key security tool despite newly leaked documents revealing the National Security Agency’s efforts to bend crypto and software to its will in order to ease its intelligence-gathering capabilities, expert say. But these latest NSA revelations serve as a chilling wake-up call for enterprises to rethink how they lock down their data.

“The bottom line is what Bruce Schneier said: for all of these [NSA] revelations, users are better off using encryption than not using encryption,” says Robin Wilton, technical outreach director of the Internet Society. “But if you’re a bank [or other financial institution] and you rely on the integrity of your transactions, what are you supposed to be doing now? Are you compromised?”

The New York Times, The Guardian, and ProPublica late last week reported on another wave of leaked NSA documents provided by former NSA contractor Edward Snowden, revealing that the agency has been aggressively cracking encryption algorithms and even urging software companies to leave backdoors and vulnerabilities in place in their products for the NSA’s use. The potential exposure of encrypted email, online chats, phone calls, and other transmissions, has left many organizations reeling over what to do now to keep their data private.

[Concerns over backdoors and cracked crypto executed by the spy agency is prompting calls for new more secure Internet protocols—and the IETF will address these latest developments at its November meeting. See Latest NSA Crypto Revelations Could Spur Internet Makeover.]

Still a mystery is which, and if any, encryption specifications were actually weakened under pressure of the NSA, and which vendor products may have been backdoored. The National Institute of Standards and Technology (NIST), which heads up crypto standards efforts, today issued a statement in response to questions raised about the encryption standards process at NIST in the wake of the latest NSA program revelations: “NIST would not deliberately weaken a cryptographic standard. We will continue in our mission to work with the cryptographic community to create the strongest possible encryption standards for the U.S. government and industry at large,” NIST said.

NIST reiterated its mission to develop standards and that it works with crypto experts from around the world–including experts from the NSA. “The National Security Agency (NSA) participates in the NIST cryptography development process because of its recognized expertise. NIST is also required by statute to consult with the NSA,” NIST said in its statement.

The agency also announced today that it has re-opened public comments for Special Publication 800-90A and draft Special Publications 800-90B and 800-90C specs that cover random-bit generation methods. These specifications have been under suspicion by some experts because the NSA was involved in their development, and NIST says if any vulnerabilities are found in the specs, it will fix them.

The chilling prospect of the NSA building or demanding backdoors in encryption methods, software products, or Internet services is magnified by concerns that that would also give nation-states and cybercriminals pre-drilled holes to infiltrate.

“There’s a strong technological argument that putting backdoors in encryption is just a foolish thing to do. Because if you do that, it’s just open to abuse” by multiple actors, says Stephen Cobb, security evangelist for ESET. “This makes it very complicated for businesses. I would not want to be a CSO or CIO at a financial institution right now.”

So how can businesses ward off the NSA or China and other nation-states or Eastern European cybercriminals if crypto and backdoors are on the table?

Use encryption

Encryption is still very much a viable option, especially if it’s strong encryption, such as the 128-bit Advanced Encryption Standard (AES). “Don’t stop using encryption, review the encryption you’re using, and potentially change the way you’re doing it. If you’ve got a Windows laptop with protected health information, at least be using BitLocker,” for example, says Stephen Cobb, security evangelist for ESET.

David Frymier, CISO and vice president at Unisys, says even the NSA would be hard-pressed to break strong encryption, so using strong encryption is the best bet. Even Snowden said that, Frymier says.

Still unclear is whether the actual algorithms the NSA has cracked will be revealed publicly or not.

“Most algorithms are actually safe,” says Tatu Ylonen, creator of the SSH protocol and CEO and founder of SSH Communications Security.

Beef up your encryption key management

David Frymier, CISO and vice president at Unisys, is skeptical of the claims that the NSA worked to weaken any encryption specifications. “I just don’t find that [argument] compelling. All of these algorithms are basically published in the public domain and they are reviewed by” various parties, he says.

Even so, the most important factor is how the keys are managed: how companies deploy the technology, store their keys, and allow access to them, experts say. The security of the servers running and storing that code is also crucial, especially since the NSA is reportedly taking advantage of vulnerabilities much in the way hackers do, experts note.

Dave Anderson, a senior director with Voltage Security, says it’s possible for the NSA to decrypt a financial transaction, but probably only if the crypto wasn’t implemented correctly or there keys weren’t properly managed. “A more likely way that the NSA is reading Internet communications is through exploiting a weakness in key management. That could be a weakness in the way that keys are generated, or it could be a weakness in the way that keys are stored,” Anderson says. “And because many of the steps in the lifecycle of a key often involve a human user, this introduces the potential for human error, making key lifecycle management never as secure as the protection provided by the encryption itself.”

Keep your servers up-to-date with patches, too, because weaknesses in the operating system or other software running on the servers that support the crypto software are other possible entryways for intruders or spies.

One of the most common mistakes: not restricting or knowing who has access to the server storing crypto keys, when, and from where, according to SSH’s Ylonen. “And that person’s access must be properly terminated when it’s no longer needed,” he says. “I don’t think this problem is encryption: it is overall security.”

Ylonen says it’s also a wakeup call for taking better care and management of endpoints.

Not having proper key management is dangerous, he says. One of SSH Communications’ bank customers had more than 1.5 million keys for accessing its production servers, but the bank didn’t know who had control over the keys, he says.

“There are two kinds of keys—keys for encryption and keys for gaining access that can give you further access to encryption keys,” he says. And access-granting keys are often the worst-managed, he says. “Some of the leading organizations don’t know who has access to the keys to these systems,” he says.

“If you get the encryption keys, you can read [encrypted data]. If you get the access keys, you can read the data, and you can modify the system … or destroy the data,” he says.

Conduct a risk analysis on what information the NSA, the Chinese, or others would be interested in

Once you’ve figured out what data would be juicy for targeting, double down to protect it.

“Whatever that is, protect it using modern, strong encryption, where you control the endpoints and you control the keys. If you do that, you can be reasonably assured your information will be safe,” Unisys’ Frymier says.

In the end, crypto-cracking and pilfered keys are merely weapons in cyberspying and cyberwarfare, experts say.

“The NSA wants access to data … they want access to passwords and credentials to access the system so it can be used for offensive purposes if the need arises, or for data collection,” Ylonen says. “They want access to modern software and applications so they are later guaranteed access to other systems.”

Have a comment on this story? Please click “Add Your Comment” below. If you’d like to contact Dark Reading’s editors directly, send us a message.

Article source: http://www.darkreading.com/authentication/keep-calm-keep-encryptingwith-a-few-cave/240161105

In the wake of leaked documents offering new details about the National Security Agency’s surveillance capabilities, Google has accelerated plans to encrypt all traffic flowing between its data centers.

The move isn’t aimed at resisting government-ordered requests for information about Google’s users, or data that Google stores, with which the company must legally comply. Rather, the initiative is aimed at making it more difficult for government intelligence agencies — or anyone else — to surreptitiously eavesdrop on data handled by Google.

“It’s an arms race,” Eric Grosse, VP for security engineering at Google, Dark Reading’s editors directly, send us a message.

Article source: http://www.darkreading.com/authentication/nsa-fallout-google-speeds-data-encryptio/240161106

The first thing you’ll notice about the September 2013 Patch Tuesday is that there are only 13 patches to apply, even though there were 14 bulletins in last week’s pre-announcement.

One of the patches didn’t make it.

With all the fuss about Big Brother and computer security in the news right now, I don’t doubt that there will be conspiracy theories about the missing patch.

(For example, “What if the intelligence services ordered the patch held back for a while in order to keep a backdoor open?”)

As it happens, I don’t know what didn’t get patched, or why the patch didn’t come out, so I can’t disprove anybody’s fears – but I do think you can put away the tinfoil hats.

All eight of the originally-announced Remote Code Execution holes got patched, so you’re not missing any critical updates, literally or figuratively.

And with two patches having gone haywire for Microsoft last month, you might well expect a touch more conservatism from Redmond this time around.

Here are the fixes that did come out, neatly compressed into a table:

A reminder: RCE is remote code execution; EoP is elevation of privilege; DoS is denial of service; and Leak is incorrect data disclosure.

The big-ticket items this month – if any remote code execution hole can be dismissed as low-ticket, of course – are the fixes for Internet Explorer and Outlook.

These patches may well stop your users getting infected with malware by merely browsing to a web site or reading (even as a preview) an email.

Also of concern is the patch at the very top of the list: according to Microsoft, the hole in SharePoint could allow an attacker to take control of the server simply by sending malformed content to it.

The Office, Excel and Access RCE vulnerabilities are similar, with those applications at risk if you inadvertently open a boobytrapped file.

Note that the IE, Outlook and Office holes only give an attacker the same privileges as the user who is running the vulnerable application.

But any of those holes could be combined with one of the abovementioned EoP vulnerabilites.

This means an attacker could use RCE to get access as a locally logged in user, followed by an EoP to promote himself to an administrator.

Best get patching right away, then!

Follow @duckblog

Image of patch courtesy of Shutterstock.

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/fLaH7W5OoyM/

Free ESG report : Seamless data management with Avere FXT

A whopping 81 per cent of businesses run outdated Java while two in five (40 per cent) have not updated Flash, according to the latest figures from net security firm Websense.

Websense warns that failing to apply patches that address vulnerabilities in hacker favourites such as Flash and Java leaves these business at risk of targeted attacks that lead to the theft of business secrets.

Only 19 per cent of enterprise Windows-based computers ran the latest version of Java (7u25) between 1 and 29 August, 2013, the security firm said. Unbelievably, more than 40 per cent of enterprise Java requests are from browsers were still using outdated Java 6.

The combined effect is that more than four in five Java requests are susceptible to two popular new Java exploits (CVE-2013-2473 and CVE-2013-2463).

Java add-ons in the browser are a well-known hacker target and security firms have routinely advised businesses to disable the technology, which is rarely needed to use most websites. Despite this advice, Websense discovered that 83.86 per cent of enterprise browsers have Java enabled.

Don’t dismiss that Adobe update…

Adobe applications such as Reader and Flash are another cyber-espionage favourite. Websense discovered that nearly 40 per cent of users are not running the most up-to-date versions of Flash. Nearly 25 per cent of Flash installations are more than six months old, close to 20 per cent are one year outdated and nearly 11 per cent are nearly two years old, according to stats from the web security firm.

Previous research by Websense back in March indicated that 93 per cent of enterprises were vulnerable to known Java exploits and nearly 50 per cent of enterprise traffic is using a version of Java that is more than two years out of date. So as bad as the state of enterprise Java security currently is things have arguably improved.

Carl Leonard, senior security research manager EMEA at Websense, commented: “Java has become a primary gateway for hackers to enter today’s businesses and its vulnerabilities are being commoditised in the latest exploit kits.

“Research using our Websense ThreatSeeker Intelligence Cloud indicates that successful Java exploits are on the rise with computers running outdated versions of Java…. [and] only 19 percent of enterprise Windows-based computers ran the latest version of Java.

“It is clear the cybercriminals know there is a Java update challenge for many organisations and thus they focus on exploits targeting both new and older versions of the technology,” he added. ®

Supercharge your infrastructure

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/09/10/java_flash_security_snapshot/

Security vendor CrowdStrike received an infusion of $30 million in funding Monday, and investors say they are putting their dollars behind companies that are rethinking the security problem.

In a press release, CrowdStrike announced that it had raised an additional $30 million in Series B financing, led by high-tech venture capital firm Accel Partners and Warburg Pincus.

CrowdStrike, which has gained wide attention through its focus on identifying adversaries, rather than just the malware they distribute, was not hunting for funding, but the investors made an offer that was too good to pass up, says George Kurtz, president, CEO, and co-founder of the company.

“Accel and Warburg both see an opportunity to redefine the way we think about security,” Kurtz says.

Venture firms and other investors say they are looking for companies with a new approach to security because the threat continues to escalate despite rising enterprise investment in existing technology. Kurtz says he receives an average of “five emails a week” from venture funding firms interested in putting their money behind CrowdStrike’s approach.

“There are many new startups out there, but only a few actually have a chance to be both independent and category-leading,” says Sameer Gandhi, a partner at Accel Partners and now a member of CrowdStrike’s board of directors. Accel has invested in a number of security startups, including a $50 million round of financing for Tenable Network Security, maker of the popular Nessus security scanner, in 2012.

Venture firms are attracted to CrowdStrike’s story, which focuses on finding and stopping humans, rather than just malware. As part of its offerings, the company delivers data on the source of the attack and is collecting detailed information on malware authors and distributors across the globe.

“There is a perception that malware attacks are growing at a fantastic rate, but if you focus on the adversary, it’s a very different picture,” Kurtz says. “What we’re really seeing is a set of humans trying to beat a set of automated systems, and they’re winning. Humans will always be a little ahead of computers — just look at how IBM’s best supercomputer couldn’t beat Russia’s human champion at chess.”

That’s the kind of new thinking that attracts investors, Gandhi says. “We have to recognize that the nature of the threat isn’t going to get any better,” he says. “We look for companies that have a very different approach. It’s part of the evolution of technology — the threat goes beyond the current security infrastructure, and that eventually leads to a new generation of technology. We’re always looking for that next generation.”

Have a comment on this story? Please click “Add a Comment” below. If you’d like to contact Dark Reading’s editors directly, send us a message.

Article source: http://www.darkreading.com/management/crowdstrike-gets-30m-in-new-round-of-fun/240161057

As organizations try to find better ways to improve their security practices, increasingly they’re finding that the secrets to success are not written in runes in a far away land. They actually exist right there in enterprise, hiding away in log data, metadata, unstructured data and plenty of other instrumentation data feeds pumping out information constantly for those willing to harvest and examine them.

Homing in on the right data and scientifically drawing conclusions that mean something to IT and the business isn’t easy. But with some focused effort and creativity, it is possible to quickly improve analytics work in order to better understand IT risks and adjust security practices for better protection of business assets. Here’s how the experts recommend building up improvements.

1. Don’t Assume SIEM Has Your Analytics Needs Covered

As many organizations seek to take their analysis of security-related to the next level, it may be time to re-imagine what data sets they’re using to do that analysis, says Ed Bellis, CEO of Risk I/O.

“People often believe they have security analytics covered because they have SIEM or log management, but there are so many different pieces of data that you need to look well beyond your logs,” he says, explaining that everything from HR records to fraud data that traditionally falls outside the scope of IT security provides meaningful intersections with IT security data. “I would also argue that we’re not using the data we have anywhere near its full capabilities. It could be the unstructured data in your environment, the metadata in your environment or unstructured data outside your environment–just being able to close that loop is important.”

2. Don’t Focus On Data About The Attacker

Taking the focus outside SIEM data also serves another purpose, as much of the metadata, records data and additional data about the network that more analytics practices lean upon tend to be inwardly focused. Taking a closer look at the organization’s ready state, rather than remaining constantly preoccupied with data about potential attackers, is a shift in thinking that many mature organizations these days need to take to get a better picture of risk, says Mike Lloyd, CTO of RedSeal Networks.

“Don’t just think about the bad guy, think about yourself,” he says,.

He says the best way to think about it is to imagine a classic war room with strategists over a war table moving pieces around a table with a map. Yes, the strategists are getting intelligence about enemy movements and moving those pieces on the map–to him that’s what SIEM has been doing with the logs. But there are two other critical pieces to the war gaming: force accounting and terrain mapping.

“If you don’t know where your forces are, your war room is useless. And if you don’t have a map of the terrain, you’re not thinking about the problem the right way,” he says, explaining that a map of the network acts as the terrain guide and then an inventory of assets and defenses and their state stand in as the force accounting. “It’s not just about the bad guys and what you can see in the logs, it’s about combining that with two other major feeds, which is how your stuff is organized and what the map looks like.”

3. Measure What’s Important To The Business

As organizations look for additional data feeds beyond log data, the organization’s business position within an industry, its business processes and its assets should all play an important role in deciding what to measure and analyze.

“I think it’s important for a business to understand where they’re positioned and what they’re being attacked by. We are fairly good at handling things like everyday script kiddies, target of opportunity attackers,” says Michael Roytman, data scientist for Risk I/O. “But, specific businesses have specific other attackers. That they probably need to develop practices around measuring how those are affecting them. It’s that tiered approach of measuring what everybody’s exposed to, and then deciding or at least making a guess about what’s specifically unique about your data or your attackers so you can build out a practice on something that comes from an understanding of the business.”

[Is IPS in it for the long haul? See The Future of IPS.]

4. Watch For Changes To Critical Infrastructure

Once you think about the business needs, it becomes easier to pinpoint critical assets that should be constantly monitored for red flags. According to A. N. Ananth, CEO of EventTracker, whether it is payroll servers, certificate servers or particular local drives, these critical assets should be watched and analyzed for change.

“Changes should be grouped as either system changes/configuration changes or business knowledge changes,” he says. “Because there shouldn’t be many changes to these critical systems, it won’t take much time to go through them. Grouping provides a lot of bang for your buck.

5. Do Pre-Security Analytics

The more organizations begin to pull in a diverse set of data into their analytics operations, the more they’ll see the imperfections of data. In order to get the best conclusions from data, it’ll take work on the front end to clean up data and also use that clean-up effort to realize where there may be gaps in data collection, says Lloyd.

“As you combine these data sources together, you actually gain something really important: you can notice contradictions,” he says. “As soon as you get a collection of assets from two different teams who operate independently in a company, you combine their worlds together, you realize they don’t line up. You’ve got chess pieces that don’t fit on the chessboard and empty parts of the chessboard with no chess pieces.”

Combining data and then criticizing the data feed to improve its quality presents some good low-hanging fruit for honing analytics work, he says.

“If you start combining feeds, you can realize where the gaps are and realize you’re not scanning all your hosts, you don’t have all the network under control, you don’t have logs in all the right places and so on,” Lloyd says.

6. Leverage Internal Business Intelligence Experts

If your organization doesn’t have the luxury to hire data scientists to look over and analyze security data, don’t give up hope. A little creative thinking and intraorganizational bridge building could give your team access to people with similar skillsets.

According to Bellis, a good tack would be to cozy up with the enterprise’s business intelligence team for help with analytics work.

“When it comes to business intelligence, they have their own data warehousing teams and things like that and they’ve got a lot of expertise on staff that may not necessarily be trained in information security but they certainly know the data analytics piece,” he says. “Leaning on those organizations can give you a big jump start at least into a security analytics program.”

7. Remember Security Data Needs Protecting, Too

The more data collection and analysis information a security team amasses, the more that those repositories themselves become a target for attackers. As organizations up their analytics game, they’ve got to remember that their data could be juicier than a lot of corporate data because it could hold the secrets for unraveling that enterprise’s defenses.

“If our security tools are less secure than our network is, they become a weakness that can be exploited by hackers,” says Mike Heumann, senior director of marketing for the Endace division of Emulex. “For instance, thick client-based tools can present a security threat in that data is often loaded onto a laptop which itself could be removed from the enterprise and later lost or penetrated. Keeping data in secure locations in the data center can help to eliminate these types of weaknesses.”

Have a comment on this story? Please click “Add Your Comment” below. If you’d like to contact Dark Reading’s editors directly, send us a message.

Article source: http://www.darkreading.com/7-starter-steps-for-security-analytics-s/240161039

BAE Systems Detica today announces the launch of IndustrialProtect, a military-grade solution, to the marketplace. The solution is designed to protect the industrial control systems of organisations such as power plants, oil refineries or automated manufacturing plants from cyber attack, allowing them to both modernise their legacy systems as well as improve their security.

The major applications for the IndustrialProtect solution will be organisations within the Defence, Energy, Utilities and Natural Resources sectors, where industrial control systems are integral to their efficiency, growth and productivity. All these organisations form part of the National Critical Infrastructure, a prime target for cyber attacks. Recent attacks like Shamoon or those on the Korean peninsula illustrate just how critical it is for these organisations to protect their networks.

The security risks to these organisations can also have “real-world” impacts – affecting not only the safety and ability of the organisation to operate, but also the potential to cause significant economic, human and environmental harm should a security breach incident occur.

IndustrialProtect is launching at a time when operational networks are increasingly vulnerable. The on-going convergence of Operational Technology (OT) and enterprise Information Technology (IT) networks is bringing great benefits, such as increased automation, more centralised key functions and better management information. But the convergence also creates greater risk as it increases the opportunity for attack through unauthorised access or espionage and the manipulation of data and data loss caused by both targeted and non-targeted attacks.

IndustrialProtect effectively mitigates these risks by using cutting-edge technology to ensure the security of industrial control systems. It is the only solution that provides all of the necessary security controls in a single appliance, and also delivers unrivalled security enforcement while also enabling greater business efficiency, secure information sharing and connectivity.

BAE Systems Detica’s solution provides significant security enhancements over existing approaches, whilst also avoiding any impact on business efficiency.

David Garfield, Managing Director of Cyber Security at BAE Systems Detica, said:

“National Critical Infrastructure organisations are increasingly concerned about securing their business critical operations. The larger and more diverse the organisation, the greater the number of network vulnerabilities for cyber attackers to exploit. IndustrialProtect addresses key areas where traditional approaches are proving ineffective, simultaneously enabling efficient business processes and protecting against the modern cyber threat.

“This is the first time this type of solution has been available for organisations in the critical national infrastructure. It provides a means to enable information flows that greatly increase business efficiency and operational effectiveness while protecting critical operational networks from attack.”

IndustrialProtect verifies the identity of the individual or system sending information, that the information is received is as it was sent and also that the content is intended and appropriate for the receiving system. Critical systems are thereby protected from access, manipulation and control by those intending to carry out harm through disruption and sabotage.

Unlike many security enforcement solutions, IndustrialProtect is custom-designed from a basic component level and built in hardware by a security-approved supply chain. It therefore provides higher performance, reliability and security, particularly when compared to solutions based on mainstream software components.

IndustrialProtect achieves this through five key features:

Implementation of network segmentation without breaking critical business process

Prevention of unauthorised systems from exchanging information

Assurance that the integrity of information is preserved from source to destination

Transparency to existing systems and a very low attack surface

Full remote management from the industrial control system and back to the system

– Ends –

Notes to editors

About BAE Systems Detica

BAE Systems Detica delivers information intelligence solutions to government and commercial customers and develops solutions to strengthen national security and resilience.

Detica is part of BAE Systems, a global defence, aerospace and security company with approximately 90,000 employees worldwide.

BAE Systems delivers a wide range of products and services for air, land and naval forces, as well as advanced electronics, security, information technology solutions and customer support services. For more information, please visit www.baesystems.com

Article source: http://www.darkreading.com/government-vertical/bae-systems-detica-unveils-industrialpro/240161069

DALLAS, Sept. 10, 2013 /PRNewswire/ — Security is serious business for ATT*.

The company today announced an expanded set of managed security solutions (MSS) and new capabilities, including the industry’s first all-in-one mobile security solution to be launched later this year. ATT, which manages 24,000 security devices and one million seats for cloud-based security services, will discuss the expansion of its cyber security portfolio at the 15th Annual ATT Cyber Security Conference in New York City.

Andy Daudelin, VP Security Services, ATT Business Solutions will outline the company’s aggressive growth plan to provide customers with end-to-end protection in today’s most critical areas of security including network-based defense, cloud security, secure mobile business, and threat management. At the heart of these efforts is the recognition that customers are looking for comprehensive solutions that can be integrated across business environments, and provide improved visibility into the state of their own networks and impending threats.

Recent and upcoming enhancements to the ATT portfolio of security solutions

include:

— ATT plans to launch a new cyber security solution that combines network

and device-level security controls with highly-secure virtual private

networking, application security and a full suite of mobile device

management capabilities. The solution, expected later this year,

provides businesses with comprehensive security for their mobile

ecosystems, even if they’re not ATT wireless customers, and represents

the industry’s first all-in-one mobile security solution.

— ATT has added Advanced Persistent Threat (APT) security assessments to

its portfolio of consulting services to help organizations evaluate

their ability to detect, resist, and respond to targeted cyber security

threats. ATT security consultants are certified in a variety of

security competencies including: Security and Risk Management, Audit and

Controls Review, Industry Regulations/Best Practices, Vendor Specific

Certifications, and Security Investigations and Forensics.

— ATT has doubled its network capacity to manage the growing volume of

distributed denial of service (DDoS) attacks and recently added a DDoS

protection option for customers deploying critical Web applications,

including Content Delivery Networks (CDN). These enhancements provide

customers with greater protection against DDoS attacks by dispersing and

absorbing immense volumes of malicious traffic before they reach

customer networks.

“Security is at the very core of what we do as a company,” said Daudelin. “From the security controls built right into the backbone of our network to our proprietary threat intelligence, we work to make security an enabler, not a limitation of business transformation. That’s one reason why we have a 98% retention rate among our security clients.”

With hundreds of security experts and multiple security operations centers deployed in the United States and globally, ATT utilizes patented analytic capabilities to process 265 billion flow records and 6.5 trillion packets each day. The company also maintains a malicious entity database with more than 1.2 million threat signatures and tracks hundreds of millions of security events daily. It is a leader in innovation through ATT Labs, whose employees have thousands of patents issued or pending worldwide, with more than 100 patents in security and privacy issued in 2012 alone.

ATT was recognized as a leader in the most recent Gartner Magic Quadrant for MSSPs in North America, and also received a positive rating in the Gartner MarketScope for Managed Security Service reports in both Europe and Asia/Pacific**.

For more information on ATT Network Security, visit att.com/network-security

*ATT products and services are provided or offered by subsidiaries and affiliates of ATT Inc. under the ATT brand and not by ATT Inc.

**Gartner, Inc., Magic Quadrant for MSSPs, North America, Kelly M. Kavanagh, November 15, 2012; MarketScope for Managed Security Services in Europe, Carsten Casper, October 24, 2012; MarketScope for Managed Security Services in Asia/Pacific, 2012, Andrew Walls, October 9, 2012.

About ATT

ATT Inc. (NYSE:T) is a premier communications holding company and one of the most honored companies in the world. Its subsidiaries and affiliates – ATT operating companies – are the providers of ATT services in the United States and internationally. With a powerful array of network resources that includes the nation’s largest 4G network, ATT is a leading provider of wireless, Wi-Fi, high speed Internet, voice and cloud-based services. A leader in mobile Internet, ATT also offers the best wireless coverage worldwide of any U.S.

carrier, offering the most wireless phones that work in the most countries. It also offers advanced TV services under the ATT U-verse and ATT ?DIRECTV brands. The company’s suite of IP-based business communications services is one of the most advanced in the world.

Article source: http://www.darkreading.com/management/att-accelerates-cybersecurity-push/240161060