STE WILLIAMS

The so-called NetTraveler targeted attack campaign discovered earlier this year by Kaspersky Lab is now employing an exploit that takes advantage of a just-patched Java bug, and is also adopting the increasingly popular waterholing technique to infect targets.

NetTraveler, aka Red Star, Travnet, and Netfile, is a less sophisticated but persistent attack campaign with uncanny longevity: for nearly ten years, it has targeted hundreds of victims in 40 different countries across governments, embassies, oil and gas, military contractors, activists, and universities. The APT group is made up of some 50 members and has traditionally employed patched Office exploits—namely CVE-2012-0158.

“All APT crews seem to be slowly moving away from worn out exploit variations abusing CVE-2012-0158, or the Office vulnerabilities. The decreasing effectiveness of these exploits pushed NetTraveler into using a new exploit,” says Kurt Baumgartner, senior security researcher for the Americas on the Global Research and Analysis Team at Kaspersky Lab, in an email interview.

The Java Runtime Environment flaw in Java versions 5, 6, and 7 was patched by Oracle in June of this year. Kaspersky Lab researchers saw an exploit for the flaw including in several spearphishing emails sent to Uyghur activists.

NetTraveler also has hacked Uyghur websites and planted malware in so-called “waterholing” attacks in hopes of snaring more victims quickly. Among the sites that appear to have been rigged with malware was the Islamic Association of Eastern Turkistan website, according to Kaspersky Lab.

Baumgartner says Kaspersky Lab only saw the attacks on Uyghur activists, but there could be other attacks it has not seen.

“Not only has the NetTraveler crew spearphished Uyghur activists with Java exploits, but to ensure infiltration of their victim resources, they compromised Uyghur websites and used them to attack activists and other visitors with Java exploits,” he says.

[Nearly decade-old attack also has links to other APT groups, infrastructure. See ‘NetTraveler’ Cyberespionage Campaign Uncovered .]

Costin Raiu, director of Kaspersky Lab’s global research analysis team, says the attack group took offline the command and control servers that Kaspersky outed back in June and moved those operations to new servers in China, Hong Kong, and Taiwan. “However, they also continued the attacks unhindered, just like the current case shows it,” Raiu says in a blog post today describing the newest moves by the group.

It’s likely that the group will continue to add newer exploits in its targeted attacks, he says.

The group isn’t known for employing zero-day attacks, and traditionally has relied on tried-and-true methods of attack. Regular patching, application whitelisting, and attack-mitigation techniques are the best defense, according to security experts.

“The group does not seem to be actively developing 0-day themselves, and heavily relies on the same techniques and ready-made kits to attack multiple victims,” Kaspersky’s Baumgartner says. “There is not much offensive variety or technical skillset depth here.”

Kaspersky Lab in June announced that it had discovered more than 22 gigabytes of stolen data on 30 NetTraveler CC servers—everything from file system listings, key logs, PDFs, Excel spreadsheets, and Word documents. NetTraveler also has the capability to target computer-aided design files. Among the intelligence topics the group has targeted are space exploration, nanotechnology, energy production, nuclear power, laser technology, medicine, and communications.

Raui’s full post on the new NetTraveler developments–including screenshots and code samples–is here.

Have a comment on this story? Please click “Add Your Comment” below. If you’d like to contact Dark Reading’s editors directly, send us a message.

Article source: http://www.darkreading.com/attacks-breaches/chinese-cyberspies-enlist-java-exploit/240160766

The major UK broadband providers are being asked to create a database of customers who illegally download films, music and other protected content from the internet.

This latest move is likely borne out of frustration with the Digital Economy Act 2010 which was designed to give more power in fighting piracy but has seen delays push its full implementation date back to 2014 at the earliest.

If Virgin Media, BT, BSkyB and TalkTalk sign off on the proposal, it’s anticipated that the data they collate could then be used to serve warning letters, apply for disconnections or prosecute repeat offenders.

Curbing digital piracy will be one of the topics discussed when record labels and their trade association, the BPI, meet with Prime Minister David Cameron at a Downing Street breakfast on September 12.

Film and music companies will ask broadband providers to sign up to a voluntary code which will, arguably, see them tasked with policing the internet on the behalf of the content creation industry. The Guardian reports that negotiations have already been happening for months with the BPI and the British Video Association, of which the BBC and Hollywood studios are members.

The voluntary code, should it be adopted, will see internet service providers (ISPs) tasked with creating a database of repeat offenders. These offenders would be sent warning letters stating that their internet address had been used for illegal downloads.

The letters would warn of further consequences for continued copyright infringement and would point users towards legal services for their film and musical needs.

Should the offenders ignore the letters then sanctions would be imposed, such as having access to certain sites blocked, slowing of internet connections or even prosecution.

There are some potential issues for ISPs should they adopt these measures though. Firstly, if they were to create and maintain such a database then who would pay for it? Would they pick up the tab or would it be funded by the content creators themselves?

Personally I suspect it would be option three – the consumer – who would see an increase in their broadband costs, irrespective of whether they themselves had downloaded anything illegally or not.

Secondly, keeping a database of warning notices could put the broadband providers on the wrong side of the Data Protection Act which states that companies can only store information about individuals for commercial reasons.

A spokesperson for TalkTalk told the Guardian that while they would, “like to reach a voluntary agreement” their “customers’ rights always come first” and they would “never agree to anything that would compromise them.”

A spokeswoman for Virgin Media also had similar concerns, commenting that the current proposal is “unworkable.”

When I contacted the BPI and asked them for their views on both of these issues I was told the planned meeting at No.10 was solely in response to an invitation from David Cameron after he attended a BPI 40th anniversary event in June. The only comment a spokesperson would give me was:

Record labels are key investors in British music, and, contrary to some media reports, we expect the forthcoming meeting with the Prime Minister to focus on a range of positive measures that will enable further investment in British talent, promote exports and support the continuing growth of the UK’s digital music market.

I’ll leave you to ponder what this tells us along with a quote from Loz Kaye, leader of Pirate Party UK, who said:

The content industry seems intent on turning Internet Service Providers in to the music NSA.

Harsh words indeed, but ones that may well resonate with people who already have concerns about the government’s digital policies, especially in the wake of surveillance claims and attempts to censor certain types of content on the internet.

Follow @SecurityFAQs
Follow @NakedSecurity

Images of download key and skull and crossbones courtesy of Shutterstock.

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/6_aDmCj8yhc/

UK law firm EMW has reported a sharp rise in confidential data theft cases brought before the High Court.

The bulk of the cases involve information taken by employees from their places of work, with blame for the rise being put on the availability of cloud storage services, and also on increases in remote working.

2012 saw 167 cases involving confidential data theft at the High Court, up 58% from the 106 seen in 2011.

Although some reports have flagged a whopping 250% increase over the 45 recorded in 2010, this was a bit of an anomaly, sharply down on the 95 seen in the previous year.

Nevertheless, the general upward sweep over the last few years seems clear, and will be quite alarming for many businesses.

The bulk of the cases logged were civil cases brought by firms against former employees found to have taken company data, which might include anything from client and contact lists to financial info to technical product designs.

According to a report in the Telegraph, these cases rack up an average cost of £30,000 in legal costs, let alone the value of the lost data. This can be hard to put a price on, and is pretty impossible to “retrieve” once it has left company networks.

The availability of Dropbox and similar cloud storage services, which enable disgruntled staff to transfer huge amounts of data very rapidly with minimal preparation, is cited as a major factor in the spike.

Other commentators have emphasised the greater ease of stealing data thanks to the rise in remote working, and the remote access to company databases needed by homeworkers.

In the movies our data-exfiltrating hero has to crouch behind a desk, sweatily watching a progress bar tick towards completion on his USB stick copying, while footsteps thud ominously closer down the corridor. In reality, data can be copied or uploaded in comfort and safety from an armchair in front of the TV, with no risk of being observed, at least physically.

Of course this sort of thing should be being monitored by data leak protection (DLP) systems, and restricted by tight controls on who has access to sensitive data, especially remotely.

DLP controls can watch for specific files, file types or even tiny fragments of data crossing fixed boundaries, or can limit the amount of data that can be transferred from point to point in a given time period. Device control can prevent the use of removable media such as USB drives or CD burners, while web filtering can block access to cloud services which might be open to abuse.

This sort of thing should deter most “disgruntled” (or simply avaricious) employees from making off with sensitive data, documents, or even whole databases.

It’s not entirely clear whether the upturn seen in the EMW figures also reflects a failure deploy or properly implement such technologies, allowing more data to be stolen, or in fact shows an improvement in their quality, ensuring more would-be data thieves are caught in the act and prosecuted.

Either way, it seems that employee data theft remains a problem which needs addressing. Data needs to be properly monitored and protected, whoever is working with it and whether it is inside company networks or being accessed by remote workers.

One approach might be to make sure you keep all your employees happy at all times, although that might prove impractical. On the other hand, the threat of heavy penalties for data theft doesn’t have a 100% success rate either.

Follow @VirusBtn
Follow @NakedSecurity

Image of a href=”http://www.shutterstock.com/pic.mhtml?id=101559832″ rel=”nofollow”tea-leaf having it away on his toes with a giant USB stick courtesy of Shutterstock.

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/KjJ1nv6mFcA/

Win a Samsung 40-inch LED HDTV with The Reg and HP!

A US marines recruitment website, www.marines.com, was hacked and defaced by hacktivists from the infamous Syrian Electronic Army over the weekend.

The attack was used to post a propaganda message (full text here) claiming that the Syrian Army have been fighting Al Qaeda insurgents for three years and describing Obama as a “traitor”.

The official Marines website (www.marines.mil), hosted on the United States Department of Defense’s domain, was not affected, although it is likely the SEA were hoping for headlines that attributed the hack of the military domain to them.

The site that the SEA hit doesn’t even belong to the US Marines: a little WhoIs poking quickly reveals it was registered by J Walter Thompson, an organisation that bills itself as “the world’s best-known marketing communications brand” but, so far as The Register is aware, has only a relatively limited standing army and nearly no first-strike capacity. The jobs site is operated by the US Marines Recruiting Command.

The hack followed US President Barack Obama’s announcement that he is seeking Congressional approval for a military strike on Syria, in response to reports that the Assad regime was using chemical weapons against the Syrian people.

Last week the SEA denied that its own web server had been hacked back in April and further denied that a voluminous data leak had occurred in connection with the “hack”. The incident followed days after high-profile DNS redirection attacks by the pro-Assad hacktivists on the New York Times and Twitter.

The SEA, which specialises in hijacking the Twitter feeds of high-profile media organisations to post propaganda messages, has been operational for at least two years. Over recent months it has assaulted VoIP services such as Viber.

Its most recent DNS-redirection hacks combined with talk of military action by the West have raised the ante in cyberspace, with the group now facing off against US patriot hacker The Jester (here and here) among others – including a previously unknown American character, who calls himself “Oliver Tucket”. Tucket last week claimed to Washington Post reporters that he had broken into insecure Syrian government servers.

Attacking the US Marines website is likely to add fuel to the flames of a cyber-skirmish that has so far largely centred around the publication of login credentials and threats to expose the real-world identities of members of the SEA hacktivist crew. ®

Win a Samsung 40-inch LED HDTV with The Reg and HP!

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/09/03/sea_hits_marines/

Grocery chain Schnucks, which suffered a major security breach earlier this year, has been sued by its cyber insurance provider over lawsuits resulting from the breach.

Schnucks disclosed in April that more than 2.4 million customer records were compromised in a malware attack on its systems.

Liberty Mutual, which provides the cyberbreach insurance coverage for Schnucks, sued Schnucks last week, saying that it should not be liable to pay the costs of eight lawsuits arising from the breach or for claims made by banks that work with Schnucks.

In court documents published by the website Main Justice (PDF), Liberty Mutual says that it is willing to pay Schucks’ breach costs, it is not willing to pay costs resulting from lawsuits filed by customers against the grocery chain over the breach of privacy.

Liberty Mutual also says it will not pay costs related to claims by four banks and one payment processor resulting from the breach. Schucks’ cyber insurance is provided as part of a multipurpose property damage policy that does not cover suits and claims resulting from a breach, the insurer says.

“For the purposes of this insurance, electronic data is not tangible property,” Liberty Mutual states. “The claims described in the complaints and claims are not for physical injury to or loss of use of any tangible property, but rather for the loss of personal information. Such a loss is not for ‘property damage.'”

Have a comment on this story? Please click “Add a Comment” below. If you’d like to contact Dark Reading’s editors directly, send us a message.

Article source: http://www.darkreading.com/services/cyber-insurer-sues-grocery-client-says-i/240160669

BURLINGTON, Mass. SYDNEY Australia, September 3, 2013 – Arbor Networks Inc. announced today that it has acquired privately held Packetloop, an innovator and leader in the field of Security Analytics. Terms of the deal were not disclosed. Arbor plans to invest in and expand Packetloop’s Sydney, Australia-based operations.

Packetloop’s solution delivers real-time, network-wide situational awareness through a combination of packet capture, big data analytics, security forensics and visualizations that help enterprises identify malware, targeted attacks and attackers. Packetloop’s capabilities complement Arbor’s market leading NetFlow visibility, anomaly detection, application intelligence and identity tracking. Arbor will integrate Packetloop’s capabilities into its enterprise solution platform this year, delivering a broad, integrated set of network visibility; threat detection and mitigation; incident response; and forensics capabilities that become the foundation of Arbor’s next-generation threat monitoring and mitigation platform.

“The Packetloop technology and people are a great addition to the Arbor team. They bring tremendous insight and knowledge in applying security analytics to the advanced threat landscape. They have developed a really innovative and powerful solution that brings context to data, quickly, and in a meaningful way for those who need it,” said Arbor Networks President Colin Doherty.

“Arbor shares our belief that detection is the key, prevention is the goal and it all starts with great visibility. We also believe that data without context is meaningless,” said Packetloop co-founder and Chief Executive Officer Scott Crane. “Arbor is a successful and well-established company, yet they still have the heart of a startup, an innovator, a disruptor. They’re continuously pushing the envelope. That type of environment, with their people and technology, is a great fit for Packetloop.”

“Arbor is building a network security and analytics platform that goes far beyond DDoS detection and mitigation,” said John Grady, research manager for Security Products at IDC. “Adding a big data security analytics and forensics platform like Packetloop’s makes sense as they extend into the broader advanced threat market. Arbor now has a unique combination of NetFlow, packet capture and global threat intelligence from their ATLAS infrastructure to address today’s dynamic threats that evade signature-based solutions.”

Packetloop Solution Overview

Today, Packetloop’s solution is delivered as a Cloud platform that anyone can use at any time. Customers upload and analyze their own packet captures, finally unlocking the power of Security Analytics in the Cloud with an ease of use that has evaded traditional approaches. Packetloop has also developed an on-premise, real-time network solution that consists of prepackaged Virtual Machines and hardware appliances. The on-premise solution will connect the customer to the Cloud for real-time processing to complement the historical forensic capabilities of the Cloud solution. Arbor plans to integrate the on-premise solution with its enterprise solution platform.

Real-time Advanced Threat Detection

• Unmasks advanced threats through profiling and monitoring through real-time packet capture and historical analytics over long time periods.

• Identifies on-going malicious or abnormal network behavior as well as data exfiltration attempts.

• One solution for all networks. Detects attacks in any network infrastructure, from on premise corporate networks to any Cloud implementation and any combination of both.

Threat Analysis (Incident Response Forensics)

• Scales to terabytes of data, ideal for Arbor’s large enterprise customers.

• Provides in-depth traffic analysis and visualizations, giving users the ability to Play, Pause and Rewind network data and to view attacks and attackers from different perspectives.

• Enables security and network teams to perform incident response and forensic analysis.

Additional Resources:

Blog post by Packetloop co-founder Scott Crane

Blog post by Arbor’s Kris Lamb, VP of Engineering

Packetloop website

Try Packetloop for free: Full access to all features

About Arbor Networks

Arbor Networks, Inc. helps secure the world’s largest enterprise and service provider networks from DDoS attacks and advanced threats. Arbor is the world’s leading provider of DDoS protection in the enterprise, carrier and mobile market segments, according to Infonetics Research. Arbor’s advanced threat solutions deliver complete network visibility through a combination of packet capture and NetFlow technology, enabling the rapid detection and mitigation of malware and malicious insiders. Arbor also delivers market leading analytics for dynamic incident response, historical analysis, visualization and forensics. Arbor strives to be a “force multiplier”, making network and security teams the experts. Our goal is to provide a richer picture into networks and more security context – so customers can solve problems faster and reduce the risk to their business.

Article source: http://www.darkreading.com/management/arbor-networks-acquires-security-analyti/240160711

WASHINGTON, D.C. – September 3, 2013 – Silent Circle, the global encrypted communications firm revolutionizing mobile device security for organizations and individuals alike, today announced the availability of its Silent Text secure messaging and file transfer app for Android devices via Google Play. With the addition of Silent Text for Android, Silent Circle’s apps and services offer unmatched privacy protection by routing encrypted calls, messages and attachments exclusively between Silent Circle users’ iOS and Android devices without logging metadata associated with subscribers’ communications.

Silent Text for Android’s features include:

Burn Notice feature allows you to have any messages you send self-destruct after a time delay

Send map locations encrypted and controlled

Peer-to-peer key management – keys are on each device, not on Silent Circle’s servers

No one but you and the person you are texting can decrypt and read the information

Send any file up to 100MB

Revolutionizes secure business and personal communications with a tap of the finger

“Relentless surveillance and espionage by state-sponsored, commercial, and criminal actors worldwide continues to demonstrate vulnerabilities in cellular calls and mobile communications that executives, government officials and others rely on everywhere they travel,” said Silent Circle CTO and co-founder Jon Callas. “At a time when large-scale network monitoring is making many cloud, telecommunications and other businesses’ privacy policies almost moot, our services give employees and individuals with sensitive information the confidence to communicate and collaborate anywhere.”

Silent Text for Android adds to Silent Circle’s comprehensive set of private, peer-to-peer encrypted communications services including Silent Phone for secure mobile voice and video calling and encrypted voice and video communication on Windows PCs with Silent Circle Desktop for secure calls and conferencing.

“With our latest versions of Silent Phone and Silent Text, we give iOS and Android users a private, end-to-end encrypted platform for calling, messaging and sharing files designed to be inherently more secure than other mediums,” Callas continued. “Beyond strong encryption, our apps give users important, additional privacy controls, such as Silent Text’s ability to wipe messages and files from a recipient’s device with a ‘Burn Notice.'”

About Silent Circle’s encrypted peer-to-peer communication services:

Silent Phone: Encrypted mobile VoIP calling with ability to seamlessly switch to high-quality, secure video calls, on-demand. Currently available for iOS and Android, it can be used with Wi-Fi, 3G or 4G LTE cellular anywhere in the world.

Out-Circle Access: Enables calls between one Silent Phone subscriber and a non-subscriber.*

Silent Text: Encrypted text messaging with support for almost any attachment up to 100MB and “Burn Notice” feature for permanently deleting messages from senders’ and receivers’ device registries. Messages can include map locations and multimedia recorded in the app. Currently available for iOS and Android.

Silent Circle Desktop: Encrypted VoIP audio and video calls and conferencing from Windows laptops and desktops through Silent Circle’s custom HD network. Compatible with Silent Phone. Currently available for Windows PC’s.

*Currently limited to PSTN calls in U.S., Canada and Puerto Rico.

ABOUT SILENT CIRCLE

Silent Circle is a global encrypted communications service headquartered in Washington D.C. providing a revolutionary peer-to-peer platform for encrypted voice, video, text and file transfer on mobile devices via a secure, proprietary network, software and mobile apps. Silent Circle was co-founded by Mike Janke, former Navy SEAL and best-selling author and Phil Zimmermann, the world famous Silicon Valley creator of Internet encryption for voice and data and 2012 inductee into the Internet Hall of Fame. For more on Silent Circle, go to: https://www.silentcircle.com

Article source: http://www.darkreading.com/mobile/silent-circle-announces-silent-text-for/240160709

Chicago, IL Bethesda, MD, September 3, 2013 – Neohapsis, the trusted provider of mobile and cloud security services, and Arxan, the industry-leading provider of software security solutions that protect the App Economy, today announced a new partnership to offer heightened protection for high-value applications. The arrangement between the companies offers enhanced tamper-resistance and self-defense built into a comprehensive application security strategy.

According to recent Gartner research, “applications and data are the main focus of modern cyberattacks. The widespread availability of application attack technologies and the changing nature of attacks, from ‘mass’ to advanced and targeted, require better technology and skills to detect and deter. It is also critical to remember that attacks come not only from the outside, but also from the inside of the enterprise”1

“Not every application is the same–the reality is that some are more sensitive than others and deserve greater security,” said Mike Dager, CEO of Arxan. “Through this partnership with Neohapsis, we can offer software developers in every field the ability to design and implement a much higher level of protection within the binary code in order to defend, detect and rapidly react to attacks. This will help organizations innovate and release high-value applications with confidence.”

In today’s mobile App Economy, hackers are shifting their attacks from breaching the network and device perimeter to directly compromising sensitive applications. Mobile and packaged applications with sensitive binary code are often exposed to reverse engineering, tampering, malicious code injection, IP theft, data compromise, fraud and other forms of exploitation. Even supposedly flawless code can sometimes be cracked with readily available hacking tools, such as decompilers, hex editors and debuggers. These trends escalate the need to enable applications to protect themselves against such attacks, prior to release to distributed or untrusted environments.

The new combined solution integrates Neohapsis’s risk assessment, secure development lifecycle (SDLC), and risk mitigation capabilities with Arxan’s integrity protection and tamper-resistance technology to feature an end-to-end application security solution tailored to match the maturity and size of the overall security program. Among other advantages, the solution features benefits — ranging from advanced threat assessments and vulnerability findings, to greater resistance to unauthorized tampering and reverse engineering — to prevent brand compromise, fraud, IP loss, or piracy.

“Application security represents a moving target, with threats and deployment environments changing regularly,” said James Mobley, CEO of Neohapsis. “The best defense requires combined strategies with best-of-breed offerings, and that’s why we’re proud to partner with Arxan Technologies in taking this solution to market. We believe this combined offering represents a new frontier in high-value application integrity and security.”

About Neohapsis

Neohapsis is a trusted provider of mobile and cloud security services. We work with more than 300 global enterprises to address their constantly evolving information security and compliance challenges. Leveraging our security expertise, advanced research and security tools, Neohapsis is at the forefront of securing today’s emerging technologies.

About Arxan Technologies

Arxan protects the App Economy from attacks in distributed or untrusted environments with the world’s strongest and most deployed application integrity protection products. Among today’s diverse computing platforms, mobile, embedded, or packaged software are all exposed to hacking attacks such as reverse-engineering, tampering, insertion of malware/exploits, repackaging, fraud, intellectual property theft, and piracy. Arxan’s patented Guarding technology enables applications to proactively guard their own integrity by defending, detecting, alerting, and reacting to hacking attacks through a risk-based, customized protection. Arxan’s self-defending and tamper-proof applications are deployed on more than 200 million devices by leading Fortune 500 organizations in high-tech, ISV, financial services, digital media, gaming, healthcare, and other industries. Arxan Technologies is headquartered in the United States with global offices in EMEA and APAC. Visit us at www.arxan.com.

Article source: http://www.darkreading.com/applications/neohapsis-arxan-form-alliance/240160713

HOUSTON, Sept. 3, 2013 /PRNewswire/ — Alert Logic (www.alertlogic.com), the leading provider of Security-as-a-Service solutions for the cloud, and Kroll, the world’s leading risk management company, today announced a strategic alliance to help businesses identify, respond to and recover from data breaches and other security incidents. When sensitive information is compromised, the two organizations work closely to quickly determine the source, scope and sensitivity of a security incident and apply security best practices to remediate the current issue and future data breach prevention.

Kroll’s certified security and forensic experts utilize Alert Logic’s Security-as-a-Service solutions in their incident analysis and cyber investigations around the world to accurately diagnose incidents, pinpoint vulnerabilities and make sure systems are no longer compromised. Kroll combines its significant experience, global reach and deep investigative knowledge regarding attacker methodology and exploits with Alert Logic’s Log Managerand LogReview to determine when and where the security breach occurred and what information was compromised. Also, Kroll leverages Alert Logic’s Threat Manager with ActiveWatch and ActiveWatch Premier as part of its comprehensive security assessments to identify potential vulnerabilities so risks can be resolved.

“Time is extremely important in incident and data breach response, and Alert Logic’s Security-as-a-Service solutions help us to quickly identify intruder access points, locate malware on customers’ networks and quickly restore operational and data security,” said Tim Ryan, Managing Director and Cyber Investigations Practice Leader for Kroll.

Kroll’s Cyber Security practice provides world-class forensic analysis, digital investigation, risk mitigation services and breach response capabilities to clients that experience information security and/or privacy incidents. Kroll’s ability to serve as a single point for incident response allows its clients to reduce overall cost and seamlessly move from investigation to notification when necessary, increasing speed to resolution.

“We are proud to be working with Kroll, both in responding to data security incidents and preventing future incidents, by leveraging the powerful capabilities of Log Manager and Threat Manager to monitor customer networks and detect attempted intrusions,” said Alert Logic Vice President of Business Development Rohit Gupta.

Alert Logic’s Security-as-a-Service solutions provide customers four distinct

advantages: market-leading security tools, a fully outsourced and managed SaaS delivery model, integrated 247 Security Operations Center (SOC) services to monitor and provide expert guidance and the ability to deploy wherever a customer has IT infrastructure–including the cloud. More than half of the largest managed hosting and cloud service providers use Alert Logic’s services to secure their customer environments, making Alert Logic the de facto standard for securing infrastructure in hosted and cloud environments.

About Kroll

Kroll, the global leader in risk mitigation and response, delivers a wide range of solutions that span investigations, due diligence, compliance, cyber security and physical security. Clients partner with Kroll for the highest-value intelligence and insight to drive the most confident decisions about protecting their companies, assets and people. Kroll is recognized for its expertise, with

40 years of experience meeting the demands of dynamic businesses and their environments around the world. Headquartered in New York with offices in 30 cities across 17 countries, Kroll has a multidisciplinary team of 700 employees.

For more information, visit krollcybersecurity.com.

About Alert Logic

Alert Logic, the leading provider of Security-as-a-Service solutions for the cloud, provides solutions to secure the application and infrastructure stack. By integrating advanced security tools with 247 Security Operations Center expertise, customers can defend against security threats and address compliance mandates. By leveraging an “as-a-Service” delivery model, Alert Logic solutions include day-to-day management of security infrastructure, security experts translating complex data into actionable insight, and flexible deployment options to address customer security needs in any computing environment. Built from the ground up to address the unique challenges of public and private cloud environments, Alert Logic partners with over half of the largest cloud and hosting service providers to provide Security-as-a-Service solutions for business application deployments for over 2,200 enterprises. Alert Logic is based in Houston, Texas, and was founded in 2002. For more information, please visit www.alertlogic.com.

Article source: http://www.darkreading.com/management/alert-logic-and-kroll-announce-strategic/240160737

September 3, 2013 – LOGbindertrade today announced upgrades across its entire product range to deliver native support for current versions of Microsoft’s SharePoint 2013, SQL Server 2012 and Exchange 2013.

LOGbinder software is the only solution for collecting security log data from these mission critical applications into SIEM deployments.

“Our customers began to request compatibility with the current version of Microsoft’s enterprise software around the first part of the year, and we are very pleased to respond so quickly,” said Randy Franklin Smith, CEO of Monterey Tech Group, Inc., the parent company of LOGbinder Software. “We are very pleased that our new software now removes at least one obstacle InfoSec managers face in upgrading to these more robust enterprise solutions from Microsoft.”

LOGbinder EXtrade 2.0 adds Microsoft Exchange Server 2013 compatibility, with its 132 new admin events! With this release, LOGbinder EX is able to provide audit log insight for installed versions of Exchange Server 2010 and Exchange Server 2013.

LOGbinder SPtrade 4.0 introduces support for Microsoft SharePoint 2013 and improves performance via memory management optimization. With this update LOGbinder SP supports SharePoint 2007, SharePoint 2010 and SharePoint 2013.

LOGbinder SQLtrade 2.0 introduces support for Microsoft SQL Server 2012, making it a viable audit management solution for installations back to and including MS SQL 2008. This update adds translation for more than 20 new events for SQL Server 2012!

Customers with current maintenance support agreements receive their upgrade at no cost. Fully-functioning trial versions of the software and specific information related to each are found on our upgrade page.

LOGbinder software helps information security professionals to manage critical event log data contained within Microsoft’s enterprise software offerings of SharePoint, SQL and Exchange. These applications store and distribute massive amounts of sensitive data within companies all over the world.

InfoSec managers charged with monitoring the flow of information have heavy responsibilities placed on them by corporate oversight and government regulation. These security experts can complement their SIEM solution to include security intelligence from the application layer with LOGbinder software. Bridging this critical gap, putting application security audit log data within reach, brings a more comprehensive result to information security initiatives within the world’s best organizations.

Typically installed within enterprise SIEM environments, the product is licensed by number of SharePoint servers, Exchange mailboxes or SQL instances. LOGbinder software takes little overhead to run and adheres to enterprise security best-practice.

LOGbinder can be used with any SIEM solution. Specific integrations with leading SIEM solutions such as HP ArcSight Enterprise Security Manager, GFI Events Manager, SolarWinds Log Event Manager, EventTracker and LogRhythm have been made and are readily available. Other SIEM software such as that from RSA envision, Netikus EventSentry, AccelOps and AlienVault are also used in conjunction with LOGbinder. To get more information about LOGbinder integrations with SIEM providers browse to the Partner page on logbinder.com.

About LOGbinder

Formed in 2009 to address the gap in security audit log management within the application layer, LOGbinder is a division of Monterey Tech Group, Inc., publisher of Randy Franklin Smith’s Ultimate Windows Security, a brand recognized world-wide as an InfoSec thought leader and best-practice expert.

To learn more about LOGbinder and the importance of security audit log management browse to logbinder.com.

Article source: http://www.darkreading.com/management/logbinder-expands-product-line/240160755