Utilizing Pervasive Application Monitoring and File Origin Tracking in IT Security

Size: px
Start display at page:

Download "Utilizing Pervasive Application Monitoring and File Origin Tracking in IT Security"

Transcription

1 4 0 0 T o t t e n P o n d R o a d W a l t h a m, M A w w w. v i e w f i n i t y. c o m Utilizing Pervasive Application Monitoring and File Origin Tracking in IT Security

2 TABLE OF CONTENTS Introduction 3 Malware Inhibitors 3 Furthering Default Deny 3 Managing Unknown Software 3 The Role of File Origin 4 Why Automating Whitelists Matters 5 Automation Via Designation of a Trusted Sources File Origin 6 Least Privilege Consideration 6 Conclusion 7

3 Introduction The vulnerability of computer systems to malware has spawned a substantial and growing industry in anti-virus software, intrusion detection systems, and other defenses to protect networks from malicious programs. Faced with a malware environment that is constantly evolving and changing, however, it is a continuing challenge for vendors to keep their products up-to-date and effective against the newest threats. For businesses that find it too risky to rely solely on these measures for protection against malware, the more stringent option of application whitelisting ( default deny model) is growing in popularity. Malware Inhibitors Antivirus programs by default allow new executables on machines except for those that have been previously identified as malware. This has the benefit of being extremely easy for end-users and system administrators: they simply install the antivirus software on their machines and it automatically detects and removes known malware, without requiring further user intervention and without inhibiting the users ability to install many programs. Application whitelisting mechanisms, by contrast, typically do not allow any new executables to be installed except for those that are pre-approved (or whitelisted). This much more restrictive form of security has the benefit of protecting against a wider range of new and unknown malware but also requires significantly more involvement on the part of system administrators and causes greater inconvenience for individual users seeking to download new software. Furthering Default Deny For some system administrators, this degree of control and stringent limiting of allowable software may be desirable, but for many others strict whitelisting rules may be difficult to maintain and can constrain users ability to do their jobs. The major difficulty in whitelisting maintenance is that the list is dynamic and in large IT environments there are hundreds and even thousands of new executables which need to be categorized each day. One of the possible means of mitigating this daunting task is to automate how whitelisting policies are manage; one based on so called trusted sources. For instance, any new software that is signed by vendor X will be automatically whitelisted because we trust the signature of this vendor, or another software package is trusted because it was installed by a trusted person from within the IT organization. One of the limitations of the trusted source approach is that during its lifetime, a file can change ownership, such as its location on the network and other attributes and thus will lose its alignment with the trusted universe. For security and manageability it is important to be able to track a file s history and assign its true origin: we need to know from which site or USB this file was initially downloaded, when it was done and who did it. Technology that automatically tracks the origins of new and existing software will help automate the administrator s task of maintaining the whitelist and enable more accurate forensic investigation of malware incidents. This technology has the potential to strengthen security, particularly within whitelisted environments, though it may also be limited by the granularity with which it can identify file origins. For instance, it is not always possible to define a URL from which the software was downloaded. A complimentary approach is to implement a means of greylisting for applications that are not explicitly whitelisted or blacklisted, but instead are permitted to run in a restricted manner, or with limited access, thus being potentially less harmful to the core infrastructure and data of enterprise. Now you have achieved the optimal balance of ensuring that user productivity is not disrupted while also still operating a secure environment. Managing Unknown Software Malware is rampant in the computing world, with malicious programs infecting computers through a variety of channels, including , websites, and USB connections. Microsoft s Security Intelligence Report (SIR) notes that it can sometimes be difficult for even experienced Internet users to avoid coming into contact with malware. The

4 cybercriminals who publish and distribute malware devote significant effort to convincing or tricking Internet users into clicking links that lead to malware, or that download malicious attachments or applications. Even familiar and trusted websites can sometimes be exploited by attackers to distribute malware using tactics such as drive-by downloads. 1 A 2010 report by Panda Security found that 25 percent of new worms were designed to spread via USB devices, with 27 percent of more than 10,000 surveyed companies confirming that they had identified infections which could be traced back to USB connections. So far, these types of infection are still outnumbered by those that spread via , but it is a growing trend, PandaLabs reported. 2 Clearly, malware from a variety of sources continues to target computer systems worldwide, but, of course, there is also a significant quantity of non-malicious, useful software that organizations may wish to allow on their networks. Whitelisting software may help an organization avoid unwanted malware, but it may also constrain how quickly and the extent to which employees can make use of non-malicious, new programs that would aid them in their work. A report from the Public Interest Advocacy Centre points out that in some cases whitelisting may be too restrictive and overly broad, infringing on the functionality of a computer and the network [D]epending on who is managing the whitelist and vetting new or updated software, it may take several weeks for new or updated software to be added to the whitelist. 3 Security expert Bruce Schneier echoes this concern, writing, The average corporate IT department doesn't have a good idea of what software is running on all the computers within the corporation, and doesn't want the administrative overhead of managing all the change requests. 4 Reducing the administrative overhead needed to implement application whitelisting is a major motivation for tracking file origins. Maintaining information on the source of all software downloaded on a system can allow organizations to automate, to some extent, the role of the system administrator in whitelisting, blacklisting or even greylisting new programs. This information may also play a vital role in helping investigate any security breaches or malware problems that arise in a system by identifying the source of the malicious executables. The Role of File Origin Tracking File origin tracking is intended as a means of enabling a combination of the convenience of default allow defenses, like anti-virus software, with the effectiveness of default deny defenses, such as application whitelisting. The central use case driving file origin tracking technology is that by intercepting installation attempts, as well as changes in the file attributes, the software has the capability to automatically assign a trusted or untrusted status to the application, based on the original event that introduced the file into a corporate environment. For instance, an organization may decide to differentiate between programs downloaded via trusted processes, or signed by certain vendors, from those downloaded from the Internet, or via USB devices. By distinguishing between different categories of origins that can be designated to whitelists, greylists, or blacklists, companies may be able to automate a good portion of the whitelisting administrative overhead. Additionally, this information can be leveraged in the event of a security breach. If the program responsible for the breach can be identified, the origin data may then lend itself to better forensic analysis of the original source of that malware and can be used to update security policies. 1 Microsoft Security Intelligence Report, vol. 14. Available from 2 25% of new worms in 2010 are designed specifically to spread through USB devices Panda Security press release. Aug. 26, Available from 3 Janet Lo. Whitelisting for Cyber Security: What It Means for Consumers. Public Interest Advocacy Centre. November Available from 4 Bruce Schneier. Is Antivirus Dead? November 10, Available from is_antivirus_de.html.

5 The goal of combining file origin tracking technology with whitelisting mechanisms is to introduce some greater degree of automation to whitelisting and reduce the need for manual configuration and management by IT personnel. Keeping track of the source of new files what website they were downloaded from, what vendor signed the installation package, etc. makes it easier to make automatic decisions for classifying whitelisting, greylisting, and blacklisting of new executables. For instance, this could allow for programs whose origin is signed by a trusted vendor or distributed by an IT department s internal software distribution system or System Center Configuration Manager to stay as whitelisted during all changes in file origin, location etc. regardless of any changes, the hash and details of origin will remain true. In this manner, an organization may simply designate trusted vendors and internal installation procedures and reduce the need for IT involvement in the whitelisting procedures, enabling greater flexibility and more rapid updating of systems than a straightforward default-deny whitelisting mechanism could. As a precursor to whitelisting, many of our customers initially use file history in a monitoring mode, which shows what applications are actually in use. The monitoring lets you know if these applications require admin rights, and can build trusted software source locations such as SCCM, Altiris, CA, LANDesk, trusted OS image, network shares, publishers, etc. It s a logical approach for this type of project because the monitoring ensures users aren t shut off from using an application they need. Why Automating Whitelists Matters While whitelisting mechanisms are gaining some traction in the corporate world, and were even cited in a 2010 SANS Institute report as the most effective way to significantly reduce the impact of malware in today s environment, 5 the overhead associated with their implementation and maintenance is significant. This is evident even in the most successful commercial deployments of whitelisting app stores for smartphones and tablet devices. Apple iphones and ipads operate on a fundamentally whitelist-based model, in which users may only download onto their devices apps that have been pre-approved by Apple. These app stores allow Apple the opportunity to screen for any security threats, as well as other unwanted content, and have enjoyed considerable success as a crucial component of the wildly popular Apple mobile devices. However, they have also come in for criticism, not just because these stores limit users ability to download programs and force developers to give over a portion of their app revenue to Apple, but also because the approval or whitelisting process can be extremely time-consuming and resource-intensive. According to records filed with the Federal Communications Commission (FCC) in 2009, Apple then employed more than forty full-time app reviewers, and each application had to be independently reviewed by two different reviewers to ensure uniformity. The filings with the FCC s Wireless Telecommunications Bureau also noted that 95 percent of Apple s app applications are approved within two weeks of their submission. 6 In 2012, many app developers complained that the approval process was running longer up to as much as three weeks in the months leading up to the end-of-year holidays. 7 In other words, even with the significant resources Apple devotes to staffing its app review team, it has at times proved challenging for the company to keep up with the demands of developers and the timeline desired by its customers. The security advantages of this model, however, were lauded in a 2011 Symantec report on mobile device security, which found that the ios security model is well designed and has thus far proven largely resistant to most types of attacks. 8 5 Jim Beechey. Application Whitelisting: Panacea or Propaganda? SANS Institute. December Available from https:// 6 Apple Answers the FCC s Questions. August, Available from: 7 Tricia Duryee. The Latest Long Apple Line: Developers Waiting for App Approval. All Things D. November 8, Available from: 8 Carey Nachenberg. New Symantec Research: The Current State of Mobile Device Security. June 27, Available from

6 Translating this whitelisting security model, which has been used so successfully in Apple consumer devices, to the computer systems of the corporate world requires careful evaluation of the approval process for additions to the whitelist. Since whitelisting programs for internal corporate use is not as directly profitable and central to the business of most companies as whitelisting new apps is to Apple, it is unlikely that many organizations will be willing or able to devote the same level of resources to the approval of new files in a corporate setting. Still, the security benefits of a whitelisting model may appeal to many organizations interested in improving their internal system security to reinforce more automated defenses like antivirus programs. In order to enable more companies to act on this interest, though, it will be essential to automate whitelisting mechanisms, bringing them more in line with the maintenance requirements and ease-of-use of antivirus software. Automation via Designation of a Trusted Sources File Origin One important step in automating whitelisting technologies for greater ease-of-use is allowing organizations to establish the library of trusted sources and whitelisting files by knowing the true origin. Without knowing the history of a file, however, it is very difficult to ascertain whether or not it should be a trusted source. This is one crucial function of file origin tracking in implementing whitelisting: it allows organizations to automatically whitelist, greylist, or blacklist new files based on their source or origin rather than having to review each one individually. Furthermore, keeping records of which websites new programs are downloaded from can help mitigate malware infections. The Microsoft SIR notes, Attackers often use websites to conduct phishing attacks or distribute malware. Malicious websites typically appear to be completely legitimate and often provide no outward indicators of their malicious nature, even to experienced computer users, according the Microsoft SIR, volume 14. It continues, In many cases, these sites are legitimate websites that have been compromised by malware, SQL injection, or other techniques in an effort by attackers to take advantage of the trust users have invested in them. 9 Even when designating trusted sources is insufficient to prevent malware installation for instance, when legitimate sites are compromised tracking file origins may enable more effective, rapid investigation of the incident by allowing administrators to immediately identify the source of the malware, track other installations from that same source, and block further downloads from that source. Least Privilege Consideration There is great danger if administrative rights are allowed in a whitelisting model: users that retain administrative rights may attempt to bypass or uninstall application control agents, and attackers may target the whitelisting mechanism to have bad code recognized as legitimate. Thus, it is a highly-regarded opinion among IT professionals that moving to a locked down environment and controlling rights on personal computers and servers is a crucial part of any security solution. Adhering to the principle of least privileges is in the best interest of all companies and is best depicted in the following use case: An end user, who has full administrative rights, receives an containing a URL that points to a malicious executable which was hacked and signed with a well-known digital certificate. Since the signature is known to be good it is on the approved whitelist. Once that user clicks on the URL, malicious software is installed with file transfer enabled, and the web camera and remote terminal are activated. At this point, the company s assets and data are exposed. In a least privilege environment, using the example above, the user would not have local administrator rights. When the user clicks on the URL, the malicious software cannot be installed because administrative rights are required for the malicious code to register certain components. If file origin tracking is in place, the unclassified executable would be flagged and an indicated that it originated from the internet and assigned a low reputation score, and automatically blacklisting the executable. 9 Microsoft Security Intelligence Report, vol. 14. Available from

7 This use case outlines how controlling which applications are allowed to run in your environment through whitelisting, and reinforcing that protective layer by allowing standard administrative rights only, exemplify best practices for reducing security risks. Conclusion By improving the ease with which organizations can both designate trusted sources as well as investigate security breaches, file origin tracking has the potential to considerably lessen the burdens imposed by implementation of whitelisting solutions. By empowering companies to create customized whitelisting strategies and processes, depending on their desired degree of security and unique set of trusted sources, file origin tracking can also enhance the customizability of whitelisting technology, allowing for more tailored security solutions that harness the effectiveness of default deny defenses while reducing the resources needed for their implementation and maintenance.

8

IT & DATA SECURITY BREACH PREVENTION A PRACTICAL GUIDE. Part I: Reducing Employee and Application Risks

IT & DATA SECURITY BREACH PREVENTION A PRACTICAL GUIDE. Part I: Reducing Employee and Application Risks IT & DATA SECURITY BREACH PREVENTION A PRACTICAL GUIDE Part I: Reducing Employee and Application Risks As corporate networks increase in complexity, keeping them secure is more challenging. With employees

More information

Enterprise Apps: Bypassing the Gatekeeper

Enterprise Apps: Bypassing the Gatekeeper Enterprise Apps: Bypassing the Gatekeeper By Avi Bashan and Ohad Bobrov Executive Summary The Apple App Store is a major part of the ios security paradigm, offering a central distribution process that

More information

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES www.kaspersky.com EXPERT SERVICES Expert Services from Kaspersky Lab are exactly that the services of our in-house experts, many of them global

More information

October 2014. Application Control: The PowerBroker for Windows Difference

October 2014. Application Control: The PowerBroker for Windows Difference Application Control: The PowerBroker for Windows Difference October 2014 1 Table of Contents Introduction... 4 The Default-Deny Approach to Application Control... 4 Application Control s Dependence on

More information

BYPASSING THE ios GATEKEEPER

BYPASSING THE ios GATEKEEPER BYPASSING THE ios GATEKEEPER AVI BASHAN Technology Leader Check Point Software Technologies, Ltd. OHAD BOBROV Director, Mobile Threat Prevention Check Point Software Technologies, Ltd. EXECUTIVE SUMMARY

More information

Protecting Your Organisation from Targeted Cyber Intrusion

Protecting Your Organisation from Targeted Cyber Intrusion Protecting Your Organisation from Targeted Cyber Intrusion How the 35 mitigations against targeted cyber intrusion published by Defence Signals Directorate can be implemented on the Microsoft technology

More information

Critical Security Controls

Critical Security Controls Critical Security Controls Session 2: The Critical Controls v1.0 Chris Beal Chief Security Architect MCNC chris.beal@mcnc.org @mcncsecurity on Twitter The Critical Security Controls The Critical Security

More information

Managing Web Security in an Increasingly Challenging Threat Landscape

Managing Web Security in an Increasingly Challenging Threat Landscape Managing Web Security in an Increasingly Challenging Threat Landscape Cybercriminals have increasingly turned their attention to the web, which has become by far the predominant area of attack. Small wonder.

More information

Marble & MobileIron Mobile App Risk Mitigation

Marble & MobileIron Mobile App Risk Mitigation Marble & MobileIron Mobile App Risk Mitigation SOLUTION GUIDE Enterprise users routinely expose their employers data and threaten network security by unknowingly installing malicious mobile apps onto their

More information

Putting Operators at the Centre of

Putting Operators at the Centre of Putting Operators at the Centre of Enterprise Mobile Security Introduction Small and Medium Enterprises make up the majority of firms and employees in all major economies, yet are largely unidentified

More information

Application White Listing and Privilege Management: Picking Up Where Antivirus Leaves Off

Application White Listing and Privilege Management: Picking Up Where Antivirus Leaves Off Application White Listing and Privilege Management: Picking Up Where Antivirus Leaves Off Times have Changed & A/V Executives Agree An A/V product as your sole endpoint protection solution isn t enough.

More information

Endpoint Security Management

Endpoint Security Management Endpoint Security Management LANDESK SOLUTION BRIEF Protect against security threats, malicious attacks and configuration vulnerabilities through strong endpoint security control and maintenance. Protect

More information

Why should I care about PDF application security?

Why should I care about PDF application security? Why should I care about PDF application security? What you need to know to minimize your risk Table of contents 1: Program crashes present an opportunity for attack 2: Look for software that fully uses

More information

Internet threats: steps to security for your small business

Internet threats: steps to security for your small business Internet threats: 7 steps to security for your small business Proactive solutions for small businesses A restaurant offers free WiFi to its patrons. The controller of an accounting firm receives a confidential

More information

Technology Blueprint. Secure Your Virtual Desktop Infrastructure. Optimize your virtual desktop infrastructure for performance and protection

Technology Blueprint. Secure Your Virtual Desktop Infrastructure. Optimize your virtual desktop infrastructure for performance and protection Technology Blueprint Secure Your Virtual Desktop Infrastructure Optimize your virtual desktop infrastructure for performance and protection LEVEL 1 2 3 4 5 SECURITY CONNECTED REFERENCE ARCHITECTURE LEVEL

More information

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS CONTENTS PAGE RECONNAISSANCE STAGE 4 INCURSION STAGE 5 DISCOVERY STAGE 6 CAPTURE STAGE 7 EXFILTRATION STAGE

More information

Protect Your IT Infrastructure from Zero-Day Attacks and New Vulnerabilities

Protect Your IT Infrastructure from Zero-Day Attacks and New Vulnerabilities Protect Your IT Infrastructure from Zero-Day Attacks and New Vulnerabilities Protecting a business s IT infrastructure is complex. Take, for example, a retailer operating a standard multi-tier infrastructure

More information

10 Things Every Web Application Firewall Should Provide Share this ebook

10 Things Every Web Application Firewall Should Provide Share this ebook The Future of Web Security 10 Things Every Web Application Firewall Should Provide Contents THE FUTURE OF WEB SECURITY EBOOK SECTION 1: The Future of Web Security SECTION 2: Why Traditional Network Security

More information

WEB ATTACKS AND COUNTERMEASURES

WEB ATTACKS AND COUNTERMEASURES WEB ATTACKS AND COUNTERMEASURES February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in

More information

INSTANT MESSAGING SECURITY

INSTANT MESSAGING SECURITY INSTANT MESSAGING SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part

More information

5 Steps to Advanced Threat Protection

5 Steps to Advanced Threat Protection 5 Steps to Advanced Threat Protection Agenda Endpoint Protection Gap Profile of Advanced Threats Consensus Audit Guidelines 5 Steps to Advanced Threat Protection Resources 20 Years of Chasing Malicious

More information

Cisco Security Services

Cisco Security Services Cisco Security Services Cisco Security Services help you defend your business from evolving security threats, enhance the efficiency of your internal staff and processes, and increase the return on your

More information

{ipad Security} for K-12. Understanding & Mitigating Risk. plantemoran.com

{ipad Security} for K-12. Understanding & Mitigating Risk. plantemoran.com {ipad Security} plantemoran.com for K-12 Understanding & Mitigating Risk Plante Moran The ipad is in K-12. Since its debut in April 2010, the ipad has quickly become the most popular tablet, outselling

More information

Reducing the cost and complexity of endpoint management

Reducing the cost and complexity of endpoint management IBM Software Thought Leadership White Paper October 2014 Reducing the cost and complexity of endpoint management Discover how midsized organizations can improve endpoint security, patch compliance and

More information

IBM Security re-defines enterprise endpoint protection against advanced malware

IBM Security re-defines enterprise endpoint protection against advanced malware IBM Security re-defines enterprise endpoint protection against advanced malware Break the cyber attack chain to stop advanced persistent threats and targeted attacks Highlights IBM Security Trusteer Apex

More information

AVeS Cloud Security powered by SYMANTEC TM

AVeS Cloud Security powered by SYMANTEC TM Protecting your business from online threats should be simple, yet powerful and effective. A solution that secures your laptops, desktops, and servers without slowing down your systems and distracting

More information

End of Support Should Not End Your Business. Challenge of Legacy Systems

End of Support Should Not End Your Business. Challenge of Legacy Systems End of Support Should Not End Your Business When software vendors announce a product end-of-life (EOL), customers typically have 24 to 30 months to plan and execute their migration strategies. This period

More information

10 Smart Ideas for. Keeping Data Safe. From Hackers

10 Smart Ideas for. Keeping Data Safe. From Hackers 0100101001001010010001010010101001010101001000000100101001010101010010101010010100 0100101001001010010001010010101001010101001000000100101001010101010010101010010100000 0100101001001010010001010010101001010101001000000100101001010101010010101010010100000

More information

GFI White Paper. How Web Reputation increases your online protection

GFI White Paper. How Web Reputation increases your online protection GFI White Paper How Web Reputation increases your online protection Contents Introduction to Web Reputation 3 Why use Web Reputation? 3 The value of using Web Reputation and antivirus software 3 The value

More information

Spear Phishing Attacks Why They are Successful and How to Stop Them

Spear Phishing Attacks Why They are Successful and How to Stop Them White Paper Spear Phishing Attacks Why They are Successful and How to Stop Them Combating the Attack of Choice for Cybercriminals White Paper Contents Executive Summary 3 Introduction: The Rise of Spear

More information

Mobile Application Security. Helping Organizations Develop a Secure and Effective Mobile Application Security Program

Mobile Application Security. Helping Organizations Develop a Secure and Effective Mobile Application Security Program Mobile Application Security Helping Organizations Develop a Secure and Effective Mobile Application Security Program by James Fox fox_james@bah.com Shahzad Zafar zafar_shahzad@bah.com Mobile applications

More information

4 Steps to Effective Mobile Application Security

4 Steps to Effective Mobile Application Security Mobile Application Security Whitepaper 4 Steps to Effective Mobile Application Security Table of Contents Executive Summary 3 Mobile Security Risks in Enterprise Environments 4 The Shortcomings of Traditional

More information

Persistence Mechanisms as Indicators of Compromise

Persistence Mechanisms as Indicators of Compromise Persistence Persistence Mechanisms as Indicators of Compromise An automated technology for identifying cyber attacks designed to survive indefinitely the reboot process on PCs White Paper Date: October

More information

Microsoft Security Intelligence Report volume 7 (January through June 2009)

Microsoft Security Intelligence Report volume 7 (January through June 2009) Microsoft Security Intelligence Report volume 7 (January through June 2009) Key Findings Summary Volume 7 of the Microsoft Security Intelligence Report provides an in-depth perspective on malicious and

More information

How McAfee Endpoint Security Intelligently Collaborates to Protect and Perform

How McAfee Endpoint Security Intelligently Collaborates to Protect and Perform How McAfee Endpoint Security Intelligently Collaborates to Protect and Perform McAfee Endpoint Security 10 provides customers with an intelligent, collaborative framework, enabling endpoint defenses to

More information

Fighting Advanced Threats

Fighting Advanced Threats Fighting Advanced Threats With FortiOS 5 Introduction In recent years, cybercriminals have repeatedly demonstrated the ability to circumvent network security and cause significant damages to enterprises.

More information

TechnoLabs Software Services Pvt Ltd. Enterprise Mobility - Mobile Device Security

TechnoLabs Software Services Pvt Ltd. Enterprise Mobility - Mobile Device Security Enterprise Mobility - Mobile Device Security Story Context: TechnoLabs has been focusing and offers Enterprise Mobility as one of its solution offering. No can deny the fact that mobile computing can bring

More information

SANS Top 20 Critical Controls for Effective Cyber Defense

SANS Top 20 Critical Controls for Effective Cyber Defense WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a

More information

Lifecycle Solutions & Services. Managed Industrial Cyber Security Services

Lifecycle Solutions & Services. Managed Industrial Cyber Security Services Lifecycle Solutions & Services Managed Industrial Cyber Security Services Around the world, industrial firms and critical infrastructure operators partner with Honeywell to address the unique requirements

More information

Introduction. PCI DSS Overview

Introduction. PCI DSS Overview Introduction Manage Engine Desktop Central is part of ManageEngine family that represents entire IT infrastructure with products such as Network monitoring, Helpdesk management, Application management,

More information

Business Case for Voltage SecureMail Mobile Edition

Business Case for Voltage SecureMail Mobile Edition WHITE PAPER Business Case for Voltage SecureMail Mobile Edition Introduction Mobile devices such as smartphones and tablets have become mainstream business productivity tools with email playing a central

More information

NATIONAL CYBER SECURITY AWARENESS MONTH

NATIONAL CYBER SECURITY AWARENESS MONTH NATIONAL CYBER SECURITY AWARENESS MONTH Tip 1: Security is everyone s responsibility. Develop an awareness framework that challenges, educates and empowers your customers and employees to be part of the

More information

PCI Data Security Standards (DSS)

PCI Data Security Standards (DSS) ENTERPRISE APPLICATION WHITELISTING SOLUTION Achieving PCI Compliance at the Point of Sale Using Bit9 Parity TM to Protect Cardholder Data PCI: Protecting Cardholder Data As the technology used by merchants

More information

Insight. Security Response. Deployment Best Practices

Insight. Security Response. Deployment Best Practices Insight Deployment Best Practices Overview Symantec Insight is a reputation-based security technology that leverages the anonymous software adoption patterns of Symantec s hundreds of millions of users

More information

Kaseya White Paper. Endpoint Security. Fighting Cyber Crime with Automated, Centralized Management. www.kaseya.com

Kaseya White Paper. Endpoint Security. Fighting Cyber Crime with Automated, Centralized Management. www.kaseya.com Kaseya White Paper Endpoint Security Fighting Cyber Crime with Automated, Centralized Management www.kaseya.com To win the ongoing war against hackers and cyber criminals, IT professionals must do two

More information

Table of Contents. Page 2/13

Table of Contents. Page 2/13 Page 1/13 Table of Contents Introduction...3 Top Reasons Firewalls Are Not Enough...3 Extreme Vulnerabilities...3 TD Ameritrade Security Breach...3 OWASP s Top 10 Web Application Security Vulnerabilities

More information

SECURITY REIMAGINED SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM. Why Automated Analysis Tools are not Created Equal

SECURITY REIMAGINED SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM. Why Automated Analysis Tools are not Created Equal WHITE PAPER SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM Why Automated Analysis Tools are not Created Equal SECURITY REIMAGINED CONTENTS Executive Summary...3 Introduction: The Rise

More information

Cybersecurity: A Growing Concern for All Businesses. RLI Design Professionals Design Professionals Learning Event DPLE 160 October 7, 2015

Cybersecurity: A Growing Concern for All Businesses. RLI Design Professionals Design Professionals Learning Event DPLE 160 October 7, 2015 Cybersecurity: A Growing Concern for All Businesses RLI Design Professionals Design Professionals Learning Event DPLE 160 October 7, 2015 RLI Design Professionals is a Registered Provider with The American

More information

WHITE PAPER: Cyber Crime and the Critical Need for Endpoint Security

WHITE PAPER: Cyber Crime and the Critical Need for Endpoint Security WHITE PAPER: Cyber Crime and the Critical Need for Endpoint Security A World of Constant Threat We live in a world on constant threat. Every hour of every day in every country around the globe hackers

More information

KASPERSKY PRIVATE SECURITY NETWORK: REAL-TIME THREAT INTELLIGENCE INSIDE THE CORPORATE INFRASTRUCTURE

KASPERSKY PRIVATE SECURITY NETWORK: REAL-TIME THREAT INTELLIGENCE INSIDE THE CORPORATE INFRASTRUCTURE KASPERSKY PRIVATE SECURITY NETWORK: REAL-TIME THREAT INTELLIGENCE INSIDE THE CORPORATE INFRASTRUCTURE Global threat intelligence for local implementation www.kaspersky.com 2 A CLOUD-BASED THREAT LABORATORY

More information

Top five strategies for combating modern threats Is anti-virus dead?

Top five strategies for combating modern threats Is anti-virus dead? Top five strategies for combating modern threats Is anti-virus dead? Today s fast, targeted, silent threats take advantage of the open network and new technologies that support an increasingly mobile workforce.

More information

Cyber Security. Securing Your Mobile and Online Banking Transactions

Cyber Security. Securing Your Mobile and Online Banking Transactions Cyber Security Securing Your Mobile and Online Banking Transactions For additional copies or to download this document, please visit: http://msisac.cisecurity.org/resources/guides 2014 Center for Internet

More information

... Mobile App Reputation Services THE RADICATI GROUP, INC.

... Mobile App Reputation Services THE RADICATI GROUP, INC. . The Radicati Group, Inc. 1900 Embarcadero Road, Suite 206 Palo Alto, CA 94303 Phone 650-322-8059 Fax 650-322-8061 http://www.radicati.com THE RADICATI GROUP, INC. Mobile App Reputation Services Understanding

More information

isheriff CLOUD SECURITY

isheriff CLOUD SECURITY isheriff CLOUD SECURITY isheriff is the industry s first cloud-based security platform: providing fully integrated endpoint, Web and email security, delivered through a single Web-based management console

More information

eguide: Designing a Continuous Response Architecture Executive s Guide to Windows Server 2003 End of Life

eguide: Designing a Continuous Response Architecture Executive s Guide to Windows Server 2003 End of Life Executive s Guide to Windows Server 2003 End of Life Facts About Windows Server 2003 Introduction On July 14, 2015 Microsoft will end support for Windows Sever 2003 and Windows Server 2003 R2. Like Windows

More information

Securing Your Business s Bank Account

Securing Your Business s Bank Account Commercial Banking Customers Securing Your Business s Bank Account Trusteer Rapport Resource Guide For Business Banking January 2014 Table of Contents 1. Introduction 3 Who is Trusteer? 3 2. What is Trusteer

More information

EXECUTIVE BRIEF. IT and Business Professionals Say Website Attacks are Persistent and Varied. In this Paper

EXECUTIVE BRIEF. IT and Business Professionals Say Website Attacks are Persistent and Varied. In this Paper Sponsored by IT and Business Professionals Say Website Attacks are Persistent and Varied EXECUTIVE BRIEF In this Paper Thirty percent of IT and business professionals say their organization was attacked

More information

Cyber Essentials Scheme

Cyber Essentials Scheme Cyber Essentials Scheme Requirements for basic technical protection from cyber attacks June 2014 December 2013 Contents Contents... 2 Introduction... 3 Who should use this document?... 3 What can these

More information

QUARTERLY REPORT 2015 INFOBLOX DNS THREAT INDEX POWERED BY

QUARTERLY REPORT 2015 INFOBLOX DNS THREAT INDEX POWERED BY QUARTERLY REPORT 2015 INFOBLOX DNS THREAT INDEX POWERED BY EXPLOIT KITS UP 75 PERCENT The Infoblox DNS Threat Index, powered by IID, stood at 122 in the third quarter of 2015, with exploit kits up 75 percent

More information

10 Quick Tips to Mobile Security

10 Quick Tips to Mobile Security 10 Quick Tips to Mobile Security 10 Quick Tips to Mobile Security contents 03 Introduction 05 Mobile Threats and Consequences 06 Important Mobile Statistics 07 Top 10 Mobile Safety Tips 19 Resources 22

More information

Virtual Patching: a Proven Cost Savings Strategy

Virtual Patching: a Proven Cost Savings Strategy Virtual Patching: a Proven Cost Savings Strategy An Ogren Group Special Report December 2011 Executive Summary Security executives, pushing the limits of traditional labor-intensive IT patch processes

More information

Putting Web Threat Protection and Content Filtering in the Cloud

Putting Web Threat Protection and Content Filtering in the Cloud Putting Web Threat Protection and Content Filtering in the Cloud Why secure web gateways belong in the cloud and not on appliances Contents The Cloud Can Lower Costs Can It Improve Security Too?. 1 The

More information

RLI PROFESSIONAL SERVICES GROUP PROFESSIONAL LEARNING EVENT PSGLE 123. Cybersecurity: A Growing Concern for Small Businesses

RLI PROFESSIONAL SERVICES GROUP PROFESSIONAL LEARNING EVENT PSGLE 123. Cybersecurity: A Growing Concern for Small Businesses RLI PROFESSIONAL SERVICES GROUP PROFESSIONAL LEARNING EVENT PSGLE 123 Cybersecurity: A Growing Concern for Small Businesses Copyright Materials This presentation is protected by US and International Copyright

More information

PROTECT YOUR COMPUTER AND YOUR PRIVACY!

PROTECT YOUR COMPUTER AND YOUR PRIVACY! PROTECT YOUR COMPUTER AND YOUR PRIVACY! Fraud comes in many shapes simple: the loss of both money protecting your computer and Take action and get peace of and sizes, but the outcome is and time. That

More information

Where every interaction matters.

Where every interaction matters. Where every interaction matters. Peer 1 Vigilant Web Application Firewall Powered by Alert Logic The Open Web Application Security Project (OWASP) Top Ten Web Security Risks and Countermeasures White Paper

More information

Securing OS Legacy Systems Alexander Rau

Securing OS Legacy Systems Alexander Rau Securing OS Legacy Systems Alexander Rau National Information Security Strategist Sample Agenda 1 Today s IT Challenges 2 Popular OS End of Support & Challenges for IT 3 How to protect Legacy OS systems

More information

Security challenges for internet technologies on mobile devices

Security challenges for internet technologies on mobile devices Security challenges for internet technologies on mobile devices - Geir Olsen [geiro@microsoft.com], Senior Program Manager for Security Windows Mobile, Microsoft Corp. - Anil Dhawan [anild@microsoft.com],

More information

Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)

Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4) Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus February 3, 2015 (Revision 4) Table of Contents Overview... 3 Malware, Botnet Detection, and Anti-Virus Auditing... 3 Malware

More information

End-user Security Analytics Strengthens Protection with ArcSight

End-user Security Analytics Strengthens Protection with ArcSight Case Study for XY Bank End-user Security Analytics Strengthens Protection with ArcSight INTRODUCTION Detect and respond to advanced persistent threats (APT) in real-time with Nexthink End-user Security

More information

Survey: Endpoint Security Concerns 2014 The issues keeping IT admins awake into the New Year

Survey: Endpoint Security Concerns 2014 The issues keeping IT admins awake into the New Year Survey: Endpoint Security Concerns 2014 The issues keeping IT admins awake into the New Year Intro 2014 has created uncertainty for those in charge of IT security. Not only is the threat landscape advancing

More information

6 Steps to Evaluating a Next Generation Firewall

6 Steps to Evaluating a Next Generation Firewall 6 Steps to Evaluating a Next Generation Firewall What You Will Learn Whether you are evaluating a Next Generation Firewall for the first time or are researching because your current solution is less than

More information

FileCloud Security FAQ

FileCloud Security FAQ is currently used by many large organizations including banks, health care organizations, educational institutions and government agencies. Thousands of organizations rely on File- Cloud for their file

More information

Symantec Mobile Management 7.2

Symantec Mobile Management 7.2 Scalable, secure, and integrated device management Data Sheet: Endpoint Management and Mobility Overview The rapid proliferation of mobile devices in the workplace is outpacing that of any previous technology

More information

CDM Software Asset Management (SWAM) Capability

CDM Software Asset Management (SWAM) Capability CDM Software Asset Management (SWAM) Capability Department of Homeland Security Office of Cybersecurity and Communications Federal Network Resilience Table of Contents 1 PURPOSE AND SCOPE... 2 2 THREAT

More information

Securing Patient Data in Today s Mobilized Healthcare Industry. A Good Technology Whitepaper

Securing Patient Data in Today s Mobilized Healthcare Industry. A Good Technology Whitepaper Securing Patient Data in Today s Mobilized Healthcare Industry Securing Patient Data in Today s Mobilized Healthcare Industry 866-7-BE-GOOD good.com 2 Contents Executive Summary The Role of Smartphones

More information

ADVANCED THREATS IN THE ENTERPRISE. Finding an Evil in the Haystack with RSA ECAT. White Paper

ADVANCED THREATS IN THE ENTERPRISE. Finding an Evil in the Haystack with RSA ECAT. White Paper ADVANCED THREATS IN THE ENTERPRISE Finding an Evil in the Haystack with RSA ECAT White Paper With thousands of workstations and servers under management, most enterprises have no way to effectively make

More information

Carbon Black and Palo Alto Networks

Carbon Black and Palo Alto Networks Carbon Black and Palo Alto Networks Bring Together Next-Generation Endpoint and Network Security Solutions Endpoints and Servers in the Crosshairs of According to a 2013 study, 70 percent of businesses

More information

Top Five Ways to Protect Your Network. A MainNerve Whitepaper

Top Five Ways to Protect Your Network. A MainNerve Whitepaper A MainNerve Whitepaper Overview The data security challenges within the business world have never been as challenging as they are today. Not only must organizations providers comply with stringent State

More information

Symantec Mobile Management 7.1

Symantec Mobile Management 7.1 Scalable, secure, and integrated device management for healthcare Data Sheet: Industry Perspectives Healthcare Overview The rapid proliferation of mobile devices in the workplace is outpacing that of any

More information

SPEAR PHISHING AN ENTRY POINT FOR APTS

SPEAR PHISHING AN ENTRY POINT FOR APTS SPEAR PHISHING AN ENTRY POINT FOR APTS threattracksecurity.com 2015 ThreatTrack, Inc. All rights reserved worldwide. INTRODUCTION A number of industry and vendor studies support the fact that spear phishing

More information

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013 CS 356 Lecture 25 and 26 Operating System Security Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control

More information

Addressing BYOD Challenges with ForeScout and Motorola Solutions

Addressing BYOD Challenges with ForeScout and Motorola Solutions Solution Brief Addressing BYOD Challenges with ForeScout and Motorola Solutions Highlights Automated onboarding Full automation for discovering, profiling, and onboarding devices onto both wired and wireless

More information

Cyber Security Solutions for Small Businesses Comparison Report: A Sampling of Cyber Security Solutions Designed for the Small Business Community

Cyber Security Solutions for Small Businesses Comparison Report: A Sampling of Cyber Security Solutions Designed for the Small Business Community Cyber Security Solutions for Small Businesses Comparison Report: A Sampling of Cyber Security Solutions Designed for the Small Business Community A Sampling of Cyber Security Solutions Designed for the

More information

Endpoint Security: Moving Beyond AV

Endpoint Security: Moving Beyond AV Endpoint Security: Moving Beyond AV An Ogren Group Special Report July 2009 Introduction Application whitelisting is emerging as the security technology that gives IT a true defense-in-depth capability,

More information

Cyber Security Solutions:

Cyber Security Solutions: ThisIsCable for Business Report Series Cyber Security Solutions: A Sampling of Cyber Security Solutions Designed for the Small Business Community Comparison Report Produced by BizTechReports.com Editorial

More information

Anti-exploit tools: The next wave of enterprise security

Anti-exploit tools: The next wave of enterprise security Anti-exploit tools: The next wave of enterprise security Intro From malware and ransomware to increasingly common state-sponsored attacks, organizations across industries are struggling to stay ahead of

More information

RSA Enterprise Compromise Assessment Tool (ECAT) Date: January 2014 Authors: Jon Oltsik, Senior Principal Analyst and Tony Palmer, Senior Lab Analyst

RSA Enterprise Compromise Assessment Tool (ECAT) Date: January 2014 Authors: Jon Oltsik, Senior Principal Analyst and Tony Palmer, Senior Lab Analyst ESG Lab Review RSA Enterprise Compromise Assessment Tool (ECAT) Date: January 2014 Authors: Jon Oltsik, Senior Principal Analyst and Tony Palmer, Senior Lab Analyst Abstract: This ESG Lab review documents

More information

Symantec Endpoint Protection 12.1.4

Symantec Endpoint Protection 12.1.4 Data Sheet: Endpoint Security Overview provides unrivaled security across physical and virtual platforms and support for the latest operating systems-mac OS X 10.9 and Windows 8.1. Powered by Symantec

More information

White Paper. Anywhere, Any Device File Access with IT in Control. Enterprise File Serving 2.0

White Paper. Anywhere, Any Device File Access with IT in Control. Enterprise File Serving 2.0 White Paper Enterprise File Serving 2.0 Anywhere, Any Device File Access with IT in Control Like it or not, cloud- based file sharing services have opened up a new world of mobile file access and collaborative

More information

Open an attachment and bring down your network?

Open an attachment and bring down your network? Open an attachment and bring down your network? Many people think this will never happen to them, but virus attacks can come from unlikely sources and can strike when you least expect it. They can wreak

More information

Top Cyber Threats Of 2009

Top Cyber Threats Of 2009 Top Cyber Threats Of 2009 Who were the top 5 riskiest celebrities in 2009? Did spammers really know who killed Michael Jackson? Data from Symantec Security Response November 2009 Top 5 Riskiest Celebrities

More information

Top 10 Anti-fraud Tips: The Cybersecurity Breach Aftermath

Top 10 Anti-fraud Tips: The Cybersecurity Breach Aftermath ebook Top 10 Anti-fraud Tips: The Cybersecurity Breach Aftermath Protecting against downstream fraud attacks in the wake of large-scale security breaches. Digital companies can no longer trust static login

More information

Background. How much does EMET cost? What is the license fee? EMET is freely available from Microsoft without material cost.

Background. How much does EMET cost? What is the license fee? EMET is freely available from Microsoft without material cost. Microsoft s Enhanced Mitigation Experience Toolkit (EMET) is an enhancement to the Windows operating system that stops broad classes of malware from executing. EMET implements a set of anti-exploitation

More information

Symantec Cyber Security Services: DeepSight Intelligence

Symantec Cyber Security Services: DeepSight Intelligence Symantec Cyber Security Services: DeepSight Intelligence Actionable intelligence to get ahead of emerging threats Overview: Security Intelligence Companies face a rapidly evolving threat environment with

More information

Basic Security Considerations for Email and Web Browsing

Basic Security Considerations for Email and Web Browsing Basic Security Considerations for Email and Web Browsing There has been a significant increase in spear phishing and other such social engineering attacks via email in the last quarter of 2015, with notable

More information

End to End Security do Endpoint ao Datacenter

End to End Security do Endpoint ao Datacenter do Endpoint ao Datacenter Piero DePaoli & Leandro Vicente Security Product Marketing & Systems Engineering 1 Agenda 1 Today s Threat Landscape 2 From Endpoint: Symantec Endpoint Protection 3 To Datacenter:

More information

Symantec Mobile Management 7.2

Symantec Mobile Management 7.2 Scalable, secure, and integrated device management Data Sheet: Endpoint Management and Mobility Overview The rapid proliferation of mobile devices in the workplace is outpacing that of any previous technology

More information

Information Technology Security Review April 16, 2012

Information Technology Security Review April 16, 2012 Information Technology Security Review April 16, 2012 The Office of the City Auditor conducted this project in accordance with the International Standards for the Professional Practice of Internal Auditing

More information