Utilizing Pervasive Application Monitoring and File Origin Tracking in IT Security
|
|
- Albert Singleton
- 8 years ago
- Views:
Transcription
1 4 0 0 T o t t e n P o n d R o a d W a l t h a m, M A w w w. v i e w f i n i t y. c o m Utilizing Pervasive Application Monitoring and File Origin Tracking in IT Security
2 TABLE OF CONTENTS Introduction 3 Malware Inhibitors 3 Furthering Default Deny 3 Managing Unknown Software 3 The Role of File Origin 4 Why Automating Whitelists Matters 5 Automation Via Designation of a Trusted Sources File Origin 6 Least Privilege Consideration 6 Conclusion 7
3 Introduction The vulnerability of computer systems to malware has spawned a substantial and growing industry in anti-virus software, intrusion detection systems, and other defenses to protect networks from malicious programs. Faced with a malware environment that is constantly evolving and changing, however, it is a continuing challenge for vendors to keep their products up-to-date and effective against the newest threats. For businesses that find it too risky to rely solely on these measures for protection against malware, the more stringent option of application whitelisting ( default deny model) is growing in popularity. Malware Inhibitors Antivirus programs by default allow new executables on machines except for those that have been previously identified as malware. This has the benefit of being extremely easy for end-users and system administrators: they simply install the antivirus software on their machines and it automatically detects and removes known malware, without requiring further user intervention and without inhibiting the users ability to install many programs. Application whitelisting mechanisms, by contrast, typically do not allow any new executables to be installed except for those that are pre-approved (or whitelisted). This much more restrictive form of security has the benefit of protecting against a wider range of new and unknown malware but also requires significantly more involvement on the part of system administrators and causes greater inconvenience for individual users seeking to download new software. Furthering Default Deny For some system administrators, this degree of control and stringent limiting of allowable software may be desirable, but for many others strict whitelisting rules may be difficult to maintain and can constrain users ability to do their jobs. The major difficulty in whitelisting maintenance is that the list is dynamic and in large IT environments there are hundreds and even thousands of new executables which need to be categorized each day. One of the possible means of mitigating this daunting task is to automate how whitelisting policies are manage; one based on so called trusted sources. For instance, any new software that is signed by vendor X will be automatically whitelisted because we trust the signature of this vendor, or another software package is trusted because it was installed by a trusted person from within the IT organization. One of the limitations of the trusted source approach is that during its lifetime, a file can change ownership, such as its location on the network and other attributes and thus will lose its alignment with the trusted universe. For security and manageability it is important to be able to track a file s history and assign its true origin: we need to know from which site or USB this file was initially downloaded, when it was done and who did it. Technology that automatically tracks the origins of new and existing software will help automate the administrator s task of maintaining the whitelist and enable more accurate forensic investigation of malware incidents. This technology has the potential to strengthen security, particularly within whitelisted environments, though it may also be limited by the granularity with which it can identify file origins. For instance, it is not always possible to define a URL from which the software was downloaded. A complimentary approach is to implement a means of greylisting for applications that are not explicitly whitelisted or blacklisted, but instead are permitted to run in a restricted manner, or with limited access, thus being potentially less harmful to the core infrastructure and data of enterprise. Now you have achieved the optimal balance of ensuring that user productivity is not disrupted while also still operating a secure environment. Managing Unknown Software Malware is rampant in the computing world, with malicious programs infecting computers through a variety of channels, including , websites, and USB connections. Microsoft s Security Intelligence Report (SIR) notes that it can sometimes be difficult for even experienced Internet users to avoid coming into contact with malware. The
4 cybercriminals who publish and distribute malware devote significant effort to convincing or tricking Internet users into clicking links that lead to malware, or that download malicious attachments or applications. Even familiar and trusted websites can sometimes be exploited by attackers to distribute malware using tactics such as drive-by downloads. 1 A 2010 report by Panda Security found that 25 percent of new worms were designed to spread via USB devices, with 27 percent of more than 10,000 surveyed companies confirming that they had identified infections which could be traced back to USB connections. So far, these types of infection are still outnumbered by those that spread via , but it is a growing trend, PandaLabs reported. 2 Clearly, malware from a variety of sources continues to target computer systems worldwide, but, of course, there is also a significant quantity of non-malicious, useful software that organizations may wish to allow on their networks. Whitelisting software may help an organization avoid unwanted malware, but it may also constrain how quickly and the extent to which employees can make use of non-malicious, new programs that would aid them in their work. A report from the Public Interest Advocacy Centre points out that in some cases whitelisting may be too restrictive and overly broad, infringing on the functionality of a computer and the network [D]epending on who is managing the whitelist and vetting new or updated software, it may take several weeks for new or updated software to be added to the whitelist. 3 Security expert Bruce Schneier echoes this concern, writing, The average corporate IT department doesn't have a good idea of what software is running on all the computers within the corporation, and doesn't want the administrative overhead of managing all the change requests. 4 Reducing the administrative overhead needed to implement application whitelisting is a major motivation for tracking file origins. Maintaining information on the source of all software downloaded on a system can allow organizations to automate, to some extent, the role of the system administrator in whitelisting, blacklisting or even greylisting new programs. This information may also play a vital role in helping investigate any security breaches or malware problems that arise in a system by identifying the source of the malicious executables. The Role of File Origin Tracking File origin tracking is intended as a means of enabling a combination of the convenience of default allow defenses, like anti-virus software, with the effectiveness of default deny defenses, such as application whitelisting. The central use case driving file origin tracking technology is that by intercepting installation attempts, as well as changes in the file attributes, the software has the capability to automatically assign a trusted or untrusted status to the application, based on the original event that introduced the file into a corporate environment. For instance, an organization may decide to differentiate between programs downloaded via trusted processes, or signed by certain vendors, from those downloaded from the Internet, or via USB devices. By distinguishing between different categories of origins that can be designated to whitelists, greylists, or blacklists, companies may be able to automate a good portion of the whitelisting administrative overhead. Additionally, this information can be leveraged in the event of a security breach. If the program responsible for the breach can be identified, the origin data may then lend itself to better forensic analysis of the original source of that malware and can be used to update security policies. 1 Microsoft Security Intelligence Report, vol. 14. Available from % of new worms in 2010 are designed specifically to spread through USB devices Panda Security press release. Aug. 26, Available from 3 Janet Lo. Whitelisting for Cyber Security: What It Means for Consumers. Public Interest Advocacy Centre. November Available from 4 Bruce Schneier. Is Antivirus Dead? November 10, Available from is_antivirus_de.html.
5 The goal of combining file origin tracking technology with whitelisting mechanisms is to introduce some greater degree of automation to whitelisting and reduce the need for manual configuration and management by IT personnel. Keeping track of the source of new files what website they were downloaded from, what vendor signed the installation package, etc. makes it easier to make automatic decisions for classifying whitelisting, greylisting, and blacklisting of new executables. For instance, this could allow for programs whose origin is signed by a trusted vendor or distributed by an IT department s internal software distribution system or System Center Configuration Manager to stay as whitelisted during all changes in file origin, location etc. regardless of any changes, the hash and details of origin will remain true. In this manner, an organization may simply designate trusted vendors and internal installation procedures and reduce the need for IT involvement in the whitelisting procedures, enabling greater flexibility and more rapid updating of systems than a straightforward default-deny whitelisting mechanism could. As a precursor to whitelisting, many of our customers initially use file history in a monitoring mode, which shows what applications are actually in use. The monitoring lets you know if these applications require admin rights, and can build trusted software source locations such as SCCM, Altiris, CA, LANDesk, trusted OS image, network shares, publishers, etc. It s a logical approach for this type of project because the monitoring ensures users aren t shut off from using an application they need. Why Automating Whitelists Matters While whitelisting mechanisms are gaining some traction in the corporate world, and were even cited in a 2010 SANS Institute report as the most effective way to significantly reduce the impact of malware in today s environment, 5 the overhead associated with their implementation and maintenance is significant. This is evident even in the most successful commercial deployments of whitelisting app stores for smartphones and tablet devices. Apple iphones and ipads operate on a fundamentally whitelist-based model, in which users may only download onto their devices apps that have been pre-approved by Apple. These app stores allow Apple the opportunity to screen for any security threats, as well as other unwanted content, and have enjoyed considerable success as a crucial component of the wildly popular Apple mobile devices. However, they have also come in for criticism, not just because these stores limit users ability to download programs and force developers to give over a portion of their app revenue to Apple, but also because the approval or whitelisting process can be extremely time-consuming and resource-intensive. According to records filed with the Federal Communications Commission (FCC) in 2009, Apple then employed more than forty full-time app reviewers, and each application had to be independently reviewed by two different reviewers to ensure uniformity. The filings with the FCC s Wireless Telecommunications Bureau also noted that 95 percent of Apple s app applications are approved within two weeks of their submission. 6 In 2012, many app developers complained that the approval process was running longer up to as much as three weeks in the months leading up to the end-of-year holidays. 7 In other words, even with the significant resources Apple devotes to staffing its app review team, it has at times proved challenging for the company to keep up with the demands of developers and the timeline desired by its customers. The security advantages of this model, however, were lauded in a 2011 Symantec report on mobile device security, which found that the ios security model is well designed and has thus far proven largely resistant to most types of attacks. 8 5 Jim Beechey. Application Whitelisting: Panacea or Propaganda? SANS Institute. December Available from Apple Answers the FCC s Questions. August, Available from: 7 Tricia Duryee. The Latest Long Apple Line: Developers Waiting for App Approval. All Things D. November 8, Available from: 8 Carey Nachenberg. New Symantec Research: The Current State of Mobile Device Security. June 27, Available from
6 Translating this whitelisting security model, which has been used so successfully in Apple consumer devices, to the computer systems of the corporate world requires careful evaluation of the approval process for additions to the whitelist. Since whitelisting programs for internal corporate use is not as directly profitable and central to the business of most companies as whitelisting new apps is to Apple, it is unlikely that many organizations will be willing or able to devote the same level of resources to the approval of new files in a corporate setting. Still, the security benefits of a whitelisting model may appeal to many organizations interested in improving their internal system security to reinforce more automated defenses like antivirus programs. In order to enable more companies to act on this interest, though, it will be essential to automate whitelisting mechanisms, bringing them more in line with the maintenance requirements and ease-of-use of antivirus software. Automation via Designation of a Trusted Sources File Origin One important step in automating whitelisting technologies for greater ease-of-use is allowing organizations to establish the library of trusted sources and whitelisting files by knowing the true origin. Without knowing the history of a file, however, it is very difficult to ascertain whether or not it should be a trusted source. This is one crucial function of file origin tracking in implementing whitelisting: it allows organizations to automatically whitelist, greylist, or blacklist new files based on their source or origin rather than having to review each one individually. Furthermore, keeping records of which websites new programs are downloaded from can help mitigate malware infections. The Microsoft SIR notes, Attackers often use websites to conduct phishing attacks or distribute malware. Malicious websites typically appear to be completely legitimate and often provide no outward indicators of their malicious nature, even to experienced computer users, according the Microsoft SIR, volume 14. It continues, In many cases, these sites are legitimate websites that have been compromised by malware, SQL injection, or other techniques in an effort by attackers to take advantage of the trust users have invested in them. 9 Even when designating trusted sources is insufficient to prevent malware installation for instance, when legitimate sites are compromised tracking file origins may enable more effective, rapid investigation of the incident by allowing administrators to immediately identify the source of the malware, track other installations from that same source, and block further downloads from that source. Least Privilege Consideration There is great danger if administrative rights are allowed in a whitelisting model: users that retain administrative rights may attempt to bypass or uninstall application control agents, and attackers may target the whitelisting mechanism to have bad code recognized as legitimate. Thus, it is a highly-regarded opinion among IT professionals that moving to a locked down environment and controlling rights on personal computers and servers is a crucial part of any security solution. Adhering to the principle of least privileges is in the best interest of all companies and is best depicted in the following use case: An end user, who has full administrative rights, receives an containing a URL that points to a malicious executable which was hacked and signed with a well-known digital certificate. Since the signature is known to be good it is on the approved whitelist. Once that user clicks on the URL, malicious software is installed with file transfer enabled, and the web camera and remote terminal are activated. At this point, the company s assets and data are exposed. In a least privilege environment, using the example above, the user would not have local administrator rights. When the user clicks on the URL, the malicious software cannot be installed because administrative rights are required for the malicious code to register certain components. If file origin tracking is in place, the unclassified executable would be flagged and an indicated that it originated from the internet and assigned a low reputation score, and automatically blacklisting the executable. 9 Microsoft Security Intelligence Report, vol. 14. Available from
7 This use case outlines how controlling which applications are allowed to run in your environment through whitelisting, and reinforcing that protective layer by allowing standard administrative rights only, exemplify best practices for reducing security risks. Conclusion By improving the ease with which organizations can both designate trusted sources as well as investigate security breaches, file origin tracking has the potential to considerably lessen the burdens imposed by implementation of whitelisting solutions. By empowering companies to create customized whitelisting strategies and processes, depending on their desired degree of security and unique set of trusted sources, file origin tracking can also enhance the customizability of whitelisting technology, allowing for more tailored security solutions that harness the effectiveness of default deny defenses while reducing the resources needed for their implementation and maintenance.
8
IT & DATA SECURITY BREACH PREVENTION A PRACTICAL GUIDE. Part I: Reducing Employee and Application Risks
IT & DATA SECURITY BREACH PREVENTION A PRACTICAL GUIDE Part I: Reducing Employee and Application Risks As corporate networks increase in complexity, keeping them secure is more challenging. With employees
More informationEnterprise Apps: Bypassing the Gatekeeper
Enterprise Apps: Bypassing the Gatekeeper By Avi Bashan and Ohad Bobrov Executive Summary The Apple App Store is a major part of the ios security paradigm, offering a central distribution process that
More informationKASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com
KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES www.kaspersky.com EXPERT SERVICES Expert Services from Kaspersky Lab are exactly that the services of our in-house experts, many of them global
More informationOctober 2014. Application Control: The PowerBroker for Windows Difference
Application Control: The PowerBroker for Windows Difference October 2014 1 Table of Contents Introduction... 4 The Default-Deny Approach to Application Control... 4 Application Control s Dependence on
More informationBYPASSING THE ios GATEKEEPER
BYPASSING THE ios GATEKEEPER AVI BASHAN Technology Leader Check Point Software Technologies, Ltd. OHAD BOBROV Director, Mobile Threat Prevention Check Point Software Technologies, Ltd. EXECUTIVE SUMMARY
More informationCritical Security Controls
Critical Security Controls Session 2: The Critical Controls v1.0 Chris Beal Chief Security Architect MCNC chris.beal@mcnc.org @mcncsecurity on Twitter The Critical Security Controls The Critical Security
More informationProtecting Your Organisation from Targeted Cyber Intrusion
Protecting Your Organisation from Targeted Cyber Intrusion How the 35 mitigations against targeted cyber intrusion published by Defence Signals Directorate can be implemented on the Microsoft technology
More informationManaging Web Security in an Increasingly Challenging Threat Landscape
Managing Web Security in an Increasingly Challenging Threat Landscape Cybercriminals have increasingly turned their attention to the web, which has become by far the predominant area of attack. Small wonder.
More informationMarble & MobileIron Mobile App Risk Mitigation
Marble & MobileIron Mobile App Risk Mitigation SOLUTION GUIDE Enterprise users routinely expose their employers data and threaten network security by unknowingly installing malicious mobile apps onto their
More informationApplication White Listing and Privilege Management: Picking Up Where Antivirus Leaves Off
Application White Listing and Privilege Management: Picking Up Where Antivirus Leaves Off Times have Changed & A/V Executives Agree An A/V product as your sole endpoint protection solution isn t enough.
More informationInternet threats: steps to security for your small business
Internet threats: 7 steps to security for your small business Proactive solutions for small businesses A restaurant offers free WiFi to its patrons. The controller of an accounting firm receives a confidential
More informationPutting Operators at the Centre of
Putting Operators at the Centre of Enterprise Mobile Security Introduction Small and Medium Enterprises make up the majority of firms and employees in all major economies, yet are largely unidentified
More informationEndpoint Security Management
Endpoint Security Management LANDESK SOLUTION BRIEF Protect against security threats, malicious attacks and configuration vulnerabilities through strong endpoint security control and maintenance. Protect
More informationWhy should I care about PDF application security?
Why should I care about PDF application security? What you need to know to minimize your risk Table of contents 1: Program crashes present an opportunity for attack 2: Look for software that fully uses
More informationTechnology Blueprint. Secure Your Virtual Desktop Infrastructure. Optimize your virtual desktop infrastructure for performance and protection
Technology Blueprint Secure Your Virtual Desktop Infrastructure Optimize your virtual desktop infrastructure for performance and protection LEVEL 1 2 3 4 5 SECURITY CONNECTED REFERENCE ARCHITECTURE LEVEL
More informationProtect Your IT Infrastructure from Zero-Day Attacks and New Vulnerabilities
Protect Your IT Infrastructure from Zero-Day Attacks and New Vulnerabilities Protecting a business s IT infrastructure is complex. Take, for example, a retailer operating a standard multi-tier infrastructure
More informationPreparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS
Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS CONTENTS PAGE RECONNAISSANCE STAGE 4 INCURSION STAGE 5 DISCOVERY STAGE 6 CAPTURE STAGE 7 EXFILTRATION STAGE
More informationWEB ATTACKS AND COUNTERMEASURES
WEB ATTACKS AND COUNTERMEASURES February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in
More informationINSTANT MESSAGING SECURITY
INSTANT MESSAGING SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part
More information10 Things Every Web Application Firewall Should Provide Share this ebook
The Future of Web Security 10 Things Every Web Application Firewall Should Provide Contents THE FUTURE OF WEB SECURITY EBOOK SECTION 1: The Future of Web Security SECTION 2: Why Traditional Network Security
More information{ipad Security} for K-12. Understanding & Mitigating Risk. plantemoran.com
{ipad Security} plantemoran.com for K-12 Understanding & Mitigating Risk Plante Moran The ipad is in K-12. Since its debut in April 2010, the ipad has quickly become the most popular tablet, outselling
More informationSECURITY REIMAGINED SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM. Why Automated Analysis Tools are not Created Equal
WHITE PAPER SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM Why Automated Analysis Tools are not Created Equal SECURITY REIMAGINED CONTENTS Executive Summary...3 Introduction: The Rise
More information5 Steps to Advanced Threat Protection
5 Steps to Advanced Threat Protection Agenda Endpoint Protection Gap Profile of Advanced Threats Consensus Audit Guidelines 5 Steps to Advanced Threat Protection Resources 20 Years of Chasing Malicious
More informationEnd of Support Should Not End Your Business. Challenge of Legacy Systems
End of Support Should Not End Your Business When software vendors announce a product end-of-life (EOL), customers typically have 24 to 30 months to plan and execute their migration strategies. This period
More informationAVeS Cloud Security powered by SYMANTEC TM
Protecting your business from online threats should be simple, yet powerful and effective. A solution that secures your laptops, desktops, and servers without slowing down your systems and distracting
More informationIBM Security re-defines enterprise endpoint protection against advanced malware
IBM Security re-defines enterprise endpoint protection against advanced malware Break the cyber attack chain to stop advanced persistent threats and targeted attacks Highlights IBM Security Trusteer Apex
More information10 Smart Ideas for. Keeping Data Safe. From Hackers
0100101001001010010001010010101001010101001000000100101001010101010010101010010100 0100101001001010010001010010101001010101001000000100101001010101010010101010010100000 0100101001001010010001010010101001010101001000000100101001010101010010101010010100000
More informationGFI White Paper. How Web Reputation increases your online protection
GFI White Paper How Web Reputation increases your online protection Contents Introduction to Web Reputation 3 Why use Web Reputation? 3 The value of using Web Reputation and antivirus software 3 The value
More informationReducing the cost and complexity of endpoint management
IBM Software Thought Leadership White Paper October 2014 Reducing the cost and complexity of endpoint management Discover how midsized organizations can improve endpoint security, patch compliance and
More informationHow To Protect Your Network From Attack From A Network Security Threat
Cisco Security Services Cisco Security Services help you defend your business from evolving security threats, enhance the efficiency of your internal staff and processes, and increase the return on your
More informationHow McAfee Endpoint Security Intelligently Collaborates to Protect and Perform
How McAfee Endpoint Security Intelligently Collaborates to Protect and Perform McAfee Endpoint Security 10 provides customers with an intelligent, collaborative framework, enabling endpoint defenses to
More information4 Steps to Effective Mobile Application Security
Mobile Application Security Whitepaper 4 Steps to Effective Mobile Application Security Table of Contents Executive Summary 3 Mobile Security Risks in Enterprise Environments 4 The Shortcomings of Traditional
More informationMicrosoft Security Intelligence Report volume 7 (January through June 2009)
Microsoft Security Intelligence Report volume 7 (January through June 2009) Key Findings Summary Volume 7 of the Microsoft Security Intelligence Report provides an in-depth perspective on malicious and
More informationIntroduction. PCI DSS Overview
Introduction Manage Engine Desktop Central is part of ManageEngine family that represents entire IT infrastructure with products such as Network monitoring, Helpdesk management, Application management,
More informationSpear Phishing Attacks Why They are Successful and How to Stop Them
White Paper Spear Phishing Attacks Why They are Successful and How to Stop Them Combating the Attack of Choice for Cybercriminals White Paper Contents Executive Summary 3 Introduction: The Rise of Spear
More informationLifecycle Solutions & Services. Managed Industrial Cyber Security Services
Lifecycle Solutions & Services Managed Industrial Cyber Security Services Around the world, industrial firms and critical infrastructure operators partner with Honeywell to address the unique requirements
More informationPersistence Mechanisms as Indicators of Compromise
Persistence Persistence Mechanisms as Indicators of Compromise An automated technology for identifying cyber attacks designed to survive indefinitely the reboot process on PCs White Paper Date: October
More informationSANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
More informationBusiness Case for Voltage SecureMail Mobile Edition
WHITE PAPER Business Case for Voltage SecureMail Mobile Edition Introduction Mobile devices such as smartphones and tablets have become mainstream business productivity tools with email playing a central
More informationTechnoLabs Software Services Pvt Ltd. Enterprise Mobility - Mobile Device Security
Enterprise Mobility - Mobile Device Security Story Context: TechnoLabs has been focusing and offers Enterprise Mobility as one of its solution offering. No can deny the fact that mobile computing can bring
More informationFighting Advanced Threats
Fighting Advanced Threats With FortiOS 5 Introduction In recent years, cybercriminals have repeatedly demonstrated the ability to circumvent network security and cause significant damages to enterprises.
More informationPCI Data Security Standards (DSS)
ENTERPRISE APPLICATION WHITELISTING SOLUTION Achieving PCI Compliance at the Point of Sale Using Bit9 Parity TM to Protect Cardholder Data PCI: Protecting Cardholder Data As the technology used by merchants
More informationWHITE PAPER: Cyber Crime and the Critical Need for Endpoint Security
WHITE PAPER: Cyber Crime and the Critical Need for Endpoint Security A World of Constant Threat We live in a world on constant threat. Every hour of every day in every country around the globe hackers
More informationCybersecurity: A Growing Concern for All Businesses. RLI Design Professionals Design Professionals Learning Event DPLE 160 October 7, 2015
Cybersecurity: A Growing Concern for All Businesses RLI Design Professionals Design Professionals Learning Event DPLE 160 October 7, 2015 RLI Design Professionals is a Registered Provider with The American
More informationSecurity challenges for internet technologies on mobile devices
Security challenges for internet technologies on mobile devices - Geir Olsen [geiro@microsoft.com], Senior Program Manager for Security Windows Mobile, Microsoft Corp. - Anil Dhawan [anild@microsoft.com],
More informationNATIONAL CYBER SECURITY AWARENESS MONTH
NATIONAL CYBER SECURITY AWARENESS MONTH Tip 1: Security is everyone s responsibility. Develop an awareness framework that challenges, educates and empowers your customers and employees to be part of the
More informationInsight. Security Response. Deployment Best Practices
Insight Deployment Best Practices Overview Symantec Insight is a reputation-based security technology that leverages the anonymous software adoption patterns of Symantec s hundreds of millions of users
More informationKaseya White Paper. Endpoint Security. Fighting Cyber Crime with Automated, Centralized Management. www.kaseya.com
Kaseya White Paper Endpoint Security Fighting Cyber Crime with Automated, Centralized Management www.kaseya.com To win the ongoing war against hackers and cyber criminals, IT professionals must do two
More informationMobile Application Security. Helping Organizations Develop a Secure and Effective Mobile Application Security Program
Mobile Application Security Helping Organizations Develop a Secure and Effective Mobile Application Security Program by James Fox fox_james@bah.com Shahzad Zafar zafar_shahzad@bah.com Mobile applications
More informationTop five strategies for combating modern threats Is anti-virus dead?
Top five strategies for combating modern threats Is anti-virus dead? Today s fast, targeted, silent threats take advantage of the open network and new technologies that support an increasingly mobile workforce.
More information2012 Bit9 Cyber Security Research Report
2012 Bit9 Cyber Security Research Report Table of Contents Executive Summary Survey Participants Conclusion Appendix 3 4 10 11 Executive Summary According to the results of a recent survey conducted by
More informationKASPERSKY PRIVATE SECURITY NETWORK: REAL-TIME THREAT INTELLIGENCE INSIDE THE CORPORATE INFRASTRUCTURE
KASPERSKY PRIVATE SECURITY NETWORK: REAL-TIME THREAT INTELLIGENCE INSIDE THE CORPORATE INFRASTRUCTURE Global threat intelligence for local implementation www.kaspersky.com 2 A CLOUD-BASED THREAT LABORATORY
More informationCyber Essentials Scheme
Cyber Essentials Scheme Requirements for basic technical protection from cyber attacks June 2014 December 2013 Contents Contents... 2 Introduction... 3 Who should use this document?... 3 What can these
More informationisheriff CLOUD SECURITY
isheriff CLOUD SECURITY isheriff is the industry s first cloud-based security platform: providing fully integrated endpoint, Web and email security, delivered through a single Web-based management console
More information... Mobile App Reputation Services THE RADICATI GROUP, INC.
. The Radicati Group, Inc. 1900 Embarcadero Road, Suite 206 Palo Alto, CA 94303 Phone 650-322-8059 Fax 650-322-8061 http://www.radicati.com THE RADICATI GROUP, INC. Mobile App Reputation Services Understanding
More informationRLI PROFESSIONAL SERVICES GROUP PROFESSIONAL LEARNING EVENT PSGLE 123. Cybersecurity: A Growing Concern for Small Businesses
RLI PROFESSIONAL SERVICES GROUP PROFESSIONAL LEARNING EVENT PSGLE 123 Cybersecurity: A Growing Concern for Small Businesses Copyright Materials This presentation is protected by US and International Copyright
More informationSecuring Your Business s Bank Account
Commercial Banking Customers Securing Your Business s Bank Account Trusteer Rapport Resource Guide For Business Banking January 2014 Table of Contents 1. Introduction 3 Who is Trusteer? 3 2. What is Trusteer
More informationeguide: Designing a Continuous Response Architecture Executive s Guide to Windows Server 2003 End of Life
Executive s Guide to Windows Server 2003 End of Life Facts About Windows Server 2003 Introduction On July 14, 2015 Microsoft will end support for Windows Sever 2003 and Windows Server 2003 R2. Like Windows
More informationEXECUTIVE BRIEF. IT and Business Professionals Say Website Attacks are Persistent and Varied. In this Paper
Sponsored by IT and Business Professionals Say Website Attacks are Persistent and Varied EXECUTIVE BRIEF In this Paper Thirty percent of IT and business professionals say their organization was attacked
More informationQUARTERLY REPORT 2015 INFOBLOX DNS THREAT INDEX POWERED BY
QUARTERLY REPORT 2015 INFOBLOX DNS THREAT INDEX POWERED BY EXPLOIT KITS UP 75 PERCENT The Infoblox DNS Threat Index, powered by IID, stood at 122 in the third quarter of 2015, with exploit kits up 75 percent
More informationCyber Security. Securing Your Mobile and Online Banking Transactions
Cyber Security Securing Your Mobile and Online Banking Transactions For additional copies or to download this document, please visit: http://msisac.cisecurity.org/resources/guides 2014 Center for Internet
More information10 Quick Tips to Mobile Security
10 Quick Tips to Mobile Security 10 Quick Tips to Mobile Security contents 03 Introduction 05 Mobile Threats and Consequences 06 Important Mobile Statistics 07 Top 10 Mobile Safety Tips 19 Resources 22
More informationEnd-user Security Analytics Strengthens Protection with ArcSight
Case Study for XY Bank End-user Security Analytics Strengthens Protection with ArcSight INTRODUCTION Detect and respond to advanced persistent threats (APT) in real-time with Nexthink End-user Security
More informationSecuring OS Legacy Systems Alexander Rau
Securing OS Legacy Systems Alexander Rau National Information Security Strategist Sample Agenda 1 Today s IT Challenges 2 Popular OS End of Support & Challenges for IT 3 How to protect Legacy OS systems
More informationPROTECT YOUR COMPUTER AND YOUR PRIVACY!
PROTECT YOUR COMPUTER AND YOUR PRIVACY! Fraud comes in many shapes simple: the loss of both money protecting your computer and Take action and get peace of and sizes, but the outcome is and time. That
More informationWhere every interaction matters.
Where every interaction matters. Peer 1 Vigilant Web Application Firewall Powered by Alert Logic The Open Web Application Security Project (OWASP) Top Ten Web Security Risks and Countermeasures White Paper
More informationSecuring Patient Data in Today s Mobilized Healthcare Industry. A Good Technology Whitepaper
Securing Patient Data in Today s Mobilized Healthcare Industry Securing Patient Data in Today s Mobilized Healthcare Industry 866-7-BE-GOOD good.com 2 Contents Executive Summary The Role of Smartphones
More informationFileCloud Security FAQ
is currently used by many large organizations including banks, health care organizations, educational institutions and government agencies. Thousands of organizations rely on File- Cloud for their file
More informationCS 356 Lecture 25 and 26 Operating System Security. Spring 2013
CS 356 Lecture 25 and 26 Operating System Security Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control
More informationSurvey: Endpoint Security Concerns 2014 The issues keeping IT admins awake into the New Year
Survey: Endpoint Security Concerns 2014 The issues keeping IT admins awake into the New Year Intro 2014 has created uncertainty for those in charge of IT security. Not only is the threat landscape advancing
More informationComprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)
Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus February 3, 2015 (Revision 4) Table of Contents Overview... 3 Malware, Botnet Detection, and Anti-Virus Auditing... 3 Malware
More informationADVANCED THREATS IN THE ENTERPRISE. Finding an Evil in the Haystack with RSA ECAT. White Paper
ADVANCED THREATS IN THE ENTERPRISE Finding an Evil in the Haystack with RSA ECAT White Paper With thousands of workstations and servers under management, most enterprises have no way to effectively make
More informationHow To Choose A Next Generation Firewall
6 Steps to Evaluating a Next Generation Firewall What You Will Learn Whether you are evaluating a Next Generation Firewall for the first time or are researching because your current solution is less than
More informationTable of Contents. Page 2/13
Page 1/13 Table of Contents Introduction...3 Top Reasons Firewalls Are Not Enough...3 Extreme Vulnerabilities...3 TD Ameritrade Security Breach...3 OWASP s Top 10 Web Application Security Vulnerabilities
More informationSymantec Mobile Management 7.1
Scalable, secure, and integrated device management for healthcare Data Sheet: Industry Perspectives Healthcare Overview The rapid proliferation of mobile devices in the workplace is outpacing that of any
More informationAnti-exploit tools: The next wave of enterprise security
Anti-exploit tools: The next wave of enterprise security Intro From malware and ransomware to increasingly common state-sponsored attacks, organizations across industries are struggling to stay ahead of
More informationBasic Security Considerations for Email and Web Browsing
Basic Security Considerations for Email and Web Browsing There has been a significant increase in spear phishing and other such social engineering attacks via email in the last quarter of 2015, with notable
More informationSymantec Mobile Management 7.2
Scalable, secure, and integrated device management Data Sheet: Endpoint Management and Mobility Overview The rapid proliferation of mobile devices in the workplace is outpacing that of any previous technology
More informationWhite Paper. Anywhere, Any Device File Access with IT in Control. Enterprise File Serving 2.0
White Paper Enterprise File Serving 2.0 Anywhere, Any Device File Access with IT in Control Like it or not, cloud- based file sharing services have opened up a new world of mobile file access and collaborative
More informationBackground. How much does EMET cost? What is the license fee? EMET is freely available from Microsoft without material cost.
Microsoft s Enhanced Mitigation Experience Toolkit (EMET) is an enhancement to the Windows operating system that stops broad classes of malware from executing. EMET implements a set of anti-exploitation
More informationVirtual Patching: a Proven Cost Savings Strategy
Virtual Patching: a Proven Cost Savings Strategy An Ogren Group Special Report December 2011 Executive Summary Security executives, pushing the limits of traditional labor-intensive IT patch processes
More informationCDM Software Asset Management (SWAM) Capability
CDM Software Asset Management (SWAM) Capability Department of Homeland Security Office of Cybersecurity and Communications Federal Network Resilience Table of Contents 1 PURPOSE AND SCOPE... 2 2 THREAT
More informationSPEAR PHISHING AN ENTRY POINT FOR APTS
SPEAR PHISHING AN ENTRY POINT FOR APTS threattracksecurity.com 2015 ThreatTrack, Inc. All rights reserved worldwide. INTRODUCTION A number of industry and vendor studies support the fact that spear phishing
More informationAddressing BYOD Challenges with ForeScout and Motorola Solutions
Solution Brief Addressing BYOD Challenges with ForeScout and Motorola Solutions Highlights Automated onboarding Full automation for discovering, profiling, and onboarding devices onto both wired and wireless
More informationDefend Your Network with DNS Defeat Malware and Botnet Infections with a DNS Firewall
Defeat Malware and Botnet Infections with a DNS Firewall By 2020, 30% of Global 2000 companies will have been directly compromised by an independent group of cyberactivists or cybercriminals. How to Select
More informationCarbon Black and Palo Alto Networks
Carbon Black and Palo Alto Networks Bring Together Next-Generation Endpoint and Network Security Solutions Endpoints and Servers in the Crosshairs of According to a 2013 study, 70 percent of businesses
More informationOpen an attachment and bring down your network?
Open an attachment and bring down your network? Many people think this will never happen to them, but virus attacks can come from unlikely sources and can strike when you least expect it. They can wreak
More informationEndpoint Security: Moving Beyond AV
Endpoint Security: Moving Beyond AV An Ogren Group Special Report July 2009 Introduction Application whitelisting is emerging as the security technology that gives IT a true defense-in-depth capability,
More informationCyber Security Solutions for Small Businesses Comparison Report: A Sampling of Cyber Security Solutions Designed for the Small Business Community
Cyber Security Solutions for Small Businesses Comparison Report: A Sampling of Cyber Security Solutions Designed for the Small Business Community A Sampling of Cyber Security Solutions Designed for the
More informationSymantec Endpoint Protection 12.1.4
Data Sheet: Endpoint Security Overview provides unrivaled security across physical and virtual platforms and support for the latest operating systems-mac OS X 10.9 and Windows 8.1. Powered by Symantec
More informationInformation Technology Security Review April 16, 2012
Information Technology Security Review April 16, 2012 The Office of the City Auditor conducted this project in accordance with the International Standards for the Professional Practice of Internal Auditing
More informationCyber Security Solutions:
ThisIsCable for Business Report Series Cyber Security Solutions: A Sampling of Cyber Security Solutions Designed for the Small Business Community Comparison Report Produced by BizTechReports.com Editorial
More informationVulnerability Management
Vulnerability Management Buyer s Guide Buyer s Guide 01 Introduction 02 Key Components 03 Other Considerations About Rapid7 01 INTRODUCTION Exploiting weaknesses in browsers, operating systems and other
More informationPutting Web Threat Protection and Content Filtering in the Cloud
Putting Web Threat Protection and Content Filtering in the Cloud Why secure web gateways belong in the cloud and not on appliances Contents The Cloud Can Lower Costs Can It Improve Security Too?. 1 The
More information2012 Endpoint Security Best Practices Survey
WHITE PAPER: 2012 ENDPOINT SECURITY BEST PRACTICES SURVEY........................................ 2012 Endpoint Security Best Practices Survey Who should read this paper Small and medium business owners
More informationHow To Prevent Hacker Attacks With Network Behavior Analysis
E-Guide Signature vs. anomaly-based behavior analysis News of successful network attacks has become so commonplace that they are almost no longer news. Hackers have broken into commercial sites to steal
More informationEnd to End Security do Endpoint ao Datacenter
do Endpoint ao Datacenter Piero DePaoli & Leandro Vicente Security Product Marketing & Systems Engineering 1 Agenda 1 Today s Threat Landscape 2 From Endpoint: Symantec Endpoint Protection 3 To Datacenter:
More informationTop Cyber Threats Of 2009
Top Cyber Threats Of 2009 Who were the top 5 riskiest celebrities in 2009? Did spammers really know who killed Michael Jackson? Data from Symantec Security Response November 2009 Top 5 Riskiest Celebrities
More information