In almost every security solution, the security team has to manually enter organizational intelligence into the security tool (i.e. EDR / SIEM) to make sense of what is displayed: What is this device? Is this a core server? Is this a smartphone? Is this from the HR department? Is this a file server? Is this from a core network? Was this the firewall? …
Darktrace does 95% of that heavy lifting for you – it tells YOU as the practitioner what all your devices are and do.
This means that almost all of the typically required ongoing engineering costs from running a security monitoring solution just disappear.
• 82% of organizations plan to keep security staﬃng levels the same or increase them in 2017
• Just 14% of organizations believe there are plenty of skilled security professionals available on the market
• Only 23% of IT managers say their security team is well trained and up to date on the latest technologies and threats
• 42% of organizations say their greatest security expenditure is on technology, while 33% say it’s on the people who use it
• Organizations struggle most to ﬁnd people with experience in their vertical markets and the soft skills needed to communicate risks to the business
Finding the right security talent to execute on an effective security strategy is a constant problem for organizations of all sizes.
Dark Reading’s 2017 Security Skills Survey examined the struggles around recruiting and retaining security professionals with these types of skills. Some of the findings include:
To learn more download the report.
What you need to know about Cloud Security
Cloud Is Powering SME Digital Transformation
Why Use Cloud Services?
Cloud services empower SMEs to do more with less. It enables businesses to pay as-you-go, scale-up or down based on demand, and takes less time to deploy compared to on-premises solutions.
More importantly, the business agility enabled through cloud infrastructure are unparalleled. It used to be that your processes were constrained by your IT capabilities as an organization. Cloud services have fundamentally flipped that logic on its head. Now, your business processes lead the way, and flexible IT infrastructure shapes itself around those needs.
The competitive advantages of the cloud are fueling a major digital transformation across all segments of the market. The cloud is enabling small to medium sized enterprises (SME) to grow faster yet be nimble and reach more customers anywhere, anytime.
Moving IT infrastructure and applications to the cloud is one of the top 10 technology trends in 2017 for SMEs. Flexibility, reduced cost, speed and ease of deployment are the key drivers. Cloud-based solutions fill the gap, where traditional on-premises systems like ERP, human resources management, real-time collaboration, work flow integration and automation have failed to deliver. With the cloud, customers are being empowered to do business wherever they have an Internet connection.
For more information, download the cloud pdf
Protecting against the top 5 Attack Vectors
Malicious software that spreads via an email attachment or a link to a malicious website. It infects the endpoints when a user opens the attachment or clicks on the link.
Ransomware is a specialized malware that encrypts all the files on the system that it infects, and prevents you from accessing data unless you pay a ransom.
Ongoing security awareness training for end users, to teach them not to open email attachments from unknown users and not to click on suspicious URLs and download browser plug-ins from suspicious websites.
Malicious email that tricks users to surrender their user credentials. The email may appear legitimate, as if coming from your bank, and ask you to reset your password.
Password Phishing Attack
Everything looks above board; it even warns the recipient not to fall for fraudulent emails. The only thing that gives it away is the rogue link asking for confidential information.
Enable 2-factor authentication, biometrics, or other out-of-band authentication methods (one-time passwords via text). Use anti-spam email software to protect against such attacks.
The Top 5 Attack Vectors
Potentially unwanted programs (PUPs) are trojans, spyware or adware that surreptitiously monitor your keystrokes, scan files on your hard drive, and read your browser cookies
Hackers make money using PUPs by marketing software products
with annoying ads that pop up on your screen.
Avoid downloading and installing apps, browser extensions and programs from untrusted websites. Backup your system to an external drive or online backup service.
Hackers gain access to user accounts by repeatedly entering in different “guesses” of stolen passwords or words from the dictionary with combinations of numbers until they successfully log in.
Such attacks are typically launched with automated tools, where thousands of passwords are submitted from multiple bots (botnets) in a matter of seconds.
Brute-force attacks can be prevented, by 1) account lockout after designated number of failed login attempts; 2) using a challenge-response test (reCAPTCHA) to prevent automated submission.
Hackers exploit vulnerabilities in systems software and web applications to execute unauthorized code, enabling them to gain extra privileges or steal information.
Shellshock exploited a bug in Unix in 2014 to take over systems and convert them to bots. SQL-injection attacks are used to exploit vulnerable web applications.
Run vulnerability scanning software at regular intervals, and patch all systems which have high-priority vulnerabilities.
The National Institute of Standards and Technology (NIST) Cybersecurity Framework is a risk-based approach to managing cybersecurity risk and defines a set of cybersecurity activities and desired outcomes. The core of the framework consists of five concurrent and continuous functions: Identify, Protect, Detect, Respond, and Recover.
Combatting the top five cyberattacks
A common approach to IT security is to invest heavily in cybersecurity protection measures, or the “Protect” function in the NIST framework. Businesses typically deploy several perimeter and endpoint security products with the assumption that they are then secure. Unfortunately, implementing only a subset of the functions within the framework has proven to be insufficient.
Cybercriminals have rapidly acquired new cyber weapons and modified the ways they launch cyberattacks.
Detection and Response: Required for an Effective Cybersecurity Strategy
Weapons and attack capabilities that were previously only observed in large-scale nation-state operations are now falling into the hands of the masses. Today’s attackers are more sophisticated, and capable of exploiting weaknesses at previously unseen speed and scale.
Learn more about ways to protect against the top 5 known Cyber Attacks...
Statistics highlight how, despite deploying various protective point products, businesses still struggle with detecting and responding to cyberattacks. Based on The Ponemon Institute’s research from 2017, companies took an average of 214 days to detect data breaches and 77 days to contain and respond to them.
In the aftermath of most data breaches, IT teams find that attacks usually don’t look like attacks at all, except in hindsight. Detection strategies depend on aggregating and correlating logs from critical components in an organization’s network. Event log data and alerts from these sources need to then be normalized and analyzed thoroughly, with the aid of customized rules written by trained security experts. Detecting patterns of anomalous activity that may be indicators of compromise, therefore, requires the deep analysis of several critical log sources, including:
• Endpoint security (EPP, Antivirus)
• Active Directory
• Email security gateways
• SaaS applications
• Cloud workloads
Timely detection and response requires the in-depth analysis of log data. And, as stated earlier, it also requires creating the customized rules and logic applicable to each environment.
A Force Multiplier for Managing Cybersecurity Risk and Compliance.
What options do regional banks and credit unions such as these have? The emerging area of managed detection and response offers institutions the opportunity to augment their existing IT staffs and improve their security postures while at the same time simplifying compliance.
Learn More of the importance of SOC's
Information technology (IT) teams at institutions such as regional banks and credit unions are stretched thin. They’re expected to meet compliance obligations while simultaneously taking care of cyber threats. This is particularly true for mid-sized institutions without resources dedicated to security or compliance, putting them at risk.
Institutions face a combination of Cyber Security challenges and compliance mandates. While the overriding priority is mitigating risks to sensitive information and avoiding data breaches, they are also obligated to comply with relevant regulations.
Regional banks, credit unions, and other mid-size Institutions can face regulations from both national and state regulatory bodies. Governance, risk management and compliance frameworks, and security guidance developed by NIST, PCI DSS, the FFIEC and state bodies such as the New York Department of Financial Services all strive to assess risk and minimize security gaps. While such oversight provides useful recommendations for cyber risk management, applying and optimizing a Cyber Security strategy can overwhelm capable but short-handed IT and security staffs.
© 2019 Layer 7 Data Solutions LLC. All Rights Reserved.