13.6 C
London
Tuesday, September 26, 2017
Home Tags CISSP

Tag: CISSP

What malicious sites provide both free and paid access to stolen credit cards, company databases, malware and more? 1 of 10 Image Source: imsmartin With nothing more than a standard Web browser, cybercriminals can find personal, private information all over the public Internet.
It isn't just legitimate services - from genealogy sites to public records and social media - that can be mined and exploited for nefarious purposes. Openly malicious criminal activities are also happening on the public Internet.  True, much of the cybercrime underground consists of private and established communities that don't appear in a normal search engine and are not accessible by regular users without special authorization. However, according to the team at identity protection and fraud detection provider CSID, there are different levels of cybercriminal resources - and not all are so tightly protected.

The quality and quantity of the more easily accessible forums are still high, say the CSID team, and anyone can access content such as stolen credit cards, cyberattack tools, and even advanced malware, which can be leveraged with minimal technical know-how required. Adam Tyler, chief innovation officer at CSID, describes how black-market organizations are becoming more like traditional online businesses we visit and buy from every day. “For example," he says, "many sites now have their own Facebook, Twitter and even YouTube pages to advise their member base on new attacks and tools that are available.” Data sold on criminal marketplaces “age quickly, meaning that once the information is stolen, it has to be used for fraudulent purposes quickly,” says Christopher Doman, consulting analyst at Vectra Networks. “The more times the information is abused for fraud, the more the information will be devalued.” “Companies should have these marketplaces monitored, looking for trends in data breaches and attacks as well as to see if any of their data has been compromised,” says Carefree Solutions’s CEO Paul San Soucie. “One point that I’m not sure is evident is that there is more public and Dark Web research than any one IT person can handle. Researching and absorbing this information requires significant training and experience.

Even large US banks that have dedicated security staff are not able to do some of the research and analysis that specialized reconnaissance teams can perform.” San Soucie nevertheless suggests treading carefully when doing this research. "While you can get to most of these sites using standard https, I still consider them dark and strongly recommend accessing them via a VPN as both criminal and government sources track access in some cases.” Read on for a collection of some of the popular sites where private data, credentials, and attack tools are up for sale, or even for free download. Sean Martin is an information security veteran of nearly 25 years and a four-term CISSP with articles published globally covering security management, cloud computing, enterprise mobility, governance, risk, and compliance—with a focus on specialized industries such as ...
View Full Bio 1 of 10 More Insights
Developers who focus on secure development skills find themselves in high demand. Developers who choose to augment their knowledge with secure development skills will find themselves in the most in-demand career field as the growth in cyberattacks forces organizations and governments to strengthen their cyber war chests with more advanced tools, increased budgets, and larger teams. A quick glance at the astronomical budgets that governments and Fortune 100 companies are allocating toward cybersecurity provides a glimpse into the extreme challenges organizations face because of the increase in cyberattack sophistication and volume.  J.P. Morgan has increased its 2016 cybersecurity budget to $500 million, up from $250 million in 2015, and its general counsel for intellectual property and data protection says that the company "still feels challenged" by cyberattacks.

Bank of America CEO Brian Moynihan has said that when it comes to cybersecurity, there are no budget constraints.

At the federal level, President Obama has increased cybersecurity spending to $19 billion in 2017, up from $14 billion in 2016. But even with massive budgets being earmarked to protect against cyberattacks, it's difficult for organizations to fill all their open cybersecurity positions.
In 2015, more than 200,000 cybersecurity job positions went unfilled, a shortfall that is on track to increase to 1.5 million by 2019, according to Symantec CEO Michael Brown. For developers passionate about securing code and willing to invest the time needed to add security to their IT skills, when it comes to career advancement, there are many opportunities.  How Can Developers Choose "Secure Development"?At the top of the pyramid when it comes to cybersecurity certifications is the Certified Information Systems Security Professional (CISSP); however, it requires years of prior experience in information security.  For developers looking to boost their secure development knowledge by attaining a security certification, an ideal place to start your research is "10 Security Certifications To Boost Your Career" in order to find the certification that matches your goals and current qualifications.  When it comes to pinpointing which pathway best suits your cybersecurity career goals, there are numerous routes to take.  Developers who have a passion for policy enforcement, incident response, auditing, or user awareness and are interested in providing a security perspective on third-party products can head in the direction of enterprise IT security. Compliance-minded developers with experience developing applications with PCI-DSS, MISRA, FIPS, and other policy certifications can find roles available as security or compliance consultants, or as internal or external auditors.  Other routes include jobs in wireless security, network security, cryptography, risk management, identity architects, and many others.

According to the U.S.

Department of Labor, the most sought-after job titles in cybersecurity include security engineer, security analyst, information security analyst, network security engineer, and information technology security analyst.  5 Top Security Careers, Job Descriptions & SalariesHigher salaries are the most obvious benefit for developers who decide to enhance their cybersecurity knowledge and move into secure development roles. Roles in cybersecurity can pay up to 9% more on average than IT jobs outside of the security realm. Note: Salary statistics taken from PayScale, job description information from Cyber Degrees. Security EngineerSecurity engineers build and maintain IT security solutions within organizations.

They perform vulnerability testing, risk analyses, and security assessments while creating innovative ways to solve existing production security issues. Requirements: Degree in computer scienceMedian Salary: $88,777  Security AnalystSecurity analysts are in charge of the detection and prevention of cyberthreats against an organization through an ongoing analysis of the company's IT infrastructure.

Tasks include the planning and implementation of security measures and controls, data maintenance and the monitoring of security assets, in-house security awareness training, and more. Requirements: Between one and five years of cybersecurity experience is needed.Median Salary: $66,787 Penetration TesterPenetration testers are legal hackers who help organizations find security threats in applications, networks, and systems.

They're also known as pentesters.

They test applications by simulating cyberattacks that have been found in the wild. Requirements: Unlike other cybersecurity, many openings for pentesters don't require a degree; however, your abilities will be under constant scrutiny, so some formal education is recommended. Median Salary: $77,774 Security ConsultantSecurity consultants design and implement innovative security solutions.
Since security consultants are relied upon by numerous different departments to guide and implement long-term cybersecurity strategy, extensive industry experience is required.

For developers who are new to security, starting as a pentester or security analyst is recommended, although after proving themselves in other security roles for between three to five years, and understanding the industry inside out, aspiring security analysts could find themselves relevant for this role. Requirements: A degree in computer science and between three and five years of experience in cybersecurity are needed. Median Salary: $80,763 Incident ResponderIncident responders, also known as CSIRT engineers, or intrusion analysts, investigate and limit the damage from cyberattacks that have occurred while working closely with the security team to prevent further attacks from taking place.
Incident responders monitor their organization's networks and systems for threats while performing audits, risk analysis, and malware assessments. Requirements: Like pentesters, incident responders don't necessarily have to have a specific degree, although a cybersecurity certification or specialization is helpful.Median Salary: Around $60,000 Don't WaitWhile security analysts and security engineers must have a degree and extensive experience, there are options for developers who want to turn their security passions into a profession in roles such as incident responders and pentesters, with less-intensive requirements.
If you're a developer, don't wait — start working on enhancing your career in cybersecurity now. Related Content: Paul is an application security community specialist at Checkmarx, responsible for writing, editing, and managing the social media community. With a background in mobile applications, Paul brings a passion for creativity to investigating the trends, news and security issues ...
View Full Bio More Insights
Whether they identify as white hats, black hats, or something in between, a majority of hackers agree that no password is safe from them -- or the government for that matter. Regardless of where they sit with respect to the law, hackers mostly agree th...
What a classically-trained guitarist with a Master's Degree in counseling brings to the table as head of cybersecurity and privacy at one of the world's major healthcare organizations. Bishop Fox’s Vincent Liu sat down recently with GE Healthcare Cybersecurity and Privacy General Manager Richard Seiersen in a wide-ranging chat about security decision making, how useful threat intelligence is, critical infrastructure, the Internet of Things, and his new book on measuring cybersecurity risk. We excerpt highlights below. You can read the full text here. Fourth in a series of interviews with cybersecurity experts by cybersecurity experts. Vincent Liu: How has decision making played a part in your role as a security leader? Richard Seiersen:  Most prominently, it’s led me to the realization that we have more data than we think and need less than we think when managing risk.
In fact, you can manage risk with nearly zero empirical data.
In my new book “How to Measure Anything in Cybersecurity Risk,” we call this “sparse data analytics.” I also like to refer to it as “small data.” Sparse analytics are the foundation of our security analytics maturity model. The other end is what we term “prescriptive analytics.” When we assess risk with near zero empirical data, we still have data, which we call “beliefs.” Consider the example of threat modeling. When we threat model an architecture, we are also modeling our beliefs about threats. We can abstract this practice of modeling beliefs to examine a whole portfolio of risk as well. We take what limited empirical data we have and combine it with our subject matter experts’ beliefs to quickly comprehend risk. VL: If you’re starting out as a leader, and you want to be more “decision” or “measurement” oriented, what would be a few first steps down this road? RS: Remove the junk that prevents you from answering key questions. I prefer to circumvent highs, mediums, or lows of any sort, what we call in the book “useless decompositions.” Instead, I try to keep decisions to on-and-off choices. When you have too much variation, risk can be amplified. Most readers have probably heard of threat actor capability.

This can be decomposed into things like nation-state, organized crime, etc. We label these “useless decomposition” when used out of context. Juxtapose these to useful decompositions, which are based on observable evidence.

For example, “Have we or anyone else witnessed this vulnerability being exploited?” More to the point, what is the likelihood of this vulnerability being exploited in a given time frame? If you have zero evidence of exploitability anywhere, your degree of belief would be closer to zero. And when we talk about likelihood, we are really talking about probability. When real math enters the situation, most reactions are, “Where did you get your probability?” My answer is usually something like, “Where do you get your 4 on a 1-to-5 scale, or your ‘high’ on a low, medium, high, critical scale?” A percentage retains our uncertainty.
Scales are placebos that make you feel as if you have measured something when you actually haven’t. This type of risk management based on ordinal scales can be worse than doing nothing.   VL: My takeaway is the more straightforward and simple things are, the better.

The more we can make a decision binary, the better.

Take CVSS (Common Vulnerability Scoring System). You have several numbers that become an aggregate number that winds up devoid of context. RS: The problem with CVSS is it contains so many useless decompositions.

The more we start adding in these ordinal scales, the more we enter this arbitrary gray area. When it comes to things like CVSS and OWASP, the problem also lies with how they do their math. Ordinal scales are not actually numbers. For example, let’s say I am a doctor in a burn unit.
I can return home at night when the average burn intensity is less than 5 on a 1-to-10 ordinal scale.
If I have three patients with burns that each rank a 1, 3, and 10 respectively, my average is less than a 5. Of course, I have one person nearing death, but it’s quitting time and I am out of there! That makes absolutely no sense, but it is exactly how most industry frameworks and vendor implement security risk management.

This is a real problem.

That approach falls flat when you scale out to managing portfolios of risk. VL: How useful is threat intelligence, then? RS: We have to ask—and not to be mystical here—what threat intelligence means.
If you’re telling me it is an early warning system that lets me know a bad guy is trying to steal my shorts, that’s fine.
It allows me to prepare myself and fortify my defenses (e.g., wear a belt) at a relatively sustainable cost. What I fear is that most threat intelligence data is probably very expensive, and oftentimes redundant noise. VL: Where would you focus your energy then? RS: For my money, I would focus on how I design, develop, and deploy products that persist and transmit or manage treasure.

Concentrate on the treasure; the bad guys have their eyes on it, and you should have your eyes directed there, too. This starts in design, and not enough of us who make products focus enough on design. Of course, if you are dealing with the integration of legacy “critical infrastructure”-based technology, you don’t always have the tabula rasa of design from scratch. VL: You mean the integration of critical infrastructure with emerging Internet of Things technology, is that correct? RS: Yes; we need to be thoughtful and incorporate the best design practices here.

Also, due to the realities of legacy infrastructure, we need to consider the “testing in” of security.
Ironically, practices like threat modeling can help us focus our testing efforts when it comes to legacy.
I constantly find myself returning to concepts like the principle of least privilege, removing unnecessary software and services.
In short, focusing on reducing attack surface where it counts most. Oldies, but goodies! VL: When you’re installing an alarm system, you want to ensure it is properly set up before you worry about where you might be attacked. Reduce attack surface, implement secure design, execute secure deployments. Once you’ve finished those fundamentals, then consider the attackers’ origin. RS:  Exactly! As far as the industrial IoT (IIoT) or IoT is concerned, I have been considering the future of risk as it relates to economic drivers...

Connectivity, and hence attack surface, will naturally increase due to a multitude of economic drivers.

That was true even when we lived in analog days before electricity. Now we have more devices, there are more users per device, and there are more application interactions per device per user.

This is an exponential growth in attack surface. VL: And the more attack surface signals more room for breach. RS: As a security professional, I consider what it means to create a device with minimal attack surface but that plays well with others.
I would like to add [that] threat awareness should be more pervasive individually and collectively. Minimal attack surface means less local functionality exposed to the bad guy and possibly less compute on the endpoint as well. Push things that change, and or need regular updates, to the cloud. Plays well with others means making services available for use and consumption; this can include monitoring from a security perspective.

These two goals seem at odds with one another. Necessity then becomes the mother of invention.

There will be a flood of innovation coming from the security marketplace to address the future of breach caused by a massive growth in attack surface.  Richard Seiersen, General Manager of Cybersecurity and Privacy, GE Healthcare PERSONALITY BYTES First career interest: Originally a classical musician who transitioned into teaching music. Start in security: My master’s degree capstone project was focused on decision analysis.
It was through this study that I landed an internship at a company called TriNet, which was then a startup. My internship soon evolved into a risk management role with plenty of development and business intelligence. Best decision-making advice for security leaders: Remove the junk that prevents you from answering key questions. Most unusual academic credential: Earned a Master in Counseling with an emphasis on decision making ages ago.
I focused on a framework that combined deep linguistics analysis with goal-setting to model effective decision making. You could call it “agile counseling” as opposed to open-ended soft counseling. More recently, I started a Master of Science in Predictive Analytics. My former degree has affected how I frame decisions and the latter brings in more math to address uncertainty.

Together they are a powerful duo, particularly when you throw programming into the mix. Number one priority since joining GE: A talent-first approach in building a global team that spans device to cloud security. Bio: Richard Seiersen is a technology executive with nearly 20 years of experience in information security, risk management, and product development.

Currently he is the general manager of cybersecurity and privacy for GE Healthcare. Richard now lives with his family of string players in the San Francisco Bay Area.
In his limited spare time he is slowly working through his MS in predictive analytics at Northwestern. He should be done just in time to retire. He thinks that will be the perfect time to take up classical guitar again. Related Content: Vincent Liu (CISSP) is a Partner at Bishop Fox, a cyber security consulting firm providing services to the Fortune 500, global financial institutions, and high-tech startups.
In this role, he oversees firm management, client matters, and strategy consulting.
Vincent is a ...
View Full Bio More Insights
Press Release Cayman-based eShore Ltd has helped inspire 15 IT security professionals to obtain the industry accredited Certified Information Systems Security Professional (CISSP) certification in a 5-day, on-island bootcamp with instructor Jay Ranade. IT security professionals from leading organisations including Cayman Islands Monetary Authority (CIMA), Fidelity Bank and XSOMO International joined the 1-to-1 interactive and web-based session.With IT security, cyber threats, and new CIMA guidelines on everyone’s mind, eShore Ltd offered the opportunity to leading Caribbean businesses who are looking to strengthen their information security program and protect their data from increasingly sophisticated attacks. Polly Pickering Polly Pickering, Managing Director at eShore Ltd, said: “It was good to see so many IT security professionals taking advantage of the opportunity. Jay teaches security, risk, and audit classes globally and has written and published more than 35 IT related books, so our attendees couldn’t have asked for a better instructor.
It was a great week had by all!” “Cyber attacks on business email and data breaches continue to rise at an unprecedented rate.

This is our way of giving something back to the community to ensure that regional businesses not only recognise the increasing threats, but have access to the gold standard in security certification. While eShore Ltd can offer state-of-the-art teams and technology, it is awareness and training - coupled with executive buy-in - that really makes the difference,” Polly continues. Due to the success of the event, eShore Ltd will be running another CISSP bootcamp with instructor Jay Ranade on the week commencing 5th December. To reserve your place, sign up online today – caymancisspbootcamp.eventbrite.com. -ENDS - Issued by eShore Ltd.Telephone: +1 345 946 3673Email: dan.whiteside@eshoreltd.comAbout eShore and Sure InternationaleShore Ltd is a Cayman based company providing offshore IT products and services in offshore jurisdictions.
Specialising in the Caribbean market, we’ve been providing IT security, email security, data backup, and business continuity solutions since 2005 and are proud to be partnered with Sure International – a Channel Islands datacentre provider offering a unique choice of three well-regulated offshore jurisdictions in Jersey, Guernsey and Isle of Man. Visit http://www.eshoreltd.com/
'Super hunters' share a common goal: to find the most high impact valid bugs before a bad guy does. 1 of 8 Image Source: imsmartin/Bugcrowd The true value of crowdsourced security lies in the diversity of knowledge, experience, and bug-hunting methods employed by security researchers.

Additional value is oftentimes further defined by differing cultures, perspectives and backgrounds depending on geographic location.

Bugcrowd’s crowdsourced bug-bounty program, for example, is quite diverse, with participating researchers from no fewer than 112 countries organized into several regions. While there may be a lot of differences between each of the 112 countries, the top researchers – many of them described as ‘Super Hunters[SM1] ’ — from each region appear to share a common goal: to find the most, high impact valid bugs before a bad guy does. To underscore the value these individuals bring to the cybersecurity table, this slide show will provide seven profiles for the top-ranked Bugcrowd researchers, selecting one from each of the top-submitting regions, chosen by the largest volume of bug submissions. To help understand the data presented with each researcher, refer to the following definitions: Acceptance Rate: Best explained as a comparison of valid to invalid reports. Average Priority: When taken in context with a researcher’s rank and Acceptance Rate, this can help recognize outstanding researchers who consistently submit high impact vulnerabilities, but may be lower volume in their submissions. Kudos Points: These are intended to recognize researchers for their valid vulnerability reports, independent of monetary or swag prizes associated with the bounty program.

The more severe the vulnerability impact, the greater the points awarded (from 5 to 20). This presentation is a precursor to a new report being developed by Bugcrowd which will take a look at the psychology of bug hunters, what motivates them, and why the researchers look very different from one another. Before we begin, imsmartin would like to thank the Bugcrowd team for making this information available to our team. Sean Martin is an information security veteran of nearly 25 years and a four-term CISSP with articles published globally covering security management, cloud computing, enterprise mobility, governance, risk, and compliance—with a focus on specialized industries such as ...
View Full Bio 1 of 8 More Insights
Whether it's due to lack of attention, poor capital planning or alert fatigue, there are lots of reasons why an SOC can become unhealthy. Here's how to make it better. Congratulations, you’re the new CISO! Whether you have served in the role previously or it’s new to you, you’ll be asked to observe your new organization, to develop a 100-day plan, to evaluate people, processes, and technology, and of course you’ll need to tell the CEO where you would attack the organization and how you will protect against that.
It’s a daunting and exciting task to be the new CISO.  There is so much to observe, learn, and then you have to formulate a plan of action. You are inundated with learning the new organization from the CISO’s chair.

Finally, the day comes when you tour the Security Operations Center. You are looking forward to this, because it’s operational; it’s where you fight the adversary—hackers with various forms of capabilities, motives, and sponsorship.  Of course you want to see the chess match in action between your cyber analysts and threat actors. You look around: it looks like a SOC (analysts at monitors), and then your SOC Director briefs you on manpower, processes, technology, annual budget, measures and metrics.

As the briefing continues your smile transitions to furrowed eye brows.

As you investigate, and question, and seek to understand, you can see what has happened, your SOC is sick. You have seen the symptoms before and you know the diagnosis, it’s SOC-atrophy.   SOC-atrophy: An omissive noun. 1. When your technology has remained dormant too long. 2. Unrefreshed cyber technology. 3.

The absence of intelligence and heuristics. 4. Plagued by false positives.
Your SOC became sick for several reasons. The technology you have is antiquated and completely signature-based, best suited for static threats, not advanced threats. While signature-based solutions have a role, it’s a secondary protection role. The organization failed to keep up with technology and the evolving threat.

For years, the organization has relied on incremental funding.

This budget strategy has a typical result; a disparate mix of capabilities purchased individually as security silos without consideration for how the capabilities will work together.

The tools don’t work together.  It’s an integration nightmare! But SOC-atrophy is not a technology problemAs you sit down with your analysts, you observe that each analyst must be knowledgeable about several different tools and that they spend a lot of time collecting data and alerts. You observe the waterfall of alerts overflowing your analysts with data -- mostly false positives.

The analysts have alert fatigue; they just can’t keep up. The bottom line: the organization didn’t see the evolution of the threat, didn’t keep up with technology, and has not figured out how to use threat intelligence, much less integrate intelligence as a key enabler.

The old technology in your SOC was the right decision for a different time, but not for today.  Capital planning for cyber investment has also been a challenge.

Typically SOCs are developed and funded piecemeal, a silo of capability at a time.

This has a cause and effect, the tools are hard to integrate or don’t integrate at all, which in turn make it virtually impossible for an analyst to perform. Whether it has been lack of attention, inadequate measurement of effectiveness, poor capital planning, or alert fatigue, there are several ways for a SOC to become sick. Your goal now is to bring it back to a healthy state. Here are five strategies to overcome SOC-atrophy. Research to understand all SOC investments. You need to analyze the costs of each tool, effectiveness, and cost, and then prioritize the value of what you have. You will want to keep the best value, and get rid of the lower value, higher cost, solutions.

This is your available trade space. Perform a SOC-focused assessment.

This will gauge operational effectiveness and highlight gaps. Knowing your current health is a relatively low-cost endeavor and helps you in building a business case for investments to close the gaps. Study the threat landscape.

From CEO to cyber analysts, your organization needs to clearly understand the threat landscape and how the threat is escalating.

This understanding will help you focus on the technology, expertise, and intelligence you need to protect your organization. Resist the urge to fund your tools piecemeal. Develop the business case for an integrated platform with the ability to visualize web, email, file servers, endpoints, mobile, and SIEM, in one picture, enabling the ability to detect and remediate threats earlier in the kill chain.

The board needs to understand the business case for an integrated platform. Encourage cross-organizational collaboration. It’s critical to build partnerships for vetting the business case and gaining consensus on your SOC plans.
Spending quality time with your fellow IT executives and other business leaders to discuss -- at a strategic level -- what you are working on, your timeline, and your forthcoming proposal.

There is no greater feeling than going into a board meeting with many of the members clearly in your corner. Related Content:  Black Hat’s CISO Summit Aug 2 offers executive-level insights into technologies and issues security execs need to keep pace with the speed of business.

Click to register.
Lance Dubsky, CISSP, CISM, is Chief Security Strategist, Americas, at FireEye and has over two decades of experience planning, building and implementing large information security programs.

Before joining FireEye, he served as the Chief Information Security Officer at two ...
View Full Bio More Insights
Detects Ransomware, Spear Phishing, APTs and Other Tier-1 Threats FasterMay 17, 2016— LogRhythm, The Security Intelligence Company, today announced immediate availability of Network Monitor 3.

This latest version of the industry’s leading network monitoring, analytics and forensics solution empowers organisations to detect, investigate and neutralise today’s most advanced and concerning threats such as ransomware, spear phishing and APTs faster and with greater precision than ever before. LogRhythm logoLeading the list of new innovations introduced in Network Monitor 3 is Deep Packet Analytics (DPA).

DPA performs real-time, automated, machine analytics on all network traffic, applying behavioural and statistical analysis to rich data sets produced by Network Monitor’s Full Packet Capture and Layer 7 SmartFlow™ features.

The result is unprecedented speed and precision in detecting advanced threats traversing enterprise networks.

This lowers the risk of high-impact breaches and improves efficiency and effectiveness of information security staff. “When an attack hits, the tools we use need to have broad capabilities, be highly intuitive with a practical interface, and enable us to be efficient and precise in our response,” said Jack Callaghan, senior security engineer, CISSP CISM CIPP, Pulte Mortgage. “That’s exactly why we selected LogRhythm’s Network Monitor solution and Security Intelligence Platform over the competition and have made it core to our information security arsenal.” “Most organisations are blind to a growing number of advanced threats crossing their network today,” said Chris Petersen, CTO/Co-Founder at LogRhythm. “Deeper visibility into suspicious network activity, coupled with powerful analytics and more efficient incident response is what’s needed to detect and mitigate these threats before they can have a material impact.

That’s exactly what Network Monitor 3 is providing to our customers.”Beyond accelerating the detection of advanced threats, Network Monitor’s DPA also automates incident response investigations by enabling responders to create custom analytics rules that can inspect full packet streams in real time.

Additionally, DPA enhances Network Monitor’s SmartCapture™ policies to trigger packet capture on traffic that is aligned with concerning network activities including known indicators of compromise (IOC). Other network monitoring and analytic platforms require the capture and storage of all packets regardless of their association with suspicious activity.

Additional innovations introduced in Network Monitor 3 include: Enhanced data visualisations – Built on Elasticsearch’s Kibana Big Data plug-in, Network Monitor 3 delivers new, highly intuitive and practical presentations of massive data sets, accelerating threat detection and incident responseExtended Application Identification to over 2,700 – Growing the # of applications Network Monitor can identify in real-time by over 1,000 since the release of Network Monitor 2Increased speed and efficiency of packet capture viewing – Leveraging the REST API, Network Monitor 3 provides programmatic access to packet data for the LogRhythm Security Intelligence Platform or any 3rd party applicationExtended capabilities for extracting files, images and other content from full packet captures – Facilitating more rapid incident analysis and response “Detecting threats that are latent in your network requires intelligence that is derived from real-time analysis of network traffic”, says Eric Ogren, senior analyst at 451 Research. “We find identifying applications, correlating historical user and machine activity and analysing network packets for anomalies, to be fundamental to behavioural analytics, which is rapidly becoming a critical element of enterprise security strategies. LogRhythm’s Deep Packet Analytics and Security Intelligence Platform form a combination that can help security teams detect threats before significant damage occurs.”LogRhythm Network Monitor 3 is available for purchase today as a standalone solution or as a fully integrated component of the LogRhythm’s Security Intelligence Platform.

To view LogRhythm’s Network Monitor 3 features & capabilities, click here. (https://www.youtube.com/watch?v=-oALDKcjCnA) ###About LogRhythmLogRhythm, a leader in security intelligence and analytics, empowers organisations around the globe to rapidly detect, respond to and neutralise damaging cyber threats.

The company’s patented and award-winning platform uniquely unifies next-generation SIEM, log management, network and endpoint forensics, and advanced security analytics.
In addition to protecting customers from the risks associated with cyber threats, LogRhythm provides unparalleled compliance automation and assurance, and enhanced IT intelligence.LogRhythm is consistently recognised as a market leader.

The company has been positioned as a Leader in Gartner’s SIEM Magic Quadrant report for four consecutive years, named a ‘Champion’ in Info-Tech Research Group’s 2014-15 SIEM Vendor Landscape report, received SC Labs ‘Recommended’ 5-Star rating for SIEM and UTM for 2016 and earned Frost & Sullivan’s 2015 Global Security Information and Event Management (SIEM) Enabling Technology Leadership Award. LogRhythm is headquartered in Boulder, Colorado, with operations throughout North and South America, Europe and the Asia Pacific region.Media ContactsHannah Townsend or Savannah O’HareFinn PartnersLogRhythm@finnpartners.com+44 20 3217 7060
Here are five critical factors you need to know about today's new breed of endpoint protection technology. Image Source: imsmartin As the world of fraud, phishing, and ransomware takes over the headlines, it’s no wonder organizations are looking for new ways to combat these threats. Ransomware attacks in particular have become the new advanced persistent threat, having risen to the top of the list of concerns for organizations both large and small. It’s also no secret that traditional endpoint protection technologies have not kept up with the challenges presented by these advanced threats; these legacy technologies are simply not able to handle attacks that find their way onto corporate endpoints and then work their way into and around the network. Worse, many of the “newer” security technologies have all but given up on prevention, focusing instead on detection and remediation.

This makes it more difficult for organizations to maintain a positive outlook for their resource-intensive and often extremely expensive cybersecurity programs.
Some recent prevention-based approaches are simply ineffective at stopping advanced threats, or they impose too much tuning, operational overhead and management headaches to be viable on a large-scale basis. Even though malware, exploits, and insiders are able to bypass the perimeter and penetrate endpoints, it's unrealistic to expect antivirus (AV) -- one of most recognizable traditional endpoint security technologies on the market -- to go by the wayside any time soon. Organizations must maintain as many layered, proactive, and defensive capabilities as possible,  AV included.

They also need to integrate additional countermeasures, tools and information that help them quickly spot the origination of attacks, understand the intent and future path of attacks, and clearly articulate the means for blocking, remediating and stopping the spread of attacks. AV and other traditional endpoint security technologies are not dead.

These products are still used by many; they are just being overrun by a collection of new-breed protection methods, some of which are better able to handle complex attacks and keep up with culprits as they find new ways to get around the technologies used to thwart them. Reliance on a single method is no longer sufficient. This slide show provides a view into some of the critical attributes to look for in these new methods. While each method may be viewed and handled differently across the highlighted vendors, it’s important to recognize that the methods, in some form or another, are necessary if organizations are to have a fighting chance at combatting the targeted attacks their endpoints try to deal with on a daily basis. Note: The team at imsmartin thanks Crowdstrike, FireEye, Palo Alto Networks and SentinelOne for their contributions to this slide collection. Sean Martin is an information security veteran of nearly 25 years and a four-term CISSP with articles published globally covering security management, cloud computing, enterprise mobility, governance, risk, and compliance—with a focus on specialized industries such as ...
View Full BioMore Insights
Registration now open; over 30 educational sessions, five panel debates, and pre-conference certification workshops London, UK, Sept 2, 2014 - (ISC)²® ("ISC-squared"), the largest not-for-profit membership body of certified information and software security professionals with over 100,000 members worldwide, today released its education programme and speaker line-up for its inaugural Security Congress EMEA, taking place 9-10 December at the Bloomsbury Hotel in London. Organised in partnership with MIS Training Institute, the conference programme offers a broad professional development opportunity, combining a comprehensive plenary programme with focussed track sessions from a cross-section of the security community throughout the region. Kicking off the programme with insights into why the UK government elevated cybersecurity to a tier one threat is The Right Honourable David Blunkett, MP, who has held a number of senior Cabinet posts within the UK government, including Home Secretary (2001-2004). "I am very pleased to see and support this obvious commitment from the (ISC)² community to showcase the best of experience and increase our capacity to ensure security for us all in our now digitally-enabled, digitally-dependent economy. It has never been more crucial for the region's international information security profession to come together and align effort as we all face the increasingly complex and adversarial challenges that are developing in the cyber world," says Blunkett. Other confirmed keynotes speakers include:Dr. Simon Singh, best-selling author, journalist, radio broadcaster, TV producer and directorDr. Stefan Lüders, head of Computer Security, European Organization for Nuclear Research (CERN)Jaya Baloo, CISO, KPN, The NetherlandsMichael Colao, Head of Security, AXA UKConference sessions cover current events, including the privacy issues hampering the UK's NHS data sharing scheme and real-world case studies from Euroclear, Ministry of Justice of Saudi Arabia, UBS, Dutch National Cyber Security Centre, and more. Delegates can organise their agenda from over 30 sessions, including a comprehensive plenary programme and break-out sessions across five tracks: Governance, Risk & Compliance; Mobile Security; Human Factor; Security Architecture; and Data Security. "The quality and depth of the response received following our call for speakers was overwhelming, allowing us to build a strong programme that addresses professional development needs at all levels. This event offers the professional community an opportunity to learn from peers and debate the latest proposals around some of the key cybersecurity issues that are challenging companies, governments, and society today," says John Colley, managing director for EMEA, (ISC)².In addition to the conference sessions, Security Congress EMEA delegates have the opportunity to include two pre-conference workshops, held on 8 December, within their conference agenda. These workshops are based on the (ISC)² CBK® training seminars for the Certified Cyber Forensics Professional (CCFPSM) and Certified Software Security Lifecycle Professional (CSSLP®) credentials. "It is our vision to inspire a safe and secure cyber world. We execute on this vision by offering value to society through credentials, resources, and leadership. These concepts are reflected in Security Congress EMEA 2014 through a valuable education programme. I am delighted to see the calibre of speakers that have chosen to speak at our event," says Wim Remes, chair, (ISC)² Board of Directors.All sessions and workshops qualify for Continuing Professional Education (CPE) credit. Registration is now open, and (ISC)² members, chapter members, and supporting organisations are eligible for special discounted pricing. For more information or to register for (ISC)² Security Congress EMEA, please visit EMEAcongress.isc2.org.About (ISC)²® Formed in 1989 and celebrating its 25th anniversary, (ISC)² is the largest not-for-profit membership body of certified information and software security professionals worldwide, with over 100,000 members in more than 135 countries. Globally recognized as the Gold Standard, (ISC)² issues the Certified Information Systems Security Professional (CISSP®) and related concentrations, as well as the Certified Secure Software Lifecycle Professional (CSSLP®), the Certified Cyber Forensics Professional (CCFPSM), Certified Authorization Professional (CAP®), HealthCare Information Security and Privacy Practitioner (HCISPPSM), and Systems Security Certified Practitioner (SSCP®) credentials to qualifying candidates. (ISC)²'s certifications are among the first information technology credentials to meet the stringent requirements of ISO/IEC Standard 17024, a global benchmark for assessing and certifying personnel. (ISC)² also offers education programs and services based on its CBK®, a compendium of information and software security topics. More information is available at www.isc2.org. # # # © 2014, (ISC)² Inc., (ISC)², CISSP, ISSAP, ISSMP, ISSEP, CSSLP, CAP, SSCP and CBK are registered marks, and CCFP and HCISPP are service marks, of (ISC)², Inc.Contact: James RomeroEmail: james@proofcommunication.comTel: +448456801866 Source: RealWire
Much has been published about incident response: there is a comprehensive document produced by the US National Institute of Standards and Technology and several thousand books have been published on the subject.   We at (ISC)2 cover incident response in our CISSP Common Body of Knowledge and divide it into three major components: creation  of a response capability; incident handling and response; and recovery and feedback. There may also be a forensics piece to the incident response and management, which will of course place certain restrictions and requirements on the plan. However, as Dwight Eisenhower once said: “plans are nothing, planning is everything”. No incident will follow the crafted plan – but by creating a plan, the incident response team will think through what can happen, discuss the options they may take and the decisions they have to make.  Organisations that have incident response as part of their cyber insurance policy, will still need to plan how to integrate the various specialists and suppliers who are provided as part of the policy. A good plan will, of course, not just have an IT and security focus. Other parts of the business – such as legal, HR and PR – should be involved. Plans should be made for communicating with the media, regulators and customers if a breach occurs, using all forms of media and individuals should be assigned the responsibility to communicate.  Various scenarios – examples include being ‘doorstepped’ by a reporter, reacting to a tweet stating a breach has occurred, or reacting to a published ransom demand – should be planned and rehearsed, so the organisation can quickly state its message and the facts to all concerned. Finally, a good plan will be rehearsed many times. It will not be left on the shelf but will be a living document, used and updated and enhanced regularly. Adrian Davis is managing director EMEA for (ISC)2 Email Alerts Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox. By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy Read More Related content from ComputerWeekly.com RELATED CONTENT FROM THE TECHTARGET NETWORK This was first published in June 2014
The chief information security officer (CISO) holds a unique position in the organisation with responsibility for ensuring the protection of information and systems that are critical to the business. The CISO must walk a tightrope; if the security con...