In a recent article published by CIO Asia, author John Edwards explores the decision by many organizations to blend their cyber security response plans with their disaster recovery plans.
"Although there are valid reasons why organizations tend to think of the two types of response plans as related, organizations should resist the temptation to simply fold information security incident response into broader disaster recovery planning" says Inigo Merino, Founder and CEO of Cienaga Systems, who was among one of the experts interviewed for the article. "Though there are some common governance elements, the two plans have different objectives and in many cases these objectives can be conflicting."
Read the full article here.
Payment Card Industry Data Security Standard (PCI DSS).
Organizations that process credit card transactions must comply with Payment Card Industry Data Security Standards (PCI DSS).
While organizations are generally able to comply with the requirements therein specified, many struggle with meeting section 10 of PCI DSS.
Requirement 10: Track and monitor all access to network resources and cardholder data
Under requirement 10, PCI DSS stipulates the secure logging of, and monitoring access to, data networks. This requires organizations to not only ensure logs are complete and kept safe from tampering, but also to proactively review user activity on their data networks.
Why is Requirement 10 so difficult to implement?
A critical element of this requirement is the need to periodically review access logs and perform proactive network monitoring.
Top reasons for difficulty with PCI DSS Requirement 10 include:
Cienaga Systems' DejaVu is the easiest way for organizations to comply with Requirement 10 in PCI DSS (sections 10.3, 10.4, 10.5, 10.6, 11.4) by providing world-class realtime user behavior monitoring and analytics, remote secure logging and archival.
With DejaVu, organizations streamline processes and reduce the need for security analysts by providing autonomous, AI assisted behavioral analysis and reporting.
Contact us if you'd like to request a trial.
Sadly, it is not only possible but quite likely.
Despite the best efforts of IT departments, hosts and networks can and often do become infected with botnet malware via a wide range of vectors, including watering hole and drive by downloads, to worm-like network propagation, removable media, trojan horses and even social engineering.
Because they rely on known signatures and/or specific network addresses of prior suspected victims (both of which have to be known a-priori), personal firewalls and antivirus have proven of limited use against these threats.
Once infected, compromised devices, called 'bots', can be controlled remotely in coordinated campaigns used to carry out sophisticated and crippling cyber attacks.
How would you know if your network has been infected?
Detecting botnets is not easy and most organizations today only find out about their compromise once their own network blocks become blacklisted by upstream providers.
Some organizations offer intelligence feeds that provide daily lists of known command and control (C&C) servers that can be used to identify infections in their networks. When integrated into proactive Security Operations and CERT/CSIRT processes, these feeds can aid in identifying active infections, thereby reducing an organization's exposure to known cyber risk.
The problem with the cyber-intel-only approach
Cost considerations aside, cyber intelligence feeds are only available a posteriori, meaning that cyber intel researchers have had to come across the specific malware variant before. In addition, attackers frequently change approaches in order to avoid detection. This includes frequently migrating to new, previously unknown C&C locations, rendering the feeds immediately obsolete, as well as changing modes of operation, as the new breed of bots demonstrates, which communicate via P2P protocols.
While it is possible to mitigate risk in this fashion, in order to properly manage the risk posed by these evolving threats, organizations must invest in behavioral analytics approaches which have been proven to aid in the detection of new and evolving evolving threats.
About Cienaga Systems
Cienaga Systems' DejaVu is the easiest way for organizations to deploy world-class security monitoring or enhance existing cyber threat management capabilities.
Through DejaVu, leading organizations efficiently and cost-effectively monitor thousands of endpoints in realtime for early warning signs of compromise, reducing cyber risk and enhancing compliance with legal and regulatory requirements, as well as industry best practices.
Visit www.cienagasystems.net to learn more.
Los Angeles, CA
The healthcare sector is now the number one target for hackers, according to the 2016 IBM X-Force Cyber Security Intelligence Index. This announcement follows a series of healthcare related breaches including one in February of 2016, when a hospital in Los Angeles lost access to patient files as a result of a ransomware attack. Eventually the hospital agreed to pay $17,000 to regain access to the files.
For healthcare administrators, the inability to access data for even a short period of time can sometimes create life-threatening situations; paying ransom is often the quickest way to normalcy. Further, the increasing presence of IoT and network-aware devices in hospital networks is another factor increasing the risk for providers.
As required by HIPAA, it's imperative that healthcare organizations get in front of this issue. By deploying a defense in depth approach, which includes monitoring their data networks, organizations would be alerted of the tell tale early signs of any intrusions. Although the cost and complexity associated with this type of monitoring has historically limited it to Fortune-500 companies, organizations like Cienaga Systems are changing this and now provide easy to implement, effective and affordable cloud based solutions for small and medium sized organizations, which autonomously monitor and alert in real-time if a breach is taking place.
Cienaga Systems helps organizations actively monitor their networks, providing transparency, increasing regulatory compliance and reducing risk from data breaches. Learn more at www.cienagasystems.net
Dell SonicWall devices support syslog reporting out of the box and can be integrated with DejaVu with a few simple steps*:
1- Log into your Dell SonicWall's management interface as admin
2- Navigate to the Log --> Syslog menu on the left pane
3- Scroll down to 'Syslog Servers' and click the Add button
4- Enter the following information:
Name or IP address: collectors.cienagasystems.net.
5- Select OK
The firewall will start sending logs to DejaVu for monitoring within a few seconds.
[*] Note that for this to work you must have previously registered as a subscriber of DejaVu.
“It depends” is the most likely answer one is likely to get from asking a security professional the question “how can we best protect our intellectual property against loss or compromise?”
Experts argue that the answer depends on what we are protecting, it’s value to us, to others, as well as the cost-to-effectiveness ratios of said solutions. While this is true, the issue runs much deeper than that, and this is something I refer to as the asymmetric economics of intellectual property protection.
To understand this issue, we first need to develop a basic framework to help us think through the dynamics involved in security decisions, and quantify our risk.
Cost of no security
Let’s say I own a car and this car has no anti-theft mechanisms installed, and let’s assume that the vehicle is worth $15,000 if I were to sell it. That is the market value of this vehicle.
Now, let’s assume someone is evaluating stealing my car. Would it be a worthwhile pursuit? To assess this, we need to view the issue from the attacker’s perspective because to an attacker, the theft of an asset has to yield some sort of positive return.
Let’s assume the thief can obtain $3,000 for the stolen vehicle, and feels confident that he can steal the car with a 90% probability if he invests two hours to steal and sell the vehicle, plus $50 in tools. In addition, let’s say that, were he not stealing cars, this thief would be able to work at a legitimate place making $10/hr. In other words, going out to steal this vehicle costs the $10/hr * 2 hr = $20 in what economists call “opportunity cost”.
As rumors surface that the new iPhone will be fitted with an iris scanner to replace the fingerprint scanner currently available on the iPhone 6, we asked Cienaga Systems' Founder and CEO Inigo Merino to comment on the security implications of this trend.
"As an industry, Cybersecurity seems to have lost the battle of educating consumers to use strong passwords and to use password best practices. Issues such as password complexity, forgotten passwords, password reuse, and never-expiring passwords continue to plague consumers' online security experience.
Fortunately, biometrics (such as finger print scanners and iris scanners which are currently rumored to be fitted on the next iPhone) provide a practical solution to apply stronger security than what the average consumer can practically accomplish with just a password. But it comes at a cost.
Without a doubt, biometrics are very convenient and raise the bar for shoulder surfers and parents everywhere to ‘break into’ their spouses’ or children’s devices. However, there are some fundamental issues with biometrics: although convenient, unlike a password (which can be changed), biometric credentials (i.e. your body parts) cannot be replaced in the event of a compromise. Relying on biometrics as the only mechanism for authentication therefore creates a series of problems that have no easy solutions.
During my time as information security architect at Merrill Lynch and Co, we evaluated the use of iris scanners for use in our Private Client (now wealth management) division. We fitted some iris scanners on approximately 1000 brokers’ workstations and eventually abandoned the effort due in part to similar concerns.
For instance, if someone can intercept the phone’s authentication API call (i.e. the function call that validates the image of your fingerprint or iris against it’s database), that information can then be replayed into the very same API call at any point in time, granting someone else easy access, whenever they want. This is precisely how banking trojans steal your bank credentials: by intercepting the credentials once you have entered them, and then replaying it at a later time. It would therefore be trivial for any such trojans to intercept a different API call and instead access biometric credentials. Further, with vendors of apps requiring security, such as banks and secure messaging type solutions, are already providing fully integrated solutions with these biometric scanners, allowing almost seamless access to these more sensitive data, the adoption of biometrics as a single factor authentication is becoming a concern for some experts.
Good security experts KNOW that devices can be compromised but great security experts PLAN for them to be compromised. That is the whole concept of "defense in depth", namely that a single layer of protection does not suffice, and the assumption should always be that security mechanisms are fallible, so plans should be made to have various means of defending should one fail. This is the whole benefit to consumers from the closed nature of the App Store: it provides a closed ecosystem where tighter controls are be applied to avoid malicious code from being run on devices, acting as a first layer of defense in defense in depth strategy. But of course, there have been instances where the App Store controls have been successfully bypassed to distribute malware, and the Android ecosystem is even more exposed due to its open nature.
Biometrics have been a step forward to solve the issue of weak passwords. The convenience it affords consumers means a strong(er) means of authentication is in place above and beyond what a consumer would normally apply with a simple password or PIN. However, we must be aware of the tradeoffs and not to fall into a false sense of security: we can't lose sight of the fact that having a defense in depth is always wise."
When asked to comment on the state of insider versus outsider threats for a recently published investigative report, Cienaga Systems' Founder and CEO Inigo Merino observed that "the vast majority of organizations [...], and in particular those in the SMB segment, continue to Implement security strategies geared exclusively towards outsider threats, ignoring the risk posed by insiders."
"Industries at the forefront of security understand that insiders present a very clear threat because they have legitimate access to company information, and because it is difficult to ascertain their intentions at any point in time", he added.
"However, the majority of organizations, and certainly most enterprises in the SMB segment still struggle to set up security programs that properly deal with the outsider threat, let alone the much more complex insider threat. 'Stranger danger' still prevails as the primary motivator to security today across these enterprises."
For more details, or to read the full article, see Inigo's comments as well as additional commentary from 46 other data security experts on this topic.
Losing customers' personal identifying information (PII) and financial loss are the top two concerns of small business finance executives today, according to a recent article by CFO.com.
“For the C suite, the concern is mostly the reputation damage that could result from a data breach. Although we don’t always think of brands in the same way we think of other balance sheet assets, an organization's most valuable asset is often its brand. However, brand equity can quickly disappear in the wake of a breach, affecting PE ratios and the overall market capitalization of the business, as the value of shares drops in anticipation of reduced cash flows resulting from lost customers”, said Inigo Merino, CEO of threat management firm Cienaga Systems.
So what is at the core of this issue and why is it so difficult to resolve? Security experts argue that it's a combination of a generalized lack of management and board understanding of the nature of the problem, resulting in insufficient resources and funding. Management, on the other hand, often argue about the difficulty of quantifying the risk and measuring return on investment for security projects. Whatever the reason is, today most cyber attacks are directed at small and medium sized businesses, according to Verizon Business’ annual report.
“It's well known that the so-called 1% fund and staff their cybersecurity programs to implement better defense in depth. However, almost every organization can benefit substantially from implementing similar approaches to what the 1% implements. In the past, the obstacle to implementing such defense in depth has been the complexity of properly gauging cyber risk, combined with the prohibitive costs of implementing such measures, but today there are alternatives." Said Scott Edgar, senior software developer at Cienaga Systems.
Specifically, in 1% organizations, teams of individuals highly specialized in threat management (known as CERT, CIRT or CSIRT teams) continuously monitor intelligence feeds and security logs to detect whatever got through automated defenses -- and to stay ahead of attackers. This sophisticated approach to monitoring networks and reviewing logs preemptively given intelligence feeds has long been advocated by leading security organizations. However, few organizations outside the 1% practice it due in part to the prohibitive expense associated with this highly specialized human-based approach.
This is changing, however. Today, organizations like Cienaga Systems are already offering artificial-intelligence based solutions which can autonomously monitor networks and take preventive action in real-time. A machine-based approach results in more accessible and accurate security monitoring for organizations.
Cienaga System's Security as a Service offering, named DejaVu, is a Cloud-based solution which automates the work a CSIRT team would do: it continuously monitors networks looking for patterns of behavior which could develop into compromises, alerting technical staff immediately of any such possibilities. The solution correlates across multiple customers and can even discover new and innovative attack vectors, based on mutations of attacks observed in real life. The company, which is run by a professional team has said it is working on automated response capabilities but has not yet disclosed when these will be available through its platform.
Having the peace of mind knowing that your network and business are actively being monitored will allow you to focus on your core competencies. Best of all, Cienaga Systems will even help you make the business case to get a free trial of DejaVu going for your organization!
Cyber attacks are among the top global risks, according to the the World Economic Forum. For North America, this is cited as the #1 risk.
This is why the scientists and researchers at Cienaga Systems have been hard at work perfecting a turn key SaaS offering that would defend your business against cyber attacks. Having gained notoriety for the team of artificial intelligence and cyber security experts it’s attracted to tackle the problem of cyber security, Cienaga soft launched the offering (aptly named ‘DejaVu' because of the way it can predict what will happen next) earlier this year and already has gained the attention from quite a few leading organizations in various industries.
Utilizing advanced machine learning, DejaVu autonomously teaches itself what to look for in a network, and monitors events in Cienaga’s networks in real-time, evaluating thousands of potential future scenarios within only a few milliseconds — a task that normally takes experts days or weeks to complete — and alerts customers before emerging problems escalate into breaches. Best of all, DejaVu sets up in only a few minutes and does not require any code or hardware to be deployed to your environment.
DejaVu’s powerful analytics are supplemented with intuitive visualizations and management dashboards that enable anyone in your IT staff to understand the big picture during an incident; requiring no prior experience in cybersecurity.
There are limited spots for the free trial so sign up to start your free trial today and learn what all the fuss is about.
Through the use of Genetically Engineered Cyber Security, Cienaga Systems technologies offer organizations the easiest way to monitor their networks and reduce cyber risk while increasing PCI, HIPAA and regulatory compliance.