ITSECURE
years of Leading IT Security VAD 2015 Guide Published by
Warding off persistent threats
Understanding patch compliance
Secure mobile banking
Breaking the kill chain
contents
03 Fortinet: Breaking the kill chain 06 F5: Combating cyber threats 08 Bit9 + Carbon Black: Modern defense 10 FireEye: Warding off persistent threats 12 Infoblox: DNS counterintelligence 14 Lieberman: Responsible control 15 Netskope: Cloud storage apps 16 LogRhythm: Cyber vigilant 17 Exclusive Networks: Passport to success 18 BigTec: Coming soon from BigTec 19 Ixia: Eliminating blind spots 20 Heat Software: Understanding patch compliance 21 Druva: Mobile secure 22 WhiteHat: The right move 23 Exclusive Networks: Diverse defenses
Breaking the kill chain
As technology evolves, so does the cyber threat landscape that surrounds it. Organizations should stay vigilant and stay on top of protecting their data against both the known and the unknown.
D
ata theft is big business. More than 1.3 billion records have been exposed in the last two years. The threat evolution is faster than ever – we are, on average, discovering more new threats every day than identifying already known malware. Today’s most damaging attacks are Advanced Persistent Threats (APT). Cybercrime is no longer random or about brute force, it’s more subtle - aiming to infiltrate, stay hidden, and extract data without detection. If security controls cannot detect the malware during this period, then it’s a matter of time before you become a statistic.
3
Too many of these breaches occur because of a lack of focus across the spectrum of possible threats or attack vectors. Rapid innovation on the malware front, the exploitation of new zero-day vulnerabilities, and emerging evasion techniques can all render any single approach ineffective. A deeper, more comprehensive approach is needed to counter these increasingly sophisticated attacks. Although covering a broad set of advanced and traditional tools for overall network security, here is a simple framework for combating APTs… Prevent – The known threats Lots of malware is already known. The cybercriminal might be highly creative but they exhibit the same human flaw shared by us all: laziness. Last year, nearly a quarter of malware was more than ten years old and almost 90% discovered before 2014. Known threats should be blocked immediately through the use of next-
4
Doing simple things, like keeping security patches up-to-date, and continually testing and re-testing the security of your IT infrastructure, are the building blocks of a strong network. generation firewalls, secure email gateways, endpoint security, and other similar products leveraging highly accurate security technologies. It’s incredible how often network professionals don’t start with the basics. Doing simple things, like keeping security patches up-to-date, and continually testing and re-testing the security of your IT infrastructure, are the building blocks of a strong network. Previously unknown malware and targeted attacks, however, can hide themselves from these measures. Traffic that can’t be swiftly dealt with here gets handed off to the next point of your multi-layered defence…
Detect – The unknown Many new approaches can detect previously unknown threats and create actionable threat intelligence. Sandboxing allows potentially malicious software to be handed off to a sheltered environment so its full behaviour can be directly observed without affecting production networks. Headlines have lauded it as a perfect solution. While a critical component in the overall defensive scheme, don’t be fooled: sandboxing alone is no panacea. We know how attackers respond to new technologies: they figure out how they work, then find ways around
FortiGate next-generation firewall Fortinet delivers the most innovative and highest performing next-generation network security platforms to protect against sophisticated cyber threats. These network security appliances are available in both hardware and virtualized form factors to fit unique requirements of carriers, data centers, enterprises and distributed offices. them. We already have examples of how the cybercriminal is circumventing sandboxes. That’s why it’s important to stay updated: just as criminals evolve, your system needs to too. Mitigate – Taking action The prevention of threats into the network is the first priority for any security system. But a clear detection and remediation process is key when, not if, they do. Once an intrusion has been validated, users, devices and content should be quarantined, with automated and manual systems in place to ensure the safety of network resources and organisational data. Previously unknown threats should be forwarded and analysed in depth, resulting in updates being fed back to the different services in the network providing every layer with the right mix of up-to-date protection. It’s not one particular technology that’s the key to Advanced Threat Protection (ATP), but the notion of the integration and collaboration between them. ATP relies on multiple types of technologies, products, and research, each with different roles and each working in concert with one another. Fortinet’s Advanced Threat Protection (ATP) solution uniquely encompasses all three of the key components described above – Prevent, Detect and Mitigate. Fortinet provides comprehensive advanced threat protection through FortiGate next-generation firewalls, FortiMail secure email gateways, FortiWeb web application firewalls, FortClient endpoint protection security, and FortiSandbox threat detection to optimise safety and protect an organisation’s interests. Each of these elements is maintained through the threat intelligence and research and continuous updates provided by FortiGuard Labs to each of the elements in the solution. This tight integration between technology and the human intelligence of FortiGuard Labs ensures the security efficacy of the solution, today and in the future.
Highlights • Best-in-class Price/Performance with top security effectiveness • NSS Labs “Recommended” NGFW and NGIPS • Single pane of glass management for unmatched visibility and control • Integrated high port density delivers maximum flexibility • Cloud-Ready with Multi-tenant and fast integration with 3rd party ecosystems FortiMail email security appliances FortiMail is a complete Secure Email Gateway platform. It provides a single solution to protect against inbound attacks including advanced malware, as well as outbound threats and data loss with antispam, anti-phishing, anti-malware, sandboxing, data leakage prevention (DLP), identity based encryption (IBE), and message archiving. Highlights • Highly effective email security • Protection for sensitive information and compliance • Unparalleled Deployment Flexibility FortiClient endpoint protection FortiClient is an all-in-one comprehensive endpoint security solution that Fortinet’s Advanced Threat Protection to end-user devices. Ensuring that your endpoint security combines strong prevention with detection and mitigation is critical. Highlights • Top rated threat protection • Multiple platform protection for a BYOD world • More information, more control FortiSandbox advanced threat protection FortiSandbox offers inspection of all protocols and functions in one appliance. It can integrate with any existing Fortinet infrastructure including FortiGate, FortiMail, and FortiClient, fueling a security ecosystem that automatically protects, learns, and improves your overall threat protection. It delivers highly effective protection against advanced persistent threats that is affordable as well as simple and flexible to deploy and manage. Highlights • Protects against advanced threats • Inspects across all operating environments • Examines activity, rather than attributes • Pre-filters to deliver fast results • Delivers officially licensed Microsoft components FortiWeb Web application firewall FortiWeb Web Application Firewalls provide specialized, layered web application threat protection for medium/large enterprises, application service providers, and SaaS providers. FortiWeb Web Application Firewalls protect web-based applications and internet-facing data from attack and breaches. Highlights • Multiple, correlated threat detection methods include Protocol Validation, Behavioral Identification and subscription-based FortiGuard IP Reputation, Antivirus and Web Attack Signatures • Included Vulnerability Scanner and support for Virtual Patching with third-party scanner integration • Layer 7 content-based server load balancing and hardware-based SSL acceleration
5
Combating cyber threats Cyber attacks today are more complex and mitigating them requires a combination of solutions which can cover on premise data center solutions and call for cloud intervention and application development.
F
5 Networks is a known technology leader in application delivery; mainly F5 Load balancers are known to deliver any IP based application. This was good for a certain period of time, today’s threats and changes in IT demanded more and F5’s today’s main focus went into security.
6
Apart from Load Balancing and application optimization F5 provides plenty of solution for data center security and recently into fraud prevention and cloud security services with Silver Line and F5 SOC services. Whether you are willing to invest in hardware and software on premises or
security as a service, F5 can offer a variety of solutions that can help your organization address threats like DDOS attacks, phishing attacks and malwares, among those are the following: BIG-IP Application Security Manager (ASM) is a flexible web application firewall that secures web applications in
traditional, virtual, and private cloud environments. BIG-IP ASM provides unmatched application and website protection, complete information about attacks from within the user interface, and compliance for key regulatory mandates. BIG-IP ASM is a key part of the F5 application delivery firewall solution, which consolidates traffic management, network firewall, application access, DDoS protection, SSL inspection, and DNS security. F5 BIG-IP Advanced Firewall Manager (AFM) is a high-performance, state-full, full-proxy network firewall designed to guard data centers against incoming threats that enter the network on the most widely deployed protocols— including HTTP/S, SMTP, DNS, and FTP. By aligning firewall policies with the applications they protect, BIG-IP AFM streamlines application deployment, security, and monitoring. With its scalability, security, and simplicity, BIG-IP AFM forms the core of the F5 application delivery firewall solution. F5 BIG-IP Access Policy Manager (APM) is a flexible, high-performance access and security solution that provides unified global access to your applications and network. By converging and consolidating remote access, LAN access, web access, and wireless connections within a single management interface and providing simple, easy-to-manage access policies, BIG-IP APM helps you free up valuable IT resources while you cost effectively secure and scale access. F5 BIG-IP Global Traffic Manager (GTM) distributes DNS and user application requests based on business policies, data center and cloud service conditions, user location, and application performance. BIG-IP GTM delivers F5’s high-performance DNS Services with visibility, reporting, and analysis; hyper-scales and secures DNS responses geographically to survive DDoS attacks; delivers a complete, realtime DNSSEC solution; and ensures global application high availability in all hybrid environments. F5 Silverline DDoS Protection is a service delivered via the Silverline cloud-based platform. It detects and mitigates web application attacks as well as DDoS attacks in real time, with industry-leading DDoS attack mitigation bandwidth to stop even the largest of
volumetric DDoS attacks from ever reaching your network. F5 security experts are available 24/7 to keep your business online during a DDoS attack with comprehensive, multi-layered L3– L7 DDoS attack protection.
F5 fraud prevention has multiple components to fulfil the needed: WebSafe • Detect malware and fraud • Automated transactions detection • Transaction encryption
Fraud prevention solution The F5 Web Fraud Protection solution has been developed specifically to address the challenges of online banking. It combines the best security with a frictionless experience and a proactive security posture. The solution protects against a full range of threats to help financial organizations reduce loss and exposure. And because attacks are always evolving, the solution includes both technological and services components to ensure real-time response to emerging threats.
Mobilesafe • Detect advanced Malware • Identify rooted and jailbroken devices • Mitigates mobile threats F5 Security Operations Center • Anti-phishing and malware monitoring • Incident response • Malicious rite shutdown • Fraud team alerts and dashboard 24/7 • Malware analysis
7
Modern defense
Businesses need the latest cyber defense to keep their data and intellectual property secure, Bit9 + Carbon Black can help organizations deal with a new generation of threats attacking endpoints and servers.
T
oday’s attackers are after the data and intellectual property on your endpoints and servers. If you’re only relying on traditional endpoint security such as antivirus, or network security, you’re putting your organization at risk. AV doesn’t see or stop targeted attacks, nor does it help you respond to an incident. And if an attack bypasses your network security, your endpoints will be compromised. You need to arm your endpoints so that you can easily see and immediately stop advanced threats.
8
What makes Bit9 + Carbon Black unique? Real-time visibility, prevention, detection, and response Only the Bit9 + Carbon Black solution provides integrated coverage for every aspect of endpoint threat protection: continuous monitoring and recording for real-time visibility into every endpoint, multiple forms of signatureless threat prevention, instant and customizable detection, and the industry’s only incident response solution that combines continuous
recording with live response and remediation capabilities. Audit and compliance controls The Bit9 + Carbon Black solution addresses numerous compliance standards and audit requirements with a complete built-in toolset for critical data classification, file integrity monitoring and control, change management monitoring, and leading anti-malware protection. Bit9 + Carbon Black has a built-in toolset for PCI, HIPAA, NERC and SOX compliance.
front end agents on these systems so all your endpoints and servers are covered. • On- or off-network. Because the agent is resident on each user’s machine, it constantly monitors and protects them even when they are disconnected from your corporate network. • MSSPs. Dozens of leading MSSPs offer the Bit9 + Carbon Black solution as part of their service so you can outsource. Open APIs for seamless integration with network security, SIEMs, analytics, and home-grown or custom tools. Bit9 + Carbon Black offers more open APIs and specific integrations to enable you to use your endpoint data any way you want – integrate and correlate it with network security products, analytics and SIEMs, and even your own home-grown tools. Proven reliability and scalability Bit9 + Carbon Black is a proven success. With numerous deployments over 100,000 endpoints, Bit9 + Carbon Black can handle the largest of environments. Bit9 + Carbon Black has stopped the most advanced attacks, including Flame, Gauss and the malware responsible for the RSA breach. Organizations of all sizes – from 25 Fortune 100 companies to small businesses – use Bit9 + Carbon Black Deployment and results Arming your endpoints with the Bit9 + Carbon Black solution can be done with just four basic steps:
Broadest multi-platform deployment options • Cloud or on-premises; Mac, Windows, and Linux; on- or off-network; inhouse or outsourced. Bit9 + Carbon Black offers the broadest deployment options to cover all your machines and deployment preferences. • Software-as-a-Service or on-premises. Deploy the back-end Big Data server infrastructure on your premises or choose the cloud deployment option as a hosted service (SaaS). • Mac, Windows, and Linux. Deploy the
Step 1: Visibility Place the lightweight sensor and recorder on every endpoint, server and fixed-function device. This can be done via a normal software delivery vehicle. It’s easier and faster than installing antivirus. The sensor will scan each computer once to take a complete inventory of every file with executable code on the machine. After that it reports any changes in real time. Have immediate visibility into all of your machines: • What’s running? • What executable code just arrived? • What did it do? • How many versions of Java does this machine have? Step 2: Detection Next, you’ll start detecting attacks by
Get to know Bit9 + Carbon Black Bit9 + Carbon Black is a market leader in next-generation endpoint security. The company expects that by the end of 2015 it will achieve $70M+ in annual revenue, 70 percent growth, 7 million+ software licenses sold, almost 2,000 customers worldwide, partnerships with 60+ leading managed security service providers and incident response companies, and integrations with 30+ leading security technology providers. Bit9 + Carbon Black was voted Best Endpoint Protection by security professionals in the SANS Institute’s Best of 2014 Awards, and a 2015 SANS survey found that Carbon Black is being used or evaluated by 68 percent of IR professionals. Companies of all sizes and industries— including more than 25 of the Fortune 100—use Bit9 + Carbon Black to increase security and compliance.
looking for indications of advanced threats on your endpoints and servers. The Bit9 + Carbon Black solution will analyze all of the endpoint and server data it has collected for indications of advanced threats that has already penetrated your systems. It will also monitor all new activity and tell you when any suspicious activity happens in real-time. Step 3: Response. Now you’re ready to rapidly respond to alerts and threats. Use the recorded aggregation of your endpoint and server data to: • Prioritize alerts • Decode the evolution of a threat • Accelerate remediation Step 4: Prevention. Your last step is to use Bit9’s various forms of endpoint and server prevention to stop advanced threats from executing. You can choose the option you want, including Bit9’s unique ‘detonate-and-deny’ and ‘detect-anddeny’ approaches, as well as ‘defaultdeny.’ This can be deployed at the speed that matches your business needs and situation; some customers want to move quickly and others choose to move more cautiously.
9
T
he threat landscape has changed. Cybercriminals and nation-states are aggressively pursuing valuable data assets, such as financial transaction information, product design blueprints, user credentials to sensitive systems, and other intellectual property. Simply put, the cyber offense has outpaced the defensive technologies used by most companies today. Next-generation firewalls, intrusion prevention systems (IPS), anti-virus (AV), and security gateways are not adequately protecting organizations from the new generation of threats. With worldwide IT security spending expected to rise from $60 billion in 2012 to $86 billion in 2016, nearly all of it is spent on outdated, signature-based technology. Signature-based defenses stop only known threats, not the unknown dynamic attacks being used today. Traditional defenses are increasingly becoming policy-enforcement points rather than robust defenses against cyber intrusions. For example, URL filters
10
are still useful for enforcing acceptableuse policies around employee Web surfing, but no longer effective at defending against dynamic drive-by download attacks. Likewise, nextgeneration firewalls (NGFW) simply add next-generation policy options around users and applications and consolidate traditional signature-based protections. While NGFW may consolidate traditional IPS and AV protections, these are signature-based technologies and do not add new levels or innovations to defending networks. Integrating these traditional defenses does little to thwart the new generation of threats. Against dynamic threats, traditional defenses like firewalls, IPS, AV, anti-spam, and security gateways collapse, leaving a wide-open hole for cybercriminals. To regain the upper hand against the new generation of attacks, enterprises must turn to true next-generation protection: signature-less, proactive, and real time. Through continuous analysis of suspicious code throughout the attack
life cycle and blocking of malware communications across multiple threat vectors, next-generation protections can stop advanced malware, zero-day exploits, and advanced persistent threats (APTs) from threatening sensitive data assets. Multi-Stage Attacks new generation of threats are complex, cutting across multiple attack vectors to maximize the chances of breaking through network defenses. Advanced targeted attacks also utilize multiple stages to penetrate a network and then extract the valued information. This makes it far more likely for attacks to go undetected. The five stages of the attack life cycle are as follows: Stage 1: System exploitation. The attack attempts to set up the first stage, and exploits the system using “drive-by attacks� in casual browsing. It’s often a blended attack delivered across the Web or email threat vectors, with the email containing malicious URLs.
Warding off persistent threats As we enter an era of sophisticated cyberattacks, cybercriminals are becoming more successful at evading traditional defenses, leaving virtually every enterprise vulnerable.
Stage 2: Malware executable payloads are downloaded and long-term control established. A single exploit translates into dozens of infections on the same system. With exploitation successful, more malware executables like key loggers, Trojan backdoors, password crackers, and file grabbers are then downloaded. This means that criminals have now built long-term control mechanisms into the system. Stage 3: Malware calls back. As soon as the malware installs, attackers have cracked the first step to establishing a control point from within organizational defenses. Once in place, the malware calls back to criminal servers for further instructions. The malware can also replicate and disguise itself to avoid scans, turn off anti-virus scanners, reinstall missing components after a cleaning, or lie dormant for days or weeks. By using callbacks from within the trusted network, malware communications are allowed through the
firewall and will penetrate all the different layers of the network. Stage 4: Data exfiltration. Data acquired from infected servers is exfiltrated via encrypted files over a commonly allowed protocol, such as FTP or HTTP, to an external compromised server controlled by the criminal. Stage 5: Malware spreads laterally. The criminal works to move beyond the single system and establish long-term control within the network. The advanced malware looks for mapped drives on infected laptops and desktops, and can then spread laterally and deeper into network file shares. The malware will conduct reconnaissance, it will map out the network infrastructure, determine key assets, and establish a network foothold on target servers. These blended, multi-stage attacks succeed because traditional security technologies rely on fairly static
signature-based or list-based pattern matching technology. Many zero-day and targeted threats penetrate systems by hiding newly minted, polymorphic dropper malware on innocent Web pages and in downloadable files like JPEG pictures and PDF documents, in phishing emails and even on social media. Beyond exploit technological advantages, cybercriminals also realize they can divide and conquer because that is how traditional defenses and IT departments are organized. The gap in protection and the increased sophistication of cybercriminals call for a new category of threat protection tools adapted to the resilient, evasive, and complex nature of the new generation of threats. This is why security-conscious organizations choose FireEye for industryleading protection against today’s threats that cut across multiple threat vectors and use multiple stages to systematically bypass traditional defenses. The FireEye platform supplements traditional and nextgeneration firewalls, IPS, AV, and gateways, whose signatures and heuristics cannot stop today’s new threats. The FireEye platform has been designed to protect across the Web and email threat vectors and malware resident on file shares. Each of the FireEye security appliances features the FireEye Multi-Vector Virtual Execution (MVX) engine that provides state-of-the-art, signature-less analysis using patented, purpose-built virtual machines. The FireEye platform builds a 360-degree, stage-by-stage analysis of an advanced attack, from system exploitation to data exfiltration, in order to most effectively stop would-be APT attackers. Operating in-line or out-of-band, the FireEye platform performs automated, realtime analysis of suspicious Web traffic, email attachments, and files on network file sharing servers. Anything that looks suspicious is executed in the FireEye MVX engine where the proprietary, full-fledged testing environments confirm irrefutably the maliciousness and activities of the attacker, zeroing in on real threats and avoiding false positives and false negatives.
11
DNS counterintelligence Infoblox introduces a new resource that can help defend against attacks that target vulnerabilities in DNS servers.
T
he Domain Name System (DNS) has become an increasingly common attack vector for cybercriminals looking to exploit and infiltrate business and government networks around the world. Infoblox is a leader in enterprise-grade DNS, DHCP and IP address management solutions according to Gartner’s Market Guide for the category known as DDI. Infoblox is also an industry expert in Secure DNS, and we are active in the threat intelligence community as well. And now, the network control company has devised a new resource that can help organizations defend themselves against attacks that target vulnerabilities in DNS servers. The Infoblox DNS Threat Index Powered by IID, the Infoblox DNS Threat Index is an indicator of malicious activity worldwide that exploits DNS. It is the first
12
and only index of its kind, which tracks creation of malicious domains related to 67 different threat categories globally and uses data from a variety of sources including government agencies, Internet service providers, enterprise network operations, and open sources. The Infoblox DNS Threat Index, powered by IID, reached a record high of 133 in the second quarter of 2015, up 58 percent from 84 in the second quarter of 2014. While the first quarter of 2015 saw a surge of malicious domain creation driven by the Angler, Neutrino, and Nuclear malware families, the second quarter’s record number was driven by a significant increase in phishing activity. Exploit kit activity was down from the previous quarter, but was still a significant threat and was higher than four of the previous five quarters.
Below are different types of malware often use DNS as a communication path for command and control as well as the exfiltration of sensitive data. Knowing the threat level of DNS-based malware can help an organization to prepare by prioritizing investments between perimeter protection and other technologies that provide visibility into infections, protection, and post-breach response.
58
percent
increase in DNS threats during the second quarter of 2015
for 41 percent of malicious domain creation in the second quarter of 2015. Exploit kits have ranged from less than 20 percent to more than 70 percent of the index, and this quarter’s volume was roughly the average across the previous 11 quarters. Although far from being the only set of threats within the index, changes in the number of observed new exploit-related The Infoblox DNS Threat Index, domains is highly powered by IID, is intended to correlated with a reflect the level of new malicious change in the domain creation within the quarter. overall index.
INDEX METHODOLOGY
The baseline for the index is 100, which is the average for threat activity during the eight quarters of 2013 and 2014.
Phishing Cyberattacks such as phishing are launched through emails containing domain names that are deliberately crafted to look like those of wellknown sites. The goal is to lure unsuspecting users into opening misleading links, sending them to web portals that are in some cases indistinguishable from the real ones. When users enter their authentication credentials, credit card numbers, or account information, the details are captured and used later on to steal either money or proprietary data. Phishing has been around for a long time, and the most recent index numbers show attackers are using it enthusiastically. Criminals stick with phishing because it works, and because it’s often easier to trick humans into giving up sensitive information than to
overcome increasingly sophisticated cybersecurity systems. Educating internal users to be diligent and mindful of the links they are clicking on is one level of protection. But with such important information at risk once exploited, organizations should also deploy technology that leverages current threat data to block traffic to and from these malicious sites. Exploit kits Exploit kits are collections of malicious software that take advantage of security holes in operating systems and popular applications such as web browsers. When a user unintentionally visits a malicious or compromised website, the exploit kit is delivered and a malicious payload is subsequently downloaded and executed on the victim’s computer. Infrastructure for exploit kits accounted
The planting and harvesting cycle Attackers and malicious agents are waging a constant cat and- mouse game with threat researchers. Malicious actors rapidly create infrastructure and set up domains as a base for launching attacks. During this “planting” phase, there is a significant rise in the number of malicious domains associated with malware and exploit kits, leading to a larger Infoblox DNS Threat Index number. Once this phase ends, the attackers begin to “harvest” the extensive infrastructure they have built to launch attacks, steal data, and generally cause harm to their victims. In this phase, the threat index number may be lower. However, that doesn’t mean that malicious activity has subsided. The Infoblox DNS Threat Index shows this endless cycle of planting and harvesting, when looking across the twelve quarters to date. If the index is lower in a given quarter, this may correspond with a period in which the malicious agents are harvesting the infrastructure they have already created and are not setting up new bad domains at the same pace. If the index is higher in a quarter, this could indicate that the attackers are in a planting phase, establishing domains and other infrastructure to execute their plans.
13
Responsible control Dealing with the misuse of privileged accounts
T
he challenge: Data breaches due to the misuse of administrative credentials The misuse of administrator privileges and privileged accounts is a primary method for attackers to spread inside any enterprise. Privileged accounts are the most powerful logins on your network and they provide access to sensitive information and the ability to change configuration settings on any device you can name. Yet they’re rarely changed in most organizations, and are typically known to many individuals. If organizations don’t have a strategy to manage and control privileged accounts, they are definitely at risk for data loss and breach as there is a high probability of privileged accounts being compromised. The problem has now become very critical and cannot be ignored. It is no longer practical to just manually change the privileged accounts passwords from time to time and have a document or a list that contains all the credentials. Hence, an automated solution is now also needed for that purpose which allows full management and control of the privileged accounts, a comprehensive inventory and a full visibility on all accounts activities.
14
The solution: Enterprise Random Password Manager (ERPM) ERPM is a strategic Privilege Management solution that’s designed to help improve the efficiency of IT operations. It leads the market in automation to help mitigate the complex shared account problems found in every enterprise. For an automated and more comprehensive credential management process the following are key: • Discovery of machines, process accounts, local accounts, services and tasks and everywhere those accounts are referenced. • Password change process for randomizing privileged accounts and propagating those changes everywhere the accounts are used to avoid lock outs. • Storage of complex, random passwords in an encrypted repository. • Role based provisioning of password access and delegation. • Auditing of every password request, use and change. • Built-in session recording to record users’ sessions. ERPM automatically discovers, strengthens, monitors and recovers all of the local, domain, and process account passwords in the enterprise. It
Mandiant M-trends and Symantec ISTR reports present the following findings: 100 percent of victims had up-to-date AV 67 percent of breaches were reported by third parties 100 percent of breaches involved compromised credentials 229 The median number of days an attacker was on the network
automatically detects each location that a privileged account credential is covering much more than just Windows Services and Scheduled Tasks. ERPM detects each location that privileged account credentials are used in administrative logins, services, tasks, applications and more. It then encrypts these credentials and stores them in a backend database. ERPM creates unique, cryptographically complex passwords for each privileged account in the enterprise in one operation. It then changes the passwords as often as your policies require and grants fast, audited access to authorized IT staff whenever they need to perform routine maintenance and emergency fire call repairs.
3
Cloud storage apps Ensuring productivity and security isn’t a trade-off
or below on the Netskope Cloud Confidence Index. How can businesses ‘have their cake and eat it’ when it comes to benefitting from the simplicity and productivity of cloud apps, whilst keeping their data secure? Here are five practical steps for companies looking to safely enable cloud storage apps:
Eduard Meelhuysen, VP EMEA, Netskope
T
he modern workplace is awash with the use of enterprise cloud apps, with employees and organisations alike increasingly seeking solutions to make the working day more productive. However, the number of cloud apps in use has reached astronomical levels. The latest Netskope Cloud Report found on average there are now 608 cloud apps in use within European organisations, while more than 21 percent of organisations are using over 1,000. This raises the question, are organisations fully aware of all the apps being used by their employees? Cloud apps are a cost-effective way to boost productivity, but workers’ increasing use of cloud apps, particularly unsanctioned apps, can put data at risk. Cloud storage is the second most popular cloud app category, but there’s no guarantee that these apps are secure. In fact, the Cloud Report found that 69 per cent of cloud storage apps were not “enterprise ready”, scoring a “medium”
1
Safeguard sensitive data in corporate cloud storage Plenty of organisations choose to harmonise on one cloud storage solution like Google Drive, Egnyte, Dropbox, Box or Microsoft OneDrive. These businesses should start by establishing what important data is housed in that app. According to Netskope data, eight percent of files in corporate cloud storage apps violate a data policy of some sort because they contain health information, PII (personally identifiable information), source code or something of similar value or importance.
2
Standardise on a single storage app (or at least cut down to just a few) Choose a single solution based on employees’ views and organisational requirements. Coach employees on the selected app to ensure 100 percent up-take and ongoing use. Of the 37 cloud storage apps in the average enterprise, just over one third are enterprise-ready. This figure is based on Netskope’s objective criteria adapted from the Cloud Security Alliance checklist of security, auditability, and business continuity measures.
Monitor cloud storage app usage As well as working out which apps are in use by employees, organisations should also monitor activity within these apps to develop a view of the risks posed. Monitor data in transit to and from corporate apps, as well as keeping a watchful eye on activity in and around unsanctioned apps. It’s also important to monitor for any risky or unusual activity, which means building a picture of what “normal” looks like – because unless you know that, it’s next to impossible to spot anomalous activity. Watch out for app access from employees who have had credentials compromised in a data breach: do you know that the person accessing the cloud storage app is really your employee? Could it be a hacker using credentials stolen in a data breach of another system?
4
Secure the ecosystem The ecosystem of apps around corporate cloud storage apps should also be controlled. There are tens of necessary apps in any organisation’s cloud which help the business run more smoothly, but some of these apps likely lack enterprise-grade security. If apps aren’t provisioned by IT, then managing them or enforcing policy to control their use becomes more difficult.
5
Think of your users as clients or partners Unfortunately, most employees don’t have much interest in security. If IT can take the security responsibility away from users, employees can work however they want without risk. Enabling this culture means allowing the business to operate freely, but ensuring that the IT department leads on any security decisions. This means that once the business has selected a cloud storage app, IT would then set and enforce granular policies to ensure it’s used securely. This empowers employees to use their own work styles without putting data at risk. With data protection regulations constantly changing to keep up with technology, there is no shortage of timely reminders for enterprises to get a grip on their data. Ensuring cloud storage app use is safely enabled is a great place to start, and can help companies avoid hefty fines further down the line.
15
Cyber vigilant The rise of online transactions means more and more businesses are exposed to fraudulent activities. LogRhythm offers a solution that can enable organizations to detect and prevent fraud across networks.
W
ith fraudsters going after everything from goods to business identities or intellectual property, protecting your organization’s network becomes more important than ever. Organizations need to keep a watchful eye on a wide range of activities that are frequently difficult to detect. Acts of fraud often involve a series of legitimate activities that, when viewed individually, do not warrant notice, but when they are observed in context to one another, in the right sequence, present an entirely different picture. In order to accurately detect and prevent fraud, organizations need systems in place that are able to automatically collect data from across the network and analyse it using advanced correlation and pattern recognition technologies. LogRhythm’s Security Intelligence platform assists organizations in preventing acts of fraud in a number of different guises. Exposing external plots Challenge Many acts of fraud are the work of an internal user, but specific actions can be difficult to pinpoint because they are frequently disguised as legitimate activities. A perpetrator often creates false or duplicate credentials to perform seemingly genuine behaviors that might otherwise go undetected. Solution LogRhythm’s Advanced Intelligence (AI) Engine can immediately recognise and
16
alert on suspicious insider activity, such as unauthorised accounts being granted escalated privileges. Right-click correlation allows instant access to user account details to identify what constitutes appropriate access. Benefit Immediate collection by LogRhythm with cryptographic hashing provides a digital chain-of-custody that eliminates the ability for users to tamper with activity records to conceal fraudulent behavior. Administrators can immediately query against any archived data for long-term forensic analysis. Discovering Acts of Fraud Challenge Suspicious behavior patterns are frequently overlooked because they are designed to look like legitimate transactions – individually unremarkable, but looked at together, ten bank deposits of similar amounts being simultaneously made to one account at ten locations may be related to money laundering or other acts of fraud. Solution LogRhythm’s AI Engine can generate an alarm that detects multiple deposits to the same account from different locations within the same time period. Once the alarm is triggered all activity on that account can be easily accessed from the same window, allowing immediate forensic access to long-term behavior trends.
Benefit AI Engine’s easy-to-use GUI with its dragand-drop interface allows LogRhythm users to quickly and easily create or modify advanced correlation rules. While common scenarios are provided out-ofthe-box, pattern recognition can be quickly tailored to match each organization’s unique requirements. Detecting identity theft Challenge Enterprise networks are frequently accessed by customers and employees from numerous geographic locations, including users who log-in from multiple locations within a short period of time. Identifying improper usage of authorised credentials among thousands of legitimate logins is a difficult task. Solution LogRhythm’s AI Engine automatically detects and alerts on suspicious behavior, such as one user logging in from two different locations at the same time. Visualization tools can be used to see geographic anomalies over any number of activities. Benefit LogRhythm’s ensures that all events are accurately sequenced and pattern recognition is based on chronological fact. A universal timestamp applied to every log ensures that the actual time of occurrence is recorded accurately – regardless of external factors, such as an out-of-sync server clock, delayed delivery of a log or differences in time zones.
} .table th { text-align: left; text-shadow: 0 1px 0 rgba(255,255,255,.5); border-bottom: 1px solid #ccc; background-color: #eee; background-image: -webkit-gradient(linear, left top, left bottom, from(#f5f5f5), to(#eee)); background-image: -webkit-linear-gradient(top, #f5f5f5, #eee); background-image: -moz-linear-gradient(top, #f5f5f5, #eee); background-image: -ms-linear-gradient(top, #f5f5f5, #eee); background-image: -o-linear-gradient(top, #f5f5f5, #eee); background-image: linear-gradient(top, #f5f5f5, #eee); } .table th:first-child { -moz-border-radius: 6px 0 0 0; -webkit-border-radius: 6px 0 0 0; border-radius: 6px 0 0 0; } .table th:last-child { -moz-border-radius: 0 6px 0 0; -webkit-border-radius: 0 6px 0 0; border-radius: 0 6px 0 0; } .table th:only-child{ -moz-border-radius: 6px 6px 0 0; -webkit-border-radius: 6px 6px 0 0; border-radius: 6px 6px 0 0; } .table tfoot td { border-bottom: 0; border-top: 1px solid #fff; background-color: #f1f1f1; } .table tfoot td:first-child { -moz-border-radius: 0 0 0 6px; -webkit-border-radius: 0 0 0 6px; border-radius: 0 0 0 6px; }
Passport to success
.table tfoot td:last-child { -moz-border-radius: 0 0 6px 0; -webkit-border-radius: 0 0 6px 0; border-radius: 0 0 6px 0; }
.table tfoot td:only-child{ -moz-border-radius: 0 0 6px 6px; -webkit-border-radius: 0 0 6px 6px border-radius: 0 0 6px 6px }
Passport provides a broad range of professional and technical services that reseller partners can harness on behalf of their enterprise customers.
/* ----------- Media Quesries ----------- */
@media only screen and (max-width: 640px) { /*------ top header ------ */ .view-online { font-size: 12px !important; } .main-header { line-height: 28px !important; font-size: 17px !important; } .main-subheader { line-height: 23px !important; } .logo { width: 440px !important; } .nav { width: 440px !important; } .mobileCenter { text-align:center !important; } /*----- main image -------*/ .headerImg { width: 440px !important; height: auto !important; } /*-------- container --------*/ .containerWrap { width: 440px !important; } .containerInner { width: 400px !important; } .footerDiv { width: 400px !important; } .innerFooter { width:400px !important; } /*----- banner -------*/ .banner { width: 400px !important; height: auto !important; } /*-------- secions ----------*/ .section-item { width: 400px !important; } .section-img { width: 400px !important; height: auto !important; } .CalltoAction { width: 400px !important; } .Calltotxt { width: 400px !important; }
F
illing the gap between the limited support and training provided by out-of-region technology vendors, and the high opex, low scale specialist services delivered locally by individual reseller companies, Passport’s panEMEA operations are accredited by vendors including Fortinet. EXN Training Services: Exclusive Networks understands your business challenges and believes any budget spent on IT education has to lead to tangible results. The importance of professional security training has never been more critical to your business. Exclusive Networks classes offer a unique combination of field experience and technical knowledge. Our courses are designed to equip engineers with the skills needed to understand, configure, manage, troubleshoot and support products in
/*-------- footer ------------*/ .unsubscribe { line-height: 26px !important; font-size: 13px !important; } .copy { line-height: 26px !important; font-size: 14px !important; } .hide-iphone { display: none !important; } .mobileCenter { text-align:center; } .colorwheel { display:none; } } @media only screen and (max-width: 479px) { /*------ top header ------ */ .view-online { font-size: 12px !important; } .main-header { line-height: 28px !important; font-size: 15px !important; } .main-subheader { line-height: 25px !important; } .logo { width: 280px !important; } .nav { width: 280px !important; } /*----- main image -------*/ .headerImg { width: 280px !important; height: auto !important; } /*-------- container --------*/ .containerWrap { width: 280px !important; } .containerInner { width: 240px !important; } .footerDiv { width: 85px !important; } /*----- banner -------*/ .banner { width: 240px !important; height: auto !important; } /*-------- secions ----------*/ .section-item { width: 240px !important; } .section-img { width: 240px !important; height: auto !important; } .CalltoAction { width: 230px !important; } .Calltotxt { width: 230px !important; } .Calltocontent { font-size: 17px !important; } /*-------- footer ------------*/ .unsubscribe { line-height: 26px !important; font-size: 13px !important; } .copy { line-height: 26px !important; font-size: 14px !important; } .hide-iphone { display: block !important; } .footerDiv { width: 230px !important; } .innerFooter {
We provide training for:
their care. Knowledge transfer through our training programme helps both our business partners and their customers to become more effective in supporting and managing solutions. Our high levels of accreditations and training credentials speak for themselves. Supported by our skilful team of instructors, with years of hands-on experience, we provide classroom as well as on-site customized sessions for our partners and their clients. EXN Professional Services: Passport’s services are designed to provide maximum value throughout the reseller sales lifecycle with each customer opportunity. Passport Sales Engineering services assist value-added resellers in acquiring new business and retaining existing customers. These services equip partners to address a larger target market and provide the insight and
consultancy to help them remain as their customers’ trusted adviser. Each specific service accelerates partners through their sales process from the early stages of opportunity qualification to the pre-sales development and presentation of a solution, the demo or delivery of a proof of concept, and finally the detailed preparation of a quotation. Project and Implementation services minimise the time between a customer placing an order and the solution going into service. Supplementing the partner’s own skills and resources, Passport project managers and accredited engineers will maximise customer satisfaction. Whether a partner requires a certified project manager to schedule an implementation which complies with the customer’s change and configuration control processes, or simply to instruct an accredited engineer to commission the solution into service, Passport’s professional implementation services have been developed to deliver commercial value and technical accuracy in full accordance with the specific vendor’s best practices. Passport Custom services encompass a range of professional capabilities that can be tailored into a custom service for a specific customer or opportunity. This immense flexibility provides partners with significant competitive differentiation and opportunity to increase margin and maximise any conceivable customer need.
17
Coming soon from BigTec
With new technologies emerging every day, choosing the correct solution can be a daunting task. BigTec allows you to make informed decisions so that you can do what is right for your organisation.
B
igTec is the VAD distributor for Datacentre Transformation. BigTec promote newly emerging technology vendors who focus on the Software Defined Data Centre (SDDC) of the future, utilising technologies such as hyperconvergence, virtual appliances and latest generation distributed security methodologies. BigTec also package these technologies together in a complementary and integrated solution stack. The Challenge Facing the Industry As organisations are looking to the future to become more agile and identify greater efficiencies, web-scale architectures and the SDDC are becoming more appealing with their promise of increased agility and improvements around manageability and automation. For years, the industry has been deploying point solutions to address specific problems resulting from storage, compute and network teams working in ‘silos’ with little collaboration and integration between them. As we
18
look to the future, seeing how we can embrace technologies such as hyperconvergence, virtual appliances and latest generation distributed security methodologies, organisations become increasingly entrenched in the dilemma of needing to provide operational services while investigating these new areas with limited time and resource. The element of integration testing then becomes a significant obstacle as this is needed to de-risk any implementation but carries with it a cost of time and resource which datacentres can ill afford to spare. BigTec and Technology Vendors BigTec work closely with our technology vendors to build reference architectures utilising these technologies in a single solution stack. This presents a demonstrable and repeatable solution platform for partners and end clients to see the benefits of deploying these technologies together, while not having to spend the time and resources building this themselves. This subsequently de-
risks and provides greater confidence in deploying such solutions. Furthermore, BigTec operate a lab to which partners and end clients have access for demonstrations and presentations, and also bespoke product demonstrations using elements (such as actual data sources) from the clients’ environments. The Solution Stack The Solution Stack built by BigTec encompasses a number of technologies, as per the following diagram. We understand that not every organisation will be ready to deploy all of the technologies represented here, and so we see the benefit in focusing on specific and complementary groups. Nonetheless, we have proven that the complete stack as shown will operate alongside and with each other, such that end clients may actually see to a solution that was previously put to one side. We are able to show and demonstrate that these elements can successfully co-exist and address the problems they were designed for.
Eliminating blind spots
Ixia’s Visibility Architecture gives a new perspective on network visibility
T
oday’s networks are growing in both size and complexity, presenting new challenges for IT and network administrators. Due to virtualization, more mobile devices are now connecting to more data from more sources. IT challenges are further complicated by increasingly high customer expectations for always- on access and immediate application response. This complexity creates network “blind spots” where latent errors germinate, and pre-attack activity lurks. Blind spots are commonly caused by issues like lack of SPAN and tap ports which limit tool access to data; dropped and duplicated packets, which suppress or delay actionable information; and monitoring plans that are behind migration cycles. Network blind spots have become a costly and risk-filled challenge for network operators. Further, unseen inter- VM and cross-blade data center traffic leaves the network vulnerable to threats, noncompliance, loss of availability, and impaired performance. Today, up to 80 percent of data center traffic can
travel between servers, making end-toend visibility a real challenge. Ixia’s Visibility Architecture delivers a new perspective on network visibility, which can address these challenges. Three integrated frameworks There are three integrated elements of the Ixia Visibility Architecture that can enable the key components of a total, end-to-end visibility architecture. First is the Network Visibility Framework which provides a solution to support out-ofband monitoring in the physical network. Next is Virtual Visibility Framework which is integrated with the Network Visibility Framework and provides a solution to support out-of-band monitoring of all
Total application and network visibility • The Ixia Visibility Architecture encompasses network access solutions, network packet brokers, application and session visibility solutions, and an integrated management platform. • Helps eliminate blind spots in the network by getting the right information to the right tools at the right time. • Extends the life of existing IT tools investments and maximizes the usefulness of the current tool capacity. • Easily integrates into automated and software defined data center environments.
traffic in the virtual network. Finally, the Inline Security Framework which enables fail-safe deployment of multiple inline security enforcement tools such as IPS’s, NGFW’s, and the likes. Advanced, efficient, and comprehensive visibility solutions Driven by the momentum of innovation and competition, new customer service challenges are arising and intensifying daily. IT teams need an infrastructure that offers total visibility and tool access to any point in the network – one that is nearly limitless in scalability but simple to manage and troubleshoot. Unique in delivering these capabilities with a single, integrated approach, the Ixia Visibility Architecture helps control tool costs and administrative burdens, while optimizing the investment value of network assets.
19
Understanding patch compliance Patch management capabilities can enable organizations to manage a variety of machines and systems from data centers to the desktops while relieving IT security audit pain.
I
f your organization is like most, you rely on Microsoft’s System Center and its modules to handle a number of security aspects for your Windows servers and desktops. And if your enterprise is like the vast majority, you also have Linux/UNIX boxes in your data center, plus a trove of third-party applications installed on your desktops - such as Oracle’s Java and Adobe’s Acrobat Reader and so on. However, that presents a problem as SCCM was initially designed for Microsoft operating systems and applications, not for Linux/UNIX, Mac OS or third-party software, and can potentially leave holes in your server and endpoint security. This scenario becomes a critical issue when it comes to IT security compliance and audits. SCCM administrators lack the visibility they need into Linux/UNIX and third-party software vulnerabilities, as they lack automated, integrated processes for patching those vulnerabilities. To address these issues organizations need to increase the SCCM Security without adding complexity to security processes. A growing number of organizations rely on SCCM, but the product isn’t effectively managing vulnerabilities in all the software on all the servers and desktops in their environments. That’s especially a problem for regulatory and policy compliance and audits, for a couple of reasons. First, in many organizations the security function is responsible for vulnerability audits. Second, the SCCM administrator has to query Mac desktops and pull reports from various sources such
20
as Linux/UNIX administrators. IT security is already complex enough. You should deploy a solution that leverages your SCCM infrastructure, extending native SCCM capabilities to Linux/UNIX servers, Mac desktops and third-party applications. Such a solution should integrate with your existing SCCM workflow without requiring plug-in or software maintenance, applying a broad content catalog and prepackaged updates. Enable patch reporting While SCCM provides a client that you can use to deploy a script to patch Linux/UNIX machines, it offers no reporting on what was deployed or whether the machines are patch-compliant. And a simple hardware and software inventory of Linux/UNIX machines is no substitute for a patchcompliance report. So, an effective enterprise-class patch management solution should provide extensions to SCCM to enable reporting on patch compliance. For OS, you want to report on patch compliance for Linux/UNIX servers as well as Mac desktops. For desktop applications, you want to report on both Microsoft and third-party applications on Windows machines. In both cases, your patch solution should include Common Vulnerabilities and Exposures (CVE) metadata for security bulletins to give your insights into vulnerability risks. It should also leverage SQL Server Reporting Services, the native reporting engine in SCCM, to deliver your reports-expanding your reporting capabilities without adding complexity to the process.
The benefits of patch solutions that extend SCCM to Linux/UNIX servers, Mac desktops and third-party applications are manifold. For starters, you save time, effort and cost by leveraging SCCM, the system of record you’re already using. You spend less time deploying patches and rebuilding failed patches. That’s especially important at a time when IT departments are being asked to do more with less. Ultimately, you relieve the pain of patch management and especially security audits and compliance. More important, you strengthen your security posture across the network. Organizations will continue to rely on Microsoft’s System Center Configuration Manager. But enterprises will recognize SCCM’s limitations and take steps to augment its functionality with capabilities that extend its effectiveness and close clear security gaps. Lumension, now part of HEAT Software. FrontRange and Lumension, leading providers of Hybrid Service Management and Unified Endpoint Management software solutions, merged in recently to create HEAT Software. As a trusted vendor managing millions of service interactions and endpoints every day for organizations around the world, HEAT Software serves enterprises across all geographies and verticals. The combination of the two companies offers customers the ability to deliver world-class service while maximizing operational efficiencies with reduced cost and complexity. Additionally, the platform offers enhanced capabilities in the management of endpoint operations, security and compliance. Lumension, now part of HEAT Software.
Mobile secure
Alleviating workforce mobility complications According to industry research: • • • •
T
he challenge: Increasing data risks and loss due to a mobile workforce According to industry research, 75 percent of the workforce is now mobile. Because of workforce mobility, more people now rely on endpoints like laptops, smartphones, and tablets for work and to store vast amounts of data on these devices, which unfortunately means that IT has less data visibility and control. As the nature of corporate data becomes increasingly complex, mobile and diffuse, the owners of that data are finding it increasingly difficult to protect and secure that data. With the decreased visibility and control as huge amounts of data are exclusively on the mobile endpoints, it is normal that we see increased data risks including data breach and permanent
data loss. This then defines the main challenge, which is how to avoid the resulted risk of the data which resides on the mobile devices. The solution: Druva inSync endpoint data backup and protection Druva inSync is a fully automated laptop and mobile devices backup software which protects corporate data for office and remote users. It supports Windows devices, iOS and Android, and features simple backup, point-in-time restores, and patent-pending data deduplication technology that make backups up 10 times faster. It also provides invisible backup with low resource utilization. It is available on premise or in the cloud which is hosted by Amazon Web Services and data is encrypted in the storage and also during transmitting.
•
28 percent of data exclusively on endpoints. 200 percent data growth every 18 months. eight percent data lost or stolen every year. Over 38 percent of corporate data resides on laptops that are never backed up. Only 32 percent of enterprises report that they have adequate backup and restore practices in place.
inSync Overview Advantages of inSync: • Save 90 percent bandwidth and storage: App-Aware Dedupe saves only a single copy of data duplicated across users. • Invisible backups: Non-intrusive backups at convenient times. • Near-CDP: Timeline based, from the past restores. • WAN optimization: Specially designed to facilitate remote laptop backup. • Search based restores: Users simply search to quickly restore the data. In addition to inSync’s unique endpoint backup technology, it also provides extra features to benefit the customers which are managed by one single administrative console and only one agent installed on each device, such as: Data loss prevention. Trace any device geographically and remotely wipe the data from any lost or stolen device. Secure file sharing. Securely share any data with any internal user or external guest. Data governance. Search across all users’ data and have full visibility of users’ activities. Druva inSync is designed with mobility in mind. The solution aims to ensure backups are simple, secure and nonintrusive. It is a complete and unified IT solution for managing and securing data and maximizing end-user productivity.
21
The right move UK’s largest property website, Rightmove, chooses WhiteHat to underpin web application security.
E
stablished in 2000, Rightmove.co.uk is the UK’s number one property website and the only place where home-hunters can search over one million properties available for sale and to rent. The company’s website and mobile platforms provide an easy to use and sophisticated online property search. Record-breaking website traffic Rightmove’s website has been achieving an ever-increasing level of visits, which are being converted into a record number of leads for member advertisers. With as many as 2,000 enhancements made to its platforms in a 12-month period, a record of 15.4 billion pages were viewed across all Rightmove platforms in 2014 (desktop and mobile), up 10 percent from 2013. Enquiries from home-hunters to advertisers also increased by 19 percent to 42.8 million during the year. Moreover, Rightmove’s popularity among consumers was further highlighted when it was identified by Google as the most searched for business in the UK during 2014. Growth has continued into 2015 when traffic passed 1.5 billion page views and 100 million visits in January, resulting in a record 4.3 million leads for our customers in the month. The Rightmove customer base has also grown by five percent during the year to a record high of 19,304. Keeping customer data secure The company’s operations team is
22
responsible for providing the technical infrastructure that supports the growing property website, helping to ensure that it continues to be the best in the UK. Keeping the property website secure is another essential requirement for the team and to safeguard the site Rightmove regularly conducts penetration testing through external consultants. Operations Manager Tim Harding explains, “As we have an increasingly agile development process, we wanted to add another level of protection that would monitor our security posture continuously and feed actionable intelligence into our security infrastructure and our development lifecycle. This will help us to meet our operational goals as well as deliver additional value to the business.” WhiteHat Security’s Sentinel Services After investigating various options and visiting the Infosecurity show in London, Harding found that the approach he was looking for was available from WhiteHat Security, which provided monitoring and protection for over 30,000 websites globally. WhiteHat Security’s Sentinel solution offers a simple and elegant solution to a complex problem for CISOs and security teams. The service combines WhiteHat proprietary scanning technology with the world-renowned Threat Research Center (TRC) augmented by processes developed over 12 years to deliver a highly accurate, fully supported and cost-effective application assessment service.
Customers need only provide the URL to be scanned along with the relevant credentials and WhiteHat will do the rest, populating the user interface with zero false positive vulnerability data. This includes remediation advice and access to the TRC for advice and guidance. The service becomes an integral element of the customer’s security platform, providing clear actionable data. This data can be used manually by the security team and developers or automatically consumed by integrated security technology, such as Web Application Firewalls (WAFs) or Governance, Risk and Compliance (GRC) and bug tracking systems. WhiteHat Sentinel is built on a Software-as-a-Service (SaaS) platform that scales from the smallest to the largest of enterprises. Benefits for Rightmove Rightmove deployed WhiteHat’s Sentinel Premium Edition service at the beginning of 2014. The onboarding process was straightforward with WhiteHat providing valuable input to create the required customization and integration. The service runs in the background ensuring maximum coverage without impacting the website’s performance. “With WhiteHat we have a solution that continuously helps us mitigate any web application vulnerabilities efficiently and effectively and the information provided now forms an integral part of the way we develop and deploy secure code,” concludes Harding.
Diverse defenses The digital landscape it filled with uncertainties and data breach is inevitable. Organizations need to be equipped with the right protection to identify when and where the breach took place and what to do next.
O
rganisations are finding that despite the system investments, policies and procedures they have invested in to prevent successful ICT attacks, they continue to be breached and continue to be challenged to remediate and mitigate the impact. Moreover, breaches in corporate infrastructures are often only spotted hundreds of days after the initial penetration, by which time target credentials and data have long gone. Current ICT infrastructures don’t provide sufficient visibility to detect anomalies or other indicators of change. The volume of attacks is producing a big data problem. These issues are delaying the identification, classification and qualification of the most dangerous attacks. Formulating a response is taking too long and insufficient resources are delaying the appropriate remediation. Little effort is left to complete a forensic study, or develop the regulatory/ compliance reports, and managed mitigation is a pipe dream. The best defense Cyber Attack Remediation and Mitigation or CARM, is a single, automated postbreach solution platform that eats up Big Data and seamlessly combines real-time
Multiple platforms of choice
monitoring, abnormality detection, lowlatency incident qualification and rapid response capabilities. Take action now! Breaches are a global occurrence. According to Verizon, there were 79,790 known security breaches in the USA in 2014, The average cost of a data leak is anything up to £3.5m. These few statistics rely on reported and survey data so are only the tip of the iceberg as they. How many incidents went unreported, how many breaches weren’t found, how many businesses kept their problems a secret? The magnitude of the ICT security threat is also increasing. According to Ponemon Institute, over 50% of respondents from a global survey of 3,500 IT security practitioners reported an increase in the frequency and severity of cyber-attacks on their organisations in 2014. The bottom line is that breaches happen and when they do they cost a lot of money. CARM helps you minimise that cost. Introducing CARM in your organisation Exclusive Networks can demonstrate the CARM integrated solution platform using
More about CARM
CARM is an integrated solution platform focused on addressing the post-breach issues business face following a successful cyber-attack. The CARM platform allows you to identify, contain, respond, remediate and ultimately mitigate the impact of the breach, faster and more efficiently than ever before. The company integrates the latest technologies from a number of industry leading vendors, Exclusive Networks is able to demonstrate how CARM will help address the key issues facing CISOs such as lack of visibility, volume of incidents, classification of incidents, time to detect, time to contain and ultimately the minimisation of the impact of the attack.
the appropriate blend of technology from leading security vendors such as LogRhythm, FireEye, Palo Alto Networks, Bit9, Imperva, Mandiant and Fortinet. Exclusive Networks can simulate a wide variety of attack vectors and demonstrate how CARM rapidly isolates and remediates a breach.
• Quicker response, lower breach impact • Better, more isolated breach fixes – early warning system • Easier, faster breach notification and forensics in spite of big data • Fewer IT hours, no human error thanks to maximum automation • Remediation learning eliminates repeat threats • Significantly more cost effective than adopting multiple technologies through any other model
23
Celebrating 10 Years of Successful Partnership Value Added Distributor | Authorized Training Centre | Professional Services
POWERED BY SECUREWAY
Come and Visit us at GITEX, Hall-2 Stand B2-1B Dubai World Trade Centre,18th – 22nd October 2015
-------------------------------------------------------------------------------------------------------------------------------
www.exclusive-networks.ae
exn.me
exn_me