Hardening and Protecting Network Infrastructure with UEBA and Behavioral Firewalls

Posted by Heather Howland on Jan 27, 2017 7:37:33 PM

The risks to employees and organizations from stolen or compromised credentials and information are well-known. And with hackers and insiders becoming more advanced and sophisticated in their techniques the global threat is increasing.  At a recent IT security forum,  I was speaking with a customer about an Alert (TA16-250A) that the United States Computer Emergency Readiness Team (US-CERT) released on “The Increasing Threat to Network Infrastructure Devices and Recommended Mitigations” and how User and Entity Behavior Analytics (UEBA)can help address some of their recommendations.  

Read More

Topics: Risk, ueba, User Behavior, Privileged Accounts, Credential Compromise, Multi-factor Authentication, Compliance

The Dangers of Bending the Security Rules to Get Things Done

Posted by Heather Howland on Jan 20, 2017 1:58:56 PM

The other day I was speaking to a good friend of mine. He’s an executive consultant working for a large Fortune 1000 organization. As we are talking I realize that he has access to a lot of highly sensitive information that if exposed could be rather damaging to the company. He was lamenting to me how he needed to get access to some data on one of the servers but IT blocked him from accessing it until he completed a mandatory online “IT Security Awareness” training.

Read More

Topics: User Behavior, Risk, ueba, User Risk, Credential Compromise

How to Thwart an Attacker’s Attempt to Compromise Credentials and Move Around a Network

Posted by Vikas Arya on Jan 12, 2017 3:28:18 PM

In recent years, we have seen hospitals, insurance companies (Aetna), giant corporations (Sony) retailers (Home Depot and Target), and tech companies (Yahoo, LinkedIn, Dropbox) all breached because of some type of insider threat or compromised credentials. So, it’s no surprise that Insider threats are a growing concern for organizations.

Read More

Topics: Credential Compromise, Insider Threats, Active Directory

Enterprise Security in Times of War

Posted by Ajit Sancheti on Sep 8, 2016 7:58:18 AM

Enterprises define security policies that match their business objectives. By setting security policy rules, an organization can better enable the business to achieve its goals while protecting them from advanced threats. They work reasonably well, even allowing for the well publicized breaches and insider threats. Without policies or a set of tools in place for such eventualities, it will be very difficult for the business to operate effectively when under attack.

Read More

Topics: ueba, Behavioral Firewall, CISO, Insider Threats, Credential Compromise, User and Entity Behavior Analytics, Adaptive Response

Password Brute Force Attacks: Denying the Attacker, Not the Legitimate User

Posted by Vikas Arya on Aug 31, 2016 9:30:49 AM

When Mark Zuckerberg’s passwords were hacked from his twitter and other accounts, that news got everyone’s attention . Online articles  suggest that hackers got his password from the 2012 LinkedIn breach where 117 million accounts compromised. Mr Zuckerberg reused his passwords on other services, like Twitter, which got compromised.

This incident along with many other similar hacks proves that cyber-attacks are not isolated events,  they are like a giant wave with long-term effects that can set off a chain of events. 

Read More

Topics: Use Case, Credential Compromise, password brute force, ueba

Could Sage Have Acted More Sagely Before The Insider Breach?

Posted by Heather Howland on Aug 16, 2016 9:00:00 AM

This weekend, Sage Group sent out a warning to its customers about a data breach. According to the BBC, the breach exposed the personal details of employees at close to 300 companies in the UK and Ireland.

Read More

Topics: User and Entity Behavior Analytics, Insider Threats, Credential Compromise

Disrupting an Attacker from Exploiting Domain Credentials

Posted by Avi Kama on Jul 20, 2016 9:57:42 AM

We security professionals are constantly reading over and over: Time is not on our side. In the recent Verizon DBIR 2016 report they illustrate how quickly threat actors go in and out of networks. There are many other similar security data reports that list the possible reasons and detach responsibility which ultimately means “all we can do is our best.” 

Read More

Topics: APT, User Behavior, Credential Compromise