Hardening and Protecting Network Infrastructure with UEBA and Behavioral Firewalls

Posted by Heather Howland on Jan 27, 2017 7:37:33 PM

The risks to employees and organizations from stolen or compromised credentials and information are well-known. And with hackers and insiders becoming more advanced and sophisticated in their techniques the global threat is increasing.  At a recent IT security forum,  I was speaking with a customer about an Alert (TA16-250A) that the United States Computer Emergency Readiness Team (US-CERT) released on “The Increasing Threat to Network Infrastructure Devices and Recommended Mitigations” and how User and Entity Behavior Analytics (UEBA)can help address some of their recommendations.  

Read More

Topics: Risk, ueba, User Behavior, Privileged Accounts, Credential Compromise, Multi-factor Authentication, Compliance

The Dangers of Bending the Security Rules to Get Things Done

Posted by Heather Howland on Jan 20, 2017 1:58:56 PM

The other day I was speaking to a good friend of mine. He’s an executive consultant working for a large Fortune 1000 organization. As we are talking I realize that he has access to a lot of highly sensitive information that if exposed could be rather damaging to the company. He was lamenting to me how he needed to get access to some data on one of the servers but IT blocked him from accessing it until he completed a mandatory online “IT Security Awareness” training.

Read More

Topics: User Behavior, Risk, ueba, User Risk, Credential Compromise

How to Apply FBI Insider Threat Warning to IT Security

Posted by Heather Howland on Jan 6, 2017 4:15:27 PM

Last month, Special Agent Scott Mahloch, weapons of mass destruction coordinator for the Chicago division of the FBI spoke at the Food Safety Consortium about how food companies can protect themselves against terrorism by identifying the insider threat and some of the FBI’s initiatives in this area. While the focus of his talk was around protecting the food supply from intentional contamination with chemical, biological, or radiological (CBR) agents, I found that much of the advice on guarding against these types of Insider Threats directly applies to cybersecurity and it would be interesting to share how these tips can be applied in IT security -- not only for food companies, but companies in general.

Read More

Topics: Insider Threats, ueba, User Behavior

BFFs: UEBA Threat Detection and Post Infection Prevention

Posted by Eran Cohen on Aug 26, 2016 10:26:19 AM

I believe detection and prevention are the most chewed-over words in the security market. In the last 20 years, I have seen the term virus evolve to worm and horse (trojan). Then it left the living creature world and moved to the “Bond” world by becoming spyware, malware, ransomware and even getting recognized by names, such as Zeus, Cryptolocker and more.

And yet the basic terms of detection and prevention have remained steady.  No matter the triggers, no matter the technology or the company. Sometimes you’ll hear detection and prevention used together and sometimes separately depending on the solution’s capabilities.  What changes with these terms lies underneath as the threats to organizations continue to proliferate.

Read More

Topics: User Behavior, User and Entity Behavior Analytics, Behavioral Firewall

Five Common Misconceptions in Enterprise Security Organizations - Part Two

Posted by Eyal Karni on Aug 3, 2016 8:00:00 AM

In my previous blog post (part 1), I talked about common misconceptions in Enterprise security organizations as they relate to IT security skills challenges along with the disadvantages of counting on log-based solutions for stopping advanced attacks. This week I’d like to focus on three other common misconceptions in IT security organizations. I’ll be talking about why bigger isn’t necessarily better, why User and Entity Behavior Analytics on its own is not enough and why “zero configuration” solutions will let you down.

Read More

Topics: User and Entity Behavior Analytics, APT, User Behavior

Demise of SMS 2-Factor Authentication Opens Door for More Secure Authentication

Posted by Heather Howland on Jul 29, 2016 7:00:00 AM

There have been several articles in the last couple days that talk about NIST’s latest Digital Authentication Guidelines (DAG) draft which is indicating SMS for 2-Factor Authentication is nearing the end. Given its popularity it’s creating a lot of conversation.  And lots are asking what this could mean for the Enterprise. 

Read More

Topics: User Behavior, Multi-factor Authentication, SMS, Biometrics

Disrupting an Attacker from Exploiting Domain Credentials

Posted by Avi Kama on Jul 20, 2016 9:57:42 AM

We security professionals are constantly reading over and over: Time is not on our side. In the recent Verizon DBIR 2016 report they illustrate how quickly threat actors go in and out of networks. There are many other similar security data reports that list the possible reasons and detach responsibility which ultimately means “all we can do is our best.” 

Read More

Topics: APT, User Behavior, Credential Compromise

Solving Important IT Security Problems with the Preempt Behavioral Firewall

Posted by Ajit Sancheti on Jun 13, 2016 8:27:00 AM

“Being the founder of a startup is a very unnatural thing to do.”

Those were the words of a board member from my previous company. Most people would rather work in a more established company solving problems they deem challenging, without having to worry about customers, finances, employees, etc.

Read More

Topics: Threat Mitigation, User Behavior, CISO, Behavioral Firewall, Adaptive Response