Is Your Threat Intelligence Platform Just a Tool?
There are new tools coming on the market every day, but many are just that – a simple tool and not a true platform. A tool may solve immediate needs, but you must evaluate your needs across multiple stakeholders throughout your organization (i.e., SOC, IR, Threat Team, CIO, CISO, Board) and look to a single platform to bring everyone together. The platform must support the integration of all the stakeholders and data that is relevant to each in such a way that all interested parties can work together as a team. Customization of the platform is key, as each organization will have different processes, and the need for data customization across those processes for aggregation, analysis, and action.
A platform is a foundational capability. It should be extensible, conducive to enterprise collaboration and evolve as your organization’s strategies shift. We agree with ExactTarget (Salesforce) in their definition of a tool vs. a platform, and in addition to that put forth our spin on the features you want to look for in a Threat Intelligence Platform [list follows …]
Link: http://www.threatconnect.com/news/is-your-threat-intelligence-platform-just-a-tool/
Don’t Let 2015 be the (NEW) Year of the Breach…Embrace Cyber Threat Intelligence
According to our friends at Google, every year since 2011 has been coined “The Year of the Breach”. That’s an awful long time to be stuck being remembered as yet another year we let bad guys take our stuff.
Performing these exercises gives us a pretty clear picture of the attack surfaces we are presenting to an adversary to gain access to our data. But let’s not pat ourselves on the back too vigorously yet. Our adversary’s tactics drive how we prioritize defending each of these attack surfaces. How do we find out what those tactics are?
Security is hard folks, and it’s not for the faint of heart. Not a single concept on this blog is something that can be done quickly or haphazardly. We haven’t even touched the attack surfaces presented by the users of our network. We haven’t touched on a lot of topics really. What we have covered is a basic methodology that will go a long way towards making sure we do our part to ensure 2015 gets coined something other than “the Year of the Breach“.
Link: http://www.isightpartners.com/2015/03/dont-let-2015-be-the-new-year-of-the-breach-embrace-cyber-threat-intelligence/
When DDoS Isn’t All About Massive Disruption
New data shows prevalence of often-undetectable DDoS attacks aimed at quietly wreaking havoc on the network while performing data exfiltration and other attacks.
Corero also found a large number of short-burst DDoS attacks lasting anywhere from 5- to 30 minutes. Some 96% of DDoS attacks against its service provider and enterprise customers’ networks lasted less than 30 minutes, and 73%, less than five minutes.
Link: http://www.darkreading.com/perimeter/when-ddos-isnt-all-about-massive-disruption/d/d-id/1319581
New Neverquest campaign is targeting Canadian banks
Neverquest (aka Vawtrak) is a classic Trojan-banker with a variety of different advanced functions to attack online banking customers. The malware often gets installed through downloaders that are dropped using drive-by attacks.
The current webinject reveals that the primary goal, at least of this campaign, is financial institutions in Canada. We have more than 15 unique targets in Canada. The webinject is very much in the style of the ZeuS template and with the goal to alter the content of several specified target websites.
Link: https://www.csis.dk/en/csis/blog/4628/
CFOs increase spending on cyber-security
Sixty-three per cent of finance executives in a broader survey said their top response to the increased threat of data breaches was spending more on cyber-security and fraud prevention. In that survey, part of the AICPA’s quarterly Business & Industry Economic Outlook, 29% said they had not made any changes, 13% said they were accelerating the development of new mobile or electronic payment options that could offer more security, and 5% listed an unspecified other response.
Most CFOs in an annual survey by accounting and consulting firm BDO said the main response to cyber-security concerns was the implementation of new software security tools (90%) and the creation of a formal response plan for security breaches (72%).
Link: http://www.cgma.org/Magazine/News/Pages/cyber-security-spending-201512001.aspx?TestCookiesEnabled=redirect
What is keeping CIOs awake in 2015?
Kathy Gibson at the IDC CIO Summit, Sandton – We’ve heard about the four pillars of the 3rd Platform – big data, mobility, social and cloud computing – for some time; but now CIOs are looking to transform their organisations in line with these strategies.
• Security is a hot button issue for CIOs – and by 2016 it will be a top three business priority for 70% of CEOs.
• It is imperative to elevate security to senior executive responsibility, including CXOs in cross-functional governance.
• CIOs are urged to assess overall security architecture and transition from internal fixed cost assets to variable-cost PaaS. And they need to ensure that a security review – including cost – is a prerequisite for any new solution whether or not IT is involved.
• Mobile adds to the complexity of security, and in mobile-first regions the customer privacy agenda is highlighted.
Link: http://it-online.co.za/2015/03/24/what-is-keeping-cios-awake-in-2015/
Shipping analysts warn of cyberattacks at sea
Hackers could interfere with the control of a ship, disable navigation systems, cut off communications or steal confidential data, according to Allianz Global Corporate & Specialty SE’s 2015 Safety and Shipping Review.
The report warned shipping firms to prepare for the likelihood of cyberattacks as hackers around the world become more sophisticated.
Link: http://thehill.com/policy/cybersecurity/236723-shipping-analysts-warn-of-cyberattacks-at-sea
Fleishman launches global cybersecurity and privacy practice
ST. LOUIS: FleishmanHillard has launched a global practice focused on helping clients with data security and privacy challenges.
The group’s mission is to provide clients with a one-stop shop to address data-specific challenges in areas including data breach preparedness and response; employee awareness and engagement; privacy protection communications and advocacy; and public affairs regulatory and legislative counsel.
The practice is also supported by cybersecurity and investigations firms, cyber law firms, and cyber insurance underwriters with which Fleishman has a relationship. For instance, one year ago, Fleishman and risk-management firm Kroll formed a strategic alliance focused on cybersecurity and data-breach-risk mitigation.
Link: http://www.prweek.com/article/1339661/fleishman-launches-global-cybersecurity-privacy-practice
UK government announces £5m anti-malware funding
The UK government has announced a £5m investment to help researchers create new cyber security solutions as part of ongoing efforts to bolster the nation’s defences.
The funding was announced at the World Cyber Security Technology Research Summit in Northern Ireland and will be provided by the Engineering and Physical Sciences Research Council (EPSRC) and Innovate UK.
The research will focus specifically on ways to tackle malware threats, detect intrusions and prevent data theft on laptops, smartphones and cloud storage services.
Link: http://www.v3.co.uk/v3-uk/news/2401139/uk-government-announces-gbp5m-anti-malware-funding
When It Comes to Threat Detection and Incident Response, Context Matters
CSOs should now be using security analytics tools for threat detection and incident response. These security analytics tools offer the analyst unprecedented access to data they have always logged and kept, but rarely used.
This also allows security professionals to explore data sets previously deemed too large and complex for everyday use like full packet captures of all network data. Now we are seeing the emergence of tool sets that can not only deal with the incredible amount of information coming in daily, but can also be used to review older data. Security analytics tools don’t actually eliminate the need for a Security Incident and Event Management (SIEM) system. They still have their place in most organisations…
Link: http://www.cso.com.au/article/571117/when-it-comes-threat-detection-incident-response-context-matters/