[From the desk of Paul Davis – his opinions and no-one else’s]
Apart from the reporter’s opinions 😉
So onto the news:
Security tools’ effectiveness hampered by false positives
According to a 2015 report by research firm Enterprise Management Associates (EMA), entitled “Data-Driven Security Reloaded,” half of the more than 200 IT administrators and security surveyed said too many false positives are keeping them from being confident on breach detection.
The most common false positives exist in products such as network intrusion detection/prevention, endpoint protection platforms and endpoint detection and response tools, says Lawrence Pingree, research director for security technologies at Gartner.
“The greatest risk with false positives is that the tool generates so many alerts that [it] becomes seen as a noise generator, and any true issues are ignored due to fatigue on the part of those responsible for managing the tools,” Cotter says. “We frequently see this issue in tools that are not properly operationalized, such as when tools are installed and deployed using default settings and profiles.”
A common example is file integrity monitoring software, which alerts administrators when files on a monitored system are altered for any reason, and this can be an indicator of malware or intruder activity. “Using default settings, a simple patch will generate a very large number of file changes; when aggregated across a mid-sized enterprise, this could easily generate many tens of thousands of alerts,” Cotter says.
Most products provide greater detail to determine whether something looks like a false positive detection, Pingree says.
An investigator might compare the detected event to that of known good samples of files, such as whitelists.
Occasional false positive investigations are not entirely sunk costs, Cotter adds. “These incidents can be seen as an opportunity to exercise the incident response plan, and identify areas of process improvement for future incorporation into the organization’s policies and procedures,” he says. “Also, it should be recognized that an occasional false positive is a good thing to keep people aware of how incident response must be handled, as well as help validate the operation of tools and continually fine-tune their configuration.”
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=5021cf9207&e=20056c7556
Bank of England ups spending on cyber security
The Bank of England has stepped up spending on cyber security in a bid to combat the increased threat of cyber attack, as well as improving cyber-security training for staff across the organisation – including warning them to be wary about revealing their roles at the Bank.
“Significant progress had been made in applying controls, but at the same time external threats had been increasing.
The Bank had numerous information assets and was a key part of the UK critical national infrastructure,” according to the report.
It continued: “A £20m three-year investment programme had been agreed in 2013 and there had also been a substantial increase in day-to-day resources in the IT Security and Information Security Divisions, with an uplift of 74 FTE [full-time equivalent] staff.
“Technical controls put in place had strengthened the Bank’s ability to prevent, detect and respond to attacks.
But no technical fix could guarantee security 100 per cent, so at the same time significant effort had been made to improve security awareness among all staff, and incident handling procedures had been strengthened.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=ea732cc72b&e=20056c7556
Rise of anti-forensics techniques requires response from digital investigators
Good news and bad news from the security industry.
Bad news first: there’s a booming population of stealth cyber attackers, who can invade your IT infrastructure without leaving a trace.
The good news: there’s a massive shortage of people who can deal with this.
Today’s cyber crims have mastered the art of leaving crime scenes without leaving a trace, thanks to new techniques using fileless malware that can hide out in volatile memory.
The security industry needs people who can see beyond what the standard investigation are capable of probing, says Torres.
They need to be able to see patterns above and beyond whatever the data is telling them.
In my experience, that rules out 99 er cent of the IT and marketing professionals in Britain, who seem to need a Big Data analysis to tell them that it’s raining outside.
Torres estimates that possibly 1 in 4 Digital Forensics and Incident Response (DFIR) professionals has the level of training to successfully analyse the new types of self-defence techniques that include more sophisticated rootkit and anti-memory analysis mechanisms.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=528814d6eb&e=20056c7556
============================================================
Feedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)
If you know someone else who would be interested in this Newsalert, please forwarded this email.
If you want to be added to the distribution list, please click this: ** Subscribe to this list (http://paulgdavis.us3.list-manage.com/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)
** Unsubscribe from this list (http://paulgdavis.us3.list-manage1.com/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=aa87874373)
** Update subscription preferences (http://paulgdavis.us3.list-manage.com/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)