CyberSecurity Institute – Page 75 – Security News Curated from across the world

Splunk Adds Statistical Analysis to Enterprise Security App

Posted on April 30, 2013December 30, 2021 by admini

“Companies now understand that hidden in the terabytes of user-generated machine data are abnormal patterns of activity that represent the presence of malware or the behavior of malicious insiders,” Seward adds. “The new Splunk App for Enterprise Security enables statistical analysis of HTTP traffic to help security professionals determine a baseline for what’s normal, quickly detect outliers and use those events as starting points for security analysis and investigation.”

The new version of Splunk App for Enterprise Security automates monitoring and correlation of these outliers and anomalies in real time and presents the resulting analysis via dashboards and alerts.

“As long as you’re capturing proxy data, for example, all of that data will automatically go into the Splunk App for enterprise Security and all of those statistical outliers will be there and available to you.”

“Finding advanced threats is hard,” adds Jim Krev, Sr., security manager of Fieldglass, a provider of vendor management system (VMS) technology that two years ago replaced its legacy Security Information and Event Management (SIEM) tool with Splunk Enterprise and the Splunk App for Enterprise Security.

What Splunk has done with the Enterprise Security 2.4 release is make it easier to find and visualize unusual characteristics of data using statistics,” Krev says.

Link: http://www.csoonline.com/article/732635/splunk-adds-statistical-analysis-to-enterprise-security-app?source=rss_data_protection

A New Source of Cyberthreat Updates

Posted on April 30, 2013December 30, 2021 by admini

John Watters, founder of iSIGHT Partners, says obtaining timely, accurate information about the latest cyberthreats is challenging because there’s so much misinformation available. “There is not a central place – or a knowledge center – where everyone can draw information from to take action,” he says. Today what we’ve seen is really the convergence of the threat environment – now the private and public sectors are being targeted by the same threats.

The recent wave of distributed-denial-of-service attacks illustrates the need to stay well-informed about the very latest threats, Watters says. “We help our members demystify some of this information, which allows them to prioritize their resources to focus on the real, true threats,” he says.

Before joining the FS-ISAC, a non-profit association dedicated to protecting financial services firms from physical and cyberattacks, Nelson was elected vice chairman of the ISAC Council, a group dedicated to sharing critical infrastructure information.

Over the past decade, Watters has been involved with numerous cybersecurity companies, including TippingPoint Technologies, Archer Technologies, Netwitness and Lookingglass, in addition to iDEFENSE and iSIGHT Partners.

Link: http://www.bankinfosecurity.com/interviews/new-source-cyberthreat-updates-i-1902?rf=2013-04-29-eb&elq=01956b18b1fb4b35b539650c8ea7dc3b&elqCampaignId=6596

Ramnit sleeping malware targets UK financial sector

Posted on April 30, 2013December 30, 2021 by admini

But, there is still one more obstacle in the way of the malware – to complete the transaction a One Time Password (OTP) must be entered by the user.

Trusteer said the malware’s authors have moved to further hide the malware from its intended victims, by making it alter the bank’s FAQ to make it seem as if the bogus messages are entirely legitimate. Anticipating that some suspicious users may reference the bank’s FAQ page, Ramnit authors took the extra step of altering the FAQ section to fit the new process,” said the spokesman.

“By changing multiple entries in the FAQ section Ramnit demonstrates that its authors did not leave anything to chance – even if the victim decides to go the extra step, Ramnit is already there.”

Link: http://www.v3.co.uk/v3-uk/news/2264999/ramnit-sleeping-malware-targets-uk-financial-sector

U.S. response to bank cyberattacks reflects diplomatic caution, vexes bank industry

Posted on April 29, 2013December 30, 2021 by admini

“You’re always going to see the government be more cautious and incremental in response to most incidents than the private sector probably would like,” Michael Daniel, the White House cybersecurity coordinator, said in a recent interview, speaking generally.

This much is clear: The last eight months of disruptions to bank Web sites, caused by efforts to crash servers with torrents of computer traffic, have not been severe enough to trigger a military response, cyber or otherwise.

Daniel, the White House cyber official, said he thinks companies need to do more to defend their own networks as part of a “spectrum of responsibility” that includes the public and private sectors.

At a March meeting of banking executives hosted by the Treasury Department, U.S. officials made clear to the chief executive officers that they could not simply rely on the government for cybersecurity. Some banking officials say they would like the providers — including Verizon, AT&T and Century Link — to do more to block malicious traffic headed toward their networks.

Alexander, the director of the National Security Agency, suggested that the Internet companies would be best positioned to block an Aramco-type attack with help from the NSA. If a company is asked by the government to screen the traffic to stop an attack, it could be seen as acting as a government agent, exposing the firm to legal action.

Alexander, industry officials say, would like the Internet providers to be able to screen traffic entering U.S. networks, but privacy laws prevent them from doing so unless, for instance, they have customer consent or a court order.

Link: http://www.washingtonpost.com/world/national-security/us-response-to-bank-cyberattacks-reflects-diplomatic-caution-vexes-bank-industry/2013/04/27/4a71efe2-aea2-11e2-98ef-d1072ed3cc27_story.html

US banking sector vulnerable to hackers

Posted on April 27, 2013December 30, 2021 by admini

Making reference to a series of cyber attacks that targeted several of the biggest US banks toward the end of 2012, the FSOC noted “the knowledge and skill of the attackers appeared to increase over time.”

In an attempt to protect the financial system against these attacks, the FSOC proposed “enhancing cross-sector cooperation, particularly with industries upon which the financial sector is dependent, such as energy, power, and telecommunications.” “Public-private partnership improvements in the analysis and dissemination of robust information to improve real-time responses to cyberattacks will enhance incident management, mitigation, and recovery efforts,” the report added.

Link: http://www.adelaidenow.com.au/news/breaking-news/us-banking-sector-vulnerable-to-hackers/story-e6frea7u-1226630247494

Kingston adds malware scanner to its secure drives

Posted on April 26, 2013December 30, 2021 by admini

Today, flash drives are just as convenient as when they were first released, but many also contain high levels of security, which has helped bring them back into government.

“People often carry sensitive personal files on their USB drives, and they often don’t realize that their drive can be infected when plugged into a computer, and then that infection can be transferred to other machines. Together with Kingston and ClevX, we can offer a solution which keeps the contents of USB flash drives safe and malware-free and prevents malware from spreading via removable media.”

Link: http://gcn.com/articles/2013/04/26/kingston-adds-malware-scanner-secure-drives.aspx