[From the desk of Paul Davis – his opinions and no-one else’s]
\nApart from the reporter’s opinions \ud83d\ude09
\nSo onto the news:<\/p>\n
Security tools’ effectiveness hampered by false positives
\nAccording to a 2015 report by research firm Enterprise Management Associates (EMA), entitled \u201cData-Driven Security Reloaded,\u201d half of the more than 200 IT administrators and security surveyed said too many false positives are keeping them from being confident on breach detection.
\nThe most common false positives exist in products such as network intrusion detection\/prevention, endpoint protection platforms and endpoint detection and response tools, says Lawrence Pingree, research director for security technologies at Gartner.
\n\u201cThe greatest risk with false positives is that the tool generates so many alerts that [it] becomes seen as a noise generator, and any true issues are ignored due to fatigue on the part of those responsible for managing the tools,\u201d Cotter says. \u201cWe frequently see this issue in tools that are not properly operationalized, such as when tools are installed and deployed using default settings and profiles.\u201d
\nA common example is file integrity monitoring software, which alerts administrators when files on a monitored system are altered for any reason, and this can be an indicator of malware or intruder activity. \u201cUsing default settings, a simple patch will generate a very large number of file changes; when aggregated across a mid-sized enterprise, this could easily generate many tens of thousands of alerts,\u201d Cotter says.
\nMost products provide greater detail to determine whether something looks like a false positive detection, Pingree says.
\nAn investigator might compare the detected event to that of known good samples of files, such as whitelists.
\nOccasional false positive investigations are not entirely sunk costs, Cotter adds. \u201cThese incidents can be seen as an opportunity to exercise the incident response plan, and identify areas of process improvement for future incorporation into the organization\u2019s policies and procedures,\u201d he says. \u201cAlso, it should be recognized that an occasional false positive is a good thing to keep people aware of how incident response must be handled, as well as help validate the operation of tools and continually fine-tune their configuration.\u201d
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=5021cf9207&e=20056c7556<\/p>\n
Bank of England ups spending on cyber security
\nThe Bank of England has stepped up spending on cyber security in a bid to combat the increased threat of cyber attack, as well as improving cyber-security training for staff across the organisation – including warning them to be wary about revealing their roles at the Bank.
\n“Significant progress had been made in applying controls, but at the same time external threats had been increasing.
\nThe Bank had numerous information assets and was a key part of the UK critical national infrastructure,” according to the report.
\nIt continued: “A \u00a320m three-year investment programme had been agreed in 2013 and there had also been a substantial increase in day-to-day resources in the IT Security and Information Security Divisions, with an uplift of 74 FTE [full-time equivalent] staff.
\n“Technical controls put in place had strengthened the Bank’s ability to prevent, detect and respond to attacks.
\nBut no technical fix could guarantee security 100 per cent, so at the same time significant effort had been made to improve security awareness among all staff, and incident handling procedures had been strengthened.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=ea732cc72b&e=20056c7556<\/p>\n
Rise of anti-forensics techniques requires response from digital investigators
\nGood news and bad news from the security industry.
\nBad news first: there\u2019s a booming population of stealth cyber attackers, who can invade your IT infrastructure without leaving a trace.
\nThe good news: there\u2019s a massive shortage of people who can deal with this.
\nToday\u2019s cyber crims have mastered the art of leaving crime scenes without leaving a trace, thanks to new techniques using fileless malware that can hide out in volatile memory.
\nThe security industry needs people who can see beyond what the standard investigation are capable of probing, says Torres.
\nThey need to be able to see patterns above and beyond whatever the data is telling them.
\nIn my experience, that rules out 99 er cent of the IT and marketing professionals in Britain, who seem to need a Big Data analysis to tell them that it\u2019s raining outside.
\nTorres estimates that possibly 1 in 4 Digital Forensics and Incident Response (DFIR) professionals has the level of training to successfully analyse the new types of self-defence techniques that include more sophisticated rootkit and anti-memory analysis mechanisms.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=528814d6eb&e=20056c7556<\/p>\n
============================================================
\nFeedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)<\/p>\n
If you know someone else who would be interested in this Newsalert, please forwarded this email.
\nIf you want to be added to the distribution list, please click this: ** Subscribe to this list (http:\/\/paulgdavis.us3.list-manage.com\/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)<\/p>\n
** Unsubscribe from this list (http:\/\/paulgdavis.us3.list-manage1.com\/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=aa87874373)<\/p>\n
** Update subscription preferences (http:\/\/paulgdavis.us3.list-manage.com\/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)<\/p>\n","protected":false},"excerpt":{"rendered":"
[From the desk of Paul Davis – his opinions and no-one else’s] Apart from the reporter’s opinions \ud83d\ude09 So onto the news: Security tools’ effectiveness hampered by false positives According to a 2015 report by research firm Enterprise Management Associates (EMA), entitled \u201cData-Driven Security Reloaded,\u201d half of the more than…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29],"tags":[],"class_list":["post-1165","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1165","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=1165"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1165\/revisions"}],"predecessor-version":[{"id":3652,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1165\/revisions\/3652"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=1165"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=1165"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=1165"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}