CDM-CYBER-DEFENSE-eMAGAZINE-March-2019

More documents

Recommendations

Info

sources (such as syslog’s, Net Flow data, authentication logs, and application logs) and trying to reconstruct what happened. Leading US healthcare organizations’ security teams are turning to continuous packet capture to give them an edge in dealing with the flood of alerts and helping them accelerate the investigation and response process. Recording what happens on their network lets SecOps teams go from a security alert in their monitoring tools directly to definitive, packet-level evidence. Real-life examples include: A hospital group in the Northeastern US is preventing malware attacks by extracting and reconstructing executable email attachments from recorded traffic and running them in a sandbox to validate whether they are malware or not. It also uses recorded network history to successfully thwart phishing attacks and identify potentially compromised credentials before attackers have an opportunity to use them to access systems. It can also identify when hospital staff have had their personal credentials compromised while on the hospital’s network (e.g. banking logins compromised through phishing) and as a result can warn them to change their passwords immediately. A large healthcare organization based in the Southern US uses recorded network history to accelerate the investigation of security alerts raised by their security monitoring software tools, such as Darktrace, and collected by their Spelunk SIEM. The security team can swiftly retrieve the packets relating to an alert to see precisely what has occurred, and immediately go into analysis mode to know how to respond and what the scope of the threat is. Virtualizing and streamlining security functions on a common platform can enable organizations to continually evolve their defenses and keep ahead of security threats. With access to a packetlevel history of network activity, analysts can examine the actual packets relating to a security alert to make sure they have the definitive evidence they need to quickly and conclusively investigate and respond to security threats and reduce the backlog of unexamined alerts. About the Author John Attala is the Director, North America for Endace, a world leader in high-speed network monitoring and recording technology. As the North American sales leader, John has played a pivotal role in launching and building Endace’s network monitoring business within the North America. He has more than 20 years’ experience in selling networking and security solutions to Fortune 1000 companies and government accounts—bringing a deep understanding of the market, delivering a consultative, solution selling approach to solve complex problems and improving network security across the globe. John can be Reached at Twitter (https://twitter.com/endace) and LinkedIn (https://www.linkedin.com/in/john-attala-8408a9a/) and at our company website (http://www.endace.com ) and LinkedIn (https://www.linkedin.com/company/endace/).
Want to Secure Your Endpoints? Go Beyond the Endpoint By Jai Balasubramaniyan, Director of Product Management, ColorTokens Inc. Traditional endpoint security control has always been about malware, threat analysis, and remediation. However, it is useless for an endpoint to be pristine and clear when it is unaware of the environment it is in as it will continue to get polluted even after cleanup. An endpoint protection solution myopically focused on files, sequences and malware residing on the endpoint without understanding the network it is part of, the user who sits behind the endpoint or the application they are trying to access from their endpoint, simply put, is missing the point. The Endpoint security market is now at the cusp of a significant innovation and change. A nextgeneration endpoint security solution needs to be able to recognize the user behind the endpoint and what his/her behavior should be. Likewise, it would need to have a deep understanding of applications the user is trying to access, to ensure they have the right roles and access. Traditionally some of these functions have been done by network security vendors. Unfortunately, they do not work well today’s scenario. The disappearing network perimeter and workloads migrating to the cloud has made perimeter security controls, like on premise firewalls, limited in usefulness as they are simply not in the path of a lot of these communications. Similarly, the rising use of encryption will continue to make the network increasingly dark, as they cannot effectively decrypt traffic at high speeds. Security vendors have tried to bridge this gap between the network, endpoint, user and application by bringing in a multitude of boxes in the network layer and a multitude of agents at the endpoint with the hope that they will talk to each other and solve the problem. But this has not happened till date.
Page 1 and 2:
Data Breaches: Beyond Exposing Iden
Page 3 and 4:
CONTENTS (cont') Prioritizing Secur
Page 5:
@CYBERDEFENSEMAG CYBER DEFENSE eMAG
Page 22 and 23:
Data Breaches: Beyond Exposing Iden
Page 24 and 25:
About the Author Kem Gay is an Inte
Page 26 and 27:
Rip Off the Band-Aid This leaves us
Page 28 and 29:
Why Biometric Data Use Poses Unique
Page 30 and 31: • DNA Kits: If you purchased or u
Page 32 and 33: How to be Workforce Ready and Stand
Page 34 and 35: Maximiliano Gigli, a third-year cyb
Page 36 and 37: Interestingly, the two groups diffe
Page 38 and 39: Cross-site Scripting Is an Underrat
Page 40 and 41: Stealing HTML5 web storage data: HT
Page 42 and 43: Cybersecurity in New York City, the
Page 44 and 45: A boom in cybersecurity startups se
Page 46 and 47: illion risks and threats among its
Page 48 and 49: Some Important Developments in the
Page 50 and 51: About the Author Sharmistha Sarkar
Page 52 and 53: employees to contractors and sub-co
Page 54 and 55: The Internet of Things Engineering
Page 56 and 57: About The Author Milica D. Djekic i
Page 58 and 59: kind. Many of them require some kin
Page 60 and 61: 2019 Risks in Focus: Cyber Incident
Page 62 and 63: However, the past year has also wit
Page 64 and 65: Why Insider Threats Are One of the
Page 66 and 67: Unlike with outside security threat
Page 68 and 69: Organizations will also frequently
Page 70 and 71: The US Must Catch Up to Other Promi
Page 72 and 73: The fact is, the wider internationa
Page 74 and 75: Integrate Compliance and Regulation
Page 76 and 77: Security have and have-nots How org
Page 78 and 79: 1. People Having the right people c
Page 82 and 83: Limitations of Current Endpoint Sec
Page 84 and 85: For effective detection, most EDR s
Page 86 and 87: Why Wi-Fi Hacking Will Persist Desp
Page 88 and 89: About the Author Ryan Orsi is Direc
Page 90 and 91: questions such as, “Who added a w
Page 92 and 93: About the Author Josh Paape is an O
Page 94 and 95: for well-known, repeatable needs fi
Page 96 and 97: Overcoming Software Security Issues
Page 98 and 99: Implementing Security Checks at Str
Page 100 and 101: Phishing in the Dark: Employee Secu
Page 102 and 103: phishing threats. Furthermore, almo
Page 104 and 105: Unfortunately, once an application
Page 106 and 107: Software Should Come with a “Nutr
Page 108 and 109: vulnerabilities. If they find vulne
Page 110 and 111: I can't get no satisfaction, I can'
Page 112 and 113: How Organizations Should Choose a L
Page 114 and 115: load balancers capable of integrati
Page 116 and 117: SaaS DNS Security: Are you Protecte
Page 118 and 119: associated with any security event
Page 120 and 121: 120
Page 122 and 123: 122
Page 124 and 125: 124
Page 126 and 127: 126
Page 128 and 129: 128
Page 130 and 131:
130
Page 132 and 133:
132
Page 134 and 135:
134
Page 136 and 137:
136
Page 138 and 139:
138
Page 140 and 141:
140
Page 142 and 143:
142
Page 144 and 145:
144
Page 146 and 147:
146
Page 148 and 149:
148
Page 150 and 151:
We’ve launched http://www.CyberDe
Page 152 and 153:
Marketing and Partnership Opportuni
Page 154 and 155:
Regent University’s Institute for
Page 156 and 157:
156
show all

CDM-CYBER-DEFENSE-eMAGAZINE-March-2019

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?