CDM-CYBER-DEFENSE-eMAGAZINE-March-2019

More documents

Recommendations

Info

For effective detection, most EDR solutions provide threat hunting tools to scan all the endpoint data coming from millions of endpoints to see the spread of the infection or malicious intruder activity. They allow the administrator to then remediate the infected endpoint by providing tools such as a remote shell where the administrator can login to the infected endpoint and remove the malicious files. However, EDR solutions also have certain limitations. Customers and solutions can get overwhelmed with the amount of data that needs to be recorded and analyzed to see malicious behavior. Remediation becomes increasingly hard. The volume of data will only increase as a company keeps adding headcount with more employees who generate more data. This is the reason why EDR solutions often package managed security services along with their product as regular customers are not able to handle the complexity of managing a Security Operations Center and personnel who can analyze this data. Whitelisting, Blacklisting and Process Controls A doctor rarely tells you to eat everything and then runs a series of tests to tell you what is wrong and prescribes medicines to control your ailment. Rather, (s) he asks you to avoid certain types of food which could make you sick. It is no different with security. Rather than allow the user to run every possible application and every possible sequence of commands and then check in the cloud whether a sequence was malicious or not, an alternate approach would be to simply stop the user from doing certain sequences of actions or running certain applications. Whitelisting and Blacklisting techniques are extremely effective in fixed function devices and environments with limited change to the endpoints. Here, it would be much easier to simply analyze all the running processes, create a set of process controls and then lock the device down. With this approach, rather than scan the universe for all possible bad sequences, vendors prefer to lock down systems to known good behavior. In such an approach, any new process created outside the known list of allowed processes would trigger an alert or be blocked before execution. Likewise, any process which triggers a network connection other than the well-known utilities like a browser or a file transfer utility will trigger an alert or be stopped prior to execution. Bringing It All Together - ColorTokens Approach to Security At ColorTokens we want to bring the power back to endpoint and make it smarter. The endpoint is the start of any communication and therefore the best place to enforce security. We start by sitting at the endpoint, understanding the user who is at the endpoint, understanding his/her access permissions, understanding what applications (s) he uses, and of course all the files (s) he downloads as payload using these applications. The rest of the endpoint security is all about the last part where we focus on analyzing the files (s) he downloads into their endpoint and examining the malicious behavior of the payload. Color Tokens RADAR360 performs the analysis of the files using traditional Endpoint Protection Controls. We record events to ensure that some malicious sequence is not skipped. However, we
also add sophisticated whitelisting, blacklisting, and process controls. If a user is accessing a risky file-sharing application which ends up downloading malware into his system, we do not wait for it to happen and then try to recover like a traditional endpoint security solution. We bring in user and application context to the endpoint so it can quickly recognize this behavior as risky and stop it. We can always revert to the traditional endpoint security behavior of seeing the malware and cleaning it up or preventing its execution, but we first and foremost try to stop bad behavior from happening. The ColorTokens platform can be deployed across any endpoint or workload in the cloud (Amazon, Azure and other vendors) and brings the complete network and endpoint context in one simple, easy to use solution. About the Author Jai Balasubramaniyan is the Director of Product Management at ColorTokens Inc. He has been instrumental in creating award winning Enterprise Security Products at Cisco, Trend Micro, Check Point, Zscaler, Gigamon, Crowd Strike and ColorTokens. Jai was the architect and developer of the Cisco Router Firewall and led the creation and launch of DMVPN solution winning the Pioneer Award, Cisco’s highest technology award. He has also led Product Management of Trend Micro Deep Discovery Solution which won the NSS Lab tests for highest efficacy and Gigamon Security Delivery Platform. Jai has several patents and publications in the security field. He has a Masters in Computer Science from Purdue University and an MBA from the Kellogg School of Management. Jai can be reached online at jai.bala@colortokens.com and at our company website https://colortokens.com/
Page 1 and 2:
Data Breaches: Beyond Exposing Iden
Page 3 and 4:
CONTENTS (cont') Prioritizing Secur
Page 5:
@CYBERDEFENSEMAG CYBER DEFENSE eMAG
Page 22 and 23:
Data Breaches: Beyond Exposing Iden
Page 24 and 25:
About the Author Kem Gay is an Inte
Page 26 and 27:
Rip Off the Band-Aid This leaves us
Page 28 and 29:
Why Biometric Data Use Poses Unique
Page 30 and 31:
• DNA Kits: If you purchased or u
Page 32 and 33:
How to be Workforce Ready and Stand
Page 34 and 35: Maximiliano Gigli, a third-year cyb
Page 36 and 37: Interestingly, the two groups diffe
Page 38 and 39: Cross-site Scripting Is an Underrat
Page 40 and 41: Stealing HTML5 web storage data: HT
Page 42 and 43: Cybersecurity in New York City, the
Page 44 and 45: A boom in cybersecurity startups se
Page 46 and 47: illion risks and threats among its
Page 48 and 49: Some Important Developments in the
Page 50 and 51: About the Author Sharmistha Sarkar
Page 52 and 53: employees to contractors and sub-co
Page 54 and 55: The Internet of Things Engineering
Page 56 and 57: About The Author Milica D. Djekic i
Page 58 and 59: kind. Many of them require some kin
Page 60 and 61: 2019 Risks in Focus: Cyber Incident
Page 62 and 63: However, the past year has also wit
Page 64 and 65: Why Insider Threats Are One of the
Page 66 and 67: Unlike with outside security threat
Page 68 and 69: Organizations will also frequently
Page 70 and 71: The US Must Catch Up to Other Promi
Page 72 and 73: The fact is, the wider internationa
Page 74 and 75: Integrate Compliance and Regulation
Page 76 and 77: Security have and have-nots How org
Page 78 and 79: 1. People Having the right people c
Page 80 and 81: sources (such as syslog’s, Net Fl
Page 82 and 83: Limitations of Current Endpoint Sec
Page 86 and 87: Why Wi-Fi Hacking Will Persist Desp
Page 88 and 89: About the Author Ryan Orsi is Direc
Page 90 and 91: questions such as, “Who added a w
Page 92 and 93: About the Author Josh Paape is an O
Page 94 and 95: for well-known, repeatable needs fi
Page 96 and 97: Overcoming Software Security Issues
Page 98 and 99: Implementing Security Checks at Str
Page 100 and 101: Phishing in the Dark: Employee Secu
Page 102 and 103: phishing threats. Furthermore, almo
Page 104 and 105: Unfortunately, once an application
Page 106 and 107: Software Should Come with a “Nutr
Page 108 and 109: vulnerabilities. If they find vulne
Page 110 and 111: I can't get no satisfaction, I can'
Page 112 and 113: How Organizations Should Choose a L
Page 114 and 115: load balancers capable of integrati
Page 116 and 117: SaaS DNS Security: Are you Protecte
Page 118 and 119: associated with any security event
Page 120 and 121: 120
Page 122 and 123: 122
Page 124 and 125: 124
Page 126 and 127: 126
Page 128 and 129: 128
Page 130 and 131: 130
Page 132 and 133: 132
Page 134 and 135:
134
Page 136 and 137:
136
Page 138 and 139:
138
Page 140 and 141:
140
Page 142 and 143:
142
Page 144 and 145:
144
Page 146 and 147:
146
Page 148 and 149:
148
Page 150 and 151:
We’ve launched http://www.CyberDe
Page 152 and 153:
Marketing and Partnership Opportuni
Page 154 and 155:
Regent University’s Institute for
Page 156 and 157:
156
show all

CDM-CYBER-DEFENSE-eMAGAZINE-March-2019

Create successful ePaper yourself

Delete template?

Save as template?