Posts by lasherdotan

1 min

Gartner calls for rebalancing security budgets: invest more in detection vs. prevention

In his talk last week at the 2014 Gartner Security and Risk Management Summit [http://www.gartner.com/technology/summits/na/security/], Gartner Analyst Neil McDonald [https://www.gartner.com/AnalystBiography?authorId=7299] said that when targeted attacks are considered, traditional technologies like firewalls, intrusion detection and prevention systems (IDS/IPS) and anti-malware tools fail in detection. That is because it's hard to use them to detect attacks that nobody has seen before, hence ha

4 min Verizon DBIR

The Verizon Data Breach Report - 9 Key Takeaways

Last week I hosted a webinar [https://information.rapid7.com/9-takeaways-to-verizon-dbir.html?CS=blog] with Nicholas J. Percoco [http://en.wikipedia.org/wiki/Nicholas_J._Percoco], VP of Strategic Services at Rapid7, where we discussed the latest Verizon DBIR [http://www.verizonenterprise.com/DBIR/2014/?gclid=CjgKEAjwkpacBRCNlprWw-u-nBwSJACwHiw-X46Zj-f8csREBvHnZe5veidKY2VulnOYLHPbJwa7f_D_BwE] . This year's report, as always, is recommended reading for any security professional as it's probably t

3 min InsightIDR

New UserInsight Features: Insight into endpoints, User impersonation and Attackers covering their tracks

As user-based attacks become the most common attack vector, the need to identify abnormal user behavior as an indication of an attack is growing. We'd like to share with you some new features that we're releasing in the upcoming weeks which enhance UserInsight's capability to detect and investigate attacks. Attacker gets busted covering his tracks You can't get good visibility to user behavior unless you have good visibility to activity on endpoints. That's why UserInsight scans every endpoint

1 min

Pay attention to how people use systems: UserInsight in the news at CSO Online

We're excited to be included in Michael Santarcangelo's [http://www.csoonline.com/author/Michael-Santarcangelo/] piece at CSO Online, [http://www.csoonline.com/article/2150825/security-leadership/why-you-need-to-pay-attention-to-how-people-use-your-systems.html] where he explains the importance of gathering good behavioral analytics to detect what's the latest Verizon DBIR claimed to be no. 1 threat vector: compromised credentials. Michael discusses what's new in the field of user behavior analy

2 min Phishing

Stolen passwords - the no. 1 attack vector

The latest Verizon DBIR 2014 report [http://www.verizonenterprise.com/DBIR/2014/]published last week is clearly showing that the use of stolen credentials became the most common attack vector in 2013. In our upcoming webcast [http://information.rapid7.com/catch-me-if-you-can-webcast-registration.html], Matt Hathaway [https://community.rapid7.com/people/mhathawa] and I will discuss how user-based attacks are becoming the no. 1 "threat action" (in Verizon's words) and how organizations can detect

1 min Internet Explorer

Are your users exposed to IE 0-Day? Find out who is still using IE in your organization

As many security professionals, you probably sent an email to your users in the last couple of days asking them NOT to use Internet Explorer as their browser in light of the latest IE Zero Day vulnerability [http://www.pcworld.com/article/2148368/new-internet-explorer-zero-day-puts-web-at-risk-and-xp-isnt-getting-a-fix.html] . However, you may be lacking visibility to user behavior, finding it hard to observe if users actually follow your guidelines and indeed stop using Internet Explorer as t

2 min Authentication

Are Your Users Heartbleeding?

As we figure out the implications of the OpenSSL Heartbleed Vulnerability (CVE-2014-0160), we are beginning to realize that due to the vast reach of the vulnerability, one of the largest impacts will be on your networked users.  We suggest you read about ways to protect yourself against Heartbleed here [http://information.rapid7.com/heartbleed-vulnerability-resources.html]. User accounts over web and cloud services may have been compromised and there is no way to have full visibility of thes

1 min Authentication

Can 800,000 individuals compromised at the French Orange breach put you at risk?

We just read about an attack on Orange France [http://www.zdnet.com/hackers-access-800000-orange-customers-data-7000025880/], where 800,000 people have potentially had their information compromised. The data that was accessed included names, mailing addresses, phone numbers, email addresses, customer accounts, and IDs. This could potentially trigger a domino effect of other companies being breached due to the personal data that the attackers acquired. There is a huge marketplace for selling p

2 min Authentication

New findings on Target breach - could monitoring privileges help?

The majority of today's breaches involve lost or stolen credentials, and this week Target confirmed [http://online.wsj.com/news/articles/SB10001424052702303973704579350722480135220] that this was also the case in their breach, discovered in December.  It seems stolen credentials associated with a third party vendor were used to enter the corporate network, and the attackers were then able to move stealthily through the IT environment to gain access to the point of sale system. Brian Krebs' i

1 min Authentication

Could a Frappuccino make you vulnerable?

It was recently published that Starbucks' app [http://www.starbucks.com/coffeehouse/mobile-apps/mystarbucks], a very popular mobile application for payment at Starbucks coffee shops saved customers' usernames, passwords and other personal information in plain text [http://money.cnn.com/2014/01/17/technology/security/starbucks-app-passwords/index.html] . That means that a hacker could have picked up a left-behind phone, plugged it into a laptop and easily recovered a Starbucks customer's passw

1 min Authentication

Target breach could now compromise your users

We have learnt yesterday about a new phishing campaign where fake Target breach notifications [http://www.net-security.org/secworld.php?id=16197] were sent by cybercriminals to a growing amount of people. The email tries to get the victims' attention with the title "Alert to Target Shoppers - your identity is at risk" in the subject line. The email contains a link, which takes users who it via a series of redirects to a page with a survey and offering a $1000 shopping voucher Sears/JCPenney/Kohl

1 min

Did Cloud kill your SIEM?

Like many organizations, you have a BYOD program. Like many organizations, your employees are switching to cloud services to gain better productivity and save on cost. Some of them don't even involve the IT department or even purchasing - they may subscribe to a 30 days trial and pay for the service using their corporate credit card. And how do you monitor these activities? How do you secure them? How do you make sure your marketing dept does not place all their yearly marketing plans with a ri