1 min
Gartner calls for rebalancing security budgets: invest more in detection vs. prevention
In his talk last week at the 2014 Gartner Security and Risk Management Summit
[http://www.gartner.com/technology/summits/na/security/], Gartner Analyst Neil
McDonald [https://www.gartner.com/AnalystBiography?authorId=7299] said that when
targeted attacks are considered, traditional technologies like firewalls,
intrusion detection and prevention systems (IDS/IPS) and anti-malware tools fail
in detection. That is because it's hard to use them to detect attacks that
nobody has seen before, hence ha
4 min
Verizon DBIR
The Verizon Data Breach Report - 9 Key Takeaways
Last week I hosted a webinar
[https://information.rapid7.com/9-takeaways-to-verizon-dbir.html?CS=blog] with
Nicholas J. Percoco [http://en.wikipedia.org/wiki/Nicholas_J._Percoco], VP of
Strategic Services at Rapid7, where we discussed the latest Verizon DBIR
[http://www.verizonenterprise.com/DBIR/2014/?gclid=CjgKEAjwkpacBRCNlprWw-u-nBwSJACwHiw-X46Zj-f8csREBvHnZe5veidKY2VulnOYLHPbJwa7f_D_BwE]
. This year's report, as always, is recommended reading for any security
professional as it's probably t
3 min
InsightIDR
New UserInsight Features: Insight into endpoints, User impersonation and Attackers covering their tracks
As user-based attacks become the most common attack vector, the need to identify
abnormal user behavior as an indication of an attack is growing. We'd like to
share with you some new features that we're releasing in the upcoming weeks
which enhance UserInsight's capability to detect and investigate attacks.
Attacker gets busted covering his tracks
You can't get good visibility to user behavior unless you have good visibility
to activity on endpoints. That's why UserInsight scans every endpoint
1 min
Pay attention to how people use systems: UserInsight in the news at CSO Online
We're excited to be included in Michael Santarcangelo's
[http://www.csoonline.com/author/Michael-Santarcangelo/] piece at CSO Online,
[http://www.csoonline.com/article/2150825/security-leadership/why-you-need-to-pay-attention-to-how-people-use-your-systems.html]
where he explains the importance of gathering good behavioral analytics to
detect what's the latest Verizon DBIR claimed to be no. 1 threat vector:
compromised credentials. Michael discusses what's new in the field of user
behavior analy
2 min
Phishing
Stolen passwords - the no. 1 attack vector
The latest Verizon DBIR 2014 report
[http://www.verizonenterprise.com/DBIR/2014/]published last week is clearly
showing that the use of stolen credentials became the most common attack vector
in 2013. In our upcoming webcast
[http://information.rapid7.com/catch-me-if-you-can-webcast-registration.html],
Matt Hathaway [https://community.rapid7.com/people/mhathawa] and I will discuss
how user-based attacks are becoming the no. 1 "threat action" (in Verizon's
words) and how organizations can detect
1 min
Internet Explorer
Are your users exposed to IE 0-Day? Find out who is still using IE in your organization
As many security professionals, you probably sent an email to your users in the
last couple of days asking them NOT to use Internet Explorer as their browser in
light of the latest IE Zero Day vulnerability
[http://www.pcworld.com/article/2148368/new-internet-explorer-zero-day-puts-web-at-risk-and-xp-isnt-getting-a-fix.html]
.
However, you may be lacking visibility to user behavior, finding it hard to
observe if users actually follow your guidelines and indeed stop using Internet
Explorer as t
2 min
Authentication
Are Your Users Heartbleeding?
As we figure out the implications of the OpenSSL Heartbleed Vulnerability
(CVE-2014-0160), we are beginning to realize that due to the vast reach of the
vulnerability, one of the largest impacts will be on your networked users. We
suggest you read about ways to protect yourself against Heartbleed here
[http://information.rapid7.com/heartbleed-vulnerability-resources.html].
User accounts over web and cloud services may have been compromised and there is
no way to have full visibility of thes
1 min
Authentication
Can 800,000 individuals compromised at the French Orange breach put you at risk?
We just read about an attack on Orange France
[http://www.zdnet.com/hackers-access-800000-orange-customers-data-7000025880/],
where 800,000 people have potentially had their information compromised. The
data that was accessed included names, mailing addresses, phone numbers, email
addresses, customer accounts, and IDs.
This could potentially trigger a domino effect of other companies being breached
due to the personal data that the attackers acquired. There is a huge
marketplace for selling p
2 min
Authentication
New findings on Target breach - could monitoring privileges help?
The majority of today's breaches involve lost or stolen credentials, and this
week Target confirmed
[http://online.wsj.com/news/articles/SB10001424052702303973704579350722480135220]
that this was also the case in their breach, discovered in December. It seems
stolen credentials associated with a third party vendor were used to enter the
corporate network, and the attackers were then able to move stealthily through
the IT environment to gain access to the point of sale system. Brian Krebs' i
1 min
Authentication
Could a Frappuccino make you vulnerable?
It was recently published that Starbucks' app
[http://www.starbucks.com/coffeehouse/mobile-apps/mystarbucks], a very popular
mobile application for payment at Starbucks coffee shops saved customers'
usernames, passwords and other personal information in plain text
[http://money.cnn.com/2014/01/17/technology/security/starbucks-app-passwords/index.html]
.
That means that a hacker could have picked up a left-behind phone, plugged it
into a laptop and easily recovered a Starbucks customer's passw
1 min
Authentication
Target breach could now compromise your users
We have learnt yesterday about a new phishing campaign where fake Target breach
notifications [http://www.net-security.org/secworld.php?id=16197] were sent by
cybercriminals to a growing amount of people. The email tries to get the
victims' attention with the title "Alert to Target Shoppers - your identity is
at risk" in the subject line. The email contains a link, which takes users who
it via a series of redirects to a page with a survey and offering a $1000
shopping voucher Sears/JCPenney/Kohl
1 min
Did Cloud kill your SIEM?
Like many organizations, you have a BYOD program. Like many organizations, your
employees are switching to cloud services to gain better productivity and save
on cost. Some of them don't even involve the IT department or even purchasing -
they may subscribe to a 30 days trial and pay for the service using their
corporate credit card.
And how do you monitor these activities? How do you secure them? How do you make
sure your marketing dept does not place all their yearly marketing plans with a
ri