I have a confession to make. The first five years of my adult work life were spent in fast food management – and I enjoyed it. I learned many life lessons in that time that are still carried with me today. What, you may wonder, does any of that have to do with the world of cyber security? Read on.
One of the most important areas I received training on during my fast food management indoctrination was customer and employee safety. Aside from sanitation and health concerns, the ability to quickly and safely evacuate during a fire emergency (flash oil fires are not fun!) was one area where I had to maintain a constant vigil. This led to one of the golden rules – Boxes piled up are a fire hazard.
New information about the Advanced Persistent Threat (APT) is hitting media headlines every day. In just the last few months alone, we have read horror stories of sophisticated malware like Duqu2 (which uses a kernel mode exploit to load its kernel mode component), targeted attacks against NATO members and the White House termed Operation Pawn Storm (which attracted massive media attention in April), and Equation Group, the well-known, possibly government-sponsored advanced threat group, that gained mass attention in February.
How many of you can accurately predict the attack vector used in the next major breach?
There are a lot to choose from right? An attempt to breach your organization may involve a well-crafted spear-phishing campaign with a malicious attachment or a link to a site hosting malicious content. It might be a drive-by on a prominent website your users frequent. It could be that flash drive shared with a friend and then inserted into your work computer. It could be a malicious object copied across one of the many network file shares in your organization. It could also be an intruder taking advantage of a vulnerability and using it to create a pathway into your organization.
The bottom line is, we can’t predict where or how the next breach will occur, and unless your cyber-security Kung Fu skills are like Bruce Lee’s at handling attacks from any source involving any number of unknown opponents, you’re going to need some help dealing with the problem.
A few days ago I was having a conversation with a customer I’ve known for a number of years when the subject of recent big name vulnerabilities came up. Shellshock, Heartbleed, Venom and, most recently, the Diffie-Hellman 512-Bit Export Key issue. We were discussing the challenge these items present to both vendors and customers because of the numerous hardware and software elements contained versions of the vulnerable software. As our conversation progressed, a theme began to emerge — the problem for customers primarily rests in the fact that these portions of the security stack are often acting as compensating controls for some other issue that can’t be fixed yet – or fixed at all. Too often these were compensating for a lack of budget, time or capability inherited from the original technology causing the problem.
Today we announced the expansion of the Lastline Breach Detection Platform to bridge network and endpoint security with new host breach verification features. Combined with existing network breach verification, the new endpoint breach verification tools and integrations will give SOC operators, incident responders, security management and MSSPs a unified, comprehensive and timely view into indicators of compromise (IOCs) across networks and endpoints. This makes detection and response to breaches faster and more focused.
host breach verification,
Structured Threat Information eXpression,
As I took on a global manager role these past few years, I have had to evaluate different solutions that would help my team do their job better. Quite the reversal from being the vendor wanting to show prospects the solution I sell and proving to them it will meet their requirements. I have learned several lessons from this experience, one of which is that robust integrations with a rich API are a cornerstone requirement – this allows me to choose Best of Breed in each solution area I invest.
At last night’s 11th Annual Info Security 2015 Global Excellence Industry Awards banquet, we brought home one gold and three bronze medals. What a great way to kick of this year’s RSA show!
Most notably, our team was named the “Gold Winner” for the Most Innovative Security Product (Software) of the Year category. With a founding team that holds over a decade of experience researching threats in the cyber security space, it’s an honor to be recognized for what the company has been able to accomplish thus far.
An Extinction Level Event occurs when something rapid and cataclysmic happens upsetting the natural order of things to such a degree that species are not able to adapt quick enough and die off in rapid fashion. In the natural world, these events are rare with only five major extinction events recorded in Earth’s history – and some scientists claim we are now in a sixth major extinction event. However, the cyber world is evolving at a much faster pace. Moore’s Law describes the exponential rate of computing power and how it increases every two years. Right along with these increases in sheer computing power have come advances in both information security capabilities and methodologies used by advanced threat groups to thwart those gains. In technology we expect rapid extinction cycles — and we are on the verge of witnessing another cyber security extinction level event now.
Malware Sandboxing Analysis,
Verizon’s annual Data Breach Investigations Report (DBIR), has become one of the most anticipated information security industry reports of the year. Now in its eleventh year, the 2015 DBIR continues the tradition of analyzing threats and vulnerabilities that lead to some of the largest security incidents of the past year and quantifying the impact on those organizations affected.
Verizon's security researchers compiled data from nearly 80,000 security incidents and more than 2,000 data compromises from 61 countries. Contributions from several forensics firms, government agencies, and security researchers, including Lastline Labs, help to provide detailed findings on 2014 incident and make this one of the most collaborative, data-driven information security reports available.
Lastline is honored to be included in this comprehensive report that helps to drive continuous action and improvement throughout the entire security community year after year.
You can download the full 2015 Verizon Data Breach Investigations Report here.
2015 Data Breach Investigations Report,
I am sure everyone remembers the TV Game Show, The Weakest Link, where host Anne Robinson in the end would notify the team member who answered the most questions incorrectly during the round that they were “The Weakest Link – Goodbye!” and repeat the process until there was a winner.
As security practitioners, we must constantly assess where our weakest links are within our operational workflow. This is a continuous evaluation, and designating a weakest link only means you have identified an area that currently requires more focus and refinement to get the best possible results.