LOG REVIEW IS NOT SECURITY MONITORING

As attacker sophistication increases over time, techniques are adapted to circumvent cyber defenses. This makes securing your network and server infrastructure a challenging task. Not all attacks can be prevented but having proper detection countermeasures deployed is vital to any security strategy.

A cyber attack can occur to anyone on the internet. If you are unable to prevent a breach from a motivated attacker, active monitoring of your infrastructure is a critical security control to reduce the likelihood that the attacker will not go undetected.

A key goal for any organization should be to reduce attacker dwell time. Dwell time is the amount of time a malicious actor can operate inside an organization before their presence is completely eliminated. The longer the dwell time, the more opportunity an attacker has to conduct malicious operations within the target network.

That being said, the average dwell time for cyber attacks is not in minutes or hours, but it currently stands at an incredible 197 days, according to the 2018 Ponemon study on the cost of a data breach. This statistic indicates that there is a general failure on the part of many organizations in detecting and containing breaches. The massive Starwood/Marriott data breach which was reported in late 2018 had a dwell time of more than 4 years. Employing proper active threat monitoring systems can give an organization a better chance at detecting an attacker that has penetrated the perimeter.

A periodic approach to security monitoring, such as performing weekly log reviews or monthly security scans is a useless control for detecting a malicious actor. An active approach using automated intrusion detection techniques which trigger an incident response investigation should be utilized instead. During our penetration testing, we frequently find that our targets don’t notice our presence even when we start to brute force their applications or systems. One of our goals during a penetration test is to determine if our target has the necessary detective controls to determine if they are under attack. In a recent penetration testing engagement, the target organization did not react to our exfiltration of data although it was detected and logged by their intrusion detection systems.

Active intrusion monitoring can give a vigilant security team a clear insight into what is happening in their infrastructure and allows them to discover and tackle breaches early.

If your organization has an internet presence and deals with personal data, conducts e-commerce, or processes financial transactions, your organization is a likely target for hackers. Automated and targeted attacks occur every second on the internet, and active intrusion monitoring systems can give cyber defenders a chance at detecting a malicious actor that breaches the perimeter.

Smaller organizations have this misconception that hackers won’t find them enticing. But the reality is that these smaller organizations that provide services to larger organizations that may process or store valuable data are incredibly enticing to a hacker since smaller organizations may have less mature security controls and can be used as a pivot point into the larger organization with the valuable data. A large percentage of attacks are targeted on small to medium-sized organizations because they pose the least resistance. Essentially, small businesses can be at more risk than the larger organizations that they provide services.

The complexity and frequency of cyber attacks are increasing and cybercriminals pounce on important user and company data through vulnerable access points. Without active and vigilant security monitoring, attacks will not be detected and contained early. No matter the size or budget of the company, investment on active security monitoring can greatly reduce the impact of an attack.

/by

The Tech Advantage Series NYC – CyberSecurity’s Expanded Ecosystem

We are pleased to announce the launch of a series of panel and networking events under the banner of The Tech Advantage Series NYC with our partners Optimum PartnersPatterson Belknap Webb & Tyler LLP, and Cynertek Solutions.

The series is designed to provide technology and business executives with an opportunity to interact with seasoned experts on a variety of panels exploring the latest developments and hot topics in areas like Cyber Security, IT Infrastructure, Cloud Technology, Quality Assurance and more always with an eye not only on the tech side but also on the legal and human sides.

Each event will also give participants an opportunity to socialize and network while savoring a variety of curated menus designed to raise the bar of catering arrangements at NYC technology meetups.

Join us on April 4, 2019 for our next event to learn about today’s expanded cyber-security ecosystem and enjoy the opportunity to socialize and network with other like-minded technology and business leaders.

The impact of a third-party solution to a business’s security posture cannot be understated. Numerous security breaches can be attributed to weaknesses introduced using third-party solution. The use of third-party solutions can have an unintended impact to a business’s cyber-security ecosystem.

Likewise, federal and state regulators are increasingly focusing on third-party technology vendors and the part they play in cybersecurity programs, creating additional regulatory risk for businesses. Proper management and monitoring of third-parties are an essential security control for today’s modern business. We will explore topics such as third-party risk best practices, shadow IT management, vendor contracts, and impact of regulatory requirements.

The panel of subject matter experts include:

  • Tammy Durante Director of Risk Assurance, Fiserv (LinkedIn )
  • Jonathan Dambrot Founder, Growth CEO and Board Member(LinkedIn)
  • Charlie Miller – Senior Advisor, The Shared Assessments Program (LinkedIn)
  • Kade Olsen Associate, Patterson Belknap Webb & Tyler LLP (LinkedIn)
  • Paul Poh – Managing Partner, Radical Security (LinkedIn) – as moderator

The event will take place between 6:00 pm and 09:00 pm on April 4th, 2019 at the Board Room of Patterson Belknap Webb & Tyler LLP 1133 Avenue of the Americas, New York, NY 10036-6710

You can register HERE on EventBrite.

/by

Who is Radical Security

We are Radical Security! Over the decades, we have experienced some of the more interesting ups and downs in cyber security. Our experience spans 30 years in technology and security working for startups and Fortune 500 companies.

Our philosophy on cyber security is simple. If you don’t test your cyber defenses regularly, then your adversary will do it for you. And they will not be nice about it.

Over the decades, we have worked on a diverse range of highly technical security solutions such as designing sensors for early network intrusion detection systems, developing low-level network packet inspection software, building security collection infrastructure to monitor the internet, developing custom exploits to system and software vulnerabilities, monitoring dark web marketplaces for evidence of fraud, and countless other security systems.

We have deep experience with cyber security management including building secure software development programs, designing information security policies and programs, and managing compliance with industry standards such as PCINIST, or OWASP.

My own introduction into the world of cyber security was as a young systems programmer on November 3, 1988. While coding a new university authentication system and pondering the details of Kerberos authentication, the university system administrator asked that I assist in checking the Unix sendmail configurations on various Sun Microsystems workstations across campus. The previous evening, an internet worm had been unleashed and was causing quiet havoc. This month is the 30thh anniversary of the Morris Worm. Three decades ago, news of the worm was limited to academics and researchers. But the worm brought down the nascent internet as regional networks disconnected themselves to limit damage and protect themselves.

Fast forward to January, 2003, it is late into the evening and I was sitting in my lab testing a new intrusion detection sensor which I had been developing. While working with live internet traffic and debugging the IP decoder, the IDS cache begins to overflow. I insert a breakpoint to understand what was happening and I noticed an unexpected large number of inbound UDP traffic on port 1434. The unexpected packets became a nuisance to my work so I shutdown for the evening. The next day, reports circulated of widespread systems slowdowns and Internet congestion due to the SQL Slammer.

Today, things haven’t changed much. Applications continue to have security vulnerabilities, systems continue to be misconfigured, and organizations continue to delay deployments of security patches.

One thing that our diverse cyber security experience had taught us is that companies and organizations that rely on implementing the latest trends in cybersecurity are often lulled into the false believe that they understand their cyber security readiness.

A more radical approach is needed! Real cyber defence starts with great offense to understand the weaknesses in your organization.

/by