Before we go any further, a SIEM (Security Information and Event Management) is a device or software that collects logs from various sources and allows you to query them. Different software or devices focus on different ways to do this. Some require you to create your own reports and are extremely powerful, others have almost limitless canned reports and don’t require you to know much more than a web interface to interact with it. In both cases, you suddenly have access to a ton of data that allows you to correlate your firewall logs, server logs, and potentially any other log in your environment. This information can allow you to track down attackers and see odd behavior in your network.
The security of today’s information systems go far beyond the general protection measures that were once considered to provide ample security against intrusion. For many companies that are implementing new technologies one of the top priorities in today’s world is security. There are many different aspects that define the overall security of a company’s infrastructure, one of which is patch management.
It feels like all the heads in charge of these vendors loved the Six Million Dollar Man as a kid as that is how they position these products. Hyper-Converged Infrastructure (HCI) vendors tend to say that theirs is better, faster, smarter and they can rebuild our networks better than they ever were and requiring less support from IT staff.
In today’s world, we must make many choices when it comes to securing digital resources and users. With the speed at which the bad guys are developing new techniques, utilizing zero-day vulnerabilities, and jeopardizing on the human attack surface it is vitally important to create your own security fabric. How quickly are things changing you may ask?
Botnets are evolving and IoT is not being helpful. It’s been just over a year since we first saw Mirai, a botnet that took over IoT (Internet of Things) devices using a default password list of just over 60 and this is not the last time we will see a massive Botnet leveraging the lax security practices of many IoT device manufactures. The security research and firewall company Check Point has discovered a massive new Botnet known as “Reaper” which has been “evolving and recruiting IoT devices at a far greater pace and with more potential damage than the Mirai botnet of 2016”.
Many companies that have a series of branch offices or a staff that works remotely deploy what is known as a virtual private network or VPN. The primary purpose of a VPN is to allow business partners to communicate over a secure network from a remote location via IPsec or Internet Protocol Security. By using a VPN companies view this as one of the safest ways to link users together that are distributed across multiple locations.
Update: While there have been updates that BadRabbit has infected some US machines, it doesn’t seem to be as widespread as initially feared. This isn’t to mean that we should let our guards down. Continue to work with your end users to make sure they don’t click to update flash, except from Adobe’s site. Also, train them to be wary of updates that are not pushed down from either internal IT or their IT provider.
The cloud isn’t new. At some point, most companies will make the decision to move to cloud-based services. Moving your environment to the cloud can be a daunting undertaking. The first step in the process is deciding where to place those services. A managed service provider is a very good option to help your business move to the cloud. They can be the go-to solution for a single service or for your entire infrastructure.
Recovery Point and Recovery Time Objectives (RPO and RTO) are business defined targets related to the quantity of data and time lost in case of a disaster. RPO defines the goal related to the maximum amount of data (measured by change over time) that may be lost just prior to the disaster. RTO defines the approximate or maximum time until the data and/or systems can be accessible again in order to continue business operations. In most cases, RTO can be met and measured by the interval at which backups are taken. That is to say, if data is backed up every 15-minutes, no more than 15-minutes of data should be lost. Meeting and measuring RTO, however, is typically a much more difficult and costly endeavor.
Update: If you use Thrive Patching or you patched your windows machines last week, then you already are protected.
Yesterday came a new release of a Wi-Fi vulnerability in the name of KRACK or Key Reinstallation Attacks. This can be particularly bad if compromised, the attacker can see the traffic on your Wi-Fi network. The full paper from the writers is here: https://www.krackattacks.com
Let us break this down a little bit. Within the WPA2 protocol, there is a 4-way handshake. If one of those handshakes gets lost the access point resends it, assuming the packet got lost in transmission. By constantly asking for the 3rd packet in the handshake, the encryption key might be broken, which allows attackers to read the data that you are sending and receiving.