The Security Detail

September 15, 2011  10:36 AM

Is Your Data Protection Defined By Your Budget?

Tony Bradley Tony Bradley Profile: Tony Bradley

When it comes to protecting your data and preventing information leaks, do you do what you should do, only what you are required to do, or just what you can afford to do? The answer to that question defines your data protection strategy and could be the deciding factor in just how secure your data is.

Zecurion–a leading provider of data loss prevention (DLP) tools, including the award-winning Zgate and Zlock–understands that the economy is having a significant impact on many companies, and that far too many are failing to adequately protect data simply because they feel they can’t afford it.

That is why Zecurion is offering its DLP and data encryption products for 80% off through the end of 2011. Zecurion products are already more affordable than competing DLP solutions, but now customers need only pay for a one year support agreement, and Zecurion will throw in the product license for free–saving the customer 80% off the normal cost of Zecurion’s products.

Here is the full press release from Zecurion:

Zecurion Introduces Limited-Time 80% Off Promotion for DLP Tools

September 01, 2011

New York

Zecurion understands that the global economy is in a slump and that many IT departments are faced with dwindling budgets and forced to cut corners. It also recognizes that protecting data and preventing information leaks are a top priority, and should not be overlooked to save a dollar.

Zecurion is doing its part with an economic stimulus plan to help companies proactively protect data without breaking the bank. From now, until December 31, 2011, Zecurion is offering its innovative, industry-leading data protection and data leak prevention (DLP) tools at 80% off. Customers simply pay for a one-year support plan for Zlock, Zgate, or Zserver, and Zecurion will throw in the software license for free.

Taking proactive steps to safeguard data and prevent leaks or exposure is significantly cheaper than facing the fallout when a data breach occurs. A data breach incident does irreparable harm to the reputation of the company, and may have legal and regulatory consequences as well.

With this Zecurion offer, organizations can do the right thing, and save 80% in the process. Companies can take advantage of this offer for any of Zecurion’s data protection solutions:

Zlock – an endpoint security DLP solution that provides IT admins the ability to secure, monitor, and control computer ports and external devices to enforce data security policies and prevent exposure of sensitive data.

Zgate – a network perimeter DLP solution that monitors all outbound traffic to ensure that confidential or sensitive data don’t get leaked across your network.

Zserver – secures and protects confidential information at the processing and storage level on corporate servers.

Contact Zecurion today to take advantage of this limited-time offer.

August 17, 2011  8:52 PM

Most Companies Ignore Security Best Practices

Tony Bradley Tony Bradley Profile: Tony Bradley

Security best practices aren’t generally elite, bulletproof security measures. On the contrary, security best practices is sort of a polite way of saying “this is the very least you can possibly do and still claim to be making an effort.” It is a bar for measuring information security success, but it is a very low bar that is set as a least common denominator.

Apparently that bar isn’t quite low enough for most. Venafi and Echelon One recently teamed up to survey 420 businesses and government agencies to determine how well they follow security best practices and found that more than 75 percent do not perform periodic security and compliance training.

Venafi CEO Jeff Hudson elaborated on the survey results in an interview with Infosecurity. “What was surprising was the poor state of training for those humans. Since humans are the weak link, they are not getting trained very well, and turnover is high, the problem only gets worse.”

KnowBe4, an information security training provider, echoes the findings of the Venafi / Echelon One survey. KnowBe4  claims many organizations are not investing in security training programs, and the result is a workforce that is more susceptible to phishing attacks and other security threats. 

A statement from KnowBe4 describes an experiment–the FAIL500 Project–conducted by the company. “KnowBe4 sent non-malicious simulated phishing emails to employees at more than 3,000 companies featured in the Inc. 5000; and at 485 of those firms, one or more employees clicked the email.”

Further study demonstrated that companies that conducted formal information security training significantly reduce the threat of this behavior–dropping the likelihood of a successful phishing attack by as much as 75 percent. Over time–with reinforcement–that percentage can be brought to virtually zero.

August 17, 2011  8:29 PM

Study Finds Users Naive and Complacent about Sharing Info Online

Tony Bradley Tony Bradley Profile: Tony Bradley

How careful are you about the information you share online? Do you take steps to protect confidential data like your Social Security Number or date of birth? Do you restrict access to sensitive personal information? If so, consider yourself lucky…or smart…or both.

A research study by BullGuard found that 42 percent of the respondents had posted their birth date online. The study also revealed that 18 percent have shared their phone number, 24 percent have posted their children’s names. Even more concerning–more than a third of those who use Facebook or Twitter admit to potentially alerting criminals to rob their homes by announcing to those social networks when they plan to be gone for a vacation or long weekend trip.

“Though this sort of information may seem harmless to share with others, much of it is commonly used as security questions when accessing an online bank or confirming identity over the phone,” says Claus Villumsen, internet security expert at BullGuard. “It’s also a bad idea to publicize the fact that you will be away for any period of time, especially if the house will then be empty, as this just gives more information to would-be thieves as to your whereabouts.”

BullGuard provides some basic precautions that you should consider to protect your personal information and use the Internet and social networks safely:

  • Never accept friend requests from people you don’t know, or who aren’t easily identifiable from associations with other friends.
  • Spend some time learning about the security measures available on sites like Facebook, and ensure that posts and photos aren’t available to everyone. It’s often easy to restrict information to friends, or friends of friends, though the former is obviously more secure as you can’t guarantee that others will be as vigilant in whom they allow to read their posts.
  • Strip out any personal details from a profile that don’t really need to be there – for example pets’ names, addresses, maiden name and date of birth. This is particularly important if you use services that request this sort of information to confirm your identity, have been used as a security question in the event of a password being forgotten or are used to log into a web site. 
  • Ensure that any passwords used for important sites or services bear no clear relation to any hobbies or interests you may have, as a would-be thief may try common words linked to these subjects when attempting to guess a password.
  • Be sure to log out securely at the end of each session, and where possible use a secure login if you are accessing a site away from home. On public computers, the next user may be able to access your account and gather information at their leisure.
  • Be wary of engaging in a conversation with people you don’t know, and particularly so if they start to ask for personal information or other sensitive details. It’s usually fairly easy to block these users to avoid being bothered by them again. 
  • Avoid storing any sensitive information, such as bank numbers, credit card details and passwords in email accounts or documents on a computer. It may serve as a handy reminder, but could be disastrous if it were to fall into the wrong hands.
  • Where possible use a pseudonym to identify yourself on sites where using a real name is not required. This will help prevent a third party from tracking down information to a named individual. 

August 16, 2011  5:20 PM

IE9 Best at Protecting Against Socially-Engineered Malware

Tony Bradley Tony Bradley Profile: Tony Bradley

NSS Labs recently tested all of the current (or at least current at the time) Web browsers to see how well each detects and prevents socially engineered malware attacks.

The NSS Labs press release about the study explains:

Socially engineered malware (SEM) remains the most common security threat facing Internet users today, claiming one third of internet users as victims. These attacks pose a significant risk to individuals and organizations by threatening to compromise, damage, or acquire sensitive personal and corporate information. European and American users have found themselves particular targets of malware authors over the last 12 months. North America has consistently been the primary host of malicious URLs, while users in Asia have been victims of the greatest number of malicious URLs.


Cybercriminals are taking advantage of the implied trust relationships inherent in social networking sites (Facebook®, MySpace™, Badoo, StudiVZ, Skyrock, LinkedIn®, renren, Kaixin001 (a.k.a. Happy Net), 51, Multiply, Cyworld, Orkut, Mixi, etc.) and user-contributed content (blogs, Twitter™, etc.) which allow for rapid publishing and anonymity. Furthermore, the speed at which these threats are “rotated” to new locations poses a significant challenge to security vendors.

NSS Labs found, “With a unique URL blocking score of 99.9% and over-time protection rating of 99.2%, Internet Explorer 9 was by far the best at protecting against socially-engineered malware.”


Click here to download the full Web Browser Security Comparative Test Report against Socially-Engineered Malware and get all the details.

August 8, 2011  10:04 AM

Modern Security Threats are More Like a War Than an Attack

Tony Bradley Tony Bradley Profile: Tony Bradley

The key to understanding how to deal with a modern security threat is to stop thinking about it as an attack.  An attack is a short-lived event with a clear beginning and end. Threats are more like war —ongoing conflict without a fixed timeline or known endpoint. During war, front-line defenses are imperative to repel assaults because not only will your enemy attack, they will be employing intelligence, communications, and logistics to do so. Many wars have been won by intercepting enemy intelligence, disrupting enemy communications, and destroying the enemy’s logistics capabilities.

If you want to win a cyber war, just like if you wanted to win a physical war, there are several important factors. Planning is your first priority, but also important is flexibility. You must be able to adapt as quickly as your enemy. It’s no secret that many wars have been lost due to an inability to adapt. When you begin thinking about modern network security threats as a war and not an attack, you will find that it requires a continuous, ongoing process – not an individual defensive action – to be successful in dealing with them. There are three phases to mitigate your way through a war of this nature: Discovery, Investigation, and Remediation. Your speed and efficiency in moving through this “Integrated Threat Management Cycle” will decide your fate.

When you don’t know what you don’t know, you are in the discovery phase. In a sense, you should always maintain a discovery posture because you will never know everything about the enemy’s tactics or the nature or state of the threat. In some cases, there will be no specific intelligence to apply to the discovery process and in other cases, you may have external indications. For example, you may be able to obtain intelligence about the tactics and techniques that your enemy has used against organizations in your industry segment from industry trade groups, peer organizations, or government agencies.  And in some cases you may have specific, directly applicable intelligence. You may have information about the command and control communications behavior of endpoints that have been compromised by a threat that successfully targeted your organization on the past.

Once you feel you can accurately identify threats using threat intelligence, you are ready to move into the investigation phase. Your main focus here is to capture, store, and analyze information about the threat. If you do not have threat identification rules set in place to monitor your networks, this will be your first objective in the investigation phase. Once you can detect a network session violating threat identification rules, a huge amount of information about that violating session is stored and can be displayed, analyzed. Advanced threats leave what I like to call trails on your network. This phase is where you will need to “follow the trails”.

Once you are confident you can identify the threat’s network behavior with high accuracy, you are ready to launch a coordinated remediation campaign. Prevention is your goal here and you must learn to block any target behaviors with the same accuracy with which you detected it. This enables you to change from a monitoring posture to a prevention posture.

Now that you are approaching security threats like a war, you are sure to be more prepared and ultimately, better able to deal with anything that comes your way.

By Kurt Bertone, Vice President and Security Strategist at Fidelis Security Systems

August 4, 2011  11:27 AM

Penetration Testing for Mobile Phones with Core Impact v12

Tony Bradley Tony Bradley Profile: Tony Bradley

Threats are everywhere, and increasingly so are the users. Notebooks and netbooks already started a trend toward a more mobile workforce, and smartphones and tablets are taking the trend to the next level. The problem is that IT and security admins don’t have the tools necessary to prevent attacks and protect mobile devices in many cases. Core Impact v12 may change that.

Core Security Technologies announced the first security test and measurement solution that safely replicates sophisticated real-world attacks against popular smartphones to meet the demands of enterprises to lock down their mobile infrastructures. CORE IMPACT Pro v12  penetration testing software can pinpoint security holes in Android, BlackBerry and iPhone mobile devices to help prevent the theft and compromise of sensitive enterprise data stored on or accessible through them–including phone call and SMS information, contacts and GPS location data.

“With budget cutbacks, many companies are discontinuing the supply of company-issued cell phones and allowing employees to use their personal devices to connect to the system. It is inevitable that we are, as a society, continuing to become a fully dependent mobile world with a variety of devices at our fingertips,” said William R. Whitney III, operations and technical services manager, Garland Power & Light Operations.  “With Core’s new mobility testing feature, we can now feel a little sense of security with employees using their personal devices, and have the data to prove whether or not the devices are secure.  Core is on the right track because they value my opinions and that helps to provide the technology I need to in order to effectively protect a public utility.”

August 1, 2011  1:16 PM

Microsoft Security Response Center (MSRC) Progress Report

Tony Bradley Tony Bradley Profile: Tony Bradley

Microsoft released the annual Microsoft Security Response Center (MSRC) progress report today. This paper provides a behind-the-scenes look into some of the work the MSRC team has done over the past year.


Specifically, the report highlights:

·         Data from the Microsoft Exploitability Index, including a breakdown of the ratings numbers since the Index launched in October 2008 and analysis of how the Exploitability Index can help reduce the need to urgently deploy some security updates.

·         Updates to the Microsoft Active Protections Program (MAPP), including testimonials from MAPP partners.

·         Behind-the-scenes look into Microsoft Vulnerability Research (MSVR), including how the company investigates third-party vulnerabilities and coordinates the release of security updates.

·         A summary of the announcements made about Coordinated Vulnerability Disclosure (CVD) over the past year, including customer testimonials about CVD.

July 31, 2011  10:34 PM

Experts Warn of Threat from Stuxnet Variants

Tony Bradley Tony Bradley Profile: Tony Bradley

Stuxnet was a highly targeted worm seemingly developed by the United States and/or Israel with the specific intent of disrupting the Iranian nuclear program. Unfortunately, the genie is out of the bottle, and now the techniques used in Stuxnet are available to any script kiddie–placing the critical infrastructure of the United States, and power and manufacturing facilities around the world at risk.

The worm’s source code has also been leaked online by members of the hacktivist group Anonymous. Security experts warn that the code could serve as the foundation for future variants. “With the growing public body of knowledge on Stuxnet, the risk increases that these more capable for-hire teams’ efforts may be informed by the Stuxnet design,” Kurt Baumgartner, a senior security researcher at Kaspersky Lab, told Threatpost.

To read more about the threat from Stuxnet variants, read the rest of this ThreatPost blog post.

July 31, 2011  10:28 PM

Congress Wants ISPs to Retain Data for 12 Months

Tony Bradley Tony Bradley Profile: Tony Bradley

Do you want your ISP to keep records of when you are online, and/or the sites you visit while you’re there? They do. There are a variety of reasons–some better than others–for why an ISP might need this information in the short term, but a bill making its way through Congress would compel ISPs to keep the data for a full year.

A ThreatPost blog entry explains:

“The bill was introduced with the purported intention of protecting children from online pornography, but it has become a lightning rod for privacy advocates and security experts who have decried the data-retention provision. Under the language currently in H.R. 1981, ISPs would be required to store the IP addresses assigned to each subscriber for 12 months. The idea behind this section is “to assist federal law enforcement in online child pornography and child exploitation investigations”, according to the committee.”

Click here to read the entire post with more explanation.

July 31, 2011  10:23 PM

Best Practices to Prevent Data Breaches

Tony Bradley Tony Bradley Profile: Tony Bradley

Major companies and government agencies–companies and government agencies we rely on to protect our networks, our data, and our nation–are being hacked left and right in recent months. It may seem futile, but all is not lost.

Small and medium businesses in particular, though, need some simple guidance. The lack of budget, or a dedicated IT department make securing the network and protecting data that much more difficult.

A recent PCWorld article says, “The Web safety and online identity protection experts at and helped put together a list of ten different data and privacy breach scenarios, along with suggestions and best practices to avoid them.”

Read Ten Best Practices to Prevent Data and Privacy Breaches to learn more.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: