Feeds:
Posts
Comments

Posts Tagged ‘Security Management’

Hi Everyone!

This video special for those who did not able to come for the training

Enjoy and understand it ! =)

Stay tune for our MADP Technical Overview by E-SPIN video

For more information/inquiry, please do not hesitate to contact us or visit our website on http://www.e-spincorp.com

 

Read Full Post »

Cyber-Attack

Cyber security is the set of “measures taken to protect a computer or computer system against unauthorized access or attack. Therefore, it is highly critical for enterprises to have an in-depth cyber security strategy and plan in place in order to provide the maximum level of protection from cyber security risks at not just the network perimeter but also the application layer.

The first and oldest wave is nuisance hacking, in which there is little material impact to the company. A classic example is hackers defacing your company’s website. More serious and widespread is the second wave, which is hacking for financial gain.

As business has migrated to the digital world, criminals have, too. What has emerged is a sophisticated criminal ecosystem that has matured to the point that it functions much like any business—management structure, quality control, offshoring, and so on. This type of hacking now goes beyond blindly stealing customer credit card information or employee passwords. For example, hackers might target a company’s financial function in order to obtain its earnings report before it is publicly released. With such advance knowledge, they can profit by acquiring or dumping stock.

Protecting the business from cybercrime is one thing, but companies also must worry about a new type of risk—the advanced persistent threat. If you think the term sounds like it’s out of a spy movie, you’re not far off. This type of hacking is predominantly about stealing intellectual property and typically is associated with state-sponsored espionage. The motives go beyond financial gain. Experts may quibble about the specifics of this type of attack and whether it always has involved use of advanced techniques, but this is a serious and growing threat. It is not an understatement to say that what’s at risk is not only your intellectual property but possibly national security.

Protect business from cyber attacks

With so many risks, business leaders may be unsure of where to focus. In our experience, it is crucial to elevate the role of information security in the organization and emphasize the fact that it is not just a technology function. As a make-or-break business issue, it requires a leader who reports directly to a senior executive. The title of the person—chief security officer, chief information security officer, security director—isn’t what matters. Instead, it’s the ability of that individual to bring security issues to the C-suite and help the management team think and talk about how security affects every other business decision.

Effective security leaders consistently demonstrate the linkages between security and the company’s goals. They remind the rest of the management team that security is a strategic issue. In the survey, the Front-runner group emphasized this approach by citing client requirements as the driving force behind the company’s information security investments. The other respondents pointed to legal and regulatory requirements as the main justification for information security spending in their organizations.

An organization that embraces this mindset, for example, might engage the security leader and the sales leader, together, to consider how better information security can help close or speed sales. They might determine that having well-documented information security controls, processes, or certifications in place enables them to anticipate and address customer concerns immediately when or before the issue first is raised.

Some companies we work with find it effective to have security leaders embedded within each business unit. These individuals report to line-of-business heads and work directly with them to evaluate how security can support each group’s business goals.

Feel free to contact E-SPIN for any requirement related to CyberSecurity. E-SPIN have being worked with national cybersecurity authority, multinational corporation on the various CyberSecurity Center, Vulnerability Assessment Center, Security Operation Center, Vulnerability Assessment Lab setup, from supply, commissioning, maintenance, knowledge and technology transfer, main/sub contracting to managed services engagement.

Read Full Post »

Military Level Compliance Auditing

Paws Studio is the compliance auditing tool for workstations and servers which enables organizations to produce intelligent compliance reports.  It includes pre-defined policies for industry standards such as PCI, NERC, STIG and NSA and is fully automatable & customizable.
Titania’s latest release includes exciting new features which solve many of the issues associated with STIG (Security Technical Implementation Guide) audits

The STIG Converter has been inspired by feedback from our military customers. Organisations wanting to check their workstations and servers against the STIG compliance policy can now self-update the STIG definition file within Paws Studio using only the XCCDF & OVAL documents. Our programming team provides regular updates to the pre-defined policies, but this option gives organisations the security of knowing they are checking against the most up to date information possible.

The Manual Checking function has been updated so that reports are now able to produce a fuller view of compliance policies. Manual checks allow you to include the physical security aspects of compliance rather than just being able to assess registry checks against your compliance requirements. Now you can add a title, description and fix for physical security issues which are included in compliance policies, such as locking doors and disposing of documents. These will then appear in your compliance report, providing the organisation with a more thorough overview of your compliance status.

Plus you can still benefit from the classic features of the software:

With Paws Studio you can:

1.       Perform compliance audits through either remote network auditing or manual access to the audit data in secure environments
2.       Produce advanced and easy to action reports with comprehensive summaries
3.       Audit against pre-defined policies such as PCI, NSA, STIG and NERC
4.       Define your own customised policy to suit your organisation
5.       Write it into your current processes as it is fully scriptable

Feel free to contact E-SPIN and discuss on your audit compliance requirement.

Read Full Post »

Cybersecurity

In year of 2013, will absolutely reinforce the fact that traditional security measures are no longer effective in thwarting advanced cyberattacks. “Organizations and security providers need to evolve toward more proactive real-time defenses that stop advanced threats and data theft.”

Here are the top trends they should be paying attention to.

  • Active cyber defence measures-There will be an increased use of active cyber defence measures, especially in Government. For example, organisations under Distributed Denial of Service (DDOS) attack might take offensive measures against the attacker such as automatically shutting down a connection.Active defence takes on another level of sophistication within an IT organisation by dint of the fact that the company will have to have the rigor and structure in place to implement processes that will automatically shut down threats based on pre-defined business rules.Although products to protect against cyber attack have been available for years to automatically block or shut down traffic based on certain characteristics, organisations have been reluctant to use this capability.
  • Actionable Intelligence and The Insider Threat Enterprises such as financial services organisations will put greater emphasis on actionable information to help them identify who their attackers are.Expect to see more eCrimes perpetrated by insiders. This will lead to a greater use of behavioural analysis systems that sit on the network learning what is normal behaviour and what are anomalies.The Insider Threat should also prompt more intelligent use of physical access control.
  • Cloud-based Botnets — The ability to create vast, virtual computing resources will further convince cyber criminals to look for ways to co-opt cloud-based infrastructure for their own ends. One possible example is for attackers to use stolen credit card information to purchase cloud computing resources and create dangerous clusters of temporary virtual attack systems.
  • Search History Poisoning — Cyber criminals will continue to manipulate search engine algorithms and other automated mechanisms that control what information is presented to Internet users. Moving beyond typical search-engine poisoning, researchers believe that manipulating users’ search histories may be a next step in ways that attackers use legitimate resources for illegitimate gains.

Read Full Post »

SIEM

Most organizations face the same inherent challenges when dealing with security information and event management (SIEM): effectively balancing limited IT resources, ever-increasing supplies of log data, dealing with regulation compliance, and keeping staff training up-to-date. There are four best challenges that organizations should consider to achieve this balance:

  • Prioritize security information and event management appropriately throughout organizations—Organizations can define requirements and goals for performing logging and monitoring logs to include applicable laws, regulations, and existing organization policies. They can then prioritize goals based on balancing risk with time and resources needed to manage logs
  • Establish policies and procedures for security information and event management—Policies and procedures are beneficial because they ensure consistent approaches throughout organizations as well as ensure that laws and regulations are observed. Periodic audits can confirm that logging standards and guidelines are followed throughout organizations. Furthermore, testing and validating can properly ensure log management policies and procedures
  • Create and maintain robust security information and event management infrastructures—Having secure log management infrastructures aids in preserving the integrity of log data from accidental or intentional modifications or deletions and in maintaining confidentiality. It is also critical for creating scalable infrastructures for handling expected volumes of log data as well as peak volumes during extreme situations (e.g. widespread malware incidents)
  • Provide proper training for all staff with security information and event management responsibilities—While defining log management schemas, organizations must provide requisite training to relevant staffers regarding their log management responsibilities as well as skilled instruction on the resources necessary to support log management. This includes providing log management tools, tool documentation, technical guidance on log management, and disseminating information to log management staffers.

Read Full Post »

SIEM SOC

Next-generation SIEM and log management:

One area where the tools can provide the most needed help is in compliance. Corporations increasingly face the challenge of staying accountable to customers, employees and shareholders, and that means protecting IT infrastructure, customer and corporate data, and complying with rules and regulations as defined by the government and industry. Log management and SIEM correlation technologies can work together to provide more comprehensive views to help companies satisfy their regulatory compliance requirements, make their IT and business processes more efficient and reduce management and technology costs in the process.
IT organizations also will expect log management and intelligence technologies to provide more value to business activity monitoring and business intelligence. Though SIEM will continue to capture security-related data, its correlation engine can be re-appropriated to correlate business processes and monitor internal events related to performance, uptime, capability utilization and service-level management. The combined solutions provide deeper insight into not just IT operations but also business processes. In short, by integrating SIEM and log management, it is easy to see how companies can save by re-duplicating efforts and functionality. The functions of collecting, archiving, indexing and correlating log data can be collapsed. That will also lead to savings in the resources required and in the maintenance of the tools.

Read Full Post »

SIEM

Security information and event management (SIEM) is an approach to security management that seeks to provide a holistic view of an organization’s information technology (IT) security.

The underlying principle of a SIEM system is that relevant data about an enterprise’s security is produced in multiple locations and being able to look at all the data from a single point of view makes it easier to spot trends and see patterns that are out of the ordinary.

At the most basic level, a SIEM system can be rules-based or employ a statistical correlation engine to establish relationships between event log entries. In some systems, pre-processing may happen at edge collectors, with only certain events being passed through to a centralized management node. In this way, the volume of information being communicated and stored can be reduced.

SIEM systems collect logs and other security-related documentation for analysis. Most SIEM systems work by deploying multiple collection agents in a hierarchical manner to gather security-related events from end-user devices, servers, network equipment — and even specialized security equipment like firewalls, antivirus or intrusion prevention systems.

In order to provide the most complete security view, SIEMs generally require data from different types of devices and platforms such as switches, firewalls, routers, servers (Windows, Unix, Linux, etc.) and applications (databases, CRMs, SAP, Exchange, etc.). To allow the system to identify anomalous events, it’s important that the SIEM administrator first creates a profile of the system under normal event conditions.

SIEM systems are typically expensive to deploy and complex to operate and manage. While Payment Card Industry Data Security Standard (PCI DSS) compliance has traditionally driven SIEM adoption in large enterprises, concerns over advanced persistent threats (APTs) have led smaller organizations to look at the benefits a SIEM managed security service provider (MSSP) can offer.

Read Full Post »

What is SQL Injection?

sqlinjection

The most common type of hack attack seen these days, however, involves SQL injection. Attackers including hacktivists favor SQL injection attacks because they allow attackers to “inject” their own commands into databases.

When databases aren’t configured to properly screen inputs for signs of attack, attackers have an easy-to-use, remote technique for obtaining any information stored by the database. The specially crafted user data tricks the application into executing unintended commands or changing data.

SQL Injection allows an attacker to create, read, update, alter, or delete data stored in the back-end database. In its most common form, a SQL Injection attack gives access to sensitive information such as social security numbers, credit card number or other financial data.

What is a SQL Injection Attack?

A SQL Injection attack is a form of attack that comes from user input that has not been checked to see that it is valid. The objective is to fool the database system into running malicious code that will reveal sensitive information or otherwise compromise the server.

There are four main categories of SQL Injection attacks against databases

  1. SQL Manipulation: manipulation is process of modifying the SQL statements by using various operations such as UNION .Another way for implementing SQL Injection using SQL Manipulation method is by changing the where clause of the SQL statement to get different results.
  2. Code Injection: Code injection is process of inserting new SQL statements or database commands into the vulnerable SQL statement. One of the code injection attacks is to append a SQL Server EXECUTE command to the vulnerable SQL statement. This type of attack is only possible when multiple SQL statements per database request are supported.
  3. Function Call Injection: Function call injection is process of inserting various database function calls into a vulnerable SQL statement. These function calls could be making operating system calls or manipulate data in the database.
  4. Buffer Overflows: Buffer overflow is caused by using function call injection. For most of the commercial and open source databases, patches are available. This type of attack is possible when the server is un-patched

How to prevent SQL injection attacks?

An attacker uses SQL injection to manipulate a site’s Web-based interfaces and force the database to execute undesirable SQL code, enabling data manipulation and spreading malware. Organizations must not only build defenses and practice secure coding best practices, but also develop an in-depth understanding of how SQL injection attacks work and how the threat has evolved — the earlier SQL injection attacks didn’t have the vulnerability detection capabilities of contemporary attacks — as well as learn how to find, isolate and address webpages infected with malware on a website.

Defending Against SQL Injection Attacks

The good news is that there actually is a lot that web site owners can do to defend against SQL injection attacks. Although there is no such thing as a 100 percent guarantee in network security, formidable obstacles can be placed in the path of SQL injection attempts.

1. Comprehensive data sanitation.

Web sites must filter all user input. Ideally, user data should be filtered for context. For example, e-mail addresses should be filtered to allow only the characters allowed in an e-mail address, phone numbers should be filtered to allow only the characters allowed in a phone number, and so on.

2. Use a web application firewall.

A popular example is the free, open source module ModSecurity which is available for Apache, Microsoft IIS, and nginx web servers. ModSecurity provides a sophisticated and ever-evolving set of rules to filter potentially dangerous web requests. Its SQL injection defenses can catch most attempts to sneak SQL through web channels.

3. Limit database privileges by context.

Create multiple database user accounts with the minimum levels of privilege for their usage environment. For example, the code behind a login page should query the database using an account limited only to the relevant  credentials table. This way, a breach through this channel cannot be leveraged to compromise the entire database.

4. Avoid constructing SQL queries with user input. 

Even data sanitation routines can be flawed. Ideally, using SQL variable binding with prepared statements or stored procedures is much safer than constructing full queries.

Any one of these defenses significantly reduces the chances of a successful SQL injection attack. Implementing all four is a best practice that will provide an extremely high degree of protection. Despite its widespread use, your web site does not have to be SQL injection’s next victim.

Read Full Post »

Siem_System

ImmuneSecurity (now called Logpoint) proudly presents LogInspect™ version 5.1.1. This version contains numerous enhancements as well as some bug fixes.

The highlights for this release are:

  • Introduction of LI Lite for distributed collection of logs from remote locations.
  • Higher availability of logs from the main LogInspect can be made by creating a copy of a repo in the remote LogInspect.
  • Introduction of tenants for effective object management between various organizational units.

Enhancements

A selection of the major enhancements of LogInspect™ v5.1.1 is listed below in detail.

Devices and Collection

  • Logs can be forwarded into the system from different platforms using the Distributed Collector. This support is available for LI Lite at the moment.
  • IPv6 support is extended to the following collectors and fetchers: SNMP fetcher, sflow collector,FileInspect collector, SNMP trap collector and the netflow collector.
  • The CIDR IP address, is supported for all of the collectors.
  • Log parser’s pattern can be validated by checking against the example message.
  • SNMP fetcher works for leaf OIDs.

Search and Queries

  • Fields in search query can now be renamed.
  • Grouping constructs support “order by” syntax.
  • Inline list now supports, using whitespace enclosed by quotes.
  • Cmd + click (Ctrl + click) opens and displays the search result on a new tab.

Dashboard and User Interface

  • Growl position setting, can now be managed from preferences page.
  • Dashboard tabs are now moveable.

User Management

  • LDAP authentication supports three different login formats: “Sam Account Name”, “UID” and “DN”. This can be configured from “Advance LDAP Settings”.
  • SSL implemented for Directory Access Protocol (LDAP Strategy).
  • Username is now made non editable.

Correlation and Alert

  • Ownership of rules can be transferred to other users.

System and Performance

  • Critical security updates for the system can be applied by uploading the tested security patch and installing them.

Backup and Storage

  • Backup scheduling is made optional.
  • For backups, its now possible to apply a retention policy.

FileInspect

  • Windows events can now be collected, by using the “Windows Event Log Reader” checkmark, while configuring the FileInspect client.
Reporting
  • Queries in reports templates are now editable.

Bug Fixes

A selection of the major bug fixes of LogInspect™ v5.1.1 is listed below.

  • Netflow v9 now contains all available fields.
  • HTTPS certificate can now be applied, without rebooting the server.
  • Problem with configuration backup has been fixed.
  • Vendor dashboard can now be used through the “use action”.

Read Full Post »

Retina CS enables IT Security professionals to centrally manage organization-wide IT security – physical, virtual, mobile and cloud – from a single, web-based console. It is the only unified vulnerability and compliance management solution that integrates security risk discovery, prioritization, remediation, and reporting, which dramatically decreases the time and effort required to manage IT security. 

Retina Insight: Get actionable reporting, analytics, and trending across the vulnerability lifecycle via this powerful reporting engine, included with Retina CS at no additional cost.

– Configuration Compliance: A Retina CS Add-on Module: Simplify how you audit and report on common industry configuration guidelines and best practices.

– Regulatory Reporting: A Retina CS Add-on Module: Choose from Regulatory Reporting packs to automate how you navigate through the increasingly complex regulatory landscape.

– Patch Management: A Retina CS Add-on Module: Close the loop on vulnerabilities by providing integrated, automated, agent-less patching from a single console

Retina CS Dashboard

E- EYE SOLUTION SUITE

1. Retina Network Security Scanner

Identify known and zero-day vulnerabilities using the industry’s most mature and effective vulnerability scanning technology.

2. Retina.GOV
Rely on integrated end-to-end vulnerability and compliance management designed specifically for Government departments and agencies.

3. Retina Web Security Scanner

Rapidly and accurately scan large, complex websites and web applications to assess web-based vulnerabilities.

ADDITIONAL SECURITY PRODUCTS

1. Blink Endpoint Protection

Augment existing security products with integrated multi-layered endpoint protection in a single, lightweight client.

2. Iris Network Traffic Analyzer

See analysis and integrated forensics reporting on network security traffic.

3. SecureIIS Web Server Security

Ensure protection for Windows IIS Servers by preventing known exploits, zero day attacks, and other harmful web server traffic.

Retina CS from eEye provides a lot of functionality – beyond just vulnerability scanning – in an easy-to-use format. It is a great value for almost any environment.

As a sole Retina Solution distributor in the Asia-Pac region, Please feel free to contact E-SPIN for your inquiry and requirement, so we can assist you on the exact requirement in the packaged solutions that you may required for your operation or project needs.

Read Full Post »

Older Posts »