Data loss prevention has become increasingly more important over the past few decades. Access to information systems that contain confidential, private and proprietary data are vulnerable on many fronts. Data loss prevention (DLP) can be thought of as a preventative measure aimed at stopping data leakage. Gone are the days when physically taking copies of […]
The post How to Secure Data With A Data Loss Prevention Prevention Plan appeared first on InfoSec Resources.
Posted by SEC Consult Vulnerability Lab on Feb 21We have published an accompanying blog post to this technical advisory with
Cyber security breaches were twice as severe in the past year, with total financial losses reaching $500,000 (£356,00) per business, according to an extensive survey of CISOs across the globe.…
Public cloud computing has evolved into a mainstream solution for data storage, on-demand service, and infrastructure. Garter forecasts the total revenue from worldwide public cloud services to reach $305.8 billion by 2018 and hit the point of $411.4 billion by 2020. It is only natural that penetration testing, a cornerstone of corporate security, is on demand, as […]
The post Public Cloud Penetration Testing from the Customer Viewpoint appeared first on InfoSec Resources.
Endpoint detection and response solutions (EDR) are predicted to become a key security technology by 2020, with 80 percent of large organizations, 25 percent of midsize organizations, and 10 percent of small organizations investing in them. Demand for incident response tools that offer early visibility into advanced threats will fuel the EDR market growth, with expectations of a CAGR of 45.27 percent from 2015 through 2020.
The EDR market is already booming, having grown from $238 million in 2015 revenue to about $500 million in 2016. By 2020, it’s going to be a billion-dollar market and could even match the $3.2 billion (2015) endpoint protection platform (EPP) market.
Despite the rapid growth in the EDR market, these preventative controls are still out of the reach of mid-size and small organizations. As EDR requires dedicated security operations center (SOC) teams to manually investigate alerts, the high cost barrier is something that only large organizations can currently overcome. Or is it?
Fighting Alert Fatigue
EDR solutions have emerged from the premise that it’s impossible to prevent all threats, meaning their purpose is to minimize dwell time of an infection while also reducing the amount of damage it can cause. However, managing the number of security alerts for potential threats can be overwhelming for any under-resourced IT team. Because of that, investigation decisions may end up being either ill-informed or based on summary judgements. This broad strokes approach can lead to full network compromise, especially if traditional EDR is not properly managed or used to its full potential.
Since EDR agents often come installed on top of existing EPP agents and other security technologies, such as SIEM, IDS and IPS, security teams are often bombarded with up to tens of thousands of alerts coming from multiple security consoles, making prioritization nearly impossible. Instead of increasing visibility and raising the overall security posture of the organization, this fragmentation and segregation of security consoles only makes security more cumbersome.
EDR should be about having a single agent and a single management console, and only focusing on really important security events, instead of spreading human resources thin. After all, EDR should enable your security “SWAT team” to focus on truly important tasks, and not just chase ghosts and put out fires.
EDR for Everyone
Advanced threat hunting capabilities enabled by EDR agents require alert prioritization and manual investigation by dedicated teams, something that drives costs up beyond the initial purchasing and deployment price. The key to having an EDR solution for everyone lies in detecting advanced attacks using built-in intelligence in the endpoint agent. This lets admins focus solely on specific elusive and advanced threats that have crossed the other layers of prevention, and prevents them from wasting time on false positives. This enhanced security operation enables automated triage of truly important security events, and doesn’t require a full-time dedicated team of security specialists to investigate each and every event or anomaly.
Incident visualization and investigation are also greatly simplified, as detected elusive threats are presented in a comprehensive fashion, with all contextually relevant information, so that the admins can assess the impact of the threat in seconds. This directly translates into swift incident response tactics that enable admins to use surgical precision to remediate the elusive threat by deleting or quarantining it, containing spread.
This type of evolved prevention, which even comes with the ability to fine-tune the protection level of controls from incident response workflows, helps reduce incident response costs by focusing on truly significant alerts. Unlike traditional EDR, which is usually noisy and overburdens already under-resourced IT teams, a smart EDR solution designed to bring the same early detection capabilities but with pinpoint accuracy is within the reach of any organization, regardless of size, vertical, or IT team size.
It’s the Last 1 Percent of Attacks You Should Worry About
Layered security solutions are doing a great job at detecting, preventing and mitigating close to 99 percent of all threats. However, the last 1 percent – or less – are usually the type of sophisticated attack that flies under the radar. The final frontier in cybersecurity involves having the capability of accurately identifying these elusive threats.
The value of EDR for everyone should lie in its ability to fully integrate with your EPP solution, while enabling IT admins to have a holistic view of the security status of the entire infrastructure. This last 1 percent of attacks is not only elusive, but the attacks can also hide behind background noise generated by trivial security incidents, which is why IT admins need the ability to focus on real dangers and problems by preventing, investigating, detecting, and responding to advanced threats effectively and promptly.
About the author: Liviu Arsene is a Senior E-Threat analyst for Bitdefender, with a strong background in security and technology. Reporting on global trends and developments in computer security, he writes about malware outbreaks and security incidents while coordinating with technical and research departments.Copyright 2010 Respective Author at Infosec Island
An extraordinary 43 per cent of all attempted online account logins are malicious, Akamai claims in its latest internet security report.…
Your smartphone is even more valuable than your wallet. If stolen or compromised, its contents can be used against you; if there is work-related information on there, it can also damage your job. That’s why it’s crucial you keep it safe from thieves and spies (as well as malware). To help, here are the top […]
Posted by Stefan Kanthak on Feb 20Hi @ll,
Posted by Stefan Kanthak on Feb 20"Jeffrey Walton" <noloader () gmail com> wrote:
Posted by Apple Product Security on Feb 20APPLE-SA-2018-02-19-4 watchOS 4.2.3
Posted by Apple Product Security on Feb 20APPLE-SA-2018-02-19-3 tvOS 11.2.6
Posted by Apple Product Security on Feb 20APPLE-SA-2018-02-19-2 macOS High Sierra 10.13.3 Supplemental Update
Posted by Apple Product Security on Feb 20APPLE-SA-2018-02-19-1 iOS 11.2.6
Posted by Vangelis Stykas on Feb 20There is also a blog post about that on:
Posted by cr0hn on Feb 20Dear colleagues,