We apologize for the contemptuous comments directed toward the security community that our Twitter account posted on the evening of February 8th. Understandably, the security community is upset and troubled by this unprofessional behavior and we deeply regret it. What took place should not have happened and unfortunately cannot be undone. We wish to emphasize that these actions do not reflect our core values at Cygilant. We can promise that the actions we are taking will prevent circumstances like this from occurring again.
Seemingly, every week there are new security breaches reported; recently Uber and PayPal both announced that customer data may have been stolen by attackers. In the case of Uber, 57 million passengers’ data may have been leaked. Further, Uber also paid $100,000 dollars to the attackers and requested they sign non-disclosure agreements. This indicates that Uber may have intended to illegally withhold the breach from its customers. PayPal, on the other hand, identified a possible vulnerability in TIO Networks and reported that 1.6 million customer records may have been exposed. TIO Networks is a subsidiary of PayPal acquired in July that mainly processes utility bill payments at kiosk locations like Rite Aid. While the complete details of these breaches have not been disclosed these events continue to articulate the need for companies to evaluate their cybersecurity programs.
As you are coming back from the Thanksgiving weekend and looking forward to the holiday season with friends and family we wanted to take a moment to explain what we are thankful for at Cygilant.
As many know, security information and event management (SIEM); the part of a cybersecurity program that analyzes real-time events and alerts triggered by software or devices has been around quite some time. At Cygilant we have spent over a decade building a platform for analyzing SIEM data. It was not an easy task. As many in the security industry know, working with SIEM data is no small undertaking. So, to say we are very thankful for vendors and technologists that continue to develop and support SIEM is an understatement.
The first and most important action is to educate users of the systems. Most ransomware and cyber-attacks, in general, rely on a user taking an unintended action; commonly a user executes a seemingly normal but nefarious file. Because of this attack vector users should be wary of unsolicited emails, especially ones with attachments and links. To take this one step further users should know what types of files and operations commonly make changes to their systems. This will help them understand when changes are normal or something out of the ordinary is attempting to make changes. To name a few, for example, users of windows machines might want to investigate exe, msi, bat, or ps1 file types prior to executing them.
Chances are the content of this article traversed some wireless network prior to being displayed on the device you are using (or prior to being printed out for you hard copy purists). However, today we learned the WPA2 (WiFi Protected Access II), is vulnerable to key reinstallation attacks. For the past 14 years, WPA2 has been considered the industry standard for maintaining a secure wireless network for personal and enterprise connectivity. What makes this newly released vulnerability different than the recent security headlines is this attack is not leveraging unpatched software or a company’s implementation of technology. This attack actually exposes flaws in the protocol specification (standard) itself; meaning all implementations of the standard are (likely) also vulnerable.
Many business leaders feel as if IT security should be a service that's kept in-house. While it's true that internal employees do need to be able to take steps to ensure the safety of company data, there are a host of advantages to allowing an experienced outside company to take the reins.
So, what can your organization get out of outsourcing IT security?
1. Your team may not be experienced enough
Although your IT employees are obviously very talented individuals, there's a good chance that cybersecurity isn't their main focus. While these workers surely know a good deal about this topic, it may not be enough to stop an impending cyberattack.
When you're trying to protect your home computer from cyber threats, what do you normally do? You probably download the latest malware program and update your firewall.
But IT security at the corporate level is much more complicated, costly and time consuming.
"IT security at the corporate level is complicated, costly and time consuming."
After all, if it was easy to protect systems, IT criminals wouldn't have gained access to the Trump Hotel Collection and stolen credit card information from 70,000 individuals. The Australian Red Cross wouldn't have faced a cyber breach that resulted in hackers gaining access to 550,000 blood donors' personal information. And Anthem health insurance systems wouldn't have had to deal with the fall out of a breach that exposed the personal information of nearly 80 million people.
Companies can't sit back and react to cyber attacks. They must get in front of them by proactively monitoring IT threats.
While there are many reasons threat monitoring is (or should be) a key part of any successful business model, we've outlined two here.
1. Stay ahead of cybercriminals
"Businesses must stay ahead of cybercriminals by focusing on their security policies."
Cyber crimes won't decrease, and this should worry businesses. That's why it's critical companies increase their IT security measures so they can prevent devastating data breaches.
"We are facing an arms race in terms of [IT] security," said Derek Manky, Fortinet Global Security Strategist, according to CNBC. As cybercriminals continue to improve their arsenal, companies continue to fight day and night to stay one step ahead by developing their IT defense systems.
Each day IT equipment, servers, firewalls, and other hardware and software systems collect and store information in the form of logs. These logs are vast, and always contain a wealth of data that companies can use to analyze everything from how efficiently they are running their businesses to the state of their IT security.
While this information is critical, there's only one problem: It's often hard to decipher because, quite simply, there's just too darn much of it.
That's where log management tools come into play. Here are three major benefits of these tools: