This week, Cygilant announced its latest service available via the SOCVue Security Operations and Analytics Platform – Unified Vulnerability and Patch Management. Why is this unique and why is it important?
Have all of your Mac users installed the MacOS 10.13.2 patch to fix the Spectre and Meltdown vulnerabilities? Do you have an easy way to find out? How about proof to show an auditor?
As you are coming back from the Thanksgiving weekend and looking forward to the holiday season with friends and family we wanted to take a moment to explain what we are thankful for at Cygilant.
As many know, security information and event management (SIEM); the part of a cybersecurity program that analyzes real-time events and alerts triggered by software or devices has been around quite some time. At Cygilant we have spent over a decade building a platform for analyzing SIEM data. It was not an easy task. As many in the security industry know, working with SIEM data is no small undertaking. So, to say we are very thankful for vendors and technologists that continue to develop and support SIEM is an understatement.
The first and most important action is to educate users of the systems. Most ransomware and cyber-attacks, in general, rely on a user taking an unintended action; commonly a user executes a seemingly normal but nefarious file. Because of this attack vector users should be wary of unsolicited emails, especially ones with attachments and links. To take this one step further users should know what types of files and operations commonly make changes to their systems. This will help them understand when changes are normal or something out of the ordinary is attempting to make changes. To name a few, for example, users of windows machines might want to investigate exe, msi, bat, or ps1 file types prior to executing them.
As regular readers of the EiQ blog know, we’re suspicious of the Internet of Things (IoT), the massive collection of Internet-connected devices that don’t fall into the traditional “computer” category. From “smart” energy meters, to in-car technology, to Internet-connected home appliances, the IoT is an incredibly broad spectrum of technologies that can gain value – in some cases, significant value, in other cases, more dubious – by connecting to other devices and networks.
Not too many years ago, Microsoft Corporation was viewed somewhat suspiciously in the information security community for what was perceived to be a lackadaisical approach to patching their software and (in particular) their Windows operating systems. Fast-forward to today, and Microsoft is recognized almost universally as having one of the most effective and timely security patching programs in the industry. Of course, Microsoft isn’t the only OS vendor to experience known vulnerabilities; although Apple for many years boasted that it’s software “doesn’t have security holes”, the fact is that the venerable OSX operating system, while a very mature BSD UNIX variant, still encounters periodic security issues which – to their credit – Apple addresses through frequent patch deployments. Even Linux, which runs so much of the Internet’s infrastructure, periodically has major security issues discovered in its supporting software, including a major vulnerability discovered just last week within systemd, a critical piece of software that provides name resolution services.
22 years ago, Irish actor Pierce Brosnan took his first turn as MI-6’s perennial agent James Bond. In that particularly great outing, everyone’s favorite international spy took out a satellite network known as GoldenEye, spearheaded by two satellites named Mischa and Petya. While the fictional GoldenEye satellites delivered an electro-magnetic field (EMF) of radiation that took out all electronics within a 30-mile radius, this week the world was hit with a real Petya: the “GoldenEye” strain of the ransomware that was at the root of last month’s massive WannaCry outbreak.
It’s been a busy week among software companies and OEM’s, as both Microsoft and Adobe have released a flurry of patches. Microsoft’s current “Patch Tuesday” bundle features fixes for almost one hundred flaws in Windows and other Microsoft software. Adobe’s updates continue to patch their Flash and Shockwave technologies, both of which are unfortunate poster children for insecure software.
Security and privacy experts – not to mention federal government agencies - are still reeling from the disclosure by WikiLeaks of the CIA’s cachet of hacking and surveillance technologies that was released a few weeks ago. Among those disclosures, however, was a particularly interesting finding: the existence of “HammerDrill 2.0,” a cross-platform security toolkit that can breach the air gap.