Big Data and IT Security – SIEM as an analysis tool

Over the last few years, gleaning useful information from massive amounts of data has also become more difficult for IT security and approaches to Big Data and information analysis are a critical topic in this sector. The number of users, end devices, applications and log files are constantly on the rise. At the same time, attackers are becoming more sophisticated and professional while constantly adapting their strategies. Companies are now facing a completely new level of risks and challenges to their IT security operations. Frequently companies have more than enough data on security events, including successful penetrations and potential vulnerabilities. Enormous volumes of data are generated by network components, storage systems or applications. Security threats buried among this data must be taken seriously, however attacks often remain unnoticed or they are not discovered in time due to a lack of structured data. Analyzing and interpreting this data and deploying a rapid response is almost impossible without specialist software. Security Information and Event Management (SIEM) systems are designed to improve the analysis and management of attack indicators by establishing connections between events from the collected data and issuing warnings or reports to IT administrators based on a defined policy. This helps companies to meet compliance requirements and simplifies the documentation and archiving of security relevant events. Automated responses can even be generated and set to ensure a rapid defense response. SIEM and Remote Access External access to company networks is one of the most critical areas linked to IT security. Attackers often attempt to exploit remote connections to gain access to company data. Information is available in user and access...

Plan, Install and Operate VPN Gateways in Accordance with the BSI’s Basic IT Security Manual

While the core focus of IT administrators may not be security, they are often tasked with looking after network security, leading them to sometimes feel overwhelmed. They might ask themselves: “How do I know where best to focus? How do I know if my approach is correct?” Fortunately, such questions can easily be answered. Have a look at the manual for basic IT security from the Federal Office for Information Security in Germany (BSI). It contains many answers to security questions that IT professionals may have, but unfortunately, not many are familiar with the almost 4,500 pages of information, covering almost all aspects of IT security. The beauty of the BSI manual is that it’s written fully independent of manufacturers and can be used in almost all system environments. Divided into building blocks, risks and approaches, the manual for basic IT security provides a well-organized introduction and a comprehensive explanation of how to handle IT security matters. German government agencies have to be certified through the BSI, and all other institutions and companies can also be certified. BSI standards are the basis for the certification, which is compatible with ISO 27001. The implementation is described in the BSI manual. If an expensive certification is not required, working with the manual for basic IT security makes sense because the manual is free of charge – the current version can be downloaded from the BSI website and an HTML version is also available. Also, the clear structure is a big plus. If companies lack adequate security planning and a holistic view of IT security, the BSI manual presents a standardized approach...

How Far Does Your Cybersecurity Umbrella Extend?

Network administrators: No matter how impenetrable you think your network defenses are, there are always going to be remote access vulnerabilities that threaten the integrity of your walls. Often, it’s a threat that originates from outside the immediate range of your defenses, and it’s one you may not have any visibility into. Recently, these threats have started to originate from third-party partners – a company’s vendors, suppliers, agencies, firms and other outside service providers. These are often smaller companies with less sophisticated remote access defenses that, when they become a target of cyber crooks, provide a path for an attacker right into the heart of another company’s network. Target found this out the hard way, after its network was breached when attackers gained entry by acquiring network credentials though a third-party HVAC vendor. So did Lowe’s, after one of its vendors backed up customer data on an unsecure server and unknowingly exposed the information to the broader Internet. Goodwill, too, suffered a breach because of a vendor, this time a retail POS operator that acknowledged its managed service environment “may have experienced unauthorized access.” While it may seem odd for big-name companies to provide such privileged access to third parties and, in the process, put themselves in harm’s way – either deliberately or inadvertently – it’s actually quite a common situation. As Brian Krebs reported in the aftermath of the Target breach, large retailers often provide HVAC and energy vendors with privileged network access so they can alert retailers around-the-clock in the event something goes wrong in one of their buildings. As a source told Krebs, “Vendors need to...

Open Haus: Updated VPN Clients and Server

Of all the factors that would prevent an organization from launching a comprehensive remote access security strategy – limited budget, unfamiliarity with emerging threat vectors, lack of employee buy-in – the remote access tools themselves should not be the reason that a strategy has trouble gaining a foothold within an organization. The experience of using a remote access VPN needs to be an easy one – it should be straightforward for network administrators to centrally manage, and simple for users to deploy without interrupting their workflow. As Citrix’s Kurt Roemer recently told eWeek, “The industry needs to preconfigure for security and employ services that keep security settings optimal and balanced against user experience.” In the last month, NCP engineering has issued three product updates, all intended to improve remote access security for enterprises by enhancing administrator features and the end-user experience: NCP Secure Clients, Version 10.02 This update supports users of Windows 10, and is the first IPsec VPN Client compatible with Microsoft’s newest operating system. For users, Version 10.02 of the NCP Secure Entry Clients offers: Optimized Internet of Things (IoT) configuration Alerts when the preferred network is no longer available Improved user experience through a touchscreen-compatible interface The option to eliminate dual network connections Password- and PIN-free logon with machine certificates Meanwhile, administrators benefit from improved troubleshooting, through enhanced search log functionality, and immediate configuration updates. NCP Secure Client – Juniper Edition, Version 10.02 For users who access network connections through Juniper VPN gateways, Version 10.02 of the NCP Secure Client – Juniper Edition offers many of the same enhancements above, while providing seamless and secure remote...

7 Security Threats You May Have Overlooked

If there’s been a silver lining to the string of devastating cyberattacks against some of the biggest organizations in the world over the last year, it’s that the list of “what not to do” has continued to grow, putting other companies on notice. If you use a third-party vendor, for example, make sure their networks are just as secure as your own. When there are known security vulnerabilities, reconsider using end of life operating systems like Windows XP on your devices. These are some of the most prominent recent lessons, but there are plenty of other threats to network security lurking just below the surface. And these are the vulnerabilities that attackers will look to exploit. After all, why would they target a well-defended vector when there may be an easier point-of-entry somewhere else? That would be like a burglar trying to break down a locked door, instead of checking first to see if maybe a window was left cracked open. In today’s business environment, the list of overlooked network security threats is endless. Information security professionals are modern-day gladiators, tasked with defending corporate data and networks against both known and unknown threats, but no matter how skilled they are, there will always be new threats to their networks. Here are seven to think about: 1. Rogue Employees 2. Delayed Device Deprovisioning 3. A Single, Vulnerable Security Vendor 4. Out of Date Software 5. Failure to Adapt to New Technology 6. Security Solutions and Policy Misalignment 7. Shadow IT REGISTER FOR WEBINAR Most working environments would be lucky to be vulnerable to only one of these. The reality is,...