Big Data and IT Security – SIEM as an analysis tool

Over the last few years, gleaning useful information from massive amounts of data has also become more difficult for IT security and approaches to Big Data and information analysis are a critical topic in this sector. The number of users, end devices, applications and log files are constantly on the rise. At the same time, attackers are becoming more sophisticated and professional while constantly adapting their strategies. Companies are now facing a completely new level of risks and challenges to their IT security operations. Frequently companies have more than enough data on security events, including successful penetrations and potential vulnerabilities. Enormous volumes of data are generated by network components, storage systems or applications. Security threats buried among this data must be taken seriously, however attacks often remain unnoticed or they are not discovered in time due to a lack of structured data. Analyzing and interpreting this data and deploying a rapid response is almost impossible without specialist software. Security Information and Event Management (SIEM) systems are designed to improve the analysis and management of attack indicators by establishing connections between events from the collected data and issuing warnings or reports to IT administrators based on a defined policy. This helps companies to meet compliance requirements and simplifies the documentation and archiving of security relevant events. Automated responses can even be generated and set to ensure a rapid defense response. SIEM and Remote Access External access to company networks is one of the most critical areas linked to IT security. Attackers often attempt to exploit remote connections to gain access to company data. Information is available in user and access...

How Far Does Your Cybersecurity Umbrella Extend?

Network administrators: No matter how impenetrable you think your network defenses are, there are always going to be remote access vulnerabilities that threaten the integrity of your walls. Often, it’s a threat that originates from outside the immediate range of your defenses, and it’s one you may not have any visibility into. Recently, these threats have started to originate from third-party partners – a company’s vendors, suppliers, agencies, firms and other outside service providers. These are often smaller companies with less sophisticated remote access defenses that, when they become a target of cyber crooks, provide a path for an attacker right into the heart of another company’s network. Target found this out the hard way, after its network was breached when attackers gained entry by acquiring network credentials though a third-party HVAC vendor. So did Lowe’s, after one of its vendors backed up customer data on an unsecure server and unknowingly exposed the information to the broader Internet. Goodwill, too, suffered a breach because of a vendor, this time a retail POS operator that acknowledged its managed service environment “may have experienced unauthorized access.” While it may seem odd for big-name companies to provide such privileged access to third parties and, in the process, put themselves in harm’s way – either deliberately or inadvertently – it’s actually quite a common situation. As Brian Krebs reported in the aftermath of the Target breach, large retailers often provide HVAC and energy vendors with privileged network access so they can alert retailers around-the-clock in the event something goes wrong in one of their buildings. As a source told Krebs, “Vendors need to...

Smaller Scale Is No Defense: Why SMBs Should Assume They’re Already Targets of Cyberattackers

You would be hard pressed to go a month without hearing about a new data breach or major cyberattack in the headlines. These incidents occur with such regularity nowadays that seemingly every industry has been affected – healthcare, education, retail and even amusement parks. There are variations across all these attacks, from the threat vectors themselves to the protections that may have faltered. But, the common thread is that these companies are generally big names with targets on their backs. This trend also tends to overshadow an even more worrisome one: data breaches occurring at small and medium-sized businesses. While SMBs may exist on a relatively small scale, they certainly don’t go unnoticed by hackers. The numbers actually show that three out of four attacks occur at businesses with fewer than 100 employees, and that each incident carries an average price tag of $20,752, according to the National Small Business Association (NSBA). The NSBA’s Jason Oxman elaborated further in comments to the Los Angeles Times last year: “We are absolutely facing an epidemic of attacks on our nation’s infrastructure and attempts to gain access to information. But smaller merchants tend to be easier and more attractive targets for cyber criminals.” This is because SMBs are less likely to be well-versed in security protocols and because they won’t get much attention from the media, thereby allowing the attacks to continue under relative quiet. Compared to enterprises, SMBs may also lack the resources to detect and respond quickly to attacks. The fallout can result in broken websites, bad customer reviews and narrower profit margins – all consequences that can completely devastate...

Seamless Roaming or Always On: The Remote Access VPN Feature Digital Nomads May Be Missing

In remote working environments, the Digital Nomad isn’t tied to a desk or cubicle, but he has close relationships with his coworkers. The Digital Nomad works exclusively from mobile devices that connect wirelessly to the Internet, and she’s still able to finish all her tasks on time. For now, these workers are generally the exception to the rule, but that may not be the case for much longer. One-third of business leaders anticipate that by 2020, more than half of their full-time workforce will be working remotely. It’s not difficult to see why remote work is so popular. Today, Digital Nomads can be more nomadic than ever, setting up new mobile “offices” wherever there’s a network connection. They don’t even need a hard surface to put their device on or an outlet to plug into. But, what they do need for security purposes is a remote access VPN to enable a secure connection back to the corporate network. VPNs are reliable, but the problem is, network interruptions have long seemed inevitable. They get in the way and disrupt the user’s computing session. That’s when a VPN feature known as seamless roaming or always on comes into play, allowing a user to move between different networks without losing the connection. The Value of Seamless Roaming Whether you’re a finance executive fighting dead zones as you work on your laptop from a train, or a sales professional working from an airport across a spotty Wi-Fi connection, each time there’s a network disruption, the user has to manually restart the VPN connection to continue working. This is why seamless roaming is no...

NCP engineering Earns ‘Champion’ Rating in techconsult Report

This year, cyberattacks are expected to rain down at a rate of more than 117,000 per day, adding up to more than 42.8 million total incidents. As these attacks are launched and subsequently investigated, the root cause of many of them will turn out to be the result of employee action – basic human error – such as accidentally violating a remote access policy. With these figures in mind, the new report “Security Solution Vendors 2015,” conducted by German analyst firm techconsult, analyzes the entire network, data, storage and endpoint security landscape, while identifying top providers and solutions that are on the front lines protecting businesses from these 42.8 million attacks. The report bodes well for NCP engineering and our remote access VPN solutions. Techconsult found that NCP “dominates” the network security space, while highlighting how NCP’s Secure Enterprise Solution “win…clearly against the competition” from other VPN solution providers. This assessment is reflected by NCP’s presence in the “Champion” quadrant, comprising all security solution vendors, based on evaluations from the market and users, as well as experts. NCP also earns a “Champion” rating when only network security vendors – those with VPN, external firewalls and Unified Threat Management (UTM) solutions – are assessed. NCP is the top solution provider in this quadrant, and we stand out for our 100 percent user satisfaction rating. In the Virtual Private Network quadrant, NCP again earns top marks and a “Champion” rating, with the report noting, “NCP has been able to set itself above the rest with the experts’ evaluations based on its excellent solution assessment as well as its company-specific framework conditions.”...