ES Episode38

From Security Weekly Wiki
Jump to navigationJump to search

Enterprise Security Weekly - Episode 38

Episode Audio

Recorded March 30, 2017

Enterprise Security News

  1. the cure for infectious malware - Is malware in the cloud a real problem? Are they just ahead of their time? With Advanced Threat Protection (ATP), a core component of any complete Cloud Access Security Broker (CASB) solution, organizations can protect the cloud from malware before it hits the app, assess the risk of any one file, and stop malicious attacks in their tracks.
  2. enSilo Adds NGAV Support to Remove Redundant Security and Remediation Expenditures - I can't figure out what it is that they do better than any other endpoint protection vendor? enSilo, the company that has redefined endpoint security, today announced the release of its expanded platform, which includes a built-in next-generation antivirus (NGAV) solution. This addition gives enSilo the most effective preventative endpoint security platform on the market, containing NGAV as the first line of defense and Endpoint Detection and Response (EDR) in a preventative containment mode as the last line of defense. The company also announced today support for Linux based operating systems to secure production servers. They do support Linux, which is neat, but how do they solve the problem better?
  3. AI Powered UEBA Threat Hunting - Yikes: Fortscale’s engine combines automated enrichment, sophisticated machine learning algorithms, accurate anomaly detection, threat classification, and incident aggregation in one box. OMG: Think of Fortscale as your personal AI POWERED RISK ROBOT, able to consume huge amounts of log data and providing instant insights on emerging threats.
  4. CylancePROTECT selected by SANS Community as Best Endpoint Protection Product of 2016 satPRnews - How do you measure this? the SANS community has named CylancePROTECT® as the winning product for the Best of 2016 Awards in the End Point Protection category.
  5. New research reveals that 30 percent of malware attacks are zero day exploits - Press Release Rocket - Yea, malware that is morphing does not mean it was a 0day attack: The results from Q4 2016, confirm that cyber criminals’ capability to automatically repack or morph their malware has outpaced the AV industry’s ability to keep up with new signatures. This means that without advanced threat prevention, companies could be missing up to a third of malware.

Topic: Configuration Management

I want to use this post from Daniel Miesller as a starting point:

You probably don't need 0day defenses, threat intelligence, or AI-powered SOCs. Moar basics:

- Asset Mgmt.
- Patching
- DNS Hygiene

Here are some tips:

  1. Determine your goals - Security is one goal, so is operational efficiency, and sometimes these are two different things. When planning, focus on helping, making it easier for people to perform their job, and guess what? Stuff will be more secure. I think every IT administrator, whether they know it or not, wants awesome configuration management, so give them the tools, processes and techniques to make that happen.
  2. Create your own standard - Sure, there are TONS of standards and best practices. Use them as a guide, then develop what works best for your environment (meaning your processes, people, technology and business)
  3. Configuration Management is similar to Vulnerability Management - Its a process, and most often successful with customization for your own environment, and maybe even using your own software and in-house tools. Define a baseline, detect variations, fix them, then repeat the process.
  4. Prioritize - There are endless options for configuration of operating systems, software and devices. Focus on what matters most to first operations (because if its down security is likely not relavent at that point), then focus on security. I find most people get really bogged down in the details, research the top security threats according to whats in your environment, then apply accordingly. For example, see our previous discussion on Microsoft Windows authentication and authorization, there are 5-6 things at the top of the list that are most often exploited by attackers, this is a good starting point!