Company - All Articles - CISO Platform2024-03-29T13:03:59Zhttps://www.cisoplatform.com/profiles/blogs/feed/tag/Company10 questions to ask your APT security vendor?https://www.cisoplatform.com/profiles/blogs/10-questions-to-ask-your-apt-security-vendor2016-07-22T06:00:00.000Z2016-07-22T06:00:00.000ZVaibhav Singhal (CISO Platform)https://www.cisoplatform.com/members/VaibhavSinghalCISOPlatform<div><p>Are you planning to Implement the <strong>Advanced Persistent Threats (APT) Security?</strong>. It's important to know what all questions you need to ask to APT security Vendor and get their views on APTs. Also, be sure whether the solution you are going to buy is capable to detect advanced threats using multiple techniques, and is not just another security solution using a signature based approach branded with fancy terms.</p><p><strong>APT Security is not a single technology/solution but a complex program (people, process and technology). </strong>Sandboxing or any single technology can only provide partial protection against “real” advanced attacks. <br /> So, here is the list of top 10 questions that you need to ask from your APT Security Vendors:-</p><p><br /> <strong>1. What is your definition of APT Security?</strong><br /> You need to understand what is their definition of APT Security. If their definition of APT Security solution is a traditional signature based antivirus or protection against botnets, Trojans and phishing without any intelligence or forensics features, you may want to stop right there.</p><p><br /> <strong>2.Could their solution detect more than the existing security system?</strong><br /> You wouldn't want to buy APT Security solution which doesn't add value to the existing security ecosystem. As, APT security has become a marketing term and many perceive APT Security as traditional signature based antivirus. Therefore, you need to know whether the APT security solution you are going to buy has much capable in detecting malware. You should have a list of possible APT's variants in handy and ask whether they protect from it. Some of the variants of APT can be Insider Threats, Initial attack vectors, Spear- Phishing, Drive-by-download, Online Social Networking, Search engine poisoning and many more</p><p><br /> <strong>3. Do you participate in the industry standard malware protection tests such as those performed by AV-Test or AV-Comparatives or NSS Labs? If not, why?</strong> <br /> What score did you got in these protection tests and did you able to score more than the industry standards.</p><p><br /> <strong>4. Does your APT security solution covers all the channel by which threat might penetrate into the enterprise system?</strong><br /> APT Security solution must provides comprehensive coverage in various channels which are as follows:-<br /> • End Point: These are typically deployed as agents on End Point Devices but there are also some solutions which are agentless<br /> • Network: These are typically deployed as appliances within their network infrastructure & separate solution may be required for detection, response and forensics<br /> • Email: Spear Phishing email is one of the main cause for Advanced Targeted Attacks</p><p><strong>5. What is your false positive rate and how do you measure it?</strong><br /> There has been a times when a system falsely gives "Malware Attacks" and then organization allocate resources to investigate the issue and if it is a false positive, then people tends to ignore the real alarm as well and doesn't take it seriously.</p><p><br /> <strong>6. How much time it will take to fetch reports for the complete system and how much memory your solution will it use?</strong><br /> There are systems in which taking reports are time intensive and may need to be run off-hours. Application containment solutions use CPU and memory and having more containers can lead to higher impact and can result into performance issues.</p><p><br /> <strong>7. How will rate your solution from 1 to 10 in terms of complexity, with 1 as easy and 10 being complex?</strong><br /> There are solutions which are very complex and will require skilled personnel. Therefore, your need to evaluate your workforce expertise and deploying this solution might need some extra workforce and you need to ask whether this cost of extra workforce is manageable.</p><p><br /> <strong>8. How capable is your threat research team in investigating series of attacks?</strong><br /> The Threat Team plays a crucial role and selecting a vendor with strong threat research team is important as sometimes there can be long-standing cyber espionage campaign.</p><p><br /> <strong>9. Which type of technologies does your APT solution leverage?</strong><br /> As APT Security, multiple solutions/technologies may be required and hence you need to understand the techniques vendor APT Security solution leverages. It can leverage Sandboxing, Security Analytics, Application Containerization, Embedded URL Analysis, IOC Detection, Static Code Analysis etc.</p><p><br /> <strong>10. What is your solution capabilities in terms of Prevention, Detection, Response and Prediction?</strong><br /> The multiple APT Security solution should be capable in terms of Prevention, Detection, Response and Prediction. You need to evaluate and understand how much you are going to achieve in terms of these 4 key capabilities.</p></div>Top Emerging APT Security Company Vendors Globally in 2019https://www.cisoplatform.com/profiles/blogs/top-emerging-apt-security-vendors-globally2016-08-03T08:00:00.000Z2016-08-03T08:00:00.000ZVaibhav Singhal (CISO Platform)https://www.cisoplatform.com/members/VaibhavSinghalCISOPlatform<div><p><strong>Emerging Vendors</strong> are the vendors who have been innovative and has given the fresh perspective to the conventional security methods. In very less time, these start-ups have been able to make their name in the APT space. Here is the list of the Top Emerging vendors in the field of APT Security.</p><p><br /> <span class="font-size-4">1. <a href="https://www.illusivenetworks.com/" target="_blank">Illusive Networks</a> <a href="https://twitter.com/illusivenw" target="_blank">@illusivenw:</a></span> Illusive Networks is a cyber security firm headquartered in Tel Aviv, Israel. It was founded in <strong>2014</strong>. Illusive Networks does not deal with malware, viruses or Trojans: it focuses on hackers who launch cyber attacks. Its modus operandi is to trap hackers by leaving false clues. To shake them off, Illusive Networks will create deceptive zones in a labyrinth with numerous fake endpoints.</p><p><br /> <strong>Channel of APT Security Used:</strong> Network /End-Points<span style="text-decoration:line-through;">/Email</span></p><p><br /> <strong>Funding Raised:</strong> <strong>$30 Million</strong> and <strong>Major Investors are:</strong> Cisco Investments, Citi Ventures, Innovation Endeavors, Bessemer Venture Partners</p><p><br /> Let' s see the approach adopted by <strong>Illusive Networks to counter Advanced attacks:-</strong></p><p><br /> • <strong>Send ransomware the wrong way:</strong> Illusive creates deceptive ransomware targets in the network that distract ransomware and prevent it from attacking real company assets.</p><p>• <strong>Neutralize ransomware before damage is done:</strong> As soon as Ransomware activity starts within your organization, Illusive’s deceptions lead the ransomware to reveal itself before any real data is encrypted, ensuring that no harm is done to real organizational assets and no disruption is caused to business operations.</p><p>• <strong>Real-time alerts & forensics from the ransomware source:</strong> Illusive is the only vendor that neutralizes ransomware activity at its entry point on the source host, enabling early detection and high fidelity alerts that are only triggered by real ransomware activity.</p><p>This video explains their innovative approach against advanced attacks.</p><p><strong>Change it - Illusive Networks: the start-up that traps hackers:</strong> <a href="https://www.youtube.com/watch?v=5pVq5In8VW8" target="_blank">https://www.youtube.com/watch?v=5pVq5In8VW8</a></p><p>{<strong>Source:</strong> <a href="https://www.illusivenetworks.com/advanced-ransomware-guard" target="_blank">https://www.illusivenetworks.com/advanced-ransomware-guard</a>}</p><p></p><p><span class="font-size-4">2. <a href="https://www.menlosecurity.com/how-it-works" target="_blank">Menlo Security</a><a href="https://twitter.com/menlosecurity" target="_blank">@menlosecurity</a><a href="https://www.menlosecurity.com/how-it-works" target="_blank"></a>:</span> Menlo Security is a cyber security firm headquartered in Menlo Park, CA. It was founded in 2015.</p><p><strong>Channel of APT Security Used:</strong> Network /End-Points/<span style="text-decoration:line-through;">Email</span></p><p><strong>Funding Raised: $35 Million</strong> and <strong>Major Investors are:</strong> Engineering Capital, General Catalyst Partners, Osage University Partners, Sutter Hill Ventures</p><p>Let's see the approach adopted by <strong>Menlo Security to counter Advanced attacks:-</strong></p><p><br /> • The <strong>Menlo Security Isolation Platform (MSIP)</strong> brings the benefits of isolation technology to any size enterprise. It deploys as a cloud service (public or private) and requires no software or plug-ins on the endpoint. The MSIP supports any device, OS and browser and delivers a user experience essentially indistinguishable from native Web access.</p><p>• <strong>By leveraging patented Adaptive Clientless Rendering™ (ACR) technologies</strong>, MSIP enables enterprise-wide deployment of isolation security without the need to deploy or manage endpoint software or appliances, dramatically reducing ransomware risks.</p><p>This video explains their innovative approach against advanced attacks.</p><p><br /> <strong>Menlo Security Isolation Platform - Overview</strong><br /> <a href="https://www.youtube.com/watch?v=7ZUwQJPZ3Qg" target="_blank">https://www.youtube.com/watch?v=7ZUwQJPZ3Qg</a></p><p>{<strong>Source:</strong> <a href="https://www.menlosecurity.com/how-it-works" target="_blank">https://www.menlosecurity.com/how-it-works</a>}</p><p></p><p><span class="font-size-4">3.<a href="https://www.cylance.com/" target="_blank">Cylance</a><a href="https://twitter.com/cylanceinc" target="_blank">@cylanceinc</a><a href="https://www.cylance.com/" target="_blank"></a>:</span> Cylance is a cyber security firm headquartered in Irvine, US. It was founded in <strong>2012</strong>. Cylance is revolutionizing cyber-security with products and services that proactively prevent, rather than reactively detect the execution of advanced persistent threats and malware. Their technology is deployed on over four million endpoints and protects hundreds of enterprise clients worldwide including Fortune 100 organizations and government institutions.</p><p><strong>Channel of APT Security Used:</strong> <span style="text-decoration:line-through;">Network</span> /End-Points/<span style="text-decoration:line-through;">Email</span></p><p><strong>Funding Raised: $177Million</strong> and <strong>Major Investors</strong> are: Alex Doll, Blackstone, Capital One Growth Ventures, Dell Ventures, DFJ Growth</p><p>Let's see the approach <strong>adopted by Cylance to counter Advanced attacks:-</strong></p><p><br /> <strong>Cylance’s ThreatZERO Assurance Program</strong> provides:</p><p>• The generation, delivery and full review of the Cylance ThreatZERO Assurance Report, including a policy review showcasing best practices, any modifications suggested, and further recommendations to achieve zero threat status</p><p>• A full malware status review during which identified threats may be reclassified and unclassified threats may be submitted to the <strong>Cylance Threat Analysis Team</strong></p><p>• A <strong>full potentially unwanted program (PUP)</strong> review, including the submission of any unclassified PUPs</p><p>• A thorough review of deployed agent version and update statuses</p><p>This video explains <strong>their innovative approach against advanced attacks:-</strong></p><p><strong>Cylance: Protecting Your Computer Through Mathematics</strong><br /> <a href="https://www.youtube.com/watch?v=-YPbZKl71S8" target="_blank">https://www.youtube.com/watch?v=-YPbZKl71S8</a></p><p>{<strong>Source:</strong> <a href="https://www.cylance.com/" target="_blank">https://www.cylance.com/</a>}</p><p></p><p><span class="font-size-4">4.<a href="http://www.cybereason.com/" target="_blank">Cybereason</a><a href="https://twitter.com/cybereason" target="_blank">@cybereason</a><a href="http://www.cybereason.com/" target="_blank"></a>:</span> Cybereason is a cyber security firm headquartered in Boston, Massachusetts. It was founded in 2012. Cybereason automatically detects malicious activity and presents it in an intuitive way. It deploys easily with minimal organizational impact and provides end-to-end context of an attack campaign. Most organizations deploy Cybereason and start detecting attacks within 24 to 48 hours.</p><p><strong>Channel of APT Security Used:</strong> Network /End-Points/Email</p><p><strong>Funding Raised: $88.6Million</strong> and <strong>Major Investors are:</strong> CRV, Lockheed Martin, Softbank, Spark Capital</p><p>Let's see the approach adopted by <strong>Cyberreason to counter Advanced attacks:-</strong></p><p>• <strong>Endpoint and Server Sensors:</strong> Cybereason Sensors are deployed on endpoints and servers and collect data from across your environment 24/7 in real time. The sensors have no impact on productivity or user experience.</p><p>• The <strong>Hunting Engine</strong> is constantly fed with information received from the endpoint and server sensors. It uses artificial intelligence, machine learning and behavioural techniques to detect cyber attacks.</p><p>• <strong>Cybereason comes preconfigured</strong> with a library of models that look for malicious activities and tools, tactics and procedures attackers use while executing their hacking campaigns.</p><p>This video explains their <strong>innovative approach against advanced attacks:-</strong></p><p><strong>Introducing Cybereason: Real-Time Automated Cyber Hunting</strong><br /> <a href="https://www.youtube.com/watch?v=0I7yF4waLLY" target="_blank">https://www.youtube.com/watch?v=0I7yF4waLLY</a></p><p>{<strong>Source:</strong> <a href="http://www.cybereason.com/" target="_blank">http://www.cybereason.com/</a>}</p><p></p><p><span class="font-size-4">5.<a href="http://www.vectranetworks.com/" target="_blank">Vectranetworks</a> <a href="https://twitter.com/Vectra_Networks" target="_blank">@Vectra_Networks:</a></span> Vectra Networks is a U.S. business headquartered in San Jose, California, It was founded in 2012. Its products monitor internal network traffic to identify in real time cyber-attacks that are in progress.</p><p><strong>Channel of APT Security Used:</strong> Network /End-Points/<span style="text-decoration:line-through;">Email</span></p><p><strong>Funding Raised: $86.54 Million</strong> and <strong>Major Investors are</strong>: Accel, AME Cloud Ventures, DAG Ventures, IA Ventures, Intel Capital, Juniper Networks</p><p>Let's see the approach <strong>adopted by Vectra Networks to counter Advanced attacks:-</strong></p><p>• <strong>Detections based on data science not signatures:</strong> Vectra uses a patent-pending combination of data science, machine learning, and behavioral analysis to reveal the fundamental characteristics of malicious behavior without the need for countless signatures and reputation-based rules</p><p>• <strong>Adaptive Distributed Architecture:</strong> The Vectra Adaptive Distributed Architecture provides a simple and efficient way to extend cybersecurity to all areas of an organization. Security teams can seamlessly monitor remote sites where attackers start as well as internal network segments that contain key assets attackers will try to steal.</p><p>• <strong>Detect all phases of an active attack:</strong> Vectra picks up where perimeter security stops by continuously analyzing all network traffic for malicious behaviors of an ongoing cyber attack. The solution detects all phases of attack including command and control, internal reconnaissance, lateral movement, ransomware activity, data exfiltration, and botnet monetization behaviors -- automatically and in real time</p><p>This video <strong>explains their innovative approach against advanced attacks:-</strong></p><p><strong>VectraNetworks- How It's Different</strong><br /> <a href="https://www.youtube.com/watch?v=uxu7VWJBY5Y" target="_blank">https://www.youtube.com/watch?v=uxu7VWJBY5Y</a></p><p>{<strong>Source:</strong> <a href="http://www.vectranetworks.com/" target="_blank">http://www.vectranetworks.com/</a>}</p><p></p><p><span class="font-size-4">6.<a href="https://www.safebreach.com/how-offensive-security-works" target="_blank">SafeBreach</a><a href="https://www.safebreach.com/how-offensive-security-works" target="_blank">@safebreach:</a><a href="https://www.safebreach.com/how-offensive-security-works" target="_blank"></a> </span>SafeBreach is a business headquartered in Sunnyvale, California. It was founded in 2014. SafeBreach lightweight simulators play the role of the hacker. Deploy them in critical segments of your network, in the cloud or on your endpoint to simulate the entire kill chain- infiltration, lateral movement and exfiltration. Both network and endpoint simulators are available.</p><p><strong>Channel of APT Security Used:</strong> Network /End-Points/<span style="text-decoration:line-through;">Email</span></p><p><strong>Funding Raised: $19 Million</strong> and <strong>Major Investors are:</strong> Deutsche Telekom Capital Partners, Hewlett Packard Pathfinder, Sequoia Capital, Maverick Ventures Israel</p><p>Let's see the <strong>approach adopted by SafeBreach to counter Advanced attacks:-</strong></p><p>• <strong>Deploy simulators to “play the hacker”: SafeBreach lightweight simulators play the role of the hacker.</strong> Deploy them in critical segments of your network, in the cloud or on your endpoint to simulate the entire kill chain- infiltration, lateral movement and exfiltration. Both network and endpoint simulators are available.</p><p>• <strong>Orchestrate and execute breach scenarios:</strong> The Safebreach orchestration platform manages and executes the Hacker's Playbook™ of breach methods on our simulators. Our patent-pending technology simulates breach scenarios without impacting users or infrastructure, but while validating the effectiveness of your security solutions.</p><p>• <strong>Quickly take corrective action:</strong> Our platform correlates and analyzes all breach methods, and presents information useful for both security analysts and security executives. Deep dive into breach scenario building blocks and quickly remediate based on SafeBreach recommendations.</p><p>This video explains their <strong>innovative approach against advanced attacks:-</strong></p><p><strong>SafeBreach - Your ultimate virtual hacker</strong><br /> <a href="https://www.youtube.com/watch?v=n3v96igavfk" target="_blank">https://www.youtube.com/watch?v=n3v96igavfk</a></p><p>{<strong>Source</strong>: <a href="https://www.safebreach.com/how-offensive-security-works" target="_blank">https://www.safebreach.com/how-offensive-security-works</a>}</p><p></p><p><span class="font-size-4">7. <a href="https://sqrrl.com/product/sqrrl-enterprise/" target="_blank">Sqrrl</a><a href="https://twitter.com/SqrrlData" target="_blank">@SqrrlData</a><a href="https://sqrrl.com/product/sqrrl-enterprise/" target="_blank"></a>:</span> Sqrrl is a business headquartered in Sunnyvale, California. It was founded in 2014. Sqrrl is the security analytics company that enables organizations to target, hunt, and disrupt advanced cyber threats. Sqrrl’s industry-leading advanced detection and response platform enables security analysts to uncover malicious behaviour within enterprise networks. Sqrrl reduces attacker dwell time by detecting adversarial behaviour faster and with fewer resources through the use of machine learning, and enables effective threat hunting. As an incident response tool, it enables analysts to investigate the scope, impact, and root cause of an incident more efficiently and thoroughly than ever before.</p><p><strong>Channel of APT Security Used:</strong> Network /End-Points/<span style="text-decoration:line-through;">Email</span></p><p><strong>Funding Raised: $14.2 Million</strong> and <strong>Major Investors are:</strong> Atlas Venture, Matrix Partners, Rally Ventures</p><p>Let's see the <strong>approach adopted by Sqrrl to counter Advanced attacks:-</strong></p><p>Sqrrl Enterprise enables the ingest and analysis of disparate data-sets to facilitate <strong>proactive threat detection</strong>, which is also known as cyber threat hunting.</p><p>• <strong>Target:</strong> Scope the data sets that will be used in your investigation. Hunts can branch from various starting points or “trailheads”. These include indicator-driven structured hunts and hypothesis-driven exploratory hunts, both of which can be optimized with automated analytics and machine learning. </p><p>• <strong>Proactively and iteratively</strong> search through network and endpoint data to detect and isolate advanced threats that evade more traditional security solutions.</p><p>• <strong>Disrupt:</strong> By seamlessly pivoting from hunting to forensic analysis, disrupt adversaries before they fully execute their attacks. These analyses can generate new indicators to feed into complementary security systems, creating an effective security feedback loop.</p><p>This video <strong>explains their innovative approach against advanced attacks:-</strong></p><p><strong>Sqrrl - "Secure. Scale, Adapt"</strong><br /> <a href="https://www.youtube.com/watch?v=Sk-8_jJQ1Nc" target="_blank">https://www.youtube.com/watch?v=Sk-8_jJQ1Nc</a></p><p><br /> {<strong>Source:</strong> <a href="https://sqrrl.com/product/sqrrl-enterprise/" target="_blank">https://sqrrl.com/product/sqrrl-enterprise/</a>}</p></div>Making your System Impenetrable with Penetration Testinghttps://www.cisoplatform.com/profiles/blogs/making-your-system-impenetrable-with-penetration-testing2020-05-28T07:26:44.000Z2020-05-28T07:26:44.000ZRay Parkerhttps://www.cisoplatform.com/members/RayParker<div><p><span style="font-weight:400;">It cannot be argued that as the global march of digitization continues to grow unchecked, it has brought high convenience, shorter delivery times, cost-effectiveness, and unprecedented access to the customer base for the organizations. However, this myriad of benefits is also accompanied by the curse of privacy and security breaches that are encountered by the companies invariably. The distressing increase in the number of cyber-attacks against the companies has led to a tremendous negative effect on the reputation and customer retention of companies. Owing to this, the security and vulnerability testing is fast becoming the boardroom agenda of organizations, and it has been acknowledged that one of the most effective ways to evaluate the security system is from the perspective of the hacker and not an insider.</span></p><p><span style="font-size:12pt;"><strong>How does It work?</strong></span></p><p><span style="font-weight:400;">A</span> penetration testing company <span style="font-weight:400;">puts themselves in the shoes of the threat actors and breaks into the security system from the outside to effectively assess the vulnerabilities and weak spots in the network. The fundamental aim of penetration testing is to simulate a real-world malicious attack to detect any potential risks and threats that can possibly impact the integrity, confidentiality, and availability of data. The simulated attack on the business systems, financial assets, and database not only checks for the vulnerable vector points for attacks, but it also evaluates the ability of the IT system to identify and respond to an attack in real-time. By identifying the security weak nodes which may have been overlooked in the routine testing, the <a href="https://softwaretestinglead.com/best-penetration-testing-companies/" target="_blank">penetration testing company</a></span><span style="font-weight:400;"> facilities the organization to comply with current regulations.</span></p><p><span style="font-size:12pt;"><strong>Why Should Organizations Opt for Penetration Testing?</strong></span></p><p><span style="font-weight:400;">The network penetration test constitutes of the information collection and vulnerability detection phase where the testers understand the scope of the organization and identify any potential vulnerabilities, followed by the exploitation phase within the weak vector points are actively attacked to gauge the capabilities of the IT system, and finally the reporting phase where the derived insights are reported back to the organization in a comprehensive manner.</span></p><ul><li><span style="font-weight:400;">Some of the primary advantages of a network penetration testing include;</span></li><li><span style="font-weight:400;">Verification of false positives through testing</span></li><li><span style="font-weight:400;">Detection of weak nodes and potential threats in the security system at an early phase through a hackers’ eye view</span></li><li><span style="font-weight:400;">Enhancement of the security controls through detailed testing</span></li><li><span style="font-weight:400;">Circumventing the rate of system downtime by helping the organization avoid any financial setbacks by responding to threats proactively</span></li><li><span style="font-weight:400;">Facilitates the organization in meeting the compliance regulations and evading any penalties</span></li></ul><p><span style="font-size:12pt;"><strong>Conclusion</strong></span></p><p><span style="font-weight:400;">Organizations often presume that frequently updating their passwords or having a windows firewall in place is sufficient to safeguard them against any malicious attacks. However, there are many weak attack vectors in the system that the companies may not even be aware of and so, they are often undetected in regular security testing. Therefore, a thorough security and vulnerability assessment of the network security is necessitated to evade malicious infiltrations and data breaches, and for a robust security system. </span></p><p><span style="font-weight:400;">Author Bio:</span></p><p><span style="font-weight:400;">Scott Andery is a Technical Writer and Marketing Consultant at <a href="https://softdevlead.com/" target="_blank">Software Development Lead</a>. He has 8+ years of experience in Marketing and he has worked with different IT companies. </span></p></div>