Computer Security Updates Week 5 of Oct 2014

Refer to Computer Security Updates Week 2 of Oct 2014, the biggest news was the announcement Kaspersky Lab Broadens Cooperation with both INTERPOL and Europol.
  • PR - SG - Oct 30, 2014 - CyberArk Integrates Privileged Threat Analytics with McAfee’s Next Generation SIEM
  • PR - SG - Oct 29, 2014 - McAfee Report Reveals Org Chose Network Performance over Advanced Security Features
  • PR - Johannesburg & Tel Aviv - Oct 28, 2014 - Blue Turtle Partners with Whitebox Security to Provide Complete Data Access Governance
  • PR - SG - Oct 22, 2014 - CyberArk Expands Privileged Account Security Solution to Include SSH Key Management
  • PR - Oct 20, 2014 - F-Secure Launches Protection Service for Business (PSB)
  • PR - Oct 20, 2014 - CA Technologies Helps Card Issuers Combat Fraud
  • PR - Oct 16, 2014 - Blue Coat Commentary on POODLE Vulnerability



PR - SG - Oct 30, 2014 - CyberArk Integrates Privileged Threat Analytics with McAfee’s Next Generation SIEM

CyberArk, the company that protects organisations from cyber attacks that have made their way inside the network perimeter, today announced the integration of CyberArk Privileged Threat Analytics with McAfee Enterprise Security Manager (ESM). The integrated solution empowers customers to pinpoint and immediately act against privileged-based threats in their security information and event management (SIEM) data.

CyberArk Privileged Threat Analytics 2.0 collects and analyses privileged account activity data to provide organisations with visibility into potentially malicious behaviour. McAfee Enterprise Security Manager collects, correlates, and analyses intelligence and event data in real time and orchestrates adaptive protection to disrupt the attack chain and prevent data loss. Leveraging the McAfee data exchange layer (DXL), CyberArk’s full integration with McAfee Enterprise Security Manager will provide customers with more context to the information CyberArk Privileged Threat Analytics collects, while increasing the real-time visibility and the precision of actions that can be driven by the McAfee SIEM.

Email team@it-sideways.com for details.

PR - SG - Oct 29, 2014 - McAfee Report Reveals Org Chose Network Performance over Advanced Security Features

Organizations today rely on their IT executives and employees to ensure security to protect itself from malicious threats. McAfee, Part of Intel Security, published today a report, Network Performance and Security, revealing a shocking finding that many IT professionals disable firewall features to enable better network performance, greatly increasing their risk to security threat.

According to the report, the most common features disabled by network administrator include deep packet inspection (DPI), anti-spam, anti-virus, and VPN access. DPI, the feature most frequently disabled, detects malicious activity within regular network traffic and prevents intrusions by blocking offending traffic automatically before any damage occurs.

“In an age where Next Generation Firewalls are readily available, network performance and security should not be a contradiction, forcing IT organizations to make a choice,” said Wahab Yusoff, Vice President Southeast Asia, McAfee, Part of Intel Security. “Especially in growing economies like here in Southeast Asia, organizations cannot afford to gamble with their security posture nor their IT setup to support business. Competitive edge means having a robust IT infrastructure that supports business needs by delivering state-of-the-art performance without compromising security!”

PR - Johannesburg & Tel Aviv - Oct 28, 2014 - Blue Turtle Partners with Whitebox Security to Provide Complete Data Access Governance

Blue Turtle has partnered with Whitebox Security, the leading data governance company featuring crowd-sourcing, to provide secure data governance, out-of-the-box compliance, and cybersecurity for its clients.

Blue Turtle chose Whitebox Security’s WhiteOPSTM Security Suite to overcome data sprawl and provide the essential who, what, where, when and how of data governance so only the appropriate parties can access specific files. This gives IT departments complete transparency and control over exabytes of data.

Email team@it-sideways.com for details.

PR - SG - Oct 22, 2014 - CyberArk Expands Privileged Account Security Solution to Include SSH Key Management

CyberArk, the company that protects organisations from cyber attacks that have made their way inside the network perimeter, today introduced comprehensive Secure Shell (SSH) key management with the release of version nine of CyberArk Privileged Account Security Solution. Customers can now secure and manage SSH keys as well as other privileged credentials in a single, integrated platform to identify, manage and protect against advanced external attackers and malicious insiders.

Key benefits include: Securely manage privileged accounts accessed through passwords or SSH keys from a single platform to protect, detect, monitor and respond to potential threats.

Email team@it-sideways.com for details.

PR - Oct 20, 2014 - F-Secure Launches Protection Service for Business (PSB)

A Software-as-a-service (SaaS), means that it is Internet based, subscription based and requires least installation.
Christian Fredrikson, CEO of F-Secure Corporation

PSB is a cloud-based platform that offers companies, including small and medium-sized enterprises (SMEs), the edge they require to perform at a more productive pace, along with comprehensive protection for the whole IT environment, while being cost-efficient for businesses.

The suite consists of PSB Workstation Security,PSB Server Security,PSB E-mail and Server Security and PSB Mobile Security.

Email team@it-sideways.com for details.

PR - Oct 20, 2014 - CA Technologies Helps Card Issuers Combat Fraud

CA Technologies today introduced a new release of CA Risk Analytics which includes intelligent, self-learning authentication technologies that help reduce friction for consumers during online checkout and allow card issuers to reduce incidents of fraud, increase revenue and gain unprecedented flexibility and control in their fraud detection systems.

CA Risk Analytics Adds New Behavioral Neural Network Authentication Models to Drive More Accurate Fraud Detection and Improve Online Shopping Experience.

Email team@it-sideways.com for details.

PR - Oct 16, 2014 - Blue Coat Commentary on POODLE Vulnerability

By Waylon Grange, Senior Malware Researcher at Blue Coat Systems

Recently Google announced a new vulnerability in the SSL protocol used for web encryption. The vulnerability can only be triggered in a protocol from the 1990s, which has been replaced by more secure versions yet 98% of all web servers still support using the older protocol. Here is why we should be less worried about backward compatibility and be more concerned with implementing stronger web security protocols.

POODLE, as the vulnerability is called, allows an attacker to gain access to encrypted information, such as session cookies. Once this information is gained an attacker could then masquerade as the user. The attack is achieved by modifying the padding bytes in the Cipher Block Chaining (CBC) algorithms used by SSL. By modifying the padding there is a 1 in 256 chance that it will reveal, one byte of the original message. Over enough sessions an attacker could gain a complete session cookie. This means that an attacker must be capable of performing MitM attacks and that they can force the victim to make thousands of requests. Admittedly, the conditions required to exploit this bug sound a bit improbable however, various malicious scripts could help attackers force multiple sessions so this issue shouldn’t be overlooked.

The vulnerability only exists in the SSLv3 security protocol. SSLv3 has been around since 1996 when it was first introduced to address serious vulnerabilities in SSLv2 and was superseded by TLSv1 in 1999. The latest official version is TLS 1.2 that was released in 2008 while TLS 1.3 is currently in draft to be release sometime in the near future. All that being said, SSLv3 is almost 15 years old which makes it ancient in cryptography years, yet a recent survey shows that 98% of servers still support it! Servers still advertise SSLv3 in fear that web browsers don’t support TLSv1 or higher. However, the truth is since 2000 every major browser included support for TLSv1 or better and most have included support for it from their initial release! The latest major browser to be released without TLSv1 support was Opera series 4, released in 2000.

The fact that servers are still supporting this is a shame. Are we really worried that someone is still running Windows 95/98/ME? The POODLE vulnerability shouldn’t even be a concern yet it is because servers are supporting this obsolete protocol. Isn’t time we put this old dog to rest?

Tests have shown the impact of disabling SSLv3 to be minimal. Users on Windows XP machines with Internet Explorer 6 saw the largest effect since TLSv1 is disabled by default on unpatched XP computers. However, Internet Explorer 6 browsers account for less then a tenth of a percent of all web traffic we see. Regardless, SSLv3 should be disabled to prevent clients from gaining a false sense of security.

Email team@it-sideways.com for details.

Comments