Blogs

“Patch Java and you’ll be protected against Java threats”

We seem to hear this constantly, not just in the last few months, but for years. Way back in Nov. 2011, we were told that if we had Java 6 Update 29 or Java 7 update 1, we wouldn’t be vulnerable to the security weaknesses in the headlines. Yet, with each update vulnerabilities continue to be discovered and exploited. We even had two Java 0-day exploits included in kits before Oracle had patches prepared. Yet despite the patches, we continue to hear about new vulnerabilities...

So what to do? Based on my discussions with other pros and my own experience I’ll be presenting a series on how to mitigate Java risks to protect your endpoints. We’ll look at: Proactive; Immediate; and Long-Term prophylactic measures. Here’s what you can start acting on now:

Today, web security threats are quickly shifting from signature-based threats to zero-day attacks, exploit kits, dynamic bot call-outs and many more. It’s absolutely critical that IT security teams stay ahead of cybercriminals with defenses that can analyze web traffic and threats in real time. That’s where the IDC MarketScape for Web Security report comes into play. Recently released, this report includes all major industry players. Below are four ways this report will help...

I recently hosted a Websense customer round-table discussion with 20 CSOs from top U.S. companies. We swapped war stories, hashed out the security challenges they face every day and they shared how they’ve been successful. These CSOs work in a variety of industries, including federal, finance and healthcare. Recently, there have been a number of highly public targeted attacks, which led to a lengthy discussion on spear-phishing. I found their insights very valuable and I wanted to share some key points...

Last week we announced several new, important core security technologies that we added to our TRITON architecture. Websense ACE now includes 10 new defense innovations; seven are focused on outbound traffic to keep data theft and call-home communications contained, preventing theft or loss. Because so many of them are industry firsts, I wanted to take a moment to explain what many of these do and why we created them.

Truth is, the bad guys are stealing corporate data and avoiding detection using advanced techniques. In just the last year, we've seen key intellectual property and user identities stolen from corporations and government agencies, including some you would least expect-including entertainment (gaming) and security companies!

Below are a few examples of how cyber criminals are going undetected, stealing your IP, and how we can stop it from happening.

More

Every day, organizations worldwide are targeted by data-stealing attacks. While these attacks have evolved in frequency and sophistication, many security defenses have failed to adapt. Old techniques don’t address containment against data theft and cybercrime call-home communications. The growing prevalence of cloud apps, along with increases in SSL traffic, mobility and remote users are also adding more blind spots to traditional defenses.

It’s imperative that we continue to stay up-to-date on the latest tactics and tricks. Join me this Wednesday, August 8, 2012 from 10 a.m. - 11 a.m. PT for a webinar on the seven stages of data theft. We’ll be covering each of these steps:

Reconnaissance - Targeted attackers access credentials and research online profiles, email IDs, org. chart information, hobbies and interests from social profiles to gain insight on their victims.

Lures - Designed to prey on human curiosity, web lures often link to videos or breaking news, while email lures are more business-focused on transaction and fake delivery notices.

Redirects - Users are usually directed to a survey, rogue anti virus offer or a fake web page where an exploit kit is waiting. Traditional redirects are injection attacks, while newer ones focus on social networking wall postings, fake plug-ins, fake certificates and heavily obfuscated java script.

Exploit Kits - The exploit kit objective is like that of a sniper: take the shot with a malware dropper file only when an open door for tested vulnerabilities is found.

Dropper Files - This stage is what most people consider the focus of their forward-facing defenses: analyze every file that comes into the network for malware. The problem is dropper files use dynamic packers, so known signatures and patterns are not available.

Call-Home - This stage involves calling home for malware downloads and tools, and for sending back information, standard procedure for any successful online attack. The problem is that most defenses are only forward-facing and do not analyze the outbound traffic from infected systems.

Data Theft - This is what they are after. The ability to contain an attack and stop data theft raises many questions that we will address. Can your defenses detect password files leaving your network or the use of custom encryption on outbound files?

In addition, we’ll be covering: why current defenses are failing; today’s new security requirements; and the newest, bleeding edge advanced threat and data theft defenses to emerge thus far.

We look forward to having you join the webinar. Bring your questions and be ready to talk threats!

Before we begin, I recommended reading Getting Ready For Data Loss Prevention (DLP). Go ahead, I’ll wait for you…

Back? OK, now let’s talk what comes after; the “How” to implement DLP part.

As a next step, and at the risk of blowing my own horn, consider watching the recording of a webcast I did on April 5 here. You’ll get recommendations on how to deal with issues that are often overlooked in DLP deployments as well as some critical “how to” advice. This I position as an antidote to the all-too-common and none-too-helpful “just do it” approach to DLP advice. Because, on the path to DLP success, there are two deadly pitfalls to watch out for: 

The first is in understanding where to start your data protection strategy using DLP (and why). Where to start influences your program’s effectiveness compared to how much risk you are hoping to eliminate from the business.

The second pitfall is in understanding how to execute. The "how" may be the most important  part as it ultimately determines how soon you will benefit from DLP and determines the amount of resources that are required.

Surviving one of the pitfalls is hard enough, but trying to get through both on your own is nearly impossible.

Unfortunately, much of the historical “how” started with massive data-discovery projects, which usually meant at least six-months of project consulting before any data is protected.

Not every DLP vendor has the same vision for how to make DLP work, so make sure that you understand your vendor’s approach and agree with it.

Have a listen and let me know what you think.

Ever been to a webinar that tells you what to do, but fails to say how? Well, this week I’m determined to change that. I’m hosting a webinar that will help eliminate DLP fears and provide a guide on managing risk. As a Websense expert on DLP, I’m going to give real-world practical advice on how anyone can understand, apply, and realize real measurable DLP results. 

Here’s the webinar link. Join me on Thursday, April 5th at 10 a.m. PST/1 p.m. EST. You’ll learn:

- Guiding principles of security and risk management

- Data breach trends from the last six years

- Nine-step DLP methodology and execution strategy

- Success factors in addressing the web DLP challenge 

While CIOs don’t need to be convinced that data loss protection is important—many are afraid of failure. They have heard horror stories about deployment complexities and operational nightmares. Recent high-profile data breach headlines have also made them question the true value and effectiveness of DLP. Could you blame them? Well, this webinar is designed to give you a road map to DLP success.

Register for the webinar here: http://www.websense.com/content/brighttalk-webcast.aspx

If you have any questions on DLP or the webinar, feel free to post a comment. 

Once again, Websense has been recognized for three awards at the annual SC Magazine Awards. This year, we won all three for:

-          Best Enterprise Security Solution

-          Reader’s Trust Award for Websense Web Security Gateway

-          Best Corporate Security Blog

It is great to win in three different categories and to be recognized for exceptional enterprise protection and research of advanced attacks and evolving threats.

Websense Web Security Gateway Anywhere won the award for Best Enterprise Security Solution in the U.S. Excellence Award category and the award for Best Web Content Management Solution in the U.S. Reader’s Trust category. And the Websense Security Labs Blog won the award for Best Corporate Security Blog in the U.S. Social Media Award category. The awards were presented on February 28, 2012 at the SC Magazine Awards Gala in San Francisco.

The product awards are a testament to the foundations that allow us to claim that nobody in the world stops more threats:

-          The research and prevention expertise of the Websense Labs

-          ACE (the Websense Advanced Classification Engine), along with the ThreatSeeker Network

-          The TRITON architecture that products like Websense Web Security Gateway (along with email, mobile, and DLP solutions) are built upon.

Websense won by demonstrating the effectiveness against advanced malware of its real-time content analysis and unified security intelligence to a hand-picked expert panel of judges and the 2012 Reader Trust Voting Panel. 

The winner of this blogging category was determined by online votes from the general public, demonstrating that the Websense Security Labs blog is a trusted source for up-to-date and useful information on the latest outbreaks, threats, and other valuable security topics.

With all of the crazy 2011 security breaches, exploits and notorious hacks, what can we expect for 2012? Last year’s Websense Security Labs predictions were very accurate, so these predictions should provide very useful guidance for security professionals. Here are the highlights; the full report can be downloaded here.

Read more commentary and watch the video here.

Recently, the Wall Street Journal posted a great article on “What to Do if You've Been Hacked,” and I think there are a few items that should be looked at a little more closely.

The article explores the traditional forensics and communications approach to dealing with the aftermath of a data breach.  I’d like to take it a step further to discuss how you can prevent future hacks from happening.

In a number of recent cases we’ve where one hack can lead to another. It’s a potentially embarrassing situation for a company and a potentially career-threatening event for a CISO or CSO.

So, what should you do?

Read more

I've been meeting with a lot of customers recently, and two things that keep coming up are concerns about advanced targeted attacks and how to deal with the threats that social media bring into an organization.

Now, social media has been around for quite some time, it’s not new. The new challenge is the surprising rate at which it is evolving and the fact that it is seen now as a freight train that IT can’t stop—and shouldn’t try stopping.

Marketing uses Facebook and Twitter. HR uses LinkedIn. Even customer support is looking at Twitter. And a new generation of workers can’t seem to live without constantly being connected—and expectation they bring to work with them. I’ve even had a CSO come out and say, “Even in a tough job market, my CEO says we need to do everything we can to get the best candidates out there. That means access to social media and the innovations that come with it. Basically they told me to make it happen AND keep us safe.”

We’ve been working on things to keep organizations safe on the social Web for ages, but it helps to check in with the world every now and then to make sure we are on the right track in allowing safe access to social media.

With that in mind, we teamed with the Ponemon Institute to assess the social media readiness and risk profile of more than 4,000 IT and IT security practitioners around the globe, and what we found is a little surprising.

Last week, Patrik Runald joined CBC’s Lang & O’Leary Exchange to discuss the recent surge in Canadian cybercrime. In the segment, Runald answers a series of questions on why this escalation is happening. He explains how the increase is not an accident, but rather a calculated, organized move. To avoid the severe scrutiny of security software that IP addresses in China and Eastern Europe experience, cybercriminals are moving their networks to countries like Canada that have better cyber reputations. Canadian infrastructure is being used to attack users worldwide. As a result, in the past year alone, Canada has seen a 319 percent jump in servers hosting phishing sites, a 53 percent increase in bot networks, and is now number six in the world for hosting cybercrime.

The numbers are continuously rising, and attacks are growing increasingly more advanced. Read more about the threats here. Watch the full interview here.

If you are like me, you’ve seen and heard plenty about Advanced Persistent Threats (APTs) this year. It’s the new hot-button term. So popular that everyone has their own definition.

FUD continues to cloud the discussion we should be having. So we are starting a series of posts to separate the fact from fiction and to really nail what you should be concerned about. We will:

- Define what APTs are (and aren’t)

- Examine attacks from a research/technical perspective

- Discuss who should care and what you should do about it

- Talk about why most of today's security technologies aren't stopping these attacks

- Explain the malware technology adoption lifecycle (the dynamic missing from most discussions)

Websense Security Labs has been on the forefront of examining APTs in the wild and have charted the emergence of these exploits. We’ll explain why high-profile attacks seem to work so effortlessly. And we’ll discuss the ongoing evolution of APTs: from government/nationalistic targets to organized criminal gangs and soon individual hackers.

I encourage you to join our June 8 webcast on APTs. It’s being hosted by Patrik Runald, one of our senior security research managers.

Let’s skip the APT hype and FUD. Let’s use real-world examples to talk about what matters most to you.

In the meantime, I have my own question: how many of you have been approached by senior management with any questions about big data breaches, like, “Hey, I saw the news about (insert company) losing company data. What are we doing to avoid that?” What did you say?

We all know how hard it has been to get budget money over the last few years. You identify a problem, you evaluate solutions, and you know what you need to do. Then you hit a roadblock. You need a signature from someone who doesn’t know what you know, so you start looking for evidence that supports your recommendation.

I am very excited to give you some great new evidence. This will support your decision to use Websense to close the holes in your current security that web-based threats can come in through (and also prevent resulting data theft).

Gartner is the leading IT consultancy in the world, and they have named Websense a leader in the Gartner Magic Quadrant for Secure Web Gateway. 

This report helps give you the third-party validation that you need to avoid being the next data breach headline. You can download a copy of the report here. For more information, try contacting Websense or one of our resellers. 

What other tools are you using to wake up management to the threats and to get your project funded and fast-tracked?