Choose from several options for complete web, email and data security.
Learn more
Evaluate Websense products by watching demos and installing evaluation software.
Learn how Websense solutions help keep our customer safe, secure and productive
Get information on product updates, support resources and more.
Get the most out of support in five simple steps.
Find tools and assets to help sell Websense solutions.
Stay informed on the latest security exploits, industry news, research, solutions, and more.
we want to hear from you >
Last week we announced several new, important core security technologies that we added to our TRITON architecture. Websense ACE now includes 10 new defense innovations; seven are focused on outbound traffic to keep data theft and call-home communications contained, preventing theft or loss. Because so many of them are industry firsts, I wanted to take a moment to explain what many of these do and why we created them.
Truth is, the bad guys are stealing corporate data and avoiding detection using advanced techniques. In just the last year, we've seen key intellectual property and user identities stolen from corporations and government agencies, including some you would least expect-including entertainment (gaming) and security companies!
Below are a few examples of how cyber criminals are going undetected, stealing your IP, and how we can stop it from happening.
More
Every day, organizations worldwide are targeted by data-stealing attacks. While these attacks have evolved in frequency and sophistication, many security defenses have failed to adapt. Old techniques don’t address containment against data theft and cybercrime call-home communications. The growing prevalence of cloud apps, along with increases in SSL traffic, mobility and remote users are also adding more blind spots to traditional defenses.
It’s imperative that we continue to stay up-to-date on the latest tactics and tricks. Join me this Wednesday, August 8, 2012 from 10 a.m. - 11 a.m. PT for a webinar on the seven stages of data theft. We’ll be covering each of these steps:
Reconnaissance - Targeted attackers access credentials and research online profiles, email IDs, org. chart information, hobbies and interests from social profiles to gain insight on their victims.
Lures - Designed to prey on human curiosity, web lures often link to videos or breaking news, while email lures are more business-focused on transaction and fake delivery notices.
Redirects - Users are usually directed to a survey, rogue anti virus offer or a fake web page where an exploit kit is waiting. Traditional redirects are injection attacks, while newer ones focus on social networking wall postings, fake plug-ins, fake certificates and heavily obfuscated java script.
Exploit Kits - The exploit kit objective is like that of a sniper: take the shot with a malware dropper file only when an open door for tested vulnerabilities is found.
Dropper Files - This stage is what most people consider the focus of their forward-facing defenses: analyze every file that comes into the network for malware. The problem is dropper files use dynamic packers, so known signatures and patterns are not available.
Call-Home - This stage involves calling home for malware downloads and tools, and for sending back information, standard procedure for any successful online attack. The problem is that most defenses are only forward-facing and do not analyze the outbound traffic from infected systems.
Data Theft - This is what they are after. The ability to contain an attack and stop data theft raises many questions that we will address. Can your defenses detect password files leaving your network or the use of custom encryption on outbound files?
In addition, we’ll be covering: why current defenses are failing; today’s new security requirements; and the newest, bleeding edge advanced threat and data theft defenses to emerge thus far.
We look forward to having you join the webinar. Bring your questions and be ready to talk threats!
Time for Black Hat again! Day one is almost complete and I’ve seen some big themes.
There’s some of the usual. Vulnerability scanning and pen testing are definitely present and the topics of identifying and learning from data breaches are still big—especially around the area of SIEM. There are also some new developments. For example, more exhibitors are simply about education, including your typical certification schools, but general higher learning institutions, like the University of Maryland, are also here.
As usual, Black Hat USA is full of security vendors and their products, but there seem to be more ‘service’ offerings showcased this year. This may not be surprising to those who have heard analysts increasingly discuss the weaknesses assumed by an organization that is overly dependent on purely in-house resources.
Education, services and research tools are obviously taking center stage in the battleagainst cybercrime. All this focus on education is precisely why we’ve developed a few new tools and resources to help resource-strapped customers tap into the expertise of the Websense® Security Labs™ researchers.
Sometimes you need more than what you have on-hand—especially when you are dealing with highly advanced malware and complex data stealing attacks. That’s when you need an expert security researcher to help. Our Websense Security Labs have morethan one hundred team members worldwide, hip–deep in the latest threats. The new Websense CyberSecurity Intelligence™ (CSI) services, announced today, help extend their expertise and educational benefits right into your organization.
Websense CSI services offer both online and 1:1 time with our researchers, through tools, training, in-person guidance and malware forensics.
All Websense CSI customers will have access to ThreatScope™, an online sandbox environment, to safely test potential malware. It uses our Websense Advanced Classification Engine (ACE) analytics to compile an extensive report of observed behavior on an uploaded file. Insights include the infection process; post-infection activities (such as calling home); system-level events and processes; registry changes and filemodifications.
Think about it, Black Hat USA only comes around once a year, but every day needs to be about education in the security field. Websense CSI services can be an extension of your learning process— giving you access to our researchers and the necessary tools to help you become more educated on the threats of today.
If you could study one aspect of today’s threats, what would you dive into?
Yesterday we posted about a new strain of highly advanced malware (APT), dubbed Flame. It is potentially the most advanced malware to date, at least in terms of functionality combined with the ability to stay hidden over a long period of time. It’s also unusually large (20 MB), whereas most attacks contain small files (under 1MB). The file is so large because it incorporates a broad set of capabilities including recording audio, taking screenshots, compiling a list of nearby Bluetooth devices, and more. It even includes some rare techniques not commonly found in malware, such as using the LUA scripting language for some of its functions. The primary function of Flame is to...
In my last post I discussed a push toward a more unified security strategy within the public and private sector. Today, I want to discuss why companies need to change their security strategy to stay ahead of the threats they face. This topic was something that came up a lot last week at the Austin NG security summit.
Ten years ago a great security program consisted of anti-virus, IDS, and firewalls – but now those protections have lost their effectiveness. Unfortunately, those three outdated security technologies now make up a huge portion of InfoSec spend. And the remaining small pittance is allocated to deal with the most advanced threats we have seen. Doesn’t seem like a fair fight does it?
Research from Poneman says 90 percent of all companies have been compromised in the last year. Many were targets of advanced malware that compromised web and email channels. Traditional signature-based security measures DO NOT catch these threats. They are too complex and change too fast for those old security measures to keep up.
Compound that with the fact that IT security is now on the CEO’s radar and the board is asking questions about security strategy. I’ve spoken to hundreds of CISOs and CSOs over the last year and the recent data breach headlines are catching their attention. More than ever the IT team is being asked: What is our current risk posture? How do we reduce risk? What is our situation? Are we going to be compromised? What is our strategy? This is our chance. Using this momentum and interest we must change the way we operate and the way executives think about security programs.
The first step is acknowledgement: You have to realize that at some point you will be compromised and the bad guys will get in. It’s not a matter of IF an APT or a targeted attack will strike; it’s a matter of WHEN. There is no silver bullet.
But, all is not lost! Once you’ve accepted this, the next step is to begin to change the way you plan. You need to be able to get the tools in place to be able to communicate to executives:
“I am going to prevent X amount of attacks. And of the guys that get in, I’m going to know in X amount of time, and I will have them contained in X amount of time. We can significantly reduce the probability that they will be able to access, our most important data.” Make sure you have the technology, people, and processes to back up your claims.
This is the new strategy we have to adopt and share. In the next blog, I’ll share the successful strategies I’ve seen from some of the best organizations and CSOs who have adopted this approach. We’ll look at the most common entry and exit points of attacks and how these successful CSOs are focusing their technology investments in those areas.
In the meantime, how many of you have had conversations with your executive team about your security posture? Has this increased in frequency in the last year? Let me know in the comments below.
The media is buzzing with stories of state-sponsored hacking and so-called advanced persistent threats, as well as high-profile data-theft attacks by cybercriminals. So what does this mean to everyday businesses owners and managers, companies that aren’t defense contractors or giant corporations?
It means watch out. The wildly successful techniques used in state-sponsored attacks are moving down a malware adoption lifecycle. Yesterday’s million-dollar, well-planned, high-profile attack quickly becomes a $25 exploit kit available online to armies of low-level hackers.
This is phase two of advanced threats. This army of profit-driven hackers is using the same advanced techniques to steal any data that they can get their hands on to sell, fence or ransom. No one is safe, because traditional defenses don’t work against advanced malware. And the cybercriminals are targeting every kind and size of business.
This is the part of the story that people need to hear: While the big-name breaches get the headlines, too many companies get lulled into a false sense of security thinking that they are safe because they don’t have state secrets. Our research shows how the advanced techniques used in APT attacks move downstream. From state-sponsored groups, to criminal gangs, and ultimately to individual hackers—they are hitting any business with anything of value. Because that’s where the money is. And it’s easy pickings because their antivirus software is defenseless against these advanced methods. Here’s how we see the malware adoption lifecycle playing out in the wild:
I’ve been on the road quite a bit and have collected a lot of good information that I want to share with you all. Most of what’s been attracting my attention is the recent crop of targeted attacks. For every one you hear about in the news, another 50 occur behind the scenes. I’ve spent a lot of time working with CIOs and CISOs to help them develop a strategy to protect against these threats.
One place where targeted attacks were a huge topic of conversation was at the U.S. Security Confab event that I attended last week. It’s hosted annually by my friends Jerry Archer, CISO Sallie Mae, Dave Cullinane, CISO EBAY, and Bob Bragdon, Publisher CSO Magazine. If you have never attended I highly recommend it (as if you needed an excuse to spend a week in California). It’s one of the best security conferences in the world.
APTs, targeted attacks, and advanced malware were the common threads that permeated the majority of the presentations. The resounding theme was also the lack of shared strategy and organization within the security community against our common enemy – cybercriminals. Right now when one of us is attacked we share the information upstream with the government, but we fail to turn that into any real, viable intelligence for the private sector. Don’t you think it would be helpful if we had a standardized way to share the intelligence in a standard format that details the “who” and the “how” of the attack? And I’m not just talking about U.S. here; this could be global as well. In this scenario, thousands of companies would be protected instantaneously when one of us learns of a new cyber threat.
Recently, we took a step in the right direction when the Pentagon announced that cyber space is a new battleground. A cyberspace attack on U.S. assets is now considered equal to an attack occurring on U.S. soil. At the same time Department of Defense Secretary, William J. Lynn III acknowledged the need for cooperation. He said:
“Strong partnerships with other U.S. government departments and agencies, the private sector and foreign nations are crucial. Our success in cyberspace depends on a robust public/private partnership. The defense of the military will matter little unless our civilian critical infrastructure is also able to withstand attacks.”
This is a great step, but we must continue to organize within the security community, since the bad guys are already organized and many of us stand on our own. Click here to read more about the Pentagon news.
This week I am attending the Austin NG security summit, so next week I will be talking about successful strategies to protect against ATPs and targeted attacks as well as any great insights from the Austin summit. In the meantime, let me know if you have any questions.
A while back it seemed like you just had to worry about foreign governments or competitors going after your IP, and cybercriminals stealing your money. As if that weren’t bad enough, now all of a sudden it’s cool to be a hacker again? Media notoriety elevates the atmosphere around the black, white, and grey hat communities.
So now, hordes of pro and semi-pros are armed with the same arsenal of tools and exploits. I’ve heard that breaches run in the hundreds of dollars per record, but if it is your IP stolen – the fundamental ingredients that make your business what it is, the pain can be even greater.
So, how do they do it? These bad guys are creating code that knows where your weaknesses are and searches out your most valuable data. They use combinations of email and web tactics, gain a foothold in your system and then have almost free reign to exfiltrate any data they think they can monetize.
How easy is it to evade detection? Well , John Strand just posted an excellent article about how to bypass AV on Pauldotcom. I think it’s almost recommended reading for anyone protecting a network.
In addition – tomorrow I’m going to be hosting a Webinar on some of our research on attacks, attack types and how you can stay ahead in the game. It’s a dog eat dog world out there, and there is a lot at stake. Join me and we’ll talk it through. You can register for the webinar here: https://connect.websense.com/e15206815/event/event_info.html
I look forward to sharing with you.
