Top Security Threats in 2014

by

triumfant-blog-thumbnail

Using the dynamic events of 2013 as a baseline and future indicator, we've set out to predict the security threats and headline-making trends that will plague the industry in 2014.  1.      The Rise of In-Memory Attacks or Advanced Volatile Threats (AVTs)A growing number of cyber-exploits are designed to elude current defenses by attacking … [Read more...]

Endpoints: Cyber Security’s Growing Blind Spot

by

triumfant-blog-thumbnail

While attacks on user devices become a favorite point of entry for attackers, most enterprises can’t see what’s happening to them For most enterprises, the endpoint has become the weakest link – and the attacker’s target of choice. Take a look at this year’s Verizon Data Breach Investigations Report. Endpoints – desktops, laptops, and ATMs – … [Read more...]

South Korea Cyber Attacks: Incident Response or Proactive Monitoring?

by

triumfant-blog-thumbnail

Last week’s malware attacks against several South Korean banks and television networks have left security experts questioning how malware continues to penetrate these “well-protected” networks. The problem is, how do we define “well protected?” Incident response teams such as those used in the recent attacks on the NYT/WSJ are part of the solution … [Read more...]

APTs vs. AVTs? Cutting Through the Hype

by

triumfant-blog-thumbnail

Last month, security company Mandiant released a major report that revealed several organized cybercrime groups in China are actively trying to hack into U.S. entities. This report caused widespread attention due to the fact that this is the first time there has been direct evidence – attribution if you will – against the Chinese that they are … [Read more...]

Why Security Technology Continues To Fail – And How We Can Stop The Cycle: Part 2

by

triumfant-blog-thumbnail

In our last post we addressed the fundamental failure of signature-based technologies, but an effective solution is tangible. There is a slew of new technology emerging on the market that promises to solve the “signature problem,” but the truth is that some of them don’t fix the problem at all. The following are a few tips and observations to … [Read more...]

Why Security Technology Continues To Fail – And How We Can Stop The Cycle: Part 1

by

triumfant-blog-thumbnail

In 2012, as in previous years, commercial industry and government agencies spent record numbers of dollars on information security. Yet in 2012, as in previous years, the issue of breaches and malware infections grew more acute than in any year before. Just look at the numbers. The most recent Verizon Data Breach Investigations Report indicates … [Read more...]

Breach Counts: We Don’t Know What We Don’t Know (Foghorn Leghorn Edition)

by

leghorn-image-small

I asked a question last week on Twitter that provoked some interesting discussion and even a slap on the hand.  I thought my question was relatively simple and sensible: Is it reasonable to wonder if the breaches we know about – the adversary was caught for lack of a better term – might we only be viewing a sample that represents the less well … [Read more...]

2011 – The Year We Recognized We Were Getting Breached

by

triumfant-blog-thumbnail

I just read the Symantec 2011 Internet Security Threat Report from cover to cover, which is a great report with a lot of great information.  But I have the same problem with this report as I do with the ones from Verizon Business, IBM X-Force, Trustwave, and Mandiant (also all great reports with great information) and several of the writers and … [Read more...]

Detection is the Horse, Investigation is the Cart – Use in That Order

by

people-logo-small

I received some interesting responses from my last week's post (Incident Detection, Then Incident Response) so let me try to answer them all collectively. No, my post was not a knock against incident response (IR) or forensics tools.  I believe we are getting things out of order.  It is about detection first.  Better analysis? Good. Better … [Read more...]

Incident Detection, Then Incident Response

by

There seems to be an interesting and, I believe unfortunate, trend emerging in IT security:  Incident Response (IR) and Forensics tools are being wrapped in professional services and being sold as the solution to the breach detection problem. While I am happy that there is growing understanding that there is a breach detection problem, the reaction … [Read more...]