Technology Talk – Information Security Newspaper | Hacking News https://www.securitynewspaper.com Information Security Newspaper|Infosec Articles|Hacking News Tue, 05 Dec 2023 15:22:41 +0000 en-US hourly 1 https://wordpress.org/?v=6.3 https://www.securitynewspaper.com/snews-up/2018/12/news5.png Technology Talk – Information Security Newspaper | Hacking News https://www.securitynewspaper.com 32 32 Stellar Cyber Launches Field-Proven University Program, Provides SOC Services to Underserved Communities https://www.securitynewspaper.com/2023/12/03/stellar-cyber-launches-field-proven-university-program-provides-soc-services-to-underserved-communities/ Sun, 03 Dec 2023 15:19:44 +0000 https://www.securitynewspaper.com/?p=27351 Cybersecurity is the industry of the future. If we only consider the financial damage of security incidents, the data shows that the cost of cybercrime is expected to double byRead More →

The post Stellar Cyber Launches Field-Proven University Program, Provides SOC Services to Underserved Communities appeared first on Information Security Newspaper | Hacking News.

]]>
Cybersecurity is the industry of the future.

If we only consider the financial damage of security incidents, the data shows that the cost of cybercrime is expected to double by 2027.

In 2023, the global cost of cybercrime worldwide is estimated at $11.50 trillion. In four years, the projected financial damage will likely total $23.82 trillion USD.

The technology security professionals use constantly changes. It evolves to keep up with emerging cyber exploits. And a large number of hacking threats.

The systems that businesses rely on change as well — increasing already large attack surfaces.

To protect their assets, companies need security experts who have the right skills to reduce the chance of a costly attack.

Most universities don’t have the time or funding to teach these skills to their students. For future cybersecurity professionals, this means that it takes longer than it should to get that first job out of college.

Open XDR innovator Stellar Cyber has launched the first program that helps students get hands-on cybersecurity experience.

How does the Stellar Cyber University Partnership Program help universities, students, and disadvantaged communities?

Helping Universities Free of Cost

“Stellar Cyber is proud to offer this comprehensive, collaborative education program free of charge for those training our cyber warriors of the future,” said Jim O’Hara, Chief Revenue Officer at Stellar Cyber.

When Stellar Cyber collaborates with a university on their new program, they offer:

  • Access to technology, i.e. their Open XDR platform
  • Instructor-led training for the use of the platform
  • Mentorship through their network of cybersecurity professionals and partners

Stellar Cyber has been developing its Open XDR (Extended Detection and Response) platform for almost a decade.

Combining the functionality of several key cybersecurity solutions (including SIEM, TIP, IDS, NDR, and UEBA), the platform offers united security in one place.

Using machine learning and AI, it analyzes and correlates large volumes of data arriving from once-disconnected security tools.

Enrolled students use Stellar Cyber’s Open XDR in the university lab to seek threats and react to them before they escalate.

The platform is intuitive and created to facilitate security analysis for smaller businesses, but the instructions help students optimize this security solution.

Stellar Cyber also offers ready-made instruction-led training. Because it’s too costly for universities to alter their curriculum as often as they should.

As students use the platform and learn more about it, they also have access to coaching and experienced mentors who have a long history of working in the industry.

Preparing Students for Careers in Cybersecurity

After they obtain a degree, students often aren’t sure:

  • Whether cybersecurity is the right career path for them
  • What kind of opportunities do they have in this growing industry
  • How to breach the gap between theoretical knowledge and practical skills

The program provides the students with insight into one aspect of cybersecurity, giving them a glimpse into the role of the security expert.

They’ll use the Open XDR platform to detect threats, investigate possible high-risk incidents, and respond with suitable measures.

During training and threat hunting, they get the skills that companies actively hiring security experts today genuinely need. With it, the program is bridging the gap between theory and practical skills common for new graduates.

“We are honored to do our part to help shrink the worldwide cybersecurity skills gap and provide security services to communities in need. It’s our objective to scale as broadly as possible and to assist universities as they prepare their graduates to enter the cybersecurity workforce.”

Besides technology, training, and mentorship, Stellar Cyber also offers a certificate. Stellar Cyber Certification Program is another way to separate themselves as job candidates once they complete their degree in cybersecurity.

Offering Enrolled Students Job Opportunities

The students who complete the program will be known as reliable future professionals who have the right skills and the practice to show for it.

Stellar Cyber has built a large network of partners and customers who need security professionals who are well-versed in the Open XDR platform.

“All too often, students graduate from college without being exposed to the fantastic career opportunities in the cybersecurity industry,” said Paul Levasseur, Vice President of Customer and Partner Enablement at Stellar Cyber.

Students who participate in the program will not only have a better understanding of what a security role entails and what kind of roles are available. 

They’ll also be linked with direct opportunities.

Having access to Stellar Cyber’s private LinkedIn group, they’ll be the first ones to know about the internship and hiring opportunities within the Stellar Cyber community.

Protecting Underserved Communities

The impact of this program goes beyond the universities and even after a grad career. Students get hands-on experience in the field by helping underserved communities that lack the technology that can safeguard them against evolving cybersecurity incidents. In most cases, such communities don’t have the resources to hire their own security operations team to manage their security.

The program changes that by protecting communities in need with the latest cybersecurity technology.

“Attackers look for targets that cannot easily defend themselves,” Levasseur added. “Our hope is to ensure that these previously underserved communities get the protection they deserve.”

How Can Universities Apply for the Program?

The partnership program is an invite-only opportunity, and it’s the first of its kind. Universities that do quality for it have to:

  • Provide the students with a certificate or a degree in cybersecurity
  • Utilize the Open XDR platform in their educational labs
  • Allow Stellar Cyber to use their details for promotion purposes
  • Agree to provide underserved organizations with security operations free of cost

Also, this is a great way to stand out as a university. That is, become an institution that provides the students with real-life experiences and programs that help them build foundations for a career in cybersecurity at the university.

The post Stellar Cyber Launches Field-Proven University Program, Provides SOC Services to Underserved Communities appeared first on Information Security Newspaper | Hacking News.

]]>
How to Rebuild your Exchange Server (After Ransomware Attack) using Stellar Repair for Exchange? https://www.securitynewspaper.com/2023/11/29/how-to-rebuild-your-exchange-server-after-ransomware-attack-using-stellar-repair-for-exchange/ Wed, 29 Nov 2023 15:04:58 +0000 https://www.securitynewspaper.com/?p=27350 In this review, we will be taking a live scenario where an Exchange Server is infected by a ransomware. We will see how to rebuild the Exchange Server after theRead More →

The post How to Rebuild your Exchange Server (After Ransomware Attack) using Stellar Repair for Exchange? appeared first on Information Security Newspaper | Hacking News.

]]>
In this review, we will be taking a live scenario where an Exchange Server is infected by a ransomware. We will see how to rebuild the Exchange Server after the ransomware attack and how to restore the services without any data loss. We will also discuss the issues that can occur when rebuilding the server. We will also mention an Exchange recovery tool, named Stellar Repair for Exchange that can help in recovery of database from the affected server.

The Scenario

There is an Exchange Server 2019 Standard, installed on a Windows Server 2019 Standard. The server is a Hyper-V virtual machine, hosted on Windows Server 2022 Standard. 

The virtual machine got infected by ransomware, called BadRabbit, which came from a user computer and propagated to the network. This happened during the weekend. The ransomware encrypted most of the files on the Exchange Server. Also, the server virtual machine was giving a lot of issues and the Exchange Server was not responsive. Fortunately, since the EDB files were locked by the Exchange Server, these were not encrypted. Although this might be a good sign, the database can still be damaged since it didn’t shutdown properly and the temporary data could still not be committed. 

After isolating the server from the network and removing the ransomware files from all the computers, the server was investigated in a sandbox environment to remove any traces of the ransomware files. After a clean-up and getting go-ahead by the security team to reconnect the server with the network, there was an extensive amount of troubleshooting required to get the services running. Some of the operating system files were damaged. 

Restoring from backup was a solution, but only the weekly offsite backup was available. The Network Attached Storage (NAS) had the local daily backups that were infected as well. So, the local backups were not usable. Going back a week would mean a massive data and business loss. So, an alternative was needed.

The Server Recovery and Rebuilding Process

The decision is taken to rebuild the Exchange Server and start from scratch, after we shut down or isolate the damaged server. Next, we need to get into the Active Directory Users and Computer to reset the computer account.

A screenshot of a computer

Description automatically generated

For the first part, we need to install a new virtual machine with the same IP address of the previous Exchange Server and retain the same computer name. This will help in the recovery process. Although the data resided on the Exchange Server, the configuration and setup are all in the Active Directory Schema (ADS). 

It’s important to note that the drive space, drive letters, and other things from the previous server documentation are same. Now, we need to re-install the Exchange Server with the same version and build number, but not in the conventional way. We need to run the setup.exe file with the following parameters.

Setup.exe /m:recoverserver

A screen shot of a computer

Description automatically generated

This process would take about 45 minutes depending on the performance of the server. This will re-install the Exchange Server and retain the same configuration of the previous server, which is pulled from the Active Directory Schema (ADS). After this, any custom connectors need to be re-created from scratch. The biggest problem is to retain data, without any loss or go back a week from the backup.

Copying the databases from the corrupt server and putting them in the same location and then restarting the services mean we would end up with the databases in Dirty Shutdown state. We can use the EseUtil to perform smooth recovery to clear out any small damages. But if transaction logs are lost and damaged, there is little we can do. Then, the option is to perform hard recovery. But it will mean data loss and no guarantee that it will work. Also, this process will take a lot of time and effort. So, the alternative is to use a third-party Exchange recovery software to recover the data.

How Stellar Repair for Exchange can help?

Since the copy of the databases or transaction logs could be damaged, using an Exchange recovery software, such as Stellar Repair for Exchange can shorten the recovery time. This means the users will get their data back faster.

With Stellar Repair for Exchange, we can easily open damaged Exchange Server mailbox databases from any version of Exchange Server, with or without an active Exchange Server. Here’s the process to recover data from EDB using the software:

  • The process starts with selecting the EDB file and then choosing either Quick Scan or Extensive Scan.
Graphical user interface, text, application, email

Description automatically generated
  • After scan, the software will present all the mailboxes and resources found in the database. The scan can also be saved for later use.
Graphical user interface, application

Description automatically generated
  • The software will let you choose the resources. We can export directly to a live Exchange Server.
Graphical user interface, text, application, email

Description automatically generated
  • After selecting the mailboxes to export, the details of the destination need to be set. The software automatically matches the mailboxes and also allows to match the mailboxes manually. It also allows to select the VIP resources to be processed first.
Graphical user interface, application

Description automatically generated

After this, the process will start. When the data is restored, the users will see their data in their mailboxes. 

ConclusionAbove, we have discussed the process to rebuild Exchange Server and recover the data after ransomware attack. Restoring the data from backup is not an ideal solution as it can result in data loss. Alternatively, we can use Stellar Repair for Exchange to reduce the recovery process time to a bare minimum and to protect the company data. The software can help in getting the services up and running in no time and with ease.

The post How to Rebuild your Exchange Server (After Ransomware Attack) using Stellar Repair for Exchange? appeared first on Information Security Newspaper | Hacking News.

]]>
How NDR Compares with Other Security Solutions? https://www.securitynewspaper.com/2023/11/14/how-ndr-compares-with-other-security-solutions/ Tue, 14 Nov 2023 11:38:00 +0000 https://www.securitynewspaper.com/?p=27340 Nowadays, businesses are facing continuous cyber threats and several have lost valuable data to hackers. As a fact, every business needs to keep its network safe to protect sensitive data.Read More →

The post How NDR Compares with Other Security Solutions? appeared first on Information Security Newspaper | Hacking News.

]]>
Nowadays, businesses are facing continuous cyber threats and several have lost valuable data to hackers. As a fact, every business needs to keep its network safe to protect sensitive data. Amazingly, the market offers multiple security solutions to help you run your business with minimal hassle. You can either go for traditional methods or modern cutting-edge technologies like NDR. To those who are less knowledgeable about these options, choosing one can be challenging. To make informed decisions about protecting your network, it’s crucial to understand how NDR compares to other security solutions.

In this guide, we will explore the world of NDR, compare it to traditional security measures, and discuss its advantages and integration possibilities with existing security infrastructure.

Understanding NDR Security and Its Functionality

To understand the comparisons, we need to grasp what is NDR security and how it works. NDR is a proactive cybersecurity approach that detects and responds to network threats instantly. Unlike traditional security measures that primarily rely on perimeter defenses, NDR monitors network traffic, identifies anomalies, and swiftly responds to potential threats. By leveraging advanced analytics and machine learning, NDR is capable of detecting both known and unknown threats, making it a robust solution in today’s ever-evolving threat landscape.

NDR solutions typically utilize a combination of signature-based detection, behavior analysis, and threat intelligence to provide comprehensive visibility into network activities. This visibility extends beyond the traditional boundaries of the network, encompassing cloud environments, remote devices, and IoT devices.

Digital security concept

Through continuous monitoring and analysis, NDR enables security teams to gain insights into network behavior, detect suspicious activities, and mitigate potential risks before they escalate. This proactive and holistic approach sets NDR apart from conventional security measures, offering a more dynamic and adaptive defense mechanism.

Exploring the Role of NDR in Cybersecurity

In the realm of cybersecurity, NDR plays a pivotal role in fortifying the defense posture of organizations against a myriad of threats. By continuously monitoring network traffic and analyzing patterns, NDR serves as a vigilant guardian, capable of identifying anomalies and potential indicators of compromise. This real-time visibility and threat detection are instrumental in thwarting advanced persistent threats (APTs), insider threats, and zero-day attacks that may evade traditional security controls.

Moreover, NDR’s ability to provide contextual insights into network activities empowers security teams to make informed decisions and prioritize response efforts. This contextual awareness enables rapid incident response, containment of threats, and comprehensive forensic investigations. In essence, NDR not only acts as a proactive shield against cyber threats but also as a strategic enabler for enhancing the overall cybersecurity posture of organizations.

NDR vs. Traditional Security Solutions

Understanding NDR requires comparing it with traditional security solutions to highlight its unique value. Traditional measures like firewalls, IDS, and antivirus focus on perimeter defense, preventing unauthorized access and filtering known threats. However, these solutions have limitations in detecting and responding to sophisticated threats that exploit network vulnerabilities.

In contrast, NDR takes a proactive stance by continuously monitoring network traffic, analyzing behavior patterns, and detecting anomalies indicative of potential threats. This real-time threat detection capability allows NDR to identify advanced threats, including insider threats, lateral movement within the network, and stealthy attack techniques. By extending its visibility beyond the network perimeter, NDR provides a comprehensive view of network activities, enabling security teams to detect and respond to threats that may bypass traditional security measures.

Advantages of NDR over Other Security Measures

The advantages of NDR over traditional security measures are manifold, stemming from its proactive and dynamic approach to threat detection and response. Firstly, NDR’s ability to detect both known and unknown threats, including zero-day exploits and polymorphic malware, sets it apart from signature-based security solutions. This capability is crucial in combating emerging threats that may evade traditional security controls.

Furthermore, NDR’s focus on behavior analysis and anomaly detection enables it to identify insider threats and lateral movement within the network, which are often challenging for traditional security solutions to detect. This proactive stance against insider threats is particularly significant in today’s interconnected and dynamic work environments, where the traditional network perimeter is increasingly porous.

Additionally, NDR’s scalability and adaptability make it well-suited for modern network architectures, including cloud environments and remote workforce scenarios. As organizations embrace digital transformation and distributed work models, the need for a security solution that can effectively monitor and protect diverse network environments becomes increasingly critical. NDR’s ability to seamlessly integrate with these modern network paradigms positions it as a versatile and future-ready security solution.

NDR Integration with Existing Security Infrastructure

One of the key considerations for organizations evaluating NDR is its integration with existing security infrastructure. NDR is designed to complement and enhance the efficacy of traditional security measures rather than replace them. By integrating with SIEM (Security Information and Event Management) platforms, endpoint detection and response (EDR) solutions, and threat intelligence feeds, NDR enriches the overall security posture of an organization.

The integration of NDR with existing security infrastructure fosters a synergistic relationship, where the strengths of each solution are leveraged to create a more robust defense mechanism. For instance, NDR’s real-time threat detection capabilities can provide valuable insights to SIEM platforms, enriching the correlation and analysis of security events. Similarly, the contextual visibility provided by NDR can enhance the efficacy of EDR solutions in identifying and mitigating endpoint-based threats.

The Future of NDR in Cybersecurity

As the cybersecurity landscape continues to evolve, the future of NDR holds significant promise in addressing the escalating challenges posed by sophisticated threats. The convergence of NDR with artificial intelligence (AI) and machine learning (ML) technologies is expected to further enhance its capabilities in detecting and responding to complex threats. The integration of AI-driven analytics will empower NDR to discern subtle patterns indicative of potential threats, enabling more precise and proactive threat detection.

Moreover, the proliferation of IoT devices, cloud adoption, and remote work trends necessitate a security solution that can adapt to the evolving network paradigms. NDR, with its focus on continuous monitoring and behavior analysis, is well-positioned to cater to the security needs of these dynamic environments. The agility and scalability of NDR make it a viable candidate for safeguarding modern networks against a spectrum of threats, ranging from traditional malware to sophisticated, orchestrated attacks.

Conclusion

The emergence of NDR represents a paradigm shift in cybersecurity, offering a proactive and dynamic approach to threat detection and response. By comparing NDR with traditional security measures, it becomes evident that NDR’s real-time visibility, behavior analysis, and contextual insights provide a unique vantage point in combating modern cyber threats. The advantages of NDR, including its ability to detect unknown threats, mitigate insider risks, and seamlessly integrate with existing security infrastructure, position it as a formidable ally in the cybersecurity arsenal.

As organizations navigate the complex cybersecurity landscape, embracing NDR as a complementary layer to traditional security measures can enhance their resilience against a diverse range of threats. The future of NDR holds promise in harnessing advanced technologies to fortify its capabilities and adapt to the evolving cybersecurity challenges. By staying abreast of these developments and leveraging NDR’s potential, organizations can proactively safeguard their networks and data assets in an increasingly interconnected digital ecosystem.

The post How NDR Compares with Other Security Solutions? appeared first on Information Security Newspaper | Hacking News.

]]>
What Is UEBA? https://www.securitynewspaper.com/2023/11/10/what-is-ueba/ Fri, 10 Nov 2023 22:03:01 +0000 https://www.securitynewspaper.com/?p=27327 User and Entity Behavior Analytics, commonly referred to as UEBA, is a cybersecurity concept that utilizes machine learning, algorithms, and statistical analyses to detect abnormal behavior or instances within aRead More →

The post What Is UEBA? appeared first on Information Security Newspaper | Hacking News.

]]>

User and Entity Behavior Analytics, commonly referred to as UEBA, is a cybersecurity concept that utilizes machine learning, algorithms, and statistical analyses to detect abnormal behavior or instances within a network that may indicate a potential security threat. Unlike traditional security systems, UEBA focuses on user behavior to establish a baseline and then identify any deviations from this norm.

UEBA is not limited to monitoring user behavior. It also tracks the activities of machines, devices, and other entities within a network. Therefore, it can detect threats from both inside and outside an organization. Whether it’s a malicious insider trying to steal sensitive data or a botnet attack from an external source, UEBA can efficiently identify these threats and alert security teams in real-time.

The power of UEBA lies in its ability to analyze vast amounts of data and identify patterns that humans may overlook.

Differences Between UEBA and Traditional Security Systems

Traditional security systems mainly rely on predefined rules and signatures to detect threats. They are effective in identifying known threats but often fail to detect new or sophisticated attacks. On the contrary, UEBA, with its behavior-based approach, can identify even unknown threats by detecting deviations from normal behavior patterns.

Moreover, traditional security systems often generate a lot of false positives. This is because they treat every deviation from predefined rules as a potential threat, which may not always be the case. UEBA, however, can minimize false positives by understanding the context of network behavior. It can differentiate between truly malicious activities and benign anomalies, thereby reducing the workload of security teams.

Another significant difference is that traditional security systems are reactive, meaning they respond to threats after they have occurred. In contrast, UEBA is proactive. It can predict potential threats based on behavioral patterns and take preventive measures to mitigate them. This proactive approach can significantly reduce the risk of security breaches and data leaks.

Key Components of UEBA Systems

Data Aggregation and Integration

UEBA systems aggregate and integrate data from a wide variety of sources, including network traffic, log files, threat intelligence feeds, and more. This enables them to have a holistic view of network activities and identify potential threats more accurately.

The power of UEBA lies in its ability to handle both structured and unstructured data. It can analyze text files, emails, social media posts, and even voice and video files. This capability allows it to detect a broad range of threats, from unauthorized access to sensitive data to subtle signs of insider threats.

Behavioral Profiling

Behavior profiling is another critical component of UEBA. It involves creating a baseline of normal behavior for each user and entity within a network. This baseline is continuously updated as the system learns more about the network’s behavior patterns.

Once the baseline is established, UEBA systems can easily identify any deviations from the norm. For instance, if a user starts accessing data they have never accessed before, or if a machine starts communicating with an unknown IP address, these activities will be flagged as anomalies.

Anomaly Detection

As mentioned earlier, anomaly detection is at the heart of UEBA. It involves identifying events or behaviors that deviate significantly from the established baseline. This could be anything from a sudden spike in network traffic to unusual login attempts at odd hours.

Anomaly detection in UEBA is powered by advanced machine learning algorithms. These algorithms are capable of learning from historical data, identifying patterns, and predicting future behavior. This enables UEBA systems to detect both known and unknown threats.

Risk Scoring

Risk scoring is the final component of UEBA. After detecting anomalies, UEBA systems assign a risk score to each of them based on their potential threat level. This helps security teams prioritize their response efforts.

Risk scoring is not a one-size-fits-all process. It takes into account various factors, such as the sensitivity of the data involved, the potential impact of the threat, and the behavior history of the user or entity involved. This makes it a highly effective tool for threat detection and prevention.

Use Cases for UEBA

Insider Threat Detection

One of the most potent threats to an organization’s cybersecurity comes from within – the insider threat. Insiders, whether malicious or negligent, have legitimate access to sensitive information, making it challenging to prevent unauthorized access or misuse. UEBA, through its advanced analytics capabilities, can help in detecting such threats. 

By continuously monitoring and analyzing user behavior, UEBA can identify anomalous patterns indicative of a potential inside attack. For instance, a sudden increase in data downloads by a particular user or unusual access to sensitive information might signal an insider threat. Through its proactive alert mechanism, UEBA can flag such anomalies, enabling swift action and mitigating potential damage.

Compromised Account Identification

Account compromise is another major cybersecurity concern. Cybercriminals often gain access to an organization’s system by stealing user credentials. Once they have access, they can cause significant damage, from data breaches to financial loss. 

UEBA can play a crucial role in identifying compromised accounts. By establishing a baseline of normal user behavior, UEBA can identify deviations from this norm. Suppose a user who usually logs in during office hours suddenly starts accessing the system at odd hours. In that case, it could be an indication of a compromised account. UEBA’s dynamic profiling and real-time analytics enable the timely detection of such anomalies, allowing organizations to respond promptly.

Data Exfiltration Prevention

Data is the lifeblood of any business. Therefore, preventing data exfiltration is of paramount importance. UEBA can assist in this regard by monitoring the flow of data within an organization. 

By understanding the normal data transfer patterns, UEBA can detect any unusual data movement that might indicate a potential exfiltration attempt. For example, an unusual spike in data transfer to an external IP address could be a sign of a data exfiltration attempt. By alerting the security team in real-time, UEBA plays a critical role in preventing data loss.

Advanced Persistent Threat Detection

Advanced Persistent Threats (APTs) are long-term targeted attacks where the attacker infiltrates a network and remains undetected for a prolonged period. This stealthy approach allows them to steal sensitive information or disrupt operations over time. 

UEBA can help detect such threats by analyzing network behavior and identifying unusual patterns. With its ability to correlate events across multiple systems, UEBA can detect subtle signs of an APT, such as low and slow data exfiltration or anomalous logins, triggering a proactive response.

Tips for Implementing UEBA Solutions

Here are a few tips that can help you effectively implement UEBA in your organization.

Integration with Existing Security Infrastructure

Implementing UEBA effectively requires careful integration with the existing security infrastructure. UEBA is not a standalone solution but complements other security measures like Security Information and Event Management (SIEM), Data Loss Prevention (DLP), and Endpoint Detection and Response (EDR). Therefore, it’s crucial to ensure seamless integration of UEBA with these systems for a holistic security approach. Furthermore, UEBA solutions should be able to ingest and analyze data from a variety of sources, including network traffic, logs, and threat intelligence feeds, to provide a comprehensive view of the security landscape.

Setting Baselines and Continuous Learning

One of the most significant advantages of UEBA is its ability to learn and adapt. By setting a baseline of normal behavior, UEBA can identify anomalies that might indicate potential threats. However, this requires continuous learning and adjustment. As user behavior changes over time, the baseline should also evolve. Therefore, it’s essential to ensure that your UEBA solution is capable of continuous learning and can adjust its baseline dynamically. Moreover, the effectiveness of UEBA also depends on the quality of data it receives. Therefore, it’s critical to feed your UEBA solution with high-quality, relevant data for accurate results.

Addressing Privacy and Ethical Considerations

While UEBA provides significant security benefits, it also raises certain privacy and ethical concerns. UEBA involves continuous monitoring of user behavior, which can be perceived as invasive. Therefore, it’s crucial to address these concerns from the outset. Organizations should establish clear policies about what data will be collected, how it will be used, and who will have access to it. Moreover, they should ensure compliance with data protection regulations and respect user privacy. It’s also advisable to maintain transparency with employees about the use of UEBA and its benefits to the organization and their own security.

User Training and Awareness

Finally, the success of UEBA implementation largely hinges on user training and awareness. Users should be made aware of the importance of security and their role in maintaining it. Training programs should be conducted to familiarize users with security best practices and the implications of their actions. Furthermore, users should be encouraged to report any unusual activity, thereby contributing to the effectiveness of UEBA.

Conclusion

In conclusion, UEBA is a powerful tool that can significantly enhance an organization’s security posture. By unlocking the power of UEBA, organizations can proactively detect and mitigate a wide range of threats, from insider threats to APTs. However, effective implementation of UEBA requires careful integration with existing systems, continuous learning, addressing privacy concerns, and user awareness. With these considerations in mind, organizations can leverage the full potential of UEBA and bolster their cybersecurity defenses.

Author Bio: Gilad David Maayan

Gilad David Maayan is a technology writer who has worked with over 150 technology companies including SAP, Imperva, Samsung NEXT, NetApp and Check Point, producing technical and thought leadership content that elucidates technical solutions for developers and IT leadership. Today he heads Agile SEO, the leading marketing agency in the technology industry.

LinkedIn: https://www.linkedin.com/in/giladdavidmaayan/

The post What Is UEBA? appeared first on Information Security Newspaper | Hacking News.

]]>
Galvanised Steel Security Solutions for Vacant Properties https://www.securitynewspaper.com/2023/11/03/galvanised-steel-security-solutions-for-vacant-properties/ Fri, 03 Nov 2023 21:30:44 +0000 https://www.securitynewspaper.com/?p=27331 There are many things you might need to take care of when it comes to managing a vacant property, but securing it is one of the most important responsibilities youRead More →

The post Galvanised Steel Security Solutions for Vacant Properties appeared first on Information Security Newspaper | Hacking News.

]]>
There are many things you might need to take care of when it comes to managing a vacant property, but securing it is one of the most important responsibilities you have. But it’s not just beneficial—it’s a government requirement. 1.2mm galvanised steel sheets are a requirement for boarding up vacant properties, and as you’ll see there’s plenty of reason to follow this regulation closely.

Why Use Galvanised Steel

Galvanised steel is the best material for boarding up a vacant property. Steel, of course, is strong and durable, and this alone makes it far better than something like wooden boards that can be broken or burned. Galvanisation is the process of applying a protective coating of zinc to the steel which prevents the sheets from rusting. Where wood will quickly degrade, galvanised steel sheets will stay strong for many years.

Steel is recognised by the government as the most effective means of securing a vacant property. Galvanised steel is proven and predictable in its effectiveness, and properties all over the world have been using steel sheets for this purpose for decades. The main benefits of such steel sheets can be broken down into five categories…

  1. Weatherproof and rust resistant

The most important distinction about galvanised steel sheets is that they are not going to show wear and tear from weather conditions, even over a very long period of time. The zinc coating prevents the build-up of rust which would otherwise degrade the quality of the metal.

Galvanised steel sheets are also resistant to the weather, enduring the unpredictable weather patterns here in the UK. Rain, wind, storms—galvanised steel can endure it all without compromising the security of your property. With galvanised steel, you ensure the long-term durability of the security measures on your property.

  1. Versatility

Another common question around the process of boarding up a vacant property is how any single material could possibly fit over every door and window. Galvanised steel sheets, in addition to its resistance to the elements, is also highly versatile. It can be custom-cut to order to fit any window or door size you might need it for, with every sheet fitting flush to the edges of the entry. With something like plywood, you would have to take the time to measure and cut the pieces yourself, making steel sheets a much more convenient and far less time consuming choice. 

This makes galvanised steel sheets much more cost effective for those specialising in vacant properties, as it can be customised to fit any needs you might have. 

  1. Strength and Durability

Galvanised steel sheets are highly versatile and will resist the weather—but no doubt the biggest, immediate concern anyone faces with a vacant property is potential break-ins and vandalism. The steel material is strong and durable, able to withstand a great deal of punishment from potential vandals or those trying to get inside. The strength of the material means any brute force attempt to get past the sheet will certainly fail. Tamper proof bolts make them essentially impervious to subtler approaches.

Steel has the highest strength-to-weight ratio of any material like it, and so there’s no better choice. The zinc coating will never crack as it is bonded to the steel, and so any damaged areas are automatically protected and you don’t need to worry about small scratches.

  1. Affordability

Despite all these benefits, another key point about galvanised steel sheets is that they are still a highly affordable option. Manufacturers such as Buy Metal Online offer a free service for cutting the sheets to the size you need, and so the sheets will arrive ready to use—no need for preparation or inspection. There’s no solution that’s easier to use.

  1. Environmentally friendly

Finally, on top of everything else, galvanised steel sheets are one of the most environmentally friendly choices for a vacant property. Firstly, the maintenance is a lot less intensive, and it doesn’t need to be painted or treated. Because the material has such a long lifespan, longer than many other commonly used materials, it would be many, many years before it ever needed to be replaced.

Steel can be infinitely recycled, too, without losing any of its strength or other beneficial properties. Compared to the likes of wood, which is a single-use material in most cases, steel is the most recycled material in the world and over 90% of steel products are recycled. While wood is renewable, this isn’t the same as being sustainable. Newly planted trees can take decades to mature, while you can recycle steel endlessly without the need to restore the materials. Further to this, removing trees will always have an impact on local wildlife, regardless of how quickly you plant new trees. 

Above all else is the fact is that you are legally required by the UK government to use 1.2mm galvanised steel sheets to secure a vacant property. It’s easy to see why, given all its numerous benefits. With 1.2mm steel sheets, you can rest assured that both your property is safe and that you are adhering to legal requirements. Galvanised steel is both affordable and convenient while not sacrificing environmental sustainability; it is arguably the strongest and most weather-resistant material you could reasonably use for the purpose and despite its great strength remains an incredibly versatile material.

Prioritising this government-recommended solution will give you the best possible and most enhanced property security you could ask for, and it’s worth every penny.

The post Galvanised Steel Security Solutions for Vacant Properties appeared first on Information Security Newspaper | Hacking News.

]]>
Top 8 Darknet Marketplaces: Trends of Darkweb Ecosystem  https://www.securitynewspaper.com/2023/11/02/top-8-darknet-marketplaces-trends-of-darkweb-ecosystem/ Thu, 02 Nov 2023 11:51:00 +0000 https://www.securitynewspaper.com/?p=27325 According to TorHunter.com, Darknet markets are seeing a rise in activity, with sales likely to hit  $10 billions in 2024. These hidden markets, operating in encrypted networks, are a growingRead More →

The post Top 8 Darknet Marketplaces: Trends of Darkweb Ecosystem  appeared first on Information Security Newspaper | Hacking News.

]]>
According to TorHunter.com, Darknet markets are seeing a rise in activity, with sales likely to hit  $10 billions in 2024. These hidden markets, operating in encrypted networks, are a growing concern for law enforcement. The ease of access and anonymity provided by cryptocurrencies fuel the  growth of these markets, making it a challenge to curb illegal transactions. The forecast underscores the need for a stronger global approach to tackle the rising cybercrime in the face of a digital  economy. 

Our data shows interesting findings on behavior in darknet marketplaces. It shows how dark web  shopping is linked to cryptocurrency. With this info, we suggest steps cryptocurrency businesses  can take to avoid problems related to darknet market activity, like learning how to access darknet  safely. 

Disclaimer: The information provided herein is intended solely for educational purposes. It is not to be used or interpreted as an encouragement or endorsement for engaging in any illegal activities,  including but not limited to accessing darknet marketplaces or participating in dark web shopping.  The objective is to enlighten readers on the subject matter and promote a better understanding of  the digital realm’s potential risks and challenges. Any misuse or illegal activities carried out based  on this information is strictly at the individual’s own risk and responsibility. 

Nemesis Market 

Nemesis Market is a hybrid of a forum and a darknet market accepting Bitcoin and Monero, with a  3-year uptime. 

Link: http://nemesis55gdxo6emcigofp26nmjokadvmvsbnauloweoa47v2aap2ead.onion 

Cypher Market  

Cypher Market is a new walletless darknet market on the Tor Network that opened March 2020.  Cypher Market features escrow and finalize early along with accepting Bitcoin and Monero. 

Link: http://6c5qa4pybtkfni7hbk4fyzdjdbzv7ll22grwuln5sh7u2fxp5ty324qd.onion

MGM Grand Market 

MGM Grand Market is a very sleek, secure and feature rich market. MGM Grand features BTC as a payment method and all the standard features like PGP encryption, 2-FA + escrow. 

Link: http://duysanj6lge7vfis24r4zkqrvq6tq4xknajk2wdrne2wgx5hpr5c3tqd.onion 

Incognito Market 

Since 2021, Incognito market has been one of the easiest and safest darknet marketplaces. Reliable,  no-hassle, fast market. 

Link: http://inco3jv3zuudwv2xunslkjq57iicosepewhku2woxfhxltreojtmo4yd.onion

Ares Market 

Security, Speed, Safety, and Anonymity. 

Link: http://ares2vsjkc4p3vuvm65etbikyclqkzhstx4nypq2kiqei246ktt3uiqd.onion  

City Market

Fast market providing best deals. 

Link: http://wsptl3z7h2ul4da6rihyb4pwpu4ykcj5fc6cxutkkam72whkbt5i5byd.onion 

Bohemia Market 

Bohemia is a cutting-edge marketplace designed to take a more modern approach of the traditional  dark-net market.  

Link: http://bohemdulnoma7x4x445e7sdsv6lcfxbl3fcwl2r2te5xe73zk5tvhrqd.onion  

Flugsvamp 4.0 

Biggest Swedish market. BTC and Monero. 

Link: http://fs4isvbujof355wj3hhsqahpvmwwjaq3s4mac4yrufrl26pxbzqjvzid.onion 

The post Top 8 Darknet Marketplaces: Trends of Darkweb Ecosystem  appeared first on Information Security Newspaper | Hacking News.

]]>
Crypto prices https://www.securitynewspaper.com/2023/10/10/crypto-prices/ Tue, 10 Oct 2023 15:04:52 +0000 https://www.securitynewspaper.com/?p=27295 The Greek philosopher Heraclitus is known for asserting that “change is the only constant in life.” In regards to cryptocurrency prices, this is the case to a great degree sinceRead More →

The post Crypto prices appeared first on Information Security Newspaper | Hacking News.

]]>
The Greek philosopher Heraclitus is known for asserting that “change is the only constant in life.” In regards to cryptocurrency prices, this is the case to a great degree since the thing that is most predictable about them is that they rise and fall quite significantly. Even within a single day, the price of a given cryptocurrency can rise and fall by several percentage points. 

Considering the different types of cryptocurrency available on the market, you may be wondering which one you should purchase. A clear overview of the current prices and trends comes in really handy when you are considering options of the best cryptocurrency to buy today, and whether you want to invest, trade, or manage it in some other way. 

Making an informed, safe, reliable, and secure decision is advisable when it comes to both finances and digital ventures. With crypto being between these two worlds, it is of utmost importance that you don’t fall prey to the many scams, and fraud that can target these markets.

How falling crypto prices affected cybercrime

A recent article details how cryptocurrency users are becoming victims of address poisoning attacks. On the sunnier side of the street though, there has been a positive trend about cybercrime – financial scams and ransomware payouts have actually decreased in 2022. Some experts hypothetically correlate the lowered crime to declining crypto prices.

Cryptocurrencies have decreased significantly in value since the previous two years. During the same time period, the expenses associated with certain types of cybercrime have also gone down. Could there be a strong link between the two?

Crypto prices lower and cyber crime declines

In the past months, crypto prices have been on a downward trend. One of the contributing factors to this decrease in value is the strength of the US dollar. This year has demonstrated an ongoing negative correlation between the US dollar and cryptocurrency. So, in short, the recent past has witnessed the US dollar going up in value, the value of cryptocurrency decreasing and cybercrime is considered declining. 

Hackers typically use dark web exchanges when they are committing cyber crimes because they don’t have to input a user identity and they can safely remain anonymous. Dark web exchanges are usually used to exchange crypto from one service to another at higher fees than the previous transaction, and not for storing the currency. 

The decreasing cryptocurrency prices are making dark web exchanges less common since they in turn lowered the purchasing power of groups who had been using cryptocurrency to support illegal transactions.

Stay safe and secure steering clear of scams

Even though there has been a decrease in some types of cyber crimes due in part to the drop in crypto prices, it is still of utmost importance to be cautious of any financial or digital venture you enter. These days, there are many types of malware, phishing, cyber attacks, and scams, and it is wise to keep an eye out and remain watchful. The official website of the United States government, the United States Secret Service, speaks about combating the illicit use of digital assets. 

Some red flags for crypto scams include excessive margins, loan offers, or matching funds. Offers that seem too good to be true most likely are. Luckily, there are some ways to recover funds from cryptocurrency scams, but the best way to go is to prevent them as much as possible. Some steps you can take to protect yourself are separating your bank accounts from crypto accounts, not responding to unknown users, doing thorough research before any business undertaking, and taking care not to click links that seem suspicious.

The post Crypto prices appeared first on Information Security Newspaper | Hacking News.

]]>
The Ingenuity of Turning any EDR Solution into a Powerful Open XDR System https://www.securitynewspaper.com/2023/10/03/the-ingenuity-of-turning-any-edr-solution-into-a-powerful-open-xdr-system/ Tue, 03 Oct 2023 16:55:43 +0000 https://www.securitynewspaper.com/?p=27277 In Frost & Sullivan’s “Frost Radar™: Extended Detection and Response 2023” report, the business consulting and market research firm lists Stellar Cyber as an innovator in the endpoint detection andRead More →

The post The Ingenuity of Turning any EDR Solution into a Powerful Open XDR System appeared first on Information Security Newspaper | Hacking News.

]]>

In Frost & Sullivan’s “Frost Radar™: Extended Detection and Response 2023” report, the business consulting and market research firm lists Stellar Cyber as an innovator in the endpoint detection and response (EDR) field. Notably, it is the only non-EDR company lauded for its trailblazing approach to developing endpoint detection and response technology to address modern threats. 

“Stellar Cyber XDR is designed with simplicity and quick onboarding in mind and provides heavy support so customers can operate the solution within only a few hours,” the report writes. It also notes that the firm takes advantage of the MSSP channel to become more appealing to small and midsize businesses, which helped it achieve strong market acceptance.

Stellar Cyber’s innovation, as acknowledged by one of the leading growth strategy companies in the world, merits attention for demonstrating ingenuity in responding to modern cyber threats organizations inevitably have to face. The emphasis on EDR is particularly important because of the rapid growth of endpoints in modern enterprises, which create more potential attack surfaces.

Leading in vendor-agnostic integration

Stellar Cyber’s VP of Product Sam Jones highlights the innovation his company is bringing to cybersecurity, noting how competitors are slowly coming to Stellar Cyber’s Open XDR concept, especially in terms of integrating with more data sources. “We have committed to incorporating new data sources that customers request within two weeks, and we are working constantly to maintain our leadership in vendor-agnostic integration,” Jones says.

For emphasis, Stellar Cyber’s solution is called Open XDR. It is an evolution of XDR, which Frost Radar highlights for its impressive growth and ability to provide enhanced analytics, data integration, security visibility, automation, and flexibility. Open XDR ups the ante by bringing together more data from various sources to bolster threat detection accuracy and response agility. It integrates the data generated by security solutions from different vendors to maximize the benefits of the security products already used by an organization.

Most other security providers cited in Frost Radar focus on EDR and XDR. Stellar Cyber is one of the few that advance the concept of Open XDR, alongside Sekoia and Trellix. Frost Radar praises Sekoia for outpacing industry-average growth rates because of its innovative open XDR approach. Meanwhile, Trellix is not exactly using the “Open XDR” term for its product, but it essentially espouses core Open XDR functions by openly integrating data from over a thousand third-party sources out of the box and ensuring a multi-vendor and multi-vector approach in threat detection and prioritization.

Turning any EDR into an Open XDR solution

There are several other companies mentioned in the Frost Radar EDR report that also integrate data from other security solutions. These include the big guns such as Kaspersky, Microsoft, and Sentinel One. Secureworks and Cybereason also score high in the report’s innovation and growth indices.

However, Stellar Cyber’s Open XDR solution stands out because it does not only bring security data together to create a unified security operation with extensive security visibility and agile detection and response capabilities. It can do all of these by turning an existing EDR solution into Open XDR.

Stellar developed this approach in recognition of the pros and cons of the “Build/Acquire Everything” and “Integrate with Everything” models. In the former, security products from different providers are pieced together to create a unified, coherent, and consistent platform for threat detection and response. It ensures a comprehensive but intuitive experience by providing a singular dashboard to handle EDR tasks. In contrast, the latter model makes it possible for organizations to get rid of virtually all limitations in integrating multiple disparate security tools. It allows organizations to come up with infinite combinations of security tools to find one that suits their needs best.

“Build/Acquire Everything” may appear limited, but it provides better usability because organizations can readily use the extended detection and response solution built out of this model. However, it holds back the idea of being vendor-agnostic since the provider is the one that chooses what EDR, Network Detection and Response (NDR), Security Information and Event Management (SIEM), Threat Intelligence Platform (TIP), and other tools to put together. Organizations do not need to have the expertise and experience to pick the best solutions to integrate. The problem is if the provider uses mediocre or inferior tools.

The “Integrate with Everything” model provides the most flexible option for integrating different solutions. However, it also requires knowledge and experience in the best security tools, something not many organizations have given the ongoing cybersecurity skills shortage that is expected to worsen because of the current global economic situation.

Stellar Cyber offers a combination of both models to maximize the advantages and minimize the drawbacks. Specifically, Stellar Cyber provides an Open XDR platform that readily has NDR, TIP, and SIEM functions as well as AI-driven threat detection and response capabilities. All of these can be integrated with the EDR solution an organization chooses. Intrusion Detection System (IDS) and User Entity Behavior Analytics (UEBA) tools may also be sourced from third-party providers.

Stellar Cyber developed a special AI engine and an API to ensure the seamless integration of these multiple disjointed tools. The artificial intelligence system makes it possible to quickly correlate data and processes to dramatically improve detection accuracy and bring the number of false positives to the lowest it can get. Meanwhile, the specially built API ensures frictionless integration with thousands of third-party tools.

Why build a platform around third-party EDR?

Stellar Cyber has not explicitly stated the reason why they decided to have EDR as its anchor third-party solution. They could have built their own EDR system and created an Open XDR platform that integrates other third-party tools with it. However, it’s easy to interpolate the justification for this model.

First, EDR is already an established sector in the cybersecurity market. There are numerous EDR solutions available and many of them have built undeniable expertise in the field over the years. Many organizations are already using these solutions, and the last thing they need is to abandon a product they have invested resources in to adopt a new solution that provides the same EDR functions but with a few enhancements. The switch is going to be costly and will likely require additional training to onboard everyone in the new system.

Another important reason to build an Open XDR solution around a third-party EDR is the complex nature of existing EDR solutions. The EDR products on the market are rarely the same, so Stellar Cyber focused on making many security tools integrable with them instead of creating a new EDR product that integrates with other security tools. Again, EDR is already a long-established field, so organizations have already developed their respective preferences for EDRs to use. It is more intuitive for them to keep their preferred EDR and integrate newer security technologies than to switch to a new EDR whose capabilities are yet to be tested and proven.

With all of these, there should be no doubt that Stellar Cyber earned its place in Frost Radar’s list of noteworthy endpoint detection and response solutions. The security provider has made Open XDR an attractive option because of its intuitiveness and seamless integration. It also makes excellent sense from a business perspective, as it allows Stellar Cyber to attract more potential users among those who have existing EDR solutions deployed.

The post The Ingenuity of Turning any EDR Solution into a Powerful Open XDR System appeared first on Information Security Newspaper | Hacking News.

]]>
Enhancing Data Security with a “Shift Left” Mindset https://www.securitynewspaper.com/2023/09/18/enhancing-data-security-with-a-shift-left-mindset/ Mon, 18 Sep 2023 19:34:02 +0000 https://www.securitynewspaper.com/?p=27232 In today’s hyper-connected digital universe, safeguarding data has become an indispensable priority for organizations worldwide. Your data is your most valuable asset, and protecting it should be a top priority.Read More →

The post Enhancing Data Security with a “Shift Left” Mindset appeared first on Information Security Newspaper | Hacking News.

]]>
In today’s hyper-connected digital universe, safeguarding data has become an indispensable priority for organizations worldwide. Your data is your most valuable asset, and protecting it should be a top priority. But how can you protect what you don’t know exists? Adopting a “Shift Left” mindset in your data discovery platform is the answer. Let’s delve deeper into this concept and understand how it can help enhance your data security.

The concept of “Shift Left” in data security involves bringing security considerations earlier into the data lifecycle instead of waiting until later stages. By shifting security left, you are integrating it into the initial stages of data creation, ingestion, and collection. This proactive approach significantly enhances data security, as risks can be identified and mitigated before they become serious threats.

You Can’t Protect What You Don’t Know Exists

Projected to grow at a CAGR of 24.3% from 2021 to 2028, the data classification market size is expected to reach USD 4544.30 million by 2028, highlighting the importance of gaining insight into your data as the initial step towards enhancing data security. Most organizations today have a massive amount of data, much of which lives in different places and formats, and is accessed and used in different ways. However, organizations often don’t have complete visibility into everything they have, or even a fraction of it.

Unknown data can’t be protected and creates a significant security risk. It’s like owning a treasure chest but not knowing where it is, which makes it prone to theft. Therefore, the first step in implementing a “Shift Left” approach in data security is to gain complete visibility of your data.

You gain several benefits by integrating data security measures and practices at the beginning stages of software development. First, you can detect and fix vulnerabilities early, reducing the risk of data breaches. Second, it allows you to build security into your data from the outset rather than trying to bolt it on later. Finally, it ensures that security is considered at every stage of the data lifecycle, making it an integral part of your data strategy rather than an afterthought.

Enhancing Data Security Through Early Classification

Once you have visibility of your data, the next step is classification. This involves categorizing your data based on its sensitivity and value to the organization. Accurate recognition of confidential information can facilitate the implementation of suitable security measures to safeguard sensitive data.

It also helps in regulatory compliance, as many regulations require businesses to protect specific data types. By classifying data at the point of creation, ingestion, or collection, you can ensure that sensitive data is adequately protected from the beginning.

The data classification process can serve as a cornerstone for an effective data security strategy, enabling organizations to distinguish between public, confidential, or sensitive data. This categorization is crucial for developing a layered security approach, wherein data of higher sensitivity is accorded more robust protective measures.

Furthermore, data classification aids in managing risks and ensuring legal discovery. It eliminates the chance of redundant data storage, enhancing efficiency and cost-effectiveness. With the rise of data breaches, early and precise data classification can act as a proactive shield, securing the organization’s most valued digital assets. Hence, prioritizing data classification can significantly bolster an organization’s data protection efforts, ensuring a safe and secure digital environment.

Finding and Classifying Data at Scale

To fully implement a “Shift Left” strategy in data security, you need to be able to find and classify data at scale. This is a significant challenge, given the volume of data that most organizations deal with.

A data discovery platform can help organizations find, track, classify, and manage their data. Such platforms use advanced technologies like machine learning and artificial intelligence to discover and organize data automatically. They can analyze large volumes of data quickly and accurately, making them an essential tool for implementing a “Shift Left” strategy in data security.

Implementing a “Shift Left” strategy for improved data security involves several steps:

  1. Identify and Classify Data: Understanding the nature of your data is the first step. By identifying and classifying data from the point of creation, you ensure that sensitive and critical information gets the right level of protection from the start.
  2. Implement Security Measures Early: Rather than adding security controls as an afterthought, they should be incorporated during the initial stages of the data lifecycle. This early adoption of security measures helps prevent data breaches and minimize potential risks.
  3. Foster a Security-First Culture: Creating a security-first culture within the organization is crucial for a shift left strategy. This involves training all staff members about the importance of data security and promoting practices that prioritize data protection.
  4. Use Automated Security Tools: Leveraging automated security tools for data protection can help identify vulnerabilities and threats in real-time. These tools can be configured to monitor data activity and alert you to suspicious behavior, allowing you to take immediate action.
  5. Regularly Review and Update Security Policies: Security requirements evolve with time and technology, hence, it’s essential to review and update your security policies periodically. This ongoing evaluation ensures that your data protection measures align with current threats and regulatory requirements.
  6. Conduct Regular Security Audits: Regular security audits are vital in identifying any weaknesses in your data protection strategy. These audits provide an opportunity to assess the effectiveness of your security measures and make necessary adjustments to enhance data security.

Adopting a “Shift Left” approach in data security can substantially reinforce your organization’s defense mechanisms. This strategy involves a clear understanding of your data, early classification, and integrating security measures throughout the data lifecycle, all of which help safeguard your most precious resource – your data.

It’s important to remember that data security isn’t a one-off project but a continuous undertaking. Hence, reviewing and updating your data security strategies regularly is critical to stay ahead of the ever-changing threat environment. 

The post Enhancing Data Security with a “Shift Left” Mindset appeared first on Information Security Newspaper | Hacking News.

]]>
4 Threat Detection Techniques for Enterprises in a Changing Landscape https://www.securitynewspaper.com/2023/08/30/4-threat-detection-techniques-for-enterprises-in-a-changing-landscape/ Wed, 30 Aug 2023 11:35:00 +0000 https://www.securitynewspaper.com/?p=27189 Threat detection has always played a major role in every enterprise’s security posture. However, technological advances have turned threat detection into a challenging exercise. Security teams have more fragmented networksRead More →

The post 4 Threat Detection Techniques for Enterprises in a Changing Landscape appeared first on Information Security Newspaper | Hacking News.

]]>
Threat detection has always played a major role in every enterprise’s security posture. However, technological advances have turned threat detection into a challenging exercise. Security teams have more fragmented networks to cover, and threats have become more sophisticated.

Verizon’s 2023 Data Breach Investigations Report notes that the time for a threat to move from proof-of-concept to a breach has accelerated. Nimbleness is critical in modern enterprise cybersecurity and threat detection is one of the first steps in this process.

Here’s how enterprises can boost threat detection in this challenging environment.

Continuous monitoring

When speaking of continuous monitoring, most cybersecurity teams think of security validation. While validation is a big part of security monitoring, restricting company activities to within its network is a big mistake. Companies must also secure their assets hosted on other networks, such as the internet. Website spoofing, for example, is on the rise. 

While these attacks do not impact companies directly, they cause a massive loss of brand trust. Customers unknowingly input their personal and financial information into fake branded sites, get defrauded, and lay the blame on the company. In the long run, a company that neglects its brand mentions online will project a callous attitude towards its customers (and might possibly need to reimburse their customers, given the direction government regulations are going.)

Tracking all brand mentions is thus a critical part of security monitoring. Enterprises must also take measures beyond mere monitoring, such as real-time detection. Memcyco, an up-and-coming player in the website impersonation and anti-fraud space, has developed a platform that detects when a brand’s website has been spoofed and alerts them in real time. Furthermore, the platform prevents their customers from interacting with the fake site by issuing Red Alerts every time a customer enters it. Memcyco calls this critical time the “window of exposure”, from when a fake site is up until it is taken down (which can take up to months), which is when customers are the most vulnerable to getting defrauded. It’s precisely during this time that it’s imperative to intervene swiftly.

When combined with monitoring attack vectors via continuous security monitoring platforms, external brand monitoring can safeguard enterprises from unknown threats. Moreover, this approach gives security teams a better chance at responding quickly.

Continuous monitoring is a far more nimble approach when compared to scheduled pentests. While the latter is useful, solely relying on it to unearth network deficiencies is a mistake. Attackers might change their tactics by the time enterprises fix issues, causing the entire exercise to be rendered obsolete.

Next-gen SIEM

SIEM has played a large role in advancing modern cybersecurity to where it is. However, modern teams need much more than a logging tool. In today’s fragmented and dispersed network landscape, knowing what is happening is not enough.

Teams need automated threat detection and mitigation, too. Machines form the bulk of entities accessing data these days, and a threat logging solution falls severely short. By the time the security team has a chance to respond, the machine will likely wreak havoc.

Next-gen SIEM adds threat mitigation to existing logging abilities and is an indispensable part of the modern security stack. Eric Parizo, Principal Analyst at Omdia, says, “They consistently deliver faster, simpler deployment; they provide superior systems management; faster and often transparent software upgrades; more frequent new features; new detection and parser content are often all handled by the vendor, akin to a managed service, and they can scale dynamically to automatically accommodate an increase in data sources or burst ingestion events.”

These benefits make next-gen SIEM a no-brainer for enterprises. The good news is next-gen SIEM abilities are integrated with modern EDR and UEBA platforms. With service providers clearly reacting to the modern threat landscape, enterprises have no excuse to stick to legacy SIEM solutions and jeopardize their security.

Incentivize employee reporting

Every enterprise’s biggest resource is its workforce. Why not incentivize employees to report suspicious incidents? Usually, security teams shy away from implementing such programs due to the high number of false positives. 

While several false reports will distract security teams away from real threats, the core issue is the lack of employee security training. Firms continue to stick to tired old ways of training employees by delivering seminars and forcing them to understand complex jargon.

Modern companies tailor cybersecurity training by taking every employee’s technical skill into account. Simulation platforms give employees a chance to exercise their skills in a safe environment without fear of causing a breach.

These platforms also help employees change their behavior in the face of a threat. Instead of being merely “aware” of a threat, they act on it. The result is accurate threat evaluation and few false positives. Incentivizing employees to report threats or suspicious behavior will also push them to upskill themselves in cybersecurity. These processes create a win-win for enterprises.

Access monitoring

Monitoring network access is a basic cybersecurity task. However, this is a complex process for modern teams because of the machine-dominated landscape they face. Instead of relying on manual processes, security teams must integrate automation into their workflows.

Zero Trust (ZT) security philosophy is the best way of doing this. ZT emphasizes automation and least privilege access as standard, giving security teams more time to assess security threats.

For instance, ZT specifies that an entity can access data only for a specific period and has its credentials revoked once done. Forcing every entity to prove its identity removes the threat of expired or unused credentials being leveraged by malicious actors.

Least privilege also limits the number of IDs a team issues, ensuring fewer entry points for hackers or anyone else who could initiate a breach.

A nimble approach is critical

Modern enterprise cybersecurity must be nimble to work effectively. The principles outlined in this article will help security teams create a secure environment and more time for themselves to fully assess threats. 

The post 4 Threat Detection Techniques for Enterprises in a Changing Landscape appeared first on Information Security Newspaper | Hacking News.

]]>
Incident Response in 2023: Technologies and Trends https://www.securitynewspaper.com/2023/08/08/incident-response-in-2023-technologies-and-trends/ Tue, 08 Aug 2023 19:25:15 +0000 https://www.securitynewspaper.com/?p=27055 What Is Incident Response?  Incident response refers to the process followed by an organization to address and manage the aftermath of a security breach or cyber attack. The goal ofRead More →

The post Incident Response in 2023: Technologies and Trends appeared first on Information Security Newspaper | Hacking News.

]]>

What Is Incident Response? 

Incident response refers to the process followed by an organization to address and manage the aftermath of a security breach or cyber attack. The goal of incident response is to handle the situation in a way that limits damage, reduces recovery time and costs, and ensures that the incident is properly documented and reported to meet regulatory requirements.

In the simplest of terms, incident response is like a well-organized fire drill for cyber attacks. It’s a set of instructions that help IT staff and business owners identify, respond to, and recover from network security incidents. These instructions include steps to take when an attack is identified, who should be involved, how data should be collected and analyzed, and how to learn from the incident to prevent future attacks. See this detailed blog post for more background about incident response.

Importance of Incident Response in Cybersecurity

Minimizing Impact of Attacks

One of the primary reasons for having an incident response plan is to minimize the impact of attacks. Cyber attacks can lead to significant financial losses, especially for businesses that rely heavily on online transactions. An effective incident response plan can help businesses identify attacks early, contain them quickly, and minimize potential damage.

Moreover, incident response is not just about dealing with the attack itself but also about dealing with the aftermath of the attack. This includes notifying affected parties, managing public relations, and fulfilling any legal obligations. Having a plan in place ensures that these tasks are handled efficiently and effectively, reducing the overall impact of the attack.

Recovery and Restoration

Another critical aspect of incident response is recovery and restoration. After a cyber attack, it’s essential to restore systems and operations to normal as quickly as possible. Incident response teams work to eliminate the threat from the company’s systems, repair any damage, and restore data from backups.

The speed and efficiency of recovery can significantly impact a business’s bottom line. The longer it takes to recover, the more revenue is lost. Furthermore, prolonged recovery times can also damage a company’s reputation, leading to loss of customers and potential future business.

Legal and Regulatory Compliance

Cybersecurity incidents can have serious legal and regulatory implications for businesses. In many jurisdictions, businesses are required to report breaches to regulatory bodies and affected individuals. Failure to comply with these requirements can result in hefty fines and legal proceedings.

An incident response plan helps businesses meet their legal and regulatory obligations by ensuring that incidents are properly documented and reported. This includes keeping detailed records of the incident, the response actions taken, and the lessons learned. Such documentation can be crucial in defending against lawsuits or regulatory actions.

Reducing Downtime

Downtime is costly for any business. It leads to lost productivity, lost revenue, and can damage a company’s reputation. A well-prepared incident response team can significantly reduce the amount of downtime a business experiences after a cyber attack.

By quickly identifying and containing an attack, the team can minimize the amount of time systems are down. Moreover, by having a plan for recovery and restoration, the team can ensure that systems are back up and running as quickly as possible.

Emerging Technologies Influencing Incident Response 

AI and ML in Incident Response

Artificial intelligence (AI) and machine learning (ML) are changing the face of incident response. These technologies can automate many of the tasks involved in incident response, allowing teams to respond more quickly and effectively to attacks.

AI and ML can be used to detect anomalies in network traffic, identify malicious activity, and even predict future attacks. They can also automate the process of collecting and analyzing data, freeing up incident response teams to focus on more strategic tasks.

Extended Detection and Response (XDR)

Extended Detection and Response (XDR) is another technology that is shaping the future of incident response. XDR is a security approach that integrates multiple security tools into a single platform. This allows incident response teams to have a more holistic view of their environment and respond more effectively to threats.

XDR platforms can collect data from a wide range of sources, including network traffic, endpoint devices, and cloud services. This data is then analyzed to detect threats and automate response actions.

SIEM

Security Information and Event Management (SIEM) systems are another crucial tool in incident response. SIEM systems collect and analyze log data from various sources within an organization’s IT infrastructure. They provide real-time analysis of security alerts and can automate response actions.

By providing a centralized view of an organization’s security landscape, SIEM systems can help incident response teams identify, investigate, and respond to security incidents more efficiently.

Threat Intelligence Platforms

Threat Intelligence Platforms (TIPs) provide incident response teams with information about known threats and threat actors. This information can help teams identify attacks more quickly and respond more effectively.

TIPs collect and analyze data from a variety of sources, including open-source intelligence, social media, and internal data. They provide actionable intelligence that can be used to enhance an organization’s security posture and improve incident response efforts.

Key Trends in Incident Response for 2023 

Increase in Remote Work and its Impact on Incident Response

The shift to remote work has had a significant impact on incident response. With more employees working from home, the attack surface for cyber criminals has expanded. This has made incident response more challenging, as teams must now deal with threats on a wide range of devices and networks.

In 2023, we can expect to see more tools and strategies aimed at dealing with the challenges posed by remote work. This may include increased use of cloud-based incident response tools, as well as strategies for securing remote devices and networks.

Shift from Reactive to Proactive Incident Response

Traditionally, incident response has been a reactive process. Teams would wait for an attack to occur and then respond. However, this approach is no longer sufficient in today’s threat landscape.

In 2023, we can expect to see a shift towards more proactive incident response. This means identifying and addressing vulnerabilities before an attack occurs. It also means monitoring for signs of an attack and taking action before the attack has a chance to cause damage.

Emphasis on Incident Response Testing and Simulation

Another trend we can expect to see in 2023 is an increased emphasis on incident response testing and simulation. Testing and simulation are crucial for ensuring that an incident response plan is effective.

Through testing, teams can identify gaps in the plan and make necessary adjustments. Simulation exercises can also help teams practice their response to an attack, ensuring that they are prepared when a real attack occurs.

Greater Regulatory Scrutiny and Its Impact on Incident Response

Finally, in 2023, we can expect to see greater regulatory scrutiny of incident response. As cyber attacks continue to increase in frequency and severity, regulators are becoming more interested in how businesses respond to these incidents.

This means that businesses will need to ensure that their incident response plans meet regulatory standards. They will also need to be prepared to provide documentation of their response efforts in the event of a regulatory investigation.

Conclusion

In conclusion, mastering incident response is crucial for businesses in today’s digital world. By understanding what incident response is, recognizing its importance, staying up-to-date with emerging technologies, and keeping an eye on key trends, businesses can protect their digital assets, minimize the impact of attacks, and comply with legal and regulatory requirements.

Author Bio: Gilad David Maayan

Gilad David Maayan is a technology writer who has worked with over 150 technology companies including SAP, Imperva, Samsung NEXT, NetApp and Check Point, producing technical and thought leadership content that elucidates technical solutions for developers and IT leadership. Today he heads Agile SEO, the leading marketing agency in the technology industry.

LinkedIn: https://www.linkedin.com/in/giladdavidmaayan/

The post Incident Response in 2023: Technologies and Trends appeared first on Information Security Newspaper | Hacking News.

]]>
How Virtual Data Rooms are Revolutionizing the Investment Banking Industry https://www.securitynewspaper.com/2023/08/07/how-virtual-data-rooms-are-revolutionizing-the-investment-banking-industry/ Mon, 07 Aug 2023 08:27:00 +0000 https://www.securitynewspaper.com/?p=27052 Investment banking is a basis of the financial services sector. It plays a crucial role in capital raising, mergers and acquisitions, and other financial activities. Digital technologies continue to transformRead More →

The post How Virtual Data Rooms are Revolutionizing the Investment Banking Industry appeared first on Information Security Newspaper | Hacking News.

]]>
Investment banking is a basis of the financial services sector. It plays a crucial role in capital raising, mergers and acquisitions, and other financial activities. Digital technologies continue to transform industries around the world, and investment banking isn’t an exception. 

A key technological innovation that has made a significant impact on the investment banking is the development and introduction of Virtual Data Rooms (VDRs). Data room services are secure, and online platforms have disrupted traditional practices and ushered in a new era of efficiency and security, proving themselves to be a true game-changer in the world of investment banking. Here you won’t find a data room review, but will certainly find out enough information to understand the benefits of this software.

What Are Virtual Data Rooms?

Virtual Data Rooms are cloud-based platforms designed for the storage, management, and sharing of important company documents and data. They have become an indispensable tools in various industries, including investment banking. The key features of VDR include easy access and management, fast work, advanced encryption, data backup, and customizable user interfaces. You can get acquainted with the best solutions https://www.idealsvdr.com/blog/top-5-oppenheimer-mutual-funds/.

It can be difficult for some companies to integrate new technologies into their lives – many people don’t trust AI assistants at all. However, data rooms are those that can be trusted. 

  • Traditional physical data rooms involve maintaining hard copies of documents in a secure, on-site location. Access is granted only to authorized personnel, which can be time-consuming and costly, especially when dealing with large volumes of documents and multiple stakeholders.
  • VDRs provide a secure online environment where documents can be accessed from anywhere, at any time, and by multiple users simultaneously. Data room software also eliminates the risks associated with transporting and storing physical documents, such as loss, theft, or damage.

Applications of Virtual Data Rooms in Investment Banking

Before you start looking for the best data room providers, you need to understand how VDRs can be used in this industry. These rooms have emerged as a vital tool for various applications, streamlining processes, and enhancing collaboration. Here are 3 main applications that can be distinguished:

  • Mergers and Acquisitions (M&A). VDRs streamline the due diligence process in investment banking by offering a centralized platform for document storage and review, which allows for quicker access to vital information and more effective evaluation of potential deals. Additionally, virtual data room providers promote seamless collaboration among involved parties through real-time sharing and updates of pertinent documents, enhancing communication and minimizing the chances of misinterpretations.
  • Fundraising and capital market transactions. VDRs facilitate efficient documentation management for fundraising and capital market transactions by organizing the extensive collection of required documents, ensuring easy access to up-to-date information. Additionally, they offer a secure platform for sharing sensitive data with potential investors, preserving confidentiality while enabling them to comprehensively assess investment opportunities.
  • Compliance with regulations. Data rooms improve regulatory compliance and reporting. They provide a centralized, secure location for storing documents, simplifying access, and submission as mandated by any authorities. Furthermore, virtual data rooms maintain detailed records of all user activities within the platform, delivering a transparent and comprehensive audit trail.

Impact of Virtual Data Rooms on Investment Banking

The emergence of data room software has had a transformative effect on the investment banking landscape. By offering innovative solutions for managing and sharing sensitive information, VDRs have reshaped various aspects of the industry. Let’s discuss the key of them:

  • Increased speed and efficiency. VDRs streamline processes like due diligence and document management, reducing the time and effort required to complete transactions.
  • Improved security and risk management. Electronic data room utilizes advanced security measures to protect sensitive data, mitigating the risks associated with data breaches and unauthorized access.
  • Enhanced collaboration and communication. VDRs foster better communication between parties by centralizing information and enabling real-time updates and sharing.
  • Cost savings and environmental benefits. Since there’s no longer need for physical data rooms and paper consumption, virtual data room can help to save on operational costs and contribute to more sustainable business practices.

Conclusion

The success of the best virtual data room providers in this sector has led to their adoption in various other industries. And every industry that uses data rooms has recognized the potential of VDRs in managing sensitive data and streamlining operations, paving the way for broader applications and increased demand for VDR services.

One can predict that online data room software will be used by more and more companies. Technology providers are constantly improving their products, add new features and introduce new capabilities. This ongoing innovation ensures that VDRs remain at the forefront of secure data management, meeting the evolving needs of businesses and keeping pace with the rapidly changing digital landscape.

The post How Virtual Data Rooms are Revolutionizing the Investment Banking Industry appeared first on Information Security Newspaper | Hacking News.

]]>