dfm covers
 
 

Press Releases


AppRiver Enhances Web Security Offering

A startling finding in this year's Verizon's Data Breach Investigations Report is that, in 60 percent of breaches, attackers are able to compromise an organization within minutes. The report confirmed that cyberattacks are becoming increasingly sophisticated, yet many criminals still rely on tried and true techniques such as phishing and hacking. In fact, when it comes to phishing, it takes just 82 seconds from the start of a phishing campaign circulating to it receiving its first bite. Having succumbed, 75% of attacks spread from the first victim to the next within one day (24 hours). Yet, when it comes to detection, the proportion of breaches discovered within days still falls well below that of time to compromise.

All of this is testament that timely notification and information about cyber intrusion is critical for IT administrators to prevent and minimise the threat from cyber criminals. AppRiver, LLC, a leading provider of email messaging and Web security solutions, today announced its latest version of SecureSurf™, a multi-layered adaptive solution to defend against existing and emerging Web-based threats. This version of SecureSurf also features a new Critical Threat Notification capability that serves as an early warning system for network administrators.
 
SecureSurf’s multi-layered cloud solution combines proactive features such as firewalls, intrusion detection, anomaly alerting, log analysis, malware forensics and virus intelligence data. Recently, only large companies could afford to implement and maintain comprehensive solutions, but SecureSurf delivers advanced Web security to businesses of all sizes.  
 
“Unfortunately for online users today, it’s no longer a question of if you will encounter Web-based malware, but when,” explained Joel Smith, CTO, AppRiver.  “Our SecureSurf solution was built to put businesses at ease.  It’s secure, reliable and delivers the protection a business needs without the complexity and costs often associated with enterprise-grade IT security.”
 
As a cloud service, SecureSurf can stand alone or work in tandem with AppRiver secure messaging products.  Either way, every customer benefits from the company’s global threat intelligence.  
 
“By combining our own file, message, Web and network threat intelligence with industry data we are effectively identifying network threats and vulnerabilities in order to minimize the threat attack window, or the amount of time an adversary is in the network before they are discovered,” said Smith.  
 
Timely notification and information about cyber intrusion is critical for IT administrators, he adds.  “As cyber-attacks increase in sophistication, many organizations react too late after an attack is underway.”  
 
SecureSurf’s new Critical Threat Notifications are instantly delivered to administrators, detecting and flagging traffic that could indicate a network has been compromised.  This new functionality helps ensure threats are mitigated immediately.
 
“It’s easy to register the IP addresses and domains we wish to monitor,” said Jessica Johnson, technical support engineer, Zumasys.  “Once registration is complete, I trust AppRiver to send alert notifications if and when it detects a clear indication of a system compromise.” 
 
Additional SecureSurf benefits include: 
  -Network protection from malware, adware and viruses: Real-time security based on data from a number of sources. SecureSurf's DNS engine captures information about bad URLs from a number of sources, enabling the service to protect customers   from emerging insidious sites. Among the tapestry of security sources is AppRiver's own spam protection service, since a high percentage of URLs within spam messages deliver viruses or malware.  
   -Quick and easy deployment: As a cloud-based solution, SecureSurf is continuously updated (more than 2,500 times a day) to shield a network and employees from all known and suspected attack types. 
  -Minimal footprint: SecureSurf does not slow a browsing experience, and users won’t know SecureSurf is running, unless they happen upon a dangerous Web site.
  -Phenomenal Care™: High-touch customer support is available from trained employees 24 hours a day, every day.  
 
For more information, or a 30-day free trial, please visit www.appriver.com.

AlienVault to Work with HP on Cyber Threat-Sharing Initiative to Strengthen Security Across Industries

AlienVault™, the leading provider of Unified Security Management™ and crowd-sourced threat intelligence, today announced its plans to work with HP to broaden the reach of cyber threat intelligence sharing to support more organizations in staying ahead of emerging attacks. As part of the effort, HP intends to integrate data from AlienVault Open Threat Exchange (OTX) into HP Threat Central, its cloud-based threat intelligence sharing and analysis platform. AlienVault intends to also integrate data from HP Threat Central into OTX, one of the industry’s first crowd-sourced threat intelligence-sharing systems.

As part of the joint effort, AlienVault OTX and HP Threat Central intend to offer users broader access to anonymized, analyzed and validated threat intelligence data, via integrated APIs, providing greater visibility into potentially malicious threat actors that warrant action.

“AlienVault OTX system now has more than 26,000 contributors from 140 countries sharing over 1 million threat indicators daily,” said Andy Johnson, Senior Vice President Business Development at AlienVault. “However, the threat landscape continues to get more complex. That’s where partnerships like the developing one built with HP will only strengthen our efforts to support all organizations, regardless of size or IT budget, with the actionable data needed to detect and defend against attacks.”

“Since announcing HP Threat Central, we’ve been able to provide security analysts with derived, relevant and actionable data to stay ahead of threats,” said Ted Ross, Director of Threat Intelligence, HP Security Research. “With industry leaders like AlienVault, we look forward to expanding the community we’ve established and building on critical insights the industry needs to combat adversaries and minimize potential business loss or disruption.”

AlienVault OTX enables organizations to more rapidly be alerted to malicious threat actors and more proactively defend systems. The OTX partner program – now with more than 19 member companies – provides access to the world’s largest crowd-sourced and collaborative threat exchange.

About AlienVault https://www.alienvault.com/ AlienVault’s mission is to enable organizations with limited resources to accelerate and simplify their ability to detect and respond to the growing landscape of cyber threats. Our Unified Security Management (USM) platform provides all of the essential security controls required for complete security visibility, and is designed to enable any IT or security practitioner to benefit from results on day one. Powered by threat intelligence from AlienVault Labs and the AlienVault Open Threat Exchange—the world’s largest crowd-sourced threat intelligence network — AlienVault USM delivers a unified, simple and affordable solution for threat detection, incident response and compliance management. AlienVault is a privately held company headquartered in Silicon Valley and backed by Trident Capital, Kleiner Perkins Caufield & Byers, GGV Capital, Intel Capital, Sigma West, Adara Venture Partners, Top Tier Capital and Correlation Ventures. AlienVault, Open Threat Exchange and Unified Security Management are trademarks of AlienVault. All other company and product names mentioned are used only for identification purposes and may be trademarks or registered trademarks of their respective companies.

New Tool Launched to Improve Security Analytics and Accelerate Incident Response

Lancope, Inc., a leader in network visibility and security intelligence, today unveiled its new ProxyWatch™ solution for enhanced security context at RSA Conference 2015. A key component of the StealthWatch® System 6.7 release, the ProxyWatch solution extends network visibility and provides more in-depth insight for enhanced threat detection, incident response and forensics. 

“Traditionally, traffic on either side of a web proxy is not tied together, and communications that traverse a proxy server appear as two separate conversations,” said Kerry Armistead, vice president of product management for Lancope. “This hinders network and security troubleshooting by associating an incident with the proxy address instead of the actual address causing the issue. In our continuous efforts to improve the way enterprises visualise and defend their networks, Lancope’s new ProxyWatch solution provides a key new layer of security awareness for faster, more precise threat protection.”

When deployed with the StealthWatch System, the ProxyWatch solution enables organisations to see the translated address associated with the other side of a proxy conversation, enhancing organisations’ ability to effectively pinpoint the source of threats and expedite Mean Time to Know (MTTK). The solution ingests proxy records and associates them with flow records, delivering the user, application and URL information for each flow to enable powerful, context-aware security analytics.

With the ProxyWatch solution, security analysts can see exactly who within their organisation went to a specific web site, and can also evaluate the URL data against Lancope’s StealthWatch Labs Intelligence Center (SLIC) Threat Feed to determine whether the site was malicious. ProxyWatch users can also see when a session began and ended and how much data was transferred between the host and destination address.

“Network visibility is a critical piece of the security puzzle, but it is even more effective when combined with contextual data,” added Armistead. “By providing visibility into proxy conversations, and also delivering important details such as user data, the ProxyWatch solution can greatly enhance an organisation’s ability to thwart sophisticated attacks and avoid damaging data breaches.”

Lancope has long been dedicated to providing in-depth network insight and security intelligence for large, distributed networks. Hundreds of enterprises around the world rely on Lancope and the StealthWatch System to collect and analyse massive amounts of security data for faster, more informed threat detection and investigation. By continuously monitoring communications inside the network, Lancope can detect both sophisticated external attacks that bypass perimeter defenses as well as stealthy insider threats.

The Lancope ProxyWatch solution will be available in May 2015 for Blue Coat, Squid, Cisco and McAfee proxy servers as part of the StealthWatch System 6.7 release.* Lancope is showcasing the solution this week at RSA Conference Booth #N4211. Those interested should stop by the booth or contact 
 This e-mail address is being protected from spambots. You need JavaScript enabled to view it
  for further details. Additional information on the ProxyWatch solution can also be found at https://www.lancope.com/resources/data-sheets/extend-network-visibility-and-security-context.

*Additional charges apply for the ProxyWatch solution. Please contact 
 This e-mail address is being protected from spambots. You need JavaScript enabled to view it
  for pricing.

Radware Introduces Industry’s First Hybrid Cloud Based Web Application Firewall Service

Radware’s new Hybrid Cloud WAF Service is an industry first that provides a fully managed enterprise grade WAF that protects both on-premise and cloud-based applications, using a single technology solution. Unlike existing WAF solutions that integrate dual technologies, which results in a gap between protection coverage and quality, Radware’s single technology approach makes migrating applications to the cloud safer and secure.    

“It’s not uncommon for enterprises to distribute their applications both on-premise and in-the-cloud. In addition, we see enterprises employ multiple cloud vendors to host various aspects of their infrastructure. However, having a disparate network infrastructure adds a level of complexity when trying to protect your web applications,” says Carl Herberger, vice president of security solutions for Radware. “We have taken actionable steps to provide enterprise with a unified hybrid solution against web-based attacks regardless if protection is needed on-premise or in the cloud and provide better security when moving applications to the cloud as well as ease of security policy orchestration and automation.”

In addition to protection from various web attacks, Radware’s Hybrid Cloud WAF can also defend and mitigate a wide range of DDoS attacks through its always-on DDoS attack protection, and provide comprehensive detection and mitigation of attacks with minimal false positives and no impact on legitimate traffic.

“When there is no technical integration between on-premise and cloud WAF technologies, organisations are faced with poor quality of detection resulting in poor mitigation options,” says Jon Oltsik, senior principal analyst, Enterprise Strategy Group. “Radware’s Hybrid Cloud WAF Service can help bridge this gap by integrating its on-premise devices and WAF technologies with cloud-based coverage to deliver a comprehensive detection and mitigation solution.”

The Hybrid Cloud WAF Service also provides full coverage from all of OWASP’s Top 10 security risks and is backed by Radware’s Emergency Response Team – a dedicated group of security experts that can actively monitor and mitigate attacks in real time.

For additional information on Radware’s Hybrid Cloud WAF service, please visit http://www.radware.com/hybridcloudwaf or visit Radware at booth S2021 during this year’s RSA Conference in San Francisco, CA.     

Student Discount

discount for students10% Discount For Students - Offer Ends 30th November 2014
Through September, October and November 2014 students are eligible for a 10% discount on a DFM Digital Subscription.


Read more...

 
Please make cache directory writable.
 

Submit an Article

Call for Articles

We are keen to publish new articles from all aspects of digital forensics. Click to contact us with your completed article or article ideas.

Featured Book

Hacking the Human

Full of ideas and angles that turn day-to-day security management on its head. Hacking the Human by Ian Mann.

Meet the Authors

Angus Marshall

Angus Marshall is an independent digital forensic practitioner, author and researcher

 

Coming up in the Next issue of Digital Forensics Magazine

Coming up in Issue 25 on sale from November 2015:


Anti-Virus Evasion
In this series of articles about penetration testing, Andy Swift sheds some light on some of the more interesting techniques, with a focus on techniques that can be combined with basic tools to take an ordinary attack that few steps further. Read More »

DDoS Protection Using Corero
In this article Dan Protich, Senior Network Engineer at Hivelocity, describes Corero’s threat defence system as an “enterprise-grade DDoS mitigation tool”. Read More »

Subscribe today


A Marriage of Bioinformatics & Data Sequencing
In this article we learn all about how the new technology that marries bioinformatics to next-generation sequencing data, is unlocking the clues provided by DNA, using biomarkers to greatly reduce the pool of suspects. Read More »

Every Issue
Plus the usual Competition, Book Reviews, 360, IRQ, Legal

Click here to read more about the next issue