Daily Tech Digest - April 10, 2017

Building a strategic threat intelligence program

In spite of more modern protocols available, Barros views SIEM as more simplistic than UEBA models. SIEM correlation typically generates alerts for each situation, treating potential threats as isolated. Some SIEM products, such as Qradar, are capable of aggregating potential threats based on timing and IP addresses, but Barros said this product is primarily intended for aggregation and reducing the number of alerts rather than correlation. "SIEM correlation is still useful, but we need to recognize its limitations and embrace the new capabilities of new tools such as UEBA to improve that. As we've been talking, SIEM and UEBA are getting closer every day, so now it's just a matter of time before SIEMs move (or give the option) to track issues based on entity scores. But if you want to have that now, you should look at UEBA tools," Barros said.


What one company learned from testing Intel's superfast Optane SSDs

Optane gives tremendous flexibility to how Aerospike deploys its software because it helps speed up critical tasks like database indexing.  The Aerospike database is highly flexible thanks to its hybrid memory architecture, meaning it can be deployed on different types of systems including all-flash arrays, converged infrastructures, or through major cloud services like Amazon AWS.  The software is notably adaptable to a cluster topology via direct-attached storage managers. The database architecture can be broken into spokes and set up for high availability through database replication on interconnected servers. Optane cuts the network round-trip time, and that helps build a faster and more reliable database. Aerospike's database can help can create an environment where Optane can be used like RAM for in-memory processing or SSD for caching or hot storage.


The evolution of data center segmentation

In a nutshell, micro-segmentation offers a more granular method for separating workloads and controlling application in these cloud environments. Individual workloads can be isolated using a zero-trust model with whitelist controls enabled for specific network and application flows between workloads.  Products and features such as firewalls, IPS, VRFs and VLANs have long been used to provide segmentation as a common best practice. While these can shrink the attack surface, the operational aspects can prove to be difficult. Traffic must be hair-pinned to firewalls, and there is a lack of granular controls to filter the east-west traffic inside of a VLAN.  Getting visibility and telemetry can also be an issue, especially for east-west traffic. As a result, assets requiring separation are often placed in different VLANs. This leads to the creation of new firewall rules, IP subnets, routing and default gateways.


Email-Based Attacks Exploit Unpatched Vulnerability In Microsoft Word

When the rogue documents used in this attack are opened, they reach out to an external server and download an HTA (HTML Application) file that contains malicious VBScript code. The HTA file is disguised as an RTF (Rich Text Format) document and is automatically executed. "The successful exploit closes the bait Word document, and pops up a fake one to show the victim," the McAfee researchers said. "In the background, the malware has already been stealthily installed on the victim’s system." By searching back through its data, McAfee has tracked down attacks exploiting this vulnerability to late January. Following McAfee's report, security researchers from FireEye also confirmed that they've been aware of these attacks and exploit for several weeks and have coordinated disclosure with Microsoft.


Three Of The Biggest Cyber Security Threats To Australian Business

"Attackers will research employees' personal information and activity online and leverage these details to convince them to click a link and/or download a document that subsequently infects their device." Bentley believes the best way to combat against personalised, socially engineered attacks is to not just create awareness programs but also to deploy advanced email security solutions. These work by helping to identify and quarantine these emails before they ever reach an employee's inbox. Itay Glick, CEO and co-founder Votiro told HuffPost Australia the three key elements to good protection are training, detection and protection. "Training will only take you so far. When someone in the HR department receives an email from a job applicant with a CV, they will most likely open this file. They are simply doing their job and through doing so, can put an organisation at risk," Glick said.


Flatbed scanners are latest cyberattack vector

The malware compromises the scanner and allows the scanner to receive the light-modulated commands at certain pre-defined times: Every day at 11 o’clock, is one example the researchers use. The attacker, however, remotely controls the light source creating the commands. That allows the actual attack to be run on the fly at a pre-determined day of the perpetrator’s choosing—destroying files just before a moving-target important event, like a presentation, say. Control of the light source could be through a micro-controller, connected to the light source, and running an algorithm creating sequences of bright shades of light that fool the scanner. The attacker does have his work cut-out for him, though. The attack will fail if the flatbed scanner lid is fully closed, and the algorithm isn’t all that easy to figure—light is influenced by distance, and other light sources, for example. The further the distance the harder the attack is.


AI, Machine Learning as a Service Set to Overhaul Healthcare

Coupled with an artificial intelligence sector slated to bring more than $46 billion in revenue to vendors by 2020, MLaaS could fundamentally revolutionize the way healthcare organizations approach big data analytics by making these tools more budget-friendly for a broader range of organizations. “Intelligent applications based on cognitive computing, artificial intelligence, and deep learning are the next wave of technology transforming how consumers and enterprises work, learn, and play,” says David Schubmehl, research director, cognitive systems and content analytics at IDC, which compiled the AI report. “These applications are being developed and implemented on cognitive/AI software platforms that offer the tools and capabilities to provide predictions, recommendations, and intelligent assistance through the use of cognitive systems, machine learning, and artificial intelligence. ...”


Machine Learning At American Express: Benefits & Requirements

In the case of fraud detection and prevention, machine learning has been helpful to improve American Express’s already excellent track record, including their online business interactions. To do this, modeling methods make use of a variety of data sources including card membership information, spending details, and merchant information. The goal is to stop fraudulent transactions before substantial loss is incurred while allowing normal business transactions to proceed in a timely manner. A customer has swiped their card to make a purchase, for instance, and expects to get approval immediately. ... Chao mentioned that one of his favorite uses of machine learning at American Express is to build a machine learning mobile phone application to provide customized recommendations for restaurant choices.


Setting Up Security as a Business: 3 Best Practices for Security Execs

The existence of CyberGRX and other new services signals a movement in the security community. It's a clear confirmation that security is now a fundamental business issue and a potential growth advantage — and that security executives must take the lead in convening the business and having discussions about how security becomes a strategic lever. And more often, security execs have the floor. The massive amount of cyberattacks, exploits, and cybercrime have made it clear that every company will be affected by a security issue. Security officers no longer have to waste time legitimizing security as a business risk; they should be the lead executives who provide the insightful information and details on business impact that business leaders need to make sound decisions.


Predictive Analytics Can Stop Ransomware In Its Tracks

“Protecting an organization from ransomware or any type of malware is similar to an arms race, as the threat evolves so must your defenses!” Malewicz said. The county turned to predictive analytics in hopes of halting the ransomware attacks. Livingston County uses Unitrends backup solution to provide Malewicz's team peace of mind that in the event our cyber defense fails. “Ransomware was largely unheard of years ago, but today it's a household name - everyone knows someone or some organization which has been infected. The future guarantees that more menacing ransomware variants will take center stage wreaking havoc in our homes and places of business. When ransomware exploits bypass perimeter cyber defenses you have only to rely on your predictive analytic cyber defenses to protect you, else I hope you have stable and secure backup to fall back on!” he said.



Quote for the day:


"We'd achieve more if we chased the dream instead of the competition." -- @simonsinek