Powered by Max Banner Ads 

Intrusion Detection in the Cloud

Juniper Networks Adds Intrusion Deception on the Firewall to Protect Enterprises From Advanced Malware

Juniper Argon Secure Uses Deception-Based Malware Mitigation to Prevent the Loss of Sensitive Corporate Data Even After Being Compromised

SAN FRANCISCO, CA–(Marketwired – Feb 25, 2014) – RSA CONFERENCE 2014 – Juniper Networks (NYSE: JNPR), the industry leader in network innovation, today announced Juniper Argon Secure, an advanced anti-malware service for Juniper Networks® SRX Series Services Gateways to identify malware that traditional solutions cannot detect. Building on Juniper’s success using Intrusion Deception to prevent attacks against web applications, Argon Secure applies the technology to both networks and endpoints to detect malware at multiple points in the attack process. This added level of protection is a critical step in building secure High IQ networks.

Traditional security solutions seek to detect malware at the point of initial infection, which is largely ineffective for detecting zero-day attacks. Further complicating the problem, current advanced malware products are limited to either relying on signatures or the Command and Control traffic at the network edge. Once attackers find a way past the enterprise edge, these solutions have limited ability to disrupt advanced attackers.

Argon Secure is designed to address the current gap in security solutions by identifying advanced malware both at, and after, the point of initial infection when it attempts to propagate, find valuable data and exfiltrate that data from the network. By leveraging visibility into endpoints, internal network traffic and the network edge, Argon Secure can detect malware in places where other solutions cannot.

News Highlights
Argon Secure addresses the advanced malware problem by leveraging Juniper’s innovative Intrusion Deception approach to detect attacks and prevent data exfiltration. The service uses the firewall features of the SRX Series platform as an enforcement engine to instantly take malware-infected machines off the network before they can steal sensitive information.

Juniper Argon Secure

Argon Secure for the SRX Series will enable enterprises to identify and mitigate malware inside a network, detecting and removing infected devices before data is lost.
Like Juniper Networks WebApp Secure for the data center, Argon Secure will leverage Intrusion Deception to identify malware including zero-day threats that try to propagate to additional systems, look for corporate data, or attempt to send data outside the company network.
The solution will include more than 50 deception techniques embedded in the network infrastructure to force malware to expose itself even after entering a network. For example, malware once installed will start scanning the internal network in search of files that look useful. This action provides an opportunity to detect an attacker in the enterprise by creating a fake network process that emulates network share drives so when malware touches the files, Argon Secure can instantly identify them and push fake files.
Argon Secure will integrate with Juniper Networks Spotlight Secure to provide threat information in real time to companies, helping to quickly stop new attacks.
Argon Secure is a service that is available as a subscription for the SRX Series Services Gateways and will be generally available in Q3 2014.

Supporting Quotes
“Companies are losing the fight against advanced malware and zero-day attacks and are desperate for new solutions. Juniper’s new Argon Secure service leverages Intrusion Deception to detect malware that evades traditional anti-virus and even advanced malware products and instantly removes the infected devices before they exfiltrate data.”
— David Koretz, corporate vice president products and general manager Counter Security, Security Business Unit, Juniper Networks

Mobile Intrusion Detection

Recently there was an announcement of a new mobile intrusion detection company named Skycure. I decided to look into this space and see what solutions were available. While there are many companies with mobile device management solutions there only seems to only be two companies providing mobile intrusion detection.

The first and seems to be the oldest company in this space is Zimperium. Zimperium offers a Mobile Intrusion Prevention System, Management Console and ANTI, Mobile Pen-testing platform.

zIPS, as it is called, provides application protection, prevention of network attacks using a classification system and also offers malware sandboxing. This can all be managed via the zConsole which is virtual appliance or SaaS offering. They also offer Anti, which is a pentesting framework for Android devices.

I could not find any mention of what devices are supported so I am going to assume it is Android only. It was also not clear if they can perform standard mobile device management functions such as wiping devices,remote lock, etc.

The second company is Skycure. Based out of Israel they have what looks to be a good solution for mobile device. They seem to only offer a single solution that comprises of an active honeypot running on the mobile device that can determine when a device is under attack and then trigger the appropriate response.

Skycure also collects information from other customers to create a “cloud based” service that can alert other users to mobile threats. This has become quite common today with most security vendors. Skycure also runs on both IOS and Android platforms. This, i believe, is a key feature in order to break into the enterprise.

Both companies have very unique approach to protecting mobile device and I hope to be able to perform hands on testing in the future.

 

 

 

 

 

Why your SIEM is not effective

 

 

 

 

1. You do not focus on monitoring your SIEM. As IT departments deal with budget constraints security is no different. Companies are more willing to spend money on technology and not always the staff to effectively monitor and maintain it. This can be seen in all areas of technology and expecting your technology to do all the analytical work is a huge mistake. A SIEM must be monitored on a regular basis to ensure incidents are identified quickly.

.

2. Your staff is not trained. So often IT leaders do not want to pay for the proper training of their staff. They feel they are smart and “will figure it out”. This is usually a huge mistake, SIEM tools can be very powerful and offer advanced correlation techniques that your staff needs to be trainined on. Without training your team is like the GPS from the Allstate commercial, they’re just “winging it”.

.

3. Your SIEM is not properly maintained and upgraded. As a consultant I have the opportunity to see many SIEM installations. It is all to common to have customers 1-2 versions behind. If you are not upgrading your SIEM you are missing out on bug fixes and new capabilities that could make the difference between detecting an attack and not.

.

4. Your SIEM is to slow. Many legacy SIEM’s struggle when running reports on large datasets. If you have to start running a query or report and come in the next day for results your SIEM is not effective

.

5. Your SIEM is old. Previous generation SIEM’s were slow, expensive and were not intuitive enough. You need a fast, affordable and intuitive SIEM.

.

Sourcefire releases new products

The sophisticated nature of network security threats that organizations face today requires a new approach to security, one that not only provides the required protection, but can protect before, during and after attack – a “next-generation” security solution which delivers superior value and utility – continuously.

To answer this demand, Sourcefire created the FirePOWER™ security platform, a universal security architecture that is able to run one or all of the Sourcefire “Next-Generation” security solutions – NGIPS, NGFW, and Advanced Malware Protection (AMP). FirePOWER sets the standard for Next-Generation security solutions, as the recent leadership recognition proves:

NSS Labs rates Sourcefire’s NGIPS solution first in Detection, Performance, Vulnerability Coverage and as being 100% effective against evasion techniques.
NSS Labs rates Sourcefire’s NGFW first in Detection, and the “Class Leader” in Performance and TCO.
Frost & Sullivan, a worldwide industry analyst firm, named Sourcefire itS 2013 Global IPS Product Leadership award winner, specifically recognizing Sourcefire for threat prevention, performance, flexibility (NGIPS, NGFW, AMP) and scailbility.

Sourcefire customers are taking advantage of FirePOWER’s flexibility by deploying Sourcefire Next-Generation network security solutions throughout their enterprise – providing protection both at the perimeter and within the network core.

What’s New?

Two new midrange FirePOWER appliances that provide increased port density, mixed media support and modularity capabilities using SFP technology (7115/7125)
Four new non-bypass pluggable network I/O cards (NetMods)that allow organizations to configure their Sourcefire appliances to meet their connectivity requirements and increase port density
Complete IPv6 support throughout our NGIPS and NGFW solutions – from policies to event viewers to table views.  IPv6 host support is provided in network discovery policies, correlation policies, whitelists, host profiles, various event viewers and the Context Explorer.
Geolocation data has been added to the reporting on intrusion, connection, file and malware events providing additional context to event analysis and improving trend discovery through the ability to search, sort and group events based on geographic data.
Enhanced High-Availability Features provides better fail-over capabilities, ensuring minimal disruption and continued protection in the event of a NGFW device failure. In addition, Sourcefire now supports high-availability in its clustered appliance stacks (8250, 8260, 8270 and 8290), providing continuous operations for our largest customers.
The addition of Site-to-Site VPN enables secure communications between two or more Sourcefire-protected networks through a Virtual Private Network (VPN) based on IPSec authentication and encryption.
Sourcefire simplifies the network address translation (NAT)configuration process by raising NAT to policy level.  By enabling NAT policies to be defined centrally rather than on a device-by-device basis, Sourcefire improves the consistency and effectiveness of an organization’s NGIPS/NGFW implementation.
Single Port IPS provides customers who have port density concerns the ability to use a single port on a Series 3 appliance as an inline IPS device.
And a number of additional Enhanced Access, Application and Administrative Controls such as SSL-based Application Detectors and FTP Detection Improvements.

McAfee Completes Stonesoft Acquistion

McAfee today reached a major milestone in its acquisition of Stonesoft Oyj by completing the tender offer that was announced on May 6. Stonesoft’s innovative, high performance technology meets the needs of distributed enterprises, both today and tomorrow, and its world-class next-generation firewall is positioned as ‘visionary’ in the Gartner Magic Quadrant for Enterprise Network Firewalls. With the completion of the tender offer, Stonesoft is now a McAfee group company, and all Stonesoft products and technologies are part of the McAfee portfolio.

The enterprise network security equipment market is forecast to grow at a 7.0 percent compound annual growth rate (CAGR) during the next five years and reach $11.4 billion by 2017, according to Gartneri. With more than 7200 employees and its dedicated focus on security, McAfee already has a substantial presence in the network security space. With the addition of Stonesoft, the company expects to rapidly emerge as the leading provider of enterprise firewall technology. Organizations can benefit from McAfee’s Security Connected strategy, as Stonesoft’s products become integrated with other products from McAfee’s broad portfolio.

“This acquisition provides McAfee with a clear competitive advantage in the network security space and the industry has taken notice,” said Michael DeCesare, president of McAfee. “We have received an overwhelmingly positive response from analysts and customers. With the addition of one of the industry’s best next-generation firewalls, we now have one of the most complete and effective network security portfolios in the industry.”

The Stonesoft team will become a part of the Network Security Business Unit led by Pat Calhoun. Based in Helsinki, Finland, Stonesoft is trusted by more than 6,500 customers around the globe. Stonesoft’s customer base can now benefit from an integrated, comprehensive security solution through McAfee.

“McAfee’s Security Connected strategy brings together industry-leading solutions to address the increasing number of advanced threats facing businesses from the network to the cloud,” said Ilkka Hiidenheimo, founder and chief executive officer of Stonesoft. “With innovative technology that can be deployed as an appliance, as software or virtually, McAfee’s customers will be positioned to meet the high-performance needs of demanding, secure, distributed networks today and in the future.”

 Page 1 of 9  1  2  3  4  5 » ...  Last »