Financial Institutions Network Security Is Being Blinded!

Tags

, , ,

Today, Financial institutions (not limited to) are being over run with security logging and alerting. Each new monitoring and alerting device adds more things to consider when evaluating threats on a daily basis. You would think this would help, and is a good thing?  It is and isn’t at the same time.

We bury our faces in reports, sift log after log for the magic bullet, set up countless alerts on top of alerts, to chase countless rabbits (false positive) down holes. This in itself burdens budgets, jades security teams, and masks legitimate threats that can ultimately lead to breach.

Screen-Shot-2015-06-18-at-9.54.49-AM

How many stacks of reports, graphs, and pie charts do you look at today? How many lines of logs do you look till your eyes bleed? Personally I’ve chased enough rabbits down holes (false positives) to where I almost grew a tail.

To understand the enormity of the problem lets rewind the clock a year and see what it was in 2014: Damballa’s Report

The average North American enterprise fields around 10,000 alerts each day from its security systems, far more than their IT teams can possibly process, a Damballa analysis of Q1 2014 traffic has found.

You have to ask why?  Why are we seeing this many alerts on a daily basis? The simple answer is we are not considering what we are allowing to and through the perimeter. We basically open up exposures into our firewalls and DMZ’s, then top it off with a army of monitoring devices to watch and understand the traffic…..

[Continue Reading]

The Irony Of Network Security!

Tags

, , ,

Francesco Trama, Co-Founder PacketViper LLC

Written: August 1st 2014

The Irony Of Network SecurityAs I read through articles on the latest security threats, breaches, door opening exploits, and vulnerabilities that left doors opened. I Ironically see a firewall ad next to the security article saying ‘The Complete Firewall Solution, Get Total Visibility Into Your Security”. The article in Reuters explained how many security systems found they were susceptible to “HeartBleed”.

I kept thinking about how many people read the article, then said “I need a new firewall”, and clicked the ad. I understand the web marketers could have thought it through better, and it was automated, but it was clearly ironic and silly at the same time.

The article telling you most security devices are flawed, then an ad telling you to buy one. It’s like watching a weatherman say there’s no rain in the forecast, while he’s standing in the rain.

The point of this article is not to bash #firewalls, #marketers, or #Reuters by no means. It happens!, We’re only human!, We’re doing the best we can, with what we have!. I get that.

[Continue Reading]

Death Of A Business: Cryptolocker and Proper Geo-IP FIltering

Tags

, , , , ,

Francesco Trama, Co-Founder PacketViper

Written: January 16, 2014

Death Of A BusinessOver the last few days I’ve read several articles relating to #Cryptolocker, and its ability to hold a company hostage. I wanted to understand this virus better after a good friend of mine in law enforcement became its victim. I found it troubling on how this tiny little virus can carry a payload which can cripple a large well protected enterprise.

Although the virus is crafty, I was mostly interested in its payload when I started researching it. I wanted to understand how it was packed with such a punch.

There are several obvious things a company should/can do to isolate the damage if this is introduced into an environment. I’m not going to rehash them because they are easily found by doing a Google search.

What I did find common in the all the articles is…

“Once Cryptolocker contacts its C&C, it generates a public/private cryptographic key for your specific computer, using very strong and standard RSA and AES 2048-bit encryption.Read the article here

Because #PacketViper is in the Geo IP  [Continue reading]

Network Security Convolution

Tags

, , ,

Francesco Trama; Co-founder PacketViper, LLC

Written: Aug 27, 2014

It takes an army of security professional today to identify, isolate, track, and eliminate security threats, and breaches.

The convolution within network security in my opinion have reached irresponsible levels.

The days of the past where anomalies were quickly squashed by the network staff on hand is over from what I’m reading.

It always seems to be a team, collaboration, or specific security organization which come together: I’m not saying this is as “bad thing”, or bring up how small businesses lack “team” capabilities.

But….

What is it that takes such a huge effort to discover breaches? Like a factory line, threats are being spewed out faster than we are identifying them, and thats terrible. So is it;

  • Product knowledge
  • Environment complexity
  • Available solutions
  • Lack of intelligence
  • Information overload
  • Head in the sand syndrome

My opinion, its all the above.

I’m sure many threat discoveries are not publicized because they are not trying to grab news headlines, but for the security solutions providers that have products on site, and new threats are discovered; the question we should ask is;

Why did it take a team days, weeks, or months with their product on hand?

[Continue Reading]

The Unavoidable Mistakes or the “Whoops” In Network Security

Tags

, , , , ,

Francesco Trama, Co-Founder PacketViper, LLC

Written: Aug 28th 2014

WE all make mistakes, it’s a human condition, and not curable. In network security when we make mistakes to a configuration, it’s referred to as “Fat Fingering”. I can say honestly on several occasions in my network youth, while deep into chasing false positives, on gallons of caffeine, and eyes nearly bleeding, I made mistakes.

I can admit with-out shame that “I on occasion have applied a rule, made assumptions, or changes to my security environment with blurred thought.” We all have and is a simple fact.

Shortly after gaining my sanity, and realizing I should probably go back and double check what I did. I fixed my mistake.

Looking back, making those snap changes inadvertently placed gaping holes into my security, and luckily closed them shortly after. I had the right intentions, but fat fingered the configuration, the “Whoops”.

Although I jumped several large sharks in [Continue Reading]

Small Business: Soft Underbelly Of Network Security

Tags

, , ,

By Francesco Trama,  CO-Founder PacketViper, LLC

Small Business Needs Geo-IP ProtectionSmall businesses are the glue that keeps the economic machine moving around the world. Billions of us the them daily, from coffee to teeth cleaning. Although statistics vary the US small business is estimated to employ between 43%-51% of the workforce.

That’s a big number.

In a Ponemon small business study dated early 2013 stated ;

  • 55 percent of those responding have had a data breach
  • 53 percent had multiple breaches
  • 33 percent notified the people affected
  • 85 percent share customer and employee records with third parties such as those providing billing, payroll, employee benefits, web hosting and information technology services

Small business have just as valuable data as the large organization, [Continue Reading]

What Countries Should I Block?

Tags

, , , ,

Francesco Trama, Co-Founder PacketViper, LLC

Geo-IP FilteringBlocking countries is a bit tricky using traditional methods, and a broad stroke approach will be followed with headaches the more and more you block. Not mentioning proxies, which leaves the broad stroke approach a weak methodology, and somewhat a waste of time. Even with the obvious choices of countries that are frequently suggested to block, you run a greater risk of precluding legitimate businesses into your public services when blocking.

The trick to Geo-IP blocking is not turning off the country from accessing critical areas of your network, its filtering them to receive only the traffic that is necessary to your business. Firewalls just do not get you there.

Even with well made firewalls like Sonicwall, Foritnet, Checkpoint, and several others that have geo-ip capabilities. Their approach is broad stroking when tackling Geo-IP management. It’s not that they do not care; it could be as simple as a marketing move, limitations given all they do, or simply put “It’s not

[Continue Reading]