Glenview Hospital: The Breach That Didn’t Happen

This is a true story… about a breach that never happened.

It’s 2:00 AM at Glenview Hospital. Dr. Sami, the lone graveyard MD on floors four through six, is five hours into a nine-hour shift. His waiting queue is growing faster than his visited one. He goes to prescribe Bactrim to Lenore in room 403 and can’t access her medical record to check for sulfa allergies. Epic, the patient record system, isn’t accessible. Lenore’s leg is swelling, Dr. Sami’s patient backlog is rising like Kanye’s anger level at an awards ceremony, and the post-op patient in 407 is screaming for meds.

When key systems aren’t available lives are at stake. Families and caregivers have no sympathy when network performance is compromised by overloaded switches or brute force breach attempts. Patients in hospitals, like bank customers or retail shoppers, expect technology to aid, not impede, access to critical services.

In today’s threat landscape where cloud architectures and devops rapid iterations guarantee new risks arise continuously, what’s a service provider to do? 

50 Shades of Compliance: Take the Pain Out of PCI, SOX and HIPAA

Christian Grey turned an otherwise lack-luster Valentine’s Weekend into a record breaker, making $250 million worldwide in its opening weekend.

(Don’t worry, we won’t ask if you were among the viewers.)

Numbers like these have dominated the headlines in recent months for other reasons — namely in high-profile, big-dollar security breaches. The cost of the recent Sony breach is still being totaled, but is estimated to top $100 million. Add that to last year’s Home Depot breach costing $43 million and the Target breach of $110 million, and we have a quarter of a million dollars of security breaches in 2014 alone.

Maintaining compliance with IT security mandates such as PCI, SOX, and HIPAA are more important than ever as companies seek to protect their critical data.

Watch our “50 Shades of Compliance: Take the Pain out of PCI, SOX, and HIPAA compliance” and learn how to:

• Be “always ready” for a compliance audit


• Utilize pre-built, audit-ready rules and reports


• Automatically discover new – potentially rogue – devices on your network


• Stop “alert overload” (understand what’s important and what’s not)


• Get to root causes quickly and easily

Dan Turchin, AccelOps Chief Product Officer, will discuss how to protect your data and stay out of the headlines. 

CIO Resolution #8: Monitor Your Entire Business Service … Not Just Hardware or Apps

This is the eighth in our several part series, “CIO Resolutions for 2015.”

Problem: You deliver critical business services comprised of many devices, servers, and apps

Sound familiar? You’re monitoring traffic to and from Cisco and Fortinet firewalls but don’t have visibility into the health of the Windows server running Exchange or the NetApp SAN storing email archives. Then email goes down, IT halts everything to triage the problem, and you missed all of the warning signs that could have prevented the outage. Shouldn’t you be able to correlate all events from all of the nodes that make up the entire email business service?

CIO Resolution #7: Be Always Ready for a Compliance Audit

This is the seventh in our several part series, “CIO Resolutions for 2015.”

Problem: Compliance audits cost you hundreds of valuable staff hours.

Let’s face it – IT is becoming a regulated industry. Compliance mandates like PCI DSS affect any company processing credit cards, SOX requirements are essentially a tax for public companies and growing startups, and healthcare providers dread HIPAA audits. Financial services companies live or die by their ability to implement GLBA controls. Honoring compliance obligations without monitoring automation is a recipe for costly penalties.

CIO Resolution #6: Know the Unknown: Integrated Threat Feed Monitoring

This is the sixth in our several part series, “CIO Resolutions for 2015.”

Problem: Threats abound and they don’t all look alike

New threats arise daily. Viruses, malware, and social engineering techniques have become an unfortunate attribute of the modern data center. Some are known and easy to identify. Others, such as zero day attacks, appear and exploit newly-discovered vulnerabilities in unpredictable ways.

Correlating events against external threat feed services is the most effective way to thwart new attacks from new sources. It’s also the only way to protect your customers, their data, and your reputation.

CIO Resolution #5: Resolve Issues Before They Occur with Synthetic Transaction Monitoring

This is the fifth in our several part series, “CIO Resolutions for 2015.”

Problem: You only know you have a problem when you have a problem

How does response time vary in Asia and Europe? What impact would a DDoS attack have on our EMEA firewalls? Guessing is not a strategy. Proactively testing scenarios with synthetic transaction monitors eliminates uncertainty with all data required to make strategic decisions about where to invest, how to staff, and how to remediate when early indicators surface.

CIO Resolution #4: Index This: 130 Billion Events Per Day

This is the fourth in our several part series, “CIO Resolutions for 2015.”

Problem: Every second matters. Every event tells a story.

We recently met a British media company that was streaming the English Premier League FA Cup finals to 37 million rabid fans. Just before halftime the stream was interrupted … and the service provider wasn’t notified about the outage for seven minutes. As a result, they were required to pay 1.6 million Euros ($2,000,000) in service credits. Reliable network monitoring would have identified symptoms early and prevented the outage.

That service provider now uses AccelOps.

CIO Resolution #3: Scale Quickly, Easily, and Cheaply with Multi-Tenancy

This is the third in our several part series, “CIO Resolutions for 2015.”

Problem: Successful services providers need tools that scale cost-effectively

 One of our MSP customers on-boards about ten customers per month. Their biggest challenge? Adding customers quickly, easily and cheaply as they scale their business. They were running a security tool that required dedicated servers, storage, licensing, and system administrators each time they added a customer. Then once they configured it all they had no visibility into network health across customers. The payback period per new customer was nine months. Frustration with the tool escalated as the business expanded.

If every new customer requires an incremental investment in hardware, software, people, and process, your high-margin security and monitoring services quickly become low-margin.

CIO Resolution #2: Use an Integrated Monitoring and Security Platform

This is the second in our several part series, “CIO Resolutions for 2015.”

Problem: Managing separate solutions for security and monitoring gives you an incomplete view of your network health

Does this sound familiar? You have a SIEM solution to alert you of malware or APTs and a separate solution to monitor the availability of servers, apps, and network equipment.

You receive multiple, overlapping streams of data which each give you an incomplete view of network performance. For example – is that malware alert from the firewall related to the bandwidth spike on your Linux cluster?

You’ll never know.

CIO Resolution #1: Cross-Correlate Data to Get To Root Causes Faster

We have officially dubbed 2014 “The Year of the Security Breach.” We rang in the year with the Target news, watched the autumn leaves change during the JP Morgan breach, and did our Christmas shopping amidst the bizarre and often amusing Sony hack.

In 2015, protecting our data has become part of our collective zeitgeist. The modern IT professional is part Indiana Jones, part General Patton … protecting us from enemies both known and unknown. As in any time of heightened danger, the tools and tactics we use to protect ourselves must change and adapt.

AccelOps Saves Cyber Monday

Ask Ray Keller, CEO of security services provider Intelink, to describe his worst nightmare and he sneers with a stiff upper lip like his idol John Wayne: “down time on Cyber Monday.” Intelink monitors a complex network of servers, applications, databases, storage arrays, firewalls, and networking gear for hundreds of retail customers. 

While you and I engaged in acts of mass consumerism December 1, Ray’s team was on high alert making sure no threats compromised the performance or security of his customers’ businesses. Each day, Intelink processes more than a billion events and correlates them against thousands of patterns to detect anomalies. This past Cyber Monday that number spiked to nine billion or roughly 104k events per second.

Thank you, US media, for helping Sony hackers

2014 will go down in US history as the first wide-scale cyber attack assisted by the media.  This attack did not impact people physically but it affected people’s freedom of speech.  Now (choose your adversary – terrorists, hacktivists, activists, governments, dictators, regular people) from the comfort of their home, school, palace, or cave these individuals can attack a person, business or multinational corporation, steal information and blackmail them just because they do not approve what they are doing or believe in.

Microsoft’s Kerberos Used in Targeted Attacks

 Earlier this week an “out-of band” security update (MS14-068) to fix a flaw in Microsoft Windows Kerberos KBC, a Microsoft authentication system used by default in the operating system. The vulnerability was present in all Microsoft Windows server software that cybercriminals were exploiting to compromise whole networks of computers.

The update release comes only after Microsoft provided the monthly security patch updates for users. The flaw in Kerberos caused many problems for Microsoft according to Chris Goettl of IT management firm Shavlik:

“The attacker can impersonate any domain accounts, add themselves to any group, install programs, view, change, delete data, or create any new accounts they wish.

Survey Says Real-Time SIEM is Key to Safety

A released by McAfee this week reveals that real-time SIEM solutions are helping organizations detect dangerous Advanced Persistent Threats (APT) within minutes. McAfee polled 473 IT decision makers from companies in the U.S., U.K., Germany, France, and Australia and found that 78 percent of organizations were able to detect targets within minutes using a real-time SIEM solution.

The survey also found:

• 
  

  57 percent of companies able to detect targeted attacks within minutes experienced 10 or fewer attacks last year.

  
  


• 
  

  74 percent of respondents said they are highly concerned about their ability to handle targeted attacks and APTs.

  
  

The Nightmare Before Christmas: Data Breaches Expected for Holiday Season

Consumers and U.S. retailers should beware of the grinch this holiday season.   that more data breaches are in store for companies and consumers this holiday season. This year alone cyber attacks on U.S. retailers increased 25.3 percent from the same period last year. Banks, retailers, and consumers have raised their awareness towards cyber crime, however that doesn’t mean they’re ready to fend off attacks. 

Most attacks happen when hackers enter Internet communication in-between the sender and the receiver. Traffic flows through a sequence of routers and when the hackers are able to access a midpoint, they can view and copy any information that passes through it. Often times this information is credit cards information and passwords that can lead to more trouble for consumers and retailers.

Windows 10 Looks to Eliminate Passwords

Microsoft is flexing its recently-rediscovered innovation muscles … at least where security is concerned.

recently reported that Microsoft is moving away from the age-old password into multifactor authentication on Windows 10.

“With Windows 10 we’re actively addressing modern security threats with advancements to strengthen identity protection and access control, information protection and threat resistance,” said Jim Alkove, leader of the Windows enterprise program management team, in a . “With this release, we will have nearly everything in place to move the world away from the use of single-factor authentication options, like passwords.”

California’s a Great Place to Live … Except for the Earthquakes and the Data Breaches

I’ve lived in California all my life, and – truth be told – the earthquakes are really no big deal. Sure, every once in awhile you get “the big one” like Loma Prieta. But it’s over in less than a minute and you don’t have to worry about another one for 50 years or so.

Californians aren’t as lucky with data breaches. Our Attorney General Kamala Harris just issued the “California Data Breach Report” which indicated:

With the world’s eighth largest economy and more than 38 million consumers, California is uniquely impacted by data breaches. In 2012, 17 percent of the data breaches recorded in the United States took place in California – more than any other state. Even more troubling, the number of reported breaches in California increased by 28 percent in 2013…. Largely due to two massive retailer breaches, one of which, the Target breach, involved the payment card data of 41 million individuals, including 7.5 million Californians.

The report goes on to make the following recommendations:

AccelOps Posts Record 2014 with Fourth Quarter Growth of 77 Percent Year-over-Year

Thanks to our fantastic team and loyal customers, AccelOps achieved a , with fourth quarter growth of 77 percent year-over-year and growth of 58 percent for the fiscal year ended Sept. 30, 2014.

Global customers, renewals, subscription licenses and professional services across all sectors, including Managed Service Providers (MSPs), healthcare, financial services, biotechnology, energy and retail, contributed to the growth.

It was a year of big successes for AccelOps, from the launch of , to numerous awards and accolades from industry analysts and influencers.

But we think our analysts and customers say it best:

Why Isn’t Online Voting Ready for Prime Time?

Voting season is upon us and you’re probably asking the same thing I am … when will I be able to e-vote on my phone, tablet, or laptop?

David Dill, professor of computer science at Stanford University and founder of Verified Voting, non-partisan non-profit group that advocates for accuracy and transparency of elections,had :

We do a lot of things online, like banking, that require security. Why not voting?

“Surprisingly, it’s practically impossible to make online voting secure. There have been many, many reports over the past decade by top computer scientists explaining the difficulty of trying to do that. If you try to bank online you can, if something goes wrong, get a statement at the end and see if your money went to the wrong place. When you vote there’s no way to get a voting statement because we’ve got a secret ballot. If somebody was able to tell you how you voted so you could check whether it was recorded properly, that would be a big, big problem.”

Happy National Cyber Security Awareness Month! (Who Knew?!) Here are Five Ways to Avoid IT Security Breaches

October is a huge month for awareness … we have National Breast Cancer Awareness Month, National Bullying Prevention Month, and National Cyber Security Awareness Month, established by the Department of Homeland Securityin 2004.

Here are five ways you can help prevent security breaches to your data, systems, or operations:

1. Disable all accounts when an employee leaves your organization

According to , 17% of breaches come from insiders who work or previously worked for an organization. Coincidently, the IBM study finds that 95% of security breaches are a product of human error. Breaches are easier to pull off when you have inside information on an organization/company. Be sure to disable accounts for all former employees, even the ones who leave on good terms.

AccelOps Named Security Leader in SANS Top 20 Critical Security Controls

It’s an honor for AccelOps to be listed as a security leader in the for 2014. In fact, .

The SANS Institute is quite an interesting organization. It is the largest cooperative research and education organization for information security training, certification and research.

The SANS Top 20 Critical Security Controls, now in its fifth version, lists essential security controls that help define and guide strategies and solutions for effective cyber-defense. It is a valuable checklist that security and IT managers use to evaluate how systems and strategies address major threats and vulnerabilities. Inclusion on the list is validation that the vendor delivers a high level of security control.

Masque Attack Leaves Apple Devices Vulnerable

After Apple’s much-publicized iCloud celebrity photo hack in late August, Apple’s iOS system is under siege once more.

recently reported that they discovered vulnerability in Apple’s iOS software, called “Masque Attack.” This new attack tricks users to download a malicious app with a deceiving name crafted by the hacker like, “New Angry Birds.”  

The vulnerability exists because iOS doesn’t enforce matching certificates from apps with the same bundle identifier. Masque Attack couldn’t replace Apple’s own platform apps such as Mobile Safari, but it can replace apps installed from app store.

FireEye has identified 3 steps in which iOS users can protect themselves from Masque Attacks:

TNBANK Enhances Security Monitoring and Alerts with AccelOps

Think it’s a challenge to keep your company’s IT secure? Think of regional banks and the challenges they face daily, with compliance mandates and ongoing vulnerabilities exposed.

TNBANK of Tennessee took a stance and chose AccelOps for security and complete infrastructure visibility into its financial systems.

Headquartered in Oak Ridge, Tenn., TNBANK is a commercial bank focused on the unique needs and opportunities of its community. The bank has five locations in three Tennessee counties.

Why Mark Jackson Is My New Hero … and Slick Willie Sutton Could Have Been a Stellar CISO

Turns out all banks aren’t the same. I didn’t learn that from precocious kids or talking animals on TV. I learned it when I met Mark Jackson last week. Mark is the CISO at Westamerica Bank. He’s six foot six and looks like Chris Mullin in his prime. He extended his hand to shake and I thought he was going in for a post-up fadeaway hook. Mark has five kids ranging in age from seven to 21 which explains why he speaks with the authoritative tone of a drill sergeant. He also knows more about data security and loss prevention than anyone I’ve ever met.

I asked Mark several questions to understand how his team manages monitoring, intrusion detection, and GLBA compliance. He wasted no time replying and his answers were insightful without sounding rehearsed – like he was drawing up a pick and roll play for nine year olds. Most CISOs take simple ideas and make them complicated. He did just the opposite. I asked two questions that captured the tone of the hour we spent together.

A Guy Walks Into a Bar Chart … Tell a Story with Your Data [webinar]

AccelOps new Visual Analytics tool, powered by Tableau, provides you with enhanced reporting and visualization capabilities for your network data … and this data has many stories to tell:

• Who is trying to hack into my network? Where are they from? 


• How can I use a honeypot to identify security weaknesses in my system? 


• What type of anomalies are occurring on my network? 


• How do I know what’s “normal” behavior and what needs my attention? 


• How can I cross-correlate AccelOps data with other data in my network? 

Join us to see how Visual Analytics can create a compelling story that is brought to life by meaningful visualizations:

From the Show Floor at Tableau Conference 2014

We recently with Tableau’s Visual Analytics product, and we couldn’t wait to share it with their customers at Destination Data 2014 in Seattle.

(Come visit us in booth #407 if you’re also here, by the way!)

(Shhh!!) Get a Sneak Peek at the New AccelOps Visual Analytics Product

Get a preview of the new AccelOps Visual Analytics product at next week’s . Visual Analytics provides you with enhanced reporting and visualization capabilities for all of your AccelOps data.

In addition to the hundreds of pre-defined reports and charts currently available in AccelOps, we are expanding our reporting capabilities. Powered by Tableau Software, Visual Analytics lets you see, understand, and analyze your AccelOps data easily and beautifully.

You can see patters, identify trends, and discover visual insights in seconds for a variety of use cases including:

• Compliance


• Anomaly detection


• Business service monitoring


• Hybrid cloud monitoring


• Device and application health


• Integrated operations/security dashboard

… using a wide range of visualization tools:

• Heat maps


• Bubble charts


• Geo maps


• Tree maps


• Circle views


• … and a dozen more

Be the first to see Accelops Visual Analytics in action:

Terminate [Your Phone] with Extreme Prejudice

Most big companies these days have security guidelines regarding their BYOD programs. For an unnamed defense contractor mentioned in this Bitglass post: , that policy is that no classified data could be downloaded to personal mobile devices.

People being people, it only took about a week for somebody to break that rule. An employee sent out a classified email through the corporation’s standard mail delivery system rather than sending it through the confidential network. The recipients now had classified US government data on their day-to-day iPhones.

Oops.

Russians Steal 1.2 Billion Passwords … Makes Target Breach Looks Like Child’s Play

A Russian internet crime ring has pulled off what could be the biggest internet theft of passwords so far. The Russians injected malware into the databases of over 420,000 websites and made off with around 1.2 billion username and password combinations and more than 500 million email addresses. These numbers make this incident five times larger than the Target breach.

These hackers hit websites belonging to the auto industry, real estate, oil companies, consulting firms, car rental businesses, hotels, computer hardware and software firms, and the food industry. The databases all tended to be SQL databases.

Will there be justice? Not likely. These criminals are Russians, and it’s up to the Russians to prosecute, if they can or even want to. (They don’t.)

Telsa Model S Not as Secure as You Think

As the world continues to progress toward the Internet of Things (IoT), opportunities for hackers increase as well. 

In China, Internet security company Qihoo has claimed to have forged a way to remotely control many aspects of the Tesla Model S, which is considered to be one of the more secure cars in the world.

Recipe for the Modern Data Center: Discover, Analyze, Automate

Today we announced , an IT operations analytics platform for the modern data center. Over the last several years, we have watched our customers’ data centers become a mix of virtual, physical and hybrid clouds. The traditional silo’d approach to monitoring and securing these networks is no longer working for them. Running various point solutions cannot provide them a single view into these diverse data resources, and the true value of being able to cross-correlate all this data is lost.

AccelOps 4 solves this problem by providing security, performance, and compliance monitoring all from a single screen. Now companies can maximize the power of their machine data across their physical, virtual and on-premise environments.

Feeling pessimistic about your IT security? You’re not alone.

64% of UK IT professionals feel as if they will be the victim of a cyber-attack in the next 12 months. That’s almost two thirds. Rather pessimistic of those professionals. The numbers, however, don’t seem to indicate they should feel any more bullish about network security in the future.

About 32% of those surveyed had already been attacked at least once this year. A full 49% of the participants reported that they had no clue about whether they had already been attacked. 61% rated their abilities to detect a cyber-attack at no better than average.

Who Do You Want on Your All-Star IT Team?

Just in time for the Major League Baseball All-Star Game this week, the Cleveland Indians have drafted AccelOps for their winning IT team.

A lot more IT happens at a major league baseball park than you might think. Attendance has boomed, along with the number and type of mobile devices that fans bring to games. IP security surveillance, mobile device access, digital signage, wireless network, ticketing, point of sale – the IT security challenges are huge and growing.

In an effort to gain full visibility into the organization’s network and to reduce the number of security point solutions, the Cleveland Indians have chosen AccelOps, the leading IT operations analytics platform for the modern data center. The Indians needed real-time analytics and alerts to remediate problems instantly, explained Nick Korosi, senior network engineer with the Indians’ IT staff.

“Our security threats are the same that any organization faces,” he said. “A professional sports team is an enterprise organization, just in a more exciting setting.”

A much more exciting setting.

Big Breaches in Small Business

There’s no such thing as a small data breach. Anytime a network is compromised, hundreds or even thousands of private citizens’ data are poa

ched by nefarious organizations for profit. It’s the responsibility of all businesses that deal with big data to make sure their customers’ data is secure.

Typically, we hear about the big breaches on the news. The Target Corp. breach is a good example. However, small and medium sized enterprises can be just as at risk as big corporations.

According to the LA Times, a law in California requires a company to give the CA Attorney General’s office a copy of a notice letter sent to all breach victims in the case that more than 500 Californians are affected. Since the law’s start in January 2012, there have been 380 letters sent. That equates to a major breach every 21/2 days.

Should You Expect Your Security Software to Predict the Future?

“What just happened in my network?”

Many of us turn to our IT security team to answer this question. It’s answered by analyzing data on scheduled increments – after the data enters into your system.

This after-the-fact analysis is clearly not adequate to secure data against today’s cybercriminals. Even a company as large and security-conscious as Target took two weeks to discover it had a security breach with its credit card data affecting more than 70 million individuals.

Modern data-center teams must move beyond “What just happened?” to “What’s going to happen next?”

AccelOps Positioned on the 2014 Gartner SIEM Magic Quadrant

The Gartner Magic Quadrant for Security Information and Event Management (SIEM) is an annual spring rite for the world’s top security companies.

AccelOps was included on the SIEM Magic Quadrant for the first time this year. The Gartner report noted that detection of threats and breaches, as well as compliance remain drivers for enterprises’ SIEM projects and purchases.

“Broad adoption of SIEM technology is being driven by the need to detect threats and breaches, as well as compliance needs,” said the report by Gartner analysts Kelly Kavanagh, Mark Nicolett and Oliver Rochford. “Early breach discovery requires effective user activity, data access and application activity monitoring. Vendors are improving threat intelligence and security analytics.”

Brazilian Hackers Steal $3.75 Billion In World’s Largest Cyberheist

Over the weekend, it was discovered that a group of Brazilian hackers compromised their nation’s second most popular digital payment method, Boleto Bancario, and made off with over 3.75 billion dollars, scoring perhaps the largest electronic theft in history.

Boleto, with its unique payment process that enables users to pay both online and offline, was responsible for around 18 percent of all transactions in Brazil in 2012.

RSA was the first to discover this threat. It has been billed by them as a “major fraud operation and a serious cybercrime threat to banks, merchants, and banking customers in Brazil.”

The cause?

“The man in the browser.”

Keeping Your Company Secure Using the SANS Top 20 Critical Security Controls

Have you ever heard of the ?

In case you haven’t, is the largest cooperative research and education organization for information security training, certification and research. The SANS Top 20 Critical Security Controls list essential security controls that help define and guide strategies and solutions for effective cyber-defense. That comes in kind of handy these days.

The SANS Top 20 Critical Security Controls is a valuable checklist that security and IT managers use to evaluate how systems and strategies address major threats and vulnerabilities. And it has become an accepted standard for developing security controls and functions that are effective against the latest cyber-threats.

5 Keys to PCI 3.0 Compliance [webinar]

As credit card security breaches become a staple in our news cycle, PCI 3.0 compliance continues to be top-of-mind for many of our customers.

Bob Russo, GM of PCI Security Standards Council said, “We want organizations to make payment security business-as-usual. And that’s the focus of the changes we’re making with version 3.0.”

With Bob’s comments in mind, we’ve put together a webinar called “5 Keys to PCI 3.0 Compliance.”

Join us and learn how to:

• Be “always ready” for a PCI audit


• Utilize pre-built, audit-ready rules and reports


• Automatically discover new – potentially rogue – devices on your network


• Stop “alert overload” (understand what’s important and what’s not)


• Get to root causes quickly and easily

.

What Enterprises Can Learn from the eBay Breach

 offered some good insights about what can be learned from the recent eBay breach:

“We caught up with TK Keanini, CTO at   firm Lancope, to get his take on what the eBay breach really means in the context of  security. He told us this is an unfortunate event but the reality is that all companies need to be ready for it to happen.

“Some companies are more ready than others. For example, eBay should programmatically force a reset of all passwords because just asking nicely will be ignored by too many,” Keanini said. “They also should offer a two-factor authentication method as others have done. All of these things help raise the cost to attackers.”’

How Anomaly Detection Could Have Prevented P.F. Chang’s Data Breach

Last week the confirmed a credit card breach at PF Chang’s:

“The scope of the incident is still unknown, but cybersecurity blogger Brian Krebs reported that data from thousands of stolen cards had been used at P.F. Chang’s locations between the beginning of March and May 19. Hackers can get into cash registers at retail locations and plant software that records data from the magnetic stripe of the backs of credit cards. Data from those magnetic stripes can then be re-encoded onto new plastic and used by thieves to buy goods.”

Like Target and Michael’s stores, this is another security breach at the point-of-sale (POS) credit card readers.

MainNerve Uses AccelOps to Deliver its Virtual Chief Security Officer Solution

“Being compliant doesn’t mean you’re secure, but being secure almost always means you’re compliant,” says Jeff Logsdon, founder and COO of managed security services provider MainNerve.

The company’s Virtual Chief Security Officer (CSO) solution includes unified threat protection, log collection and management, and persistent threat defense. MainNerve also provides compliance services to help companies assess their risk and achieve compliance.

The Seven Deadly Sins of SIEM

Target’s security breach is a parable that continues to unfold daily, and it has drawn all of in as interested readers, from companies that process transactions, to vendors who provide security solutions, as well as customers wondering how to protect themselves from fraud.

As a provider of security software, also known as SIEM (Security Information and Event Management), AccelOps believes that traditional SIEM solutions are indeed falling short. While there is no “one size fits all” to securing every network, these seven deadly sins of current SIEMs must be solved to effectively secure the data of the modern enterprise.

Deadly Sin #1: Client/Server Based Log Management Doesn’t Scale

Client/server architecture is used for log management in SIEM to normalize data in various log formats. For example, Windows logs are stored in a proprietary format, while network devices send syslog messages using the same RFC, but content varies. Database audit logs are a mix of table data and file audit data.

Windows XP Follow Up: XP May Be a Bigger Risk than Heartbleed

A few weeks ago offering some stop-gap measures for customers to minimize the risk of their now-unsupported Windows XP devices until they can upgrade.

stating that Windows XP posed an even larger threat than Heartbleed. Why? They explain it this way:

“Just as Y2K was a specific event, Heartbleed was just one vulnerability. It was identified, a patch was developed, and the world was put on notice. Now, we can move on. It was an isolated moment in time.

Windows XP, on the other hand, is now a permanent, ongoing ‘zero day’ vulnerability. If attackers are smart and stealthy, we may not even know how many vulnerabilities are discovered in Windows XP from this point on — or how critical they are. There won’t be any more patches or updates, so it’s permanently at risk.”

This is a complex problem for many companies that will likely involved a phased approach to a solution.

TechTarget published a helpful primer, “” This guide contains useful resources for IT professionals who are creating a migration plan from XP:

Webinar: Stop Malware and Advanced Persistent Threats

Target … Neiman-Marcus … Michaels Stores … how can such large, sophisticated companies be so vulnerable to malware and APT? In this webinar, we’ll discuss the major challenges that every company – large and small – must understand in order to stop malware and APT:

• How can you rise above your “alert noise” to understand what is truly a threat? 


• How can you cross-correlate information from various parts of your network? 


• How can you get to root causes faster? 


• How can you protect cloud and virtual machines? 


• How can you protect a constantly changing inventory of network assets? 

The answers to these critical security questions will be discussed in this webinar.

Another Cure for Your Heartburn: 5 (More) Keys to a Successful SIEM Implementation

Yesterday we posted a blog titled “.” Today we’re publishing the second 5 keys, which are from our e-book, .

Best Practice #6: Compliance and audit data requirements: Understand applicable industry, regulatory and legal obligations for security and risk management. Compliance reports and dashboards should be refined to support security analysts, internal and external auditors and the CIO or CSO. Be aware of any technical constraints that may impact performing investigations—without being able to trace back and analyze the necessary data, a firm’s liability, penalty and notification exposure may be greater than actual.

A Cure for Your Heartburn: 5 Keys to a Successful SIEM Implementation

Not surprisingly, the recent Heartbleed bug has prompted a groundswell of questions about how to effectively implement security information and event management (SIEM) software.

Our e-book, , takes a deep dive into how to have a successful SIEM implementation, optimize your resources and accelerate your return on investment.

Below is a quick summary of the first five keys to a successful SIEM implementation:

Best Practice #1: Malware control: Centralize malware monitoring, incident responses, assessing and reporting operational impacts from end point to perimeter with regard to ensuring activation and standard use, monitoring and reviewing malware activity, and most importantly, responding to issues. Make sure to include all sources including anti-malware applications, anti-virus, anti-trojan, spam filtering, web filtering and website scanners, DNS, IDS, VA and network flow operational data.

Heartbleed Update: AccelOps 3.7.x or Higher is Not Vulnerable

Dear AccelOps Customers:

Please note that the OpenSSL verison used in Accelops 3.7.x or higher is NOT vulnerable to the Heartbleed bug. More information regarding this is contained in the Knowledge Base article below.

If you have any questions please contact our customer support team either via the AccelOps Customer Support Portal or telephone 408-490-0903.

Compliant Does Not Equal Secure, Just Ask [Insert Company Name Here]

Tell me if this sounds familiar. A major retailer had a system breach which resulted in the loss of credit card data for millions of consumers. A non-profit hospice had a laptop stolen which contained unencrypted records on hundreds of patients. A well-known social media platform had a breach which resulted in the loss of user IDs and passwords for millions of users.

You’ve heard these and similar stories many times over the past few months. What do all of these have in common? They were all considered “compliant” to at least one of the common security frameworks such as the Health Insurance Portability and Accountability Act (HIPAA) or Payment Card Industry Data Security Standard (PCI-DSS).

How to Use Third Party Feeds to Detect Threats

One of the hot topics right now among our customers is how to use 3^rd party lists or feeds of information in their SIEM or log management tool.

Gartner has some good starting points and references .

This typically involves obtaining threat intelligence from single or multiple sources. This could include lists of operational threat intelligence indicators or artifacts such as IP, Domain names, URLs, or md5s of suspicious filenames that can be matched to behavior or traffic flowing through your network or enterprise.

How Do You Detect Information Leakage?

Information leakage or data exfiltration can occur in your company in many ways. Consider these two scenarios:

1. An employee accidentally or intentionally sends a spreadsheet containing confidential information via email to an unauthorised person


2. An employee accesses a confidential system across the network for the purpose of copying intellectual property to another system for exfiltration via other means

So how could you detect these two scenarios?

The True Cost of Compliance

The Ponemon Institute performed an independent study titled “” and showed that the cost of non-compliance (i.e. penalties and fines) are more expensive than the actual cost of being compliant. Given that they surveyed large organizations, the actual numbers used are huge so I will not cite them here since most of you will just stop reading.

What is applicable for all companies, however, is that when they adjusted the total cost of compliance by organizational headcount, compliance cost $222 per employee … whereas the cost for non-compliance came to $820 per employee.

When Does the “Nuclear Option” of Passwords Make Sense?

Sometimes organizations make a drastic decision to change everyone’s password at once.This action is like pressing the button to launch the nuclear missiles. It is always a last option, but it can be a good way to make sure you network is safe and stop a possible data breach.

Here are some examples of when that may be a viable option:

1. An administrator or technical person has left your organization on bad terms, and has knowledge of user passwords


2. A security breach has been discovered at the organization


3. Users or customers notify your organization of unusual activity with their accounts


4. You observe malware or botnet infestation at your organization


5. Passwords have never been changed or have not been changed in over 90 days

A View From the Show Floor: The Chatter at Interop Las Vegas

We’re exhibiting at Interop Las Vegas this week (come visit us at booth #1240!). It’s always great to “get out of the building” and hear what’s on the minds of 13,000+ IT professionals. Here are a few things we’ve heard:

1) IT Operations Tools Are Out Of Hand

We had a large governmental agency visit our booth at Interop. They described a scenario that we hear often: over the past couple of years they’ve been implementing one-off IT operations tools to detect malware, monitor CPU usage, track devices, and the like. While these tools are great for serving their intended purpose, this organization now has almost a dozen different tools running on their network … and the manpower costs of monitoring these tools is out of control.

How are they looking to solve this problem? By implementing a single tool that can manage security, performance, and provide real-time analytics about their network on one platform. We gave them a demo of how AccelOps can do this for them, and look forward to them soon benefitting from streamlining their IT operations tools.

30 Days of Compliance Q&As #30: How Do I Monitor Misconfiguration Proliferation?

Business World Computing UK recently posted  by Matt Hines. The article discusses the top 5 areas that are going to see the most security issues in organization. One issue they discuss is:

Misconfiguration Proliferation

Gartner notes that after 20-plus years as a building block of any security practice, more than 95 percent of firewall breaches will be caused by misconfigurations through 2018, not vulnerabilities.

30 Days of Compliance Q&As #29: How Should I Monitor Legitimate Network Partners?

Business World Computing UK recently posted  by Matt Hines. The article discusses the top 5 areas that are going to see the most security issues in organization. One issue they discuss is:

VIP Access Laxness

The proliferation of overly permissive connectivity allotted to legitimate partners continues to prove very dangerous. A quick look at some of the largest data breaches in recent history highlights that organizations must improve their ability to track and control these important pathways into their networks.

30 Days of Compliance Q&As #28: How Do I Detect Botnets?

Business World Computing UK recently posted  by Matt Hines. The article discusses the top 5 areas that are going to see the most security issues in organization. One issue they discuss is:

Botnets Not Caught Yet

Botnets undeniably remain a major issue; with malware architects still flexing their muscles by leveraging established beachheads within enterprise networks. A lot of work remains to be done to better police both inbound and outbound traffic and thwart such attacks.

30 Days of Compliance Q&As #27: How Do I Secure My Virtualized Network?

Business World Computing UK recently posted  by Matt Hines. The article discusses the top 5 areas that are going to see the most security issues in organization. One issue they discuss is:

Security Orchestration With IT Automation

With virtualization, software defined networking (SDN) and DevOps being adopted at a furious pace to increase flexibility and optimize networks there remain sizable hurdles for practitioners in keeping controls in lock step with changing infrastructure. Keep your eyes on this one for sure.

30 Days of Compliance Q&As #26: How Do I Deal With Mobile Malware?

Business World Computing UK recently posted  by Matt Hines. The article discusses the top 5 areas that are going to see the most security issues in organization. One issue they discuss is:

Mobility Instability

For years we had experts telling us that the rise of mobile malware would be a huge problem very soon … and then nothing happened. Now everyone is attempting to address the great tide of handheld attacks that have finally arrived and this should refocus efforts on keeping internal controls validated to halt attack escalation once handhelds inevitably get owned.

30 Days of Compliance Q&As #25: Does This Device Need To Be Monitored for HIPAA e-PHI Compliance?

Independent of the size of the organization, internal regulations, or the number of subject matter experts on staff, it seems like the same old questions always comes up, “Does this device need to be monitored for HIPAA compliance?”.

As a general rule, all servers and devices that are part of the creation, receiving, maintaining, storing, or transmitting e-PHI data are subject to HIPAA compliance. The answer to this question is more often “yes” then “no”, but may call in the “it depends” category.

30 Days of Compliance Day #24: PCI 3.0 Is In Effect … Are You Ready?

I had a conversation with a friend of mine recently. His company processes millions of dollars of credit card transactions per year. Our conversation went something like this:

Me: We just hosted a webinar on the recent changes in PCI 3.0.

Him: There’s a PCI 3.0??

I laughed incredulously and told him that, yes, indeed, PCI 3.0 went into effect on January 1^st of this year. Apparently this is still news to some companies who have to be PCI compliant.

30 Days of Compliance Q&As #23: How Should I Monitor Access to my Network?

This may seem like an easy question, but it continues to be a challenge for companies.

Just last week, UK-based Morrisons supermarket chain announced that information of 100,000 employees, including bank details and addresses, was stolen and posted online. An arrest has been made. However, the thief wasn’t an outside hacker … but was an internal employee.

30 Days of Compliance Q&As #22: My CEO Is My Biggest Security Threat – What Should I Do?

I recently read a study from Threat Track Security called

Interestingly, this study discovered that one of the biggest security threats comes from the corner office.

How could this happen? How could your executives make your organization less secure?

FREE Passes for Interop (April 1-3, Las Vegas)

Planning to attend Interop Las Vegas April 1-3? AccelOps has free Expo passes ($150 value!) available. Just use the code XYilveg231 at .

And come visit our booth for great swag and a chance to win a GoPro camera!

30 Days of Compliance Q&As #21: How Much Access Should I Give My Auditors?

The auditor’s perception of your readiness – or lack thereof – can heavily influence whether you pass or fail your audit. Prior to the onsite visit, request a list of exactly what information and reports the auditor needs, as well as who they want to speak to. This will allow you to represent you and your company as efficient and organized.

So once you’ve lined up your people and identified the systems, how much access should you give to your auditor once they’re on site? If you give too little access, they get suspicious … if you give too much, they start snooping into things beyond the scope of the audit. You need to walk a fine line by providing just enough access to satisfy the requirement. This is probably a case where you don’t want to overdo it.

30 Days of Compliance Q&As #20: Am I Still PCI Compliant After Windows XP Support Ends?

on April 8, 2014. After that date, Microsoft will not issue any security updates or provide technical support for the operating system. How does this affect your compliance?

The PCI Security Standards Council recently published “”

“PCI DSS Requirements 6.1 and 6.2 address the need to keep systems up to date with vendor-supplied security patches in order to protect systems from known vulnerabilities. Where operating systems are no longer supported by the vendor, OEM or developer, security patches might not be available to protect the systems from known exploits, and these requirements would not be able to be met.“

We Have MSPWorld Discounted Passes

Are you an MSP planning to attend MSPWorld March 27-28 in Orlando? (Details at ) AccelOps would like to offer you 50% off a conference pass! The conference is only $49.50 when you use the discount code Partner50 when registering at . Enjoy!

30 Days of Compliance Q&As #19: How Can I Protect My Point of Sale Systems?

US-CERT is part of DHS’ . They recently about how to protect Point of Sale (POS) systems:

POS System Owner Best Practices

Owners and operators of POS systems should follow best practices to increase the security of POS systems and prevent unauthorized access.

• 
  Use Strong Passwords: During the installation of POS systems, installers often use the default passwords for simplicity on initial setup. Unfortunately, the default passwords can be easily obtained online by cybercriminals. It is highly recommended that business owners change passwords to their POS systems on a regular basis, using unique account names and complex passwords.
  

30 Days of Compliance Q&As #18: Does This Device Have To Be Monitored for PCI?

Whether you are just starting on the path to PCI compliance, or you are a PCI veteran, the same old question always comes up.

“Does this device need to be part of our PCI monitoring?’

The answer to this question is not always as simple as “yes” or “no”, and often falls in the “it depends” category. As a general rule, all servers and devices that are part of the processing, transmission, or storage of card data are subject to PCI compliance.

30 Days of Compliance Q&As #17: Are You a Target for a Software Audit?

When you hear the word “audit,” you probably think of compliance mandates such as PCI, HIPAA, and SOX. However, software companies are getting into the audit game with increasing velocity.

A recent “” by Express Metrix showed exposed some interesting results.

Top five software vendors to have audited companies within the last two years:

1. Microsoft


2. Adobe


3. Autodesk


4. Oracle *


5. SAP

Source:

30 Days of Compliance Q&As #16: What’s Driving Increased Compliance Requirements?

We recently surveyed IT professionals as part of our “.”

We asked how many of them are subject to IT compliance requirements. Here’s what they told us:

65% said that they were subject to at least one IT compliance mandate.

30 Days of Compliance Q&As #15: How Do I Deal With “Alert Overload” and See What Alerts Are Important?

The in the recent Target breach was that the security was alerted that there were irregularities in the system, yet it took them almost two weeks to act on them:

“The disclosure came after Bloomberg Businessweek reported on Thursday that Target’s security team in Bangalore had received alerts from a FireEye Inc security system on November 30 after the attack was launched and sent them to Target headquarters in Minneapolis.

The FireEye reports indicated malicious had appeared in the system, according to a person whom Bloomberg Businessweek had consulted on Target’s investigation but was not authorized to speak publicly on the matter.

30 Days of Compliance Q&As #14: How Can I Use Honeypots to See If My Network Is Being Hacked?

Sun Tzu said in The Art of War, “… if you your and know yourself, you will not be imperiled in a hundred battles; if you do not know your enemies but do know yourself, you will win one and lose one; if you do not know your enemies nor yourself, you will be imperiled in every single battle.”

This is great advice from the 6^th century BC that is still relevant today. The only thing that has changed is that our battles are fought in cyberspace.

30 Days of Compliance Q&A #13: Does My Company Need a Data Governance Plan?

A recent survey by Rand Secure Data showed that 44% of companies don’t have a data governance plan … but 82% of companies face external regulatory requirements on electronic data. Without effective data governance policies and solutions such as archiving, backup and eDiscovery, companies are leaving themselves at serious risk.

30 Days of IT Compliance Q&A: #12 – How Do You Protect Your Log Information?

Why the auditor is asking this question:

Let us walk through an example of an attack of a system to understand why log data needs to be protected and why an auditor may ask this question.

1. 
   Initial Compromise – this can be through exploiting a vulnerability or possibly social engineering. There is a good chance that if logs are being collected the initial compromise will be logged within them.
   


2. 
   Establish Presence – This is where the attacker ensures there is a foothold on the system. This may use additional tools that are downloaded and executed on the system. Attacker will try to subvert various security defences in the network, collect credentials and potentially lay further malware. Again log information will show the network flows and process execution on the system.
   

30 Days of Compliance Q&A #11: How Can I Detect Tor on My Network?

One of AccelOps’ major customers came for a visit to our Santa Clara headquarters recently and told us how they used AccelOps to get Tor off their network.

Tor (previously an acronym for The Onion Router) is software that enables online anonymity and censorship resistance. Tor directs Internet traffic through a free, worldwide, volunteer network of more than 5,000 relays to conceal a user’s location or usage from anyone conducting network surveillance or traffic analysis.

Using Tor makes it more difficult to trace Internet activity, including visits to Web sites, online posts, instant messages and other communication forms, and is intended to protect the personal privacy of users, as well as their freedom and ability to conduct confidential business by keeping their Internet activities from being monitored.

30 Days of IT Compliance Q&A #10: What Should My Device Inventory Include?

Many compliance mandates require that you keep a device inventory.But those inventories are limited to a specific scope of devices. For example mandates such as PCI DSS (Payment Card Industry Data Security Standard) 3.0, require that you only inventory of devices applications that are involved in the processing or delivery of PCI information. Although this limited inventory would meet the compliance requirement, we recommend that keep a broader inventory to include all devices on your network.

Why? Recall the recent breachat Target.Hackers got into Target’s network from a computer that ran the HVAC system. The building’s HVAC system and was also run by an external third party organization.This particular computer was not involved in any processing, transmission or storage of PCI information and therefore did not need to be part of the PCI inventory, but it was the initial vector hackers entered Target’s network to steal PCI information.

30 Days of IT Compliance Q&A #9: How Do You Monitor External Connections?

This is a question that you may hear during a typical compliance audit. This question applies to many types of IT audits: PCI DSS, HIPAA, SOX, ISO, FERC, NERC, and more.

Why the auditor is asking this question: 

Properly monitoring your network perimeter is a fundamental approach to network monitoring and security. If only network connection is to be monitored then that should be the perimeter as this is where your ingress and egress traffic points are along with exposed services such as business applications like e-commerce, email and extranets. Without monitoring these external connections or remote working VPNs, you cannot properly manage the security of the network and the risk the organisation is exposed to.

30 Days of IT Compliance Q&A #8: Who Is Using Service Accounts?

This is a question that you may hear during a typical compliance audit. This question applies to many types of IT audits: PCI DSS, HIPAA, SOX, ISO, FERC, NERC, and more.

Why the auditor is asking this question: Auditors want to know if users are using their own accounts or if multiple users are sharing a single account. If someone does something in your network, they want an easy way to determine who performed that activity.

30 Days of IT Compliance Q&A #7: What Devices Were Added to Your Network Yesterday?

This is a question that you may hear during a typical compliance audit. This question applies to many types of IT audits: PCI DSS, HIPAA, SOX, ISO, FERC, NERC, and more.

Why the auditor is asking this question: Auditors ask about things that might show weakness in your processes. If you are unaware of something that will most likely be the thing that hurts your environment in the end. This seemingly basic question can be very difficult to answer if you don’t have the right tools and processes in place.

For example, you may be part of the server group, but you don’t have visibility into the network group and their devices. The network group just installed a new tool that required a web server to be installed on their server. Although they installed the software, they did not install any patches on the web server. You are not aware of the new software or the requirement to have a web server on their server. Now your organization is susceptible to vulnerabilities or attacks on the network server through the unpatched web server.

30 Days of IT Compliance Q&A #6: How Do I Get Compliance Buy-In From Other Departments?

Meeting the complinace requirements of mandates like PCI or HIPAA can consume considerable effort and resource for organizations. Standards such as ISO 27001 can be extremely daunting for enterprises as the scope can be so larger and cover so many different areas. So how do you do you tackle such projects?

30 Days of IT Compliance Q&A #5: How Can I Detect Abuse of Free Trial Downloads of My Product?

Last week’s show provided a great line-up of content. One of my favorite talks was by Oscar Salazar and Rob Ragan from Bishop Fox called “!”

The abstract read: What happens when computer criminals start using friendly cloud services such as Dropbox, Google Apps, Heroku, Amazon EC2 and Yahoo Pipes for malicious activities? This presentation will explore how to (ab)use the free public cloud for the business of computer crime. Oh! Also we violate the hell out of some terms of service. “

Many companies now offer a free trial version of their product that is hosted in the cloud. While this is great from a marketing and sales standpoint, it does pose challenges to the IT department. If you are providing a cloud-based free trial, how do you detect or prevent the criminal or the freeloader who is using or abusing your service for their own gains?

30 Days of Compliance Q&A #4: Does My Company Have To Comply with HIPAA?

The HIPAA Rules apply to covered entities and business associates. The US Department of Health and Human Services :

 1) Health Care Provider

• Doctors


• Clinics


• Psychologists


• Dentists


• Chiropractors


• Nursing homes


• Pharmacies

… but only if they transmit any information in an electronic form in connection with a transaction for which HSS has adopted a standard

30 Days of Compliance Q&A #3: Does My Company Have To Comply with Sarbanes-Oxley?

Every publicly traded company in the United States as well as every publicly traded foreign company doing business in the United States is subject to the provisions of Sarbanes-Oxley. In addition, private companies that are preparing for an initial public offering (IPO) are also subject to the mandate.

30 Days of IT Compliance Q&A #2: Does My Company Have to Comply with the PCI DSS Mandate?

The PCI DSS (Payment Card Industry Data Security Standard) was founded by Visa, Mastercard, American Express, and Discover in 2004 to ensure that merchants meet minimum levels of security when they store, process and transmit cardholder data.

PCI applies to ALL organizations or merchants, regardless of size or number of transactions, that accept, transmit or store any cardholder data.

The PCI Standards Council has created a comprehensive and easy to use which clearly spells out compliance mandates and provides merchants with resources to be compliant.

30 Days of IT Compliance Q&A #1: How Do I Prepare for a Compliance Audit?

For the next 30 days we will address questions about I.T. compliance … and how you can take the pain out of staying compliant. Do you have an I.T. compliance question you’d like us to answer? If so,  

These questions may span across many compliance mandates, from PCI DSS, HIPAA, SOX, ISO and more; or they may be specific to a particular mandate like FERC or NERC.

Many of our answers will involve using our software to solve your problem, but we’ll also include other tips and tricks that we think are useful.We’ll approach this by asking, “What questions might you hear during a typical compliance audit, and how can you best (and most easily) answer them?” 

So let’s kick off today’s question …

How do I prepare for a compliance audit?

Want a free pass to next week’s RSA Show in San Francisco? We have them for you!

Come visit AccelOps at RSA 2014 (booth #122 in Moscone’s South Hall) for our great giveaways and our daily drawings for a GoPro camera!

We have complimentary Expo passes available (value $125) for you and your colleagues.


The free Explorers Expo pass gives you admittance to keynote sessions Wednesday through Friday
(including Comedy Central’s Stephen Colbert) and admittance to the Expo Tuesday through Thursday.

Get your free tickets now

Registration is . Choose Explorers Expo Pass and enter the code EC4ACLOPS on the second screen of the online registration. The deadline is Feb. 21.

[infographic] What’s Keeping IT Execs Up at Night?

Big data? The cloud? Security? We wanted to know what’s keeping IT executives awake at night, so we recently asked attendees at Cloud Expo West about their priorities for 2014. Here’s what they told us: