Critical Infrastructure Needs a Security Update

What if you woke up one morning and found that the New York Stock Exchange, The Wall Street Journal and United Airlines had all been breached? Would you fear our crucial infrastructure was under attack? While researchers have yet to find evidence of a coordinated cyberattack, the events of July 8 provide unsettling reminders of the fragility of automated systems. Institutions like the NYSE that are supposed to be the safest in the world with the most ironclad security measures in place are also vulnerable to attack.  And the breach at the Office of Personal Management shows us that government networks can be breached as easily as those in the private sector.

critical infrastructure

Every day, endpoint machines in the construction, utilities and maintenance sectors are susceptible to a host of IT challenges and cyber threats. As we continue down a path of total connectivity to each other and the Internet – commonly referred to as the Internet of Things (IoT) – it is evident that our core infrastructure is outdated and at risk.  The risk is compounded by the fact that many of the organizations that make up our critical infrastructure – those mentioned above as well as hospitals, utilities, airlines, and major media – have large computer populations that are geographically dispersed or have historically operated in isolated environments, far away from hostile network traffic.

Organizations that fall under the critical infrastructure domain are charged with protecting sensitive data and in some cases personal information. At the same time, they need to control costs and demonstrate compliance with a variety of regulatory demands. Unfortunately, all too often, connected capabilities are layered atop aged infrastructures and ‘good enough’ security practices are usually off-the-shelf software that relies on slow patches to handle emerging threats.

Triumfant’s AtomicEye enables organizations that are responsible for critical infrastructure projects to close gaps in endpoint computer security, enforce important configuration standards and maintain continuous compliance. We do this by detecting, stopping and remediating endpoint threats while limiting the need for human interaction. This approach reduces labor costs while assuring compliance with Supervisory Control and Data Acquisition (SCADA) standards and a host of government and industry regulations.

Triumfant’s AtomicEye complements and extends the defensive measures that the sector already has in place by:

  • Ensuring that the defensive software on each machine is in place, properly configured and in working order;
  • Enforcing security policies and configuration settings on a daily basis;
  • Serving as the last line of defense by detecting the malicious software that evades traditional signature based antivirus software such as zero day attacks;
  • Ensuring compliance with National Institute of Standards and Technology (NIST) and ICS (Industrial Control Systems);
  • And, if a machine is attacked, Triumfant performs a holistic remediation to ensure there are no harmful artifacts from the attack that leave the machine vulnerable. Best of all, the Triumfant remediation doesn’t disrupt day-to-day operations. If a breach is detected, the system will stay online during the fix.

In order to avoid a potential Cyber 911, it’s time for critical infrastructure providers to invest in proper security measures, to be proactive vs. reactive, and to lead other market segments by example.

 

John Prisco Takes Anti-Virus Vendors to Task

Triumfant’s outspoken CEO John Prisco recently authored a controversial blog post appearing on the popular site, The Next Web.  In The Cybersecurity Industry’s Billion Dollar Scam, Prisco calls in to question how the security industry operates.  As companies spend billions of dollars on cybersecurity technology to protect themselves against security incidents, which are rising rapidly, security vendors continue to produce insufficient technologies.  When a breach happens, and antivirus technologies fail, the same vendors then bring in a forensics team to investigate the breach – at an additional cost.

mobile-security-laptop-fingerprint-520x315

Prisco’s post has sparked an industry-wide dialogue, with the opinions and concerns shared striking a cord with vendors, organizations and pundits. NetworkWorld contributor, Patrick Nelson in his blog post, Cybersecurity is a ‘Con,’ Malware Entrepreneur Says summarizes much of Prisco’s TNW article and adds recent remarks from Bob Violino’s post in April titled, Antivirus Doesn’t Work. So Why Are You Still Using It? In this article, Violino writes: “One reason that antivirus is still being deployed is because it’s required for legal and compliance reasons. Plus, although it doesn’t catch everything, it still provides some level of protection.”  The same article goes on to quote Gartner’s Neil MacDonald, who says: “It is clear that traditional signature-based anti-malware solutions are increasingly ineffective.”

While some have accused Prisco of oversimplifying the complex topic of cybersecurity, making claims that are preposterous or attempting (albeit successfully) to garner attention through sensationalism, one thing is clear: In order to prevent major attacks like Sony, OPM, Home Depot, etc., we need to take a hard look at what’s going on.  As Prisco points out in his Dec. 19, 2014 blog post, Sony Hack – Who’s to Blame? AV vendors aren’t the only ones to blame – companies and hackers play an important role.

  • Companies don’t bother to properly fund IT security or properly secure their critical assets making it really easy to be hacked.  Companies need to rethink their approach to security and recognize that attacks happen.  They need security solutions that quickly detect and investigate anomalous activity and minimize the damage.
  • Security vendorsfail to innovate.  They push the same old products that don’t work and provide little more than a false sense of security.
  • Hackers seeking profit, protest, challenge or just enjoyment will continue to find and exploit weaknesses in computer systems and networks. Stop making it so easy for them.

It’s time for organizations to wake-up and activate change.  Make security a top priority every day. Invest in next-generation security products that discover and remediate attacks that escape detection by sandbox tools.

 

Triumfant Expands Partner Connect Program with Addition of Defensative

partnershipWe are pleased to announce that Defensative has joined the Triumfant Partner Connect Program.  As a leading provider of proactive enterprise-level security management services, Defensative is the latest MSSP to join Triumfant’s expanding partner roster.

Offering 24 hours a day, 365 days a year monitoring of client networks, Defensative gives organizations the ability to review real-time security alarms and vulnerabilities and provides tips on how to help better protect their network. By strategically adding companies like Defensative to Partner Connect, Triumfant is able to offer small and mid-size businesses access to advanced malware protection, elevating their network security to a level equivalent to that of Fortune 1,000 enterprises.

Triumfant CEO John Prisco explains: “Triumfant understands that in an evolving marketplace, no single company can deliver all parts of a comprehensive, critical solution.  With the addition of Defensative to our MSSP program, we are able to provide more complete end-to-end IT solutions for our customers.”

Since its launch in October 2014, Triumfant has signed six new resellers to Partner Connect and expects to expand its MSSP program to 15 partners across a global geography by year end. For more information about Triumfant and the Partner Connect program, please visit http://www.triumfant.com/channel.html

 

 

Bloomberg TV Appearance: Large Hack Targets Federal Workers. What’s Next?

bloombergTriumfant CEO John Prisco was a featured guest on the Bloomberg television program “Bloomberg Markets” on June 12 to discuss the recent OPM hack.  As more federal personnel records have been hacked than previously reported and U.S and U.S. officials are weighing responses ranging from launching new counterintelligence initiatives to destroying the data in the intruders’ servers, according to people briefed on the investigation.

http://www.bloomberg.com/news/videos/2015-06-12/large-hack-targets-federal-workers-what-s-next-

Host:   Mr. Prisco, why did this happen?

Prisco: Unfortunately, it’s just so darn easy to breach computer systems, whether they’re federal government systems or large enterprises like Sony.  And 90% of the battle is just having good cyber-hygiene.  And by that I mean making sure you do the little things, like patch well your systems.  So many companies, so many agencies have old computers that have come out of support that they’re just not patching them, and it makes it very easy to adversaries.  It’s not like you have to have the A team from China or Russia to do this.  It’s pretty easy.

Host:  Sir, U.S. cyber policy.  Is it sophisticated enough?  Are we behind the curve?

Prisco: I think we’re behind the curve, and it’s primarily because our processes take too long.  When you go through a procurement, it’s going to take 18 months.  There’s going to be a pilot project that will take another year, and by the time it’s implemented, you’re talking about three, three and a half years.  And in cyber terms, that’s a lifetime, so products and systems are being deployed that are obsolete as soon as they are deployed.

Host: Mr. Prisco, am I wrong, but does it seem as if we are always two or three steps behind people who would do us harm in this phase?

Prisco: You’re not wrong.  We are behind, and we’re not playing on a level field.  It’s much harder to play defense.  The adversaries are playing offense and they only have to complete one forward pass and they score.  So we have to defend against everything.  Unfortunately, we haven’t evolved quickly enough, and we’re using twentieth century technology to fight twenty-first century adversaries.

Host: Sir, when you say that I’m shocked, and I’m sure our audience is too, that also begs the question why?  We are in the twenty-first century, and it seems that some of our adversaries in this space, they have better technology than we do.

Prisco:  Well, look at the big companies that are in this space.  They’ve been living off of anti-virus software that we’re all familiar with.  But those products don’t work anymore, because they’re all based on having some form of prior knowledge, what we call signatures.  The bad guys are too smart.  They just say well, I know that this signature exists in this product, so I’m going to write something special just to breach this one individual company or agency.  And in fact, 70 to 90% of all attacks are specifically engineered to go after a company or an agency.

Host: Sir, is then just a question of cost?  What are the economics of beefing up our cyber security defenses?

Prisco: Well I think it’s interesting that budgets are getting cut left and right in the federal government, for cyber security.  And we keep talking about how important this is.  But from where I sit, it’s really not important enough.  Large corporations aren’t doing enough, the government’s not doing enough.  And it’s going to take some major event like knocking the power grid off in the northeast during winter to get people to really pay attention to this.  And that’s a shame.  Every week there’s a breach.  We could have our own show about the breach of the week here.

Host: Is this close to being happen?  Is this something that keeps you awake at night?  The power grid going off, or maybe a nuclear power plant being knocked offline and compromised?

Prisco:  It is worrisome.  Because I believe that all of these systems are still quite vulnerable.  And unless we start using some of the newer technology that’s based on really understanding the DNA or the atomic structure of a computer and looking at anomalous behavior, we’re going to keep failing once we use the prior knowledge techniques of the twentieth century.

Host:  Mr. Prisco, right now the debate seems to be whether cyber security, whether the rules should be voluntary or whether the rules should be mandated by the federal government in terms of or under the auspices of national security.  Where do you fall in this debate?

Prisco:  I don’t think regulation is going to help.  Because if the federal government was going to do something positive about this, they’d do it for themselves.  Now you have over four million federal workers — family of mine, friends of mine, colleagues of mine — that are going to get an 18-month life lock kind of identity prevention policy.  We’re just telling our adversaries, “Be patient.  Wait 19 months.  And then you can steal our personal information.”

Host:  Sir, in about 30 seconds, what’s the answer then?

 Prisco:   The answer is deploying the best technology.  Too often, people are worried about getting fired for buying innovative products.  You know the old saying, “Nobody ever got fired for buying IBM.”  Well there are millions and millions of dollars being spent on marketing products that just don’t work.  So we need to show some nerve and buy the type of products that start-up companies in this country are very good at producing.

Host:  Is that nerve going to have to come from the private sector do you think?

Prisco:  I think it is, and as long as people keep deploying old computers that aren’t being patched, you’re going to see a breach every week.

Triumfant at SINET Innovation Summit, June 25 in NYC

Triumfant returns to the SINET Innovation Summit next week in New York City as an event sponsor.  The annual event connects America’s three most powerful epicenters – Wall Street, Silicon Valley and the Beltway – and evangelizes the importance of industry, government and academic collaboration on joint research initiatives.

Check out Triumfant’s CEO John Prisco at last year’s event as he discusses Advanced Volatile Threats (AVTs) or in-memory malware attacks that take place in a computer’s random access memory (RAM) and why these attacks are so difficult to detect.  https://brighttalkservices.app.box.com/s/qsgi8s5i38zb3akrwur6/1/1361189080/12229270148/1

Triumfant has a long history with the Security Innovation Network (SINET), being named a SINET 16 Innovator in 2011 and again in 2013 for its ability to detect the most advanced malware threats and nation-state actors targeting large enterprises and government organizations globally.

As Robert D. Rodriquez, Chairman and Founder of SINET points out, “It is the only forum of its kinds that connects the builders, buyers, investors and researchers who are working together to advance security innovation.”

We hope to see you there!

http://www.security-innovation.org/innovation-summit_2015.htm

 

 

Microsoft About to Ring the Dinner Bell for Hackers, Ending Support for Windows Server 2003: Triumfant Responds

Gartner EventToday, at the annual Gartner Security & Risk Management Summit, Triumfant announced comprehensive support for endpoint environments running all versions of Windows. Once again Microsoft is about to ring the dinner bell for hackers, deciding to eliminate support for Windows Server 2003 starting in July, an operating system running in more than 60 percent of all businesses.  Good news for Triumfant customers and prospects: The AtomicEye Windows agent is backward compatible, supporting machine populations running Windows 2000 up to Windows 10 launching on July 29, and all versions of the Windows Server.

Microsoft’s decision to end support for Windows Server 2003 will impact millions of organizations, exposing security vulnerabilities and making them easy prey for cyber criminals and nation state actors.  As seen by the Sony attack, where unsupported Windows XP systems were still in place, the exploits available to hackers for unpatched operating systems are many. Businesses worldwide run an estimated 23.8 million physical and virtual instances of Windows Server 2003, according to data released by Microsoft in July 2014.  The technology is more prevalent in industries such as health care, utilities and government.  According to a report released by Trend Micro, it’s still used in roughly seven percent of point of sale (POS) systems.

John Prisco, CEO of Triumfant shares: “This represents a huge target surface for cyber criminals.  We’ve assured all of our customers that a new support program in place will protect them as AtomicEye runs smoothly and supports all versions of Windows dating back to Windows 2000.”

Triumfant’s AtomicEye Windows agent provides real-time detection and automatic remediation of advanced malware and other sophisticated attacks occurring in-memory or on a computer hard drive.  To learn more go to www.triumfant.com or visit us at booth #427, June 8-11 at the Gartner conference.

Triumfant’s John Prisco Talks IRS Breach on Knowledge@Wharton SiriusXM

sirius

The data breach at the IRS that left the personal information of 104,000 taxpayers in the hands of thieves was the topic of the May 28 Knowledge@Wharton program broadcast on BusinessRadio Channel 111, SiriusXM.  Triumfant’s President and CEO John Prisco joined host Dan Loney to discuss the breach, how it happened, what it means for the future of government agencies and how this breach impacts the average individual.

The unprecedented surge in online tax scams by increasingly sophisticated criminals, potentially backed by the Russian government, has challenged the IRS to respond quickly to get ahead of the fraudsters, especially during this year’s tax season after hackers targeted TurboTax, the country’s largest online filing service. Tax officials estimate that the government has lost billions of dollars in recent years to fraudulent refunds filed by hackers who steal personal information on tax returns, then use it to claim a refund in a taxpayer’s name before they file.

Loney: How notable or worrisome is the IRS breach?

Prisco: The IRS breach indicates a more difficult and worrisome problem:  companies (and government agencies) don’t practice enough cyber hygiene to prevent these types of breaches.  Had the IRS had two-factor authentication in place, this breach wouldn’t have occurred. Now the public is paying the price.

This breach was really a perfect storm.  Not only do you have the information obtained by very patient adversaries but also the hack on tax preparation software.  TurboTax was too complacent and didn’t have enough security measures built into their software to properly guard against skilled adversaries.

Loney: How difficult is it to put in two-factor authentication?

Prisco:  Not difficult at all.  Many banks do it today, where they send a text message to your phone with a code to complete your transaction, login or filing.  We’re seeing with recent breaches, the IRS and Anthem breaches in particular, that very rich and personal information like Social Security Numbers, medical records, email addresses, credit card numbers, are being targeted. I think we’re going to see this same data being used by perpetrators in years to come.  Adversaries are skilled and patient. But this can be avoided, if prudent steps are taken by the good guys to make it harder for the bad guys to succeed.

Loney: So if companies aren’t fully vested in IT security, they are missing the ball?

Prisco: Very true. We see examples of major breaches occurring on a monthly basis and they will continue to occur. Take a look at the Sony hack for example.  It was almost a ‘man amongst boys’ scenario.  North Korea had very sophisticated capabilities and Sony was running outdated, unsupported, and unpatched Window XP machines.  Once again ignoring basic cyber hygiene and making it very easy for the attackers to not only take huge amounts of data but also cripple systems like payroll.  If companies aren’t invested at the CEO or Board level in taking proper security measures, it can be a disaster for the company.

Loney:  The IRS said it will contact the 104,000 taxpayers whose information was compromised, as well as the 100,000 for whom attempts were unsuccessful. The first group will be offered credit monitoring, while the second will be warned that thieves have their personal information.  Is this enough?

Prisco:  Unfortunately this seems a lot like taking home the home version of the game when you lost on the gameshow. The problem isn’t going away.  We’re tossing 20th century technologies at 21st century adversaries.  The class of security products used today, like anti-virus, relies on prior knowledge or signatures.  This is effective in only 20-25% of attacks.  The future of cybersecurity is dependent on new products entering the market now.  These products can analyze large data sets, leverage machine learning and examine the behaviors taking place on the endpoint to take action based on these behaviors.  As long as we continue to use old technology, it will be easy for adversaries to beat us.

Loney: What recourse is there for the IRS?

Prisco: Besides installing stronger security systems and flagging anything suspicious in a taxpayer’s return, from addresses that didn’t match up with what the government had on file to large deductions for self-employed people, they should also be looking at machine behaviors.  If there’s more frequency than normal with the Get Transcript function on their web site, this is an indicator of possible malicious activity. Something could be amiss requiring further investigation.  I like to say, “never send a human to do a machine’s job.”  Install endpoint security software that continuously monitors machine behavior, investigates anomalous activity and preforms automatic remediation.

Loney: It seems like we’ve only reached the tip of the iceberg and have a far way to go to claim victory, if at all?

Prisco: If you look at BYOD, the Bring Your Own Device to work phenomena, it gets a lot of media attention for being a possible security gap.  But the truth is mobile devices aren’t often targeted yet because it’s so easy to penetrate a regular work computer.  Here again, companies don’t practice basic hygiene like patching their systems.  Take for example Microsoft’s decision to end support for Windows Server 2003.  It’s like ringing the dinner bell for hackers.  If you are running Windows Server 2003, expect it to be hacked.

Loney: Is it understood among large companies that security needs to be their #1 priority?

Prisco:  A small percentage of companies feel and act that way.  Most companies run a skeleton security crew.  They don’t have the sufficient staff or budget to properly prevent targeted attacks from occurring.  Security is really viewed as a cost center vs. a strategic necessity.  Attitudes need to change if we are to be triumphant against hackers.

 

Follow

Get every new post delivered to your Inbox.

Join 691 other followers