Triumfant Launches AtomicEye — Ends the Global Malware Endpoint Epidemic

atomic-eye logo finalWe are excited to announce the launch of AtomicEye today — the latest version of our endpoint security agent for Windows-based and Mac OS X environments.

Cyber criminals are more persistent and creative than ever, corrupting government and corporate IT systems – resulting in great economic damage to corporations, government agencies, and the global economy.  An alarming 95 percent of all U.S. enterprises claim that they are being successfully attacked today. Those same organizations report an average 200 day latency period between when an attack has occurred and when the breach is discovered – allowing ample time for attackers to extract huge amounts of data as seen with the targeted attacks at Sony, Home Depot and Target.

An epidemic is at hand and the magnitude of these security failings requires a completely new approach: one with a greater dependency on immediate detection and automatic remediation based on deep analytics and an atomic view into machine assets and change behaviors.  AtomicEye’s central purpose is to ensure that once inside a company’s or government agency’s systems, no attacker can leave with proprietary information, damage to enterprise systems is minimized, and critical assets are secured. Check out coverage of AtomicEye appearing in eWEEK.

When high-value assets are at risk, instant detection and rapid response is critical.  AtomicEye achieves this by continuously scanning more machine assets than any other endpoint security product – more than 700,000 assets per protected machine. This atomic view allows Triumfant to see an almost infinite set of machine behaviors and trend anomalies that indicate the presence of advanced malware. AtomicEye’s continuous monitoring permits an unprecedented capacity to detect with certainty, in real-time, and at the point of infiltration, persistent or volatile malware.  No signatures or any other form of prior knowledge is needed. As soon as a change occurs a remediation plan is set in motion, making it impossible for damage to be done and/or assets to be compromised,  Within minutes of an attack, Triumfant AtomicEye goes to work, automatically repairing any damage caused and restoring the compromised machine(s) back to its original, clean state. With AtomicEye there are no interruptions or downtime to the business and no human action or interpretation is required.

John Prisco, CEO of Triumfant recently sat down with Forbes magazine to discuss the sad state of cyber security and Triumfant’s revolutionary approach.  He shares: “There is too much of ‘good enough’ security occurring industry-wide. And ‘good enough’ is not good enough, because you see what’s been happening, Many breaches continue for over 200 days before they are discovered. If you don’t find something quickly, what’s the use of finding it at all?” Check out the complete interview here.

To learn more about AtomicEye,visit http://www.triumfant.com.

Anthem Fails its Security Health Check-Up: 80 Million Affected by Breach

Anthem Inc., the country’s second-biggest health insurer reports hackers broke into a database containing personal information for roughly 80 million of its customers and employees in what is likely to be the largest data breach disclosed by a healthcare company. “Tens of millions” of records have been stolen exposing names, birthdays, addresses and Social Security numbers.  On a positive note, the breach doesn’t appear to involve medical information or financial details such as credit-card or bank-account numbers. Most likely the hackers could have easily taken that information also, but were content to leave with what they could carry.

Anthem is just another example of the magnitude, sophistication and volume of breaches that occur on a daily basis, though most go undetected.  Security is no longer about protecting the perimeter and keeping adversaries out, it needs to be about detecting and minimizing the damage once they get inside — stopping a breach before it becomes a full-scale attack.

data breaches

The security industry is coming from a mindset of “fire and forget” where companies think they are safe because they have a well-known, well marketed, antivirus solution in play.  This attitude and faulty thinking needs to change or companies will continue to fall victim to hackers, criminals and nation-state actors at a cost of $3.5 million per intrusion.

Why Do These Attacks Keep Happening?

AV vendors are developing products in a vacuum — they simply don’t address the sophistication of today’s adversary, but they continue to sell huge amounts of product. Organizations then fall prey to the marketing hype and market share of antivirus solutions that don’t work. Traditional security products are easy for hackers to circumvent because they aren’t rigorous.  To be rigorous you must collect enormous amounts of data on each protected machine to find where malware hides.  You must be able to scrupulously monitor the memory of each computer in your network (most advanced attacks happen in-memory and go undetected). And lastly, you need a solution in place that can rapidly detect suspicious activity and create a machine-generated response vs. alerting a team of people that get to the fire too late (as in the case of Target, Sony and probably Anthem).

Triumfant is rigorous.  It continuously scans more than 700,000 assets per protected machine.  Triumfant’s memory process scanner is capable of detecting malware in memory or on the hard drive.  Triumfant detects the presence of malware and automatically builds a remediation plan and repairs the machine, and any collateral damage, within minutes of an attack – not hours, days or weeks.  And, no human intervention is required.  As we see time and again, security teams can’t detect or react fast enough to advanced attacks with alert-driven tools.  Triumfant emphatically closes the breach detection gap, enabling organizations to thoroughly detect and respond quickly to sophisticated attacks that bypass traditional tools.  Anthem and others – take note.

Endpoint Security Becoming a Hot Ticket Item in the Enterprise

laptop and shield antivirusEnterprise Strategy Group (ESG) has published new research on the endpoint security market that indicates a changing landscape.  In the report, The Endpoint Security Paradox, ESG surveyed 340 IT and information security professionals representing large midmarket and enterprise-class organizations in North America in order to accurately assess organizations’ endpoint security technologies, policies, and processes.  As we well know, existing security tools are primarily designed for “set and forget” or alert-driven usage, they do not have sufficient security monitoring, detection and response capabilities.  CISOs are realizing that these legacy security methods are no longer enough to keep pace with the sophistication and elusiveness of today’s adversaries.  The limitations of traditional AV are causing companies to rethink, and reinvest, in endpoint solutions:

  • Two-thirds (66%) of organizations have rethought their endpoint security tools and processes with the goal of creating a stronger endpoint security strategy.
  • More than half of organizations have purchased new endpoint security solutions in addition to the tools already in the environment.
  • Nearly three in five (57%) organizations have increased their budget for endpoint security and associated activities.

As Triumfant has always said, organizations must align endpoint security with their overall enterprise, or defense-in-depth security strategy. As ESG suggests, this will require an integrated architecture where endpoint security interoperates with network security, threat intelligence, and security analytics.

Triumfant’s scalable platform picks up where the vast majority of prevention tools stop – effectively closing the gaps left by firewall, antivirus, sandbox technologies and IPS.  Triumfant can easily integrate with third-party SIEM tools, trouble-ticketing applications, network forensics applications and services to complete an organization’s defense-in-depth strategy and detect, stop and automatically remediate advance threats that evade other security defenses.

Don’t let your next breach become a full-scale attack.  Contact Triumfant today.

National Standard for Reporting Data Breaches: Good or Bad Idea?

20150112_obama_idfraudThis week, President Obama outlined a proposal that would require companies to inform their customers of a data breach within 30 days of discovering their information has been hacked. The plan is intended to unify nearly four dozen disparate state data breach disclosure laws into a single, federal standard. Good idea, right?  Yes, in theory.  In practice, sharing threat data has a shelf life and expiration comes quick. Targeted attacks are custom and therefore don’t lend themselves to repeat usage making the shared information obsolete before it ever has a chance to be seen, digested or acted on.

The more helpful information would be for companies to share how they were breached – anonymously, of course.  As an industry, we hear about credit card breaches on a weekly basis, but we know very little about how these retail establishments were breached in the first place.  While forensics firms are called in to investigate, sometimes they are unable to precisely pinpoint the cause of a breach.  A mandate for sharing the how (if known) in a timely and centralized fashion would go a lot further in helping companies and the government prevent and properly respond to cyber threats than the what and when.

Revenge Hacking Isn’t the Answer: Better Endpoint Security Is

ioEvAkeVqGs4Bloomberg has reported the FBI is investigating whether any U.S. banks were behind a “retaliatory” cyberattack on an Iranian computer network believed to be the launching pad for a 2013 attack on bank websites. This investigative report comes on the heels of the Sony mega-hack which has caused a general sense of unease inside many companies as they struggle to shore up security measures and avoid being the next Sony.

Some companies that have fallen victim to foreign attacks are conducting unsanctioned, offensive operations in an effort to retrieve stolen data or knock computers offline to stop attacks. Counterstrikes got a good deal of visibility recently as the U.S. mounted a “proportional response” against North Korea for the Sony breach, causing widespread Internet outages throughout the country.

Are offensive, counterattacks a good idea for private companies to entertain?  As the article points out, many companies discuss hacking back in the immediate aftermath of a breach but almost none follow through.  The stakes are too high and retaliation could make things worse i.e., hackers who are still in the network could escalate the assault.

The real issue at hand is that companies that are hacked don’t have sufficient defensive protections in place so they consider offensive tactics.  An estimated 43% of U.S. companies experienced a data breach in the last year, costing the global economy an estimated $575 billion annually.  Anyone can complete an offensive attack. It’s akin to completing a five-yard out pass in football.  But the tools that security companies have provided on defense make defending that football play nearly impossible.

The weekly parade of security breaches illustrate just how inefficient network security products are.  It’s best to have a policy of rapid detection and removal because prevention has failed 95% of companies that are hacked.  It’s time to invest in innovative, next-generation end-point security products, like Triumfant, that detect AND remediate breaches before they become full-scale attacks.  It’s time for security professionals to have the peace-of-mind that comes from knowing they won’t be the next Sony and that they can start each day with their endpoints secure, compliant and attack ready.

Worst Security Breaches of 2014

Cyber-Crime

As 2014 comes to an end, we reflect on the worst data breaches of the year, how they may have been contained (we purposefully avoid the term prevented here) and the growing trends to anticipate in 2015 – mainly, the maturity of for-profit criminal networks.

2014 started and ended with major security breaches making headlines. The Target breach, which compromised 40 million credit and debit cards, 70 million phone numbers, mailing addresses and email addresses, happened in late 2013 but most of the details became public in early 2014.  While anti-malware software and the Department of Justice flagged the problem, Target was slow to respond to alerts (a common industry problem).  As Triumfant shared in its Jan. 20 blog post, the Target breach also points to the flaws of the payment card industry’s data security standards (PCI-DSS) which only conducts audits on a monthly basis.  Major retailers should deploy endpoint security on check-out terminals, in additional to the processing servers, to ensure continuous monitoring of breaches and that the systems are audit-ready every day.

In April the Heartbleed Bug was discovered. A serious vulnerability in the popular OpenSSL cryptographic software library, Heartbleed allowed cybercriminals to steal information that would normally be protected by the SSL/TLS encryption used to secure the Internet.  While the industry scrambled to fix the problem and patch the hole, Heartbleed represented a much bigger security issue — it demonstrated that traditional perimeter security is not enough and that security breaches are inevitable.  A new approach is needed, one that combines network security measures (firewall, IPS/IDS, sandbox) with the endpoint. More here: http://bit.ly/1zubv1g

JP Morgan Chase confirmed that 76 million households and 7 million small businesses were impacted in a data breach in June and July. JP Morgan said that financial data—including account numbers, passwords, dates of birth, Social Security cards—was not accessed in the breach. Customers who use Chase.com, JPMorganOnline, Chase Mobile or JPMorgan Mobile may have had their contact information accessed, including names, addresses, phone numbers and email address. John Pricso, CEO of Triumfant spoke with eSecurity Planet on the breach sharing: “Gone are the days when a tool like anti-virus was a good enough security solution and hopefully this serves as a proper wake-up call to the industry.” FBI looked to Russia as the culprit, suspecting the breach was reprisal for US sanctions.  John Prisco also shared his expert opinion with the readers of Ars Technica.

Dairy Queen, Home Depot, AT&T, Goodwill Industries, Neiman Marcus, PF Chang and Michaels also found themselves victims of data breaches and malicious attack.  But the worst came in December when Sony Pictures Entertainment experienced the biggest data breach of the year and among the most devastating to any corporation ever. Attackers broke in and took whatever they wanted.  Early estimates predict losses of hundreds of millions resulting from the leak of personal and employee information, business plans, unreleased movies and other confidential and proprietary studio information. Add to that lawsuits being filed against Sony by former employees seeking damages they say they suffered because the company failed to adequately protect the data.  The Sony mega-hack will go down as an IT security professional’s worst nightmare.  See Triumfant’s take here: Sony Hack Who’s to Blame?

While most of the 2014 data breaches were carried out for profit – such as theft of credit card information – the Sony attack was intended to hurt its victim as much as possible on multiple fronts – financially, personally, and professionally. It’s time for organizations to wake-up and activate change – invest in security solutions that prevent cyber criminals from leaving with valuable assets rather than preventing cyber criminals from getting in AND make security a top priority every day.

Sony Hack – Who’s To Blame?

Sony_Hacked_By_GOP_Employee_Screenshot

While the White House considers the devastating cyber-attack on Sony Pictures Entertainment “a serious national security matter,” and is still evaluating how best to respond, we in the security sector know all-too-well that Sony is just the latest example of how easy it is to penetrate the networks of our most critical private and public infrastructures – stealing valuable data, tampering with critical assets and crippling the operations of market-leading companies.

Sony, like most companies, doesn’t take security seriously until it’s too late.  They failed to conduct routine maintenance on their systems, lacked encryption and had no mechanism to detect and respond properly to a breach.  Now we have Sony execs and the government saying the breach is most likely the act of a sophisticated hacking network sanctioned by North Korea (Really? Duh!). While Sony attempts to deflect attention away from their own incompetency and slipshod defense, the fact remains – their security was an absolute joke, penetrable by a high-school student with rudimentary computer science skills.

In an article by the Associated Press, Sony Pictures Entertainment CFO David C. Hendler complained to CEO Michael Lynton that the company had experienced significant and repeated outages as a result of limited hard disk space, outdated software, poor system monitoring, and unskilled IT workers. The AP reported that hackers targeted executives to trick them into revealing passwords and that many employees used easy-to-guess passwords. Additionally, strategic plans and medical information about some employees were stored in unencrypted form.

Sadly, Sony’s sloppy security hygiene is commonplace.  Most corporations and smaller businesses are no better at securing their data.  Breaches like Sony will continue to happen because corporations, security vendors and hackers are complicit.

Companies don’t bother to properly fund IT security or properly secure their critical assets – this is evident by the volume of breaches that occur daily.  It’s really easy to be hacked.  Companies need to rethink their approach to security and recognize that attacks happen.  They need security solutions that quickly detect and investigate anomalous activity and minimize the damage.

Security vendors fail to innovate.  They push the same old products that don’t work and provide little more than a false sense of security.

Hackers seeking profit, protest, challenge or just enjoyment will continue to find and exploit weaknesses in computer systems and networks. Stop making it so easy for them.

It’s time for organizations to wake-up and activate change.  Make security a top priority every day. Invest in next-generation security products that discover and remediate attacks that escape detection by sandbox tools.  Your business and our national security depend on it.

Follow

Get every new post delivered to your Inbox.

Join 633 other followers