Posts Tagged ‘security’

InTrust 11.0 is unveiled

January 20, 2015

I am so excited to witness the birth of a wholly new product!

InTrust 11.0 is not just another major version update. With its IT Search feature it has a lot more to offer customers that face security challenges, struggle with IT compliance requirements or just sink in the ridiculous amounts of disparate IT data.

I want to give a big applause to everybody who made this release possible: development teams, marketing, support and everybody who supported the idea from its very inception. I am so happy to partake in building of the future.

As always, great talent and excellent execution yields innovative products.

 

Advertisements

Protecting #Point-of-Sale systems – anatomy of the recent #attacks on #retailers

February 4, 2014

We all heard about recent successes of cyber criminals at some of the popular retailers. What was not picked up by the news that well is why this happened and what can be done to prevent these Point of System terminals (PoS) from being compromised.

First of all, why PoS systems is a sweet spot for authors of POSRAM and ChewBacca malware?

There are a handful of reasons behind it.

  • Usually the risk of compromising PoS systems is underestimated. Companies tend to focus their time and IT budget on protecting critical servers and establishing perimeter security but not on workstations of their own employees and PoS terminals.
  • PoS system is the end device that actually swipe your card and thus either processes or stores critical payment card data which was the goal of the attack.
  • PoS systems have to be exposed to the Internet to be able to process payment transactions with the online payment systems such as VISA.
  • PoS systems are usually installed in locations without dedicated IT (store branches, restaurants, service agencies). IT in this case is usually outsourced to a 3rd party which needs remote access to managed systems creating a security risk.
  • PoS systems are usually connected to workstations which employees have a temptation to misuse for browsing internet when customer traffic is low.

Now what can be done to prevent consumer credit card data from being stolen?

What really helps is the autopsy of the affected systems performed by US-CERT in their recent warning to retailers.

Let’s take a closer look and see how this could have been detected and even prevented in the first place.

The US-CERT alert states that the malware used by criminals “parses memory dumps of specific POS software related processes looking for Track 1 and Track 2 data”.

Usually memory dumps are saved on a file system as system protected files. What if you could track access to those files after they were created? Who would normally need access to this cryptic data?

The official alert further states that “malicious actors could be taking advantage of default credentials to access the systems remotely” and that malware“exploits default and most likely weak credentials accessible over Remote Desktop”.

So, now if we could track remote logons under default credentials to PoS systems we’d be much better equipped!

And finally the news articles suggest that the technique used in the attacks is known as “advanced persistent threat” which is no more than a methodical attack targeting multiple systems and stretching  out in time.

Can the counter measure be as simple as alerting on attempts to guess the password of privileged accounts like Administrators across all of your PoS terminals and connected workstations?

Having seen mentions of “security attack” and “advanced persistent threat” one might think that this is all what expensive and cumbersome SIEM solutions are for. In fact, simple to use and yet effective log management tools like Dell InTrust that are proved to work on PoS systems will give you a much faster jump start and even integrate with SIEM solution of your choice if you opt to do so.

What sets InTrust apart is its nimble agent that can be deployed to tens of thousands of workstations and PoS terminals to do what you should be doing to battle the POSRAM like attacks. So, from tracking access to critical system files and alerting on attempts to brute force passwords of default accounts to monitoring the use of removable media and tracking details of every session of the remotely logged in user,  InTrust will get you covered.

Check out this InTrust for Workstations datasheet to know about other capabilities and how they can keep your PoS systems protected.

Originally published here 

When good admins go bad

April 12, 2012

Let’s face it – security breaches will happen. The main question is when. The recent data breach report from Verizon just reinforces this statement with unprecedented growth of security attacks reported across the board. Continue here.

Stay on top of security issues with OnDemand Log Management

January 27, 2011

You tell me how important it is to keep a close eye on the Holy Grail of most IT environments today – Microsoft Active Directory.  No one else can solve this pain for you in a more elegant way than OnDemand Log Management with its extended auditing capability which covers Active Directory and other IT infrastructure components.

In this short video watch how subscription bases OnDemand Log Management lets you:

  1. Easily set up comprehensive tracking of all changes made to Active Directory irregardless of the native auditing configuration
  2. Perform investigation of security issues by giving you tools to effectively search and analyze audit trails
  3. Take proactive measures to prevent security incidents from happening in the future
  4. Prepare evidence reports suitable for presenting to CSOs and external auditors


Want to conduct your own investigation now?

Sign up for a full functional trial and let us know how it goes.

Alexey

An enterprise without central IT

July 22, 2010

This week I attended Cloud for the Enterprise Event event held by Amazon in Los Angeles, CA.

Having gathered around 50 ITPros and execs the event was purposed to show enterprise readiness of Amazon IaS cloud services collectively called AWS. Amazon CTO Dr. Werner Vogels together with a band of product evangelists and lineup of AWS customers did a series of presentations which explained why Amazon is ready to accomodate enterprises:

  • Werner Vogels elaborated how recently introduced EC2 spot instances helped Amazon achieve one of the highest in the industry rates of server utilization which won’t blow out  your hosted services when “the Christmas day comes”.
  • Jerry Hunter, VP of Amazon Corporate IT, revealed that the company was undergoing a massive migration of all of its business critical IT services to the AWS infrastructure
  • Recently hired security super star Steve Riley brought even more confidence in AWS by telling how serious Amazon treats security of its services on all levels starting from access control to physical data centers and going all the way up to network segments isolation and VPC.
  • Customer representatives from different industries and verticals shared successful case studies of applying AWS to a variety of high demand and long durability business workloads including media distribution at MGM, image recognition by NASA JPL, multimedia content publishing at VMIX and even patient data exchange by Nimbus Health.

The common motto that I’m sure stayed in everybody’s head after the event was that Amazon IaS cloud has proven to be scalable, secure and cost efficient platform that will continue to revolutionize the way enterprises do IT today. Although it was hard to persuade myself that the world in its entirety is ready to embrace this new age of computing now I tend to believe that we’re gradually getting to this new order.

Here are a couple of inspiring quotes that I captured from the speakers:

Werner Vogels, Amazon CTO: “We’ve been innovating so fast that customers asked us to hold off”


Steve Riley, Amazon security evangelist: “Can you imagine that one day you’ll wake up in the world without central IT where the only thing that you plug in the office is a Cisco router?”


Jinesh Varia, Amazon technology evangelist, “Design for failures and nothing will fail”

Introduction

April 30, 2010

Hi there!

I’m very excited yet a little bit confused to start my professional blog. The main idea of the blog is to explode and develop my areas of interest to which I include Software as a Service  (SaaS),  Security Information Event  Management (SIEM), Information Security and Systems Management in general.

Today I’m a Senior Program Manager at Quest Software, smart systems management company. My job lets me stay on the edge of new technologies and explore what hides behind such buzz words as Cloud Computing became these days. I hope you’ll be hearing a lot from me on this topic later on.

I hope that someone who will happen to read this blog will find the content useful.   After all I don’t find it worthwhile to write for the sake of writing. So, your feedback and comments are greatly appreciated.

Stay tuned.