Advanced Persistent Threats: Moving from Detection to Prevention and Response

| April 26, 2016

article image
New modern threats and multistaged attacks are now impacting every industry. The FBI estimates losses associated with a single recent attack at more than $100 million. Increasingly, difficult-to-detect attacks are changing the security protection landscape and, subsequently, the enterprise security posture. These attacks occur at multiple different points across the network, making it more difficult for companies to detect and respond to them. The limitations of signature-based security products are well known, and advanced models of threat detection are on the rise. This paper examines the specialized threat analysis and protection (referred to by IDC as STAP) market along with technology that can help protect companies from the rise of advanced, sophisticated, and tailored malware.

Spotlight

Quann

Quann, formerly known as e-Cop, is a homegrown cyber security services provider and a business unit of Singapore’s leading security organization, Certis CISCO. Quann has been in the cyber security business for over 15 years, and has evolved from being a Managed Security Service Provider serving Singapore-based enterprises and government agencies, to a leading regional cyber security services provider with an extensive Asian footprint. It is currently one of the largest cyber security service providers with multiple ISO/IEC 27001 certified, in-country next-generation Security Operations Centers (SOCs) in Asia that help organizations detect, prevent and respond to cyber threats. Quann’s next-generation SOCs operate on its own patented technologies which provide real-time, advanced detection and big data analytics to swiftly alert clients to both known and unknown threats. The company is headquartered in Singapore and has regional offices in Malaysia, Hong Kong, Thailand and India. It has

OTHER ARTICLES

Creating and rolling out an effective cyber security strategy

Article | April 16, 2021

What’s more, organisations should also keep in mind that prevention alone is not enough; according to IBM, the average breach detection and containment times currently sits in the region of 280 days. In this time, it’s easy for cyber attackers to gain a foothold in an environment and quickly cause damage. “When developing a cyber security strategy, traditionally enterprises have focused on the threat prevention with little attention given to detection and often none to response,” said Martin Riley, director of managed security services at Bridewell Consulting.

Read More

Ryuk: Defending Against This Increasingly Busy Ransomware Family

Article | February 12, 2020

On December 16, 2019, the U.S. Coast Guard disclosed a security incident at a facility regulated by the Maritime Transportation Security Act (MTSA). Forensic analysis suggests that the incident might have begun when an employee clicked on a link embedded in a phishing email.This action enabled a threat actor to set Ryuk ransomware loose on the facility’s network. Ultimately, the infection spread to all IT network files, leading Ryuk to disrupt the corporate IT network and prevent critical process control monitoring systems from functioning properly. Phishing is one of the primary infection vectors for most ransomware families, but there’s an interesting twist with this particular family. As noted by Malwarebytes, a typical Ryuk attack begins when a user opens a weaponized Microsoft Office document attached to a phishing email. Opening the document causes a malicious macro to execute a PowerShell command that attempts to download the banking trojan Emotet. This has the ability to download additional malware onto an infected machine that retrieves and executes Trickbot.

Read More

The Coronavirus is Already Taking Effect on Cyber Security– This is How CISOs Should Prepare

Article | March 18, 2020

Cynet has revealed new data, showing that the Coronavirus now has a significant impact on information security and that the crisis is actively exploited by threat actors. The Coronavirus is hitting hard on the world’s economy, creating a high volume of uncertainty within organizations. Cynet has revealed new data, showing that the Coronavirus now has a significant impact on information security and that the crisis is actively exploited by threat actors. In light of these insights, Cynet has shared a few ways to best prepare for the Coronavirus derived threat landscape and provides a solution (learn more here) to protect employees that are working from home with their personal computers, because of the coronavirus. Cynet identifies two main trends – attacks that aim to steal remote user credentials, and weaponized email attacks:

Read More

Authentication and Passwords Concerns Top New Ponemon Institute Report

Article | February 20, 2020

IT security practitioners are aware of good habits when it comes to strong authentication and password management, yet often fail to implement them due to poor usability or inconvenience, says the 2020 State of Password and Authentication Security Behaviors Report by Yubico and Ponemon Institute. According to the report,IT security practitioners and individuals are both engaging in risky password and authentication practices, yet expectation and reality are often misaligned when it comes to the implementation of usable and desirable security solutions. The tools and processes that organizations put in place are not widely adopted by employees or customers, making it abundantly clear that new technologies are needed for enterprises and individuals to reach a safer future together.

Read More

Spotlight

Quann

Quann, formerly known as e-Cop, is a homegrown cyber security services provider and a business unit of Singapore’s leading security organization, Certis CISCO. Quann has been in the cyber security business for over 15 years, and has evolved from being a Managed Security Service Provider serving Singapore-based enterprises and government agencies, to a leading regional cyber security services provider with an extensive Asian footprint. It is currently one of the largest cyber security service providers with multiple ISO/IEC 27001 certified, in-country next-generation Security Operations Centers (SOCs) in Asia that help organizations detect, prevent and respond to cyber threats. Quann’s next-generation SOCs operate on its own patented technologies which provide real-time, advanced detection and big data analytics to swiftly alert clients to both known and unknown threats. The company is headquartered in Singapore and has regional offices in Malaysia, Hong Kong, Thailand and India. It has

Events