Wednesday, March 29, 2017

SANS Announces 2016 Best of Award Winners


Winners and honorable mentions of the SANS Best of 2016 award (and previous 2 year comparison) below - for various cybersecurity areas:

Vulnerability Assessment
Winner again: Tenable Nessus (2 years in a row)
Honorable Mention: Rapid7, Qualys

Next Generation Firewall
Winner: Palo Alto Networks PA Series (2015 was Fortinet)
Honorable mention: Check Point Software, Fortinet

Advanced Threat Detection
Winner again: FireEye Network NX (3 years in a row)
Honorable mention: Snort, Cisco

End Point Protection
Winner: Cylance PROTECT (2015 was Symantec Endpoint Protection)
Honorable mention: Symantec, Trend Micro

Application Security
Winner again: Qualys Web Application Scanning (WAS) (3 years in a row)
Honorable mention: Rapid 7, Checkmarx (tie), Veracode (tie)

SIEM
Winner: LogRhythm Security Intelligence Platform (2015 was IBM Security QRadar)
Honorable mention: Splunk, IBM

Threat Intelligence
Winner: CrowdStrike Falcon Intelligence (2015 was FireEye Threat Intelligence)
Honorable mention: FireEye Threat Intelligence, Cisco AMP Threat Grid

Endpoint Detection/Response
Winner: Carbon Black Platform
Honorable mention: Palo Alto Networks Traps, CounterTack Sentinel

https://www.sans.org/press/announcement/2017/03/27/

on No comments:

Wednesday, March 15, 2017

Quick and short about Botnets

When Zombies invade...
EFFECTS / Results can be devastating including:
  • DDoS – bombardment of requests/packets/traffic rendering systems/network inoperable
  • email spam that can be annoying but quickly lead to malicious / exploitation software and remote control of systems
  • keylogger (identity theft)
  • spyware and the likes that can lead to data exfiltration
  • adware that can alter webpages or click fraud for traffic redirect
  • DNS for misguided requests leading back to phishing and malware
  • IRC chat networks, and of course worms that pilferate the networks/systems

PREVENTION can be knowing your environment, network and application baselining for traffic and network behavior analysis; usual software/patching updates being current; cyber awareness and training;

IDENTIFICATION typically includes
  • anomalies in traffic patterns
  • IRC traffic (port 6667)
  • port 25 for spamming and outbound SMTP traffic
  • port 1080 for proxy servers
  • DNS requests
  • C&C Command and Control triggers which next-gen firewalls and AV should have
  • increased popups
  • spike in CPU or network usage

ERADICATION via botnet removal software including freeware BotHunter, Kaspersky, BotRevolt and others including rootkit detection/clean up packages.  IP address block, reputation blocking and HoneyPots can be a source for helping in the scenario.  That said, a plethora of vendor packages some under the term of Next-Gen Endpoint Protection address the detection / isolation / eradication of botnets...

Known Botnet list: Agobot, SDbot, mIRC-based; DSNX, q8, kaiten, Perl-based; Grum, Zeus, Conficker, Torpig, Sality, Cutwail, Tinba, Uptre, Ramnit, Windigo, Beehonem, Cutwail, Glupteba, ZeroAccess,

Also, useful sites for reference resource SANS


on No comments:
Subscribe to: Posts (Atom)