Month: April 2014

Posted on

Palo Alto Networks Protects Customers From Critical IE Vulnerability CVE-2014-1776

Summary:

  • Critical vulnerability (CVE-2014-1776) identified in Internet Explorer, with active attacks observed in the wild
  • IE vulnerability could be used to exploit multiple versions of Internet Explorer, including those on Windows-XP based systems, which no longer receive security updates from Microsoft
  • Palo Alto Networks Threat Prevention customers are protected from exploitation of the vulnerability
  • Cyvera endpoint solution specializes in preventing the type of exploitation behavior used in this attack

On Saturday, Microsoft disclosed a critical vulnerability in Internet Explorer, CVE-2014-1776, affecting Internet Explorer versions 6 through 11. The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability allows an attacker to execute arbitrary code in the context of the current user within Internet Explorer. This could be exploited with drive-by downloads or watering-hole attacks, and has been observed being used in attacks in the wild.

The exploit code used in these attacks only targets IE versions 9, 10 and 11, but earlier versions are still vulnerable. As of this writing, Microsoft has not stated when a patch for the vulnerability will be available, but in its advisory the company provided multiple work-arounds. Additionally, Windows XP systems running IE 6, 7 and 8 are also vulnerable, but will not receive a patch, as Microsoft no longer supports them.

Palo Alto Networks response:

  • We released an emergency content update on April 28th, 2014 that provides detection of attempted exploitation of CVE-2014-1776 with IPS vulnerability signature ID 36435 (“Microsoft Internet Explorer Memory Corruption Vulnerability”) with critical severity and a default action of reset-client. Palo Alto Networks customers with a Threat Prevention subscription are advised to verify that they are running the latest content version on their devices.
  • We are integrating Cyvera’s next-generation endpoint solution into our security platform. This integration will provide customers with the ability to stop zero-day attacks on browsers and operating systems to prevent future breaches that exploit unknown vulnerabilities, as we have seen used in CVE-2014-1776.

It is always important to view this type of critical vulnerability in the larger context of the threat landscape. Attackers identify thousands of critical vulnerabilities in commonly used software each year, such as Internet Explorer. Once identified, they then craft a seemingly endless supply of exploits that leverage these vulnerabilities to deliver unknown malware and compromise networks and endpoints.

Palo Alto Networks enterprise security platform is focused on providing an integrated approach to detecting and preventing advanced threats across each step in the attack kill-chain. Bringing together our next-generation firewall – again a Gartner Magic Quadrant Leader – Threat Prevention, URL Filtering, WildFire, and Cyvera’s ability to prevent exploitation of unknown vulnerabilities will allow us to continue offering ground-breaking protection for our customers’ networks and endpoints, including Windows XP clients.

[Source: Palo Alto Networks Research Center]

Posted on

ISACA International President: Introducing Cybersecurity Nexus

Today marks one of the most meaningful milestones of my tenure as ISACA international president. Today ISACA introduces Cybersecurity Nexus.

Developed in collaboration with chief information security officers and cybersecurity experts from leading companies around the world, Cybersecurity Nexus—CSX—fills an unmet need for a single, central location where security professionals and their enterprises can find cybersecurity research, guidance, certificates and certifications, education, mentoring and community.

This is a groundbreaking program. This is a critical time.

Several universities have good cybersecurity programs in place, but even these are not enough. With every employee and endpoint at risk of being exploited by cybercriminals, security is everyone’s business. At the root of ISACA’s new, comprehensive CSX program is the knowledge that there is a great need to make cybersecurity education and ongoing training as accessible as possible to the next generation of defenders and those already in the field.

Student interest in cybersecurity careers is strong. A recent global poll of ISACA student members found that 88 percent plan to work in a position that requires some level of cybersecurity knowledge. However, fewer than half say they will have the adequate skills and knowledge they need to do the job when they graduate. CSX aims to help address this imbalance.

CSX marks the first time in ISACA’s 45-year history that the association will offer a security-related certificate. The association’sfour certifications—including the Certified Information Security Manager (CISM) credential—require both an exam and proof of work experience. The Cybersecurity Fundamentals Certificate is different. It is ideal for recent university graduates and IT professionals seeking to change fields because it requires applicants to pass a knowledge-based exam that provides objective proof of subject mastery to potential employers. This certificate will empower young professionals while providing assurance to employers that they are hiring knowledgeable individuals.

In addition to the Cybersecurity Fundamentals Certificate, CSX includes career-development resources, frameworks, community and research guidance such as Responding to Targeted Cyberattacks and Transforming Cybersecurity Using COBIT 5. There is guidance for cybersecurity professionals at all stages of their careers.

And there are exciting offerings in the near future, including a mentoring program, a practitioner-level cybersecurity certification, SCADA guidance, training courses, implementation guidance related to the US Cybersecurity Framework developed by NIST and the EU Cybersecurity Strategy, and teaching materials for professors.

This is a comprehensive program and I am excited to be involved with it. I invite you to explore the many facets of CSX, consider ways that you can take advantage of offerings within, view related news and graphics, and share your thoughts with me in this space.

Tony Hayes, CGEIT, AFCHSE, CHE, FACS, FCPA, FIIA
International President, ISACA and the IT Governance Institute

[Source: ISACA]

Posted on

Gartner Magic Quadrant 2014

Business Intelligence and Analytics Platforms

Data Center Networking

Endpoint Protection Platforms

Enterprise Network Firewalls

Global MSSPs

Integrated Systems

Security Information and Event Management

WAN Optimization

8

Last Updated: 24-OCT-2014

Business Intelligence and Analytics Platforms
#Top

Data Center Networking
#Top

Endpoint Protection Platforms
#Top

Enterprise Network Firewalls
#Top

Global MSSPs
#Top

Integrated Systems
#Top

Security Information and Event Management
#Top

WAN Optimization
#Top

©2014 PhilipCao.com. All rights reserved. Please specify source when you copy or quote information from this website (Xin vui lòng trích dẫn nguồn khi bạn sao chép hay sử dụng lại thông tin từ website).

Posted on

Gartner Magic Quadrant 2013

Application Security Testing

Business Continuity Management Planning Software

Cloud Infrastructure as a Service

Content-Aware Data Loss Prevention

Data Masking Technology

E-Discovery Software

Endpoint Protection Platforms

Enterprise Backup/Recovery Software

Enterprise Information Archiving

Enterprise Network Firewalls

Identity Governance and Administration

Intrusion Prevention Systems

Managed Mobility Services

Mobile Device Management Software

Network Access Control

Secure Email Gateways

Secure Web Gateways

Security Information and Event Management

Unified Threat Management

User Authentication

20

Last Updated: 26-APR-2014

Application Security Testing
#Top

Business Continuity Management Planning Software
#Top

Cloud Infrastructure as a Service
#Top

Content-Aware Data Loss Prevention
#Top

Data Masking Technology
#Top

E-Discovery Software
#Top

Endpoint Protection Platforms
#Top

Enterprise Backup/Recovery Software
#Top

Enterprise Information Archiving
#Top

Enterprise Network Firewalls
#Top

Identity Governance and Administration
#Top

Intrusion Prevention Systems
#Top

Managed Mobility Services
#Top

Mobile Device Management Software
#Top

Network Access Control
#Top

Secure Email Gateways
#Top

Secure Web Gateways
#Top

Security Information and Event Management
#Top

Unified Threat Management
#Top

User Authentication
#Top

©2014 PhilipCao.com. All rights reserved. Please specify source when you copy or quote information from this website (Xin vui lòng trích dẫn nguồn khi bạn sao chép hay sử dụng lại thông tin từ website).

Posted on

Information Security as a Business Enabler

The business landscape has changed beyond recognition since I started working, way back in 1969. Every business is now reliant on IT systems and the Internet in order to function. (Just see what happens if your email systems are unavailable for an hour!) New technologies and working practices are introduced at a prodigious rate, as globalisation and consumerisation drive transformation and innovation.

As a result of our dependence on IT systems and connectivity, information and cybersecurity are being pushed up the corporate agenda. This is a good thing. However, information security and its practitioners are still seen as risk-averse business inhibitors who stifle innovation, limit agility and slow efficiency with their strict controls and policies.

Meanwhile, information security teams grapple with the challenges of securing increasingly complex and ever-changing threat landscapes, while attempting to secure increasingly diverse and poorly-understood sets of technologies.

With heightened attention at the board-level, information security professionals have an opportunity to reimagine information security as an enabling function, supporting and adding value to the business as it transforms and innovates. The challenge for many security people is that their passion and enthusiasm can be difficult to communicate to the senior level. We are asked to present arguments in a language business leaders can understand—to remove technobabble from our presentations. Oftentimes we struggle to properly express our concerns and we fail to engage these audiences.

Our information security functions must evolve to become business-led. We must bring business knowledge to security teams and educate security practitioners about the implications of threats. The perception of risk within information security must be changed. Information security must get management/stakeholder buy-in and become fundamental to enterprises, rather than a mere compliance issue. And the language used in this process must improve to ensure effective communication of risk intelligence without instilling fear, uncertainty and doubt.

My keynote panel session at next week’s Infosecurity Europe will explore how information security practitioners can position security as an enabling function and truly support the business. We will consider:

  • How to integrate security into agile business practices
  • New strategies to enable security teams to understand enterprise objectives and speak the language of business
  • How security can help the business collaborate internally, with suppliers and with customers
  • How the security function can inform and contribute to business decision-making
  • What skills are required for an effective security professional and what this all means for the role of the CISO

Peter Wood
Chief executive officer, First Base Technologies, LLP
Member—ISACA London Chapter Security Advisory Group

[Source: ISACA]

English
English
Exit mobile version