Day: October 16, 2015

Posted on

10 Security Certifications To Boost Your Career

Earning a security credential can help you open the door to a great job. But you need to know which certification is the right one for you.

GIAC Security Essentials (GSEC)

Global Information Assurance Certification (GIAC) is the leading provider and developer of Cyber Security Certifications, globally recognized by government, military and industry leaders. GIAC tests and validates the ability of practitioners in areas including security administration, forensics, management, audits, software security, and legal.

Description
This certification is designed for candidates who want to demonstrate skills in IT systems roles with respect to security tasks. Ideal candidates for this certification possess an understanding of information security beyond simple terminology and concepts.

Prerequisites: None

Exam: GIAC Security Essentials (GSEC)
(180 questions, 5 hours, 73% passing score)

Approx. Cost for Exam
$1,099 USD, administered by Pearson VUE (Affiliate Pricing for GIAC Certification in conjunction with SANS training is $629 USD)

Available Courses
Recommended course SEC401: Security Essentials Bootcamp Style,

Self-Study Material
Training events ($5,950 USD), Self-study books and DVDs ($5,350 USD), Videos from Dr. Cole

Online Practice Test
SANS Security Essentials Assessment Test, (Login credentials required)

(Image source: GIAC)

(ISC)² certifications are globally acknowledged as the Gold Standard in for educating and certifying information security professionals. (ISC)2 provides certification in areas such as information security, system security, authorization, software development, digital forensics and healthcare. The two key certifications are Certified Information Systems Security Professional (CISSP) and Systems Security Certified Practitioner (SSCP).

This certification is designed for candidates interested in the field of information security. The ideal candidates are those who are information assurance professionals and know how to define the information system architecture, design, management and controls that can assure the security of business environments.

Prerequisites
Candidates must have a minimum of 5 years of paid full-time work experience in 2 of the 8 domains of the CISSP Common Body of Knowledge (CBK), which covers critical topics in security including risk management, cloud computing, mobile security, application development security, and more.

Exam
CISSP – Certified Information Systems Security Professional (250 questions, 6 hours, 70% passing score)

Approximate Cost for Exam
$599 USD (For Americas, Asia Pacific, Middle East and Africa regions), administered by Pearson VUE

URL
https://www.isc2.org/cissp/default.aspx

Available Courses
CISSP Course Overview

Self-Study Material
Exam Outline Official (ISC)² Guide to the CISSP
— Official (ISC)² CISSP CBK Training Seminar, and SSCP CBK Training Seminars
–(ISC)²’s Live Online course

Online Practice Tests
–(ISC)² Practice Tests App is available for iOS users: NOTE: The CISSP and SSCP practice test questions are not currently aligned with the domain refresh. New questions will be available in mid-2015.

Image Source: (ISC)²

This certification is designed for candidates interested in the field of information security. The ideal candidates are those who are information assurance professionals and know how to define the information system architecture, design, management and controls that can assure the security of business environments.

Prerequisites
Candidate is required to have a minimum of one year of cumulative paid full-time work experience in one or more of the seven domains of the SSCP CBK. If candidates do not have the required experience, they may still sit for the exam and become an Associate of (ISC)² until they have gained the required experience.

Exam
SSCP – Systems Security Certified Practitioner (125 questions, 3 hours, 70% passing score)

Approximate Cost for Exam
$250 USD (For Americas, Asia Pacific, Middle East and Africa regions), administered by Pearson VUE

URL
https://www.isc2.org/sscp/default.aspx

Available Courses
SSCP Course Overview

URL Self-Study Material
Exam Outline
(ISC)² Guide to the CISSP
(ISC)² CISSP CBK Training Seminar and SSCP CBK Training Seminars
(ISC)²’s Live Online course.

Online Practice Tests
(ISC)² Practice Tests App is available for iOS users. NOTE: The CISSP and SSCP practice test questions are not currently aligned with the domain refresh. New questions will be available in mid-2015.

Image Source: (ISC)²

 

Information Systems Audit and Control Association (ISACA) certifications are globally accepted and recognized, and are known for helping candidates combine the achievement of passing an exam with credit for their work and educational experience.

The key certifications offered by ISACA are Certified Information Security Manager (CISM) and Certified Information Systems Auditor (CISA). Other certifications offered include Certified in the Governance of Enterprise IT (CGEIT) and Certified in Risk and Information Systems Control (CRISC).

Description
This certification is for candidates who have an inclination towards organizational security and want to demonstrate the ability to create a relationship between an information security program and broader business goals and objectives. This certification ensures knowledge of information security, as well as development and management of an information security program.

Prerequisites
Candidates must have five years of work experience in the field of information security, with at least three years in the role of information security manager.

Exam
Certified Information Security Manager (CISM) (200 questions, 4 hours, 450 as the passing mark for the exams required)

Approximate Cost for Exam
Applicant can register for an ISACA exam via online registration or a hard copy registration form. Note: There is an additional $50 USD processing fee for applying for certification. Cost of online registrations: $490 USD (for ISACA members) and $675 USD (for Non-ISACA members).

URL
http://www.isaca.org/certification/cism-certified-information-security-manager/pages/default.aspx

Available Courses
ISACA offers CISM Review courses for various regions.

Self-Study Material
CISM exam preparation, including prep resources, certification job practice, terminology, a glossary, study material and review courses in required area.

Online Practice Tests
CISM Self-Assessment Exam

Image Source: ISACA

 

 

The CISA certification is a globally recognized certification for IS audit control, assurance and security professionals. With this certification, candidates can showcase their audit experience, skills and knowledge, and demonstrate the capability to assess vulnerabilities, report on compliance and institute controls within their enterprise.

Prerequisites
Candidates must have five years of work experience in the fields of Information Systems Auditing, Control, Assurance or Security.

Exam
Certified Information Systems Auditor (CISA) (200 questions, 4 hours, 450 as the passing mark for the exams required)

Approximate Cost for Exam
Applicant can register for an ISACA exam online registration with

URL
http://www.isaca.org/Certification/CISA-Certified-Information-Systems-Auditor/Pages/default.aspx

Available Courses
http://www.isaca.org/Certification/CISA-Certified-Information-Systems-Auditor/Prepare-for-the-Exam/Review-Courses/Pages/default.aspx.ISACA offers CISA Review courses for various regions.

URL Self-Study Material
CISA exam preparation, including prep resources, certification job practice, terminology, a glossary, study material and review courses in required area.

Online Practice Tests
CISA Self-Assessment Exam

Image Source: ISACA

 

EC-Council is a member-based organization that certifies individuals in various e-business and information security skills. Here is a list of all the certifications that EC-Council provides: Certified Ethical Hacker (CEH); Computer Hacking Forensic Investigator (CHFI); EC-Council Certified Security Analyst (ECSA); Licensed Penetration Tester (LPT); EC-Council Network Security Administrator (ENSA); EC-Council Certified Incident Handler (ECIH); EC-Council Certified Security Specialist (ECSP); EC-council Certified Disaster Recovery Professional (EDRP); Chief Information Security Officer (CISO); Certified Secure Computer User (CSCU); Certified Ethical Hacker (CEH) is the most common and widely used certification.

Description
CEHv8 is a comprehensive Ethical Hacking and Information Systems Security Auditing program, suitable for candidates who want to acquaint themselves with the latest security threats, advanced attack vectors, and practical real time demonstrations of the latest hacking techniques, methodologies, tools, tricks, and security measures.

Prerequisites
Candidates must attend official training or have at least two years of information security related experience.

Exam
Certified Ethical Hacker (CEH) Exam 312-50 (125 questions, 4 hours, 70% passing score)

Approximate Cost for Exam
The version 8 exam costs $500 USD for the actual test and $100 USD as a nonrefundable fee for registration, administered by Prometric Prime/ Prometric APTC/VUE.

URL
http://www.eccouncil.org/Certification/certified-ethical-hacker

Available Courses
CEH Courseware– US Market Only ($825 USD): course outline, exam.

Self-Study Material
iLearn (Self-Paced $664 USD), Live, Online, Instructor-led ($2,895 USD)

Online Practice Tests
Online Practice Tests

Image Source: EC-Council

EC-Council Certified Security Analyst (ECSA) is an advanced ethical hacking certification and a step ahead of a CEH. This certification helps analysts validate the analytical phase of ethical hacking by being able to analyze the outcome of hacking tools and technologies. By making use of innovational network penetration testing methods and techniques, an ECSA can perform the intensive assessments required to effectively identify and mitigate risks to the information security of the infrastructure. The ECSA certification is designed for candidates who are Network Server Administrators, Firewall Administrators, Information Security Testers, System Administrators and Risk Assessment Professionals.

Prerequisites
Candidates must attend official training or have at least two years of information security related experience.

Exam
ECSA v8 (150 questions, 4 hours, 70% passing score)

Approximate Cost for Exam
The version 8 exam costs $500 USD for the actual test and $100 USD as a nonrefundable fee for registration, administered by Prometric Prime/ Prometric APTC/VUE.

URL
https://cert.eccouncil.org/ec-council-certified-security-analyst.html

Available Courses
ECSA/LPT v8 Courseware + iLabs – US Market Only ($700 USD). Course outline

Self-Study Material
iLearn (Self-Paced $559.65 USD), Live, Online, Instructor-led ($2,889 USD)

Online Practice Tests http://www.eccouncil.org/Training/ecsa-assessment

Image Source: EC-Council

 

CompTIA is the leading provider of vendor-neutral IT certifications, offering 16 certification exams in PC support, networking, servers, Linux, security, cloud, mobile and more. CompTIA provides certification series that test various knowledge standards, from entry-level to expert. For security specifically, CompTIA offers the CompTIA Security+ certification.

Prerequisites
Candidates must have a minimum of two years of experience in IT administration with a focus on security. Network+ certification is recommended before taking the Security+ exam.

Exam
SY0-401 CompTIA Security+ certification (90 questions, 90 minutes)

Approximate Cost for Exam
$302 USD

URL
http://certification.comptia.org/getCertified/certifications/security.aspx

Available Courses
To see what the exam covers, fill out this form.

Self-Study Material
Online learning tool, classroom training, study material, e-learning

Online Practice Tests
Click here.

Image Source: CompTIA

CWNP is a non-profit organization that sets the IT industry standard for vendor-neutral enterprise Wi-Fi certification and training. Currently, CWNP focuses on 802.11 wireless networking technologies and offers 6 levels (Entry to Expert levels) of career certification for Enterprise Wi-Fi in areas including fundamentals, administration, security, analysis, design, mastery and instruction.

The CWSP certification is a professional level wireless LAN certification that ensures candidates have the skills to successfully secure enterprise Wi-Fi networks from hackers, without dependency on the brand of Wi-Fi gear deployed in the organization.

Prerequisites
Applicant must hold a current and valid Certified Wireless Network Administrator (CWNA) credential.

Exam
CWSP-205 exam administered by Pearson VUE (60 questions, 90 minutes, 70% passing score, 80% passing score for instructors)

Approximate Cost for Exam
$225 USD

URL
https://www.cwnp.com/certifications/cwsp

Available Courses
None

Self-Study Material
CWNP offers self-study products for CWNP certification exams including books, practice tests, and kits.

Online Practice Tests
CWSP practice test questions

Image Source: CWNP

[DarkReading]

Posted on

Balancing Containment and Notification: Being Practical When Handling a Data Breach

When a company suffers a data breach—or fears that it has suffered a breach—teams often go into panic mode. When the dust settles, work divides into two camps: those focused on business continuity and containment, and those focused on determining if the organization has any breach notice obligations under relevant laws.

Often, these goals can be in conflict—or at least resources to achieve these goals can conflict. Different teams work on different sides of the issue. Internal resources are stretched. Outside resources overlap. What can a company do? First, recognize that both goals are important and deserve resources. Second, account for both goals throughout the breach “process.” The following are some concrete steps companies—and their breach crisis teams—can take:

  • Before the incident: Everyone knows about creating an incident plan, and giving it a test run. But what about taking steps to understand your business realities and needs? Being prepared and ready to address a breach, if it arises, hinges on a good understanding of the types of information you have, where you have it, and with whom that information is shared. It is never too soon to start on this work, and keeping that information up-to-date can be a life saver if a breach arises.
  • Digging in—investigating an incident : This is where the work of the two goals, containment and determining notification obligations, can come into the most conflict. Obviously you will need to contain and control the incident. You will want to take steps like investigating the nature of the incident and getting the right team–with the right background—on hand. But you will also want to know some very specific facts for the lawyers who are determining whether notification is necessary. This includes understanding if there was a compromise to the information and if the information itself triggered breach notice laws (social security numbers, medical information, usernames and passwords, etc.).
  • Notification : If you determine that notification is necessary, containment should not leave the scene. Will your notice impact any ongoing investigations? Will you tip off a bad actor? These are things that should be taken into account as you draft your notifications, and as you potentially work with law enforcement pursuing said bad actors.
  • Post -notification: Once your notice goes out, you are not finished. The containment team will want to look at what lessons can be learned for next time—if there is a next time. The legal side of the house will be thinking about potential post-notice inquiries, whether they come from regulators, the press, or impacted individuals.

Regardless of whether your incident involves an aggressive bad actor bent on destroying your company or gives rise to a duty to notify, your team should ensure that it is taking appropriate steps to both contain and assess legal risks. The tips above are aimed at helping you get there.

Liisa Thomas, Esq.
Partner at Winston& Strawn LLP

Liisa will speak more on data breaches at the ISACA’s CSX 2015 cyber security conference in Washington, DC, 19-21 October 2015.

Note: This post is the third in a series of Cybersecurity Awareness Month blog posts. To learn more on the cyber security resources ISACA is offering this month, click here.

[ISACA Now Blog]

Posted on

Your Not-So-Typical Cybersecurity Awareness Tips

“We tend to focus on the shiny technology when, in fact, actually, humans are the weak link in cybersecurity.”
— Michael Daniel, cybersecurity coordinator, Executive Office of the President

As a nation, the US will be recognizing cybersecurity awareness throughout the month of October. The Department of Homeland Security and likely every vendor that sells cybersecurity products or services will be sounding the ‘awareness alarm’, offering tips and tricks for users in an effort to promote safer online practices and better cyber hygiene.

But for those of us in the cybersecurity profession, awareness should not stop at educating users. As leaders in our field, the term must invoke a determination to address a workforce in crisis.

No one can truly understand what we are facing as a profession unless they are actually in the profession. Security managers are struggling to find qualified staff to run the security operations center; system administrators are bustling to keep pace with patching demands; incident responders are trying to catch a breath in between back-to-back breach timelines.

In recent years, it has been said that we are suffering from a ‘human capital crisis,’ a term recognized by both lawmakers and leaders in the public and private sectors. The very core of this crisis is characterized by a widening gap between supply and demand for workers. The(ISC)2 2015 Global Information Security Workforce Study (GISWS) forecasts that this workforce gap will only continue to widen and will reach 1.5 million professionals worldwide by 2020 due to the insufficient pool of qualified candidates.

Among U.S. federal government GISWS survey respondents, 60% said that they do not have enough personnel to meet the demands of their mission, and that this is one of the key factors working against them. While both public and private sectors have dedicated significant resources to programs in an effort to fix this problem, we have found no silver bullets. As it goes, practitioners in this field are working in an environment with the odds stacked against them – and with very little relief in sight.

During the month of October, I would like to challenge those in our field to promote a different type of awareness. My challenge is for us to pull together and inspire whomever we come in contact with to consider a career in cybersecurity.

The impact of growing the cybersecurity workforce with trained and skilled personnel will be far reaching, and will ultimately benefit the users at the central focus of this month’sNational Cyber Security Awareness Month activities.

How can we promote such awareness? I, for one, intend to promote careers in cybersecurity whenever I get the chance to address students and their parents such as later this month when speaking to MITRE employees as part of (ISC)2 Foundation’s Safe and Secure Online program. Here are some suggestions for my cybersecurity colleagues and others as you go about your day-to-day activities during the month of October:

  • Look for opportunities to speak with children about cybersecurity. Check out your neighborhood school’s calendar of events to identify career days and rally your colleagues to get involved.
  • Educate yourself on the many scholarship opportunities for those seeking careers in this field and encourage students entering college to apply.
  • Know a veteran who is transitioning to civilian life? Provide him/her with information about the many programs that assist with cybersecurity career training and support.
  • Your friends who are either unhappy in their current role or temporarily out of a job might see cybersecurity as a chance to transition onto a rewarding career path. Not sure how to get them started? Find an (ISC)2 member or contact us directly.
  • Are you a member of (ISC)²? If so, you can volunteer to teach parents, children, teachers and seniors about online safety through the (ISC)2 Foundation’s Safe and Secure Online program, which also offers an opportunity to pique student interest in a cybersecurity career at a young age.
  • Feed a student’s interest in cybersecurity by guiding them to one of the many cyber camps, challenges and competitions within our community.

Certainly, the goal of cybersecurity awareness is to inspire users to maintain a daily regimen of sound cyber practices. Let’s not stop at ‘shiny technology’. Instead, let’s get the message out that fortifying the workforce is essential in establishing and maintaining a safe and secure cyber world.

Dan Waddell, CISSP, CAP, PMP, (ISC)2 managing director, North America Region and director of U.S. Government Affairs, was lead author of this peer-reviewed post.

[InfoSecurity Magazine]

Posted on

The Channel Scoop – October 16

Welcome to the Channel Scoop, a new weekly blog highlighting the key items you need to know to maximize your channel partnership with Palo Alto Networks.  We’ll be publishing a new blog every Friday moving forward. For now, just sit back, relax and let us give you the channel scoop.

  • Next week is Breach Prevention Week (Oct. 19-23). The lineup of speakers is impressive and the topics are relevant. The best part? You don’t have to travel anywhere to participate. This webinar series is unrivaled in the industry, and our kickoff webcast (Oct. 19) will feature Palo Alto Networks CEO Mark McLaughlin. Click here to see the full lineup of webinars and to register.
  • Looking for a way to strengthen your trusted security advisor status with your customers? The new Lifecycle Security Review is your answer. Rebuilt from the ground up, the Security Lifecycle Review allows you to show your customers what applications, SaaS-based applications, URL traffic, content types, and known and unknown threats are currently traversing their network, and specifically highlight where potential risks exist. And the best part, you can now customize the Review with your company logo and information. Click hereto login to the Partner Portal and learn more about the Security Lifecycle Review.
  • It’s back! The Customer Care Upgrade Program was a successful incentive program we ran roughly a year ago to help fuel the conversion of our customer install base. The program provides customers with financial incentives in the form of hardware discounts and subscription/support credits to move from a PA-4000 Series to a PA-5000 Series or from a PA-2000 Series to a PA-3000 Series. The program will run until March 31, 2016. Click hereto learn more and to access all the necessary materials from our Partner Portal.
  • Did you miss it? In Q1 we hosted our first NextWave Huddle, a global partner, quarterly webcast. This webcast is part of Ron Myers’ FY16 commitment to deliver more clear and consistent communications to you, our partners. Click here to listen to the replay.
  • On Sept. 15, Palo Alto Networks extended its proven history of safely enabling applications to SaaS applications with the launch of Aperture, a new security-as-a-service offering to help organizations safely enable and strengthen security for sanctioned SaaS applications, such as Box, Dropbox, Google Drive, and Salesforce. Click here to learn more about Aperture.

What topics would you like the scoop on next? Let us know by commenting on this post.

Finally, make sure you are following us on Twitter @NextWavePartner for real-time channel news and information.

[Palo Alto Networks Blog]

Posted on

Connecting the Dots in Cyber Threat Campaigns, Part 1: Domain Name WHOIS Information

There tends to be some mystery around how to properly analyze infrastructure used in cyber attacks. It is a bit of an art, often involving educated guesses to tie components together. However it is important to note the use of the term “educated guesses,” as they’re bound by solid data. An educated guess is defined as “a guess based on knowledge and experience and therefore likely to be correct.” Intelligence analysis is akin to taking a bunch of puzzle pieces and figuring out where each belongs. The pieces of different puzzles are often jumbled together, so part of the analysis is determining which piece belongs to which puzzle and then where in that puzzle. From there an analyst has to establish what the whole puzzle most likely looks like, as analysts never have all of the pieces for any given puzzle.

If it sounds difficult, it often is. These missing pieces are often the most challenging part for threat analysts, but thorough research, analysis, and experience can often fill in the gaps. This series of blogs is intended to explain how analysts tie together attacker infrastructure. We’ll start with what is often the first step – domain name WHOIS information.

One of the easiest correlations to make can be the information used to register a domain. Each name in the domain name system is registered with the entity responsible for maintaining the registry for a particular top-level domain (TLD). The rules for what information is required and the level of validation of that information varies from TLD to TLD, but it typically contains at least the registrant’s name, e-mail address and other contact data.  The WHOIS protocol allows individuals to look up this registration data for a given domain. WHOIS data is also available through various websites, but the WHOIS protocol should provide the most recent information available.

When an attacker wants to set up a domain for his or her command and control server, they normally need to supply some identifying information to their registrar. Some actors re-use all or some of this information across multiple domains when they register them. When a domain passes from one owner to the next (either due to a sale or due to a lapse in registration) the WHOIS system is updated with new information about the domain.

When inspecting WHOIS information, analysts must be sure to check all of the historical WHOIS information, paying particular attention to when it was used maliciously. The WHOIS protocol only allows for requesting the current registration information for a domain, but historical WHOIS information is available from companies like DomainTools.

It’s important to know that the registrant information does not have to be legitimate. Registrants are free to forge much of the information included – it isn’t uncommon for the only legitimate component to be the email address, as that’s required so the actor can control the domain.

The reason analysts must correlate WHOIS information and time of malicious domain use is that the information can change for a number of reasons. Malicious domains can be revoked from the registrant after complaints are filed with the registrar or expire and be re-registered by someone else. Some campaigns will use a registrant service and purchase the domains after someone else has registered them, updating the registrant information prior to use. Some campaigns also utilize registrant services where the WHOIS information does not reflect the end user (Domain Privacy), in which case the WHOIS data is less useful to an analyst. We will discuss in future blogs other data points analysts can explore to get around this limitation.

Below is an example of WHOIS information.

Registrant Name: Bad Guy
Registrant Organization:  We Hack Stuff
Registrant Street: 1 Bad Guy Way
Registrant City: St. Arkham
Registrant State/Province:
Registrant Postal Code: 66386
Registrant Country: DE
Registrant Phone: +86.68949396951
Registrant Phone Ext.:
Registrant Fax: +86.68949396851
Registrant Fax Ext.:
Registrant Email: badguy@bad.net

An analyst can and should search on each component in this listing:

  • Does the person’s name appear real? The company? The physical address? The email address?
  • Did searching on any of them return interesting hits?
  • Did those validate this as legitimate information or invalidate it? How so?
  • Does it look like the same information was used to register other domains? How many?
  • Does searching on the new domains return any hits on other malicious activity (whether open source or within databases with limited access)?
  • Does it appear to be related to the original activity?

By answering these, an analyst starts to piece together the puzzle. In some cases this allows analysts to spider out from the first figure below, to the second.

Figure 1. Where the analyst started.

Figure 2. New data the analyst was able to uncover.

Another overlap in the images is the theme and domain name re-use. It’s rather common for malicious actors to have themes within the domains they use. The themes can vary, but the use can aid analysts into identifying additional malicious infrastructure, as that is another pattern they can trace.

There is a caveat to researching these data points– this is usually more effective for APT campaigns than crimeware or other high volume malicious activity. APT campaign infrastructure tends to include a lot of human interaction, and humans are creatures of habit. Crimeware and other very large malicious campaigns will often use tools to randomly auto-generate malicious domains that are only used for very brief periods, creating such a high volume with rapid turnover it’s often not worth analyzing using the methods just described. However, some researchers at Palo Alto Networks have published research on automated methods they’ve found can often predict those domains at rate where blocking them is useful.

I hope this blog has helped explain how analysts research and connect malicious domains via WHOIS registrant information.  In Part 2 we’ll explore using passive DNS resolution to analyze all the IP addresses to which malicious domains resolved to try to identify new domains.

[Palo Alto Networks Blog]

English
English
Exit mobile version