Cymbel

What is Trusteer Apex and How is it Different?

Trusteer Apex applies a new approach to stop zero day application exploits and data exfiltration. By analyzing the application state and understanding what the application is doing and why it’s doing it, Trusteer Apex can automatically and accurately determine if an application action is legitimate or malicious. Trusteer’s Stateful Application Control enables automated enterprise malware… [Continue Reading]

Practical Zero Trust Principles

Cymbel has adopted Forrester’s Zero Trust Model for Information Security. Zero Trust means there are no longer “trusted” networks, devices, or users. There is no such thing as 100% Prevention, if there ever was. In light of the changes we’ve seen during the last several years, this is the only approach that makes sense. There… [Continue Reading]

CloudFlare vs Incapsula vs ModSecurity

How much protection can a Web Application Firewall provide? Are all WAFs pretty much the same? Zero Science Lab performed a detailed comparative penetration testing analysis to answer these questions. They focused on the two leading cloud-based WAFs, CloudFlare and Incapsula, and ModSecurity, the open-source, software based WAF that is an Apache add-on. The results… [Continue Reading]

Modern Malware for Dummies

Modern malware has transformed into highly sophisticated network applications and has, in the process, changed the world of enterprise security and how networks are attacked. These threats are experts at remaining hidden from traditional security while exhibiting an intelligence, resiliency, and scale that has never before been seen in malware. “Modern Malware for Dummies,” by… [Continue Reading]

NetFlow Security Monitoring for Dummmies

Network flow analysis is a critical Detection Control in a Zero Trust based Defense-in-Depth Architecture. This book takes you through the basics of NetFlow analysis for information security purposes — what NetFlow is, how it works, and how you can enable it to yield actionable security intelligence. It also provides some detail on the specific security… [Continue Reading]

Defense-in-Depth Architecture focused on Applications, Users & Data

In response to the five forces of change, our approach to defense-in-depth has changed. Our solutions are focused on applications, users, and data. In addition, many of our solutions have embraced function consolidation or unification. For example, in network security, firewall and IPS functionality are unified in next-generation firewalls. Overall, the benefits include: Reduced IT… [Continue Reading]

defense in depth green old long 2012 03 06

Mitigating Modern Malware Risks Using a Zero Trust Model

Due to changes in technologies and the motives and methods of attackers, traditional Prevention, Detection, and Response controls no longer effectively mitigate the risks of confidential data compromises.

Thousands of applications bypass stateful inspection firewalls. Tech savvy users go through proxy servers undetected. Anti-virus products detect only a fraction of the malware used to compromise devices.

End users are baited using phishing and other social engineering techniques to click on links which take them to malware-laden web pages. You can be compromised by simply opening a malicious email! Corporate web applications are relentlessly attacked and compromised despite improvements in Secure Development Life Cycle.

This means you can no longer "trust" any network, device, or user. This is Zero Trust.

Cymbel has adapted to the Zero Trust Model with a set of practical principles to mitigate the risks of modern malware.

1. Balance budget across Prevention, Detection, Response
Prevention
2. Re-establish a network-based Positive Control Model
3. Establish a host-based Positive Control Model
4. Create a Logical Perimeter which includes remote and mobile workers
5. Safely enable allowed applications
6. Use a specialized anti-phishing email protection service
Detection
7. Use behavioral analysis to detect compromised systems and malicious insiders
8. Leverage a threat intelligence service
Response
9. Use log analysis to understand the events leading to a device compromise
10. Use Full Packet Capture to shorten incident analysis time
11. Use a distributed forensics control to scan thousands of hosts in hours

For more information see Cymbel's Zero Trust Principles and Cymbel's Solutions.

Bill Frank (Riskpundit) Twitter Feed

Think your #Skype messages get end-to-end encryption? Think again. #infosec #ars http://t.co/Y9vYXWNy6o about 18 hours ago
Two-factor authentication is a false sense of security, i.e. be aware of its limitations and risks. #infosec http://t.co/h44QzMLkJa about 3 days ago
NYTimes reports on new wave of #infosec attacks based on information provided by the Dept. of Homeland Security. http://t.co/M6ri0n4sGL about 8 days ago
Seed password files with dummy entries that will trigger an alarm when used. #insightful #Schneier #infosec http://t.co/mzn4b0u16T about 9 days ago
W3C published working draft for Encrypted Media Extensions - DRM in HTML5 - victory for the open Web. #infosec http://t.co/hTEd0iRYCE about 9 days ago
#Trusteer describes the lengths to which a cyber adversary will go to social engineer target users. #infosec http://t.co/9GcO8CRXkP about 20 days ago
#WordPress #Pingback Default Leaves Millions of Sites Exploitable for #DDoS Attacks. #Incapsula #infosec http://t.co/bl8wpTfJeq about 21 days ago
Why your password can’t have symbols—or be longer than 16 characters. Schwab's limit is 8!! #Infosec http://t.co/7JNieqg0r5 about 21 days ago
Were the 'Aurora' cyber attackers really running counter-intelligence? http://t.co/4NKJNtZAKa about 28 days ago
Businessman's view of #BitCoin - simple - useless due to excessive volatility. http://t.co/u1rvy0MDUx about 32 days ago