In this lecture, we'll "dissect" a most often types of social engineering attacks. We'll try to explain why are SE attacks so powerful, what are the mechanisms behind it (technical and psychological) and finally, what can we do prevent them within our organization.
Arcserve UDP vs. Ransomware
Ransomware is a growing threat to your business, and the consequences of an attack could be devastating—from data loss and downtime to lost revenue and damage to your reputation. Worse, should you pay the ransom, there’s no guarantee that you’ll get your data back. In fact, in about half of all reported cases, businesses didn’t. In 2016, cyber criminals extorted an astounding $1B from businesses, up from $27M in 2015, according to the FBI. And, experts suggest the scale of ransomware attacks are on the increase. Network security won’t fully protect against ransomware. To truly safeguard your vital business systems and applications, you must adopt a three-pronged ransomware protection strategy. And, the new Arcserve can help. You can’t prevent every ransomware attack, but you can render attackers powerless with a robust backup and recovery solution. Arcserve can provide the best practices and technical insight you need to assure ransomware recovery: Ensure backup redundancy onsite, offsite, offline, and to the cloud. Test and validate backups.
Fortinet Security Fabric
To address the security challenges brought on by the digital economy and evolving enterprise network, and to deliver on the promise of Security without Compromise, the Fortinet Security Fabric provides a new visionary approach to security, that enables organizations to deliver broad, powerful and automated security. The Fortinet Security Fabric is designed to dynamically adapt to the evolving IT Infrastructure in order to defend its rapidly changing attack surface. It intelligently and transparently segments the network, from IoT to the Cloud, to provide advanced protection against sophisticated threats. Each security element in the fabric is also aware of each other, allowing the elements to share policy, threat intelligence, and application flow information.
This collaborative approach provides a much faster time to detect threats with the ability to initiate and synchronize a coordinated response, no matter what part of the network is being compromised. In addition, a growing number of Fortinet technology partners are actively becoming an integral part of this distributed security framework.
Halcom Antifraud: Protect Your Clients And Reputation
Last year several frauds happened, using e-banking solutions. This situation creates lack of trust of e-bank users and big reputational risk for the banks.
In order to protect end users, banks and our system, Halcom has created Hal E-Bank/AntiFraud solution, intended to recognize and stop suspicious transactions. Based on transaction history and set of rules (banks can define rules), system is analyzing transactions sent by end users. In case of suspicious transactions, banks are notified immediately, and they have enough time to react properly.
Hal E-Bank/AntiFraud successfully works in Slovenia and Bosnia and Herzegovina, in Serbia system is active since October 2016, in few banks.
In the Security System of the Companies, the Keys Are Obsolete Thing?
In the past few years, we have noticed that the great number of companies are using a great amount of keys, which are poorly organized. This is a great way to lose trace of a key or even a key. You aren’t able to figure out who tuck a key, who put it back and what time was key used.
As we know, the human factor still present the weakest link in security system. That is because employees have a need to reduce their own responsibility. Issuing keys to staff sometimes can be very complicated and stressful procedure, because of unprofessional task approach. Specific situations that happen when you don't know who is in charge for something are the kind of situations that our clients have faced and who had unpleasant experience with it. They were in situations that the money and very important documentation had disappeared and there were the situations with frequent replacement of cylinders and keys.
Systems for key management could significantly reduce the risk, because of the information about key usage of every important areas is available when the employee takes the key. Of course, person who is in charge of assignment of usage of keys has to give permission for key or room usage and timetable of the usage.
Intercept X - Next-Generation Anti-Exploit, Anti-Ransomware, And Root Cause Analysis
Build Your Next-Gen Endpoint Protection The days of straightforward file scanning are long gone. Your goal is now to prevent threats from reaching your devices, stop them before they run, detect them if they have bypassed preventative methods, and not just clean up malware, but analyze and undo everything it does to your endpoints. Sophos Intercept X uses multiple layers of technology, allowing you to create your own tailored next- generation endpoint security solution.
Protect Vulnerable Software Anti-exploit technology stops threats before they become an issue by recognizing and blocking common malware delivery techniques, thus protecting your endpoints from unknown threats and zero-day vulnerabilities.
Effective Ransomware Detection CryptoGuard technology detects spontaneous malicious data encryption to stop ransomware in its tracks. Even if trusted files or processes are abused or hijacked, CryptoGuard will stop and revert them without any interaction from users or IT support personnel. CryptoGuard works silently at the file system level, keeping track of remote computers and local processes that attempt to modify your documents and other files.
Root Cause Analysis Identifying malware and isolating and removing it solves the immediate problem. But do you really know what the malware did before it was removed, or how it was introduced in the first place? Root cause analysis shows you all the events that led up to a detection. You’ll be able to understand what files, processes, and registry keys were touched by the malware and activate your advanced system clean to rewind time.
Add Next-Gen Protection to Your Traditional Security Sophos Intercept X compliments existing anti-malware and antivirus implementations delivering powerful next-gen anti-exploit and anti-ransomware protection traditional products lack. By eliminating the attack vectors which traditional solutions don’t block, Sophos Intercept X helps to harden your security posture and increase resilience.
IoT apocalypse is here! - Live Demo
Gartner says, that there will be more several billions of IoT devices connected to Internet in couple of next years. Should we worry about that kind of future or should we welcome this technology and stay calm?
As we have seen last year, current number of IoT devices is already sufficient to play big role in different DDoS attacks. So the main question is if apocalypse is already here or we need to wait for some time now. Some say that world of Internet of things has already turned to Internet of shit, because we have connected to it already some devices, that shouldn’t be connected to the Internet ever!
During presentation some live cases will be shown and some questions will be raised about some other potential abuses and violation of our privacy.
Operational Challenges and Solutions on the Path of New Legal Compliance, When It Comes to ICT Physical Security Systems
In this lecture attendees will learn about the real operational challenges that the new legislative since the January 2017 brought upon the market of the physical security systems. What are the prerequisites for a bank, telco, retailer, or an industry facility to get their video surveillance, alarm panels, access control “legalized” in order to obtain the legal compliance in accordance with the new and active legislation. Find out how technology behind the physical security system solution can help you get the legal compliance job done cost efficiently, and moreover, how you can setup the IT/Security infrastructure in a way that is sustainable, open for integrations and future proof.
In recently awaken World where malware is using for instance, the processor power of IP cameras to use hundreds of them to execute a DDoS cyberattacks, attendees will learn insights from the video surveillance industry, where the possible threats are, and what is the mission-critical technology behind the brand that empowers safety and security of the systems in use. Lecture will also show in a case study scenario how to use Avigilon end-to- end solution in order to interconnect different systems and cut costs, and how to use the advanced video analytics algorithms for not only security and safety, but for business intelligence needs as well. Attendees will also have a chance to hear and inquire in person additionally about the most innovative analytics technology in the industry such as Appearance Search, Face Search, Vehicle Search,… Lecture will also show how to partner with Avigilon in order to get the legal compliance job efficiently done, and how to gain technology advantage, how to build solid base for future upgrades and how to secure increase of operational efficiency in business environments.
Secure Software Development Lifecycle
Secure Software Development Life-cycle (SDL) is a repeatable and measurable process designed to increase overall security of products regardless of industry, deployment models or usage. The combination of tools, processes, and awareness training introduced in all phases of the development life-cycle ensures good defence, and provides approach to safer products. Almost all top companies enrol their own SDL process which more or less include:
Product security planning and requirements (identify gaps, decide on features, manage backlog)
3rd party security (up to date, document and publish changes)
Secure design (threat model - data flow, trust boundaries, identify and mitigate threats)
Secure testing (integrated in CI, automated scans)
Vulnerability testing (by using well known suits)
The primary advantages of pursuing a SDL approach are:
More secure and trustworthy software
Awareness of security considerations by stakeholders
Early detection of flaws in the system
Cost reduction as a result of early detection and resolution of issues
Overall reduction of intrinsic business risks for the organization
Usually, all employees, contractors, consultants, temporary and other workers involved with product, system or solution development are required to follow SDL. Special role in the process have Program Manager, Engineering lead, Test lead, Product marketing manager and other Security leads, advocates or officers. Training and Education is also an important part of SDL. Security is a continuous process!
Virtual Space Challenge for States: Hollowing States or Another Conspiracy Theory
This article observes the consequences of privileged access to information technologies. In that context, we focus the problem of perception of virtual space. The starting premise is that normative and value order depends on States. We examine the practice in virtual space that functions outside of the legal regimes.
The question this article aims to expose concerns the dilemma about systemic sustainability of unlimited globalisation of information technologies. To highlight this, we analyse the duality that IT sector functions within market rules and legal systems, whereas the application of its products is open for unregulated interests. The analysis of the impact and consequences of such duality on the value system of the political communities show that the approach to reality provides possibilities for the misuse of information technologies on the collective level. The findings indicate a number of immanent risks for the achieved level of individual rights, and even a potential challenge for the national security, as a universal value.
The results provide bases for principal conclusions, that individual rights and national legal systems need protection on international level, but above all on national level through adequate information strategies.