Skip to main content

The Problem with Patching is it’s not a Panacea

Remember when it seemed like everyone held his or her breath every Microsoft Patch Tuesday wondering how bad it would be? Unless it’s a pervasive security flaw such as the BASH shell vulnerability (a command line program for UNIX systems/ run on 80 percent of the servers online), which led to the Shellshock attacks, patching isn’t the hair-on-fire exercise it once was. As many companies rushed to address the BASH vulnerability, they found that the[…]

Read more

Topics: CUSTOMERS, LIFE AT EXABEAM, SECURITY

Cyber Insurance, User Behavior Intelligence and Lower Costs

Buying Cyber Insurance We’ve all read articles about companies that had a lot of costs associated with a data breach but in the same paragraph we see that the company had data breach insurance that offset some portion of the cost. Risk is bad for business. When it comes to risk, business take two approaches—mitigate and transfer. Buying insurance is risk transfer to an insurance company. Actuary tables have been around since the 1700s. Data[…]

Read more

Topics: Compliance, CUSTOMERS, LIFE AT EXABEAM

The Case of the Missing Laptop

Missing (or stolen) laptops are a big deal, but, they are an even bigger deal in the heathcare vertical. The HIPAA/HITECH act essentially updated HIPAA in 2009 to take into consideration electronic health records (EHR) data as the industry continues to move from paper to electronic recordkeeping. The HITECH Act now imposes data breach notification requirements for unauthorized uses and disclosures of “unsecured PHI.” These notification requirements are similar to many state data breach laws[…]

Read more

Topics: CUSTOMERS, LIFE AT EXABEAM, SECURITY

Cybersecurity Lessons can be Learned from Credit Fraud Paradigm

“Hi, there. We’ve noticed some suspicious activity on your credit card. Did you purchase four plane tickets from Rio de Janeiro to Paris?” “No, of course not. I live outside of San Francisco.” This is a typical credit card fraud inquiry, performed thousands of times per day throughout the United States. When a credit card provider sees an anomalous charge (based on learned behavioral clues) to an account, a representative will reach out to the[…]

Read more

Topics: LIFE AT EXABEAM, SECURITY

Why it is Taking the State Department So Long to Root Out Hackers

Danny Yadron’s article discussing the amount of time it is taking to get attackers out of the unclassified network at the U.S. State Department is a reminder to all of us how hard this really is. We’ve heard the story before: an employee clicked on a phishing email, malware was downloaded and then it used the credentials and privileges of the initial user to start the process of moving inside the network finding additional privileged[…]

Read more

Topics: LIFE AT EXABEAM, SECURITY

The Five Stages of User Behavior Intelligence Acceptance

We’ve been working with our customers for a while now and we’ve had a chance to see the reactions of security teams that drive security investigations with user behavior intelligence. Exabeam, a user behavior intelligence solution applies dynamic behavior modeling to find credentials that are exhibiting anomalous behaviors. It takes very little time for the security team to start using it as a way to find misconfigurations, policy violations, miscommunication between IT Ops and security[…]

Read more

Topics: CUSTOMERS, LIFE AT EXABEAM, SECURITY

The Difficulties of Threatspotting [INFOGRAPHIC]

According to the Verizon 2014 Data Breach Investigative Report, 76 percent of data breaches involved the use of stolen credentials. If breaches where hackers entering a network using valid credentials have become such a common occurrence, why aren’t security teams doing more to improve their threatspotting capabilities? Without the use of behavior analytics to monitor the actions and movements of valid credentials in a network, a hacker can easily move undected – even in places[…]

Read more

Topics: SECURITY

Continuous Diagnostics and Mitigation (CDM): What Civilian Agencies Need to Know

Two years ago, the Department of Homeland Security (DHS) rolled out a $6 billion program designed to establish continuous diagnostics and mitigation (CDM) for more than 100 civilian agencies. It’s a major cybersecurity effort that began with asset management and will grow to include the management of accounts, event and the security life cycle by 2017. At the start of the program, DHS set up a process for agencies to assess their security profiles before[…]

Read more

Topics: CUSTOMERS, SECURITY

Living in the Attack Chain Gaps

A common theme across multiple versions of the so-called “attack chain,” from Lockheed Martin’s kill-chain to Mandiant’s attack chain and others, is that they all show, with a few differences, the steps an attacker takes to achieve their objective: breaching a network undetected to steal valuable data. The most effective way for attackers to do this is by using stolen valid user credentials to slip past initial point-of-intrusion detection devices. The attack chain example that accompanies[…]

Read more

Topics: CUSTOMERS, LIFE AT EXABEAM, SECURITY

Head in the Sands: One Year After the Sands Casino Data Breach

On February 10, 2014, Sands Casino properties, which owns the Venetian and Palazzo in Las Vegas, among many other global properties, fell victim to a devastating Iranian hacktivist attack. According to reports, hackers used a basic malware script along with stolen user credentials to corrupt thousands of servers, rendering hard drives unreadable. One year later, similar attacks continue to happen, and it appears we’ve learned nothing from the Sands Casino breach and others like it. What[…]

Read more

Topics: LIFE AT EXABEAM, SECURITY
2017