Skip to main content

The Difficulties of Threatspotting [INFOGRAPHIC]

According to the Verizon 2014 Data Breach Investigative Report, 76 percent of data breaches involved the use of stolen credentials. If breaches where hackers entering a network using valid credentials have become such a common occurrence, why aren’t security teams doing more to improve their threatspotting capabilities? Without the use of behavior analytics to monitor the actions and movements of valid credentials in a network, a hacker can easily move undected – even in places[…]

Read more

Topics: SECURITY

Continuous Diagnostics and Mitigation (CDM): What Civilian Agencies Need to Know

Two years ago, the Department of Homeland Security (DHS) rolled out a $6 billion program designed to establish continuous diagnostics and mitigation (CDM) for more than 100 civilian agencies. It’s a major cybersecurity effort that began with asset management and will grow to include the management of accounts, event and the security life cycle by 2017. At the start of the program, DHS set up a process for agencies to assess their security profiles before[…]

Read more

Topics: CUSTOMERS, SECURITY

Living in the Attack Chain Gaps

A common theme across multiple versions of the so-called “attack chain,” from Lockheed Martin’s kill-chain to Mandiant’s attack chain and others, is that they all show, with a few differences, the steps an attacker takes to achieve their objective: breaching a network undetected to steal valuable data. The most effective way for attackers to do this is by using stolen valid user credentials to slip past initial point-of-intrusion detection devices. The attack chain example that accompanies[…]

Read more

Topics: CUSTOMERS, LIFE AT EXABEAM, SECURITY

Head in the Sands: One Year After the Sands Casino Data Breach

On February 10, 2014, Sands Casino properties, which owns the Venetian and Palazzo in Las Vegas, among many other global properties, fell victim to a devastating Iranian hacktivist attack. According to reports, hackers used a basic malware script along with stolen user credentials to corrupt thousands of servers, rendering hard drives unreadable. One year later, similar attacks continue to happen, and it appears we’ve learned nothing from the Sands Casino breach and others like it. What[…]

Read more

Topics: LIFE AT EXABEAM, SECURITY

Why Your SIEM Doesn’t Work

This is why your security information and event management (SIEM) doesn’t work: No, it’s not Gartner’s Magic Quadrant. It has to do with a highly disproportional ratio between benign and malicious events that are collected and processed. Every event that is generated by SIEM systems in an IT environment can indicate either a benign or a malicious activity. This creates four possibility: True positives (TP): Truly malicious events that the SIEM identified as malicious. False negatives (FN): Truly[…]

Read more

Topics: LIFE AT EXABEAM, SECURITY

Exabeam: Get User Behavior Intelligence in 2015

EXABEAM IS AVAILABLE! For every company, the first general availability (GA) release – Exabeam version 1.6 in our case – is a major milestone. The software is enterprise-ready, scales to monitor over 150,000 users with a single appliance, and it just plain works out-of-the-box. Exabeam enables organizations to realize the promise of their existing security information and event management (SIEM) deployments by applying user behavior intelligence to identify the attacker who evades detection from initial point-of-compromise[…]

Read more

Topics: CUSTOMERS, SECURITY, TIPS AND TRICKS

User Behavior Intelligence Drives New Security Processes

There are six key technologies that have defined our security process for the last 25 years. Some of these technologies aren’t as effective as they once were. Following a record year for data breaches, is it time to question our security processes? The answer, of course, is yes. When something is broken, you fix it. But first, a brief history lesson: In 1986, the first intrusion detection system was invented. In 1987, John McAfee released[…]

Read more

Topics: LIFE AT EXABEAM, SECURITY

Data Breaches: No vertical left behind [INFOGRAPHIC]

Every business vertical and all levels of government experienced data breaches in 2014, and the outlook for 2015 isn’t encouraging. In our latest infographic, we break down 2014’s data breaches by sector and size. In the retail space, attack activity is expected to accelerate even as credit card companies roll out pin and chip technologies mandated for use in 2016. According to the 2015 “Experian Data Breach Forecast”, “Adoption requirements for EMV ’Chip and PIN‘[…]

Read more

Topics: SECURITY

The Importance of User Behavior Intelligence [WHITE PAPER]

Writing a white paper means the company has a strong grasp of a pervasive problem. In this case, it addresses finding cyberattackers using stolen credentials to access private data. According to the Ponemon Institute, it costs companies an average of $201 per record lost in a data breach. In 2014, the total number of records compromised was larger than the US population, meaning the cost to businesses would be more than half a billion dollars. And this[…]

Read more

Topics: LIFE AT EXABEAM, SECURITY

Anthem's 80 million record data breach: interesting insights...

Our first large scale data breach of 2015 and its cause, according to Anthem President and CEO Joseph Swedish, is, “These attackers gained unauthorized access to Anthem’s IT systems…”. Just as with all of the largest data breaches that happened in 2014, this one involved some form of unauthorized access, whether it was through direct access or remotely controlled malware. This breach continues a three-year trend. Breaches in the medical/healthcare industry topped the ITRC 2014 Breach List, comprising 42.5 percent.[…]

Read more

Topics: LIFE AT EXABEAM, SECURITY
2017