businessman walking on a spiderweb

Find the Hack Before the Breach

/0 Comments/in /by

Deception technology may be able to help your organization identify and mitigate external and internal threats computer security threats faster finding compromised computers fast enough to prevent breaches of critical information. With new approaches, commercial deception products emulate existing workstation and server operating system images, log files, activity, and accounts providing a set of realistic targets for the malicious individual to look at. When the malicious individual attempts any interaction with a deception host your Security Operations Center (SOC) gets a very high confidence level zero false positive alert–a bad actor in the network requires immediate action now. This kind of alert is hugely valuable to SOC staff members sifting through sometimes terabytes of log data daily.

In a recent survey of 583 U.S companies conducted by Ponemon Research on behalf of Juniper Networks, 90% of the respondents said their organizations’ computers had been breached at least once by hackers over the past 12 months. Nearly 60% reported two or more breaches over the past year. More than 50% said they had little confidence of being able to stave off further attacks over the next 12 months.

—ComputerWorld

flashlight in the dark

We all face compromises and for cyber resilience, reacting to these compromises is crucial to avoid operational impacts and expensive breach responses.

How can deception technology help us? For the non-technical, attackers will typically compromise a workstation and then start looking around, conducting reconnaissance in the cyber kill chain, with tools like ping, nmap, and others. In effect, they are turning on a flashlight in a dark room. With deception technology in your network, this flashlight beam of packets immediately sets off alarms–a compromised computer inside the enterprise network. Nobody should be shining a flashlight, beam of packets, into a room in your home where that room does not actually exist. Deception tools are configured to ignore known sources of these packets like network management hosts and troubleshooting workstations. A scan or login attempt to a host that does not exist can immediately identify both external compromises and internal malicious activity. It could be a malicious insider looking for sensitive information in other departments–something you need to know about but may be blind to without instrumentation. Deception technology is something most large organizations should consider to improve visibility and speed incident response. High confidence emergency alerts significantly improve SOC effectiveness preventing a highly likely workstation compromise from escalating to a breach of sensitive information on critical servers.

If you would like more information, contact LP3. We will be glad to help you make an informed decision on deception technologies in your environment.

Scott Lawler is CEO of LP3 and provides enterprise cyber security architecture advice to government and commercial clients.

Virtual Hardening

/0 Comments/in /by

If you are concerned about how to make your website more secure, but you’re not a web developer, this overview will give you the basics of virtual hardening.

The idea behind hardening a website is pretty simple: adding multiple layers of protection to reduce the potential of an attack. Traditionally, this involves a web developer manually handwriting code. But with virtual hardening you can use security plugins to strengthen your website using a Web Application Firewall (WAF).

Hardening is part of an overall strategy to prevent your website and data from being compromised. The two ways of hardening a site are:

  • depth of defense – adding multiple layers of defense to prevent vulnerability exploitation
  • breadth of defense – accounting for all potential attack vectors and security domains

In order to effectively protect a website requires protection of four key components:

  • platform
  • web server
  • database
  • operating system

Content Management System (CMS)

Every website is unique and virtually hardening yours depends on its specific platform. One common difference between websites is the Content Management System (CMS). There are many CMS platforms: WordPress, Drupal, Joomla, Sharepoint, etc. If your website is based on WordPress, there are several simple virtual hardening tips, like:

  • restricting admin access to a few IP addresses
  • disable code from being injected into uploaded pictures
  • enabling an “I am not a robot” checkbox to authenticate forms

Most virtual hardening tips for WordPress are reasonably easy to apply. But in some cases, a website may have dynamic IP addresses or a site owner may not have the technical ability to configure plugins. In such cases it’s best to reach out to experts to assess the level of security risk at your business, organization or enterprise – LP3 offers a free Security Risk Assessment.

Web Servers

Adding security to your server is a big challenge and depends on which server you are running. Common server environments are:

  • Apache
  • NGINX
  • Windows IIS
  • Node.js
  • Lighttpd

Some common tips for server hardening are:

  • keep your CMS and all plugins updated
  • remove unnecessary/unused plugins
  • install security patches for your CMS and plugins
  • monitor your websites log activity
  • have long, unique, complex passwords
  • install a security plugin (WAF)

Web Application Firewall

Not everyone is a tech wiz with the skills and time to maintain a secure website. That’s where a Web Application Firewall comes in. Securi and Wordfence are two popular WordPress WAFs.

Once you select, activate and configure a WAF for your website, you won’t need to worry so much about securing your website — you can focus on your business.