threat management – Aegify https://www.aegify.com Comprehensive Security, Risk and Compliance Assurance Solution Tue, 21 Dec 2010 18:46:23 +0000 en-US hourly 1 https://wordpress.org/?v=6.4.3 Vulnerability Management: Secured IT, Assured Success https://www.aegify.com/vulnerability-management-secured-it-assured-success/ https://www.aegify.com/vulnerability-management-secured-it-assured-success/#respond Tue, 21 Dec 2010 18:46:23 +0000 http://www.egestalt.com/blog/?p=72 According to GartnerG2 (now Gartner Industry Advisory Services) a research unit of Gartner, 90% of cyber attacks leverage known security flaws and vulnerabilities, for which patches are already available. Gartner analysts also believe that several security attacks could have been avoided if organizations had focused more on vulnerability management efforts. Effective vulnerability management is therefore…

The post Vulnerability Management: Secured IT, Assured Success appeared first on Aegify.

]]>
According to GartnerG2 (now Gartner Industry Advisory Services) a research unit of Gartner, 90% of cyber attacks leverage known security flaws and vulnerabilities, for which patches are already available. Gartner analysts also believe that several security attacks could have been avoided if organizations had focused more on vulnerability management efforts.

Effective vulnerability management is therefore a perquisite for every business. But unfriendly economic conditions have compelled organizations to maintain a safe business environment, while also keeping costs low. This poses a major challenge since organizations today are spread across multiple geographic locations and time zones. In such a scenario vulnerability management can be a formidable task.

But with cloud-based security solutions offered by advanced GRC software, IT security compliance has assumed a new dimension. These solutions help streamline and automate vulnerability management processes and help patch security flaws.

Here are some other significant benefits of using a comprehensive security and vulnerability management solution:

Offers Complete Visibility- Vulnerability management solutions help in understanding the security posture of an organization, through comprehensive vulnerability assessment. This in turn helps in formulating security policies for IT Compliance with regulatory standards.

Ensures Compliance- Compliance audits are carried out at regular intervals to assess the actual degree of compliance in the organization. This helps in effective compliance management software by enforcing compliance best practices and ensuring fully compliant processes and procedures.

Facilitates Risk Management- By proactively detecting vulnerable areas within the network, and identifying exposure to potential threats, these software solutions help in effective risk management.

Offers Holistic View & Prompt Reporting- Vulnerability management solutions help gain complete control over risks and vulnerabilities by offering total visibility through a centralized view. Their advanced reporting capabilities enable organizations to take prompt corrective and preventive action before security gaps are exploited.

Improves Productivity & Lowers Cost- Since these security solutions are completely automated, they allow IT departments to focus on more critical tasks, thereby enhancing productivity. And they also help reduce administrative costs and management overhead, as a single efficient software solution, can effectively replace multiple disparate applications.

Managing a diverse network environment can be quite overwhelming. But a proactive, integrated, vulnerability assessment and management solution can dramatically simplify this by offering a complete GRC framework that can patch vulnerabilities, mitigate risks, and improve productivity.

The post Vulnerability Management: Secured IT, Assured Success appeared first on Aegify.

]]>
https://www.aegify.com/vulnerability-management-secured-it-assured-success/feed/ 0
7 Facilities in California Fined for Privacy Breaches https://www.aegify.com/7-facilities-in-california-fined-for-privacy-breaches/ https://www.aegify.com/7-facilities-in-california-fined-for-privacy-breaches/#comments Wed, 08 Dec 2010 03:49:27 +0000 http://www.egestalt.com/blog/?p=70 Privacy protection is a growing concern for organizations despite stringent laws governing data security. Medical institutions especially are experiencing challenges in safeguarding patient information. A number of data breaches have been reported in the HIPAA healthcare industry so far. And the most recent addition to this is six hospitals and a nursing home being fined…

The post 7 Facilities in California Fined for Privacy Breaches appeared first on Aegify.

]]>
Privacy protection is a growing concern for organizations despite stringent laws governing data security. Medical institutions especially are experiencing challenges in safeguarding patient information. A number of data breaches have been reported in the HIPAA healthcare industry so far. And the most recent addition to this is six hospitals and a nursing home being fined by the California Department of Public Health, for failing to prevent unauthorized access to patient data. The total fine amount adds up to $792,500.

Kern Medical Center in Bakersfield faced the largest civil penalty of $250,000 for losing 596 patient records, and an additional fine of $60,000 for allowing two employees to access and disclose a patient’s medical record on three occasions.

In a similar breach, Pacific Hospital in Long Beach was fined $225,000 after an employee admitted to memorizing personal information of nine patients, and setting up fake Verizon accounts using their information.

The state of California has the toughest privacy laws in the country with high penalties for data breaches. And Kaiser Permanente’s Bellflower Hospital was the first to be issued penalty under the state law enacted in 2008 for patient protection. The institution was fined $437,500 for failing to prevent unauthorized access to medical records of Nadya Suleman.

In all these incidents employees have been identified as the main cause for the breach. However, these institutions are also equally responsible for not being proactive in identifying and curbing insider threats. These incidents re-emphasize the need for an efficient security solution with effective threat management capabilities that can not only prevent such breaches in future, but also ensure a more secure data management process.

The post 7 Facilities in California Fined for Privacy Breaches appeared first on Aegify.

]]>
https://www.aegify.com/7-facilities-in-california-fined-for-privacy-breaches/feed/ 3
Best Practices for Threat management https://www.aegify.com/best-practices-for-threat-management/ https://www.aegify.com/best-practices-for-threat-management/#comments Mon, 22 Nov 2010 11:28:30 +0000 http://www.egestalt.com/blog/?p=65 ‘Cyber security threats’ is now the core topic of discussion amongst enterprises and will continue to be in the coming years. This is because security concerns have assumed unimaginable dimensions in the past years, posing a major challenge to the survival of businesses. Hence enterprises are now focusing more on curbing threats and making their…

The post Best Practices for Threat management appeared first on Aegify.

]]>
‘Cyber security threats’ is now the core topic of discussion amongst enterprises and will continue to be in the coming years. This is because security concerns have assumed unimaginable dimensions in the past years, posing a major challenge to the survival of businesses. Hence enterprises are now focusing more on curbing threats and making their business environment more secure and compliant.

Get cracking; threats are real!

Threats to systems and networks worldwide have been on the rise. For instance, the blaster worm in 2009 managed to shut down close to 120,000 systems in just 3 minutes, ensuring that networks across the world were affected. In another such attack, the Slammer worm infected nearly 55 million hosts per second in just 11 minutes. Susceptibilities in enterprise systems and the perpetrators of such actions are increasing globally, and IT organizations are more and more vulnerable to these attacks.

Be it internal or external, security threats can cause not just financial losses, but can also tarnish the image of an enterprise. Hence threat management has to take precedence over other activities. Enterprises should therefore follow best practices and invest in the best solutions to manage security threats effectively.

What are the best practices for effective threat management?

Managing threats is not an easy task, especially because enterprises today want their threat management efforts to coincide with compliance management as well. So an ideal threat management solution should essentially:

  • Crack multiple data-centric information security challenges
  • Decipher and detect in real-time advanced persistent and pervasive threats
  • Detect automatically for any kind of data leakages
  • Search for insider threats
  • Provide detailed malware analysis
  • Undertake continuous and automatic controls verification including e-discovery
  • Deliver a holistic solution for both security as well as for IT- Governance and Risk Compliance that can be easily monitored through an integrated dashboard
  • Provide an end-to-end automatic enterprise security solution that is all encompassing for compliance, audit and risk management needs.
  • Swiftly update software with latest information
  • Stay ahead of potential threats
  • Thwart threats at their source

A company’s network, its information systems, databases, and processes are essentially its backbone. Hence, they must be made secure from threats, both internal and external. Therefore, deploying the right threat management system can prevent data breach and safeguard the company’s networks, systems and assets.

The post Best Practices for Threat management appeared first on Aegify.

]]>
https://www.aegify.com/best-practices-for-threat-management/feed/ 2
Common Attack Techniques – In an Era of Industrialized Hacking https://www.aegify.com/common-attack-techniques-in-an-era-of-industrialized-hacking/ https://www.aegify.com/common-attack-techniques-in-an-era-of-industrialized-hacking/#respond Thu, 30 Sep 2010 08:55:10 +0000 http://www.egestalt.com/blog/?p=58 Gone are the days when hackers attacked perimeter defences. Today their objective is to take control of confidential data and the applications which process them. Hacking is now an operation involving global coordination, sophisticated techniques and persistent teamwork. And with clear roles and responsibilities being defined in the community, hacking is now a highly organized,…

The post Common Attack Techniques – In an Era of Industrialized Hacking appeared first on Aegify.

]]>
Gone are the days when hackers attacked perimeter defences. Today their objective is to take control of confidential data and the applications which process them. Hacking is now an operation involving global coordination, sophisticated techniques and persistent teamwork. And with clear roles and responsibilities being defined in the community, hacking is now a highly organized, lucrative industry- whether we like it or not!

Like in any other industry, division of labor and specialization, have taken shape making the hacking industry more structured than ever before. The 3 key players in the hacking community are:

-Researchers: Otherwise known as exploit developers, researchers are not actually involved in exploiting systems, but look for vulnerabilities in frameworks and applications.

-Farmers: These are people who write botnet software to infect systems, and also maintain and increase the presence of botnets in the cyberspace. They probe applications to extract valuable data, execute password attacks, disseminate spam, and distribute malware.

-Dealers: They distribute malicious payloads. They also rent botnets for repeated, persistent attacks or targeted one-time attacks to extract sensitive information.

The sophisticated nature of today’s cyber attacks is a definite product of ‘hacking industrialization’. And the use of advanced hacking techniques has also contributed to a focus shift from stealing personal information and credit card numbers to stealing application credentials, for which 3 attack techniques have been identified as commonly used:

SQL Injections: Data theft is most commonly administered through this technique. IBM reported around 250,000 SQL injection attacks on websites around the world, everyday, between January and June 2009.

Denial of Service: This is an attack which is usually executed by blackmailing application owners to pay a ransom to free their application from an invasion of unwanted traffic.

Business Logic Attacks: In this type of attack, hackers target vulnerabilities in business logic. Unlike attacks targeted at application codes, these attacks often remain undetected. These attacks are not usually apparent and are too diverse to be expressed in vulnerability scanner tests.

These highly advanced security attacks make it increasingly difficult for organizations to fight threats and remain protected. Today, no web application is out of reach of hackers. Attack campaigns are quite common, not only against applications but against any available target. Therefore data protection is a must, and effective vulnerability scanning tools along with application-level security solutions may be very helpful in effective threat management and overall security.

The post Common Attack Techniques – In an Era of Industrialized Hacking appeared first on Aegify.

]]>
https://www.aegify.com/common-attack-techniques-in-an-era-of-industrialized-hacking/feed/ 0