Empowering too many users with high-level Windows admin privileges can lead to severe security headaches

Passwords of shared accounts should also be changed anytime a member separates employment or changes job duties. Many companies are now requiring two-factor authentication (such as key fobs, smartcards, biometric) for admins. It's a good practice, although it can be expensive to enable for admins only.

I'm also a big fan of creating dedicated admin workstations for domain or enterprise admins. Elevated users should avoid logging onto regular workstations to troubleshoot problems, if possible. You never know what malware (such as a keystroke logger) may be present. One logon could compromise your network in a big way. Having dedicated admin workstations, which are kept superclean and used only for administrative tasks, is a good way to protect sensitive logon credentials. Some companies require that users RDP from "dirty workstations" to clean admin virtual images as a half-way step, but that still doesn't remove the threat of a local key logger.

If an elevated user has to log on to a nondedicated workstation or server, the admin should reboot the computer after completing their task (if at all possible), to remove the elevated credential from memory. If not, someone using pass-the-hash tools could obtain the hashes and re-use them to again elevate access.

I'm also an advocate of third-party software that helps companies manage elevated accounts. I often run into Cyber-Ark's privilege identity manager solutions. It's pretty cool stuff and perfect for managing elevated accounts. Admin accounts can be locked into a digital vault, then protected by granular policies that enforce rules and checkout procedures in order for an elevated account to be used. One of my favorite features is the one-time-use passwords, where the password is changed for each user and occasion. You can also easily enable auditing of who used what accounts when.


Read full article.

Your point security products provide an ocean of data distilled down by your SIEM to a list of alerts you hope are accurate. You trust the information but can you verify not just what happened but how it happened? How long has it been happening? Who’s involved? And how to respond?

NetWitness is the force multiplier for your Security Information and Event Management System.

The Challenge: Rapid Incident Verification and Response
In times of crisis you need to respond immediately with powerful analytics and situational awareness. Something’s wrong -- but where do you focus your response and investigatory efforts? How can you verify before taking action? Your current security countermeasures and technologies such as Intrusion Detection Systems (IDS), SIM or log aggregation systems are providing varying degrees of information ranging from highly useful alerts regarding unusual activity on your network, to notifications with very little information that your team may construe as false positives or big question marks.

Although signature based methodologies play an important role in incident response, they have limitations in exploit detection because they rely upon the discovery of a known pattern. Although network-based attacks are evident in the network traffic, much of it may evade the pattern and signature matching technology found in IDS and the statistical anomaly detection NBAD systems. Once inside your network, malicious code is free to evolve into program code that closely resembles normal applications that your organization uses such as DNS, SNMP, HTTP, or proprietary protocols used by Microsoft, Yahoo, and others. The end result is that your incident response team may be blind to a significant amount of malicious activity and information exfiltration.

Next Generation Monitoring
NetWitness NextGen plays a critical role in the incident response process:
~ NextGen definitively answers the uncertainty around what’s really happening on your network. When an incident response team member receives an alert about a problem on your network, he or she can quickly and easily use NetWitness Investigator Enterprise to go straight to the actual network traffic associated with the event occurred and investigate the content and context of the network and application level events, shortening time to resolution and providing certainty. What traffic triggered a signature? How did the target system respond and was it compromised? What other systems were implicated? What techniques were attempted in advance of the signature being triggered and what other systems were probed?

~ Beyond what your current security investments provide, NetWitness Informer is an automated reporting and alerting application specifically tuned to analyze network traffic for the kinds of hacker and malware-related problems to which IDS and other current network-based countermeasures are blind, such as low and slow attacks, beacon traffic, buffer overflow attacks, and many application-layer exploits based upon protocols such as IRC, DNS, P2P tunneling traffic and more.

~ NetWitness® Live is an online, 24x7 intelligence service that provides immediate access to multi-source threat-intelligence and reputational content for your NetWitness infrastructure. Organizations require the ability to determine real-time risk to electronic operations, intellectual property, and customer data flows. NetWitness Live enables automated fusion of live data from your existing NetWitness infrastructure with current threat intelligence feeds, giving you unmatched visibility into rapidly advancing risks, and strengthening your ability to identify and prioritize changes to your internal and external threat landscape.

With 10 years of patented, core technology developed for the most challenging security missions of the U.S. intelligence, defense, and law enforcement communities, NetWitness NextGen provides comprehensive network situational awareness for your incident response team.

NetWitness Decoder and Concentrator comprise the underpinnings of an enterprise infrastructure providing comprehensive visibility into content and context of all network activity. When combined with power of automated reporting and alerting in NetWitness Informer and the interactive network forensics and analytics in NetWitness Investigator Enterprise, your organization can acquire the Total Network Knowledge to advance the capabilities of your incident response team to the next level, shorten the time to problem discovery and resolution, and limit damage to your organization’s valuable information assets.



Months spent locating, identifying, and classifying confidential company data. Yet more time spent setting up an incident response framework. Countless hours spent dealing with complex compliance, HR, and Legal issues…and sensitive information is still leaving your network .

With NetWitness NextGen™ your confidential information CANNOT HIDE

Move into the Next Generation of Network Security Monitoring and Know Your Network Like Never Before.

The Challenge: Data Leakage and Content Monitoring
It seems that everywhere we turn, public and private organizations are “leaking” consumer data. Recent news headlines describe spectacular losses of consumer and citizen data in the retail, banking, education, government, pharmaceutical, and other key industry sectors. These losses have cost organizations hundreds of millions of dollars, significant embarrassment, and permanent reputational damage, not to mention the inconvenience and costs to your customers. Beyond what is known to the public, it also is likely that losses of sensitive and classified data never are disclosed in the press, but happen on an equally frequent basis.

Data leakage protection (DLP) and content management (CMF) vendors have been around for a while, but there are limitations to what they can do for you. According to Forrester, 85% of organizations using content filtering technologies do not implement the filtering component of the technology because of concerns with issues such as false positives, and fears that legitimate business traffic will be interrupted by overly complex or simplistic filters. Content review technologies embedded in these products have been hampered by the severely limited number of protocols parsed by these systems and by the flawed assumption that adversaries, whether internal or external, will use standard business communication methodologies such as Web, email and chat as the primary vehicle for leaking data out of your network. Bypassing these controls is very simple, even for user with modest technical skills.

The Need for Next Generation Monitoring
If you are concerned about protecting your organizational data and preventing data leakage, the only way you can be confident that data is not leaving your network is by capturing all network traffic and reconstructing the network sessions to the application layer for automated alerting and monitoring, and interactive analysis and review.

With 10 years of patented, core technology developed for the most challenging missions of the U.S. intelligence and law enforcement communities, NetWitness NextGen provides a comprehensive distributed network monitoring framework designed to ensure that your customer’s personally identifiable information (PII), your intellectual property, and your other sensitive data are protected from accidental and intentional leakage.

NetWitness Decoder and Concentrator comprise the underpinnings of an enterprise infrastructure providing comprehensive situational awareness and visibility into content and context of all network activity. When combined with power of automated reporting and alerting in NetWitness Informer and the interactive network forensics and analytics in NetWitness Investigator Enterprise, your organization can acquire the Total Network Knowledge needed to feel confident that you will know when there sensitive data leaking from your network.


Email us at marketing@quantiqint.com to learn more now!

CSA Migration Program will Offer CSA Customers Access to Specially Packaged Offerings and Pricing Terms to Ensure Less Complex and Costly Migration to Endpoint Management and Security Solutions.

Lumension, the global leader in endpoint management and security today announced the launch of a migration program for customers of the Cisco Security Agent (CSA) endpoint security solution, which is scheduled for end-of-life. Cisco customers looking to transition away from their current CSA solutions can access several packaged offerings with special pricing terms now through December 31, 2010.

One example of a packaged offering available to Cisco customers is the Lumension® Endpoint Security Solution Pack designed to help CSA customers migrate to a proactive endpoint security approach and includes:
* Traditional signature-based antivirus protection, and advanced behavioral-based zero-day threat protection
* Application whitelisting, which prevents undesirable or unknown code from executing on IT assets
* Centralized control and policy management over device/media usage, including Lumension’s patented shadowing technology
* Data encryption enforcement to protect sensitive data being transferred onto removable devices/media
* Endpoint protection, whether they are connected to the organizational network or not

The Lumension Endpoint Security Solution Pack includes Lumension® Application Control, Lumension® Device Control as well as Lumension® AntiVirus, all packaged together with terms designed to make the migration away from CSA easier, simple and cost-effective for Cisco customers. Additional packages and capabilities are also available to address areas of concern in vulnerability, compliance and IT risk management.

“Cisco’s decision to end-of-life the CSA endpoint security solution will leave customers searching for alternative solutions and measures to address current threats, risks and compliance requirements across their IT environment,” said Pat Clawson, chairman and chief executive officer, Lumension. “Lumension has several technologies available to help Cisco customers immediately meet their endpoint security and management needs and we’ve designed our program to make the migration process less painful and costly.”

Lumension is a preferred data security partner on the newly established Cisco Secure Borderless Network Systems Initiative. As such, customers who look to Lumension to help address their endpoint security needs can rely on future integration into the Cisco ecosystem to address complex business challenges, common use cases and end-to-end security concerns with greater efficiency as their continued investment in Lumension takes advantage of the Cisco platform.

Organizations interested in learning more about Lumension’s CSA migration program can visit the Lumension® Cisco Migration Program resource center.

Supporting Resources:
* Lumension® IT Security Software Solution Packages
* Optimal Security Blog
* Connect Online with Lumension® and Join the Conversation


About Lumension Security, Inc.

Lumension Security, Inc., a global leader in endpoint management and security, develops, integrates and markets security software solutions that help businesses protect their vital information and manage critical risk across network and endpoint assets. Lumension enables more than 5,100 customers worldwide to achieve optimal security and IT success by delivering a proven and award-winning solution portfolio that includes Vulnerability Management, Endpoint Protection, Data Protection, Antivirus and Reporting and Compliance offerings. Lumension is known for providing world-class customer support and services 24x7, 365 days a year. Headquartered in Scottsdale, Arizona, Lumension has operations worldwide, including Virginia, Texas, Utah, Florida, Ireland, Luxembourg, the United Kingdom, Australia, and Singapore. Lumension: IT Secured. Success Optimized.™ More information can be found at www.lumension.com.

Lumension, the Lumension logo, are trademarks or registered trademarks of Lumension Security, Inc. All other trademarks are the property of their respective owners.


Email us at marketing@quantiqint.com to learn more now!

Quantiq International, the Preferred Regional Security Architect, today announced a strategic partnership with Palo Alto Networks, the network security company.

Palo Alto Networks - The Next-generation firewall equipped three unique identification technologies: App- ID, User-ID, and Content-ID, enables enterprises to see and control applications, users, and content – not just ports, IP addresses, and packets. These identification technologies create business-relevant security policies – safely enabling organizations to adopt new applications, instead of the traditional “all-or-nothing” approach offered by port-blocking firewalls used in many security infrastructures.

Today, Quantiq carries a wide array of IT security solutions spanning from network security, data security and application security to support its customers and partners. With this collaboration, Quantiq aims to provide its customer with leading edge detection and protection mechanism at the perimeter, to ensure that our clients stay protected regardless of the ever-intelligent threats landscape.

Come visit us at the 2-day Regional Collaboration in Cybersecurity International Conference at Shangri-La Hotel in Singapore!

Details as follow:
Title: Regional Collaboration in Cybersecurity Securing the Cloud, Web, and Virtual Networks event
Date: 13-14 July 2010 (Tuesday - Wednesday)
Venue: Shangri-la Hotel, Singapore

Email us at marketing@quantiqint.com for more information now!


About Palo Alto Networks

Palo Alto Networks™ is the network security company. Its next-generation firewalls enable unprecedented visibility and granular policy control of applications and content – by user, not just IP address – at up to 10Gbps with no performance degradation. Based on patent pending App-ID™ technology, Palo Alto Networks firewalls accurately identify and control applications – regardless of port, protocol, evasive tactic or SSL encryption – and scan content to stop threats and prevent data leakage. Enterprises can for the first time embrace Web 2.0 and maintain complete visibility and control, while significantly reducing total cost of ownership through device consolidation. For more information, visit www.paloaltonetworks.com.

Palo Alto Networks, “The Network Security Company,” the Palo Alto Networks Logo and App-ID are trademarks of Palo Alto Networks, Inc. in the United States. All other trademarks, trade names or service marks used or mentioned herein belong to their respective owners.