Archive

Security Signals Everywhere: Finding the Real Crisis in a World of Noise

Imagine dealing with a silent, but mentally grating barrage of security alerts every day. The security analyst’s dilemma? They either need to cast nets wide enough to identify all potential security incidents, or laser-focus on a few and risk missing an important attack.

A recent Cisco study covered in CSO found that 44 percent of security operations managers saw more than 5,000 security alerts a day. As a consequence, they can only investigate half of the alerts they receive every day, and follow up on less than half of alerts deemed legitimate. VentureBeat says the problem is far worse. Just 5 percent of alerts are investigated due to the time and complexity of completing preliminary investigations.

The CSO article recommends better filtering to reduce threat fatigue, while focusing efforts on the most important risks to a company’s industry and business. These are great suggestions. However, in a world of exploding risks, you need a dedicated team of experts on point 24/7, while deploying technology to stay ahead of the threat landscape.

This is all very cumbersome and expensive. Even the largest companies in the world may not have this level of resources. That is where a tailored, affordable managed threat detection and response or co-managed SIEM comes into play. Here’s why co-managed SIEM is better than a DIY scenario for the digital transformation era:
 
  1. A dedicated SWAT team for security – You may have great analysts, but they’re stretched and may be tired. Expand their reach with a team of external experts who can partner on calibrating and monitoring security services, follow up on alerts, and augment your team when you need more resources due to business growth, staff departures, or an inability to hire enough experts.
  2. – It’s challenging to optimize processes when you’re constantly fighting fires. Leave that work to your partner. EventTracker’s Security Operations Center, for example, is ISO/IEC 27001-certified, and we have to work hard to maintain that certification by continually improving our information management systems for our clients.
  3. – Self-managing a SIEM solution can be expensive and difficult. Co-management is on the rise and expected to grow five-fold by 2020. EventTracker’s SIEMphonic platform provides all the managed security services you need, including SIEM and log management, threat detection and response, vulnerability assessment, user behavior analysis, and compliance management. It collects data from a variety of sources, including your platform, application and network logs; alerts from intrusion detection systems; and vulnerability scans and analyzes it all.  In addition, our HoneyNet deception technology uses virtualized decoys throughout your network to lure bad actors and sniff out attacks.

If you’re concerned about the rise of risks, you should be. Your information security team has great expertise and skills – but it’s probably time to extend their reach.
 
Empower your company with co-managed SIEM and hone in on the real crises, despite a world of noise. Get SIEMphonic managed security service today.

EventTracker Statement on Meltdown and Spectre Vulnerability

On January 3, 2018, an industry-wide hardware-based security vulnerability was disclosed. CVE-2017-5753 and CVE-2017-5715 are the official references to Spectre, and CVE-2017-5754 is the official reference to Meltdown.

To exploit this vulnerability, specific code must be run on a CPU. The hosted EventTracker SIEMphonic service is provided from our own data center, and does not use compute-as-a-service from providers such as AWS EC2 or Azure who allow customers to run arbitrary code on the provided compute service.

Keeping our customers and their data secure is always our top priority. EventTracker continually tests and monitors our systems for vulnerabilities such as this, using our own products and services. The unknown process feature in EventTracker is expressly designed to detect and surface first-time-seen code execution. We have taken active steps to ensure that no EventTracker customer is exposed to these types of vulnerabilities. At the time of this posting, EventTracker has not received any information to indicate that these types of vulnerabilities have been used to attack the SIEMphonic infrastructure or in any way impact the integrity of customer data stored with the SIEMphonic service.

EventTracker does not use a third-party compute-as-a-service offering, so we don’t allow arbitrary code to be run on our servers. As such, security vulnerabilities that require specific code to be run on the same server as the exploited service pose less of a threat to EventTracker’s service and the data stored therein than those services and data stores utilizing shared servers at large cloud hosting facilities. With that said, EventTracker is constantly evaluating the server vendor patches that are relevant to server components used, and we will test and roll out these patches as they become available.

At our Security Operations Center we are patching on all workstations to address Meltdown and Spectre vulnerabilities. Specifically, we are: 

  1. Updating anti-virus to the latest version to make it compatible with Microsoft patches. Microsoft has identified a compatibility issue with a number of antivirus software products.
  2. Installing Microsoft cumulative patch on all workstations
  3. Installing the latest BIOS update on the workstations
  4. Updating Chrome and Firefox browsers to the latest versions

We will post more updates here, as they become available. More details about these vulnerabilities are available. Learn more about the Meltdown and Spectre vulnerabilities.