How To Instantly See Privileged Account Compromise Or Abuse

/in , , , , , , /by

IT and System Admins along with security professionals know that safeguarding access to privileged accounts throughout an enterprise is critical. With up to 80% of breaches involving a compromised user or privileged account, gaining insights into privileged account access and user behavior is a top priority. Even more important, identifying a breach by an outside attacker or malicious insider involving compromised privileged accounts now averages more than 140 days—an eternity in terms of putting your critical assets at risk.

Acess White Paper (Thycotic)

 

Full Report – 2019 Data Breach Investigations Report (Verizon)

/in , , , , , , , /by

Please access your full report here.

2019-data-breach-investigations-report

Why All The Emphasis On Insider Threats? Three Reasons:

/in , , /by

Centrify Logo1. Insider security risks are more prevalent and potentially more damaging.

According to a study conducted by the Ponemon Institute, 34% of data breaches in the U.K., come from malicious activity, including criminal insiders, and 37% of breaches come from employee negligence. A previous Ponemon study indicated that a third of malicious attacks come from criminal insiders. Further, a Forrester study revealed that 75% of data breaches were caused by insiders, most often due to employee negligence or failure to follow policies. The most-often cited incidents were lost devices, inadvertent misuse of sensitive information and intentional theft of data by employees. The impact of data breaches and downtime, whether caused by insider malice or negligence, can cripple an organization, exposing it to lost revenue, significant brand damage and increasingly onerous regulatory fines and penalties.

2. User identity “blind spots” are causing audit failures.

Many organizations are failing audits because of blind spots in their identity infrastructures. Blind spots can occur when identities and entitlements are managed in disparate silos or on local servers rather than centrally. For example, one of the biggest identity challenges for companies — and a major cause of failed audits — is a lack of visibility into local administrator accounts on Windows. This is akin to the root account on a Linux/Unix system. Failed audits can be particularly damaging in today’s environment, in which regulations related to data loss and data protection are becoming more rigorous around the world. Companies that conduct business globally have to be in compliance with a wide range of rules and regulations to satisfy audit requirements.

As such, organizations must be able to provide proof that users who have access to certain servers and applications are actually authorised users. They must also be able to deliver an auditable trail of what each user has done within the server. These requirements mean organizational policies need to apply the principle of “least privilege access,” whereby users log in as themselves and have only those privileges needed to do their jobs. If they need to have their privilege elevated for some reason, that is an explicit action.

3. Organizational complexity is posing a growing challenge.

Managing employee identity used to be relatively easy: A user was typically sitting at a desktop with a single machine connected to an enterprise application through a single wire. Ah, but things have changed. Users are now mobile and using a wide range of devices, some of which may be unsanctioned or undocumented personal devices. And mobility is only one aspect of the heightened complexity. IT infrastructures are increasingly diverse and heterogeneous, with multiple silos defined by departments, applications, operating systems or other characteristics that set them apart from one another. The proliferation of virtualization and cloud services adds additional layers of complexity to the IT environment. Without a solution to unify user identities, organizations face the prospect of having too many identities, thus raising too many identity-related risks — including data loss, data breaches, application downtime, failed audits and an inability to identify and rectify internal security problems before they escalate.

Savvy IT and security managers are recognizing that the most cost-efficient and effective way to address these challenges is to incorporate a solution that provides insiders with a unified identity across all platforms. By linking access privileges and activities to specific individuals, the IT organization can establish the control needed to minimize security risks, along with the visibility required to achieve compliance.

© 2013 Centrify Top 3 Reasons to Give Insiders a Unified Identity. 

Centrify is a PathMaker Group partner providing advanced privileged access management, enterprise mobility management, cloud-based access controls worldwide.  The Centrify Identity Service provides a SaaS product that includes SSO, multi-factor authentication, enterprise mobility management and seamless application integration.  The Centrify Privilege Service provides simple cloud-based control of all privileged accounts and provides extremely detailed session monitoring, logging and reporting capabilities.  The Centrify Server Suite provides the ability to leverage Active Directory as the source of privilege and access management across your Unix, Linux and Windows server infrastructure. Centrify is a Leader in The Forrester Wave, Q3 2016.

 

Five Ways To Spot a Phishing Email

/in /by

Think you’re clever enough to recognize a phishing attempt? Think again. Cybercriminals are getting smarter and their phishing skills are getting better, but we’ve put together this list of clues to help you avoid a costly error.

By Sharon Florentine (This story originally published in CIO) 

No one wants to believe they’d fall for a phishing scam. Yet, according to Verizon’s 2016 Data Breach Investigations Report, 30 percent of phishing emails get opened. Yes, that’s right — 30 percent. That incredible click-through rate explains why these attacks remain so popular: it just works.

Phishing works because cybercriminals take great pains to camouflage their “bait” as legitimate email communication, hoping to convince targets to reveal login and password information and/or download malware, but there are still a number of ways to identify phishing emails. Here are five of the most common elements to look for.

1. Expect the unexpected

In a 2016 report from Wombat Security, organizations reported that the most successful phishing attacks were disguised as something an employee was expecting, like an HR document, a shipping confirmation or a request to change a password that looked like it came from the IT department.

Make sure to scrutinize any such emails before you download attachments or click on any included links, and use common sense. Did you actually order anything for which you’re expecting a confirmation? Did the email come from a store you don’t usually order supplies from? If so, it’s probably a phishing attempt.

Don’t hesitate to call a company’s customer service line, your HR department or IT department to confirm that any such emails are legitimate – it’s better to be safe than sorry.

2. Name check

If you receive an email or even an instant message from someone you don’t know directing you to sign in to a website, be wary, especially if that person is urging you to give up your password or social security number. Legitimate companies never ask for this information via instant message or email, so this is a huge red flag. Your bank doesn’t need you to send your account number — they already have that information. Ditto with sending a credit card number or the answer to a security question.

You also should double-check the “From” address of any suspicious email; some phishing attempts use a sender’s email address that is similar to, but not the same as, a company’s official email address.

3. Don’t click on unrecognized links

Typically, phishing scams try to convince you to provide your username and password, so they can gain access to your online accounts. From there, they can empty your bank accounts, make unauthorized charges on your credit cards, steal data, read your email and lock you out of your accounts.

Often, they’ll include embedded URLs that take you to a different site. At first glance, these URLs can look perfectly valid, but if you hover your cursor over the URL, you can usually see the actual hyperlink. If the hyperlinked address is different than what’s displayed, it’s probably a phishing attempt and you should not click through.

Another trick phishing scams use is misleading domain names. Most users aren’t familiar with the DNS naming structure, and therefore are fooled when they see what looks like a legitimate company name within a URL. Standard DNS naming convention is Child Domain dot Full Domain dot com; for example, info.LegitExampleCorp.com. A link to that site would go to the “Information” page of the Legitimate Example Corporation’s web site.

A phishing scam’s misleading domain name, however, would be structured differently; it would incorporate the legitimate business name, but it would be placed before the actual, malicious domain to which a target would be directed. For instance, Name of Legit Domain dot Actual Dangerous Domain dot com: LegitExampleCorp.com.MaliciousDomain.com.

To an average user, simply seeing the legitimate business name anywhere in the URL would reassure them that it was safe to click through. Spoiler alert: it’s not.

4. Poor spelling and/or grammar

It’s highly unlikely that a corporate communications department would send messages to its customer base without going through at least a few rounds of spelling and grammar checks, editing and proofreading. If the email you receive is riddled with these errors, it’s a scam.

You should also be skeptical of generic greetings like, “Dear Customer” or “Dear Member.” These should both raise a red flag because most companies would use your name in their email greetings.

5. Are you threatening me?

“Urgent action required!” “Your account will be closed!” “Your account has been compromised!” These intimidation tactics are becoming more common than the promise of “instant riches”; taking advantage of your anxiety and concern to get you to provide your personal information. Don’t hesitate to call your bank or financial institution to confirm if something just doesn’t seem right.

And scammers aren’t just using banks, credit cards and email providers as cover for their scams, many are using the threat of action from government agencies like the IRS and the FBI to scare unwitting targets into giving up the goods. Here’s the thing: government agencies, especially, do not use email as their initial means of communication.

This is by no means a comprehensive list. Phishing scammers are constantly evolving, and their methods are becoming more cunning and difficult to trace. New tactics include end of the year healthcare open enrollment scams, low priced Amazon bargains, and tax season attempts. 

So, trust your gut. If an offer seems too good to be true, it probably is. If something seems even the slightest bit “off”, don’t open the email or click on links.

Learn about PathMaker Group identity management solutions here.

Identity Access Management Guidance.  

 

 

Start With The End In Mind: Blog #6 – Eliminate Audit Deficiencies and Improve Audit Performance

/in , , , , /by
(Source: SailPoint Technologies, Inc. Identity and Access Management Buyers Guide)

Identity management is a focal point for IT audits and one of the areas most commonly flagged for ineffective controls. During many Sarbanes-Oxley (SOX) audits, weak identity controls often receive negative audit findings in the form of control deficiencies or material weaknesses.

Here are some of the most common identity risks auditors are looking for:

  • Orphan accounts: Access that remains active for employees or contractors after termination due to failure to remove privileges
  • Entitlement creep: The accrual of privileges over time through transfers, promotions or other changes in roles resulting in employees with access beyond their job requirements
  • Separation-of-duty (SoD) violations: Inappropriate access resulting in excessive control over business transactions or the ability to perform conflicting duties
  • Poorly managed privileged user accounts: Anonymous accounts that are typically the domain of privileged users are managed using manual processes and are very difficult to audit
  • Lack of visibility into access by job function: Business users struggle to interpret technical IT data to make business decisions about what access is required to perform a specific job function.

If you’ve failed an audit due to weakness around any of these identity risks, we have good news. The right identity and access management solution will improve your visibility into risky or noncompliant areas and automate your processes for managing these risks. An enterprise-wide view of your identity data can help you to effectively analyze risk, make more informed decisions and implement the appropriate controls in an automated and more sustainable fashion. Further, aligning user access with job functions through an enterprise role model can strengthen user access controls by providing valuable business context around how specific sets of access map to the underlying business function being performed by an individual. The result? Less chances of negative audit findings or failing another audit. More chances of seeing audit performance improve over time.

Check back for blog #7, Lower the Cost of Compliance

Visit SailPoint Technologies, Inc. here.

Learn more about PathMaker Group IAM MAP here. 

With today’s increasing Mobile Enterprise Security Threats, do you have a strategy to mitigate the risk on your Corporate Network?

/in , , , , , , , , , , , , , , , , , , , , , , , /by

Corporations are increasingly utilizing mobile enterprise systems to meet their business objectives, allowing mobile devices such as smart phones and tablets to access critical applications on their corporate network.  These devices provide advanced technologies over traditional desktop clients, such as: information sharing, access from anywhere at any time, data sensors, location, etc. But what makes these mobile devices desirable, by their very nature, also poses a new set of security challenges.  Reports by research agencies in recent years show an alarming trend in mobile security threats listing as top concerns: Android malware attacks, and for the IOS platform issues with enterprise provisioning abuse and older OS versions.

These trends highlight the need for corporations to start taking seriously a mobile security strategy at the same level to which cyber criminals are planning future attacks. A mobile security strategy might involve adopting certain Mobile Security Guidelines as published by standards organizations (NIST) and Mobile OWASP project. See the references at the end of this document:

The following guidelines are a subset of Mobile Security Guidelines I pulled from various published sources with most coming from NIST. It is by no means a comprehensive list, however they can be considered as a starting point or additional considerations for an existing mobile security strategy.

1 – Understand the Mobile Enterprise Architecture

You should start with understanding and diagramming the flow from mobile application to business applications running on the back-end application server. This is a great starting point and should be done at the beginning stages, as most of the security guidelines will depend on what is known about the architecture.

  1. Is the mobile application a native application or mobile web application? Is it a cross-platform mobile application?
  2. Does the mobile application use middleware to get to the back-end API, or does it connect directly to a back-end Restful based Web Service?
  3. Does the mobile application connect to an API gateway?

2 – Diagram the network topology of how the mobile devices connect

Is the mobile device connecting to the business application servers over the cellular network or internally through a private WiFi network, or both? Does it go through a proxy or firewall? This type of information will aid in developing security requirements; help with establishing a QA security test bed and monitoring capability.

3 – Develop Mobile Application Security Requirements

At a high level, a security function must protect against unauthorized access and in many cases protect privacy and sensitive data. In most cases, building security into mobile applications is not at the top of the mind-set in the software development process. As such, these requirements should be gathered as soon as possible in the Software Development Life Cycle (SDLC). It has been my personal experience in many cases that you have to work with application software developers in adopting best security practices. So the sooner you can get that dialogue going the better. Security objectives to consider are:  Confidentiality, integrity, and availability. Can the mobile OS platform provide the security services required? How sensitive is the data you are trying to protect. Should the data be encrypted in transit, and in storage? Do you need to consider data-in-motion protection technologies?  Should an Identity and Access Management (IDAM) solution be architected as part of the mobile enterprise system? Should it include a Single Sign On functionality (SSO)? Should there be multi-factor authentication, role based or fine-grained access control? Is Federation required? Should the code be obfuscated to prevent reverse engineering?

4 – Incorporate a Mobile Device Security Policy

What types of mobile devices should be allowed to access the organization’s critical assets. Should you allow personal mobile devices, Bring Your Own Devices (BYOD’s) or consider only organization-issued or certified mobile devices to access certain resources? Should you enforce tiers of access? Centralized mobile device management technologies are a growing solution for controlling the use of both organization-issued and BYOD’s by enterprise users. These technologies can remotely wipe the data or lock the password from a mobile device that has been lost or stolen. Should Enterprises consider anti malware software and OS upgrades to become certified mobiles on the network? To reduce high risk mobile devices, consider technologies that can detect and ban mobile devices that are jail broken or rooted, as these can pose the greatest risk of being compromised by hackers.

5 – Application Security Testing

According to a study performed by The Ponemon Institute, nearly 40% of 400 companies surveyed were not scanning their applications for security vulnerabilities, leaving the door wide open for cyber-attacks. This highlights the urgency for security teams to put together some sort of security vetting process to identify security vulnerabilities and validate security requirements as part of an ongoing QA security testing function. Scanning application technologies typically conduct two types of scanning methods: Static Application Security Testing (SAST) which analyzes the source code and Dynamic Application Security Testing (DAST), which sends modified HTTP requests to a running web application to exploit the application vulnerabilities. As the QA scanning process develops, it can be automated and injected into the software build process to detect security issues in the early phases of the SDLC.

6 – System Threat Model, Risk Management Process

What will typically come out of the application scanning process will be a list of security vulnerabilities found as either noise, suspect or definitive.  It will then be up to the security engineers knowing the system architecture and network topology working with the application developer to determine whether the vulnerability results in a valid threat and what risk level based on the impact of a possible security breach. Once the risk for each application is determined, it can be managed through an enterprise risk management system where vulnerabilities are tracked, fixed and the risk brought down to a more tolerable level.

7 – Consider implementing a Centralized Mobile Device Management System

Depending on the Mobile Security Policy that is in place, you may want to consider implementing a Centralized Mobile Device Management System especially when Bring Your Own Device (BYOD) mobiles are in the mix that can:

  • For mobile devices, manage certificates, security setting, profiles, etc through a directory service or administration portal.
  • Policy based management system to enforce security settings, restrictions for organization-issued, BYOD mobile devices.
  • Manage credentials for each mobile device through a Directory Service.
  • Self service automation for BYOD and Reducing overall administrative costs.
  • Control which applications are installed on organization-issued applications and check for suspect applications on BYOD mobile devices.
  • A system that can remotely wipe or lock a stolen or loss phone.
  • A system that can detect Jail-broken or rooted mobile devices.

8 – Security Information and Event Management (SIEM)

Monitor mobile device traffic to back-end business applications. Track mobile devices and critical business applications and correlate with events and log information looking for malicious activity based on threat intelligence. On some platforms it may be possible to integrate with a centralized risk management system to specifically be on alert for suspicious mobile events correlated with applications at higher risk.

References:

Leadership Essential in Cybersecurity Dynamics

/in , , , , , , , , , , , , , , , , /by

Are your C-level leaders sending a clear message about Cyber Security?

Despite the high profile security breaches making news headlines and increased attention around cyber risks, executives in the C-suites are still lacking commonality and communication of a clear goal when it comes to a cybersecurity strategy. These individuals need to work together to manage their organizational risks to help prepare, mitigate, and minimize the damage caused by cyber incidents.

Every organization needs a clear strategy and roadmap with supporting tools that protect critical assets. Read more about this topic and the crucial role the C-suite plays in the dynamics surrounding Cybersecurity.

https://securityintelligence.com/c-suite-dynamics-can-impact-the-organizations-cybersecurity/

Oracle Identity and Access Management with EM12c: Red Pill or Blue Pill?

/in , , , , , , , , , , , , , , , /by

It seems all too often that when users are unable to access an end-user business function protected by a IDAM (Identity and Access Management) solution, the IDAM system gets the brunt of the blame and in a lot of cases without justification. Today’s corporate web based business functions are comprised of complex systems based on a service oriented applications.  As such, it can be difficult to diagnose particular issues in a timely manner to preclude having to restart several components. As the issue persists, security controls may be removed or bypassed all together resulting in another set of problems. In many cases the root cause does not get identified and a repeat incident occurs.

Example Use Case

Consider a system that hosts a web application providing an end-user business function to allow users to sign up for service and be able to pay their bills online. To protect the web application, an Oracle IDAM system, referred to as the SSO Stack, is implemented to provide access control and data protection for the end-users. As you can see, there are a lot of complicated flows and dependencies in the systems.

TomBlogFigure1

Suppose an issue has been reported by an end-user and technical support personnel are logged in to try and resolve the issue. To illustrate the complexity of the issue, suppose an end-user cannot access the system to pay their bill. Without having an in-depth knowledge of what is going on inside the systems, it is difficult to determine if the web application is the problem or if the problem is related to the SSO Stack. If it is the SSO Stack, which component is at fault?

Remember the movie, the matrix, “take the red pill” and find out what is really going on in the matrix. “Take the blue pill” and you live in ignorance and bliss. When troubleshooting systems, the tendency is to: collect and analyze logs on each of the system components independently, trouble-shoot at the network level, and execute manual user tests, all time consuming. How many times have you heard someone say “I can ping the server just fine” yet the problem persists.

TomBlogFigure2

“What if I told you”, testing at the application layer provides a more accurate indication of what is really going on inside the system. The business functionality is either working as intended or it is not.  Applications performing the business functions can be modeled as services and tested in real-time. Service tests can measure the end-user’s ability to access a service and if automated, allow issues to be resolved before end-user complaints start rolling in. Service tests strategically placed in each critical subsystem can be used as health checks determining which system component may be at fault if there are reported issues.

EM12c Cloud Control Service Model

With EM12c Cloud control, business functions can be modeled as services to be monitored for availability and performance.  Systems can be defined based on target components hosting the service. As a service is defined, it is associated with a system and one or more service tests. Service tests emulate the way a client would access the service and can be set up using out-of-the-box test frameworks: web testing automation, SQL timing, LDAP, SOAP, Ping tools, etc. and can be extended through Jython based scripting support.  The availability of a service can be determined by the results of service tests or the system performance metrics. The results of the system metrics can be utilized in system usage metrics and in conjunction with service level agreements (SLAs). Additionally, aggregate services can be modeled to consist of sub-services with the availability of the aggregate service dependent on the availability of each of the individual sub-services.

Example Use Case Revisited with EM12c Service Model

Revisiting the issue reported in the previous use-case, it was not a trivial task in determining whether it was or was not an SSO issue and which component or components were at fault.  Now consider modeling the consumer service and running web automation end-user service tests against the web application. Consider the SSO stack as a service modeling the Identity and Access Management functionality. The SSO Stack can be defined as an aggregate service with the following subservices: SSO Service, STS Service, Directory Service and Database Service. The availability and performance of the SSO Stack can be measured based on the availability and performance of each of the subservices within the SSO Stack chain. Going back to the problem reported in fig 1, the end-user could not access the web application to pay their bill. Suppose service tests are set up to run at the various endpoints as illustrated in figure 3.  As expected, the end-user service tests are showing failures. If the service tests for the Directory Service and Database are passing, it can be concluded the problem is within the OAM server component. Looking further into the results of the SSO Service and STS Service the problematic application within the OAM server can be determined. As this illustration points out, Service tests provide a more systematic way of trouble shooting and can lead you to a speedier resolution and root cause.

TomBlogFigure3

Em12c Cloud Control Features

The following are some of the features available with the EM12 Cloud Control monitoring solution to provide the capabilities as mentioned not available from the basic Enterprise Manager Fusion Middleware Control.

  1. Service Management:
    1. Service Definition: Defining a service as it relates to a business function. Modeling services from end-to-end with aggregate services.
    2. Service tests: Web traffic, SOAP, Restful, LDAP, SQL, ping etc. to determine end-user service and system level availabilities and performance.
    3. System monitoring. Monitoring a group of targets that represent a system that is intended to provide a specific business function.
    4. Service level agreements (SLAs) with monitoring and reporting for optimization.
  1. Performance monitoring
    1. Defining thresholds for status, performance and alerts
    2. Out-of-the-box and custom available metrics
    3. Real-time and historical metric reporting with target comparison
    4. Dashboard views that can be personalized.
    5. Service level agreement monitoring
  1. Incident reporting based on availability and performance threshold crossing, escalation and tracking from open to closure. Can also be used to track SLAs.
  2. System and service topology modeling tool for viewing dependencies. Can help with performance and service level optimization and root cause analysis.
  3. Oracle database availability and performance monitoring:
    1. Throughput transaction metrics on reads, write and commits
    2. DB wait time analysis
    3. View top SQL and their CPU consumption by SQL ID.
    4. DBA task assistance:
      1. Active Data Guard and standby Management
      2. RMAN backup scheduling
  • Log and audit monitoring
  1. Multi-Domain management: Production, Test, Development with RBAC rules. All domains from one console.
  2. Automated discovery of Identity Management and fusion middleware Components
  3. Plug-ins from 3rd party and developer tools with Jython scripting support to extend service tests, metrics etc.
  4. Log pattern matching that can be used as a customizable alerting mechanism and performance tool.
  5. Track and compare configurations for diagnostics purposes.
  6. Automated patch deployment and management.
  7. Integration of the system with My Oracle Support

As a final note and why it is referred to as EM12 Cloud Control

One of the advanced uses of Oracle Enterprise Manager 12c is being able to manage multiple phases of the cloud lifecycle—such as the planning, set up, build, deployment, monitoring, metering/chargeback, and optimization of the cloud. With its comprehensive management capabilities for clouds, Oracle Enterprise Manager 12c enables rapid deployment and end-to-end monitoring of infrastructure as a service (IaaS), platform as a service (PaaS)—including database as a service (DBaaS), schema as a service (Schema-aaS), and middleware as a service (MWaaS).

A Sobering Day for All CEOs

/0 Comments/in , , , , , , , , , , , , /by

Sadly, the CEO presiding over Target during the recent data breach resigned today.  See USA today article.

This series of unfortunate events for Target begs a key question relating to the risks every company CEO faces today. Did Target leadership ask the right questions about overall IT security and the risk every company faces?

Protecting a company from Cyber bad guys is a never ending battle.  It’s a game of leap frog with some serious consequences if you get behind.  With all the opportunity for full-time, professionally paid, government backed hackers to spend all day every day figuring out new ways to wreck a company, the priority for combating this enemy needs to be pretty high on the list for every CIO and CEO.  But it’s not just about spending all the money you can afford to spend.  It’s about understanding where to spend the money on the right technology.

How do leaders responsible for protecting a company sort out all the noise from the real threats?  This has become a constant exercise in analyzing risk and applying financial priorities accordingly.

As fast as the bad guys are coming up with new ways to exploit a target, new innovative minds are working to counter their moves.  Many of these great technologies are being folded into a portfolio of products and solutions that can be layered across an enterprise to protect and prevent the latest threats from creating the worst kind of headlines.

IBM has been on a major buying spree for the last several years snapping up some of the best and brightest technologies and resources across the globe.  They are quickly assembling an array of tools that are being shaped into the worlds best security risk analysis platform.  By leveraging this risk-based assessment direction, IT leaders can depend on technologies that will not only provide the intelligence about where to address risk, but can be assured that these technologies are probably the best that money can buy.

IBM is currently the third largest security company in the world with the goal of being the largest and the best.  As a Premier IBM Business Partner, we see this investment first hand.  See ComputerWorld’s perspective.

PathMaker Group serves our customers by planning, implementing, and managing these security solutions across the enterprise.  IT Security is a rapidly changing, complex business and our partnership with IBM helps us keep our customers one step ahead of the bad guys.

Target Data Breach

/0 Comments/in , , , , , , , , , , /by

How did they pull it off and how can you safeguard your environment from a similar event?

The Target Stores data breach started by exploiting a vulnerability in an externally facing webserver.  Once inside, hackers took command of an internal server and planted malware on the Point of Sale devices in stores all over the US.  The harvested data was stored internally until the hackers reached back in to grab the millions of credit card account records that were stolen.  More details can be found at http://krebsonsecurity.com/

With the tools available today, how could this event happen?  What can you do to safeguard your environment from a similar incident?

PathMaker Group recommends the following measures:

  1. Assess the overall security posture of your organization.  Our company provides a rapid assessment covering 16 security domains enabling you to understand where you may have major gaps.  We can help you prioritize these gaps to help you to maximize your risk mitigation.
  2. Test your environment (and your website code) for vulnerabilities.  External and internal penetration testing is a necessary starting place, but if you develop your own website code, scanning your application code prior to releasing the system to production is essential as these techniques and tools will surface many more vulnerabilities.  We can help with both of these services.
  3. Leverage security intelligence technologies to correlate and identify suspect events before massive damage can occur.  We can rapidly deploy an industry leading solution for you in a matter of days including setting up a managed service.

For help or more information, please contact PathMaker Group at 817-704-3644

Keith Squires, President and CEO, has been in high demand by the media to add insight to this recent news.  Radio and television news interviews, including CBS National News, are available to view at the following link:

https://www.pathmaker-group.com/home/pathmaker-group-news/