April 2017 Digital Edition
March 2017 Digital Edition
Feb. 2017 Digital Edition
Nov/Dec 2016 Digital Edition
Oct 2016 Digital Edition
MOUNTAIN VIEW, CA July 6, 2017 Symantec (NASDAQ: SYMC), the world’s leading cyber security company, today announced that it has entered into an agreement to acquire Israel-based Fireglass, the leading agentless isolation solution that eliminates ransomware, malware and phishing threats in real-time by preventing potentially harmful content from ever reaching user endpoints or the corporate network. With this acquisition, Symantec further strengthens its Integrated Cyber Defense Platform and dramatically extends the Company’s leadership in Secure Web Gateway and Email protection delivered both on premises and in the cloud.
Fireglass’ innovative approach to browser isolation substantially reduces the attack surface, strengthening an enterprise’s security posture and as a result, significantly reduces the burden on the Company’s security operation center (SOC) and IT help desk. Users are protected regardless of the links they click or the uncategorized websites they visit, as all potentially harmful website and email content and attachments are executed within a fully protected and separate environment, eliminating the most common infiltration points for ransomware, exploits and malware. Delivered as a cloud service, on premises, or in a hybrid model, Fireglass provides a transparent and worry-free end user experience, with customers reporting a dramatic reduction in problem tickets and the resulting workload of the security team.
Greg Clark, Symantec CEO said, “Integrating Fireglass’ isolation technology with Symantec’s existing endpoint, email and secure web gateway solutions could reduce security events by as much as 70 percent, while virtually eliminating advanced threats spread by web browsing or email content. Isolation will become a core component in the design of cyber defense architectures for the cloud generation who face the reality of an encrypted Internet and the crisis inherent in email and web-delivered attacks. The ability for the security team to take an aggressive stance on unknown websites and questionable attachments without causing chaos for a company’s users and IT help desk is now a reality. Isolation is a key element of securing the cloud generation and is even a productivity gain for both the end user and security operations center.”
“The pairing of browser isolation with Symantec’s proxy and endpoint capabilities forms a generational change in approach. Our tests show promise for meaningful reductions in attack surface and time-consuming security events,” said Ramin Safai, CISO of Jefferies Group LLC. “I applaud Symantec for focusing on tangible security outcomes – it’s precisely what the industry needs.”
Guy Guzner, Founder and CEO of Fireglass, said, “We’ve long admired Symantec for their leadership in protecting customers’ critical information. Fireglass’ industry-leading isolation technology helps customers battle zero-day attacks and other serious vulnerabilities, making it an essential element for protecting email, messaging and web browsing. It easily integrates with existing security solutions and across all forms of the endpoint including Windows, Mac, Android, iOS and all others including browser-enabled IoT devices. With Symantec’s global scale, we’re excited to bring this groundbreaking technology into the hands of more customers.”
The transaction is subject to customary closing conditions, and is expected to close in the third calendar quarter of 2017. Symantec expects Fireglass’ technology to be available to its customers and partners soon after the transaction closes. Financial terms of the transaction were not disclosed.
Fireglass allows users to click with confidence from any device by eliminating malware and phishing from web and email with no endpoint agent. Organizations protected by Fireglass maximize user productivity while solving the operational overhead and complexity of web gateways through True Isolation™, where all web traffic is executed remotely and does not reach endpoints. Deployed at Fortune 500 companies, Fireglass was founded by network security leaders and military intelligence veterans and is backed by world-class investors including Lightspeed Venture Partners and Norwest Venture Partners.
Symantec Corporation (NASDAQ: SYMC), the world’s leading cyber security company, helps organizations, governments and people secure their most important data wherever it lives. Organizations across the world look to Symantec for strategic, integrated solutions to defend against sophisticated attacks across endpoints, cloud and infrastructure. Likewise, a global community of more than 50 million people and families rely on Symantec’s Norton and LifeLock product suites to protect their digital lives at home and across their devices. Symantec operates one of the world’s largest civilian cyber intelligence networks, allowing it to see and protect against the most advanced threats. For additional information, please visit visit www.symantec.com or connect with us on Facebook, Twitter, and LinkedIn.
DAYTONA BEACH, FL June 29, 2017 As business leaders and companies around the world face attacks on their computer systems, Embry-Riddle Aeronautical University has developed the first of its kind program for professionals targeting cybersecurity challenges specifically for the aviation and aerospace industry.
As announced at the 2017 Paris Air Show, Embry-Riddle will offer a customizable Aviation Cybersecurity Certificate program tailored to industry employees that addresses systems specific to the aviation industry – from aircraft systems to the infrastructure that supports them.
Those systems include aircraft navigation and communications systems and existing as well as in development aviation infrastructure systems such as Traffic Collision Avoidance System (TCAS), Automatic Dependent Surveillance-Broadcast (ADS-B), Instrument Landing System (ILS), Federal Aviation Administration (FAA) System Wide Information Management (SWIM) and Next Gen, and Single European Sky ATM Research (EU SESAR).
"Embry-Riddle is in the unique and trusted position as the higher education leader in aviation and cybersecurity to arm industry manufacturers and operators with the most proactive, advanced and up-to-date strategies in dealing with potential attacks on their infrastructure," said Embry-Riddle President Dr. P. Barry Butler.
The program, the National Security Agency Certificate of Completion, is available via flexible delivery platforms including in-person, on campus or online. The three courses cover basic cybersecurity concepts, existing standards and best practices, computer system security concepts such as Global SWIM and its components such as Aeronautical Information Exchange Model (AIXM) and Flight Information Exchange Model (FIXM), and technology challenges like ADS-B.
For more, information, email [email protected].
About Embry-Riddle Aeronautical University
Embry-Riddle Aeronautical University, the world's largest, fully accredited university specializing in aviation and aerospace, is a nonprofit, independent institution offering more than 80 baccalaureate, master's and Ph.D. degree programs in its colleges of Arts & Sciences, Aviation, Business, Engineering and Security & Intelligence. Embry-Riddle educates students at residential campuses in Daytona Beach, Fla., and Prescott, Ariz., through the Worldwide Campus with more than 125 locations in the United States, Europe, Asia and the Middle East, and through online programs. The university is a major research center, seeking solutions to real-world problems in partnership with the aerospace industry, other universities and government agencies.
TAMPA BAY, FL June 28, 2017 After a full 24 hours of monitoring the latest global ransomware outbreak, KnowBe4’s CEO warns IT pros that the new strain appears to be open cyber warfare, targeted at the Ukraine, with the spread of it beyond those borders as “collateral damage”. According to reports by security experts, the attack was spread through a software update to Ukrainian accounting company Intellekt Servis' product. Their June 22 update was pushed out and looks to have contained sleeper code that kicked in one day before Ukraine's Constitution Day. Ukraine’s national police warned this was only one vector of the attack and Russian security firm Group-IB says it saw companies infected through malicious email attachments.
KnowBe4 CEO Stu Sjouwerman stated, “This has been brewing under the surface for a few years, but now we are dealing with open cyber warfare here. Like it or not, as an IT Pro, you have just found yourself on the frontline of 21-st century war.” Sjouwerman noted, “The Ukraine is locked in a bitter proxy fight with Russia since the annex of the Crimean peninsula and the separatist war in eastern Ukraine. Russia's GRU, the foreign military intelligence agency of the General Staff of the Armed Forces of the Russian Federation is likely behind this.”
Nicholas Weaver, a security researcher at the International Computer Science Institute and lecturer at UC Berkeley, said Petya appears to have been well engineered to be destructive while masquerading as a ransomware strain stating, “I’m willing to say with at least moderate confidence that this was a deliberate, malicious, destructive attack or perhaps a test disguised as ransomware.”
Craig Williams, security outreach manager with Cisco Systems said: “I think not only is it out there trying to make a profit, but it’s also making a very clear political statement: it’s intentionally trying to damage businesses that interact with the Ukrainian tax system.“
Russian security firm Group-IB reports that Petya bundles a tool called “LSADump,” which can gather passwords and credential data from Windows computers and domain controllers on the network.
The official full name of the GRU is Main Intelligence Agency of the General Staff of the Russian Armed Forces. The GRU is Russia's largest foreign intelligence agency. In 1997 it deployed six times as many agents in foreign countries as the SVR, the successor of the KGB's foreign operations directorate. It also commanded 25,000 Spetsnaz troops in 1997. Source: WikiPediaThe GRU has its own cyber armies and works together with sophisticated hacker groups like APT28 which also goes by Fancy Bear. These are typically the guys behind attacks like this, however, this particular infection is a new low, because it's main goal is destructive, masked as a ransomware attack.
In a recent blog post, Sjouwerman noted reports by WSJ that Vladimir Putin recently approved of Patriotic Russian Hackers. “This is what you get when you unleash those hounds: a lot of collateral damage, even including Russia's own major oil company Rosneft, ironically owned for a good chunk by Putin himself,” said Sjouwerman.
Sjouwerman advises quick measures to combat the fallout and stay safe:
1. Make sure you have weapons-grade backups.
2. Patch religiously
3. Step users through new-school security awareness training.
For more information on KnowBe4, visit www.knowbe4.com
KnowBe4, the provider of the world’s most popular integrated new school security awareness training and simulated phishing platform, is used by more than 10,000 organizations worldwide. Founded by data and IT security expert Stu Sjouwerman, KnowBe4 helps organizations address the human element of security by raising awareness of ransomware, CEO fraud and other social engineering tactics through a new-school approach to security awareness training. Kevin Mitnick, internationally recognized computer security expert is KnowBe4’s Chief Hacking Officer. Thousands of organizations trust KnowBe4 to mobilize their end-users as the last line of corporate IT defense.
Number 139 on the 2016 Inc 500 list, #50 on 2016 Deloitte’s Technology Fast 500 and #6 in Cybersecurity Ventures Cybersecurity 500. Follow Stu on Twitter at @StuAllard.
HERNDON, VA July 5, 2017 SolarWinds, a leading provider of powerful and affordable IT management software, today announced it has participated in Cyber Quest 2017, a multi-week exercise in cyber and electronic warfare exploration and collaboration hosted by the Army Cyber Center of Excellence (CCoE) in Fort Gordon, Georgia. SolarWinds’ participation included on-site demonstrations of its network and systems monitoring, IT security, and database management products through live, virtual, or constructed scenarios similar to those experienced by the warfighter.
This year’s annual Army Cyber Quest exercise was held between June 5 and June 30, 2017 and assists the CCoE in identifying emerging technologies from government, industry, and academia and then assessing those technologies against associated Army-required capabilities. It aims to promote collaboration across industry partners and encourage results-oriented outcomes to help improve some of the unique challenges faced by our warfighters.
“SolarWinds shares the same goals as the Army CCoE, which is to partner government with industry leaders to ensure that the latest technologies are available to our warfighters,” said David Kimball, senior vice president, federal and national government, SolarWinds. “We’re honored to have been a part of this unique event, and for the opportunity to demonstrate how our powerful solutions can help the Army simplify its task of securing, managing, and monitoring its complex systems and networks.”
The following SolarWinds® products are were tested during the Army Cyber Quest exercise:
- SolarWinds Server & Application Monitor – agentless application and server monitoring
- SolarWinds Virtualization Manager – virtual machine capacity planning and sprawl control
- SolarWinds Storage Resource Monitor – multi-vendor storage performance and capacity monitoring
- SolarWinds IP Address Manager – automated IP address management and IP alerting, troubleshooting, and reporting
- SolarWinds User Device Tracker – tracks endpoint devices by MAC and IP address on wired and wireless networks
SolarWinds currently supports numerous DoD initiatives including the Army’s Warfighter information Network-Tactical (WIN-T) program, which serves as the Army’s common tactical communications network backbone that enables mission command and secure reliable voice, video, and data communications. SolarWinds provides management, monitoring, and troubleshooting tools, including its Network Configuration Manager, Network Performance Monitor, NetFlow Traffic Analyzer, VoIP & Network Quality Manager, and Engineer’s Toolset products. You can read a full case study here.
SolarWinds Solutions for Government
- SolarWinds software is available on the U.S. General Services Administration (GSA) Schedule, Department of Defense ESI, and other contract vehicles.
- U.S. Government certifications and approvals include Army CoN, Air Force APL, Navy DADMS; and Technical Requirements include FIPS compatibility, DISA STIGs, and National Institute of Standards and Technology (NIST) compliance.
- SolarWinds also has hundreds of built-in automated compliance reports, which meet requirements of major auditing authorities, including DISA STIG, FISMA, NIST, and more.
- SolarWinds THWACK® online user community provides a number of out-of-the-box compliance report templates available to download for free, which are designed to help users prepare for an inspection. It also provides information on Smart Card and Common Access Card (CAC) product support.
- Case Study: WIN-T Deploys SolarWinds Solution to Maintain Communications with Tactical Warfighters
- Video: SolarWinds IT Management and Monitoring for Government
- Video: SolarWinds Federal Security Compliance
- eBook: An Integrated Approach to IT Troubleshooting
SolarWinds provides powerful and affordable IT management software to customers worldwide, from Fortune 500® enterprises to small businesses, managed service providers (MSPs), government agencies, and educational institutions. We are committed to focusing exclusively on IT, MSP, and DevOps professionals, and strive to eliminate the complexity that our customers have been forced to accept from traditional enterprise software vendors. Regardless of where the IT asset or user sits, SolarWinds delivers products that are easy to find, buy, use, maintain, and scale while providing the power to address key areas of the infrastructure from on-premises to the cloud. This focus and commitment to excellence in end-to-end hybrid IT performance management has established SolarWinds as the worldwide leader in both network management software and MSP solutions, and is driving similar growth across the full spectrum of IT management software. Our solutions are rooted in our deep connection to our user base, which interacts in our THWACK online community to solve problems, share technology and best practices, and directly participate in our product development process. Learn more today at www.solarwinds.com.
ST. LOUIS July 5, 2017 Fpweb.net, a managed cloud and security services provider based in St. Louis, Missouri, now offers Security Operations Center (SOC) as a Service. It allows organizations to instantly deploy SOC as a Service with Security Information and Event Management (SIEM), managed 24/7 by an extended team of cybersecurity pros from Fpweb. SOC as a Service provides real-time visibility into all the logs, security devices, clouds, and high-value assets.
- Cyberattacks are more frequent, targeted and sophisticated
- Millions of warnings are produced by platforms, applications and endpoint solutions like malware, intrusion detection system (IDS)/ intrusion prevention system (IPS) and web application firewalls (WAF)
- Quality and speed of the response are critical to limit the impact on any organization
- A professionally designed SOC is the foundation of cyber defense against unauthorized, malicious activity in real time
- A professional SOC requires a blend of the right people, processes and technology
- The SOC is a team of security analysts armed with the right tools to prevent, detect, analyze and respond to incidents
Fpweb’s SOC as a Service is a turnkey managed security operations center, delivered as a service. The SOC service is powered by a best-in-class SIEM and managed by battle-tested security engineers to provide real-time security intelligence without the cost, complexity, and extended timeline of do-it-yourself SIEM deployments.
With limited resources, many IT departments are forced to do the minimum, relying on automated systems and reports, and end up missing data breach indicators living in their logs. Cyberattackers are developing their tactics, arsenals, and organizational structures faster than businesses can prepare their defensive countermeasures. The IT risk gap is accelerating and many organizations are outmatched.
Instead of relying on an understaffed and underskilled internal team, organizations are turning to outside professionals, who are trained and focused on one priority – cybersecurity. Fpweb.net starts SOC as a Service pricing at $1,745 per month for 40 hours per month, 30 nodes, 125 Events Per Second (EPS), and can easily scale up from there.
FALLS CHURCH, VA July 5, 2017 CSRA Inc. (NYSE: CSRA) announced today it has completed the acquisition of NES Associates, a well-respected federal IT service provider. NES provides specialized expertise in enterprise networking, cybersecurity, infrastructure, and application architecture as well as implementation services to customers in the military and other federal agencies.
"I'm pleased we have closed on our first acquisition as a public company," said CSRA President and CEO Larry Prior."NES Associates will bring us innovative network engineering capabilities as we pursue large IT modernization opportunities in upcoming years, another example of how we live our tagline, 'Think Next. Now.'"
"CSRA is a perfect fit for NES," said NES founder and CEO Andy Gomer. "Our network engineering capabilities matched extremely well with CSRA's opportunities and resources. Our companies have highly compatible cultures and a shared focus on serving our citizens and warfighters. We are very excited to continue to serve our customers' missions with so much added capability."
CSRA President and CEO Larry Prior first announced the acquisition of NES during the Fiscal Year 2017 earnings call on May 24. During the call, Prior noted "NES' deep understanding of the network that connects customers' mission-to-compute will enable CSRA to eliminate many barriers to the adoption of next-generation IT. These digital transformation efforts rely on the availability of secure, resilient, high-bandwidth and low-latency networks that enable hyperscale infrastructures and accelerate the adoption of cloud operating models."
By joining forces with NES, CSRA will accelerate the adoption of its next-generation digital solution offerings and intends to become the network transformation leader. The key innovations, talent, and past performance from NES also will significantly improve CSRA's win probability on several very large pursuits across the company.
About CSRA Inc.
CSRA (NYSE: CSRA) solves our nation's hardest mission problems as a bridge from mission and enterprise IT to Next Gen, from government to technology partners, and from agency to agency. CSRA is tomorrow's thinking, today. For our customers, our partners, and ultimately, all the people our mission touches, CSRA is realizing the promise of technology to change the world through next-generation thinking and meaningful results. CSRA is driving towards achieving sustainable, industry-leading organic growth across federal and state/local markets through customer intimacy, rapid innovation and outcome-based experience. CSRA has over 18,000 employees and is headquartered in Falls Church, Virginia. To learn more about CSRA, visit www.csra.com. Think Next. Now.
RICHMOND, MA July 1, 2017 Rivetz Intl. (https://rivetzintl.com/), a newly formed subsidiary of Rivetz Corp., today announced the RvT cyber security token, created to combine trusted computing with blockchain technology that can offer comprehensive privacy protection. Rivetz believes the RvT token will enable multi-factor authentication across devices, to achieve provable security at the transaction and authentication level. Furthermore, Rivetz believes the solution will enable peer-to-peer transactions to have provable cyber controls that become a permanent part of the blockchain record, providing cryptographic proof that the measured protections were in place before a transaction can execute. The Rivetz solution is built on technology that has already been delivered on over a billion devices containing ARM-compatible processors.
RvT token technology takes advantage of the established capabilities of the Trusted Execution Environment (TEE) to provide a vault on the device to securely enable machine execution of instructions that are subject to owner-led policy. The Rivetz trusted app checks the status of a device before undertaking a task, such as connecting to the cloud. If the current condition of the TEE and the registered reference conditions match, the task can proceed. If not, the task will not be permitted.
"Since my introduction to blockchain in 2013, it's been clear that blockchain technology and trusted computing have the potential to provide the global infrastructure to enable billions of trusted computing devices already in circulation with built-in decentralized cyber security," said Steven Sprague, Founder of Rivetz. "We've invested and built the foundations to realize that vision. Rivetz believes that the launch of the RvT token and RvT powered services will provide a decentralized operational and economic model to boost the adoption of built-in security controls."
The launch of the RvT token builds on existing trusted computing technology already deployed by Rivetz Corp., which has been done over the last three years to prototype advanced transaction and security capabilities. Blockchain, IoT, cloud computing and many other markets can benefit from provable controls. Today's devices contain advanced security hardware, and Rivetz's mission is to put that deployed security to work to provide a simpler, safer experience for users.
The launch of the RvT token sale is expected to take place on July 25, 2017. More details along with a technical white paper are available at: www.rivetzintl.com.
About Rivetz International
Rivetz International is a wholly owned subsidiary of Rivetz Corp., focused on solving problems associated with consumer and machine-to-machine digital transactions. Rivetz technology provides a safer and easier-to-use model for all users to protect their digital assets using hardware-based device identity. The device plays a critical role in automating security and enabling the controls that users need to benefit from modern services. Rivetz leverages state-of-the-art cybersecurity tools to develop a modern model for users and their devices to interact with services on the Internet. For more information, visit www.rivetzintl.com
Consistent with the announcement at the June 28, 2017 Regular Open Meeting at the Illinois Commerce Commission, Ameren Illinois and Commonwealth Edison (ComEd) released an informal Request for Information (RFI) today regarding the selection of the NextGrid independent facilitator. The electric utilities are seeking a qualified individual and/or organization to coordinate and facilitate the Utility of the Future study.
Proposals must be submitted by July 14, 2017 by 5:00 PM CT to [email protected] or [email protected]. Submissions are limited to five pages, including attachments, and late submissions will not be accepted.
NextGrid is an approximately eighteen-month, consumer-focused study exploring topics such as methods to leverage Illinois’ restructured energy market, investment in smart grid technology, and the significant expansion of renewables and energy efficiency resulting from the recently passed Future Energy Jobs Act. The study will be led and overseen by the ICC with the assistance of an independent facilitator who will seek input from all members of the energy stakeholder community on goals and guiding principles for the process.
BOSTON June 28, 2017 Cybereason, developers of the most effective Total Protection Platform including EDR & NGAV, today announced that it has made available a new version of RansomFree, its award-winning free anti-ransomware tool. RansomFree 184.108.40.206 detects and prevents NotPeyta ransomware from executing on computers. RansomFree is the world’s most widely used free anti-ransomware tool with more than 350,000 small business and consumer users.
NotPetya encrypts files only after the machine is rebooted – unlike most ransomware that encrypts files as soon as it executes. NotPetya spreads throughout the network, extracts admin credentials, and schedules a task to reboot the machine. As soon as a victim reboots their machine, NotPetya overwrites the Master Boot Record (MBR) with a malicious payload that encrypts the full disk.
In related news, Cybereason’s Principal Security Researcher Amit Serper discovered a vaccination for NotPeyta that prevents the ransomware from running on any computer on which it is activated.
Follow Serper’s discovery on Twitter: https://twitter.com/0xAmit. To activate the kill switch, users must locate the C:\Windows\ folder and create a file named perfc, with no extension name. This should kill the application before it begins encrypting any files.
Cybereason was the first cybersecurity company to develop a free anti-ransomware tool and it was made available in December, 2016. RansomFree stops more than 99 percent of ransomware variants from encrypting files. RansomFree uses behavioral and proprietary deception techniques to target the core behaviors typical in ransomware attacks. It is designed to block never-before-seen ransomware in order to protect organizations against emerging ransomware threats. Today, more than 350,000 small businesses and individuals are using RansomFree.
Founded in 2012 by Lior Div,Yossi Naar and Yonatan Striem-Amit, Cybereason recently announced an infusion of new capital of $100 million from SoftBank Corp. This new financing solidifies Cybereason as the leading cybersecurity startup changing the status quo in the security industry, with 500 percent growth in revenue in the past year.
Cybereason is the leader in endpoint protection, offering endpoint detection and response, next-generation antivirus, and managed monitoring services. Founded by elite intelligence professionals born and bred in offense-first hunting, Cybereason gives enterprises the upper hand over cyber adversaries. The Cybereason platform is powered by a custom-built in-memory graph, the only truly automated hunting engine anywhere. It detects behavioral patterns across every endpoint and surfaces malicious operations in an exceptionally user-friendly interface. Cybereason is privately held and headquartered in Boston with offices in London, Tel Aviv, and Tokyo.
For more information, please visit:
SEATTLE June 27, 2017 WatchGuard® Technologies, a leader in advanced network security solutions, today announced the findings of its quarterly Internet Security Report, which explores the latest computer and network security threats affecting small to midsize businesses (SMBs) and distributed enterprises. Among its most notable findings, the report revealed that despite an overall drop in general malware detection for the quarter, Linux malware made up more than 36 percent of the top threats identified in Q1 2017. This attack pattern demonstrates the urgent need for heightened security measures to protect Linux servers and Linux-dependent IoT devices.
"This new Firebox Feed data allows us to feel the pulse of the latest network attacks and malware trends in order to identify patterns that influence the constantly evolving threat landscape," said Corey Nachreiner, chief technology officer at WatchGuard Technologies. "The Q1 report findings continue to reinforce the importance and effectiveness of basic security policies, layered defenses and advanced malware prevention. We urge readers to examine the report's key takeways and best practices, and bring them to the forefront of information security efforts within their organizations."
WatchGuard's Internet Security Report is designed to offer educational insights, research and security recommendations to help readers better protect themselves and their organizations against modern threat actors. Key findings from the Q1 2017 report include:
- Linux malware is on the rise, making up 36 percent of the top malware detected in Q1. The increased presence of Linux/Exploit, Linux/Downloader and Linux/Flooder combined to illustrate attackers' increased focus on Linux servers and IoT devices. Users should protect IoT products and Linux servers from the internet with layered defenses.
- Legacy antivirus (AV) continues to miss new malware – at a higher rate. In fact, AV solutions missed 38 percent of the total threats WatchGuard caught in Q1, compared to 30 percent in Q4 2016. The growing number of new or zero day malware now evading traditional AV highlights the weaknesses of signature-based detection solutions and the need for services that can detect and deter advanced persistent threats.
- The cybersecurity battleground is shifting toward web servers. Last quarter, drive-by downloads and browser-based attacks were predominant. In Q1, 82 percent of the top network attacks targeted web servers (or other web-based services). Users should strengthen web server defenses by hardening permissions, limiting resource exposure, and patching server software.
- Attackers still exploit the Android StageFright flaw. This exploit first gained notoriety in 2015, and is proving its longevity as the first mobile-specific threat to hit WatchGuard Threat Lab's top 10 attacks list this year. At a minimum, Android users should regularly upgrade their operating systems to prevent mobile attacks like StageFright.
- Threat actors take a break from hacking the holidays. Overall, threat volume decreased 52% in Q1 2017 compared to Q4 2016. We believe the drop in malware detections can be attributed to the absence of seasonal malware campaigns associated with various Q4 holidays, which increased overall malware instances during that period.
WatchGuard's Internet Security Report is based on anonymized Firebox Feed data from more than 26,500 active WatchGuard UTM appliances worldwide, representing a small portion of our overall install base. These appliances blocked more than 7 million malware variants in Q1, representing an average of 266 samples blocked by each individual device. WatchGuard appliances also blocked more than 2.5 million network attacks in Q1, which equates to 156 attacks blocked per device. The complete report includes a breakdown of the quarter's top malware and attack trends, an analysis of the CIA Vault 7 leaks and key defensive learnings for readers. The report also features a new research project from the WatchGuard Threat Lab, which focuses on a new vulnerability in a popular IoT camera.
For more information, download the full report here: www.watchguard.com/security-report
About WatchGuard Technologies, Inc.
WatchGuard® Technologies, Inc. is a global leader in network security, providing best-in-class Unified Threat Management, Next Generation Firewall, secure Wi-Fi, and network intelligence products and services to more than 75,000 customers worldwide. The company's mission is to make enterprise-grade security accessible to companies of all types and sizes through simplicity, making WatchGuard an ideal solution for Distributed Enterprises and SMBs. WatchGuard is headquartered in Seattle, Washington, with offices throughout North America, Europe, Asia Pacific, and Latin America. To learn more, visit WatchGuard.com.
For additional information, promotions and updates, follow WatchGuard on Twitter, @WatchGuard on Facebook, or on the LinkedIn Company page. Also, visit our InfoSec blog, Secplicity, for real-time information about the latest threats and how to cope with them at www.secplicity.org.