Archive for March, 2011

Heathrow, 18th March 2011

RSA, the Security Division of EMC, urges critical actions for SecurID installations

Following on from RSA’s recent announcement today that they have experienced a security breach please see below for recommended actions by RSA, links to the RSA open letter to all their clients and RSA’s SCOL advisory on general security best practices and product best practices.

Overall Recommendations:
RSA strongly urges customers to follow both these overall recommendations and the recommendations available in the best practices guides linked to this note.

• We recommend customers increase their focus on security for social media applications and the use of those applications and websites by anyone with access to their critical networks.
• We recommend customers enforce strong password and pin policies.
• We recommend customers follow the rule of least privilege when assigning roles and responsibilities to security administrators.
• We recommend customers re-educate employees on the importance of avoiding suspicious emails, and remind them not to provide user names or other credentials to anyone without verifying that person’s identity and authority. Employees should not comply with email or phone-based requests for credentials and should report any such attempts.
• We recommend customers pay special attention to security around their active directories, making full use of their SIEM products and also implementing two-factor authentication to control access to active directories.
• We recommend customers watch closely for changes in user privilege levels and access rights using security monitoring technologies such as SIEM, and consider adding more levels of manual approval for those changes.
• We recommend customers harden, closely monitor, and limit remote and physical access to infrastructure that is hosting critical security software.
• We recommend customers examine their help desk practices for information leakage that could help an attacker perform a social engineering attack.
• We recommend customers update their security products and the operating systems hosting them with the latest patches.

For RSA product-specific recommendations, please follow the links below to the Security Best Practices Guides for each product. If you are unable to access the files via RSA SecurCare http://knowledge.rsa.com/ please contact support at:

U.S.: 1-800-782-4362, Option #5 for RSA, Option #1 for SecurCare note
Canada: 1-800-543-4782, Option #5 for RSA, Option #1 for SecurCare note
International: +1-508-497-7901, Option #5 for RSA, Option #1 for SecurCare note

SecurCare Online Advisory Direct Link https://knowledge.rsasecurity.com/scolcms/set.aspx?id=8884

RSA open Letter to Customers http://www.rsa.com/node.aspx?id=3872

Heathrow, 9th March October 2011

Armadillo are happy to announce that we have signed a partnership agreement with innovative APT solution specialist FireEye

FireEye Malware Protection Systems provide next generation network threat prevention to safeguard valuable data and networks against Modern Malware infiltration and data theft/alteration/destruction. The FireEye Malware Protection System breaks the Modern Malware infection lifecycle by stopping inbound, zero hour, targeted attacks, outbound data exfiltration callbacks, and dynamically inoculating networks from future attacks through both local and global intelligence. FireEye finds and blocks the 90% of Modern Malware attacks that conventional defenses miss, at network speeds and near-zero false positive rates, delivering an extremely low security TCO.

FireEye has pioneered the use of transparent virtual machines operating in a network appliance to block inbound, zero-day, targeted attacks and to analyze malware infections in real time. Also, it blocks unauthorized, outbound communications to criminal C&C servers to stop data exfiltration attempts. Taking this multilayered approach, FireEye has the unique capability to provide real-time malware intelligence gathered from a global customer base and shared via the FireEye Malware Analysis and Exchange (MAX) Cloud Intelligence network. FireEye offers a fundamentally new technology to defend against zero-day, targeted attacks, bots, Trojans, and advanced, persistent threats.

In the News

Web MPS Datasheet

Malware Analysis Datasheet

KEY TECHNOLOGY FEATURES:

• Multi-stage inspection and blocking engine that stops known and zero-day attacks while simultaneously eliminating false positives. The multi-stage inspection process unifies virtualization and network security to accurately block Modern Malware that are used to penetrate networks and steal resources and sensitive data
• Malware-VM analysis utilizes proprietary and trade secret virtualization technology to analyze and confirm true, zero-day malware, such as Trojans, targeted attacks, bots, VM-aware malware, and advanced, persistent threats
• Malware-Callback filter blocks outbound callbacks based on local malware intelligence from the Malware-VM analysis as well as based on global malware intelligence provided by the MAX Cloud Intelligence network

Newly discovered malware is installed to completion within the FireEye Malware-VM filter so that malware file locations, new registry keys, corrupted DLL’s, etc. are all tracked in addition to outbound, callback destinations. Now, analysis of polymorphic Modern Malware can be reliably automated to create dynamic blocking of inbound zero-day attacks and its outbound transmissions. Local zero-day malware intelligence is dynamically-generated by each Malware-VM filter to provide real-time malware forensics used to protect the local network. This analysis can be shared globally through the MAX Cloud Intelligence network for use by all subscribers to stop data and resource thefts.

MAX Cloud Datasheet

For further information please contact: sales@armadillouk.com