GoSecure Blog

Roger Grimes is Right. Make Sure Your Honeynet Solution Is Too

Roger Grimes recently published an article in InfoWorld, “No Honeypot? Don't Bother Calling Yourself a Security Pro,” that argues honeypots should be a pivotal part of any company’s security strategy. He notes that honeypots “can easily capture zero-day exploits, freshly minted malware, and roaming APT hackers,” which are some of the key drivers behind the Detection Gap problem. Despite that, Grimes notes that many businesses have yet to even use them.

So, what’s the holdup? I think many organizations have shied away from honeypots because of perceived difficulties in setting them up and operating them. Traditionally, honeypots also have required highly skilled security professionals to monitor them, scaring off some potential adopters. Also, some organizations mistakenly believe that multilayered firewall, intrusion prevention, antivirus and other defenses provide adequate protection.

Read More

Topics: Cyber attack intelligence, APT, Honeynets

The Pitfalls Behind And Ahead

The pace of advisories and reports surrounding new zer0day activity seems to be accelerating at an alarming rate in 2013. Growing numbers have been seen in the wild exploiting victims and gaining beachheads within enterprises around the world. Meanwhile, as a noted in a recent New York Times article, which highlighted the statistics of crimeware detection and prevention among the world’s top 45 antivirus engines commercially available, the cyber security industry has been slow to adapt. To illuminate some of the mystery behind some of the tools and techniques that makes executable detections more difficult than they used to be, it helps to examine a small chip off of the proverbial iceberg of evasion techniques to make the topic more digestible.

In the book Hacking Exposed – Malware and Rootkits, my co-authors and I discussed many of these evasion techniques and other tools such as crypters, binders, packers, polymorphism, and several other common methods that bolster the survivability of a malicious executable. Almost all of these tactics are incorporated by persistent threats in order to evade detection by most commercially available antivirus or other security products. To understand these methods and related behaviors, one must first examine the motive behind them.

Read More

Topics: Cyber Crime, Cyber Attack, APT, Detecting in-progress attack, in-progress attacks, VirusTotal, Anubis, Broad Crypter

Sean Bodmer, Chief Security Researcher, CounterTack

We are pleased to announce Sean Bodmer as Chief Security Researcher at Countertack. Sean joins us from Damballa where he was also the senior security researcher. We believe that Sean will greatly enhance our mission in delivering “next generation” host intrusion detection & prevention.

A highly visible authority on the frontlines of cyber security, Bodmer brings a unique background and industry perspective to advanced threat detection and analysis to CounterTack.

Read More

Topics: Cyber Crime, Cyber Defense, Cyber Security, Predictions, Cyber Attack, Cyber attack intelligence, APT, Zero-day Attack, Breach

Introducing CounterTack’s New Senior Vice President of Sales

We are very pleased to introduce Kirk Appelman to the CounterTack team today as senior vice president of sales. Kirk, a veteran security executive, will be responsible for the direction and management of our sales operations, as well as driving CounterTack’s overall revenue growth.

Specializing in information security for more than a decade, Kirk holds more than 20 years’ experience in technology sales and sales management. He joins our team from Damballa, where he served as vice president of service provider solutions and established the company’s Telco/ISP business, which under his leadership became a substantial piece of the company’s overall revenue. He also established the company’s international presence by signing marquis clients across Europe and Asia. Prior to Damballa, he was a director of sales at Proofpoint, where he restructured and led the successful growth of the company’s business in the Eastern United States. Throughout his career, Kirk has also held sales leadership positions with McAfee, Juniper Networks and Internet Security Systems (ISS). You can read Kirk’s full bio here.

Read More

Topics: Cyber Defense, Cyber Security, Cyber Attack, Cyber attack intelligence, APT, Honeynets, Detecting in-progress attack, Breaches, Zero-day Attack, News, Breach

New CounterTack Study: A Cyber-readiness Reality Check

We recently commissioned a study of information security executives to gauge the state of cyber-readiness inside the enterprise. Today, we’re unveiling the complete study findings, along with corresponding in-depth analysis by Richard Stiennon, chief research analyst of IT-Harvest.

Here’s a brief look at some of the study highlights, along with an infographic illustrating key data:

Read More

Topics: Cyber Security, Research, APT, Security Spending, Infographic

How Hackers Hide Their Tracks: Part 1

This is the first in a series of technical blog posts examining various attack scenarios through video simulations of CounterTack’s Event Horizon platform.   

Read More

Topics: APT, virtual machine introspection, Detecting in-progress attack, Event Horizon

Webcast: Virtual Machine Introspection to Combat APTs

It’s time to face it. Traditional perimeter security defense is dead. The question enterprise organizations face is no longer “Will I be breached?” But instead, “Have I already been breached? Do I have an active threat inside my network right now? And if so, where is it, what is it doing right now and what is it after?”

Read More

Topics: Cyber Attack, APT, virtual machine introspection, Security Intelligence, webcast

Advanced Persistent "Threat"? Or an "in-progress attack"?

William Jackson's recent article in Government Computer News, "The Untimely Death of The Advanced Persistent Threat?" is an interesting read.  Apparently RSA and Mandiant no longer like the term "Advanced Persistent Threat."  (Aren't they the ones who defined it in the first place?). I share the concern they have with the term, but for a very different, more obvious reason.

Read More

Topics: Cyber Security, APT, Detecting in-progress attack

Virtual Machine Introspection: Think “Inside the Box”

“Even the best security technology and expertise can’t stop a well-funded and determined attacker,” writes Dark Reading’s Kelly Jackson Higgins.

Read More

Topics: APT, virtual machine introspection, Security Intelligence, Virtualization

What We’re Reading Right Now

A number of recent industry articles have caught our attention lately – all highlighting the serious inadequacies of current security approaches and underscoring the need for fundamental and far-reaching changes. Here are a few of our must-reads for the week:

Read More

Topics: Cyber Crime, Cyber Defense, Cyber Attack, APT

Subscribe to Email Updates

Recent Posts

Posts by Topic

see all