Medigate, Armis, Zingbox or ORDR? Why Choose Securolytics Instead!​

Medigate Armis Zingbox ORDR featured image4
Medigate, Armis, Zingbox, ORDR and other vendors, including Securolytics, can all help to discover and secure IoT devices.

But, what do these solutions do? How do they work? And, how do they differ?

Maybe you have already researched unmanaged medical and IoT device security risks.  And you may have come across expert publications on the topic from the likes of FDA or NIST.  Or, you read about IoT Security from other industry analysts such as EY, Deloitte, PwC , Travelers or Gartner.   

Perhaps you checked out the Top 10 IoT Threats research from  OWASP or one of our own blogs on Medical / IoT security vulnerabilities.

Let’s say you are warming up to Gartner’s recommendation that real-time discovery, visibility and control are critical to address IoT security

Now, you may want to sort out the IoT security market and determine which vendors to talk with.

So, what do IoT security solutions have in common and how do they compare?

Core Capabilities of IoT Security Solutions

Securolyics and other IoT security solutions like Medigate, Armis, Zingbox or ORDR all provide greater device visibility and threat detection.  And, they can leverage that new level of information in with existing tools.  In general, they provide:

  • Device Visibility

    • Discover and Identify devices by make and model number to know what is on the network and where it is on the network.
    • Device Communications, both internal and external communications
  • Passive Threat Detection

    • Device-Level, Passive Monitoring to detect suspicious, malicious and anomalous device behavior
    • CVE/CERT Mapping that alerts when device is on the network that has come under a security advisory
  • Integration and Control

    • Integrating device identification detail into solutions such as NAC, SIEM, Asset Inventory, Help Desk solutions, Firewalls, etc.  This is to support automated asset inventory and network access, network segmentation, mitigation and remediation decisions that leverage existing tools and workflows.

Core Technology Differences

As with any solution such as  Medigate , Armis , Zingbox , ORDR or others, vendors will each have feature differences. And, vendors may add new features at different rates.  To that end, feature focus is not the focus here.  For this discussion, we are focused on core technology differences and what Securolytics does that is unique and better vs. most other vendors.

First, a quick summary comparison, followed by a more detailed discussion.

medigate armis zingbox ordr technology comparison

Deployment & Data Privacy Differences

Most competitive solutions such as Medigate, Armis, Zingbox and ORDR commonly deploy with network TAP/SPAN Ports to collect needed data. 

Common deployment Using Network TAP/SPAN Ports

Medigate Armis Zingbox ORDR post deployment graphic

Network TAP/SPAN port deployments can create some significant concerns for organizations.


Increased Data Privacy Risks
  •  With network TAP/SPAN Ports, vendors collects private, sensitive network packets / PHI into their solution. Vendors can claim that they filter out private/sensitive data and only send metadata to their cloud for analysis. The question is: Do you trust the vendor to do that and do it 100% of the time?
Increased Expense, Deployment and Maintenance
  • Tapping networks can be expensive and even more so in larger environments. This can involve locating and configuring all the switches needed to ensure that all traffic is being captured from all devices. Then, data collectors will need to be bought, installed and maintained for each TAP. This can be a massive undertaking.  As an option, you could also spend extra money to license and maintain a traffic aggregator solution to feed the data into the vendor’s solution. Perhaps less work, but expensive nonetheless.
Increased Switch Load & Network Performance Risks
  • The risk here is that the switch can become taxed with duplicating the packets to send to the vendor’s solution. This can cause network performance issues.
Limited Discovery & Device Identification
  • Since competitive systems rely on actual network traffic for data, they can only see devices where the network has been tapped. So, you’ll need on-going planning and work to ensure that traffic from all devices is being captured. Devices that encrypt data transmission can also represent a limiting factor to device visibility and profiling.  Also, SPAN ports are known to drops packets on oversubscribed ports. They can also be easily misconfigured / turned off which can further limit device profiling.

Why Securolytics? No Network TAP/SPAN Deployment

The Securolytics solution does not use network TAP/SPAN ports.  A PoC deploys in a few minutes using a single IoT Security appliance.  A single appliance is all that is needed for most enterprises.

The deployment is simple:

1) Connect the IoT Security Appliance anywhere on the network.  It only collects non-sensitive data to profile devices.  Get results in 72 hours or less.  This is all that is needed to conduct a proof-of-concept deployment.

2) For a full deployment, simply provide DNS and DHCP logs. These logs do not contain sensitive data and collection is commonly done in less that 1 hour.

The Securolytics approach vs. a Network TAP/SPAN deployment delivers these benefits:

  • Greatly accelerates and simplifies deployment and on-going maintenance
  • Typical deployment requires only one (1) appliance per organization, regardless of the number of locations
  • Reduces Costs and Risks
  • Keeps your private data…Private!

Securolytics deployment - No Network TAP/SPAN Ports

medigate armis zingbox ordr-securolytics deployment

Threat Detection Differences

Medigate, Armis, Zingbox and ORDR Provide Passive Monitoring and Security Advisory Mapping, but what about Active Inspection?

Medigate, Armis, Zingbox or ORDR and most competitive solutions focus on passive behavior monitoring and on mapping CVE/CERT advisories to devices on the network while leaving active inspection for traditional vulnerability scanners. The problems with traditional vulnerability scanners on IoT are:
    1. They are weak in detecting IoT-specific threats like default credentials, VXWorks and more.  For example, default credentials  are the #1 IoT threat described in the OWASP Top 10 IoT Threats.

    2. They are too intrusive to run on resource-constrained IoT devices.  Scanning IoT devices can result in device interference or crashes.  In turn, this can increase IT workload and leave devices untested.

    3. Scanners are usually scheduled to run periodically and are not real-time.  Since IoT devices are commonly deployed by users and departments without IT, vulnerable IoT devices can be on the network for some time before or even if IT ever knows about it. Some competitive solution can integrate with vulnerability scanners to feed them device detail, but the problems in 1 and 2 above are still present.

    But, is it possible to do Active Inspection without device interference and in real time?
  • Yes, with Securolytics PortSafeTM Inspection!

Why Securolytics? Enter PortSafeTM - Unique , Safe Active Inspection Designed for IoT

Like competitive solutions, Securolytics also does passive monitoring and security advisory mapping to devices on the network.  But, the difference is Securolytics PortSafeTM Inspection.  

PortSafeTM provides new and unique capabilities to conduct active, but safe inspection on sensitive IoT devices.  As a result, you can now do vulnerability testing on IoT , like medical devices, that would otherwise need to be excluded from intrusive vulnerability scans.

Unlike traditional vulnerability scanners that use brute force testing, Securolytics PortSafeTM  first understands what the device is and how to safely test it, before any testing occurs.  With this knowledge, it can then gently test the device to detect IoT vulnerabilities precisely, intelligently and non-intrusively. 

PortSafeTM Inspection – No Device Interference

To date and with millions of devices that are inspected continuously, Securolytics has yet to receive any customer reports of ever interfering with any device…even sensitive medical devices. This includes customers like a 9,000 bed healthcare system and a 35,000 employee healthcare system which has one of the top 10 largest hospitals in the U.S. These healthcare systems inspect medical devices with Securolytics.

PortSafeTM is also configurable so that organization can customized which devices are inspected, or inspection can be disabled completely.

And, it includes unmatched default credential detection to provide coverage for the #1 IoT threat described in the OWASP IoT Top 10.

Integration & Operationalization Differences

Integrating Device Detail & Threat Data

Most IoT Security solutions, like Medigate, Armis, Zingbox and ORDR and others, including Securolytics, provide integration capabilities.  Integration capabilities feed device detail and/or threat data into systems like NAC, SIEM, Firewalls, Asset Management, IT Service Management, etc. It helps to support activities such as segmentation, device blocking and creation of automated security policy. However, the scope of mitigation commonly applies to only threats detected through behavior monitoring or security advisory mapping. 

What’s Missing with Competitive Solutions? IoT-specific vulnerabilities that are only be detected by active inspection.

Why Securolytics? Securolytics creates mitigation policy for both passive, behavioral threats and Portsafe TM active inspection results

This is where Securolytics takes it a step further, beyond protection for just behavioral threats.  Securolytics also creates mitigation policy based on PortSafeTM Active Inspection

  1. It finds IoT-specific vulnerabilities though its active but safe vulnerability inspection that competitive systems and vulnerability scanners commonly miss.
  1. It creates a compensating control to mitigate those threats – with No Downtime.
After Securolytics identifies vulnerabilities, it can automatically create a mitigation security policy that gets passed to the NAC, firewall or switch.

Cost Differences

Securolytics typically reduces costs by 30% or more vs. most competitive solutions.

This is in addition to the reduced cost and administrative overhead that goes along with network TAP/SPAN port deployments and on-going maintenance.

Ready to check out a FREE assessment to baseline your IoT footprint and security posture that takes just minutes to deploy?

Or, check out our IoT security products in more detail

Disclaimer-Securolytics is not a representive of nor affiliated or associated with Medigate, Armis, Zingbox, ORDR or any other IoT security solution or vendor.

Vulnerable libssh Embedded Into Critical IoT

ZDNet has reported that a security flaw in libssh “leaves thousands of servers at risk of hijacking.” (CVE-2018-10933) This was a well written article.  However, we believe Catalin Cimpanu, the author, understated the actual risk to organizations when he said “most servers, IoT devices, and personal computers [use the non-vulnerable] openssh instead of libssh.” Read more “Vulnerable libssh Embedded Into Critical IoT”

Medical IoT Devices Named Top Security Threat

Last week our content manager, Mindy Affrime, sent me an article about the risks associated with Medical IoT Devices. The article caught my attention because of the author.  It was published by the Cyber Security Engineering Department at the University of San Diego.  The article names four areas they believe “will be particularly vulnerable to cyber attack[s]” in 2017. Read more “Medical IoT Devices Named Top Security Threat”

Dark Reading Interviews Securolytics Co-Founder

Securolytics recently uncovered a new email exploit we named the Split Tunnel SMTP Exploit.  It allows an attacker to bypass email security gateways and inject malicious messages directly into the victim’s email server.  The good news is that Securolytics Email Encryption customers were always protected against this exploit as our integrated cloud platform performs encryption/decryption and malicious payload inspection in a single process.   Read more “Dark Reading Interviews Securolytics Co-Founder”

Split Tunnel SMTP Exploit Explained

Published: May 23, 2017
Security Research By: Vikas SinglaJason Morris

Executive Summary:

Exploit:

The Split Tunnel SMTP Exploit allows an attacker to bypass an organization’s email security gateway and inject messages with malicious payloads directly into the victim’s email server. This exploit targets a newly discovered vulnerability in popular Email Encryption appliances as a backdoor.  Injectable payloads can include anything that supports MIME encoding including:

  • Ransomware
  • Macro Viruses
  • Password Protected ZIP Files
  • Phishing Attacks

Read more “Split Tunnel SMTP Exploit Explained”

WannaCry Payment Deadline Nears

An update on the WannaCry Ransomware attack. (Source: NY Times) With the clock ticking on whether a global hacking attack would wipe out his data, Bolton Jiang had no intention of paying a 21st-century ransom.  Since a week ago, when the malware first struck, Mr. Jiang has been busily fixing and replacing computers at the electronics company where he works in Shanghai.  Paying is a bother, he said, and there was no guarantee he would get his data back. Read more “WannaCry Payment Deadline Nears”

NY Hospital Hacked- 7,000 Patient Records Stolen

The latest on the Bronx Lebanon Hospital cyberattack.  (Source: NBC News)  Medical records of at least 7,000 patients were compromised in a data breach involving Bronx Lebanon Hospital Center in New York. This hack disclosed patients’ mental health and medical diagnoses, HIV statuses and sexual assault and domestic violence reports, according to records reviewed by NBC News.  Other information in the compromised records, which online security experts said spanned 2014 to 2017, Read more “NY Hospital Hacked- 7,000 Patient Records Stolen”

The Internet of Insecure Things

Frost & Sullivan highlights 5 IoT growth areas for 2017

It’s May already, and analysts have begun thinking ahead and considering how the rest of this year is likely to shape up in terms of IoT growth.  IoT cybersecurity is on everyone’s mind.  The Frost & Sullivan report, European Internet of Things Market Outlook 2017, published this week, predicts that the next evolution in IoT will be ‘sentient tools’ and ‘cognitionor predictive computing.’ Read more “The Internet of Insecure Things”

Healthcare Records Sold on Dark Web

A clinic in Baltimore is just one example of a healthcare provider having its records stolen, only to find them for sale on the Dark Web for less than $0.01 per record.  Last August a Baltimore substance abuse treatment facility had its database hacked. Patient records subsequently found their way onto the Dark Web, according to DataBreaches.net.  The group noticed such things as dates of admission, whether the patients are on methadone, their doctors and counselors, and dosing information. Read more “Healthcare Records Sold on Dark Web”

Removing Palikan.com Browser Hijacker

Palikan is a browser hijacker that is bundled with other free software that you download off of the Internet. Once installed it will set the homepage and search engine for any installed browsers to http://www.palikan.com without your permission.

This itself is not considered malicious as there are many legitimate programs that change these settings as well. What is considered malicious, though, is that it will also append the argument http://www.palikan.com to random Windows shortcuts on your desktop and your Windows Start Menu.

Palikan browser hijacker is bundled with other free software that you download off of the Internet. Unfortunately, some free downloads do not adequately disclose that other software will also be installed and you may find that you have installed adware without your knowledge.

When this browser hijacker is installed on a computer, victims easily become frustrated as when they remove the shortcuts from their browser links, they are mysteriously added back. This is because the Palikan.com program utilizes a Windows service that hijacks the shortcuts again when it detects if the shortcuts have been cleaned. This is why we first need to remove the program from the computer before we clean the shortcuts.

 

How to Remove Palikan From Windows 8/10

1st: Uninstall Palikan

To uninstall a program on Windows 8 or Windows 10, right-click on the Windows Start button and choose “Control Panel” from the pop-up menu.

When the “Control Panel” window opens click on the “Uninstall a program” option under “Programs” category.

When the “Programs and Features” screen is displayed, scroll through the list of currently installed programs and uninstall “Palikan uninstall“. The malicious program may have a different name on your computer. If you cannot find any unwanted programs on your computer, then you can proceed with the next step.

 

2nd: Reset Your Browser Settings

If you are still experiencing issues with the palikan.com redirect in Chrome, Internet Explorer or Firefox, you will need to reset your browser to its default settings.  This step needs to be performed only if your issues have not been solved by the previous steps.

In Google Chrome

Google Chrome has an option that will reset itself to its default settings. Resetting your browser settings will reset the unwanted changes caused by installing other programmes. However, your saved bookmarks and passwords will not be cleared or changed.

Click on Chrome’s main menu button, represented by three horizontal lines. When the drop-down menu appears, select the option labeled Settings.

Chrome’s Settings should now be displayed in a new tab or window, depending on your configuration. Next, scroll to the bottom of the page and click on the Show advanced settings link (as seen in the below example).


Chrome’s advanced Settings should now be displayed. Scroll down until the Reset browser settings section is visible, as shown in the example below. Next, click on the Reset browser settings button.

A confirmation dialog should now be displayed, detailing the components that will be restored to their default state should you continue on with the reset process. To complete the restoration process, click on the Reset button.

 

In Internet Explorer

You can reset Internet Explorer settings to return them to the state they were in when Internet Explorer was first installed on your PC. Open Internet Explorer, click on the “gear icon” IE Icon Gear in the upper right part of your browser, then click again on Internet Options.


In the “Internet Options” dialog box, click on the “Advanced” tab, then click on the “Reset” button.

In the “Reset Internet Explorer settings” section, select the “Delete personal settings” check box, then click on “Reset” button.

When Internet Explorer has completed its task, click on the “Close” button in the confirmation dialogue box. You will now need to close your browser, and then you can open Internet Explorer again.

 

In Firefox

If you’re having problems with Firefox, resetting it can help. The reset feature fixes many issues by restoring Firefox to its factory default state while saving your essential information like bookmarks, passwords, web form auto-fill information, browsing history and open tabs. In the upper-right corner of the Firefox window, click the Firefox menu button, then click on the “Help” button.

From the Help menu, choose Troubleshooting Information. If you’re unable to access the Help menu, type about:support in your address bar to bring up the Troubleshooting information page.

Click the “Refresh Firefox” button in the upper-right corner of the “Troubleshooting Information” page.

To continue, click on the “Refresh Firefox” button in the new confirmation window that opens.

Firefox will close itself and will revert to its default settings. When it’s done, a window will list the information that was imported. Click on the “Finish“.

Your old Firefox profile will be placed on your desktop in a folder named “Old Firefox Data“. If the reset didn’t fix your problem you can restore some of the information not saved by copying files to the new profile that was created. If you don’t need this folder any longer, you should delete it as it contains sensitive information.

 

Your computer should now be free of the Palikan browser hijacker.

IBM dissects 2016 Cyber Attacks

IBM’s 2016 X-Force Threats Intelligence Index was just released. The stats are amazing.

Several major data breaches thrust cybersecurity into the global spotlight in 2016. In the Asia-Pacific region, for example, cybercriminals stole 100 GB of government data from the Indian state of Kerala and made off with 300 GB of voter data in the Philippines. These are just two examples of high-profile data breaches that hit in 2016. Leaked records include data such as credit cards, passwords and personal health Read more “IBM dissects 2016 Cyber Attacks”

Hospitals need Increased Data Protection

Lying in a hospital bed, the last thing you should have to worry about is a personal data breach. Yet recent research co-authored by a Michigan State University business scholar found nearly 1,800 occurrences of large data breaches in patient information over a seven-year period.

The study, by Xuefeng “John” Jiang, MSU associate professor of accounting, and colleagues from Johns Hopkins and Ball State universities, is published in JAMA Internal Medicine. The data breaches occurred in health care facilities ranging from UC Davis Medical Center in California to Henry Ford Hospital in Michigan. Read more “Hospitals need Increased Data Protection”

New Mexico- 48th State To Enact Data Breach Notification Law

New Mexico is the latest state to enact a statute that requires that their residents be notified when there has been unauthorized access or use of the individuals’ personally identifiable information (PII). With the passage of New Mexico’s statute, Alabama and South Dakota will be the only two remaining states without equivalent laws. The Data Breach Notification Act, House Bill 15, passed New Mexico’s House and Senate on February 15 and March 15, 2017, respectively, without any opposition. Read more “New Mexico- 48th State To Enact Data Breach Notification Law”

Russians Behind Yahoo Breach

On February 7, 2017 , the team at Securolytics reported on the massive Yahoo breach which affected 500 million of their customers. Yesterday the US Gov’t indicted Dmitry Dokuchaev, Igor Sushchin, Alexsey Belan, and Karim Baratov—for carrying out that Yahoo hack. The indictment unsealed Wednesday by US authorities against two agents of the Russian Federal Security Service, or FSB, (Dmitry Dokuchaev and Igor Sushchin) and two hackers (Alexsey Belan and Karim Baratov) provides some details of how Yahoo was pillaged of user data and its own technology over a period of over two years. Read more “Russians Behind Yahoo Breach”

Securolytics Web Security Detects VoluumTrk Mobile Adware

Securolytics Web Security detects attempted communication by VoluumTrk Mobile Adware. We thought it would be useful to provide a description of how this programs works to illustrate how Securolytics Web Security protects our customers from having potentially problematic programs introduced into their systems. Read more “Securolytics Web Security Detects VoluumTrk Mobile Adware”

Atlanta Based Arby’s Acknowledges Data Breach

Fast Food Chain Arby’s credit card users attacked. Sources at nearly a half-dozen banks and credit unions independently reached out over the past 48 hours to inquire if KrebsOnSecurity heard anything about a data breach at Arby’s fast-food restaurants. Asked about the rumors, Arby’s told that site that it recently re-mediated a breach involving malicious software installed on payment card systems at hundreds of its restaurant locations nationwide. Read more “Atlanta Based Arby’s Acknowledges Data Breach”

Yahoo sends out new warning on the third data breach!

The team at Securolytics wants our clients and partners to be informed. Here is the newest report from Yahoo about a breach that affected 500 million Yahoo accounts.

Yahoo‘s newly issued warning to users about malicious hacks is related to a third data breach that the company disclosed in December 2016. Read more “Yahoo sends out new warning on the third data breach!”

Spam is making a big-time comeback!

This Network World article is a fantastic reminder that our emails are still BIG targets for cybercrime. All organizations must stay vigilant. Proactive Prevention is the Best Defense! www.networkworld.com/

Spam is making a surprising resurgence as a threat to corporate security and becoming a more significant carrier of attacks as varied as spear phishing, ransomware and bots, according to Cisco’s 2017 Annual Cybersecurity Report. Read more “Spam is making a big-time comeback!”

Flashpoint’s “Business Risk Intelligence Decision Report”

In Dark Reading, a look at Flashpoint’s first “Business Risk Intelligence Decision Report.” In 2017, IoT is a major concern for most organizations. Read on Dark Reading.

A new report aims to inform risk management decisions for 2017 by identifying potential security threats and their anticipated effect on businesses. Read more “Flashpoint’s “Business Risk Intelligence Decision Report””

Georgia Tech Lands $17.3-Million Cybersecurity Grant

Our congrats to Georgia Tech. Last month, Georgia Tech was granted a $17.3 million cybersecurity research contract by the US Department of Defense. Their mandate- to help establish new science that quickly, objectively and positively identifies the virtual actors responsible for cyberattack. The IT Security experts at Securolytics are so proud that our University is embarking on this all important research. Read more about it here  Go Yellow Jackets! Read more “Georgia Tech Lands $17.3-Million Cybersecurity Grant”

Healthcare Under Cyber-Assault!

Securolytics is working with the Healthcare Industry to proactively defeat CyberCrime. This excellent article looks at the new IoT devices and how they are affecting and providing more opportunity for hackers.  Please learn more from our partners

More is not necessarily merrier when it comes to health information technology, as this year’s plague of hacking incidents demonstrates. Read more “Healthcare Under Cyber-Assault!”

Leading Age NY Interviews Securolytics CEO

According to the FBI, “ransomware attacks are not only proliferating, they’re becoming more sophisticated.” (www.fbi. gov/news/stories/incidents-of-ransomware-on-the-rise)

That’s especially true for organizations such as hospitals and senior healthcare systems where confidential information governed by the Health Insurance Portability and Accountability Act (HIPAA) is a prime target. Read more “Leading Age NY Interviews Securolytics CEO”

2016’s Biggest Data Breaches

Securolytics is in the forefront of proactively detecting and disarming hackers and identity theft in businesses large and small. Here are some of the major breaches that occurred around the world in 2016 which are important to be aware of. In later articles, we will analyze in depth some of these attacks, so we can ascertain what went wrong and what we can do to prevent them. But first, enjoy our Securolytics infographic! Read more “2016’s Biggest Data Breaches”

Securolytics Eliminates PCKeeper Adware

Securolytics Web Security detects attempted communication by PCKeeper software and related toolbars.  We thought it would be useful to provide a description of how PCKeeper works to illustrate how Securolytics Web Security protects our customers from having “Potentially Unwanted Programs” like PCKeeper introduced into their systems. Read more “Securolytics Eliminates PCKeeper Adware”

Securolytics Eliminates MacKeeper Adware

Securolytics Web Security detects attempted communication by MacKeeper software and related toolbars.  We thought it would be useful to provide a description of how MacKeeper works to illustrate how Securolytics Web Security protects our customers from having “Potentially Unwanted Programs” like MacKeeper introduced into their systems. Read more “Securolytics Eliminates MacKeeper Adware”

Forrester Predicts Massive IoT Data Breach

Last week, Forrester, one of the world’s most influential research and advisory firms, released its “Predictions 2017: Security and Skills Will Temper Growth of IoT” report. “IoT holds the promise to enhance customer relationships and help drive business growth, however, it brings multifaceted complexity”, the report states. Read more “Forrester Predicts Massive IoT Data Breach”

Securolytics Eliminates Mindspark Adware

Securolytics Web Security detects attempted communication by the Mindspark family of adware and toolbars.  We thought it would be useful to provide a description of how these programs work to illustrate how Securolytics Web Security protects our customers from having potentially problematic programs introduced into their systems. Read more “Securolytics Eliminates Mindspark Adware”

Zoho Partners with Securolytics

With our technological expertise and heavy use of API, it makes sense that Zoho chose Securolytics to be a strategic partner.  When you go to their website, there we are showcased right next to other major companies like Century 21, etc. We are happy to be partnering with Zoho and helping businesses large and small with their operations, organization and communication. Read more “Zoho Partners with Securolytics”

Dark Reading Quotes Securolytics on IoT Bots

Last week’s massive DDoS’ denial of service attack took down a good portion of the Internet, using webcams and DVRs. To put it mildly, it made a mess on the Internet. Major sites like Spotify and Twitter and PayPal were ground to a halt. Reddit, AirBnB, Etsy and the New York Times were paralyzed. They are estimating that six thousand websites were overwhelmed in a cyber-attack launched with a sea of webcams and DVRs quietly taken over and weaponized for attack. Yes, this is new… but more important it shows how vulnerable the internet has become with IoT devices being so vulnerable. Read more “Dark Reading Quotes Securolytics on IoT Bots”

Ransomware Targeting US Companies

According to the US Department of Homeland Security, “the infections of ransomware, which encrypts critical data and demands payment for its release, are typically triggered by office workers clicking on malicious emails. This prevalence of ransomware is creating significant implications for the business community, with 4,000 ransomware attacks occurring every day, reportedly earning cyber criminals more than $208m in first three months of 2016 alone.” Read more “Ransomware Targeting US Companies”

IoT’s Rough Patch

According to a survey by PricewaterhouseCoopers, almost 70% of connected IoT devices lack fundamental security. According to analyst firm IDC, “the number of IoT devices will grow from approximately 6 billion in this decade to 28 billion in 2020 — a staggering number. The market for wearable smart devices alone is expected to increase at an average rate of 60% per year to $20 billion in 2017.”

In this third installment of Securolytics’ series on IoT device security, we look at a major issue with IoT devices, the software patching process. Or often, the lack thereof. Read more “IoT’s Rough Patch”

Is Your Network Safe From IoT Cybercrime?

The second in Securolytics IoT Security Blog Series

According to a survey by PricewaterhouseCoopers, almost 70% of connected IoT devices lack fundamental security. According to analyst firm IDC, “the number of IoT devices will grow from approximately 6 billion in this decade to 28 billion in 2020 — a staggering number. The market for wearable smart devices alone is expected to increase at an average rate of 60% per year to $20 billion in 2017.” Read more “Is Your Network Safe From IoT Cybercrime?”

The State of IoT Security

The team at Securolytics is excited to present the first of our blog series on IoT Security.

There is no Technology Security issue that has more people talking and businesses struggling for solutions. Why? Simple- IoT is a real security risk for businesses and no one is predicting that the need for IoT security is slowing down soon. There are estimates that there will be in use- 20 billion total IoT devices by 2020. Read more “The State of IoT Security”

Securolytics @ CyberLaunch Demo Day

Securolytics was proud to be part of CyberLaunch’s  ‘Demo Day,’ this Thursday at the Atlanta Tech Village. We were thrilled to be a part of such a groundbreaking event.

We were one of the 7 companies chosen to present our company’s products and services.  The Securolytics team consisted of- CEO Sanket Patel and COO, Vikas Singla and our sales team. We showcased our Zero-To-Secure platform as well as our proactive and behavioral security systems. We met with investors and executives from the corporate community as well as  CyberLaunch’s 140+ mentors. We really enjoyed presenting our Internet of Things (IoT) security initiatives as well as our compliance technology. Read more “Securolytics @ CyberLaunch Demo Day”

NXDOMAIN

NXDOMAIN is the return code when a DNS lookup fails to resolve the requested domain to an IP address. This can happen for many reasons. Usually, it is just a user mistyping an address– google.xom. However, if you search your logs for NXDOMAIN, and look at the domains for which DNS lookups failed, you may be surprised at what you find.

One interesting thing that may come up are requests to various random-looking “.onion” domains. Dot onion is not a valid, routable top-level domain, but it is used by Tor clients to route requests onto the Tor network. Seeing these requests in your DNS data indicates that a device either has a Tor client installed, or that there is some malicious software on a device that is trying to find a Tor entry point.

Either case calls for action, and locating the IP address associated with the “.onion” requests can help you track down the device in question. Search on the IP address, and in the first few records returned, you are likely to find a successful login event from Active Directory logs. This will give you the user of the implicated machine. Once you’ve located the device, it would be wise to do a full malware scan on it.

Securolytics will automatically scan DNS records for suspicious domain requests. Keep malware off your network, and keep your data safe with Securoltyics.

 

ransomware

There is a new kind of ransomware floating around on the internet and it’s nasty.

 

The ransomware detected earlier this year dubbed ‘Bart’ has taken a whole new approach to complicating your life.  With previous builds of ransomware, one of the first actions it took was to look for what’s called a key server.  This is where it would get the encryption keys to encrypt the files on the affected machine.  This means that you had two chances to stop the ransomware from encrypting the files.  The first is to stop the infection of the malware in the first place and the second is to stop the malware from communicating with the key server so it can’t do its job.  Finding and blocking attempted communication with the key server gave engineers a chance to find and clean the infected machine before it could do any damage.  This new ransomware strategy cuts your detection and mitigation chances in half, because it operates without a key server at all!

 

Bart locally generates its encrypted keys and encrypts your files in a password protected ZIP file.  It then uploads the key directly to the payment server where it chargers the user 3 bitcoins (Almost $2000) for the decryption key.  Bart’s primary delivery mechanism to date has been through wide scale spam campaigns.  The spam contains an intermediary loader called RockLoader to then install Bart on the target.

 

With the increasing sophistication of malware, it’s more important than ever to incorporate Zero day advanced threat protection into your security strategy.  Securolytics ATP is purpose built to detect and stop these types of threats through email and web vectors while keeping you informed.  Simply search through your logs for the keyword ‘ransomware’ to see any attempts to contact or communicate with any domain associated with known ransomware.

CyberLaunch Selects Securolytics to Present at Demo Day

CyberLaunch, the leading accelerator for information security and machine learning startups, announced its inaugural ‘Demo Day,’ for Thursday, Aug. 25, 2016.  Accredited investors, entrepreneurs and media will have an opportunity to attend a private viewing of the accelerators’ first seven startups. CyberLaunch’s Summer 2016 class is comprised of seven startups including: Securolytics.  We are thrilled to be a part of the CyberLaunch accelerator and look forward to unveiling our solutions for IoT Security. Read more “CyberLaunch Selects Securolytics to Present at Demo Day”

Healthcare’s Top 10 Email Data Breaches of 2015

In 2015, the healthcare industry was responsible for 66.7% of the 170-million records compromised in the United States through data breaches, according to the Identity Theft Resource Center. Cyber criminals gained access to PHI stored on machines by creating more sophisticated and more frequent network attacks. In our blog posting, “Inside the Excellus Breach“, we explored in depth how Advanced Persistent Threats (APTs) were used against Excellus BlueCross/ BlueShield to steal information from nearly 10 million people. In this article, we analyze in depth the 10 biggest security breaches in Healthcare that are caused specifically by email. Read more “Healthcare’s Top 10 Email Data Breaches of 2015”