Knowledge

4/3/2017

Hard Reminder to Upgrade Windows 2003 Servers: Microsoft Will Not Fix New Vulnerability

New remote execution vulnerability (CVE-2017-7269) was recorded in the National Vulnerability Database for Windows 2003 R2 IIS6 last week. Exploitation of this vulnerability allows a remote attacker to execute code on the vulnerable web server. 

Thus, potentially allowing hackers to take over the whole system, install remote control systems and propagate within local network conducting local attacks. Results of the exploitation might be catastrophic for organizations. Microsoft will not provide a patch for this vulnerability, as OS is not officially supported. 

Read the Digital Edge Security Team analysis and mitigation mechanisms here.

3/16/2017

Cutting Through the Noise – WikiLeaks, CIA, Hacking, and Digital Edge

WikiLeaks has recently exposed that the CIA possessed the capability to hack into nearly every device you own. With all that we have learned from these leaks,  Digital Edge wants to take the time to focus on is the “zero days” concept – which can be simply put as a weakness/hole in a system that allows a hacker to breach it before anyone even knows about this vulnerability. The act of reporting the vulnerability is known as “zero days”.

Once a hole in the system is found, it should be reported immediately, so it can be patched up before it’s exploited.

Read more about this here.

3/9/2017

Amazon Outage – The Reality of 99.95% Uptime

As many have heard, according to Amazon’s blog post, it was due to a “human error” that on Tuesday, February 28th, that Amazon and over 100,000 of its clients experienced about 4 hours of downtime.  It is no secret the tremendous impact that 4 hours of downtime can have on a company, but today, we at Digital Edge want to focus on industry’s uptime standards, quality of the provided services, and some practical suggestions to clients and colleagues. 

Amazon promises a 99.95% SLA which, by definition, means that they’re promising an allowed downtime of 4.38 hours a year for clients. There are several issues with this promise. Normally, everything is fine when those 4.38 hours are split in multiple smaller outages. Such long single outage feels painful for everyone.  

Digital Edge believes that there much better offers on the market for the same price. 

Click here for the full article.

2/22/2017

Digital Edge’s Log Management Service and DHS Analysis of GRIZZLY STEPPE Activities

On February 10, 2017, the Department of Homeland Security issued the Enhanced Analysis of GRIZZLY STEPPE Activities. 
 
One of the first detection and prevention recommendations is directly related to Digital Edge’s Log Management Service. Please click here to see DHS recommendation and reference to the full DHS analysis. 

2/11/2017

The Benefits of Pen Testing

A huge threat to today’s businesses is hackers. They can manipulate their way into any businesses system and take advantage of any data that is important to the company. This can generally leave long lasting, harmful effects on the business which might even lead to eventual failure of the organization. 

Don’t let this happen to you! Digital Edge offers a Penetration test in which our trained and specialized team gets authorized access to “attack” your system. This is done in the form of a real attack using strategies hackers usually use. Digital Edge uses standard licensed security assessments and penetration tools, as well as their own proprietary techniques, black hat reconnaissance and exploitation methods. The purpose of this test is to expose any and all vulnerabilities in your system that can potentially hurt your business, so they can be fixed. Pen tests provide the precautionary measures needed to be taken to ensure there be no breach in your system. They ensure the safety of your data by allowing you to be ready to prevent future attacks.  

Due to rapid technological advances, Pen tests should be done regularly to catch any vulnerabilities that pop up before it’s too late. Read more about how Digital Edge’s Penetration test can be beneficial to your company! 

1/13/2017

Shining Light on the Political Hacking Crisis

Digital Edge felt it was crucial to comment on the recent news regarding the political hacking crisis. Our Security Team wanted to make the efforts of acknowledging the ways of hacking. Hackers that continue to practice have not changed their ways. They use the same methods, techniques and tricks except now everyone knows how to use them. Actual hacking isn’t composed of an actual professional anymore; a child can access codes and hack someone. Whereas, real hackers develop tools, simplify them and sell them to regular people; they don’t actually hack anymore, making the person hacking not the real criminal at hand. It has become nearly impossible to figure out who the hacker is on a technological standpoint nowadays. 

However, information securities methods have drastically improved, developed, and are now more advance than ever before. Not only is it easy to identify when someone is trying to hack you, but now it is easy to prevent someone from trying to steal your information. Digital Edge has put in its greatest efforts to create a security system that will protect our clients from any hackers and now we want you to know how to spot and avoid a hacker yourself!

Be aware of hackers with these tips and check out our website for more about Digital Edge!

12/20/2016

Yahoo Account Data Breach

Following a 500 million user account data breach in September, Yahoo has just announced that they have once again suffered another breach of an estimated one billion accounts. Yahoo disclosed in November, that the company was provided with data files from law enforcement claiming to be Yahoo user data. Outside forensic experts, in conjunction with Yahoo, have determined that it is in fact Yahoo user data, that was obtained by an unauthorized third party in August of 2013. The party responsible for the intrusion has not yet been able to be identified. This incident has been diagnosed to be separate from the incident in September 2016. 

Yahoo believes that the information that was stolen consists of full names, email addresses, dates of birth, phone numbers, hashed passwords, and possibly security questions and answers as well. Luckily, Yahoo does not store credit card or any other payment information in the system that was affected.

Currently, Yahoo is identifying and notifying potentially affected users and instructing them to change passwords immediately. Additionally, Yahoo is removing all unencrypted security questions and answers from affected users so that hackers cannot use those answers to break into users accounts. 

As 2016 comes to a close, it seems to appear to be the “Year of the Breach” with reports of eight major breaches involving well-known companies. Obtaining large amounts of data is key for these hackers, so companies most vulnerable are those which hold a large amount of personal data on their customers, including Social Security numbers, birthdates, home addresses and even medical records. 

Digital Edge’s Security Operation Center (SOC) protects your organization’s intellectual property and sensitive data. Digital security threats are real and it is better to be able to detect and respond to them as quickly as possible. It is difficult for organizations without a comprehensive incident-handling capability to create a proactive SOC team. These capabilities have to include tools and processes that enable centralized security threat visibility, instant alerting, and efficient troubleshooting. Digital Edge’s SOC is ready to deliver those capabilities and provide security coverage for your organization today. 

For more information on this new Yahoo hack, and tips to help keep your password safe and secure, please click here.

10/13/2016

Log Management Retention Requirements

Automated Event Log Management Solutions are used to facilitate the most difficult job in any compliance process. Regular review and correlation of event data through merging and archiving of events from multiple systems and separation of the most critical 1% of activities from useless 99% of noise. From the compliance perspective, event log management is: Collection (Consolidation), Archiving (Retention), Audit Reporting, and Monitoring (Alerting).

On September 20th, 2016, Digital Edge released an article on Log Management Laws and Regulations. Click here to view a little “Cheat Sheet" on the Event Log Retention Requirements that are mandated by major compliance regulations.

9/20/2016

Log Management: Related Laws and Regulations

Log management is an often overlooked function of any IT organization. On one hand it is a very simple thing, however when implemented, you may find yourself overwhelmed in a plethora of details and related problems and can inevitably lead many to just drop the implementation – with the thought – we may not need it, everything is working on its own.

In addition to a great stash of valuable information, visibility, capabilities for additional alerting, predictions, forensic and behavior analysis, log management is one of the areas of control for multiple compliance and regulatory frameworks.

Relevance to Laws and Regulations: There are multiple compliance regulations related to log management. It is the law to log and review.

HIPAA
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) outlines relevant technical and non-technical security standards to ensure individuals’ ePHI, “electronic protected health information”.

 
PCI DSS
The PCI DSS was created to encourage and enhance cardholder data security and facilitate the extensive adoption of consistent data security measures worldwide. This applies to all organizations that store, process, and/or transmit cardholder data.
 
SOX
SOX requires that all publicly traded companies establish and follow a framework of internal controls that support accountability and integrity of the financial reporting process. A vital part of SOX requirements includes the collection, management, and analysis of log data.  
ISO 27001
The ISO 27001 standard is a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving management systems information security (ISMS) within the context of the overall commercial risks of the organization.
FISMA
FISMA requires all federal agencies to document and implement controls for information technology systems that support their operations and assets.


 
GPG 13
HMG organizations are required to follow Protective Monitoring for HMG ICT Systems, based on Communications-Electronic Security Group’s GPG 13 to gain access to UK GCSX, Government Connect Secure Extranet.
 
NERC CIP
NERC has its own framework to protect bulk power systems against cyber security compromises that could result in operational failures or instability.





 
GLBA
GLBA, also known as the Financial Modernization Act of 1999, was enacted to secure protection over customer records and information.






 
201 CMR 17.00
The Massachusetts General Law Chapter 93H regulation 201 CMR 17.00 was established to protect personal information of residents of the Commonwealth of Massachusetts. This regulation applies to all organizations, companies, or persons that own or license personal information about Massachusetts residents.
 
DoDI 8500.2
Since IT environments can generate millions of logs daily, DoDI 8500.2 has recommendations of analyzing and reporting on log data can reduce manual or homegrown remedies that are inadequate and cost prohibitive.  
NIST-CSF
NIST-CSF sets information security standards and guidelines for serious infrastructure as defined within the Executive Order 13636 from the President of the United States of America.
 
NIST 800-53
NIST 800-53 produces information security standards and guidelines for federal information systems.



 
NRC RG 5.71
In the Code of Federal Regulations, Section 73.54, Title 10 it is required that the NRC licensees provide high assurance that digital computer and communication systems and networks are sufficiently protected against cyber-attacks.
NEI 08-09 Rev 6
The NEI developed and published the NEW 08-09 Rev 6 to address many areas surrounding access control, audit and accountability, incident response, and system and information integrity. This is an extension of CFR 73.54.
 

Digital Edge is proud to introduce our new and latest product LogIT. Log Management will allow us to assist our clients uncover the value of something that already exists, but is not visible in their information technology environment's plethora of valuable information. Digital Edge ensures that our clients will get the most out of their application, system, and security logs. Besides collecting and storing logs, LogIT will help expose the full use of logs and machine data for network protection and compliance.

Digital Edge provides enterprise ELK Log Management Solution, cloud based or on premises. We stand out from our competitors for multiple reasons – including that we do not limit retention period and we don't have restrictions for value or speed for log streams. Additionally, we customize dashboards for our clients individual needs and expose our services to clients over VPNs of private cross-connects in data centers that we support. On top of all that, Digital Edge's LogIT can provide an unparalleled solution in today's IT Landscape.

Through sensors, Digital Edge captures all possible information generated in any device, application, and security event. We ensure security by staying alert on any security alert generated by any infrastructure device or application, along with collecting valuable forensic information. LogIT also provides a combination of structured and unstructured search built on our Elasticsearch backend. Unstructured search provides a Google-like experience while our MDI fabric enables contextual search when greater precision is required. Our search builder allows you to easily realize the best of both worlds instantly.

Click the link http://www.digitaledge.net/log-management-assessment-tool/ to assess your log management needs and budget. For further information please feel free to contact us.

9/6/2016

Elastic Infrastructure

Digital Edge’s Log Managed Solutions are delivered as a fully managed cloud service. You only need to point your logs to us and we will:

  • Aggregate and safely store your logs;
  • Give you full visibility into your logs including advanced search and filtering;
  • Alert you on required patterns;
  • Help you to customize this solution and integrate it with your other systems such as Security Information and Event Management system (SEIM), compliance reporting and others.

To see the architecture click here.

LET'S TALK: 800-714-5143