Malware

SPOTLIGHT ON SECURITY

Report: Top Endpoint Security Packages Perfectly Foil Drive-By Attacks

Drive-by attacks on the Internet are a particularly pernicious form of online threat, especially for individual Web surfers. On the corporate level, though, a company with good endpoint protection software can foil the malicious practice.

A drive-by occurs when an infected website automatically downloads malware onto a Net traveler’s computer. Several companies make endpoint solutions to — among other things — thwart those kinds of attacks. NSS Labs recently tested 10 of them.

“The exploitation of software vulnerabilities is one of the most common and effective cyber attacks that enterprises face today. Commonly known as drive-by exploits, these attacks silently compromise a victim’s computer without the user being aware,” notes the firm’s report.

“Drive-by exploits have become a favored tool of cyber criminals and other threat actors,” it continues. “Endpoint protection (EPP) products must provide robust defenses against these threats.”

Top finishers in the testing were endpoint products made by F-Secure, Symantec and Kaspersky, which blocked 100 percent of the drive-by attacks hurled at them.

Importance of Consistency

A factor that distinguished the top products from their peers was good URL reputation analysis.

“Products without a great reputation system in place have had an issue with drive-by exploits,” said Bhaarath Venkateswaran, a practice manager at NSS Labs. “Products with great URL reputation typically did well in this test.”

With a good reputation system, bad websites can be blacklisted by an endpoint product.

“It can take action right away just by looking at the URL,” Venkateswaran told TechNewsWorld. “It’s stage one protection, so it blocks the site before it can drop anything on the user’s machine.”

Another area where the top products shone was in consistency.

“The crimeware ecosystem is highly commoditized and will repeatedly attack day after day after day. A good security product needs to be consistently ready,” explained Sean Sullivan, a security researcher with F-Secure Labs.

“On the other side of things, persistent attackers will readily take advantage of any gaps if present,” he told TechNewsWorld. “Time means nothing to crimeware botnets pounding away — and persistent attackers will devote time, if needed. So consistency of protection over time is indeed important.”

Better endpoint products also make good use of the cloud.

“Products with real-time cloud features can be far more aggressive in making decisions,” Sullivan said. “With real-time look-ups, cloud-security products can determine if suspicious files are unique — and if so — treat them with the suspicion that they deserve.”

C Is for Culpable

When a data breach occurs, you likely won’t find security pros pointing fingers at anyone but themselves.

That was what Tripwire discovered when it polled attendees at two security conferences held last month in San Francisco — the RSA conference and B-Sides San Francisco.

When asked, “Who would be held responsible in the wake of a data breach on critical infrastructure in your organization,” 41 percent of the 250 infosec pros surveyed said CIO, CISO or CSO.

The response didn’t vary much when the question changed to who should be held responsible: Thirty-five percent said CIO, CISO or CSO.

Only a small number of the conferees felt the CEO (18 percent) or the board (10 percent) should be on the hook for a data breach.

It could be that security pros are more willing to eschew fingerpointing because they’re increasingly getting a seat at the C table.

“We’re seeing more demand for that,” said Ken Westin, a senior security researcher at Tripwire.

“A lot of times the CISO will report to the CFO because they speak the language of risk. As long as a CISO knows how to speak the language of business and business risk, he should be at the table,” he told TechNewsWorld.

“It’s also a sign of security in general,” Westin added. “It’s moving beyond the technical things in the trenches and bringing out the impact of risk.”

Conference Room Robbers

Ever wonder what the chances are you’ll get your cellphone back if you lose it? WinMagic has, and it decided to experiment with the idea last month, during the week that infosec pros congregated at the RSA conference in San Francisco.

The company began “losing” phones at the conference and at venues around it. What did it find?

Overall, you have a little better than 50 percent chance of getting your phone back if you lose it (53 percent of the phones were returned to their owners).

The best place to lose a phone? A bar — 100 percent of the phones left in bars were returned to their owners.

The worst place? A conference room — none of those phones were returned to their owners.

Breach Diary

  • April 28. Oregon’s Health CO-OP reports a stolen employee’s laptop containing personal information about its members and their dependents has put that data at risk. Many of the letters sent to members to notify them of the breach were misaddressed, according to a later report.
  • April 28. SendGrid, an email delivery service that sends more than 18 billion online messages per month, reports one of its databases was breached by intruders, and urges its employees and customers to change their passwords and enable two-factor authentication.
  • April 29. Google announces Password Alert, a Chrome extension that warns its users when they’re typing in their Google password into a non-Google log-in page.
  • April 29. Illinois Senate approves and sends to House a bill expanding personal information in the state’s existing data breach law to include consumer marketing information. Amendment is expected to increase the liability of companies in the event of a data breach.
  • April 29. LifeLock, an identity theft protection provider, reports that in the first quarter of this year, it added 421,000 new subscribers.
  • April 30. Proofpoint discovers phishing campaign that uses infected resumes planted on CareerBuilder.com to spread malware to employers.
  • April 30. Hard Rock Hotel & Casino in Las Vegas reports the payment systems at its restaurant, bar and some retail locations were compromised in a data breach that affected payment card transactions between September 2014 and April 2015.
  • April 30. Partners HealthCare of Massachusetts reports private information for about 3,300 patients is at risk due to data breach resulting from employees responding to phishing emails, which resulted in compromise of the employees email accounts. The organization said it has been investigating the incident since November.
  • April 30. University of California, Berkeley, notifies former and current students and their parents and family members that unauthorized access to a university server has placed at risk their personal information, including Social Security numbers.

Upcoming Security Events

  • May 6-7. Suits and Spooks London. techUK, 10 Saint Bride St., London. Registration: government/military, US$305; members, $486; industry, $571.
  • May 9. B-Sides Boston. Microsoft 1 Cambridge Center, Cambridge, Massachusetts. Fee: $20.
  • May 12. After the HIPAA Omnibus Rule: Lessons Learned in Breach Notification. 1 p.m. ET. Webinar sponsored by ID experts. Free with registration.
  • May 13. SecureWorld Houston. Norris Conference Center, Houston, Texas. Registration: open sessions pass, $25; conference pass, $175; SecureWorld plus training, $545.
  • May 14. B-Sides Denver. Society Denver, 1434 Blake St., Denver, Colorado. Free.
  • May 15. B-Sides Knoxville. Scruffy City Hall, 32 Market Square, Knoxville, Tennessee. Fee: TBD.
  • May 16. B-Sides Chicago. Concord Music Hall, 2047 N. Milwaukee Ave., Chicago. Free.
  • May 19. Has Your Cyber Security Program Jumped the Shark? 1 p.m. ET. Dark Reading webinar. Free with registration.
  • May 19. Detecting Threats Via Netrowk Anomalies. 2 p.m. ET. Black Hat webcast. Free with registration.
  • May 26-29. Symposium on Electronic Crime Research. CaixaForum / Casa Ramona, Avenue Francesc Ferrer i Gurdia, 6-8, Barcelona, Spain. Registration: before May 12, APWG members, 400 euros; students and faculty, 300 euros; law enforcement and government, 400 euros; others, 500 euros; after May 11, APWG members, 500 euros; students and faculty, 350 euros; law enforcement and government, 500 euros; others, 600 euros.
  • May 27-28. SecureWorld Atlanta. Cobb Galleria Centre (Ballroom), 2 Galleria Parkway Southeast, Atlanta. Registration: open sessions pass, $25; conference pass, $175; SecureWorld plus training, $545.
  • May 30. B-Sides New Orleans. Hilton Garden Inn, New Orleans Convention Center, 1001 South Peters Street, New Orleans. Cost: $10.
  • June 8-10. SIA Government summit 2015. W Hotel, Washington, D.C. Meeting Fees: members, $595; nonmember, $795.
  • June 8-11. Gartner Security & Risk Management Summit. Gaylord National, 201 Waterfront St., National Harbor, Maryland. Registration: before April 11, $2,795; after April 10, standard $2,995, public sector $2,595.
  • June 16-17. Black Hat Mobile Security Summit. ExCel London, London, UK. Registration: before April 11, Pounds 400; before June 16, Pounds 500; after June 15, Pounds 600.
  • June 16-18. AFCEA Defensive Cyber Operations Symposium. Baltimore Convention Center, Baltimore, Maryland. Registration: government-military, free; member, $575; nonmember, $695; small business, $445; other, $695.
  • June 17. SecureWorld Portland. DoubleTree by Hilton. 1000 NE Multnomah, Portland, Oregon. Registration: open sessions pass, $25; conference pass, $175; SecureWorld plus training, $545.
  • August 1-6. Black Hat USA. Mandalay Bay, Las Vegas, Nevada. Registration: before June 6, $1795; before July 25, $2,195; after July 24, $2,595.
  • Sept. 28-Oct. 01. ASIS 2015. Anaheim Convention Center, Anaheim, California. Registration: through May 31 — member, $895; nonmember, $1,150; government, $945; student, $300; June 1-Aug. 31 — $995, $1,250, $1,045, $350; Sept. 1-Oct. 1 — $1,095, $1,350, $1,145, $400.

John Mello is a freelance technology writer and contributor to Chief Security Officer magazine. You can connect with him on Google+.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

More by John P. Mello Jr.
More in Malware

Elon Musk's Dec. 2 action to release The Twitter Files: Approve or Disapprove?
Loading ... Loading ...

Technewsworld Channels