Saturday, June 27, 2015

Tabula Rosa Systems Product Of The Day - A New CIRT (Cyber Intelligence and Response Technology)

    
============================================
Here is a nice product I came across. It brings a nice suite of products as well as a low cost SIEM.
============================================

Peter Stephenson
March 03, 2014
CIRT from AccessData Group
My regular readers know that I love forensics and I love innovation. Give me both in a single product and you have my attention. With its new CIRT (Cyber Intelligence and Response Technology), AccessData Group has knocked one out of the ballpark. The framework contains everything needed to perform digital forensic incident response (DFIR). This is a full lifecycle – from detecting to analyzing to remediating – and it's all in a single package
.
If we stop and think about the forensic process, we see that there are some key aspects from a DFIR perspective. First, we want to know that an incident is occurring/has occurred. Second, we want to know the nature of the incident. Third, we want to perform detailed analysis, even if our environment is thousands or tens of thousands of computers. And finally, having found the root cause, we want to clean up the network and get on with business. And, we want to do all of that with minimal disruption to our users. CIRT provides all of that. 

Beginning with detection, CIRT integrates with a SIEM. There is a lot happening on the network and the SIEM is the device most likely to see it all. We also get removable media monitoring and analyst-in-the-middle decryption of SSL data streams. Once we know that something is going on, we need to figure out what it is. That's where the network- and host-based packet capture and IOCs (indicators of compromise) come into the picture.

This all is bolstered by ongoing threats and indicators of compromise (IOC) feeds to keep the detection piece current. Finally, CIRT remediates problems automatically and saves anything needed saving for further analysis. A user has detected the incident, analyzed it and remediated damage – all with a single suite of tools operating in a single pane of glass.
Visualization is solid. This is a critical issue when there is so much data. Like most similar systems, hosts on the network report back using data collected by agents. These can be persistent or volatile (dissolvable), and the persistent agents do the analysis locally, sending results only back to the central control point. This lessens network impact significantly.

An important aspect of CIRT is project management. The project is the paradigm that CIRT uses, and setting up a project is straightforward. There are places in the project definition forms to establish who is in each of many roles and project flows, including such functions as legal and outside consultants, as well as all of those other functions that one would expect.

Overall, I have not seen a more complete approach to managing security from the forensic perspective. Indeed, this is the first I've seen that really addresses that – or responds to cyber incidents, especially in large environments, a milieu for which this is very well suited. If one really wants to integrate security management and digital forensic response in a single system that can help address compliance and the other issues that devolve around information security, this is not only your best choice, today it is your only choice.
===============================================
**Important note** - contact our company for very powerful solutions for IP management (IPv4 and IPv6, security, firewall and APT solutions:

www.tabularosa.net

In addition to this blog, Netiquette IQ has a website with great assets which are being added to on a regular basis. I have authored the premiere book on Netiquette, “Netiquette IQ - A Comprehensive Guide to Improve, Enhance and Add Power to Your Email". My new book, “You’re Hired! Super Charge Your Email Skills in 60 Minutes. . . And Get That Job!” will be published soon follow by a trilogy of books on Netiquette for young people. You can view my profile, reviews of the book and content excerpts at:

 www.amazon.com/author/paulbabicki

 If you would like to listen to experts in all aspects of Netiquette and communication, try my radio show on BlogtalkRadio  Additionally, I provide content for an online newsletter via paper.li. I have also established Netiquette discussion groups with Linkedin and Yahoo.  I am also a member of the International Business Etiquette and Protocol Group and Minding Manners among others. Further, I regularly consult for the Gerson Lehrman Group, a worldwide network of subject matter experts and have been a contributor to numerous blogs and publications. 

Lastly, I am the founder and president of Tabula Rosa Systems, a company that provides “best of breed” products for network, security and system management and services. Tabula Rosa has a new blog and Twitter site which offers great IT product information for virtually anyone.
==============================================

Tabula Rosa Systems Quotation Of The Day - Solving Problems Via Albert Einstein

==================================================
"We cannot solve our problems with the same thinking we used when we created them."
Albert Einstein
==================================================
Read more at http://www.brainyquote.com/quotes/authors/a/albert_einstein.html#thyskJQEpbkMLxdW.99
**Important note** - contact our sister company for very powerful solutions for IP management (IPv4 and IPv6, security, firewall and APT solutions:

www.tabularosa.net

In addition to this blog, Netiquette IQ has a website with great assets which are being added to on a regular basis. I have authored the premiere book on Netiquette, “Netiquette IQ - A Comprehensive Guide to Improve, Enhance and Add Power to Your Email". My new book, “You’re Hired! Super Charge Your Email Skills in 60 Minutes. . . And Get That Job!” will be published soon follow by a trilogy of books on Netiquette for young people. You can view my profile, reviews of the book and content excerpts at:

 www.amazon.com/author/paulbabicki

 If you would like to listen to experts in all aspects of Netiquette and communication, try my radio show on BlogtalkRadio  Additionally, I provide content for an online newsletter via paper.li. I have also established Netiquette discussion groups with Linkedin and Yahoo.  I am also a member of the International Business Etiquette and Protocol Group and Minding Manners among others. Further, I regularly consult for the Gerson Lehrman Group, a worldwide network of subject matter experts and have been a contributor to numerous blogs and publications. 

Lastly, I am the founder and president of Tabula Rosa Systems, a company that provides “best of breed” products for network, security and system management and services. Tabula Rosa has a new blog and Twitter site which offers great IT product information for virtually anyone.
==============================================

Tabula Rosa Systems Technical Term Of The Day - Hotword - A Dangerous Thing!


======================================================
From whatis.com

Hotword is an audio listening module included with Google Chrome and Chromium, the open source version of the browser.

Hotword listens for specific key words chosen to activate the “OK Google” voice interface. The program is then readied for voice-based search, questions and commands. Voice interfaces use speech recognition technologies to allow user input through spoken commands. The software identifies spoken words and phrases and converts them to a machine-readable format for interaction. 
The hotword module itself is black-boxed – meaning that its inner workings are not transparent  -- and not open source. Privacy advocates became concerned when developers detected the module and reported that it installs without user permission and can start listening automatically. Author and journalist Cory Doctorow reported that hotword’s default behavior is to “silently switch on your computer's microphone and send whatever it hears to Google.”

Google maintains that the software is opt-in and designed only to allow verbal interaction with the computer. The company further states that it does not control Chromium development and that some of the issue results from the fact that Debian downloads Chromium automatically rather than Chrome.
Nevertheless, developers have recorded instances of the software automatically downloading and initiating without user input. According to Rich Falkvinge:“The default install will still wiretap your room without your consent, unless you opt out, and more importantly, know that you need to opt out, which is nowhere a reasonable requirement.” Falkvinge is the founder of the Pirate Party, an international political party whose platform includes freedom of information, citizen participation, privacy rights and transparency (among other things).

Communications privacy has become an increasingly sensitive issue since the Snowden disclosures of 2013 revealed that the NSA (National Security Agency) had full access to user data on the servers of major service providers, including Google.

Falkvinge advises that the only real way to protect user privacy from eavesdropping software is to build a hardware switch into devices that can disable any listening module that may be installed.
=====================================================
**Important note** - contact our sister company for very powerful solutions for IP management (IPv4 and IPv6, security, firewall and APT solutions:

www.tabularosa.net

In addition to this blog, Netiquette IQ has a website with great assets which are being added to on a regular basis. I have authored the premiere book on Netiquette, “Netiquette IQ - A Comprehensive Guide to Improve, Enhance and Add Power to Your Email". My new book, “You’re Hired! Super Charge Your Email Skills in 60 Minutes. . . And Get That Job!” will be published soon follow by a trilogy of books on Netiquette for young people. You can view my profile, reviews of the book and content excerpts at:

 www.amazon.com/author/paulbabicki

 If you would like to listen to experts in all aspects of Netiquette and communication, try my radio show on BlogtalkRadio  Additionally, I provide content for an online newsletter via paper.li. I have also established Netiquette discussion groups with Linkedin and Yahoo.  I am also a member of the International Business Etiquette and Protocol Group and Minding Manners among others. Further, I regularly consult for the Gerson Lehrman Group, a worldwide network of subject matter experts and have been a contributor to numerous blogs and publications. 

Lastly, I am the founder and president of Tabula Rosa Systems, a company that provides “best of breed” products for network, security and system management and services. Tabula Rosa has a new blog and Twitter site which offers great IT product information for virtually anyone.
==============================================

Friday, June 26, 2015

Tabula Rosa Systems Technical Term Of The Day - Brownfield Deployment - Do You Know What It Is?



Brownfield Deployment
A brownfield deployment, in information technology, is the installation and configuration of new hardware or software that must coexist with legacy IT systems. A greenfield deployment, in contrast, is the installation and configuration of software or hardware that a company has not used before and is not dependent upon legacy technology. 

The terms brownfield and greenfield come from the building industry, where previously developed land is described as being brownfield and previously undeveloped land is described as being greenfield. In information technology, as with construction, brownfield deployments can be cost-effective because the infrastructure to support the new installation is likely to be already in place. However, brownfield deployments can be complicated by the need to rectify dependencies between the new and current installations.
Good Netiquette to all!
===============================================
**Important note** - contact our company for very powerful solutions for IP management (IPv4 and IPv6, security, firewall and APT solutions:

www.tabularosa.net

In addition to this blog, Netiquette IQ has a website with great assets which are being added to on a regular basis. I have authored the premiere book on Netiquette, “Netiquette IQ - A Comprehensive Guide to Improve, Enhance and Add Power to Your Email". My new book, “You’re Hired! Super Charge Your Email Skills in 60 Minutes. . . And Get That Job!” will be published soon follow by a trilogy of books on Netiquette for young people. You can view my profile, reviews of the book and content excerpts at:

 www.amazon.com/author/paulbabicki

 If you would like to listen to experts in all aspects of Netiquette and communication, try my radio show on BlogtalkRadio  Additionally, I provide content for an online newsletter via paper.li. I have also established Netiquette discussion groups with Linkedin and Yahoo.  I am also a member of the International Business Etiquette and Protocol Group and Minding Manners among others. Further, I regularly consult for the Gerson Lehrman Group, a worldwide network of subject matter experts and have been a contributor to numerous blogs and publications. 

Lastly, I am the founder and president of Tabula Rosa Systems, a company that provides “best of breed” products for network, security and system management and services. Tabula Rosa has a new blog and Twitter site which offers great IT product information for virtually anyone.
==============================================

Thursday, June 25, 2015

Tabula Rosa Systems Security Bulletin - Cisco Releases Security Updates

National Cyber Awareness System:
06/25/2015 05:20 PM EDT

Original release date: June 25, 2015
Cisco has released security updates to address vulnerabilities in Web Security Virtual Appliance (WSAv), Email Security Virtual Appliance (ESAv), and Content Security Management Virtual Appliance (SMAv) software. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of the affected appliance.
US-CERT encourages users and administrators to review the Cisco Security Advisory and apply the necessary updates.

===============================================
**Important note** - contact our company for very powerful solutions for IP management (IPv4 and IPv6, security, firewall and APT solutions:

www.tabularosa.net

In addition to this blog, Netiquette IQ has a website with great assets which are being added to on a regular basis. I have authored the premiere book on Netiquette, “Netiquette IQ - A Comprehensive Guide to Improve, Enhance and Add Power to Your Email". My new book, “You’re Hired! Super Charge Your Email Skills in 60 Minutes. . . And Get That Job!” will be published soon follow by a trilogy of books on Netiquette for young people. You can view my profile, reviews of the book and content excerpts at:

 www.amazon.com/author/paulbabicki

 If you would like to listen to experts in all aspects of Netiquette and communication, try my radio show on BlogtalkRadio  Additionally, I provide content for an online newsletter via paper.li. I have also established Netiquette discussion groups with Linkedin and Yahoo.  I am also a member of the International Business Etiquette and Protocol Group and Minding Manners among others. Further, I regularly consult for the Gerson Lehrman Group, a worldwide network of subject matter experts and have been a contributor to numerous blogs and publications. 

Lastly, I am the founder and president of Tabula Rosa Systems, a company that provides “best of breed” products for network, security and system management and services. Tabula Rosa has a new blog and Twitter site which offers great IT product information for virtually anyone.
==============================================

Wednesday, June 24, 2015

Tabula Rosa Systems Product Of The Day - Tufin Networks

    
============================================
Tufin provides powerful solutions for managing firewalls. For further information, contact us as mentioned below.
============================================
 Automatic Change Design, Provisioning and Verification

The Tufin Orchestration Suite slashes change handling times by automating change design and implementation across the network. It studies the network topology to identify the relevant devices, and it analyzes their security configuration to determine if a change is needed. If so, it designs the optimal change and automatically pushes it out to the network device or generates the required commands. Finally, after the change is made, the Orchestration Suite verifies that the change fulfills the original request and documents it automatically.

Network Topology Intelligence and Security Configuration Analysis

Effective change automation depends on an in-depth understanding of both the enterprise network as a whole, and of the security policy configuration on each device. Tufin’s Network Topology Intelligence automatically maps the entire network, while Security Policy Analysis simulates the access provided or blocked by each firewall, router and load balancer. Together, they enable the Orchestration Suite to design and simulate network access during the automated change process.

Central Management of Network Security Devices

In today’s complex, multi-device, multi-vendor network environment, a central view of security policy across all devices is essential. The Tufin Orchestration Suite supports all major network security devices and vendors. It gives you the ability to consistently enforce your corporate security policy on all of your devices, along with the documentation and change audit trail that you need to demonstrate compliance.

Proactive Risk Analysis and Impact Simulation

Every change to the network configuration is a potential threat to security and availability. Without Security Policy Orchestration, testing the impact of a change is virtually impossible. As part of the automated change process, the Orchestration Suite proactively checks every access request against your corporate security and compliance policies to spot violations. It also simulates the impact of every change to identify potential risks. It enables you to process changes much more quickly and at the same time, significantly reduce the risk to your organization.

Customizable Workflows

The Tufin Orchestration Suite includes customizable workflows that automate network change design, analysis and implementation according to industry best practices. Using an intuitive visual editor and simple building blocks, you can model your own business processes and meet the specific needs of your organization.

Tufin Orchestration Suite Highlights:

                Orchestration of network security processes
                Automatic change design and implementation
                Network topology intelligence
                Security policy analysis
                Central management of leading network security devices
                Customizable change workflows
                Proactive risk analysis and impact simulation
                Automatic change verification
                Continuous compliance and instant audit reports
                Interoperability with external systems

Continuous Compliance

The Orchestration Suite provides a closed-loop process for enforcing, verifying and documenting compliance with standards such as PCI DSS and SOX. It checks every access request and every change design against compliance policies before approval and after implementation. When an exception is made, the justification is documented as part of the audit trail. The Compliance Dashboard shows the current status and generates customizable reports, cutting audit preparation times by as much as 80%.

Interoperability with External Systems

The Tufin Orchestration Suite integrates with a variety of systems including help desk, ticketing and service provisioning through RESTful APIs. With the Orchestration Suite, you can seamlessly integrate network security changes into your IT operations management processes while benefitting from the deep security and network technologies that increase productivity and accuracy.
===============================================
**Important note** - contact our company for very powerful solutions for IP management (IPv4 and IPv6, security, firewall and APT solutions:

www.tabularosa.net

In addition to this blog, Netiquette IQ has a website with great assets which are being added to on a regular basis. I have authored the premiere book on Netiquette, “Netiquette IQ - A Comprehensive Guide to Improve, Enhance and Add Power to Your Email". My new book, “You’re Hired! Super Charge Your Email Skills in 60 Minutes. . . And Get That Job!” will be published soon follow by a trilogy of books on Netiquette for young people. You can view my profile, reviews of the book and content excerpts at:

 www.amazon.com/author/paulbabicki

 If you would like to listen to experts in all aspects of Netiquette and communication, try my radio show on BlogtalkRadio  Additionally, I provide content for an online newsletter via paper.li. I have also established Netiquette discussion groups with Linkedin and Yahoo.  I am also a member of the International Business Etiquette and Protocol Group and Minding Manners among others. Further, I regularly consult for the Gerson Lehrman Group, a worldwide network of subject matter experts and have been a contributor to numerous blogs and publications. 

Lastly, I am the founder and president of Tabula Rosa Systems, a company that provides “best of breed” products for network, security and system management and services. Tabula Rosa has a new blog and Twitter site which offers great IT product information for virtually anyone.
==============================================