Five Use Cases of Behavioral Analytics to Protect Customer Networks
Interest in user and entity behavioral analytics, or UEBA as recently coined by Gartner, has risen dramatically over the past 12 months. And it’s for valid reasons. Attackers are using more and more sophisticated approaches to bypass traditional defense mechanisms. Companies are constantly looking for enhanced solutions to protect their users and valuable assets, but […]
The Importance of Controls for MSSPs
Should Your MSSP be SOC 2 Compliant? SOC stands for Service Organization Controls and falls under the Statement on Standards for Attestation Engagements (SSAE) No. 16. SSAE 16 was issued by the Auditing Standards Board of the American Institute of Certified Public Accountants (AICPA) in 2010. SSAE 16 effectively replaces SAS 70 as the authoritative […]
Medical devices growing concern in healthcare IT security
Practically every hospital and healthcare institution invariably depend upon medical devices. These devices produce a sizable amount of data and despite the fact that very little of this data is retained for any longitudinal patient benefit, the data must be safeguarded per federal requirements. Proficio’s security engineers have worked with a number of healthcare IT […]
Cybersecurity Awareness Month: A 3-Step Plan to Being Cyber Secure
Cybersecurity Awareness Month: A 3-Step Plan to Being Cyber Secure Step 1: Train your employees to be security savvy Some of the most basic, “expected” tools in security are often those most overlooked. Your first step to defense from cyber criminals is your employees. Having a security training program in place and creating policies to […]
The Scary Truth About CyberSecurity
With just two months left in 2015, it is shocking to find that this year may be one of the scariest years as far as data breaches go. Recent reports show data breaches to be increasingly common. And as these threats become bigger and more harmful, the future looks spooky. The overall costs for cyber […]
Simple Cross-Device Correlation is No Longer Enough
In today’s demanding security environment, companies are more than ever challenged to identify serious threats before they lead to a data breach. Using a SIEM tool to correlate security events is a good start, but an effective defense requires a combination of both advanced cross-device correlation and alert prioritization. We wanted to provide you some examples of […]
Next Gen SIEM for the Rest of Us
SIEM systems were first created for large enterprises and government agencies that were frequent targets of advanced cyber attacks. Back then, smaller and lower-profile organizations were able to get by with basic security tools as they were seldom the target of hackers. The world has changed and today cyber attacks have become so widespread and […]
Using a SIEM to Detect Cryptolocker Attacks
As cybercriminals continue to use ransomware as a means for profit such as Cryptolocker and Cryptowall, organizations must develop detection capabilities around this threat. SIEM technology combined with threat intelligence can be effectively used to detect ransomware. We recommend you ask your MSSP or SIEM Administrator to create the following use cases: Antivirus Repeat Infection […]
They’ve Got Your Email – Email Security Solutions
Lost or stolen laptops and now smart phones with unencrypted data account for many of the cases of compliance violations. Often the confidential data is inside an email. We recommend using an email security solution, such as Proofpoint, with integrated Data Loss Prevention (DLP) and policy-based encryption capabilities to minimize the risk of disclosing protected […]
The Vulnerability Remediation Challenge and Patch Tuesday
For the past twelve years, Microsoft’s Patch Tuesday has been a monthly reminder of the challenges with vulnerability remediation. For IT and security teams, Patch Tuesday means it’s time to assess another batch of security updates and decide which ones to deploy and when, and which ones to either defer, indefinitely or at least temporarily. […]
Anthem Inc. Data Breach – Healthcare Increasingly Target of Hackers
On January 27th, Anthem discovered that the login information for database administrators had been compromised. The investigation is ongoing, but the data breach could affect up to 80 million Anthem customers. Information stolen includes member names, member health ID numbers/Social Security numbers, dates of birth, addresses, telephone numbers, email addresses and employment information, plus some […]
Takeaways from the Penn State Security Breach
An official at Penn State stated, “In fact, on an average day last year, Penn State alone repelled more than 22 million overtly hostile cyber attacks from around the world”. This is an interesting number. However, we would surmise that they are actually counting the number of Internet drive-by attacks based source IP addresses being […]