How to Respond to a Data Breach

According to the results of a recent Ponemon Institute study commissioned by Solera Networks, the average cost of a malicious data breach has risen to $840,000, with the average cost per record at $222. Still, only 40 percent of organizations surveyed say they have the tools, personnel and funding in place to track down the root causes of a breach.

Labor Department Web Site Hacked, Malware Uploaded

“It’s difficult to discern the intent of a criminal targeting visitors to such a specific Web site, but clearly this was planned well in advance, and was not intended to reach a wide audience of potential victims,” said security researcher Andrew Brandt. A relatively obscure portion of the U.S. Department of Labor Web site was hacked, and malware placed there.

Solera Networks Debuts Partner Program

Because Solera Networks has very tight integration relationships to other security tools, including firewalls and SIEM products, the company is focused on partnering with resellers that are already selling many of these products because Solera’s solution is a “natural add-on sale,” according to Seton.

“Both our solution and program are designed to create new revenue and growth opportunities for partners,” he said. “Delivering big data security analytics and advanced threat protection into end-user networks augments many other solutions and services that these partners are already providing.”

Solera Networks Launches ‘Black Box’ For Security Incident Responders

“The Solera DeepSee BlackBox Recorder is like having a black box flight recorder for the network—providing incident responders with all the critical information necessary to effectively investigate and resolve a security breach or targeted attack,” explained Steve Shillingford, president and CEO at Solera Networks.

What sets the DeepSee BlackBox Recorder apart from previous Solera offerings is that it can be deployed and installed at no initial cost, the company told SecurityWeek. License purchase is required only when incident responders “break the glass” to retrieve the captured security intelligence when an incident occurs.

Is Spam Increasing? A Look At Some New March Campaigns

Security Bistro recently caught up with Andrew Brandt, Threat Research Director at Solera Networks. He penned a blog post last week about a new spam campaign featuring URLs that direct individuals to — what appeared to be — compromised personal and small business web sites.

“It does appear that the volume of malicious spam, which we consider to be messages with either an attached malware executable (usually zipped) or with one or more embedded URLs that lead to sites which perform browser exploits as a method of infection, significantly increased over what we saw in February,” Brandt told Security Bistro. “There was a big spam push around the end of the year. During that period, Solera Networks saw a large amount of spam between the week before Christmas and New Year’s. Since then, it slowed down in January and February, and is starting to pick back up again.”

‘Doxxing’ Incidents Highlight Risk of Disclosing Personal Info

Brian Contos, worldwide vice president of field engineering at Solera Networks, said doxxing has moved attacks from targeting nameless, faceless organizations and governments to individuals.

“We’ve seen examples of this type of incident in Latin America, where hacktivists targeted specific individuals at organizations like police forces and published their names, photos, address, phone numbers, and other personal information,” he told us. “With vast amounts of personal information available about most people online — much of which is shared voluntarily via social networking sites — nefarious individuals are finding doxxing to be easier than ever.”

RSA 2013: Malicious data breaches result in significantly higher costs

But with 28% of organizations unable to determine the root cause of malicious breaches, their ability to respond is severely hampered. “Organizations that can’t tell you the root cause of a breach often can’t determine the entire impact” of the incident, said John Vecchi, VP of marketing with Solera Networks. “Unless organizations have the tools to determine the cause, there is very little chance they can respond effectively to future incidents.”

“Organizations sometimes think they don’t need to know the gory details” about how a breach occurred, Ponemon said, adding that they oftentimes choose to remain tight-lipped about such incidents or simply don’t have the detection tools in place to make an accurate assessment. “They need to know”, he insisted.

Apple becomes the latest hacking target, with Mac malware

Regardless of who’s behind it, the Apple attack and all of the others in the last few weeks and months point to a certain amount of realism that needs to come into play when determining a cyber defense. “In today’s post-prevention world, it’s crucial that companies accept that successful breaches on highly fortified networks are inevitable, and the scope of targeted enterprises and organizations will only widen day by day,” cautioned John Vecchi, vice president of marketing at Solera Networks, in an email to Infosecurity.

He added, “Once attackers are past our perimeter defenses – via an advanced targeted attack – they own our network. As such, there needs to be a shift toward ‘preparedness’ and a modern, multi-layered defense. It is likely that cyberattackers are already on our networks, so we must focus on attaining the context, content and visibility needed to see and eradicate them.”

Obama Cybersecurity Executive Order A First Step, But More Is Needed, Some Say

“Executive orders like this are generally not designed to address and tackle some of the big areas of comprehensive cyberlegislation,” says John Vecchi, vice president of marketing for Solera Networks. “Rather, it will certainly serve as an instrument to apply pressure to Congress to pass more formal cybersecurity legislation. That legislation would then include a more concrete framework for government/private sector cybersecurity. It would also likely address some of the complex policy areas, such as industry incentives and liability protection that an executive order could not.”

Connecticut university opens up 235,000 SSNs to hackers

A strong post-breach security system, such as security intelligence and analytics, can watch every packet for forensic analysis. “Yes, a server got attacked. Yes, it contained 235,000 records,” said Contos. “But now, instead of guessing on the number of records stolen, you know that only one database table was accessed, and perhaps it only contained records for 500 people. This greatly limits your disclosure costs.”

How To Detect Zero-Day Malware And Limit Its Impact

“There has been a ‘seismic shift’ in how malware is developed and distributed, says Andrew Brandt, director of threat research at Solera Networks. Malware developers are increasingly crafting one-time-use malware, so by the time an antivirus vendor has released a signature to detect the malware sample, the bad guys have most likely moved on to a new version.”

Download full report

Solera DeepSee Virtual Appliance featured on Network World

“Provides complete visibility into network traffic, including virtual networks. Captures, classifies and reconstructs up to 10 terabytes of packets, sessions and files per virtual instance with clustering capabilities into the petabyte range.”

StarLink signs as Solera distributor in GCC region

“With the ever-growing security gap in the defensive capabilities of traditional network forensics tools, the landscape is rife with new digital threats, which drove us to partner with the next generation in security intelligence solutions, Solera Networks…”

Solera Networks Enhances Appliance for Big Data Security

“Having the ability to deploy a flexible and cost-effective virtual appliance for network analysis, visibility and intelligence is critical to effectively securing virtual infrastructure from today’s advanced malware and cyber-threats.”

InfoSecurity Europe Interviews John Vecchi, VP of Marketing, Solera Networks at Infosecurity Europe

“…the reality that breaches will happen. And when they do quickly you need to be able to answer very important questions: what happened? who did this to us? what information was extricated or accessed? is this breach over and have we contained it…”

Security Start-Ups Catch Fancy of Investors

“Solera Networks, a security start-up that tracks intrusions in real time, has raised over $50 million from Intel Capital and others, and many say it is ripe for a nine-figure acquisition.”

New Requirements for Security Monitoring

“There is a need for tighter integration between network operations and security.  This is…good news for Solera Networks.”

Beyond the SIEM

“President and CEO Steve Shillingford and CTO Joe Levy told me that its technology was about offering the extended visibility that log management and security incident and event management (SIEM) failed to achieve.”

Solera shrink-wraps its security intelligence

“The idea behind the new – and effectively shrink-wrapped version of DeepSee – is that it uses deep packet capture to analyse what is going on at the IP layer on a network, and develop a context awareness approach to security that should allow IT staff to spot any advanced targeted attack (ATA) that may be operating on their network resources.”

Will We Learn Authentication Lessons From Global Payments Breach?

“It would not be surprising if the investigation slowly reveals that the breach involved techniques such as Web application exploitation, maneuvering from a compromised public system into the internal systems, and that the presence on the network was a longer term than estimated,” says Joe Levy, CTO of Solera Networks.”

Global Payments identified as processor in data breach

“This is unfortunately reminiscent of the Heartland Payment Systems breach that started in 2007 and was finally discovered and disclosed in early 2009,” said Joe Levy, CTO of Solera Networks.”

Over 50K Visa and Mastercard credit cards compromised, banks alerted

“Joe Levy, chief technology officer of Solera Networks, believes there may be more to the hacks, which have occurred in the past in cases like Heartland Payment Systems.”

Solera Networks Enhances Malware Protection, Alerting And Analysis

“At Solera Networks, we believe that all organizations need better tools to identify advanced malware, and we are excited to deliver Real Time Extractor, an engine that enables unprecedented levels of network detection and analysis,” said Steven Shillingford, president and CEO of Solera Networks.”

Solera Helps You Respond Rapidly to Security Events

“If you don’t know what is happening on your network and need to respond quickly and intelligently to malware and other attacks, you might want to look at SoleraSix from Solera Networks. I took a look at this security appliance for my most recent video screencast review that you find here.”

RSA: Solera networks DeepSee packet analysis video

“Aubrey Merchant of Solera networks gives V3 a walkthrough of DeepSee, the company’s real-time traffic monitoring and packet analysis platform.”

The Daily Start-Up: As Cyber Attacks Rise, So Does Solera Networks

“Solera Networks has raised $20 million in Series D funding led by Intel Capital for technology that detects cyber attacks by collecting and classifying network traffic in real time. Solera’s revenue grew 100% last year because of the growing concern among Fortune 500 companies over targeted cyberattacks, although government agencies that may be battling nation-state cyberattacks remain important customers too.”

Intel Leads $20M Round For Solera Networks

“The company says its DeepSee Platform can index and classify all network traffic, giving companies a comprehensive picture of their network security in real-time, either for spotting risks before a security breach or responding quickly once a breach has occurred. Both domestic and international sales supposedly grew more than 100 percent last year.”

Zappos.com attack: Fallout and Feedback

“This, from Alan Hall, security expert and director at Solera Networks: “Without full visibility of the entire attack, organizations can only guess or assume that all records were taken and then address their response to the full extent of possible damage — 24M in this case. An appropriate response includes more detail of ‘how did they get in, where did they go and what was accessed, seen, and removed from the network?’”

FBI Official Warns of Growing ‘Existential’ Cyber Threats

“Despite the increased frequency and severity of online crime and espionage in 2011, many American corporations and consumers are still not taking the threat seriously,…”

No Shelter From a Cybercrime Storm

“It is indeed possible to stop even determined hackers, suggested Andrew Brandt, director of threat research at Solera Networks Research.

“It just takes a guard or team of guards, equipped with the right tools to get the job done, and an equal or greater degree of determination, to stop them,” he told TechNewsWorld.”

Multifunctional malware, staged drive-by attacks to rise in 2012

“Andrew Brandt, Solera’s director of Threat Research, urges Mozilla Firefox users to keep their plug-ins updated and install NoScript to stop the onslaught of drive-by attacks using malicious JavaScript.”

QR Code Malware Picks Up Steam

“Much like URL-shortening services can be and are used maliciously because of the fact that they obscure the real target URL, QR codes can also be used for such deception,” says Joe Levy, CTO of Solera Networks.”

App And Database Security: Two Halves Of A Whole

“The days of static content Web sites are a distant memory, and every Web site or Web-based application today is back-ended by some kind of database, whether it’s your bank, your cloud CRM service, your mobile device’s app-store, your favorite online shopping site, or your photo collection and blog,” says Joe Levy, CTO of Solera Networks.”

SCADA hack shut down a US water plant

“Andrew Brandt, director of research for Solera Networks Research Labs, told V3 that German engineering conglomerate Siemens’ SCADA system is something of a honey pot for hackers and that once inside it they would find a “soft centre” that let them easily take control.”

Flood of Filth Turns Facebook News Feeds Into Open Sewers

“Other possible causes are rogue applications “that have quietly collected personal information, or … a diversion based on something bigger going on,” Andrew Brandt, director of Solera Networks’ Threat Labs, told TechNewsWorld.”

FBI, Security Vendors Partner to Take Down Hacker Consortium

“In addition to running the infrastructure that powered this operation that eventually netted the crooks $14 million, DNSChanger also helped revolutionize the malware world, says Andrew Brandt, malware analysis expert and director of Threat Research at forensics and network security analytics firm, Solera Networks.”

No Duqu zero-day patch yet, but Microsoft offers workaround

“Andrew Brandt, director of threat research at South Jordan, Utah-based network security analytics provider Solera Networks Inc., said it will be critical that businesses and individual users apply the patch for the kernel-level zero-day vulnerability once Microsoft releases it.”

Hackers ‘Timthumb’ Their Noses At Vulnerability To Compromise 1.2 Million Sites

“Remote shells are PHP files that, in essence, provide fairly complete remote control capabilities to anyone who knows the exact path to the PHP file on the server and navigates there with a browser,” says Andrew Brandt, director of threat research for Solera Networks.”

Solera research director spots a hybrid spear phishing attack

“Andrew Brandt, The newly-installed director of threat research with Solera Networks, has been analyzing what appears to be a hybrid spear phishing attack against a colleague and revealed the effort that goes into making these targeted attack emails look genuine.”

Applied Network Security Analysis: Introduction

“They need the network, pure and simple. Which means they will leave tracks, but only if you are looking. This is why we favor (as described in React Faster and Better) capturing the full network packet data as possible. Attackers could compromise network devices and delete log records. They could generate all sorts of meaningless traffic to confuse network behavioral analysis.”