5 Security Tools for IT That Go Deep -- Redmondmag.com

5 Security Tools for IT That Go Deep

With IT facing more complex and new types of threats compared to years past, it's time to arm yourself with the best tools to keep you and your network secure.

By Chris Paoli
05/06/2014

As unauthorized access and data theft intensifies -- thanks to major bold attacks such as the Target breach and Edward Snowden's unfettered access to classified files -- a slew of security vendors offer new levels of protection based on smarter, real-time analytic data processing, stronger mobile integration and an understanding that data is stored on-site and in the cloud. Here are five tools for IT to tackle these challenges.

Cloud Security: Trend Micro Deep Security for Web Apps
Trend Micro Inc.
The Trend Micro security suite for cloud, physical and virtual servers provides a way for testing Web apps in all these environments. It builds upon the popular Trend Micro Deep Security suite (awarded the Editor's Choice for Best Virtualization Security Software by Redmond sister publication Virtualization Review in its 2013 Reader's Choice Awards) to provide a comprehensive approach to both detecting and protecting network applications, no matter if accessed from a PC, smartphone or tablet device.

Trend Micro assures this through its three-pronged approach to security:

Intelligent Application Scanning: Deep Security for Web Apps provides testing on two fronts, including automatic vulnerability scanning, which will check an app more than 50,000 times and hands-on testing by Trend Micro security experts.
Integrated Detection and Protection: Helps to protect against zero-day threats by identifying and solving specific platform vulnerabilities. Trend Micro says that it would take an average of 193 days to manually correct application vulnerabilities that are discovered by the security suite.
Unlimited SSL Certificates: This offering allows for an unlimited number of SSL certificates, affording enterprises to do as much testing on Web apps as wanted, without being held back by a pay-as-you-go certificate pricing model.

Trend Micro recently said its security suite extends cloud security solutions on Amazon Web Services.

Security Analytics: LYNXeon for Network Behavior Analysis and Visualization
21CT Inc.
Guarding against attacks as they happen is just one facet of network security. It's not enough to only stay reactive when it comes to the health of your network -- you must also be proactive in guarding the attacks of tomorrow.

The LYNXeons network behavior analysis offering, by security firm 21CT, looks to provide IT with an insight on the nature of attacks that hit the network by organizing data to see where the trouble spots are by compiling user behavior, whether it's on a desktop or connected device. The visual representation models that LYNXeon provides helps to trace the source of an intrusion -- information needed when looking at behavioral patterns to block similar attacks.

While the notion of taking a data-analytic approach to security is nothing new, IT has yet to have many real-world offerings that provide just that. With LYNXeon's analysis, it's one of the first working-model analytic tools delivering in-depth security breakdown analysis of your network within moments of submitting an inquiry.

Mobile Security: viaProtect
viaForensics LLC
Announced and initially released in open beta during February's RSA Conference in San Francisco, the viaForensics mobile security app for iOS and Android devices looks to provide corporate-grade bring your own device (BYOD) protection at both the consumer and enterprise levels.

As is the hot trend in IT, the app is touted as an analytics-driven security that brings real-time monitoring, risk assessments based on Big Data collection and a customizable dashboard that provides a complete breakdown of risks, potential vulnerabilities and status of multiple devices connected to a network.

Further, viaProtect also bakes in encryption protection for any apps connected to the security software, including protection of data at rest, SSL/TLS pinning and network encryption. Through the dashboard, IT will also be able to see statistics relating to this protection, including informing how much device Internet traffic is being encrypted, which servers a device is communicating with and where on the globe data is traveling.

Customers can download viaProtect from the Apple iTunes App Store or devices running iOS 6 and iOS 7, and the Android store (currently in the public preview stage) for Android 4.0 Ice Cream Sandwich and up.

DDoS Web Site Protection: NSFocus ADS
NSFocus Information Technology Co. Ltd.
In the past few years, distributed denial of service (DDoS) attacks have been the go-to tool of "hacktavists" looking to bring down a Web site due to ideological differences and that of the Internet prankster looking to cause chaos online by overloading a targeted Web site with a large amount of traffic until it's brought down.

The NSFocus DDoS attack migration app looks to take the threat of your enterprise's Web site being taken down by monitoring and blocking incoming malicious traffic, while keeping the legitimate flow of visitors to continue. It protects from both traffic-based attacks and application-based attacks -- those targeting specific applications to bring them down -- and can be deployed directly to routers, networks and Internet access points.

Along with preventing specific DDoS attacks, the NSFocus ADS series also provides a centralized maintenance and monitoring dashboard to configure policies, check custom traffic reports, take forensic evidence after an attack is blocked and monitor running statuses.

Attack Blocker: Microsoft Enhanced Mitigation Experience Toolkit
Microsoft
The Microsoft Enhanced Mitigation Experience Toolkit (EMET) recently hit 5.0 status. The company's free utility is still a good choice for enterprises and consumers alike looking to guard against known Web attacks in a wide range of software -- not only in Microsoft offerings.

Along with minor changes that aim to make it more difficult for attackers to fully bypass the security utility when launching attacks and changes that help to resolve compatibility issues when third-party security software is running alongside the EMET, the fifth version of EMET includes two new features: Attack Surface Reduction (ASR) and Export Address Table Filtering Plus (EAF+).

According to Microsoft, ASR came about direct user feedback from those wanting the ability to completely block plug-ins in applications. For example, IT can now block Java from automatically running in a Web browser or bar Flash elements from being opened automatically in Outlook or Office. The fully configurable tool will block plug-ins from being loaded in Microsoft Word, Excel and Internet Explorer by default.

The second new feature, EAF+, adds to its earlier Export Address Table Filtering by extending how the tool blocks specific in-memory exploit techniques. It's now designed to block KERNELBASE exports, which include the widely used KERNEL32.DLL and NTDLL.DLL attack families. Additionally, increased integrity checks when export tables are accessed from low-level modules were also added and EAF+ will automatically protect memory read operations on protected export tables from suspicious modules.

About the Author

Chris Paoli (@ChrisPaoli5) is the associate editor for Converge360.

Featured

Microsoft Kills 30-Day Data Retention Policy for Copilot in Fabric

Microsoft this week announced several usability improvements coming to Copilot in Fabric in preparation of its general availability release later this year.
Using Microsoft Office to Build a Network Diagram 2

Now that we've set up our process, let's dig in with the actual execution.
Microsoft Graph 'Activity Logs' Feature Goes Live

Microsoft announced the general availability of the "activity logs" capability in Microsoft Graph, giving administrators more options to track user activity and identify patterns of potential misuse.
Fallout from Microsoft's 'Midnight Blizzard' Saga Hits Feds

When the Russian attack group Midnight Blizzard successfully breached Microsoft corporate e-mail accounts late last year, it apparently managed to steal U.S. government agency e-mails, too.
PowerShell Script Used in Phishing Attack May Be AI-Generated

A PowerShell script being used in a novel malware campaign may have been created by AI, according to security researchers at Proofpoint.