The most innovative and damaging hacks of 2015

The year’s most significant attacks highlight how hackers are changing tactics — and how IT security must evolve in the year ahead. Not a week went by in 2015 without a major data breach, significant attack campaign, or serious vulnerability report. Many of the incidents were the result of disabled security controls, implementation errors, or other basic security mistakes, highlighting how far organizations have to go in nailing down IT security basics.

Yup, We Can See It Coming

On December 17th, 2015 Juniper issued an advisory indicating that they had discovered unauthorized code in the ScreenOS software that powers their Netscreen firewalls. This advisory covered two distinct issues; a backdoor in the VPN implementation that allows a passive eavesdropper to decrypt traffic and a second backdoor that allows an attacker to bypass authentication in the SSH and Telnet daemons. There are speculations that the backdoor was installed by “State Sponsored” actors.  Shortly after Juniper posted the advisory, an employee of Fox-IT stated that they were able to identify the backdoor password in six hours. (So much for Government efficiency hiding their actions)

To read more, click here

Pay No Attention to the Man Behind the Curtain!

How do you detect a security breach inside your network? How do you collect the necessary intelligence to protect your assets properly? Sun Tzu, author of The Art of War, said that convincing your opponents to unveil their identity without knowing that they are being watched is one of the most important keys to winning a war. Attack deception is one of the best techniques to make attackers unveil their identity and gain valuable intelligence. While it is not new, advanced attack deception methods take advantage of Sun Tzu’s strategy.

Read more

Caught red handed – Alex

Opportunistic hackers are far from the limelight these days but they still exist and can cause large amounts of damage if they manage to break into your systems. We’ve recently observed our Data Center Security Suite catch such a hacker, an “Alex” from Romania who has kindly enough supplied his own name and private domain for publicity.

Read more

GuardiCore Expands Support for Docker Open Platform

Process-Level Visibility Between Containers Delivers More Granular Application Security Monitoring and Troubleshooting for “Dockerized” Applications

DockerCon Europe 2015, Barcelona, Spain – GuardiCore, a leader in internal data center security, today announced that it has expanded support for the Docker open platform for building, shipping and running distributed applications. In addition to providing advanced breach detection and response for “Dockerized” applications, GuardiCore has extended its support for Docker environments to deliver process-level visibility between any two containers, allowing security and devops teams to effectively secure, monitor, maintain and troubleshoot applications in a very granular manner. GuardiCore will be demonstrating its Docker support at Dockercon in the New Innovators Showcase. Read more

GuardiCore Data Center Security Suite Achieves Nuage Networks Certification

Solution Combining Nuage Networks Software Defined Networking (SDN) with GuardiCore Threat Detection Capabilities Provides Advanced, Real-Time Protection for Data Centers and Clouds

Tel Aviv, Israel, – GuardiCore, a leader in internal data center security, today announced its Data Center Security Suite as one of the first technologies to achieve Nuage Networks certification. GuardiCore integration with the Nuage Networks Virtual Services Platform (VSP) helps organizations easily add advanced security to the Nuage Networks environment to detect, analyze and respond in real time to advanced threats, minimizing the cost and damage of a breach. Read more

5 Key Takeaways from VMworld Barcelona

So, VMworld Europe just concluded last week and certainly there was a lot to talk about, from hybrid clouds, VMware’s acquisition of Boxer, Dell’s acquisition of EMC and how this affects VMware (it doesn’t according to Dell CEO Michael Dell), VMware CEO Pat Gelsinger’s keynote where he highlighted the five imperatives of the digital business and also called out of some enterprises for lack of agility (“Elephants must learn to dance”) and of course, security, which seemed to be integrated into almost every topic at the event.

Read more

GuardiCore Announces General Availability of its Data Center Security Suite

New Breed of Security Solution Detects Active Breaches inside Data Centers and Clouds Where Legacy Approaches Fall Short

San Francisco, CA – GuardiCore, a leader in internal data center security, today announced availability of its security solution that leverages advanced threat deception technology and a proactive honeypot approach to protect enterprise data centers and clouds from advanced threats that are increasingly breaching legacy security defenses. The GuardiCore Data Center Security Suite is built from the ground up for today’s modern data centers and clouds, providing unparalleled visibility, active breach detection and real-time response for both virtual and physical environments, and scales to support the performance requirements for high traffic data center environments. Read more