EQUIFAX DISCLOSES MASSIVE DATA BREACH

Today, September 8, 2017, Equifax, one of the largest credit reporting agencies in the United States, has disclosed that they suffered a massive data breach because their network was compromised by unknown hackers. According to the Equifax’s press release, attackers gained access to personal data of almost 143 million Americans. Social security numbers, birth dates and addresses of nearly half the population lost in this breach of the US could be misused by hackers for years to come. Credit card numbers of US-customers and non-US customers were also stolen. After Equifax announced the cyberattack, their shares dropped 13%.

Official information posted on the Equifax website states: “Based on the company’s investigation, the unauthorized access occurred from mid-May through July 2017.” The breach was disclosed only yesterday, meaning it took six weeks to detect the cyberattack.

Network security solutions like GREYCORTEX that identify anomalous behavior within your network are especially important in this situation. These solutions mean your IT team can identify malware by its anomalous movement within the network, and identify it as it replicates. GREYCORTEX MENDEL identifies such anomalous behavior, offers deep network visibility, and differentiates between human and machine behavior, meaning you can find infected devices within your network and secure your company’s data and reputation.


About Version 2
Version 2 is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About GREYCORTEX
GREYCORTEX uses advanced artificial intelligence, machine learning, and data mining methods to help organizations make their IT operations secure and reliable.

MENDEL, GREYCORTEX’s network traffic analysis solution, helps corporations, governments, and the critical infrastructure sector protect their futures by detecting cyber threats to sensitive data, networks, trade secrets, and reputations, which other network security products miss.

MENDEL is based on 10 years of extensive academic research and is designed using the same technology which was successful in four US-based NIST Challenges.

BEING “SMART” DOESN’T MAKE YOU SAFE

As you may have noticed, we have posted a lot on LinkedIn recently about new cyber attacks. The biggest link between these is that those attacks are commonly caused by not following best practices, or relying only on “legacy” security tools and/or the use of weak passwords.

Even with the use of today’s most advanced security tools, it can all fail at the weakest link of the security chain – people. According to csoonline, 56% of IT decision-makers claim that targeted phishing attacks are their top security threat. And this fear isn’t wrong. Everyone can be conned, even conmen. In many cases, it’s easier to get inside of the network if you abuse that fact. The most commonly used methods of exploiting people are phishing and blackmailing.

Phishing in its simplest form can be easily detected by regular humans. Because it’s not targeted, people on the receiving end can simply ask question “why did I get this email when it has nothing to do with me?” When it comes to more advanced phishing forms, like “whale” (going for the big target, e.g. top management or CEO) or spear phishing (targeted attacks against certain group/ individual), the attacker does the research and gets to know as much as possible about victims, which can be done with a search on the Internet or dumpster diving (think about what you throw away – are there any documents?). Once equipped with knowledge about the target, those attempts are way more effective.

Let’s examine it the security context. In this example, paraphrased from Christopher Hadnagy’s book “Social Engineering: The Art of Human Hacking,” an overconfident CEO is the target. The CEO thought that it’s not possible to hack him mainly for two reasons: he doesn’t utilize much technology in his personal life, and he thought that he was too smart to fall for phishing. Turns out he wasn’t that smart after all. In this example, the CEO expected an audit and readied himself for it. After scouring various sources of information, attackers decided to go with: the name of his favorite baseball team, favorite restaurant, and that he contributed funding to cancer research. On one Friday evening, a phone call took place. In it, the attacker approached the CEO with a plea asking about small contribution to the cancer cure research stating that here will be also a contest for contributors – winners will get two tickets to CEO’s favorite baseball team match (claiming that they know that baseball is not everyone’s cup of tea) and a voucher to one of three restaurants, including CEO’s favorite one. The CEO was willing to contribute, motivated by his desire to cure cancer and the possibility of winning tickets and a voucher, he told the attacker his email address, so they would be able to send him a .pdf file. That file contained a malicious code and CEO opened it, thus providing the attacker with access to his computer and everything in its reach.

Now that his computer has been compromised, as well as access to everything within the organization his authority (and passwords) will let him touch. So what to do? The attacker has access from his computer, so access rights to sensitive files are not an issue, nor is it an issue for the security team that the CEO is accessing files throughout the company. Is there a way to identify that the “CEO” accessing sensitive data is not actually the “real” CEO? Here’s where NTA technology can help. The next step following gaining access to the CEO’s accounts is to exfiltrate data. Network traffic analysis identifies that the computer in question is transmitting data where it shouldn’t, and/or in volumes that it shouldn’t. The computer can then be quarantined, the CEO alerted, and the attacker caught.

But while phishing may be the attack that’s on the mind of management, IT teams understand that “legacy” security tools, like sandbox, IDS, endpoint security or even a firewall, are not sufficient anymore. Let’s look at why.

Modern malware has many methods of detecting if it has infiltrated a “real” environment, or in cases of targeted attacks, if it has hit the right target. When such malware determines that it could be exposed, it lies dormant. This means that if you check everything that enters your company using a sandbox, malicious software can still enter the network if it is sufficiently advanced.

Known threats are usually detected by known patterns or hashes used by endpoint security or IDS, which makes them ineffective against new or advanced threats. Some endpoint security tools use AI to determine malicious behavior and are better equipped to fight new threats, but not every device can have endpoint security. Personal or “bring your own device (BYOD)” are a great example – like a laptop that an employee brings from home and connects to the network – or an IoT sensor where endpoint software cannot be installed. These devices are connected, but not secured by endpoint security.

Firewalls are essential to any networks security infrastructure, and stop communication that goes through them, meaning that generally they are able to protect the company for any threat that comes from the external network. But what if the attack starts after a user accidentally opens a communication link which allows the attacker to get behind the firewall and inside the network? What if the threat was brought inside the company by other means than through the Internet and then tries to spread in the internal network?

While the technology is different in each of these possible attacks, they all have one thing in common – attackers who exploit a gap in the security. The best gap fillers currently available are NTA solutions, like MENDEL from GREYCORTEX. MENDEL monitors all network traffic and analyzes changes of behavior in hosts, detects policy violations, data leaks, and much more. Not every unauthorized entry can be prevented before hit happens. Relying on legacy security tools means it can take months (some statistics reference nearly 200 days) to detect attackers as they move in the network. NTA solutions like MENDEL lower this time to between minutes and a few hours, often before actual damage happens in the network or the attacker knows they’ve gained access.

The question is not if you will get hacked. The question is when you will get hacked. And when that happens, are you ready for it and can you stop it, or will you still rely solely on best practices, as the CEO did, or on “legacy” security tools?


About Version 2
Version 2 is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About GREYCORTEX
GREYCORTEX uses advanced artificial intelligence, machine learning, and data mining methods to help organizations make their IT operations secure and reliable.

MENDEL, GREYCORTEX’s network traffic analysis solution, helps corporations, governments, and the critical infrastructure sector protect their futures by detecting cyber threats to sensitive data, networks, trade secrets, and reputations, which other network security products miss.

MENDEL is based on 10 years of extensive academic research and is designed using the same technology which was successful in four US-based NIST Challenges.

MENDEL 3.3 RELEASED

April 16, 2019

GREYCORTEX has released the latest version of our MENDEL network traffic analysis solution. Version 3.3 has several important new features which improve detection and response for the network security team.

The biggest is that MENDEL’s detection and visibility capabilities are now available for SCADA/ICS environments. This new capability goes beyond support for several protocols found in earlier versions of MENDEL, and extends it to a whole new module, including the ability to visualize not just devices, but time series in IEC 61850 Goose, SNMP, and IEC104 protocols.

Not content with just SCADA features, we have added new reporting for managers and security analysts, detection and logging of TLS 1.3, and fingerprinting of encrypted traffic on the JA3 framework, as well as increasing the capabilities of the multi-sensor configurations.

New features

  • New managerial and security analyst reports summarize network data and security threats
  • New module for processing and visualization of SCADA protocols, including new dashboards for visualizing time series in IEC 61850 Goose, SNMP, and IEC 104 protocols
  • Added support for parsing CC-link protocol
  • Added support for parsing Enip/CIP protocol
  • Added support for parsing Kerberos protocol
  • Added support for parsing TFTP protocol
  • Added support for parsing IKEv2 protocol
  • Added support for parsing FTP protocol including parsing FTP data streams
  • Added detection engine for SSL/TLS client fingerprints JA3
  • Added multi-disc installation of MENDEL
  • Added GUI localization into Polish and Korean
  • Introduced new light color scheme
  • Integration with firewalls from Check Point

Please note New system of reports will replace in the near future the old type of reports. If you use them don’t forget to configure new reports.

Enhancements

  • Improved installer with enhanced user interface and new features
  • Improved dark color scheme
  • Redesigned severity color scheme
  • Reorganized main menu for better accessibility
  • Redesigned user dashboards for better user experience
  • Improved network capture module for better performance and less resource consumption
  • Improved network models for faster detection and reduced storage demands
  • Improved task planner and optimization of parallelized processing in the service for better resource consumption and management creating faster processing for multiple sensors on one collector
  • Improved detection and reparation of unusual, incomplete, or swapped flows
  • Improved parsing of incomplete or unidirectional flows
  • Improved network capture default configuration for better capture on all configurations
  • Improved processing of Active Directory events for better calculation of logged users
  • Improved Mikrotik plugin
  • Added button to restore user dashboards to default
  • Improved creation of complex firewall rules in plugin
  • Improved HTTP proxy pairing for incomplete or invalid communication

Bug Fixes

In general, our development team focused on improving the user experience and reporting.

Contact your local GREYCORTEX partner to find out how you can put MENDEL v3.3 to work for you.


About Version 2
Version 2 is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About GREYCORTEX
GREYCORTEX uses advanced artificial intelligence, machine learning, and data mining methods to help organizations make their IT operations secure and reliable.

MENDEL, GREYCORTEX’s network traffic analysis solution, helps corporations, governments, and the critical infrastructure sector protect their futures by detecting cyber threats to sensitive data, networks, trade secrets, and reputations, which other network security products miss.

MENDEL is based on 10 years of extensive academic research and is designed using the same technology which was successful in four US-based NIST Challenges.

GREYCORTEX RELEASES MENDEL 3.0

March brings the most recent version of GREYCORTEX MENDEL; Version 3.0. As part of this release, MENDEL 3.0 brings several new features SOC administrators will love, as well as continued expansion for SCADA networks and upgraded hardware support.

Specifically, MENDEL now supports the latest in DELL Rx40 hardware. Those in SCADA network environments will enjoy updates to the MENDEL IDS system. Version 3.0 also includes visibility for the NFS (Network File System) and IEC 60870 5 101/104 protocols. SOC users will note that dashboards have been adjusted to better accommodate multiple sensors, and that the overall capacity for sensors connected to one collector has been increased to 30. Finally, MENDEL’s capabilities have been expanded to include the ability to add your own blacklist file, as well as export files to IBM Qradar SIEM via the LEEF format.
New Features

  • GREYCORTEX has added support for the latest Dell servers (Rx40) so users will now be able to use the latest hardware.
  • SCADA support continues, with updates to the MENDEL IDS engine to include visibility IEC 60870 5 101/104 protocols – bringing new security for professionals in the energy infrastructure sector.
  • SOC administrators will appreciate several new features in version 3.0, including new dashboard settings suitable for multiple sensors for better SOC visualization, as well as the ability to add up to 30 sensors on one collector, and finally; LEEF expert format for events exported to IBM Qradar SIEM, and the ability to upload users’ own blacklists in .csv file.

Improvements
Several MENDEL features were improved. These included easier license extension, host identification, decryption performance, status monitoring, and data export.
Bug Fixes

In general, our development team focused on improving the user experience and reporting.

Please note that updating to version 3.0 requires appliance restart and may take up to one hour.

Contact your local GREYCORTEX partner to find out how you can put MENDEL v3.0 to work for you.


About Version 2
Version 2 is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About GREYCORTEX
GREYCORTEX uses advanced artificial intelligence, machine learning, and data mining methods to help organizations make their IT operations secure and reliable.

MENDEL, GREYCORTEX’s network traffic analysis solution, helps corporations, governments, and the critical infrastructure sector protect their futures by detecting cyber threats to sensitive data, networks, trade secrets, and reputations, which other network security products miss.

MENDEL is based on 10 years of extensive academic research and is designed using the same technology which was successful in four US-based NIST Challenges.

NEW VERSION 2.3 RELEASED

GREYCORTEX launched a new 2.3 version MENDEL Analyst. It added standardized support of NetFlow and IPFIX, new ways of data presentation and several performance improvements and more.

New features

  • New tool in GUI “Network Analysis” – user defined aggregated statistics for better analysis of network traffic and security incidents
  • Standardized NetFlow with IPFIX fully supported
  • New user account administration page
  • Changelog page with history and enhanced updating using RPM packaging system

Improvements

  • Major performance improvements of signature-based detection engine
  • Improved DNS cache with TTL support for better hostname resolution
  • Improved algorithm for matching hosts with Active Directory users
  • Inserted GUI URLs kept after login
  • Improved export of charts
  • Enhanced system log management with filtering by time and a system component

About Version 2
Version 2 is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About GREYCORTEX
GREYCORTEX uses advanced artificial intelligence, machine learning, and data mining methods to help organizations make their IT operations secure and reliable.

MENDEL, GREYCORTEX’s network traffic analysis solution, helps corporations, governments, and the critical infrastructure sector protect their futures by detecting cyber threats to sensitive data, networks, trade secrets, and reputations, which other network security products miss.

MENDEL is based on 10 years of extensive academic research and is designed using the same technology which was successful in four US-based NIST Challenges.