?
Solved

Data Breech Security Software

Posted on 2014-09-08
18
Medium Priority
?
608 Views
Last Modified: 2016-03-23
I got a question from my client today...

Do you have any alarms built into your computer security that triggers if there is a data breech

Never had this one before...

Is there anything out there like that or are they asking for Intrusion Alerts from the router.

Cjoego
0
Comment
Question by:Joseph Salazar
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 5
  • 2
  • +3
18 Comments
 
LVL 6

Assisted Solution

by:Mandeep Singh
Mandeep Singh earned 312 total points
ID: 40311346
Websense is kind of software that will help you in data breach security.
http://www.websense.com/content/home.aspx
0
 
LVL 10

Expert Comment

by:Scott Thomson
ID: 40311352
Hi Cjoego

While Mandeep Singh is ok he has not really elaborated on his answer. But this is most likely because you have not specified in yours.

What do you mean in this cause by "data breach" because different cases may call for different software's.
0
 
LVL 12

Expert Comment

by:trinitrotoluene
ID: 40311354
File system integrity can be monitored and you can configure the monitoring software to generate an alert whenever a file is created/modified.

At the network perimeter you can install sn Intrusion Detection System to detect any network based attacks.

Let me know your requirements and I'll be happy to advise
0
Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

 
LVL 12

Expert Comment

by:trinitrotoluene
ID: 40311357
There exist Intrusion Prevention Systems as well
0
 
LVL 25

Assisted Solution

by:madunix
madunix earned 308 total points
ID: 40311366
Read:
https://www.gov.uk/government/publications/information-security-breaches-survey-2013-technical-report
2013 information security breaches survey: technical report
2013 information security breaches survey: executive summary

A list of popular NGFW/UTM that can help you;

SonicWall      www.sonicwall.com
Juniper       www.juniper.net
Cisco     www.cisco.com
WatchGate      www.watchguard.com
CheckPoint      www.checkpoint.com
Fortinet      www.fortinet.com
Cyberroam      www.cyberoam.com
SmoothWall      www.smoothwall.net
zyWALL      www.zyxel.com
DFL      www.dlink.com
Untangle       www.untangle.com
astaro   www.astaro.com
ClearOS www.clearfoundation.com
PF www.pfsense.org
WALL www.m0n0.ch/wall
IPCop www.ipcop.org

I would also check latest industry standard for security best practices:
SANS Top 20 Critical Security Controls - Free
NIST Cybersecurity Framework - Free
ISF Standard of Good Practice - Cost
ISO27001 - Cost
Cobit - Cost (Free for ISACA Members)
CIS Benchmarks - free
0
 
LVL 64

Assisted Solution

by:btan
btan earned 764 total points
ID: 40311407
I am wondering you meant "alarm" by the physical sound alarm or the alert log or error message sent out to the admin or system owner for response and escalation per se. If it is the latter Data loss Prevention (DLP) type of solution is available at network sensor (appliance) or host (with agent) installed. And also the network IDS or IPS is the norm for security devices working together with network FW and proxy.

Most of the correlation and intelligence aggregation can be done via SIEMS or equivalent analystic in built tool as well form the various of network log or netflow as part of their ingestion. one example is lanscope http://higgrowth.com/news/release/388

Actually NSS Lab has a list of Breach Detection System (BDS) candidates as well as a wp
https://www.nsslabs.com/reports/breach-detection-systems-bds-comparative-analysis-report-security-value-map-svm
http://www.databreachtoday.com/whitepapers/nss-labs-report-breach-detection-systems-w-1146

if you are into the physical alarm, that is probably some physical control to be planted with surveillance camera etc
0
 
LVL 12

Assisted Solution

by:trinitrotoluene
trinitrotoluene earned 616 total points
ID: 40311428
Most commercially available IPSs today have the firewall and antivirus integrated.
A choice will have to be made depending on your requirements and budget constraints.

All vendors tout their wares and usually package more than the essential so do your research before taking the plunge.

You also need to check whether your systems need to meet any compliance requirements such as PCI DSS and select tools which assure you of a certain level of compliance
0
 
LVL 6

Assisted Solution

by:Mandeep Singh
Mandeep Singh earned 312 total points
ID: 40311438
beside firewall websense give you lots of features: like USB detection system and make a log of copy, paste incidents and send them to respective team for action.

It also bind user to access only specific website defined by your team.
0
 
LVL 12

Assisted Solution

by:trinitrotoluene
trinitrotoluene earned 616 total points
ID: 40311783
cjoego:

To add to what I already mentioned :

Credit companies have to comply with PCI-DSS in order to protect their customer data from being breached
You can read about it here
https://www.pcisecuritystandards.org/

Several other standards do exist. Some of the significant ones are
http://en.wikipedia.org/wiki/Gramm%E2%80%93Leach%E2%80%93Bliley_Act
http://en.wikipedia.org/wiki/Sarbanes%E2%80%93Oxley_Act

As for IPS solutions and File System monitors you can check out the following to get a hang of what its all about

http://www.mcafee.com/au/products/network-security-platform.aspx#vt=vtab-FeaturesBenefits
http://www.tripwire.com/it-security-software/scm/file-integrity-monitoring/
0
 
LVL 64

Assisted Solution

by:btan
btan earned 764 total points
ID: 40311812
one of best means is also to step back and have tunnel all exit and entry to specific points of the Organisation. It is always easily to track with lesser windows and doors.... but of course there is still instance of thumbdrive, mobile devices (esp byod)  and wireless interface which I advocate by default disable or not allow unless authorised. Such data leaks and breaches happened almost every instance and prevalent now in even real incident in cyber space (too often.. see how target and Home depot get breached via 3rd party remote capability, weakened system, n/w interconnectivity and spoofed email to users to start infestation lifecycle...). ...slight digress ...Most allude to or stated Anti-APT (advance persistent threats) by Mandiant famous APT report and Anti-AET (Advanced evasive tech) coined by Stonesoft
0
 

Author Comment

by:Joseph Salazar
ID: 40312022
Thanks Everyone,

The client said alarm probably meant Alert,  I have an Astero UTM in place.

Chinese Companies are hitting that firewall Hard....Wow!!!!

I have already run a Firewall Scan and closed 4 ports that were open,

He told me he was looking specifically for a software that alerts me in case of a Breech.

Cjoego
0
 
LVL 12

Expert Comment

by:trinitrotoluene
ID: 40312041
Thats an IPS/IDS kind of job
0
 
LVL 64

Assisted Solution

by:btan
btan earned 764 total points
ID: 40312132
IPS/IDS or BDS system can handle that and simply having a Web App FW and DDoS appliance can fend away those attacks, but note that if they come in SSL then better have a SSL decryptor to inspect. In short, you need deep packet inspection ... some candidate include

Solera (Blueocoat) under the Blue Coat ThreatBLADES
https://www.bluecoat.com/company/press-releases/solera-networks-revolutionizes-advanced-threat-protection-unifying-big-data

... in fact may just want to check back on sophos UTM Accelerated (9.2), the new SG Series Appliances, already equipped with adv threat protection etc http://www.sophos.com/en-us/products/unified-threat-management/tech-specs.aspx
Module add on on top of its " Deep Layer-7 inspection (Next-Generation Firewall) ensures true application identification and has regular automatic updates. And get feedback on unclassified applications" - but probably has to equip the right h/w spec to turn on only the essentials...

Network Protection - IPSec/SSL, ATP, VPN, IPS, DoS Protection
Web Protection - URL Filtering, Application Control, Dual Engine Antivirus
Webserver Protection - Web Application Firewall, Reverse Proxy, Antivirus
0
 
LVL 12

Assisted Solution

by:trinitrotoluene
trinitrotoluene earned 616 total points
ID: 40313689
IBM has a solutions in the Network Intrusion Prevention space and they use patented deep packet inspection which is different from the DPI done by other vendors. Their content servers also keep sending down regular security updates.
I believe you can customize a solution to suit your needs whether it be at an enterprise level or just a small LAN.

http://www-03.ibm.com/software/products/en/network-ips

Most IPS vendors today have similar offerings. McAfee, Cisco and Trend Micro are the other ones to watch out for.
http://www.cisco.com/c/en/us/products/security/intrusion-prevention-system-ips/index.html

I don't want to be doing a sales pitch here but to answer your OP, IPS is the answer to your problem
0
 
LVL 64

Assisted Solution

by:btan
btan earned 764 total points
ID: 40313698
coming back besides other alternative, for notification on alert e..g rule trigger or security event detected etc, via either by e-mail or SNMP trap. "smarthost" can be consider for smtp relay if FW cannot send e-mails directly
http://www.sophos.com/en-us/support/knowledgebase/115328.aspx

for log monitoring, you can also check out Sawmill  or SolarWinds Log & Event Manager (LEM) which can be further customised based on received info

there is even managed services for proactive monitoring
http://www.sophos.com/en-us/support/knowledgebase/29161.aspx
0
 
LVL 12

Accepted Solution

by:
trinitrotoluene earned 616 total points
ID: 40313714
managed services is nice to have if you have the budget to fit it in. Most vendors will handle it for you and you can sit back.

http://www.tripwire.com/services/managed/

http://www-935.ibm.com/services/au/en/it-services/managed-intrusion-prevention-and-detection-service.html

Database monitoring may be sufficient and might suit tighter budgets. In such a case have a look at
http://www.mcafee.com/au/products/integrity-monitoring-for-databases.aspx
0
 
LVL 64

Assisted Solution

by:btan
btan earned 764 total points
ID: 40314783
maybe Astaro Command center may be of interest - It serves as central point where you can see information on connected devices. Alert you when a device is acting differently than it has in the past, and used for informing on the trends of devices over time, so you can see information..differing from the site baseline profile
http://www.astaroguard.com/real-time-monitoring.asp
http://www.optricsinsider.com/firewalls/astaro-command-center-v3-0-released/
0
 
LVL 25

Assisted Solution

by:madunix
madunix earned 308 total points
ID: 40315615
For logs, you could use splunk.com, it's excellent as data correlation and log management, I would also check splunkstorm (splunk in the cloud) splunkstorm.com, Splunk has been named a leader in the 2014 Gartner Magic Quadrant for Security Information and Event Management (SIEM) for a second year in a row www.splunk.com/goto/SIEM_MQ_2014?awesm=splk.it_s0F
http://www.gartner.com/technology/reprints.do?id=1-1W07M7N&ct=140626&st=sb
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
With the rising number of cyber attacks in recent years, keeping your personal data safe has become more important than ever. The tips outlined in this article will help you keep your identitfy safe.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question