Solved

Data Breech Security Software

Posted on 2014-09-08
18
583 Views
Last Modified: 2016-03-23
I got a question from my client today...

Do you have any alarms built into your computer security that triggers if there is a data breech

Never had this one before...

Is there anything out there like that or are they asking for Intrusion Alerts from the router.

Cjoego
0
Comment
Question by:Joseph Salazar
  • 7
  • 5
  • 2
  • +3
18 Comments
 
LVL 6

Assisted Solution

by:Mandeep Singh
Mandeep Singh earned 78 total points
ID: 40311346
Websense is kind of software that will help you in data breach security.
http://www.websense.com/content/home.aspx
0
 
LVL 10

Expert Comment

by:Scott Thomson
ID: 40311352
Hi Cjoego

While Mandeep Singh is ok he has not really elaborated on his answer. But this is most likely because you have not specified in yours.

What do you mean in this cause by "data breach" because different cases may call for different software's.
0
 
LVL 12

Expert Comment

by:trinitrotoluene
ID: 40311354
File system integrity can be monitored and you can configure the monitoring software to generate an alert whenever a file is created/modified.

At the network perimeter you can install sn Intrusion Detection System to detect any network based attacks.

Let me know your requirements and I'll be happy to advise
0
 
LVL 12

Expert Comment

by:trinitrotoluene
ID: 40311357
There exist Intrusion Prevention Systems as well
0
 
LVL 25

Assisted Solution

by:madunix
madunix earned 77 total points
ID: 40311366
Read:
https://www.gov.uk/government/publications/information-security-breaches-survey-2013-technical-report
2013 information security breaches survey: technical report
2013 information security breaches survey: executive summary

A list of popular NGFW/UTM that can help you;

SonicWall      www.sonicwall.com
Juniper       www.juniper.net
Cisco     www.cisco.com
WatchGate      www.watchguard.com
CheckPoint      www.checkpoint.com
Fortinet      www.fortinet.com
Cyberroam      www.cyberoam.com
SmoothWall      www.smoothwall.net
zyWALL      www.zyxel.com
DFL      www.dlink.com
Untangle       www.untangle.com
astaro   www.astaro.com
ClearOS www.clearfoundation.com
PF www.pfsense.org
WALL www.m0n0.ch/wall
IPCop www.ipcop.org

I would also check latest industry standard for security best practices:
SANS Top 20 Critical Security Controls - Free
NIST Cybersecurity Framework - Free
ISF Standard of Good Practice - Cost
ISO27001 - Cost
Cobit - Cost (Free for ISACA Members)
CIS Benchmarks - free
0
 
LVL 61

Assisted Solution

by:btan
btan earned 191 total points
ID: 40311407
I am wondering you meant "alarm" by the physical sound alarm or the alert log or error message sent out to the admin or system owner for response and escalation per se. If it is the latter Data loss Prevention (DLP) type of solution is available at network sensor (appliance) or host (with agent) installed. And also the network IDS or IPS is the norm for security devices working together with network FW and proxy.

Most of the correlation and intelligence aggregation can be done via SIEMS or equivalent analystic in built tool as well form the various of network log or netflow as part of their ingestion. one example is lanscope http://higgrowth.com/news/release/388

Actually NSS Lab has a list of Breach Detection System (BDS) candidates as well as a wp
https://www.nsslabs.com/reports/breach-detection-systems-bds-comparative-analysis-report-security-value-map-svm
http://www.databreachtoday.com/whitepapers/nss-labs-report-breach-detection-systems-w-1146

if you are into the physical alarm, that is probably some physical control to be planted with surveillance camera etc
0
 
LVL 12

Assisted Solution

by:trinitrotoluene
trinitrotoluene earned 154 total points
ID: 40311428
Most commercially available IPSs today have the firewall and antivirus integrated.
A choice will have to be made depending on your requirements and budget constraints.

All vendors tout their wares and usually package more than the essential so do your research before taking the plunge.

You also need to check whether your systems need to meet any compliance requirements such as PCI DSS and select tools which assure you of a certain level of compliance
0
 
LVL 6

Assisted Solution

by:Mandeep Singh
Mandeep Singh earned 78 total points
ID: 40311438
beside firewall websense give you lots of features: like USB detection system and make a log of copy, paste incidents and send them to respective team for action.

It also bind user to access only specific website defined by your team.
0
 
LVL 12

Assisted Solution

by:trinitrotoluene
trinitrotoluene earned 154 total points
ID: 40311783
cjoego:

To add to what I already mentioned :

Credit companies have to comply with PCI-DSS in order to protect their customer data from being breached
You can read about it here
https://www.pcisecuritystandards.org/

Several other standards do exist. Some of the significant ones are
http://en.wikipedia.org/wiki/Gramm%E2%80%93Leach%E2%80%93Bliley_Act
http://en.wikipedia.org/wiki/Sarbanes%E2%80%93Oxley_Act

As for IPS solutions and File System monitors you can check out the following to get a hang of what its all about

http://www.mcafee.com/au/products/network-security-platform.aspx#vt=vtab-FeaturesBenefits
http://www.tripwire.com/it-security-software/scm/file-integrity-monitoring/
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 61

Assisted Solution

by:btan
btan earned 191 total points
ID: 40311812
one of best means is also to step back and have tunnel all exit and entry to specific points of the Organisation. It is always easily to track with lesser windows and doors.... but of course there is still instance of thumbdrive, mobile devices (esp byod)  and wireless interface which I advocate by default disable or not allow unless authorised. Such data leaks and breaches happened almost every instance and prevalent now in even real incident in cyber space (too often.. see how target and Home depot get breached via 3rd party remote capability, weakened system, n/w interconnectivity and spoofed email to users to start infestation lifecycle...). ...slight digress ...Most allude to or stated Anti-APT (advance persistent threats) by Mandiant famous APT report and Anti-AET (Advanced evasive tech) coined by Stonesoft
0
 

Author Comment

by:Joseph Salazar
ID: 40312022
Thanks Everyone,

The client said alarm probably meant Alert,  I have an Astero UTM in place.

Chinese Companies are hitting that firewall Hard....Wow!!!!

I have already run a Firewall Scan and closed 4 ports that were open,

He told me he was looking specifically for a software that alerts me in case of a Breech.

Cjoego
0
 
LVL 12

Expert Comment

by:trinitrotoluene
ID: 40312041
Thats an IPS/IDS kind of job
0
 
LVL 61

Assisted Solution

by:btan
btan earned 191 total points
ID: 40312132
IPS/IDS or BDS system can handle that and simply having a Web App FW and DDoS appliance can fend away those attacks, but note that if they come in SSL then better have a SSL decryptor to inspect. In short, you need deep packet inspection ... some candidate include

Solera (Blueocoat) under the Blue Coat ThreatBLADES
https://www.bluecoat.com/company/press-releases/solera-networks-revolutionizes-advanced-threat-protection-unifying-big-data

... in fact may just want to check back on sophos UTM Accelerated (9.2), the new SG Series Appliances, already equipped with adv threat protection etc http://www.sophos.com/en-us/products/unified-threat-management/tech-specs.aspx
Module add on on top of its " Deep Layer-7 inspection (Next-Generation Firewall) ensures true application identification and has regular automatic updates. And get feedback on unclassified applications" - but probably has to equip the right h/w spec to turn on only the essentials...

Network Protection - IPSec/SSL, ATP, VPN, IPS, DoS Protection
Web Protection - URL Filtering, Application Control, Dual Engine Antivirus
Webserver Protection - Web Application Firewall, Reverse Proxy, Antivirus
0
 
LVL 12

Assisted Solution

by:trinitrotoluene
trinitrotoluene earned 154 total points
ID: 40313689
IBM has a solutions in the Network Intrusion Prevention space and they use patented deep packet inspection which is different from the DPI done by other vendors. Their content servers also keep sending down regular security updates.
I believe you can customize a solution to suit your needs whether it be at an enterprise level or just a small LAN.

http://www-03.ibm.com/software/products/en/network-ips

Most IPS vendors today have similar offerings. McAfee, Cisco and Trend Micro are the other ones to watch out for.
http://www.cisco.com/c/en/us/products/security/intrusion-prevention-system-ips/index.html

I don't want to be doing a sales pitch here but to answer your OP, IPS is the answer to your problem
0
 
LVL 61

Assisted Solution

by:btan
btan earned 191 total points
ID: 40313698
coming back besides other alternative, for notification on alert e..g rule trigger or security event detected etc, via either by e-mail or SNMP trap. "smarthost" can be consider for smtp relay if FW cannot send e-mails directly
http://www.sophos.com/en-us/support/knowledgebase/115328.aspx

for log monitoring, you can also check out Sawmill  or SolarWinds Log & Event Manager (LEM) which can be further customised based on received info

there is even managed services for proactive monitoring
http://www.sophos.com/en-us/support/knowledgebase/29161.aspx
0
 
LVL 12

Accepted Solution

by:
trinitrotoluene earned 154 total points
ID: 40313714
managed services is nice to have if you have the budget to fit it in. Most vendors will handle it for you and you can sit back.

http://www.tripwire.com/services/managed/

http://www-935.ibm.com/services/au/en/it-services/managed-intrusion-prevention-and-detection-service.html

Database monitoring may be sufficient and might suit tighter budgets. In such a case have a look at
http://www.mcafee.com/au/products/integrity-monitoring-for-databases.aspx
0
 
LVL 61

Assisted Solution

by:btan
btan earned 191 total points
ID: 40314783
maybe Astaro Command center may be of interest - It serves as central point where you can see information on connected devices. Alert you when a device is acting differently than it has in the past, and used for informing on the trends of devices over time, so you can see information..differing from the site baseline profile
http://www.astaroguard.com/real-time-monitoring.asp
http://www.optricsinsider.com/firewalls/astaro-command-center-v3-0-released/
0
 
LVL 25

Assisted Solution

by:madunix
madunix earned 77 total points
ID: 40315615
For logs, you could use splunk.com, it's excellent as data correlation and log management, I would also check splunkstorm (splunk in the cloud) splunkstorm.com, Splunk has been named a leader in the 2014 Gartner Magic Quadrant for Security Information and Event Management (SIEM) for a second year in a row www.splunk.com/goto/SIEM_MQ_2014?awesm=splk.it_s0F
http://www.gartner.com/technology/reprints.do?id=1-1W07M7N&ct=140626&st=sb
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
Phishing is at the top of most security top 10 efforts you should be pursuing in 2016 and beyond. If you don't have phishing incorporated into your Security Awareness Program yet, now is the time. Phishers, and the scams they use, are only going to …
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now