800-810-1885
Home > Blog

Blog

Will You Be Able to Access the Internet this Summer?

By Lara Bergman | Published: May 2, 2012

In the wake of a multi-million-dollar online scam, more than 300,000 computer users worldwide could find themselves without Internet access after July 9.

Sword & Shield Security Analyst Jason Graf discusses the malware called DNS Changer and what you can do to check your computer for the virus with WBIR reporter Beth Haynes and Dan Thompson, manager of AIT and product development for Claris Networks.

 

Read More »

Posted in Company News, Security News, Videos | Tagged , | Leave a comment

RESCHEDULED: EventTracker Lunch in Chattanooga May 23

By Lara Bergman | Published: April 17, 2012

Sword & Shield and our vendor partner, EventTracker by Prism Microsystems, will host a Lunch and Learn on Wednesday, May 23, from 11 a.m. to 1 p.m., at Porter’s Steakhouse in Chattanooga called, “SIEMs: Decoding the Mayhem.”

Bill Dean, Sword & Shield’s director of computer forensics and security assessments, will discuss how Security Information and Event Management (SIEM) systems can make a difference from a time and cost perspective when a computer security incident occurs.

A.N. Ananth, EventTracker’s CEO, will discuss how EventTracker’s SIEM product line can quickly and easily search through terabytes of log data to pinpoint critical events behind security and operational incidents.

About EventTracker

EventTracker is a security, compliance, and operations solution that provides a 360 degree view of your organization’s IT infrastructure. It is a comprehensive Security Incident Event Management (SIEM) solution that combines log management, log monitoring, log search, file integrity monitoring, system monitoring, reporting, analytics, and visualization for continuous monitoring of system logs, users, file changes, servers and desktops, all the way to USB and writeable media. EventTracker is designed to meet the security, compliance and operational needs of organizations with 100 to 10,000 devices in their infrastructure, protecting against inside and outside threats. Offering incremental scalability, EventTracker is a cost-effective and efficient solution, providing all the functionality and usability demanded by today’s IT security professionals.

Register for the Free Lunch and Learn

 

An asterisk (*) indicates a required field.
First Name *
Last Name *
Organization
Email *
Telephone *
Your State
Message
Spam Protection

Enter this word: captcha


 If you have trouble viewing this form in your RSS reader, you can view it on the Web here.

Posted in Events, Network Security Products | Leave a comment

Sword & Shield to Speak at NAPBS Conference

By Lara Bergman | Published: April 12, 2012

Sword & Shield Commercial Sales Manager Chris Bevil will speak to the National Association of Professional Background Screeners at the group’s 2012 annual conference in Nashville, TN April 15 – 17.

Bevil will address “The Value of an IT Risk Assessment” at 4:50 p.m. Apr. 17.

Founded in 2003 as a non-profit trade association, NAPBS® serves to represent the interest of companies offering tenant, employment and background screening. NAPBS® offers an opportunity for qualified companies to participate in shaping the body of knowledge and regulations impacting our futures.

Sword & Shield also will exhibit at the conference at booth No. 614 in the West Hall at the Renaissance Hotel’s Grand Ballroom.

Posted in Company News, Events, Security Assessments | Leave a comment

The ROI of Security Assessments

By Stephen Haywood | Published: April 9, 2012
Stephen Haywood, Security Analyst at Sword & Shield

Stephen Haywood, Security Analyst at Sword & Shield

In the business world, Return on Investment (ROI) is used to evaluate an expense and is calculated by dividing the return (benefit) of an investment by the cost of the investment. This means a higher ROI represents a better investment. In a situation where the return and cost are tangible and easily measured, calculating ROI is not difficult. Unfortunately, calculating ROI for a security assessment is not easy because most of the benefits are intangible and are not easily measured.

The primary benefit of a security assessment is the overall reduction of risk, which is accomplished by identifying and mitigating vulnerabilities, implementing or improving controls to match threat agents and attack vectors, and reducing the impact of an incident by improving incident response procedures. These benefits are difficult to measure at best, while the cost of a security assessment is glaringly obvious. Combine these two issues, and it is easy to see why companies have trouble justifying the cost of a security assessment.

Vulnerability Identification and Mitigation

A comprehensive security assessment will identify not only network vulnerabilities but also vulnerabilities in policies and procedures. The security assessment will typically confirm the vulnerabilities identified within a risk assessment and, in some cases, may identify new ones. In either case, the security consulting firm performing the assessment should provide strategies for mitigating the identified vulnerabilities. These strategies, if followed, should reduce the number of vulnerabilities, resulting in an overall reduction of risk.

It is important to understand that most vulnerabilities are the result of non-existent or poor policies, procedures, and system administration. When a security assessment is limited to only network vulnerability scanning, it may not result in an overall reduction of risk because it will not identify the vulnerabilities resulting from poor policies, procedures, and system administration.

Improved Understanding of Threats and Attack Vectors

A comprehensive security assessment should also include penetration testing. A well documented penetration test is an excellent way to gain insight into the current threat agents and attack vectors. In addition, the penetration test can identify new threats not included in the risk assessment. An improved understanding of the threats, threat agents, and attack vectors should improve the controls used to protect against those threats and threat agents resulting in an overall reduction of risk.

Preparation for Future Incidents

Another benefit of including the penetration testing with a comprehensive security assessment is the opportunity to test incident response policies, procedures and personnel. The results of the security assessment should encourage improvements in incident response procedures that will reduce the time to identify and respond to incidents. Reducing the response time during an incident may also reduce the number of affected systems and the amount of pilfered data. According to the 2011 Cost of Data Breach Study: United States (pdf link) by Symantec and the Ponemon Institute, the average cost of a data breach is 5.5 million dollars. A two percent reduction in the average cost of a data breach will significantly improve the ROI of a comprehensive security assessment.

Conclusion

The primary benefit of a comprehensive security assessment should be the overall reduction of risk. This reduction in risk can only happen when the security assessment:

  • Identifies both network vulnerabilities and vulnerabilities in the policies and procedures of the organization,
  • Is used to improve the controls meant to protect against threats to the organization, and
  • Is used to improve incident response procedures and response times.

A comprehensive security assessment that accomplishes these three things will provide the highest return on investment.

Stephen Haywood is a Security Analyst at Sword & Shield Enterprise Security. He has over ten years experience in the information technology field working as a programmer, technical trainer, network operations manager, and information security consultant. He holds a Bachelor of Science in Math and a number of industry certifications, including the Certified Information Systems Security Professional (CISSP), Offensive Security Certified Professional (OSCP), and GIAC Penetration Tester (GPEN). His blog is www.averagesecurityguy.info. Follow him on Twitter @averagesecguy.

Posted in Security Assessments | Leave a comment

Global Payments Credit Card Data Breach

By Adrian Sanabria | Published: April 3, 2012
Adrian Sanabria, PCI QSA

Adrian Sanabria, PCI Qualified Security Assessor at Sword & Shield

On Sunday, card processor Global Payments announced that data from 1.5 million credit/debit card accounts had been “exported.” It isn’t so much the size of this breach that is significant, but the fact that the company breached is one of the world’s largest payment processors.

Visa has allowed them to continue processing credit cards, but dropped them off their service provider registry (which is a BIG deal). The breach only affects North American merchants and cardholders. To give you an idea of how bad a breach at a large credit card processor can be, if a month’s worth of the transactions they handle were exposed, it is entirely possible that more than 90% of all cardholders in the US would need new credit/debit cards.

This doesn’t happen often. I only know of two other cases where a payment processor was hit by a breach. CardSystems Services, as a business, was literally destroyed by their breach. VISA and AMEX revoked processing rights, forcing CardSystems to have to shut down operations and sell off assets almost overnight. Heartland Payment Systems is the most recent case, and the second largest breach ever at 130 million. They were also stripped from the registry, but managed to recover, regain PCI compliance, and get back onto the registry within a year.

Global Payments had a public conference call at 8AM this morning that I didn’t have time to attend, but which has resulted in an explosion of news stories on the breach.

The worst thing I’ve been able to determine from the details so far, is that it seems Global Payments was storing Track Data – information swiped from the magnetic stripe on the back of the card. The PCI DSS explicitly forbids storing track data (requirement 3.2.1), and PCI considers the storage of sensitive data to be one of the most serious PCI violations. CardSystems was effectively shut down for a lesser violation, though their breach was much larger.

It will be interesting to see if any of the details of the breach are released. These details are essential for the rest of the industry to learn from Global’s mistakes. I’d like to see:

  • The attack vectors used, and the level of sophistication necessary to breach Global.
  • How long the attackers had access to systems
  • If track data really was stored, and what Global’s excuse for such a violation is
  • Why the breach was limited to only 1.5 million accounts in North America. A large processor like Global might process 1.5 million transactions in just a few days. Why weren’t more accounts stolen? Why only North America? Perhaps some effective segmentation was in place? That would be good news the PCI Council would be happy to point out.
  • And of course, we’ll hopefully eventually find out who the perps were, and their level of hacking expertise.

Time will tell.

Adrian Sanabria is a security consultant and PCI Qualified Security Assessor for Sword & Shield Enterprise Security. He draws on years of security experience in financial institutions to help large and small companies solve complex compliance and security problems. He is skilled with both high-level design as a system and security architect, and detailed analysis with a background in penetration testing, forensics and incident response. His blog is averysawaba.blogspot.com, and you can reach him on Twitter @sawaba.

Posted in Compliance, PCI, Security News | Leave a comment

Data Breach at BCBS of TN Ushers in New Era of HITECH Enforcement

By Lara Bergman | Published: March 22, 2012

Dark Reading: $1.5M Fine Marks A New Era In HITECH Enforcement

Enforcement actions from the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) just reached a new level of reality last week when the department announced a $1.5 million settlement with BlueCross BlueShield of Tennessee over a 2010 data breach, making the organization the first pay out penalties since the Health Information Technology for Economic and Clinical Health Act (HITECH) went live in 2009. The question now is whether such tangible examples of financial fallout will convince healthcare IT to invest in better security measures.

Posted in Uncategorized | Leave a comment

We’ve Partnered with nCircle to Provide SMB Scanning Services

By Lara Bergman | Published: February 22, 2012

Sword & Shield announced this week a new, strategic partnership with nCircle, the leader in automated security and compliance auditing solutions.

Under the new agreement, Sword & Shield will resell PureCloud in combination with our unique Risk Calculator in order to bring comprehensive network security and risk assessment to small and mid-sized businesses.

This service:

  • Can scan every internal or external-facing device on a small to mid-size network
  • Requires no hardware or software deployment
  • Scans every device, prioritizes all discovered vulnerabilities and provides guidance on the steps necessary to reduce or eliminate those risks

Request a demo and a free trial today or visit our security products website to order.

Posted in Company News, Network Security Products | Leave a comment

Life Imitates “Spaceballs” – Syrian President’s Password Was 12345

By Les Jones | Published: February 14, 2012

Anonymous Hacks Syrian President; His Password Was 12345:

It seems al-Assad recently became the target of web hactivist group Anonymous; the group managed to successfully hack into his email account this week. That said, we imagine the job was something of a bore for Anonymous, which just last week revealed that it had managed to eavesdrop on a phone call between Scotland Yard and the FBI. After all, it can’t have taken much hacking prowess to access an account protected with the world’s second weakest password: 12345. To make matters worse, Anonymous was also able to access 78 accounts belonging to al-Assad’s staff, with 33 of them using the same 12345 or 123456 passwords.

The Syrian President must not have watched that scene from the Mel Brooks movie “Spaceballs”.

Posted in Security News | Leave a comment

PCI Compliance Expert to Address Petroleum Retail Industry

By Lara Bergman | Published: January 20, 2012

Sword & Shield Principal Risk & Compliance Consultant Penny Walton will be a keynote luncheon speaker at the Petroleum Convenience Alliance for Technology Standards (PCATS) annual conference Jan. 23-26 in Tucson, AZ.

Walton will address the issues surrounding PCI compliance in the convenience store and petroleum retail industries at Monday’s session.

PCATS is  a non-profit organization devoted to the development, maintenance and implementation of standards, education and best practices for the convenience store and petroleum retail segments.

Walton has more than 25 years experience in the technical field in roles such as software engineering, database design & administration, network engineering, enterprise information security management, risk management and compliance oversight.   Additionally, she has extensive business experience in utilizing technology to increase the bottom line and reduce risks while controlling cost.   She possesses many technical certifications including the CRISC (Certified in Risk & Information System Controls), CISM (Certified Information System Manager), CISSP (Certified Information Systems Security Professional), CEH (Certified Ethical Hacker), CIW (Certified Internet Web Master), PCI – QSA (Payment Card Industry Qualified Security Assessor) and HiTrust Security Assessor (Health Information Trust Alliance).

Posted in Company News, Events, PCI | Leave a comment

Protecting Your Online Accounts in the Wake of a Hack

By Lara Bergman | Published: January 17, 2012

You’re a Zappos customer and you’ve just learned your personal information might have been stolen.

What do you do?

Sword & Shield Director of Computer Forensics and Security Assessments Bill Dean says to change your password… NOW!

Dean gave this advice and more in his conversation with WVLT on Monday:

 

Posted in Videos | Leave a comment