Why do I need N-Stalker Cloud WAF?

Published on 30.05.2018

In order to filter and block data packets from a Web application, N-Stalker Cloud WAF solution has the difficult challenge of avoiding potentially harmful traffic to information security, which may cause negative impacts on companies and users.

Known as Web Application Firewall (Web Application Firewall), the acquisition of this type of solution has never been so important, particularly in times of constant attacks, with attackers seeking unauthorized access to sensitive data such as credit card numbers and records customers, so you can use this information to commit identity theft, financial fraud and other crimes.

The importance for companies and customers

Much more to defend the company, N-Stalker Cloud WAF solution aims to protect people. Your privacy, your personal and financial data, be they customers, employees, suppliers and even top management.

Reality shows us that the purpose of the attacks is not concentrated only in harm a company or an institution, the goal is to find vulnerabilities that can impact anyone, either hitting her financially or morally.

N-Stalker Cloud WAF solution prevents these attacks, focusing on business applications, compromise Web servers and databases that are part of its architecture, avoiding data breaches.

The information security assurance brings organizations the challenge of directly address existing vulnerabilities in business applications that are part of the production environment. There is not a trivial way for companies to make it on their own, without having to resort to solutions that can protect their corporate applications and data. N-Stalker Cloud WAF solution meets that goal.

N-Stalker Cloud WAF solution meets important safety requirements

Companies in general are often required to meet policies, regulations or other set of security requirements. As an example we quote: the requirements linked to PCI DSS, ISO or other government regulations.

On existing requirements, companies have the need to use tools that assess vulnerabilities in business applications. By the nature of its architecture and functions, N-Stalker Cloud WAF solution meets different requirements related to security:

  • Ensuring Web application security
  • Application of Virtual Patch
  • attack prevention
  • Combating fraud
  • Application protection policies

In addition to safety standards, such as PCI (Security Standards Council), as mentioned earlier, we have frameworks dedicated to Web applications such as Open Web Application Security Project (OWASP), which also seeks to ensure information security.

How N-Stalker solution Cloud WAF

To understand the importance of adopting the N-Stalker Cloud WAF solution, you need to have the vision of its operation, which is based on the security control to protect Web applications against exploits, like zero-day vulnerabilities, impersonation and vulnerabilities known intrusion patterns.

Through custom inspections, N-Stalker solution is able to prevent XSS attacks (cross-site scripting, SQL injection attacks, session hijacking and Buffer Overflow. Vulnerabilities that traditional network firewalls and other intrusion detection systems they are unable to do satisfactorily.

N-Stalker Cloud WAF solution is especially useful and efficient for companies that provide products or services over the Internet and seek to preserve the integrity of the company, its customers and employees.

The challenge of maintaining a secure Web

What makes the Web so challenging security is the need to maintain widespread availability, maintaining the proper authorization to users and data security. Those are just some of the reasons why many companies now adopt the N-Stalker Cloud WAF solution with great success.

Although Web applications are fantastic unresolved problems of our daily lives, they also create opportunities for attacks that cause loss of direct revenue, customer loss of confidence and loss of confidential data.

N-Stalker Cloud WAF solution ensures credibility with customers, allows scalable and finally security, saves time monitoring through certified tools that ensure business continuity.

Cybersecurity: how to have in your company

Published on 30.05.2018

financial loss and loss of credibility. These are the critical impact that any company suffers when neglect information security. The Cybersecurity should be a priority, regardless of industry and size of the organization.

Cybersecurity is a set of technologies, processes and best practices that aims to protect networks, computers, programs and data, and especially, users against attacks, unauthorized access or damage.

What businesses should know about Cybersecurity

Ensuring cyber security requires coordinated efforts that affect all departments. The elements that are part of the Cyber ​​Security theme include:

  • Security of business applications
  • Information security / data
  • Network Security
  • disaster recovery / business continuity
  • operational safety
  • Education / end-user awareness

One of the most problematic elements involving cyber security is the rapid nature and constant evolution of cyber attacks, so the importance, for the companies, they have a proactive and preventive approach, including continuous monitoring and ratings in real time.

The importance of investing in Cybersecurity

Companies need to be ready to act before security and cyber attack incidents. You have to be able to prevent and detect in order to deal with cyber attacks and their impact.

To achieve any goal or objective, it is essential that companies make investments, including trained personnel and able to understand considered routine operations tools and detect when they move away from a state considered normal.

Still on the impact of the lack of investment and care Cybersecurity, however challenging it may seem for a company, especially those who have IT as a means, not an end, it is necessary to protect the personal information of customers and employees, information financial and operating against theft, disclosure or unauthorized changes, running the risk of being extinct due to a security incident.

Search prevention is the first step against an attack

Find a plan for cyber security company consists of objectives that organizations need to achieve to consider ready to prevent and treat incidents. Although there is a wide range of actions related to information security that should be applied in a company, the strategy must fit the reality of each organization.

However, there are minimum requirements needed to provide an organization with a reasonable level of cyber security, focusing on protection of assets considered critical for a business.

  1. Set goals and security objectives

To achieve any goal or objective that involves Cybersecurity will need a plan that provides guidance for these purposes. Information security is the overall aim of several goals that lead to a state of readiness appropriate to situations of cyber attacks and security incidents.

  1. Perform risk management

The Cybersecurity is an activity linked directly to risk management, which helps to identify information assets, people, business processes and critical technologies which are necessary for daily operations, mission fulfillment and continuity of operations.

  1. Prioritize identity management

You must have adequate access to information resources and an understanding of how they are used and by whom. The access control, authentication, authorization and reports are part of a set of mechanisms that assist in identity management.

  1. Keep constant monitoring network

Monitor the network is to control, in a security context, every packet that travels on the company network. It is the ability to analyze what information is flowing into your infrastructure and whether this flow is safe.

The search for the ideal solution

The elements described above, in addition to showing some of the priority requirements to ensure the company's Cybersecurity also help in choosing a complete solution to be adopted by the organization. Choosing the ideal solution is to reconcile the critical components, objectives and goals outlined, fit the reality of the company and where it wants to go in the future.

The security architecture must move beyond the previously described items. You must ensure that you can reach an evolutionary level of security and appropriate the reality of different types of business, as to its size and sector.

Finally, it is noteworthy that a company needs to achieve awareness of their operations and network utilization. Without an understanding of their most important assets, understand how their information systems and networks operate and how their information systems support business operations, an organization can not achieve the goal of ensuring their cybersecurity.

To learn more about Cybersecurity download our ebook on Security in Web applications, essential information to ensure the operations of your company.

What is a System Intrusion Prevention (IPS)?

Published on 30.05.2018

An Intrusion Prevention System is a proactive approach to network security, used to identify potential threats and respond quickly to attacks. The search for tools and strategies such ganhadobastante has relevance since the number of threats to information security, which now reaches all sectors of the economy, has reached alarming levels in recent years.

Data leakage times, like constant leaks via e-commerce companies and the impact on the retail sector, which suffers an average of 4,000 threats to information security each year, according to the Global State of Information Security Survey published by PwC in 2017, Prevention becomes a strategic priority.

Intrusion Detection (IDS) and intrusion prevention (IPS), because together we are stronger

With the level of attacks that we have today, noting for example the cases of ransomware, we can not think of IDS vs. IPS. Despite the differences in concept and applicability, both have the same objective: the security of information.

On a simple level, the difference is between detection and prevention. While IDS products are designed to inform you that something is trying to get into your system, the IPS products attempt to prevent access.

IDS and IPS are designed for different purposes, but their technologies are similar. The applicability of IDS is justified in situations where it is necessary to explain what happened in an attack while the IPS stops attacks. In short, an IDS system collects information that are not priorities from the perspective of the IPS, such as scans ports and other recognitions.

The efficiency of the Intrusion Prevention System - IPS

An intrusion prevention system monitors network traffic and has the ability to take immediate action, based on a set of rules established by the network administrator, where the invasion occurs because of the nature of the attack and its speed.

An efficient use of Intrusion Prevention System can for example, drop a packet that it considers malicious and block all traffic from that IP address or port. Traffic that is considered legitimate or safe, will be forwarded to the recipient without apparent interruption or delay in service.

Os mecanismos de detecção realizam o monitoramento e análises dos padrões de tráfego, bem como pacotes individuais, incluindo a correspondência de endereço, cadeia de caracteres e substring HTTP, análise de conexão TCP, detecção de anomalias de pacotes e anomalias de tráfego na comunicação de portas TCP/UDP.

Benefícios do Sistema de Prevenção de Intrusão para as empresas

A maioria das organizações hoje podem se beneficiar dos sistemas de prevenção contra invasão, uma vez que uso de tecnologias dedicadas ao uso de hardware, software e redes fazem parte da infraestrutura computacional da maioria das empresas, independente do seu tipo ou setor.

IPS technology offers many benefits for organizations, let's check out three of the most significant benefits:

  • Detects and stops attacks that other security controls do not do
  • Supports customization of detection capabilities to stop activities that are for a single organization only interest
  • Reduces the amount of network traffic that affects other security controls, which reduces the workload for these controls and protects against direct attacks.

The most important benefit provided by Intrusion Prevention System is undoubtedly the ability to detect and stop a variety of attacks that can not be automatically identified by firewalls, antivirus and other security controls of the company.

The technology employed by the IPS uses a combination of several methods to detect attacks. Each method has its own characteristics, so making the use of the strongest features of each method, an IPS can detect a wide variety of attacks.

The intrusion prevention systems are critical to most organizations in order to detect and stop network-based attacks, especially those that can not be detected by other security controls of the company.

Information security has now become mandatory requirement to ensure not only the continuity of the business, but is sure to respect the privacy and integrity of customers and suppliers.

Learn more about preventing attacks knowing Aker UTM solution

Know the importance of virtual patching

Published on 12.03.2018

One of the great challenges in providing software has to do with security updates, fixes and enhancements of systems, known as patches. They can be made available with a view to fixing bugs, security policy updates and even an adaptation of software requirements.

But the development, release and patch deployment is not a simple operation and when not planned properly, has the potential to cause major negative impacts for companies. Therefore, the patch is a major concern for IT managers.

The solution to this challenge linked to the patch management is the use of virtual patching. Your goal is to assist in the process of updating patches released by manufacturers, optimizing the work of IT teams and making the process safer.

The Importance of Virtual Patching

A good example to understand the concept of virtual patching, its importance and impact, is to remember the incidents linked to ransomware attacks that occurred recently.

The cyber attack targeted security holes that had been patched by Microsoft, but that the application of patches had not been carried out, causing major damage and inconvenience to many companies around the world.

Virtual Patching is the development and implementation in a short time, security policies to correct and prevent flaws and security holes are exploited as a result of a vulnerability discovered by hackers.

When effective, the correction patches prevent information security is compromised, preventing cyber attacks by source software code. The goal is to change or eliminate the vulnerability of an affected application for an attack or prevent potential risk.

The impact of a hacker attack to companies

Cyber ​​attacks occur in different forms and layers within a technology architecture, but in recent years we have had great advances in protecting the cyber security and the use of antivirus, firewalls and other network assets has helped us ensure a safe environment.

However, this evolution also occurred by the hackers, who have gone to seek new ways to carry out cyber attacks, using new approaches, tools and techniques that involve the participation of users unintentionally. The security breaches came to be found directly in the source code of various types of applications.

Thus the impact for businesses has been devastating, in addition to information security and compromise the privacy of users, cyber attacks has caused major financial losses and tarnishing the brand forward to investors, customers and suppliers.

Virtual Patching as an important ally in information security guarantee

Many organizations run against time to fix vulnerabilities in their systems that are discovered and increase the risk of digital attacks. During the implementation process of security patch it takes time for planning and a maintenance window to install a critical security patch.

Note that, the time spent during the implementation and application of a definitive correction concerning a security breach, it is enough that cyber attacks from happening and causing enough damage. The use of virtual patching seeks to meet the first corrective action and prevent invasions more quickly and effectively.

In addition, the IT staff is small and with limited time, it is almost impossible to conduct reviews, tests and install updates without leaving the environment vulnerable to a security incident.

The strategy used by the virtual patching offers several advantages over the installation of a patch made in the conventional way.

  • Protegeaos mission-critical components and, therefore, the operations are not interrupted during the installation process.
  • The use of this strategy quickly performs risk mitigation from a holding until an effective and permanent patch can be tested and released by the application vendor.
  • The company maintains its normal patch cycle without interrupting operations in the event of the emergence of new vulnerabilities during the installation process.
  • A virtual patching can be installed on a single strategic point of the organization and the installation process can be shared throughout the company's IT infrastructure.
  • Because the code libraries are not modified, it is unlikely that a virtual patch produces system conflicts.

There is no doubt that the Virtual Patching is an extremely valuable solution with high potential to reduce the risk of cyber attacks.

Learn more about it and know the only solution on the market that works end to end, solution of N-Stalker Cloud WAF, Achieving the best results in relation to information security of your company.

How to make application vulnerability analysis

Publicado em 23/02/2018

The vulnerability is the weakness of the applications and the IT infrastructure, so the importance of having a vulnerability management process.

Vulnerability of applications and infrastructure

Vulnerability is the weakness of the applications and the IT infrastructure. It can be a failure in one source, a breach in a configuration fault data network and even an imperfection within an IT policy, allowing malicious people to perform unauthorized operations or data theft.

Cyber ​​attacks can be produced through scripts, application use, SQL injection, Cross-site scriptingAmong other types of high-impact attacks for businesses. Currently, the automation of the attacks increases the attacker's ability to test more targets in shorter periods of time, repeating this procedure countless times waiting for a slip of the security team.

This type of attack can achieve common users, however, the main focus of security incidents are the companies where the main impacts are linked to direct financial losses (slips and financial transfers) and indirect (loss of data or credibility).

The damage to the image end up being already extended to both suppliers and customers has reduced confidence in the service or product offered, causing drop in sales in the short and medium term.

Because every company must make application vulnerability analysis

A análise de vulnerabilidade de aplicação é um processo que define, identifica e classifica as brechas de segurança (vulnerabilidades) em um software qualquer, ativo conectado a rede de dados e comunicações em geral. A análise de vulnerabilidade de aplicação atua na prevenção de ataques virtuais focados nas aplicações que os usuários utilizam como acesso a bancos, carrinhos de compra, consultas e cadastros na Internet. A análise de vulnerabilidade de infra-estrutura atua na prevenção de ataques virtuais focados nos vários ativos que compõem a base tecnológica onde as aplicações são executadas.

For businesses, the application vulnerability analysis works in important ways in cybersecurity policies with the following benefits:

  • Defines and classifies technology resources, such as network and systems;
  • Attaches importance levels, risks and impacts to technology resources;
  • Identifies potential threats to each resource;
  • Sets responsible for correction of vulnerabilities;
  • It provides information for developing strategies to deal with potential problems based on the risks and impacts;
  • Helps in minimizing the impact in the event of cyber attacks.

If you find security breaches as a result of application vulnerability analysis it is necessary to take the necessary actions, which may be preventive or corrective. For this are professionals and information security specialist tools used before the vulnerability becomes a real threat and cause damage.

How do existing solutions on the market

Based on databases containing information on known vulnerabilities, existing solutions in the market looking for security loopholes in hardware infrastructure, software and technology services used by businesses.

Also, make penetration tests (pentesting) That can be automated or performed manually by running the collection of information about the target set previously. The goal is to identify input ports that may result in cyber attacks, which happened a short time in large companies related to the e-commerce segment.

After the process of analysis and application security testing vulnerabilities, all found security breaches are identified and classified. This step includes the evaluation of corrective and preventive measures to be taken by the company.

Solution N-Stalker Cloud WAF

When it comes to tools for application vulnerability analysis, you need to be sure about choosing the right tool.

While there are products that address areas of vulnerability management lifecycle, a major challenge is to have a solution that provides all the necessary components to support a complete vulnerability management program presenting the best results.

Before deciding on a tool, you must understand the capacity of integration and functionality of the solution, considering the essential points analysis process application vulnerabilities such as:

  • The asset management
  • The platform coverage
  • The ability to aggregate vulnerability data sources
  • Compatibility with third-party vulnerability references
  • Setting priorities
  • The existence of workflows
  • Ease of Use
  • Creating reports

Among several other important features and functionalities that should be part of a tool to be used as a prevention and correction of security incidents.

A tool that has the example set of necessary features to ensure information security in your company is the N-Stalker Cloud WAF, One solution of software and services for vulnerability management in web applications and network assets.

The platform aims to improve the efficiency of security and governance process for the information technology companies. Integrating the platform with management software solutions and network assets, the main scanning engines and central specialized support.

The solution N-Stalker Cloud WAF leads to a significant improvement in the degree of maturity of information security and IT governance, with minimal impact on investments in technology companies.

As the nature of threats is constantly evolving, the vulnerability management planning comprises a continuum of practices that should be constantly updated to ensure effectiveness in the fight against cyber attacks and data theft.

Get to know the N-Stalker Cloud WAF solution contact our experts and already do the analysis management application vulnerabilities and infrastructure in your company.

Aker N-Stalker warns of potential attack on mobile devices and PCs

Published on 12.01.2018

publication of details about the Meltdown and Specter threats can open spaces to hacker attacks

São Paulo, January 10, 2018 - What should be a potential work of academic research on vulnerabilities in the most commonly used architecture microprocessors eventually accelerate the development of two major vulnerabilities affecting most computing devices around the world. Meltdown threats and calls Specter took the whole world, causing suppliers to work hastily to fix the problems in their products.

The questions apply to the main modern microprocessors, keystone for the operation of computers, smartphones and computing devices that are powered today by almost every major market of operating systems (Windows, Linux, Android, iOS, MacOS, FreeBSD and more) .

Because these are unprecedented failures, Thiago Zaninotti, CTO of Aker N-Stalker, Brazilian leader in cybersecurity technologies, explains what they are, how they affect us and how we can protect ourselves from these threats:

What are Specter and Meltdown?
O Meltdown (CVE-2017-5754) e Spectre (CVE-2017-5753, CVE-2017-5715) são ataques distintos, descoberto por pesquisadores independentes, mas que acabam por ter um efeito colateral semelhante: acesso a dados sensíveis sem o devido controle. Para ajudar a entender melhor funcionamento do ataque e a extensão do problema, vamos utilizar uma analogia do nosso dia-a-dia.

Toda vez que você liga o aplicativo de trânsito para sair de casa até o trabalho/escola, o sistema de GPS tem por objetivo lhe entregar a rota mais rápida para seu destino. Para fazer isso, o sistema calcula todos os possíveis caminhos alternativos, levando em consideração a frequência, trânsito e outras variáveis para escolher melhor caminho, desprezando todos os outros.

Da mesma forma, os microprocessadores modernos também possuem um sistema de previsão para calcular o melhor desempenho para os seus usuários. Sabendo que você sempre acessa a Internet quando está abrindo um determinado aplicativo, o seu processador executa estas instruções de maneira especulativa, buscando lhe entregar a melhor rota caso você decida realmente abrir o aplicativo. Desta forma, durante este exercício especulativo, o processador acaba por acessar e armazenar informações sensíveis, que podem ser utilizadas ou descartadas, de acordo com o comportamento do usuário.

These attacks consist in exploring this phase of speculative exercise when sensitive information is stored temporarily in common areas of the processor and may be redeemed by another process without access privilege. The extent of the problem ends up getting clear: Any malicious applications can access data from other applications that are running under the same microprocessor.

How can this attack affect me?
Any program that executes instructions inside your computer, including sites that are being viewed on the Internet, could try to exploit these flaws, seeking the temporary memory of your processor for sensitive information such as passwords, financial data or encryption keys. This means that you can be attacked just browsing the Internet.

At this point, examples of tools that exploit this type of attack, as well as technical details of exploration, are already widely disseminated on the Internet. Therefore, it is expected to pass attack to be increasingly common in the coming hours.

How to identify an attack?
Because it is a sophisticated attack, there is no safe way to identify whether the end user is being targeted in this attack. Some of the telltale signs may be abnormal consumption of CPU resources during Internet browsing, especially javascript resources. Anyway, we recommend that users take immediate preventive measures to avoid the attack.

How to protect against CPU failure Meltdown and Specter?
Some international institutions, including the US-CERT, suggested that the only real fix for these issues would be the complete replacement of microprocessors, however, because it is a problem with more than 20 years, it appears to be an impractical output in economic terms.

On the other hand, suppliers have made significant progress in the deployment of patches and firmware updates. Although the Meltdown of the fault has been corrected by most companies such as Microsoft, Apple and Google, the Specter is not easy to fix and will chase people for some time. At this time, we recommend that users take the following measures:

  • Keep your updated operating systems ;.
  • In the case of equipment or devices, check the firmware update from the manufacturer;
  • Upgrade your browser to the latest version available. In the case of chrome-enable the functionality "site isolation"As a countermeasure until a final update is available.
  • Keep your antivirus and download software only from trusted sources;

For corporate users, we recommend the adoption of a vulnerability management system to identify and build an action plan for correction of potential vulnerable assets.

Source: Vida Modernahttp://bit.ly/2Ftpyj5