At F-Secure, we not only aim to protect our customers with the best security possible, we also want to do it in the smartest possible way. And here’s some good news: Globally renowned Forrester Research has looked at small business and enterprise client security vendors around the world and found that we’re succeeding in both areas.
We’re proud to be featured in The Forrester Wave™, Endpoint Security Q1 2013 as top-ranked in Strategy. Forrester Research Inc. called us a Strong Performer and gave us the highest score among all vendors for our product roadmap and strategy.
What makes our approach to securing the workplace so appealing is that we don’t see ourselves just offering our clients security software—we take away the worry of securing your office and let our professionals do the job. I recently had a discussion with an end customer of ours in the media industry. He told me that he’s not really interested in what happens in the background and how our products work – he only wants to know that the level of protection is sufficient. And this is not a unique case; we’ve heard the same story from many of our customers.
This simple, breakthrough approach also makes it easier and more affordable to deploy the award-winning security we’ve been providing for more than two decades.
“We think this vision is closely aligned with the bigger climate change where IT all over the world is moving to procuring services rather than products,” Forrester said.
Forrester also praised our rootkit detection and DeepGuard, which we’re especially proud of. Deepguard anticipates threats using heuristical, behavioral and reputation-based technologies.
The other morning when I was commuting to the office in freezing cold weather, I started thinking about layered protection – a term we use to describe the way our protection technology is built. Security is a bit like weather; we forecast it to be able to be prepared. And the colder it gets, the more layers we need to protect us. It is not always that we need all the layers we’ve got at the back of our closet, but we still need to have them come the winter frosts – and the same logic goes for the different layers included in our security products.
Just as clothing companies develop better materials, we continuously develop new technologies to protect our customers
Forrester credited our Labs’ research and gave our Client Security credit for performance, anti-malware detection and customer feedback.
The best news is that they evaluated us even before our new Software Updater tool, which makes it easy to keep your network patched and protected, was released. And that’s a big part of how we try to be smart—by always improving.
Here are some of our tips on securing your business network. And you can find out more about our corporate service portfolio here.
[Photo by Sean MacEntee via Flickr]
F-Secure Chief Research Officer Mikko Hypponen appeared on the BBC recently to talk about cyber security, data breaches, and “dadada.” [youtube=https://www.youtube.com/watch?v=o19KaRl2ihQ&w=560&h=315] During the interview, Mikko described the current state of cyber security as a “cat and mouse race between the attackers and between the defenders.” It might not be as exciting as watching Formula 1 or a marathon, but it’s not as dull as writing some software that stops computer viruses. It’s about actions and reactions - it’s a race. So where do the defenders go to talk shop? Well, this week they’ll be congregating at the annual CyberDef-CyberSec Forum in Paris. CyberDef-CyberSec is an annual event that brings together various stakeholders in the cyber security and cyber defense fields to share knowledge and discuss issues. This year’s event is expected to be massive, with 55,000 industry professionals from 143 countries, as well as 173 official delegations and 700 journalists, slated to attend. F-Secure’s joint sponsoring this year’s event, and sending some of our cyber security experts, including Mikko to share their insights on the threat landscape facing people, companies, and governments. Mikko will be giving a 45-minute talk called “The Cyber Arms Race” that explores the evolution of online threats into weapons for cyber warfare. Also making an appearance is F-Secure’s cyber security guru Erka Koivunen, and F-Secure Regional Head of Corporate Sales Olivier Quiniou. Both will touch on how today’s cyber threats are wreaking havoc on the cyber security of companies. Erka’s talk, entitled “Data Breaches eat CEOs for Breakfast”, may be particularly poignant in the aftermath of the recent firing of the CEO of FACC – an aircraft component manufacturer that was hit by a cyber attack earlier in the year. Olivier, meanwhile, will be giving a 15-minute speech about the chaos cyber attacks can cause for companies. You can check out the program for the conference for dates and times. [Image by dougwoods | Flickr]
You know you're a technical security consultant when you can say the best part of your job is breaking things. Javier Moreno is passionate about improving enterprise security - and to make a technology better, he breaks it first. The thrill of figuring out a software's weakness drives Javier, but also the knowledge that he's providing secure technology to the customer. As a Senior Security Consultant, Javier is one of our experts in F-Secure's Cyber Security Services (CSS) unit. CSS helps organizations enhance their overall security to protect against cyber attacks. (And they're hiring! Interested in joining them as they strive to be the leading and most trustworthy security assessment team in Europe? Check out our open positions.) So what's it like to work in CSS? I asked Javier about his job, what he likes about F-Secure, and how he ended up here in the first place. What do you in your role? I perform security assessments of all sorts of technologies. In short, either break them or know where they will break, and then help improve those technologies. Fortunately, our internal processes are quite optimized so we don't have to deal with much bureaucracy. That means I can focus on the work that I am most interested in. For me, that's reading code, disassembling binaries, thinking about how a framework will break or will be misused, and programming small tools to aid my process. It takes patience! I really enjoy figuring out new things. What is Cyber Security Services all about? CSS is about establishing a trust relationship with our customers and challenging them to improve their security, while providing them with the necessary information and tools to have an advantage. We perform technical assessments for our customers, and also advise the C-level and counsel them on security and risk management. We've grown to cover many topics: application and network security, incident response, embedded systems, transportation security and more. What do you like about working in Cyber Security Services? For me the best part of CSS is the people on the team. We all rely on each other, learn from each other, and in the end we provide the best results to our customers. Our team in CSS is big and skilled enough to cover many facets. We really love security. "End users should not be expected to understand the consequences of technologies, so it's our task to provide them with things that are secure and safe by default." What is the most exciting part of your job? As a security consultant, I have to say it - it's when something breaks! It's the thrill of working on something that is obscure and difficult to understand at first, and how that untangles to the point where you can control it. Do you feel like you are making a difference in the world? The technologies the modern world is built on require security to run properly. Whether we like or not, end users should not be expected to understand the consequences of technologies, so it's our task to provide them with things that are secure and safe by default - built-in! I am not a savior of anything, but I sure like to do my job well and put a lot of effort into it. Our passion is what makes the difference for our customers and users. What is your ultimate dream job? I don't think there's an "ultimate" job. I try to do the best I can in every area: offensive, defensive, designer, builder, breaker, conceiver of next step. I always try to mix consulting with research and the latter is what is more interesting to me. What path brought you to this position with F-Secure? My background, rather than being in computer science, is in telecommunications engineering. The University in Spain was much more theoretical than practical and it covered a lot of topics, so I ended up with quite a multidisciplinary profile, something in between hardware and software. I started in the space field, but infosec was my hobby for a long time and soon I started doing it full time, moving away from the typical engineering path. In any case, in this field, degrees and certifications generally mean nothing - they are just enablers, a jumpstart. Infosec is a very broad field of work and requires passion, maybe even obsession, if you want to cover enough aspects and be good enough. In 2010, I moved to Germany to pursue a more interesting security market and have been part of F-Secure's CSS Germany team for over a year now. Want to learn more about a career with F-Secure Cyber Security Services? View our various open positions in sales, risk/security management, technical consulting, and people management.
The Sony hack of late 2014 sent shock waves through Hollywood that rippled out into the rest of the world for months. The ironic hack of the dubious surveillance software company Hacking Team last summer showed no one is immune to a data breach - not even a company that specializes in breaking into systems. After a big hack, some of the first questions asked are how the attacker got in, and whether it could have been prevented. But today we're asking a different question: whether, once the attacker was already in the network, the breach could have been detected. And stopped. Here's why: Advanced attacks like the ones that hit Sony and Hacking Team are carried out by highly skilled attackers who specifically target a certain organization. Preventive measures block the great majority of threats out there, but advanced attackers know how to get around a company's defenses. The better preventive security a company has in place, the harder it will be to get in…but the most highly skilled, highly motivated attackers will still find a way in somehow. That's where detection comes in. Thinking like an attacker If an attacker does get through a company's defensive walls, it's critical to be able detect their presence as early as possible, to limit the damage they can do. There has been no official confirmation of when Sony's actual breach first took place, but some reports say the company had been breached for a year before the attackers froze up Sony's systems and began leaking volumes of juicy info about the studio's inner workings. That's a long time for someone to be roaming around in a network, harvesting data. So how does one detect an attacker inside a network? By thinking like an attacker. And thinking like an attacker requires having a thorough knowledge of how attackers work, to be able to spot their telltale traces and distinguish them from legitimate users. Advanced or APT (Advanced Persistent Threat) attacks differ depending on the situation and the goals of the attacker, but in general their attacks tend to follow a pattern. Once they've chosen a target company and performed reconnaissance to find out more about the company and how to best compromise it, their attacks generally cover the following phases: 1. Gain a foothold. The first step is to infect a machine within the organization. This is typically done by exploiting software vulnerabilities on servers or endpoints, or by using social engineering tactics such as phishing, spear-phishing, watering holes, or man-in-the-middle attacks. 2. Achieve persistence. The initial step must also perform some action that lets the attacker access the system later at will. This means a persistent component that creates a backdoor the attacker can re-enter through later. 3. Perform network reconnaissance. Gather information about the initial compromised system and the whole network to figure out where and how to advance in the network. 4. Lateral movement. Gain access to further systems as needed, depending on what the goal of the attack is. Steps 2-4 are then repeated as needed to gain access to the target data or system. 5. Collect target data. Identify and collect files, credentials, emails, and other forms of intercepted communications. 6. Exfiltrate target data. Copy data to the attackers via network. Steps 5 and 6 can also happen in small increments over time. In some cases these steps are augmented with sabotaging data or systems. 7. Cover tracks. Evidence of what was done and how it was done is easily erased by deleting and modifying logs and file access times. This can happen throughout the attack, not just at the end. For each phase, there are various tactics, techniques and procedures attackers use to accomplish the task as covertly as possible. Combined with an awareness and visibility of what is happening throughout the network, knowledge of these tools and techniques is what will enable companies to detect attackers in their networks and stop them in their tracks. Following the signs Sony may have been breached for a year, but signs of the attack were there all along. Perhaps these signs just weren't being watched for - or perhaps they were missed. The attackers tried to cover their tracks (step 7) with two specific tools that forged logs and file access and creation times - tools that could have been detected as being suspicious. These tools were used throughout the attack, not just at the end, so detection would have happened well before all the damage was done, saving Sony and its executives much embarrassment, difficult PR, lost productivity, and untold millions of dollars. In the case of Hacking Team, the hacker known as Phineas Fisher used a network scanner called nmap, a common network scanning tool, to gather information about the organization’s internal network and figure out how to advance the attack (step 3). Nmap activity on a company internal network should be flagged as a suspicious activity. For moving inside the network, step 4, he used methods based on the built-in Windows management framework, PowerShell, and the well-known tool psexec from SysInternals. These techniques could also potentially have been picked up on from the way they were used that would differ from a legitimate user. These are just a few examples of how a knowledge of how attackers work can be used to detect and stop them. In practice, F-Secure does this with a new service we've just launched called Rapid Detection Service. The service uses a combination of human and machine intelligence to monitor what's going on inside a company network and detect suspicious behavior. Our promise is that once we've detected a breach, we'll alert the company within 30 minutes. They'll find out about it first from us, not from the headlines. One F-Secure analyst sums it up nicely: "The goal is to make it impossible for an attacker to wiggle his way from an initial breach to his eventual goal." After all, breaches do happen. The next step, then, is to be prepared. Photo: Getty Images