Security is essential for a business. However, on the other hand, security is something we all wish would just happen by itself. We don’t want to spend much time adjusting settings or fixing problems. We just want our devices and data to be safe as if by magic. At least I do. And companies do not wish to appoint too many resources to the management of security, but wish to find a cost-efficient but still totally reliable way to handle security.
Since joining the company a few months back, I have had the pleasure to listen to many talented and extremely enthusiastic people talk about security – and the solutions related to it. In these months I think I have learned more about the security threats and how to prevent them than in all the years of my working life so far. One of the key learnings is that the foundation of security is to have the right tools for all levels of security.
Wouldn’t you want to stay on top of this all 24/7, but effortlessly? For that, you need a central, holistic security management tool. Without it, this can all be too hard and time-consuming and you would need a lot of resources to take care of the security issues.
Luckily, this can all be very easy with the right tool. F-Secure Policy Manager is a security management tool that lets you shift your security to autopilot. As Yoshito Sato from Green House company puts it: ”We do not have to worry if each computer is secure or not anymore”.
What smells so good? Could it be history? On Tuesday, F-Secure's corporate security team traveled to Dresden to pick up its fourth straight Best Protection award from AV-Test.org. We are now the only vendor in the history of the award to win the honor four years in a row. “Since 2011, F-Secure's security product has been a guarantee of high protection in corporate environments,” says Andreas Marx, CEO of AV-TEST. That's four years straight of the industry's best protection in a solution that provides the technology that's the basis for all of our security solutions. Success like this doesn't just mean we're good once in a while. It means we're the best every day, as the award goes to the solution that provides the most consistent protection throughout the year. We blocked 955 out of 958 real-world threats -- a 99.67 percent blocking rate -- and 112,059 out of 112,090 wide-spread malware with an astounding 99.97 percent blocking rate. That means we're about 2.67 - 2.97 percent above the industry standard. All this means if you don't use F-Secure, you could be exposing your business to thousands of more possible infections every month. You can compare these results to our competitors here. How do we do it? It's kind of like building the perfect sandwich. F-Secure Client Security layers antivirus on top of firewall on top of antispyware on top of rootkit scanning. We slather on the browsing protection to block dangerous websites. But it's not enough to block the threats we know about. That's where the secret sauce comes in. Our DeepGuard engine provides protection that reads criminals minds. As AV-Test's Andreas Marx said, “F-Secure is secure, innovative, and straightforward.” Excuse us. This is making me very hungry. We need to take a bite. Cheers, Sandra
Since news of the now infamous "Sony hack" broke, some experts have been skeptical that the government of Kim Jong Un was directly behind what appears to be the "worst hack any company has ever publicly suffered." Before the hackers dumped emails designed to humiliate the company then posted a note on Pastebin threatening the release of the "The Interview" with the ominous line “Remember the 11th of September", our Security Advisor Sean Sullivan posited a theory. He suggested that "the attack was an attempted shakedown and extortion scheme." Few companies are as vulnerable to public acts of humiliation -- thus as vulnerable to extortion -- as a global media company. But nearly every company risks potential massive financial damage from the exposure of confidential data. So what does that mean for you and your business. Here are five simple takeaways that may seem obvious to you but may not have seemed so clear to Sony: 1. If your business' network is going to be breached, it's probably going start with an employee clicking on an email attachment. "It’s interesting that, while the array of tools is diverse, the basic methods of gaining access to a victim’s environment are not," Verizon noted in its most recent Data Breach Investigations Report. "The most prolific is the old faithful: spear phishing. We (and others) have covered this ad nauseam in prior reports, but for both of you who have somehow missed it, here goes: A well-crafted and personally/professionally-relevant email is sent to a targeted user(s), prompting them to open an attachment or click a link within the message. Inevitably, they take the bait, at which point malware installs on the system, a backdoor or command channel opens, and the attacker begins a chain of actions moving toward their objective." With the wealth of information available about executives online, targeting an infected email attachment to a specific user remains the most reliable method of penetrating a network. Most of us have been using email long enough to know that a message with a file included that reeks of unprofessionalism may be dangerous. But if the email seems crafted and personal, we still may be fooled. Security education will never cure the plague human error, which is why your IT department is working overtime to break the "delivery-installation-exploitation chain". Still the basic caveat applies: Never open an attachment you weren't expecting. 2. Don't store your passwords in a folder called "Passwords". Seems obvious. But it appears Sony may have done just that. Verizon reports that credentials are the number one hacker target. With 62 percent hacks not discovered until months after a network has been hacked, the intruders will have plenty of time to poke around. Don't make it easy. 3. Plug the holes. Keep all of your system, application and security software patched and protected -- especially browsers. Don't use Java plugins. Or get protection like F-Secure Software Updater that keeps you patched seamlessly. 4. Links in email can be as dangerous as attachments. It turns out that years of indoctrination have has some effect. Users are more skeptical of attachments than of links in emails that can lead to "drive-by" web attacks and/or phishing scams -- but not skeptical enough. About 8 percent will click on an email attachment while "18 percent of users will visit a link in a phishing email. Users unfamiliar with drive-by malware might think that simply visiting a link won’t result in a compromise." 5. Remember that email is forever. Dance like no one is watching; email like it may one day be read aloud in a deposition. — Olivia Nuzzi (@Olivianuzzi) December 13, 2014 Cheers, Sandra
This May, the GameOver ZeuS botnet made history by becoming one of the largest botnets ever seized by law enforcement. Unfortunately, it's back at work. BankInfo Security's Mathew J. Schwartz explains: Nearly three months after the FBI, Europol and Britain's National Crime Agency launched"Operation Tovar" to successfully disrupt the botnet used to spread Gameover ZeuS, the malware is making a global comeback. Gameover ZeuS is a Trojan designed to steal banking and other personal credentials from infected PCs. At the time of the May law enforcement takedown, the FBI estimated that between 500,000 and 1 million PCs worldwide - one-quarter of them in the United States - were infected by the malware, which the bureau says was used to steal more than $100 million. Our Security Advisor Sean Sullivan notes that "there isn't a 'flood' of new GoZ variants". F-Secure Labs has looked at the recent threats and one of our experts has a theory about their origin. Our analyst most familiar w/ GameOver ZeuS just took a look at the latest GOZ samples. His verdict: it's very clearly the work of Slavik. — Sean Sullivan (@5ean5ullivan) August 27, 2014 Find out the latest about GoZ from Sean and Mikko Hypponen on 5 September in Threat Report Webinar live from Helsinki at 10:00 AM EST. What should you do? Our Online Scanner detects both new and old GameOver Zeus variants. Check your PC for free now. Cheers, Jason [Image by delunula dot com]