Managing security is neither hard nor time consuming

Security is essential for a business. However, on the other hand, security is something we all wish would just happen by itself. We don’t want to spend much time adjusting settings or fixing problems. We just want our devices and data to be safe as if by magic. At least I do. And companies do not wish to appoint too many resources to the management of security, but wish to find a cost-efficient but still totally reliable way to handle security.

Since joining the company a few months back, I have had the pleasure to listen to many talented and extremely enthusiastic people talk about security – and the solutions related to it. In these months I think I have learned more about the security threats and how to prevent them than in all the years of my working life so far.  One of the key learnings is that the foundation of security is to have the right tools for all levels of security.


  • End-point protection protects you from internet threats. According to F-Secure Threat Report H2/2012, the most common way to get hit by malware is browsing the web.
  • Server protection keeps your content safe from spam, malware and other threats. Protecting servers certainly doesn’t sound like a hot topic, but talking to our product managers, it actually is something much more interesting than you would first think.
  • Email protection safeguards your communication. Even though email no longer is the number one target for attacks, due to its frequent and wide use, email protection is still as relevant as ever. Talking to one of our sales engineers just the other day, I was shown some stunning examples of how reliable and trustworthy spam mail can actually look like! Forget about the typical “Click here for this unbelievable one-time offer” type of obvious attempts… – Spam today is much more sophisticated.
  • Web filtering protects your identity and reputation. The Threat Report additionally states that some types of hosting sites are favored by criminals and recently, dynamic DNS providers have been the fastest growing target for malware hosting. 87% of the domains supported by one of the top 3 dynamic DNS providers hosted malicious content. Think – 87%! Cannot be very good for the DNS provider’s reputation…

Wouldn’t you want to stay on top of this all 24/7, but effortlessly? For that, you need a central, holistic security management tool. Without it, this can all be too hard and time-consuming and you would need a lot of resources to take care of the security issues.

Luckily, this can all be very easy with the right tool. F-Secure Policy Manager is a security management tool that lets you shift your security to autopilot. As Yoshito Sato from Green House company puts it: ”We do not have to worry if each computer is secure or not anymore”.

Cheers, Eija

More posts from this topic


Cyber Defense – A Cat and Mouse Race

F-Secure Chief Research Officer Mikko Hypponen appeared on the BBC recently to talk about cyber security, data breaches, and “dadada.” [youtube=] During the interview, Mikko described the current state of cyber security as a “cat and mouse race between the attackers and between the defenders.” It might not be as exciting as watching Formula 1 or a marathon, but it’s not as dull as writing some software that stops computer viruses. It’s about actions and reactions - it’s a race. So where do the defenders go to talk shop? Well, this week they’ll be congregating at the annual CyberDef-CyberSec Forum in Paris. CyberDef-CyberSec is an annual event that brings together various stakeholders in the cyber security and cyber defense fields to share knowledge and discuss issues. This year’s event is expected to be massive, with 55,000 industry professionals from 143 countries, as well as 173 official delegations and 700 journalists, slated to attend. F-Secure’s joint sponsoring this year’s event, and sending some of our cyber security experts, including Mikko to share their insights on the threat landscape facing people, companies, and governments. Mikko will be giving a 45-minute talk called “The Cyber Arms Race” that explores the evolution of online threats into weapons for cyber warfare. Also making an appearance is F-Secure’s cyber security guru Erka Koivunen, and F-Secure Regional Head of Corporate Sales Olivier Quiniou. Both will touch on how today’s cyber threats are wreaking havoc on the cyber security of companies. Erka’s talk, entitled “Data Breaches eat CEOs for Breakfast”, may be particularly poignant in the aftermath of the recent firing of the CEO of FACC – an aircraft component manufacturer that was hit by a cyber attack earlier in the year. Olivier, meanwhile, will be giving a 15-minute speech about the chaos cyber attacks can cause for companies. You can check out the program for the conference for dates and times. [Image by dougwoods | Flickr]

June 13, 2016
F-Secure fellow in Cyber Security Services

7 Questions for Javier, an F-Secure Cyber Security Expert

You know you're a technical security consultant when you can say the best part of your job is breaking things. Javier Moreno is passionate about improving enterprise security - and to make a technology better, he breaks it first. The thrill of figuring out a software's weakness drives Javier, but also the knowledge that he's providing secure technology to the customer. As a Senior Security Consultant, Javier is one of our experts in F-Secure's Cyber Security Services (CSS) unit. CSS helps organizations enhance their overall security to protect against cyber attacks. (And they're hiring! Interested in joining them as they strive to be the leading and most trustworthy security assessment team in Europe? Check out our open positions.) So what's it like to work in CSS? I asked Javier about his job, what he likes about F-Secure, and how he ended up here in the first place.   What do you in your role? I perform security assessments of all sorts of technologies. In short, either break them or know where they will break, and then help improve those technologies. Fortunately, our internal processes are quite optimized so we don't have to deal with much bureaucracy. That means I can focus on the work that I am most interested in. For me, that's reading code, disassembling binaries, thinking about how a framework will break or will be misused, and programming small tools to aid my process. It takes patience! I really enjoy figuring out new things. What is Cyber Security Services all about? CSS is about establishing a trust relationship with our customers and challenging them to improve their security, while providing them with the necessary information and tools to have an advantage. We perform technical assessments for our customers, and also advise the C-level and counsel them on security and risk management. We've grown to cover many topics: application and network security, incident response, embedded systems, transportation security and more. What do you like about working in Cyber Security Services? For me the best part of CSS is the people on the team. We all rely on each other, learn from each other, and in the end we provide the best results to our customers. Our team in CSS is big and skilled enough to cover many facets. We really love security.   "End users should not be expected to understand the consequences of technologies, so it's our task to provide them with things that are secure and safe by default."   What is the most exciting part of your job? As a security consultant, I have to say it - it's when something breaks! It's the thrill of working on something that is obscure and difficult to understand at first, and how that untangles to the point where you can control it. Do you feel like you are making a difference in the world? The technologies the modern world is built on require security to run properly. Whether we like or not, end users should not be expected to understand the consequences of technologies, so it's our task to provide them with things that are secure and safe by default - built-in! I am not a savior of anything, but I sure like to do my job well and put a lot of effort into it. Our passion is what makes the difference for our customers and users. What is your ultimate dream job? I don't think there's an "ultimate" job. I try to do the best I can in every area: offensive, defensive, designer, builder, breaker, conceiver of next step. I always try to mix consulting with research and the latter is what is more interesting to me. What path brought you to this position with F-Secure? My background, rather than being in computer science, is in telecommunications engineering. The University in Spain was much more theoretical than practical and it covered a lot of topics, so I ended up with quite a multidisciplinary profile, something in between hardware and software. I started in the space field, but infosec was my hobby for a long time and soon I started doing it full time, moving away from the typical engineering path. In any case, in this field, degrees and certifications generally mean nothing - they are just enablers, a jumpstart. Infosec is a very broad field of work and requires passion, maybe even obsession, if you want to cover enough aspects and be good enough. In 2010, I moved to Germany to pursue a more interesting security market and have been part of F-Secure's CSS Germany team for over a year now.   Want to learn more about a career with F-Secure Cyber Security Services? View our various open positions in sales, risk/security management, technical consulting, and people management.    

June 3, 2016
Could the Sony and Hacking Team hacks have been detected sooner?

Hacks in the Headlines: Two Huge Breaches That Could Have Been Detected

The Sony hack of late 2014 sent shock waves through Hollywood that rippled out into the rest of the world for months. The ironic hack of the dubious surveillance software company Hacking Team last summer showed no one is immune to a data breach - not even a company that specializes in breaking into systems. After a big hack, some of the first questions asked are how the attacker got in, and whether it could have been prevented. But today we're asking a different question: whether, once the attacker was already in the network, the breach could have been detected. And stopped. Here's why: Advanced attacks like the ones that hit Sony and Hacking Team are carried out by highly skilled attackers who specifically target a certain organization. Preventive measures block the great majority of threats out there, but advanced attackers know how to get around a company's defenses. The better preventive security a company has in place, the harder it will be to get in…but the most highly skilled, highly motivated attackers will still find a way in somehow. That's where detection comes in. Thinking like an attacker If an attacker does get through a company's defensive walls, it's critical to be able detect their presence as early as possible, to limit the damage they can do. There has been no official confirmation of when Sony's actual breach first took place, but some reports say the company had been breached for a year before the attackers froze up Sony's systems and began leaking volumes of juicy info about the studio's inner workings. That's a long time for someone to be roaming around in a network, harvesting data. So how does one detect an attacker inside a network? By thinking like an attacker. And thinking like an attacker requires having a thorough knowledge of how attackers work, to be able to spot their telltale traces and distinguish them from legitimate users. Advanced or APT (Advanced Persistent Threat) attacks differ depending on the situation and the goals of the attacker, but in general their attacks tend to follow a pattern. Once they've chosen a target company and performed reconnaissance to find out more about the company and how to best compromise it, their attacks generally cover the following phases: 1. Gain a foothold. The first step is to infect a machine within the organization. This is typically done by exploiting software vulnerabilities on servers or endpoints, or by using social engineering tactics such as phishing, spear-phishing, watering holes, or man-in-the-middle attacks. 2. Achieve persistence. The initial step must also perform some action that lets the attacker access the system later at will. This means a persistent component that creates a backdoor the attacker can re-enter through later. 3. Perform network reconnaissance. Gather information about the initial compromised system and the whole network to figure out where and how to advance in the network. 4. Lateral movement. Gain access to further systems as needed, depending on what the goal of the attack is. Steps 2-4 are then repeated as needed to gain access to the target data or system. 5. Collect target data. Identify and collect files, credentials, emails, and other forms of intercepted communications. 6. Exfiltrate target data. Copy data to the attackers via network. Steps 5 and 6 can also happen in small increments over time. In some cases these steps are augmented with sabotaging data or systems. 7. Cover tracks. Evidence of what was done and how it was done is easily erased by deleting and modifying logs and file access times. This can happen throughout the attack, not just at the end. For each phase, there are various tactics, techniques and procedures attackers use to accomplish the task as covertly as possible. Combined with an awareness and visibility of what is happening throughout the network, knowledge of these tools and techniques is what will enable companies to detect attackers in their networks and stop them in their tracks. Following the signs Sony may have been breached for a year, but signs of the attack were there all along. Perhaps these signs just weren't being watched for - or perhaps they were missed. The attackers tried to cover their tracks (step 7) with two specific tools that forged logs and file access and creation times - tools that could have been detected as being suspicious. These tools were used throughout the attack, not just at the end, so detection would have happened well before all the damage was done, saving Sony and its executives much embarrassment, difficult PR, lost productivity, and untold millions of dollars. In the case of Hacking Team, the hacker known as Phineas Fisher used a network scanner called nmap, a common network scanning tool, to gather information about the organization’s internal network and figure out how to advance the attack (step 3). Nmap activity on a company internal network should be flagged as a suspicious activity. For moving inside the network, step 4, he used methods based on the built-in Windows management framework, PowerShell, and the well-known tool psexec from SysInternals. These techniques could also potentially have been picked up on from the way they were used that would differ from a legitimate user. These are just a few examples of how a knowledge of how attackers work can be used to detect and stop them. In practice, F-Secure does this with a new service we've just launched called Rapid Detection Service. The service uses a combination of human and machine intelligence to monitor what's going on inside a company network and detect suspicious behavior. Our promise is that once we've detected a breach, we'll alert the company within 30 minutes. They'll find out about it first from us, not from the headlines. One F-Secure analyst sums it up nicely: "The goal is to make it impossible for an attacker to wiggle his way from an initial breach to his eventual goal." After all, breaches do happen. The next step, then, is to be prepared.   Photo: Getty Images

May 31, 2016