BYOD no doubt is flexible and highly useful, but it also comes along with some grave challenges to businesses, like network threats, data leakage and bandwidth crunch. Under the BYOD scenario, the challenge to monitor all the various devices has increased. In addition to this some devices can also infect the entire network with malware /viruses.
Apart from security, the strain these devices can cause on networks is a cause of concern for many IT network administrators. Constant OS updates/upgrades, file downloads and data streaming, on these devices leads to huge strain on organization’s network resources; and with multiple devices in an organization, this impacts the network drastically!

Having a solution to deal with these new looming threats, on network security and bandwidth crunch, is the need of the hour. And Cyberoam UTM can help IT teams in this regard.

Cyberoam UTM’s unique Layer 8 Technology, allows network administrators to design identity-based policies, which extends throughout the network, irrespective of the device used by the employee to connect to the network. Along with Layer 8 Technology, Cyberoam UTM offers secure AAA (Authentication, Authorization, Audit) over a single device, allowing control and knowledge of who is connected to your network, using what device and what are they accessing. You can design security policies that allow you to decide, what each user /user group can access in terms of websites/applications over Internet and for how long, the amount of data transfer and bandwidth they can consume.

To read more about Cyberoam and the solutions it offers, visit www.cyberoam.com

In its latest attempt to leverage the attack, Flashback is now after the latest Java vulnerability. Like other Flashback variants it checks first various directories. It writes a launcher file which starts the malware at every login, then downloads and runs new payload routines from the web. The launcher program is having a file name like .jupdate, .mkeeper, .flserv, .null or .rserv. The leading dot makes it a ‘hidden’ file in the Finder view. This way it can modify installed programs, send personal information and screen-shots to a remote server. Each infected machine can be identified by its unique identifier (UUID). Using this latest variant Flashback has successfully attacked more users.

Apple has released a third Java update, with regard to the recent outbreak of Flashback. This time, the patch comes with a detection and removal capability for the Flashback Trojan. Adding to the details on the patches, SC magazine reports, “The update, for Mac OS X 10.7 (Lion) and 10.6 (Snow Leopard), will kill the most common strains of the malware, which is capable of stealing data and hijacking search traffic, among other malicious actions, and contaminated at its peak some 650,000 machines.”

“Despite Apple’s release of numerous Java patches and an uninstaller tool, some 140,000 Macs worldwide, are still affected by the Flashback Trojan that was at one point present on 600,000 machines”, reports ‘AppleInsider’. The reason behind many devices still being infected could be the unawareness of users about the infection in the system and lack of knowledge that upgrading to the latest version will remove it.

Apart from Flashback there are few other Trojans and viruses detected, that are capable of infecting Mac systems. ‘Backdoor.OSX.SabPub.a’, is one among them a newly-discovered malware in March.

Reports of new attacks and arrival of new malwares, Trojans and viruses targeting the Mac systems, surely highlight the vulnerability in Mac systems. With the rise in vulnerabilities, demand for a good security solution arises. Talking about security solutions, Cyberoam UTM appliances with their gateway-level data protection and network security, detect all known variants of such Trojan attacks (e.g. All Variants of Trojan Flashback as “MacOS/Flashback.K.*”). Cyberoam administrators have to ensure, that that the AntiVirus signature files of the appliance are up to date, to remain protected from all such future threats and sudden vulnerabilities.

As per the Report by a leading Anti-Virus security player, during the first half of 2011, 1.2 million new computer malware programs were identified. This was 15.7% more than in the previous six months. This has increased the average number of new malware programs to 6,881 per day. The report also has categorised a total of 2,670 active malware families, in the first half of 2011. Remarkable and rapid increase in mobile malwares was also noticed.Lack of well-defined network perimeters and extensions of network to Cloud Computing environments, has led to dissolving of security perimeters. This increases vulnerability of networks to attacks. Not only networks even mobile devices are prone to attacks. Increased exposure to Social networking sites also induces attacks.

Financial data theft will pick up steam, soon. Data theft through trusted sites and applications has become more common. The primary objective of these thefts is to harvest personal and bank account information. Stolen data can be used by such attackers for fraudulent financial transactions, and if you are an enterprise, lose of such data can lead to loss of trade secrets and increase in vulnerabilities. Attackers generally process such thefts by logging keystrokes, capturing screenshots, manual scan of hard disk drive for sensitive info.

The various trends seen among the recent malicious attacks can be categorised under various banners, and few of them are:

I think the names speak for themselves and of what these attacks intend or do. Having known this, I am sure you are anxious to know about security measures to be safe.

The solution to malware threats is to primarily secure the User before the machine or perimeters, wherever the user moves. Cyberoam UTM offers user Identity-based security at the Gateway level. Its various modules –Stateful Inspection Firewall, Gateway Anti-Virus/Anti-Spyware and Gateway Anti-Spam, Intrusion Prevention System, to name a few, offer integrated security over single platform, allowing identity-based policies and monitoring. To read more, visit www.cyberoam.com.

This is not the only attack that highlights the vulnerability of such websites. On 25th Jan 2012, BBC News reported, “Cyber attack crashes Irish government website.” The Finance websites and Departments of Justice, in the Irish Republic, were the websites under attack.

In the last quarter of 2011, Reuters reported a finding by the head of communications spy agency, London, “The government and industry computer systems are facing a “disturbing” number of cyber attacks, including a recent serious assault on the Foreign Office’s network (London). The article also had Iain Lobban, director of the Government Communications Headquarters (GCHQ), saying that these attacks posed severe threat to the economic wellbeing.

In 2011 alone, business behemoths like Google and Sony lost billions of dollars on account of cyber attacks against them.

To top this, leading analyst firm, Gartner, announced that 80% of all cyber attacks target the application layer!

Such incidents and statistics confirm the fact that no organization around the world is today spared by web-application attacks, including governments, banks, retail, manufacturing organizations, and more.
Organizations worldwide need an efficient Web Application Firewall in their security ecosystem to add a strong layer of protection to websites and Web applications, which are becoming a frequent and favourite target of hackers.

Cyberoam’s Web Application Firewall on its UTM appliance is effective at protecting web applications from a wide range of commercial and open-source automated vulnerability scanners (e.g. Nessus, WebInspect) as well as repelling specific hand-crafted attacks. With advanced threat detection capabilities, Cyberoam’s Web Application Firewall interfaces between the Web server and client, scanning all incoming and outgoing data packets to mitigate any potential risk due to web applications. To read more, visit www.cyberoam.com.

However, as clarion calls of war increase in decibels threatening to disrupt world peace, war in the Cyber space was happening among nation states with much preparation and as much lethality.

Meanwhile war in the cyber space rages full on
Behind the scene a digital war has already been raging in full force, steadily and lethally attacking Iran’s nuclear programme. The soldiers of nation states behind secured walls, conducted war in stealth, writing malicious codes that quietly entered the computers of Iran’s nuclear facility. Stuxnet, a unique worm was designed to attack the industrial control systems that infected the software which in turn controlled the spinning of uranium enriching centrifuges. The worm silently gathered information, waiting for the right moment to ambush. The worm then copied itself many times over and spread to all the computers on the internal network at the underground plant Natanz in Iran.

How was Stuxnet delivered at Natanz?
It is well known fact that as per security diktats, nuclear facilities are never connected to the Internet. This a normal security procedure to prevent the computers from getting infected. The forces behind Stuxnet were obviously aware of it and so propagated it by using USB memory sticks and local area networks. Instead of trying to deliver Stuxnet directly in Natanz they infected the computers of Iranian organizations supplying programmable logic controllers. Because of international sanctions these specific controllers are acquired through black market and secretly carried inside the country. In June and July 2009, the earliest version of Stuxnet attacked computers in four organizations in Iran. In March, the second version of Stuxnet was released that went on to infect 69% of computers at Natanz.

Stuxnet: Digital Bomb destroys critical infrastructure just as real bomb would
Almost like a foot soldier in the battle ground, the worm then goes deeper looking for motors spinning at 1064 revolutions per second ─ the exact speed at which the centrifuges were spinning at Natanz . And then takes over control to dictate its spinning at calculated speeds and completely stop the uranium enriching process.

And the worm kept destroying the centrifuges as per the cardinals of war, i.e. through deception and evasion. Stuxnet after the first attacks went to sleep, only to wake up and repeat the whole cycle again in another two weeks. So Stuxnet was not only making the centrifuges self-destruct but was programmed to make sure that the operators did not know about the centrifuges running at different speeds by blocking the alarm signals. Iran’s nuclear programme was critically affected much before the rumblings of war and bombings started in the real world.

The potential of Digital Weapon spilling over
Analysts and security experts are a worried lot. They say unanimously that Stuxnet is now world’s problem. The highly malicious, complex Stuxnet is now open source and could be precursor to other malicious codes. The making of Stuxnet took immense resources and time and dexterous planning by nation states, but if it falls in the hands of hackers and criminals it could unleash destruction and chaos in no time on a global scale. A poignant reminder of dangers of cyber war and an ironic simulation of the whole nuclear bomb issue. Just as nuclear weapon was initially developed to deter war, cyber war with Stuxnet now poses great danger to the world if the virus falls in the hands of rogues states or terrorists.

Cyberoam has always maintained that future wars will be fought in the cyberspace and therefore stresses the role of Cyber security as a matter of strategy for all nations. Now, with Stuxnet out in the open, the era of cyber war has begun with all the trappings of actual war- destruction of critical infrastructure and consequent effect on human lives and their day to day living albeit with more precision and lethality.

What makes the new iPad a huge rage in the market? The high mega-pixel camera, high definition retina displays, enhanced video-conferencing apps and video viewing quality are surely a big catch. While these and myriad other features enhance a user’s efficiency in day-to-day tasks and take the organizational productivity up, there’s no denying the fact that the video-rich features also mean tremendous amount of added network traffic to corporate networks.

The network administrators are already crying out loud about their concerns on network security and the alarming network usage that are becoming a reality with the new iPad. Keeping the iPad protected and updated with new functionalities is a continuous job and also a huge drain on an organization’s network resources as iOS updates and upgrades can be several GBs in size. Now think of the multiple number of iPad users in an organization and imagine its impact on the network and application performance in these organizations! Reducing the effect of such bandwidth crunch on business networks has become crucial and urgent.

Cyberoam’s Bandwidth Management and Application Visibility and Control features over its UTM appliances allow its customers to intelligently prioritize applications for optimal performance of business critical applications in their networks. Cyberoam offers visibility and control over the Application Layer 7 and the Human Layer 8 that enable them to prioritize business-critical applications and users for bandwidth allocation – ensuring assured QoS to critical applications like SAP and CRM over iTunes and iOS updates!

Microsoft released the patches to address these issues. However, the one offering the critical update “can’t be patched fast enough”, according to the security experts. This patch required manual update and unless the end user updates it, the system remains vulnerable. In other words, even though a patch for such critical vulnerability had been released by Microsoft, how many users were really protected, remained doubtful. Besides, applying the available fix demands a server reboot, and many organizations hesitate to apply such patches without first testing them thoroughly.

But not for Cyberoam customers! Cyberoam released IPS upgrade 3.0.51, which contained signatures for the RDP vulnerability, the very next day of release by Microsoft, offering immediate protection to Cyberoam customers. Cyberoam’s Gateway-level security enabled immediate signature updates in customer networks, ensuring that the reluctance or delay by network administrators to install patches or updates didn’t come in the way of Cyberoam securing its customers. Signature rule ids along with the ‘help file’ and ‘release note’, was shared with Cyberoam users, on immediate basis.

Cyberoam’s gateway enabled protection and quick response to such a critical vulnerability affirms its vision to secure its users 24X7.

Talking about the involvement of Cyberoam at RSA 2012 conference, we had Live-presentations on core technologies followed by product demonstrations. Cyberoam announced the launch of its latest feature development ‘Web Application Firewall -WAF’, at the meet. WAF works on the positive protection model that is based on the Intuitive Website Flow Detector that can “self-learn” the legitimate behaviour of Web applications. Cyberoam also introduced its new product NetGenie for the first time at RSA. NetGenie is a Smart Wireless Router with family protection for Home users and has a separate solution namely NetGenie Unified Threat Management for Small Offices, Home Offices (SOHO). In-Booth activities included detailed discussions on Cyberoam and Netgenie, their core technologies other feature descriptions.

Cyberoam booth was among the top 15 busiest booths and did fantastically well. We outperformed our previous participations at RSA. Our involvement at RSA 2012 gave us lot of visibility and attention of folks interested to know more about what we had to contribute to the security industry, through our products. It helped us to learn about netowrk security’s most latest issues through handy interactions with peers and emerging and established companies.

Instant Messengers: The Life-line of Businesses Communication
IMs add immediacy and efficiency to business communication and information sharing. For a business, this means quicker decision-making and operations that improves productivity and team work too.

Why are Public IMs carrying the “unofficial” tag in Organizations?
Most of the widely used IMs like Yahoo! and Windows Live Messenger run on public networks and lack the much-needed controls and management. They fail to offer audit logs and reports on IM that poses a big risk to sensitive corporate information that may travel through IMs. For instance, an employee can share an application password, say the web-based CRM tool password, with a team member over IM that can open up the entire customer database of an organization to a competitor. In absence of user-activity logs and reports over IMs, the organization has no way of knowing about data going out of its network. The lack of trail on employees’ IM activities by IT administrators encourages employees to get involved in idle chat, bringing down office productivity. Besides this, lack of control, monitoring, log records and unsecure IM sessions weaken an organization’s hold on satisfying legal and compliance requirements.

Taming Public IMs
Public IMs can be tamed to give the security of private IMs with Instant Messenger management tools that allow organizations to apply controls over public IMs viz. who will be allowed access to IMs, whom they can communicate with, guidelines on prohibitive IM activities, and more that will help in deriving benefits of productivity and data security.

Cyberoam’s Instant Messaging Archiving & Controls
Cyberoam UTM offers identity-based IM controls for Yahoo messenger and Windows Live Messenger. It can scan, log and control access, conversation, file transfer, and audio/video chat between users and user groups in the network. A user can be denied access to IM by his username or his IM address. File transfer over IMs can be blocked by applying identity-based policies for users. Use of specific keywords e.g. business plan, server password etc can be blocked over IMs to secure sensitive data. Cyberoam’s IM controls offer logs of chat communication between users that IT administrators can review and filter in case of security breach issues.

Cyberoam thus allows organizations to enjoy the benefits of Public IMs while avoiding the risks related to productivity loss and data leakage. In other words, it makes the Public IM private for you.