Connect with us

Cyber Security

Comodo One. Configuring C1 Portal

Avatar

Published

on

AntivirusReading Time: 10 minutes

Comodo One. Configuring C1 Portal

C1 MSP/Enterprise version comparison

C1 is the integrated platform for Managed Service Providers and Enterprises:

  1. MSP is for companies who manage the IT infrastructure, security and operations of their clients.
  2. Enterprise is for companies to manage their own IT infrastructure, security and operations

These two business types mostly share same features except the following:

“Reseller Partnership, RMM Plug-in, Standalone Patch Management, cDome Firewall, cDome Data Protection, cDome Antispam Gateway“.

Note : While creating an account the user need to choose the type (business ) of the account. For more details on the business type, please refer the “Compare Business Type” link available in the “Set Up Account Details” Page.

How to check unified notifications in C1 portal

System or User Notifications are received through C1 Portal which covers for all Licensed Applications and News or Announcements from Comodo. All type of notifications are received here such as Error, Information,Warning and Success. Some additional useful options are available that helps user to find the notifications easily using filters, searches and sorting on the appropriate page.

Step 1: Log into C1 Portal and click ‘Notification’ icon

Step 2: Check whether the two tabs are there. Such as ‘News’ and ‘Notifications’.

1. News -The default tab and it has only the product updates or general announcements

2. Notifications – All kind of notification such as Information, Success, Warning and Error for Service Desk, Patch Management, ITSM and All Licensed Applications and especially the messages are unified and centralized from Comodo ONE Portal

Step 3: Right-click side arrow icon to display message content.

Step 4: Read the message content then click down side arrow if you would like to hide the message content.

  • From the News tab

  • From the Notifications tab

Step 5: Options.

When the message title in “Bold Letter”, Users have to read the message otherwise user had read the message.

Search the news if you have a lot of announcements in the table.

Search Option at News Tab

Search Option at Notification Tab

Use the link where in ‘Subject’ column to check the appropriate application page for the relevant notification – which is available only for ‘Notifications’ tab.

  • Click the link from ‘Subject’ column

  • Check the message that where it was generated from by the link and connected pages – screenshots are given below:

User can sort the order of the notifications based on every column of the table which helps the users to find notification easily

User also can filter the ‘Notifications’ using the form appears after clicking ‘Filter’ icon
Fill the form and click ‘Apply’ button. Any field of the form can be applied.

You can filter the notifications for specific applications or all applications.

Check the result once you have applied the filter,
Example:
Licensed Applications: All
Type: Error
Received From: System

How “Two factor authentication” features works in C1 portal?

Two-factor authentication feature in C1 prevents unauthorized users and hackers to access C1 modules.

In addition to regular login credentials, the second authentication process enhances login security for the account.

Once Two-Factor Authentication is enabled, all C1 portal users including account admin should follow “Two factor authentication” protocol to login to C1.

It uses Google authentication app to generate user verification code in addition to their respective login password.

All users are allowed to login from individual module login page without “Two-Factor Authentication”.

Please refer below sections to get complete details on “Two factor authentication”:

Enable, configure and login C1 portal using “Two Factor Authentication”

Step 1: Login C1 portal (itarian.com) using your regular account admin credentials.

Step 2: Click ‘Management ‘ button in the top. Now click ‘Account’ button from the drop-down.

Step 3: Navigate to “Account Security Details’ tab.

Step 4: Select checkbox associated with ‘Enable’ button to enable two factor authentication.

Step 5: Click ‘Save Changes’ button in the bottom of the window to activate your change. When ‘Save Changes’ button is clicked, a pop-up window will appear with ‘Configure Later’ and ‘OK’ options. Please select any of the options as mentioned below,

  1. 1. ‘Configure Later’ – Click this button if you like to configure ‘Two Factor Authentication’ on your next login of C1 portal.
  2. 2. ‘OK’ – Click this button if you like to log out of C1 portal and configure Two Factor Authentication’ settings now.

Step 6: Two-Factor Authentication window will appears when you try to login C1 portal after “Two-Factor Authentication” is enabled by account admin as explained in Step 4.

  • Click ‘CONFIGURE MY AUTHENTICATOR’ button on this new window

Step 7: Configure Two Factor Authentication as shown in the screenshot.

    1. 1: Download and install “Google Authenticator” app for your smartphone. “Google Authenticator” app support is available for both Android and iOS mobile operating system.
      1. i) Click “Google Play” icon to view and install “Google Authenticator” app for android smartphone. For illustration purpose “Two Factor Authentication” has been explained using android app further.
      2. ii. Click “App Store” icon to view and install “Google Authenticator” app for iOS smartphone.
    2. 2. Scan QR-code displaying in C1 web portal by newly installed Google Authenticator app from your smartphone. To do so, please follow below steps,
      1. i. Install “Google Authenticator” app inyour smartphone.
      2. ii. Tab ‘Begin’ button in “Google Authenticator” app of your smartphone.
    3. 3. Tab ‘Scan a bar code’ option and try to scan QR code displaying in the C1 webportal. Please provide necessary permission to “Google Authenticator” app to scan QR code.
    4. If you are unable to scan QR code using the app due to any technical difficulties,
      1. 1. Tab “Enter product key” in app from your smartphone.
      2. 2. Expand ‘I can’t scan QR-code’ option.
      3. 3. Enter the account email address and token key available from C1 web portal to the app.
      4. 4. Tab ‘ADD’ button.
    5. 4. After successful QR code scanning or Token key being entered, verification code will be displayed in the mobile app. Now enter this verification code in C1portal as illustrated in screenshots.

    1. 5. Click ‘Pair’ button in the C1 web portal to sync app with C1 web portal authentication for your account.
    2. 6. After pairing completed, 10 backup codes will be displayed in C1portal .These backup codes also sent to account email address. Backup codes are used to login account when unavailability of smartphone access during ‘Two Factor Authentication” login.
    3. Note: Backup codes can be used one time. When all backup codes expired, account user should request account admin to reset “Two Factor Authentication” configuration settings.

  1. 7. Click ‘Next’ to complete “Two Factor authentication” setup and proceed to account access.

Step 8: To login C1 web portal using “Two Factor authentication” please follow below steps,

    1. 1. Login C1 portal using regular account credentials.
    2. 2. After regular login,Two-Factor Authentication window appears and asking account user to enter verification code.

    1. 3. Open “Google Authenticator” app from smartphone. It will generate new verification code within 30 seconds.
    2. 4. Enter new verification inC1 webportal.
    3. 5. Click “Submit” button to complete C1 web portal login using “Two-Factor Authentication”.

Login C1 portal without “Google authenticator” app (without smartphone)

There are cases where account user losses smartphone or unable to access smartphone during “Two Factor Authentication” login. In thatcasesC1 portal accepts backup codes which was sent to email during “Two Factor authentication” setup. Please follow below steps to login C1 portal using backup codes,

Step 1 : Login C1 portal using regular account credentials.

Step 2: After regular login,Two-Factor Authentication window appears and asking account user to enter verification code.

Step 3: Click “Authenticator unreachable” button in the bottom.

Step 4: Enter any of the backup codes available. Backup codes are valid for one time. i.e. once used, same backup code cannot be used for next login.

Step 5: Click “Submit” button to complete C1 web portal login using “Two-Factor Authentication”.

Reset Two Factor configuration of a Staff account in C1 portal

Account admin can reset “Two Factor Authentication” settings for other staff as well as his/her own account. This will be helpful when all 10 backup codes were expired. Resetting “Two Factor configuration” will not disable two factor authentication for staff account instead C1 portal will ask account user to configure “Two Factor Authentication” again. Please follow below steps to reset “Two Factor configuration” for staff account.

Step 1: Login C1 portal (itarian.com) using your regular account admin credentials

Step 2: Click ‘Staff Management ‘ button in the top. Now click ‘Staff’ button from the drop down option available.

Step 3: To reset “Two Factor Authentication” settings,

  1. 1. Select Staff account.
  2. 2. Click “Reset Two-Factor Authentication” button in the top.
  3. 3. Click “OK” button in the immediate pop-up window to confirm reset.
  4. 4. Alert window appears after successful reset.

Step 4: Two-Factor Authentication window will appears to configure again. Click “CONFIGURE MY AUTHENTICATOR’ button and proceed further as explained earlier.

Step 5: Two-Factor Authentication window will appears to configure again. Click “CONFIGURE MY AUTHENTICATOR’ button and proceed further as explained earlier.

How to clone an existing role

Step 1: Login to C1 Portal

Step 2: Click the ‘Staff’ icon and select the ‘Role’ then click ‘Clone Role’ icon.

Step 3: Enter the Name and Definition, and click ‘Save’ icon

Options:

Reset to Default – restores options to be initial stage (default)
Enable All – Checks all rights
Disable All – Unchecks all rights
Expand All – Expand all collapsed rights
Collapse All – Collapse all expanded rights
Save – Stores the record

Step 4: Once the ‘Save’ icon is clicked then the Alert is prompted for Confirmation. Click ‘OK’ button

Check whether the role is presented on the ‘Roles’ table.

How to perform quick actions from C1 portal

Quick Actions menu is added to the top menu bar of Comodo One as well. No matter in which module you are working in, now you can easily reach and use your most used functionalities.

Step 1: Go to Comodo One Portal and Log in then Click ‘Quick Actions’ drop down icon

Step 2: Select the desired shortcut link from the ‘Quick Actions’ list

For Example, I would like to add new device quickly without launching the ITSM and navigating further.

Hence I select ‘Add New Device’

The ‘Add New Device’ page opens in a new tab. Please ensure as like the picture below.

Note: From anywhere in the Comodo One Portal we can get the access to ‘Quick Actions’.

RMM

TEST YOUR EMAIL SECURITY GET YOUR INSTANT SECURITY SCORECARD FOR FREE Source: https://blog.comodo.com/it-management/comodo-one-configuring-comodo-one-portal/

Cyber Security

How Comodo’s Auto-Containment Technology Is Helping an IT Company Provide Ransomware Protection to Clients

Avatar

Published

on

Reading Time: 3 minutes

The proliferation of ransomware in recent times has made many companies sit up and assess their existing IT infrastructure, especially their IT security solutions. While many of the security solutions that businesses have been using for several years now help to mitigate the threat of ransomware, they are not built to thwart these threats completely.

This is one of the main reasons the number of ransomware attacks surged during the first half of 2020. One company that realizes the need for better protection ransomware and other cyber-threats is Global Tech Solutions.

The Problem That Led the Founder of Global Tech Solutions to Comodo’s Auto Containment and Threat Detection Technology

Based in Rockville, Maryland, Global Tech Solutions provides a one-stop-shop for a wide array of first-class IT solutions specifically tailored to meet the individual needs of businesses. The company allows businesses to get the most out of their use of technology by offering a diverse range of tech services that improve profitability and growth.

The team at Global Tech Solutions looks to achieve client satisfaction through a holistic understanding of their technological needs and specifications. “For over 25 years, we have provided trusted support and innovative solutions to solve organizations’ most important Information Technology issues. We are committed to ensuring every customer finds success through technological solutions that drive results,” says Jessy Nguyen, the CEO and founder of the company.

Before founding Global Tech Solutions, Jessy Nguyen was working for a company that used Webroot and Malwarebytes as its antivirus and threat detection platform. While Nguyen was still at the company, one of the accounting teams got malware through a Word document and it infected the whole department.

As the person in charge of the company’s IT security, Nguyen was searching for a better solution than the existing one when he came across Comodo which had the auto-detection feature. At that time, ransomware was a widespread problem. Knowing this, Nguyen contacted Comodo for a demo. Thereafter, the company implemented Comodo in its IT infrastructure. Soon, all the threats were detected and contained and there was zero infection in the whole IT ecosystem.

This impressed Nguyen and when he created Global Tech Solutions, Comodo was a natural choice and preferred partner for him.

How the Partnership with Comodo Is Helping Global Tech Solutions to Provide Individualized Tech Solutions to Clients While Maintaining Top-Notch Security

Global Tech Solutions chose Comodo’s Dragon Platform with Advanced Endpoint Protection (AEP), which is a patent-pending auto containment technology with active breach protection that neutralizes ransomware, malware, and cyber-attacks.

One of the main reasons Global Tech Solutions chose Comodo was because of its auto containment and threat detection feature. The auto containment runs an unknown executable in a kernel API virtualized mode, thereby offering attack surface reduction (ASR), which neutralizes ransomware attacks.

Additionally, Comodo’s AEP utilizes a Default Deny Platform to provide complete protection against zero-day threats while having no impact on end-user experience or workflows. Lastly, Comodo’s Valkyrie gives a trusted verdict on all files related to ransomware phishing and malware. “We partnered with Comodo because we needed first-class solutions with robust features and functionality, in a simple dashboard, without high overhead cost,” remarked Nguyen.

While the advanced technology of Comodo improves the operations of Global Tech Solutions, Nguyen says that the best part about working with Comodo is its customer service. According to him, whenever he has an issue or doesn’t know how to do something, there’s always someone on the line guiding him through the whole process to help resolve any issues that he or his clients may have.

“Comodo’s Dragon platform gives us and our clients relief knowing that endpoints will not be compromised by a ransomware attack or malware. We switched some customers from Webroot to Comodo because of the flawless and proactive threat protection and the cutting-edge auto-containment features. The complete solution set, which includes AEP, RMM, Service Desk, Mobile Device Management, and Secure Internet Gateway, has enabled us to offer streamlined and extensive features and functionalities without adding a high cost to us or our customers,” says Nguyen.

Comodo’s solutions provide Nguyen and the team at Global Tech Solutions with actionable intelligence and the capacity to protect all domains of business activity and threat—from network to web to cloud—with confidence and efficacy.

According to Alan Knepfer, President and Chief Revenue Officer at Comodo, “We’re constantly expanding our product and service portfolio to help our partners gain the technological advantage and edge over their competition.”

Global Tech Switched Customers from Webroot and Malwarebytes to Comodo after Malware Infections

TEST YOUR EMAIL SECURITY GET YOUR INSTANT SECURITY SCORECARD FOR FREE Source: https://blog.comodo.com/comodo-news/how-comodos-auto-containment-technology-is-helping-an-it-company-provide-ransomware-protection-to-clients/

Continue Reading

AI

Executive Interview: Brian Gattoni, CTO, Cybersecurity & Infrastructure Security Agency 

Avatar

Published

on

As CTO of the Cybersecurity & Infrastructure Security Agency of the DHS, Brian Gattoni is charged with understanding and advising on cyber and physical risks to the nation’s critical infrastructure. 

Understanding and Advising on Cyber and Physical Risks to the Nation’s Critical Infrastructure 

Brian Gattoni, CTO, Cybersecurity & Infrastructure Security Agency

Brian R. Gattoni is the Chief Technology Officer for the Cybersecurity and Infrastructure Security Agency (CISA) of the Department of Homeland Security. CISA is the nation’s risk advisor, working with partners to defend against today’s threats and collaborating to build a secure and resilient infrastructure for the future. Gattoni sets the technical vision and strategic alignment of CISA data and mission services. Previously, he was the Chief of Mission Engineering & Technology, developing analytic techniques and new approaches to increase the value of DHS cyber mission capabilities. Prior to joining DHS in 2010, Gattoni served in various positions at the Defense Information Systems Agency and the United States Army Test & Evaluation Command. He holds a Master of Science Degree in Cyber Systems & Operations from the Naval Postgraduate School in Monterey, California, and is a Certified Information Systems Security Professional (CISSP).  

AI Trends: What is the technical vision for CISA to manage risk to federal networks and critical infrastructure? 

Brian Gattoni: Our technology vision is built in support of our overall strategy. We are the nation’s risk advisor. It’s our job to stay abreast of incoming threats and opportunities for general risk to the nation. Our efforts are to understand and advise on cyber and physical risks to the nation’s critical infrastructure.  

It’s all about bringing in the data, understanding what decisions need to be made and can be made from the data, and what insights are useful to our stakeholders. The potential of AI and machine learning is to expand on operational insights with additional data sets to make better use of the information we have.  

What are the most prominent threats? 

The Cybersecurity and Infrastructure Security Agency (CISA) of the Department of Homeland Security is the Nation’s risk advisor.

The sources of threats we frequently discuss are the adversarial actions of nation-state actors and those aligned with nation-state actors and their interests, in disrupting national critical functions here in the U.S. Just in the past month, we’ve seen increased activity from elements supporting what we refer to in the government as Hidden Cobra [malicious cyber activity by the North Korean government]. We’ve issued joint alerts with our partners overseas and the FBI and the DoD, highlighting activity associated with Chinese actors. On CISA.gov people can find CISA Insights, which are documents that provide background information on particular cyber threats and the vulnerabilities they exploit, as well as a ready-made set of mitigation activities that non-federal partners can implement.   

What role does AI play in the plan? 

Artificial intelligence has a great role to play in the support of the decisions we make as an agency. Fundamentally, AI is going to allow us to apply our decision processes to a scale of data that humans just cannot keep up with. And that’s especially prevalent in the cyber mission. We remain cognizant of how we make decisions in the first place and target artificial intelligence and machine learning algorithms that augment and support that decision-making process. We’ll be able to use AI to provide operational insights at a greater scale or across a greater breadth of our mission space.  

How far along are you in the implementation of AI at the CISA? 

Implementing AI is not as simple as putting in a new business intelligence tool or putting in a new email capability. Really augmenting your current operations with artificial intelligence is a mix of the culture change, for humans to understand how the AI is supposed to augment their operations. It is a technology change, to make sure you have the scalable compute and the right tools in place to do the math you’re talking about implementing. And it’s a process change. We want to deliver artificial intelligence algorithms that augment our operators’ decisions as a support mechanism.  

Where we are in the implementation is closer to understanding those three things. We’re working with partners in federally funded research and development centers, national labs and the departments own Science and Technology Data Analytics Tech Center to develop capability in this area. We’ve developed an analytics meta-process which helps us systemize the way we take in data and puts us in a position to apply artificial intelligence to expand our use of that data.  

Do you have any interesting examples of how AI is being applied in CISA and the federal government today? Or what you are working toward, if that’s more appropriate. 

I have a recent use case. We’ve been working with some partners over the past couple of months to apply AI to a humanitarian assistance and disaster relief type of mission. So, within CISA, we also have responsibilities for critical infrastructure. During hurricane season, we always have a role to play in helping advise what the potential impacts are to critical infrastructure sites in the affected path of a hurricane.  

We prepared to conduct an experiment leveraging AI algorithms and overhead imagery to figure out if we could analyze the data from a National Oceanic and Atmospheric Administration flight over the affected area. We compared that imagery with the base imagery from Google Earth or ArcGIS and used AI to identify any affected critical infrastructure. We could see the extent to which certain assets, such as oil refineries, were physically flooded. We could make an assessment as to whether they hit a threshold of damage that would warrant additional scrutiny, or we didn’t have to apply resources because their resilience was intact, and their functions could continue.   

That is a nice use case, a simple example of letting a computer do the comparisons and make a recommendation to our human operators. We found that it was very good at telling us which critical infrastructure sites did not need any additional intervention. To use a needle in a haystack analogy, one of the useful things AI can help us do is blow hay off the stack in pursuit of the needle. And that’s a win also. The experiment was very promising in that sense.  

How does CISA work with private industry, and do you have any examples of that?  

We have an entire division dedicated to stakeholder engagement. Private industry owns over 80% of the critical infrastructure in the nation. So CISA sits at the intersection of the private sector and the government to share information, to ensure we have resilience in place for both the government entities and the private entities, in the pursuit of resilience for those national critical functions. Over the past year we’ve defined a set of 55 functions that are critical for the nation.  

When we work with private industry in those areas we try to share the best insights and make decisions to ensure those function areas will continue unabated in the face of a physical or cyber threat. 

Cloud computing is growing rapidly. We see different strategies, including using multiple vendors of the public cloud, and a mix of private and public cloud in a hybrid strategy. What do you see is the best approach for the federal government? 

In my experience the best approach is to provide guidance to the CIO’s and CISO’s across the federal government and allow them the flexibility to make risk-based determinations on their own computing infrastructure as opposed to a one-size-fits-all approach.   

We issue a series of use cases that describeat a very high levela reference architecture about a type of cloud implementation and where security controls should be implemented, and where telemetry and instrumentation should be applied. You have departments and agencies that have a very forward-facing public citizen services portfolio, which means access to information, is one of their primary responsibilities. Public clouds and ease of access are most appropriate for those. And then there are agencies with more sensitive missions. Those have critical high value data assets that need to be protected in a specific way. Giving each the guidance they need to handle all of their use cases is what we’re focused on here. 

I wanted to talk a little bit about job roles. How are you defining the job roles around AI in CISA, as in data scientists, data engineers, and other important job titles and new job titles?  

I could spend the remainder of our time on this concept of job roles for artificial intelligence; it’s a favorite topic for me. I am a big proponent of the discipline of data science being a team sport. We currently have our engineers and our analysts and our operators. And the roles and disciplines around data science and data engineers have been morphing out of an additional duty on analysts and engineers into its own sub sector, its own discipline. We’re looking at a cadre of data professionals that serve almost as a logistics function to our operators who are doing the mission-level analysis. If you treat data as an asset that has to be moved and prepared and cleaned and readied, all terms in the data science and data engineering world now, you start to realize that it requires logistics functions similar to any other asset that has to be moved. 

If you get professionals dedicated to that end, you will be able to scale to the data problems you have without overburdening your current engineers who are building the compute platforms, or your current mission analysts who are trying to interpret the data and apply the insights to your stakeholders. You will have more team members moving data to the right places, making data-driven decisions. 

Are you able to hire the help you need to do the job? Are you able to find qualified people? Where are the gaps? 

As the domain continues to mature, as we understand more about the different roles, we begin to see gapseducation programs and training programs that need to be developed. I think maybe three, five years ago, you would see certificates from higher education in data science. Now we’re starting to see full-fledged degrees as concentrations out of computer science or mathematics. Those graduates are the pipeline to help us fill the gaps we currently have. So as far as our current problems, there’s never enough people. It’s always hard to get the good ones and then keep them because the competition is so high. 

Here at CISA, we continue to invest not only in our own folks that are re-training, but in the development of a cyber education and training group, which is looking at the partnerships with academia to help shore up that pipeline. It continually improves. 

Do you have a message for high school or college students interested in pursuing a career in AI, either in the government or in business, as to what they should study? 

Yes and it’s similar to the message I give to the high schoolers that live in my house. That is, don’t give up on math so easily. Math and science, the STEM subjects, have foundational skills that may be applicable to your future career. That is not to discount the diversity and variety of thought processes that come from other disciplines. I tell my kids they need the mathematical foundation to be able to apply the thought processes you learn from studying music or studying art or studying literature. And the different ways that those disciplines help you make connections. But have the mathematical foundation to represent those connections to a computer.   

One of the fallacies around machine learning is that it will just learn [by itself]. That’s not true. You have to be able to teach it, and you can only talk to computers with math, at the base level.  

So if you have the mathematical skills to relay your complicated human thought processes to the computer, and now it can replicate those patterns and identify what you’re asking it to do, you will have success in this field. But if you give up on the math part too earlyit’s a progressive disciplineif you give up on algebra two and then come back years later and jump straight into calculus, success is going to be difficult, but not impossible. 

You sound like a math teacher.  

A simpler way to say it is: if you say no to math now, it’s harder to say yes later. But if you say yes now, you can always say no later, if data science ends up not being your thing.  

Are there any incentives for young people, let’s say a student just out of college, to go to work for the government? Is there any kind of loan forgiveness for instance?  

We have a variety of programs. The one that I really like, that I have had a lot of success with as a hiring manager in the federal government, especially here at DHS over the past 10 years, is a program called Scholarship for Service. It’s a CyberCorps program where interested students, who pass the process to be accepted can get a degree in exchange for some service time. It used to be two years; it might be more now, but they owe some time and service to the federal government after the completion of their degree. 

I have seen many successful candidates come out of that program and go on to fantastic careers, contributing in cyberspace all over. I have interns that I hired nine years ago that are now senior leaders in this organization or have departed for private industry and are making their difference out there. It’s a fantastic program for young folks to know about.  

What advice do you have for other government agencies just getting started in pursuing AI to help them meet their goals? 

My advice for my peers and partners and anybody who’s willing to listen to it is, when you’re pursuing AI, be very specific about what it can do for you.   

I go back to the decisions you make, what people are counting on you to do. You bear some responsibility to know how you make those decisions if you’re really going to leverage AI and machine learning to make decisions faster or better or some other quality of goodnessThe speed at which you make decisions will go both ways. You have to identify your benefit of that decision being made if it’s positive and define your regret if that decision is made and it’s negative. And then do yourself a simple HIGH-LOW matrix; the quadrant of high-benefit, low-regret decisions is the target. Those are ones that I would like to automate as much as possible. And if artificial intelligence and machine learning can help, that would be great. If not, that’s a decision you have to make. 

I have two examples I use in our cyber mission to illustrate the extremes here. One is for incident triage. If a cyber incident is detected, we have a triage process to make sure that it’s real. That presents information to an analyst. If that’s done correctly, it has a high benefit because it can take a lot of work off our analysts. It has lowtomedium regret if it’s done incorrectly, because the decision is to present information to an analyst who can then provide that additional filter. So that’s a high benefit, low regret. That’s a no-brainer for automating as much as possible. 

On the other side of the spectrum is protecting next generation 911 call centers from a potential telephony denial of service attack. One of the potential automated responses could be to cut off the incoming traffic to the 911 call center to stunt the attack. Benefit: you may have prevented the attack. Regret: potentially you’re cutting off legitimate traffic to a 911 call center, and that has life and safety implications. And that is unacceptable. That’s an area where automation is probably not the right approach. Those are two extreme examples, which are easy for people to understand, and it helps illustrate how the benefit regret matrix can work. How you make decisions is really the key to understanding whether to implement AI and machine learning to help automate those decisions using the full breadth of data.  

Learn more about the Cybersecurity & Infrastructure Security Agency.  

Source: https://www.aitrends.com/executive-interview/executive-interview-brian-gattoni-cto-cybersecurity-infrastructure-security-agency/

Continue Reading

Cyber Security

IOTW: Despite Patch, Zerologon Attack Still A Big Deal

Avatar

Published

on

A known Windows vulnerability is detected alive and well thanks to one man’s honeypot experiment.

Facts

Security vulnerability CVE-2020-1472, which was discovered and patched earlier this year, is still running rampant. Dubbed Zerologon, it is unique in its simplicity. It works by exploiting a Netlogon weakness. Netlogon is the always-on Windows service that enables end users to log into a network. The scripted hack runs incredibly quickly, searching for unpatched Active Directory systems and exploiting a weakness by adding the number zero in certain Netlogon authentication fields.

On October 16, a month after Microsoft released its first patch, independent researcher Kevin Beaumont drew the hack out by utilizing a honeypot he maintains to detect threats. Honeypots work by intentionally setting up vulnerabilities in order to bait and identify cyber security threats. Using an unpatched lure server, Beaumont discovered that hackers were able to backdoor the server by changing an admin password. From there, hackers have access to domain controllers that administrators use to create and manage accounts across an organization. The hacker can then impersonate any computer connected to the affected network, disable Netlogon security features, and change a network computer’s password.

The attack can only happen once inside a network. However, several noteworthy footholds include firewall and VPN vulnerabilities as well as third-party access through known issues with Citrix, Juniper, and Pulse Secure. Insider threats and phishing schemes can also leverage Zerologon in order to quickly infect an entire enterprise network. Once inside, hackers can deploy ransomware, steal data, commit espionage and other nefarious deeds.

Microsoft released the first patch in August 2020, but it wasn’t without its issues. It involved modifying billions of devices connected to corporate networks which temporarily paused enterprise operations. The temporary fix simply forces Netlogon security features on so the Zerologon attack can’t turn them off to sneak inside.

A more robust patch is scheduled to release in February of 2021. However, Microsoft predicts the new patch will permanently disable standing authentication procedures on some devices.

Related: Patchwork Of Privilege

The Cybersecurity and Infrastructure Security Agency (CISA) warned that Zerologon targets include government networks, potentially affecting election related networks. Their statement released on October 16 reads in part, “Although it does not appear these targets are being selected because of their proximity to elections information, there may be some risk to elections information housed on government networks.

CISA is aware of some instances where this activity resulted in unauthorized access to elections support systems; however, CISA has no evidence to date that integrity of elections data has been compromised.”

Quick Tips

In theory, threats like Zerologon should never pose much of a problem. After the initial discovery, a patch is made and released as a Windows update. Once the update is installed, the network is secure.

In practice, however, updates don’t always happen with any sort of urgency. Especially in the case of the Zerologon patch, its time-consuming nature may prompt careless employees to bypass updates in order to keep their system up and running. Certain organizations may decide that the downtime involved in their 24/7 operation is too costly for a fix that may never threaten them in the first place. Some networks are running on servers that will no longer be supported as of November 2020, meaning that, although they will have received the first patch, the second patch won’t automatically install.

Related: Developing A Culture Of Enterprise Cyber Security Resilience

These are simple fixes for a holistic IT team and a solid cyber security framework—for enterprises that have one. Additional mitigation measures include:

  • Applying the Microsoft patch ASAP
  • Using a relevant script or third-party cyber security team to ensure that all domain controllers are patched.
  • Monitoring for Group Policy Object (GPO) changes.
  • Enacting a least privilege access policy to minimize internal threats

Read More: Incident Of The Week

Source: https://www.cshub.com/attacks/articles/iotw-despite-patch-zerologon-attack-still-a-big-deal

Continue Reading
Energy42 mins ago

Xinhua Silk Road: o setor solar da China deve concretizar um crescimento mais rápido em meio a um objetivo de neutralidade de carbono

Energy47 mins ago

Xinhua Silk Road: La industria solar de China adoptará un crecimiento más rápido en busca del objetivo de la neutralidad de carbono

Esports2 hours ago

jks: “I’m at the point in my career where I really just want to win a lot of things; this is the reason why I came to Complexity”

Energy2 hours ago

Insights on the Fermented Ingredients Global Market to 2027 – Strategic Recommendations for New Entrants

Energy3 hours ago

$6.9 Billion Worldwide Spandex Industry to 2027 – Impact of COVID-19 on the Market

Energy3 hours ago

Kimbell Royalty Partners Declares Third Quarter 2020 Distribution

Denmark
Esports3 hours ago

Vitality edge out Astralis to reach DreamHack Open Fall grand final

Energy4 hours ago

$172 Million Worldwide Friction Stir Welding Equipment Industry to 2027 – Impact of COVID-19 on the Market

Energy4 hours ago

Three Verdant Power Tidal Turbines Deployed in New York City’s East River

Energy4 hours ago

Kennametal to Attend Baird 2020 Global Industrial Virtual Conference

Brazil
Esports4 hours ago

MIBR add stand-in trio for BLAST Premier Fall, Flashpoint

Energy4 hours ago

Worldwide Thermal Energy Storage Industry to 2025 – Featuring Abengoa, Baltimore Aircoil & Brightsource Energy Among Others

AR/VR5 hours ago

Competition: Win Either Angry Birds VR or Acron: Attack of the Squirrels! for Oculus Quest

Denmark
Esports5 hours ago

Complexity unveil jks

Cyber Security5 hours ago

How Comodo’s Auto-Containment Technology Is Helping an IT Company Provide Ransomware Protection to Clients

AR/VR6 hours ago

Beat Saber Multiplayer for PlayStation VR Arrives Early 2021

AR/VR7 hours ago

The VR Game Launch Roundup: A Horrifyingly Tasty Selection

Blockchain News7 hours ago

Microstrategy CEO Reveals BTC Purchase is Corporate Strategy to Adopt Bitcoin Standard

Brazil
Esports7 hours ago

BOOBIE joins Yeah

Energy8 hours ago

EPRI Joins International Consortium to Overcome Barriers to Renewable Energy Integration

Energy8 hours ago

Global Boring Tools Industry (2020 to 2027) – Market Trajectory & Analytics

Esports8 hours ago

Betway Nine to Five 5 Swiss Stage Fantasy live with prizes

Energy9 hours ago

Antimicrobial Coatings Market Size is Anticipated To Reach USD 11.6 Billion By 2027 – Valuates Reports

Energy9 hours ago

Modular Uninterruptible Power Supply (UPS) Market worth $6.0 billion by 2025 – Exclusive Report by MarketsandMarkets™

AR/VR9 hours ago

HTC’s Cher Wang Given ‘Accenture VR Lifetime Achievement Award’ by AIXR

Energy9 hours ago

Global $3.4 Billion Aerosol Valves Market to 2027: Rise in Demand for Innovative Product Dispensing Technology & Product Differentiation

Crowdfunding9 hours ago

Taking LSD Could Help Your Career

Russia
Esports10 hours ago

Natus Vincere defeat Gambit to set up IEM New York CIS semi-final bout against Virtus.pro

Energy10 hours ago

Global $6.7 Billion Automated Storage & Retrieval Systems Market to 2025

Energy11 hours ago

Duke Energy announces dividend payments to shareholders

Energy11 hours ago

Lighting Control System Market Size is Projected to Reach USD 29990 Million by 2026 – Valuates Reports

Energy11 hours ago

Surge Energy America Recognized on Houston Business Journal’s Best Place to Work List

Energy11 hours ago

WAAREE spreads its wings globally, opens franchisee in Africa

Ecommerce11 hours ago

Revuze, the first SaaS Consumer Insights eCommerce Platform

AR/VR11 hours ago

Create Games With Your Voice Inside the Anything World Beta

Blockchain News12 hours ago

Bitcoin Price Bull Run Sees Grayscale Investments add $300M AUM in One Day

Blockchain News12 hours ago

Blockchain Industry Leaders R3 and FORMS HK join Cyberport to Launch “Block AdVenture” Program

Blockchain13 hours ago

A senior BOJ official says the digital yen needs public support for it to become a reality.

Blockchain News13 hours ago

PayPal May Buy Digital Asset Custodian BitGo Following Crypto Market Entry

Blockchain14 hours ago

Japanese soccer star Keisuke Honda launches his own crypto

Trending