Aegis Secure USB Key by Apricorn

Another cool gadget I saw at the Toronto Tech Security Conference was ultra-secure USB storage by Apricorn http://www.apricorn.com.

Now, this is cool their product is a secure USB thumb drive or SSD portable hard-drive it features built-in encryption built into the chip meaning no software needed on the PC.

IMG_20160519_081851

 

They have a wide range of drives and sizes the keys and drives all have a keypad on the device you need to enter your passcode to decrypt the drive.

If you enter the password wrong 10 times the data is wiped this is perfect for data in motion as we have seen in the past with thumb drives being lost with customer data or hospital records in a few cases.

This forces the data to be encrypted so there is not oops i forgot to encrypt the data.

Now the construction of the key was my first concern what stops someone from taking the key apart to start trying to pull the decryption key off.

Well, the rep explained that the drives are first secured with FIPS140-2 encryption so good luck and on top of that the drives are filled with epoxy.

If that wasn’t enough the encryption keys are stored on 6 different chips pretty much this is as secure as a USB stick gets.

 

 

Thinking about launching a Podcast

Let me know what you think

I want to launch a podcast for network security and related topics i would like to get some vendors on to talk about their product.

as well as share views on the security landscape let me know what you think?

Introducing and thoughts on DARKtrace “The Enterprise Immune system”

darktrace

 

So it has been a few days since I was at the conference and I came across a few companies and products that I have not have the opportunity to see.

One of the products that caught my eye was Darktrace they sell their product as the “Enterprise Immune System” essentially they are smashing Big Data and network analysis together to get a picture of what is normal on a network and what is not.

The company was started by mathematicians from the university of Cambridge and former Mi5 works  the company is based out of the U.K

I had the opportunity of speaking with  2 of the reps at the conference and they were very knowledgeable about the product.

they were very willing to share info on the product and have kept in touch with me since after the event which is always good.

So what is Darktrace?, Darktrace is a device that sits on a span port or network tap preferably on the core and  it listens to all the traffic that passes through the core to get an analytical view of what happens on the network.

Under the hood there is some advanced mathematical  algorithm that is used for the analysis   the system records things such as URL’s and requests out to the internet  this is a wonderful tool in security since things such as Malware infections can be flagged when they perform certain calls out of the network  for certain URLs or files that have never been seen on the network. This can help detect unusual activities this is a concept known as machine learning which the system heavily uses to perform these tasks.

The User Interface looks like something out of a Scifi movie

DarkTraceUi

This is the future of security we need to embrace predictive analytics and machine learning to really listen to what is going on in the network every detail is important and Darktrace is right up there at the forefront of the new age.

The legacy approach is not as effective as it once was things like ransomware and APT  are becoming some advanced so quickly it’s going to take more than just the usual to stay ahead of the game.

I spoke with a rep from Darktrace and she provided me with a play by play article on how Darktrace was able to help an online casino secure their after a ransomware breach see the article here https://threatpost.com/diary-of-a-ransomware-victim/117877/

Also, they provided me with an awesome white paper on their automation and machine learning technology

 

My thoughts

A company built by spies and mathematicians? sweet

On a serious note, this product and those like it are the future of security more and more vendors are releasing products based on analytics instead of traditional solutions.

Darktrace has a very informative team and website with all sorts of case studies and the facts speak for themselves more and more threats are flying around the internet that has been caught first with analytics and machine learning.

Here is a link to a page of  whitepapers from Darktrace https://www.darktrace.com/resources/

As I have mentioned in previous posts Big data + security is the future and I am happy to see solutions coming out that embrace this new era of security

The only issue I see is the behavioral analysis and I have recently sent this question into Darktrace so I am waiting for an answer.

my concern is what happens when I bolt this solution into my network that has already be compromised ?. Will that traffic be white-listed and considered as normal? what happens if a comprise happens during the data gathering stage will that also be seen as normal?

I am waiting for an answer on that I will update this post when I get it

-Update check the comments for an answer to the above question

 

 

 

 

TeslaCrypt has shutdown and has released the master encryption key !

I am a bit late to the game on this one

It has been reported by ESET and SANS that the ransomware operators have shut down their operations and have released the master encryption key to decrypt infected computers data.  This is surprising seeing as the market has been very lucrative for the ransomware developers and the infection rate is increasing.

See below from the group’s tor page

teslacrypt_closed-1024x204

 

Since the master key is now available tools have been made to decrypt encrypted data to help users recover.

The Eset tool is available at  http://download.eset.com/special/ESETTeslaCryptDecryptor.exe

Does this mean the team has disbanded or are they working on a more sophisticated malware? there are a lot of questions but for now, this is great for those that have been infected by Teslacrypt.

 

Ransomware continues to be a big issue for both home and business users we are finding more strains all the time and the infection is very effective which is why it is so lucrative.

Here is a quote from welivesecurity

“We must stress that ransomware remains one of the most dangerous computer threats at this moment, and prevention is essential to keep users safe. Therefore, they should keep operating systems and software updated, use reliable security solutions with multiple layers of protection, and regularly back up all important and valuable data at an offline location (such as external storage).” – http://www.welivesecurity.com

-Picture is from –  welivesecurity.com

 

In order to protect your self, it is vital to keep up with the standard best practices keep an update antivirus and firewall installed as well as keep current with operating system updates.

Also, don’t click on unknown links or download attachments from unknown senders

See you soon!