New Aanval Features: Syslog Mirroring and Email Reports

New to Aanval SAS in build 70153 are two new features: Syslog Mirroring and Email Reports

Syslog Mirroring
This feature allows the Aanval console to easily and automatically output a stream of Aanval-imported events as user-defined UDP packets to a specific device and port, allowing users to monitor Aanval activity and/or duplicate or store Aanval log data.

Getting Started
Enabling this feature is as simple as detailing where the packets go and what event details are to be sent. Visit our Support wiki for complete and simple instructions: Syslog Mirroring

Email Reports
Aanval has a powerful reporting feature, allowing users to easily and quickly create extremely detailed reports. Reports are viewable in HTML, XML, and Text formats. Those reports can now be emailed in Text format directly from the console Reporting feature.

Getting Started
Visit our Support wiki for complete and simple instructions to first create reports and get them sent: Reports

Don’t have these features yet?
Aanval SAS commercial packages provide users with console maintenance, so they’ll always have the latest build and features. Aanval alerts users of new versions with User Messages that show at the top of the console event feed. Click the information icon to be directed to the Update page, or navigate your console to Console Configuration > Console > Version Management > Update. Once downloaded and installed, accept the EULA and begin enjoying and benefitting from these features, and watch for more to come.

So what else is new?
Read our Release Notes to know the details of each new build. Sign up for our newsletter at Aanval.com to keep apprised of all our upcoming developments and promotions.

Cybercrime in Healthcare Sector Evolving: Point-of-Sale (POS) Breaches Now an Alarming Concern

As technology is continually being used to drive efficiencies into the healthcare system, the potential for data breaches increases exponentially. Healthcare is among the top industries frequently victimized by data breaches with billing records and medical files overwhelmingly the most frequently stolen patient data. According to Navigant’s Information Security & Data Breach Report, healthcare organizations accounted for the highest percentage of data breaches, more than one-third of all data breaches in the United States. In addition, HITRUST’s Analysis of U.S. Healthcare Breach Data revealed that the total number of breaches of over 500 individuals posted to HHS since September 2009 is 495. The total number of records breached is 21.2 million and the average breach size is 42,659.1 at a cost of $8,275,865.40. The study also reported that hospitals and physician practices were responsible for 32% and 25% of total breaches in the healthcare industry. Government institutions experienced the greatest loss of records.

Despite repeated warnings from the Department of Health and Human Services, the healthcare sector is still lagging behind other industries regarding implementing security precautions when it comes to protecting sensitive PHI. The Ponemon Institute’s Cost of Cyber Crime Study reported that fewer than half of healthcare providers surveyed performed an annual security risk assessment. In fact, 52% of organizations that conduct one of these crucial IT audits discover a security breach as a result.

Cyber Criminals Targeting Point of Sale Terminals (POS) Not EHR

According to the article “Cybercrime and the Healthcare Industry,” “healthcare providers have a tough challenge at hand. As administrative technologies like Electronic Health Records (EHR) and online health portals begin to become standard issue, the access to financial data and information so strongly demanded by providers, patients, payers, and employees is also fast becoming a new target for hackers.” According to the Verizon 2013 Data Breach Investigations Report, hackers in healthcare are now more interested in attacking payment point-of-sale systems than actual EHR records. POS terminals accounted for 64% of compromised health care assets compared with 38% of desktops or workstations. The Verizon Risk Team further elaborated in an eWeek article that the “the healthcare area is very used to the patient-privacy aspect of securing the data and may not be paying too much attention to their payment systems. In addition to payments for care, security breaches also involve transactions to hospital gift shops and cafeterias. With the final omnibus rule for the Health Insurance Portability and Accountability Act (HIPAA) requiring risk assessments, health care organizations need to determine their level of preparation for financial attacks.”

A key lesson offered by the Verizon Data Breach Investigation Report is that smaller practices including dental offices and outpatient care facilities are also at a high risk of cyber attacks. Therefore, no healthcare organization is immune to being breached.

Where Should Healthcare IT Departments Target Their Security Efforts?

1. Point of Sales (POS) Terminals and Servers 
Most hackers are not after EHRs; they want financial and insurance information that can be used to steal money and conduct medical and insurance fraud.

2. Desktops and Workstations
93% of healthcare breaches involved hacking and malware. Attacks in the healthcare industry often start by tricking an organization’s employees to install malware on the network.

3. Storage Systems
Storage systems contain financial as well as clinical data that are gold mine for hackers.

About Tactical FLEX, Inc.
Tactical FLEX, Inc. is a privately owned software development firm based in Seattle, specializing in information security research, engineering, technology design, and production. With the technological development of Aanval®, Tactical FLEX, Inc. has become a global provider of information security vulnerability and risk management software solutions that protect businesses of all sizes. Aanval® is the industry’s leading Snort, Suricata, and Syslog Intrusion Detection, Correlation, and Threat Management console on the market. Aanval® currently has over 6,000 customers worldwide including government security, defense organizations, technology corporations, financial services organizations, energy companies, educational institutions, healthcare organizations, biotechnology manufacturers, pharmaceutical companies, law firms, utility providers, and many others. Learn more about Aanval® by visiting http://www.aanval.com. Aanval® may be downloaded for testing and evaluation at http://www.aanval.com/download.

Debunking Common Myths Regarding Security Information and Event Management (SIEM)

In a recent study conducted by Infosecurity Europe, it was revealed that 93% of large organizations have experienced at least one security breach in the previous year. The study also reported that the number of breaches is growing at an alarming rate as organizations experienced, on average, 50% more breaches in the previous year. While security threats continue to escalate, many organizations have deployed or have considered security information and event management (SIEM) solutions in order to obtain a holistic view of their information technology security. The beauty of a SIEM is that it takes all the information gathered from events across the network and tailors it to inform IT departments exactly what is happening and when. SIEM technology is also essential for helping security analysts detect internal and external threats and to perform crucial network forensic analysis. According to Gartner, the demand for SIEM technology is growing at an annual rate of 21% and is the fastest growing areas of the security sector.

Although research shows that SIEM product visibility in the U.S. has improved with higher adoption, proper understanding of the technology is still lacking. Frost & Sullivan, an industry research firm, reported that there is a low level of awareness associated with SIEM solutions and further stated that “it is imperative for SIEM vendors to reach out to enterprise end users to enhance their technological awareness and correct any underlying misconceptions or assumptions which may exist toward the technology.” In this blog, we will review some common myths surrounding SIEM technology to help IT Security Professionals separate truth from fiction.

Myth #1: SIEM Solutions are Resource-Intensive and Require Substantial Financial Investment to Deploy

Answer: In light of the benefits of capitalizing in SIEM technology, the high costs of investing in some SIEM platforms have been holding small- and mid-market enterprises back. It is true that most SIEM solutions require a significant investment up front to get it started and also require an ongoing investment in humans to keep it running. This is what can put some SIEM solutions beyond the reach of SMBs or under-funded enterprises. However, not all SIEM solutions come with hefty price tag. If you’re an SMB or an enterprise-class organization with limited budgets, enterprise-grade SIEM platforms that are affordable and easy to use do exist in the marketplace. These are the hidden gems in the seemingly crowded SIEM market category. However, selecting the right SIEM product is almost entirely based on the use cases an organization is trying to fulfill. For example, if you’re an SMB with a shortage of security analysts, your needs and cost sensitivity will vary widely from that of a large organization. You will most likely require a healthy amount of automated functionality while heavy customization is probably not on the agenda.

Myth #2: SIEM Solutions are Equal in Features and Benefits

Answer: Today’s SIEM should be a powerhouse of data capture, correlation analysis, and reporting. Although SIEMs are pre-packaged with a set of security features, it is important to note that the advanced feature sets vary from vendor to vendor as SIEM vendors specifically market to potential and existing clients based on specific-use cases. In order to fully understand SIEM technology, the common core functions and advanced features sets must be explored. To view the essential features and capabilities of a SIEM technology, please read http://wiki.aanval.com/wiki/Library:The_Essential_Features_and_Capabilities_of_a_SIEM_Technology. As SIEM products mature in the marketplace, vendors will introduce new and advanced features to bring to the table for product differentiation as well as market it for specific use cases to solve a particular security need. Overall, it is important to understand that SIEM vendors are not all equal in capabilities and the product features are only valuable if it meets your business and security needs. For example, Tactical FLEX, Inc. is among SIEM-leading suppliers that provides a very strong focus on intrusion detection for effective threat management. Aanval SIEM commercial solution comes tightly integrated with effective Snort and Suricata open source security tools and can also support any device with syslog capabilities to deliver complete data management. Aanval should be considered by organizations that want a scalable commercially supported SIEM solution utilizing the most widely deployed and trusted intrusion detection system on the market for enhanced security and improved situational awareness and protection. If automation and network visibility are key factors for your network organization, you will benefit immensely with an Aanval SIEM solution. In today’s rapidly changing security environment where network environments are growing ever more distributed and complex to manage, IT departments truly need a flexible SIEM that is designed to scale. To view our SIEM comparison table, please read the following article: How to Find the Right SIEM Solution. A Step-by-Step Guide and SIEM Features Comparison.

Myth #3: SIEM Technology is Only Useful for Log Reporting and Compliance

Answer: Over the years, SIEM has almost become synonymous with log reporting and compliance management. Yet, SIEM technology has far more advanced capabilities than simply helping organizations make sense of log data to meet security and audit regulations. Dr. Anton Chuvakin, a security expert on SIEM technology, finds that “too often, organizations purchase SIEM and log management solutions to check a compliance checkbox. These organizations miss a huge opportunity to improve security.” Fortunately, many organizations are increasingly realizing the value and benefits of SIEM in improving their security posture.

According a recent RSA Survey, these are additional widely used functions and tools of SIEM solutions:
1. Alert anomalies
2. Identify threats and potential high-risk incidents
3. Monitor network traffic
4. Streamline remediation efforts
5. Advance other security operations functions in general

About Tactical FLEX, Inc.
For nearly a decade, Tactical FLEX, Inc. has taken great pride in providing best-of-breed security solutions to every type of organization around the world. Our wide spectrum of customers demonstrates our sincere commitment to an industry that remains at the forefront of the digital evolution of the world. Information security is our business, and our customers are our greatest asset. Tactical FLEX, Inc. is a trusted security vendor protecting more than 6,000 organizations within every industry in more than 100 countries. Our product Aanval® is the industry’s most comprehensive end-to-end Snort and syslog intrusion detection, correlation, and threat management solution, built with a unique Situational Awareness engine, distinct false-positive protection technology, and a fully-integrated event management and attack data correlation engine. Learn more about Aanval SAS™ by visiting http://www.aanval.com

Aanval® is also available for download as a free Community edition for testing and evaluation at http://www.aanval.com/download. Let Aanval SAS™ turn your security event data into actionable and comprehensive insights.