Tag Archive for: Response

OIG Assesses CISA’s Cyber Response Post-SolarWinds

/in


A review by the Office of Inspector General (OIG) has found that the Cybersecurity and Infrastructure Security Agency (CISA) has improved its ability to detect and mitigate risks from major cyber attacks since the SolarWinds breach discovery in 2020. The watchdog added however, that work remains to safeguard Federal networks. 

The SolarWinds Incident

In 2019, a threat actor, later identified as the Russian Foreign Intelligence Service, carried out a campaign of cyber attacks that breached computing networks at SolarWinds, a Texas-based network management software company. The threat actor conducted a software supply chain attack, taking advantage of security vulnerabilities to plant malware (malicious code) in a software update that SolarWinds sent to its clients. When a client installed an infected update, the malware would spread, allowing access to the client’s networks and systems. The attack was highly sophisticated and used new techniques and advanced tradecraft to remain undetected for more than a year.

Because the U.S. government widely uses SolarWinds software to monitor network activity on Federal systems, this incident allowed the threat actor to breach infected agency information systems. SolarWinds estimated that nearly 18,000 of its customers could have received a compromised software update. Of those, the threat actor targeted a subset of high-value customers to exploit, including DHS and multiple other Federal agencies, primarily for espionage. The operation was first detected and reported to CISA by a private sector cybersecurity firm.

CISA participated in a task force with other Federal agencies to coordinate a government-wide response to the SolarWinds breach. The task force worked from December 2020 through April 2021 to discover the impact and mitigate the effects of the cyberattack. After CISA completed its SolarWinds response, it prepared several after-action reports that identified lessons learned, capability gaps, and areas for improvement. CISA reported it needed a better communication process, more visibility into Federal agencies’ networks, and increased authority to find cyber threats on Federal networks.

The Department of Homeland Security…

Source…

EDR: Endpoint Detection and Response

/in


Endpoint detection and response (EDR) is a security analysis approach that focuses on detecting, analyzing, and responding to malicious activity on endpoints, such as laptops, servers, and mobile devices. It involves continuously monitoring endpoint activity for signs of potential threats, and then using that information to identify, investigate, and respond to those threats in real time.

EDR originated in the early 2010s as a way to address the growing complexity and volume of cyber threats faced by organizations. With the proliferation of cloud computing, mobile devices, and the Internet of Things (IoT), traditional security approaches were no longer sufficient to protect against the full range of threats facing organizations. EDR was developed as a way to provide more visibility and control over endpoint activity, and to enable organizations to respond more quickly to potential threats.

Threat hunters can leverage EDR to identify and investigate potential threats by analyzing endpoint data in real time. This includes analyzing network traffic, process execution, and other endpoint activity for signs of malicious behavior. EDR can also be used to detect and respond to threats that have already infiltrated an organization’s systems, by providing the visibility and context needed to understand the extent of the compromise and take appropriate action. Overall, EDR is an important tool for threat hunters because it provides the real-time visibility and context needed to identify and respond to potential threats, and to continuously improve an organization’s security posture.

The post EDR: Endpoint Detection and Response appeared first on Cyborg Security.

*** This is a Security Bloggers Network syndicated blog from Cyborg Security authored by Cyborg Security. Read the original post at: https://www.cyborgsecurity.com/glossary/edr-endpoint-detection-and-response/

Source…

How Mobile Techs Enhance EMS Response, from Dispatch to On Scene

/in





The widespread adoption of mobile technology in EMS will transform how emergency professionals respond to 911 calls and reduce costs for EMS providers. Similar programs can help with better resource allocation, lowering costs for patients and emergency medical services overall.
The widespread adoption of mobile technology in EMS will transform how emergency professionals respond to 911 calls and reduce costs for EMS providers.
Similar programs can help with better resource allocation, lowering costs for patients and emergency medical services overall.

Guest Editorial by Scott Morris, Senior Account Manager, Panasonic Connect North America

Can you imagine a world where laptops didn’t exist for EMS workers? Yet, as late as 2011, states, including Georgia were just beginning to require that all EMS reporting be done electronically.

Besides storing all patient records in one place, mobile technology can enhance EMS response by improving communication and response times. Specific device features such as cellular and Wi-Fi connectivity help EMS workers determine the next steps for patient care, dispatch the required information to hospital networks, and deliver services more efficiently.

Mobile devices and portable laptops provide a level of flexibility not previously available for emergency services. As a first responder, the job requires workers to be on-call and ready at a moment’s notice.

First responders can now have wireless Class of Service (CoS) for mission-critical applications on the Verizon 4G LTE Private Network. (Courtesy of Verizon)
First responders need a wireless Class of Service (CoS) for mission-critical applications. (Courtesy of Verizon)

Features such as long battery life and durability ensure that first responders can be ready to go whenever a call comes in – and the device retains the power to last throughout the shift. Furthermore, having devices that allow hot-swapping provides the assurance of not losing work or connectivity while swapping in a new battery during an emergency call.

EMTs and paramedics often transition to-and-from office or desk environments to vehicles, and then to patient homes and other environments.

When it comes to their mobile devices, the emphasis for these workers now lies in blending functionality and portability with reliability and durability. Device usability should be the last thing on an EMT’s mind while they are racing to serve patients and save lives.

These devices should be able to survive drops and spills, and also be built for use outdoors, whether in extreme sunlight, rain, or snow – without screens…

Source…

North Korea fires 2 missiles capable of reaching Japan in possible response to Tokyo’s new security strategy

/in


SEOUL, South Korea (AP) — North Korea test-fired a pair of ballistic missiles with a potential range of striking Japan on Sunday, in a possible protest of Tokyo’s adoption of a new security strategy to push for more offensive footing against North Korea and China.

The launches came two days after the North claimed to have performed a key test needed to build a more mobile, powerful intercontinental ballistic missile designed to strike the U.S. mainland.

The two missiles traveled from the country’s northwest Tongchangri area about 500 kilometers (310 miles) at a maximum altitude of 550 kilometers (340 miles) before landing in the waters between the Korean Peninsula and Japan, according to the South Korean and Japanese governments.

South Korea’s military described both missiles as medium-range weapons that were launched at a steep angle, suggesting they could have traveled farther if fired at a standard trajectory. North Korea usually tests medium- and longer-range missiles at a high angle to avoid neighboring countries, though it fired an intermediate-range missile over Japan in October, forcing Tokyo to issue evacuation alerts and halt trains.

In an emergency meeting, top South Korean security officials deplored North Korea’s continued provocations that they said came despite “the plight of its citizens moaning in hunger and cold due to a serious food shortage.” They said South Korea will boost a trilateral security cooperation with the U.S. and Japan, according to South Korea’s presidential office.

Japanese Vice Defense Minister Toshiro Ino separately criticized North Korea for threatening the safety of Japan, the region and the international community. The U.S. Indo-Pacific Command said the launches highlight the destabilizing impact of North Korea’s unlawful weapons of mass destruction and ballistic missile programs. It said the U.S. commitments to the defense of South Korea and Japan “remain ironclad.”

Kwon Yong Soo, a former professor at Korea National Defense University in South Korea, said North Korea likely tested its Pukguksong-2 missile, a solid-fueled, land-based variant of its Pukguksong family of missiles that can be…

Source…