Target Data Breach

How did they pull it off and how can you safeguard your environment from a similar event?

The Target Stores data breach started by exploiting a vulnerability in an externally facing webserver.  Once inside, hackers took command of an internal server and planted malware on the Point of Sale devices in stores all over the US.  The harvested data was stored internally until the hackers reached back in to grab the millions of credit card account records that were stolen.  More details can be found at http://krebsonsecurity.com/

With the tools available today, how could this event happen?  What can you do to safeguard your environment from a similar incident?

PathMaker Group recommends the following measures:

  1. Assess the overall security posture of your organization.  Our company provides a rapid assessment covering 16 security domains enabling you to understand where you may have major gaps.  We can help you prioritize these gaps to help you to maximize your risk mitigation.
  2. Test your environment (and your website code) for vulnerabilities.  External and internal penetration testing is a necessary starting place, but if you develop your own website code, scanning your application code prior to releasing the system to production is essential as these techniques and tools will surface many more vulnerabilities.  We can help with both of these services.
  3. Leverage security intelligence technologies to correlate and identify suspect events before massive damage can occur.  We can rapidly deploy an industry leading solution for you in a matter of days including setting up a managed service.

For help or more information, please contact PathMaker Group at 817-704-3644

Keith Squires, President and CEO, has been in high demand by the media to add insight to this recent news.  Radio and television news interviews, including CBS National News, are available to view at the following link:

https://www.pathmaker-group.com/home/pathmaker-group-news/

Breach at Target Stores Affect 40 Million Customer Card Accounts

Target suffered a major data breach losing credit, debit and Red card numbers for as many as 40 million customers across 1900 stores in US and Canada. This will go down as one of the largest breaches in recent history and it comes at the worst possible time.  Consumers may have to cancel their cards just they are trying to finish Christmas shopping.  Target says the issue has been resolved. Keep an eye on your accounts and if you see any suspect activity, cancel your card right away.

Are you doing everything you can to prevent a breach like this at your company?

Talk to PathMaker Group about our 16 domain security assessment.

https://www.pathmaker-group.com/services/security/assessments/

Learn more about the Target breach at their corporate website

https://corporate.target.com/discover/article/Important-Notice-Unauthorized-access-to-payment-ca

 

Have you had your Security Wellness Check?…

So you think your organization is secure . . . think again! IBM X-Force 2013 mid-year report says that many of the breaches recently reported were a result of “poorly applied security fundamentals and policies and could have been mitigated by putting some basic security hygiene into practice.” Covering the basics is exactly what we help companies achieve through our “SecurePath” 16 domain rapid security assessment. In one week we can review your security posture, cover all your bases and help you prioritize the big security gaps in your environment.

Gartner Identity and Access Management Summit

How Can a Company Guarantee a Successful, Strategic Identity Access Management Program?

The Gartner Identity and Access Management Summit is right around the corner and leaders from all over the world will be coming to try to get this question answered.  Here are a few ideas from our ten years in the industry.

Strategic Identity and Access Management (“IAM”) projects can be difficult and the new challenges with mobile, social, and cloud compound the problem.  Protecting the perimeter is not enough anymore.  Safeguarding identities are the key to a truly secure enterprise.

The industry has seen way too many train wrecks with IAM.  To get beyond basic capabilities and really use IAM systems as a foundation for strategic IT, a company MUST take the time up front to consider the long-term plan.  Near-term, immediate priorities can be solved with client-based single sign-on, basic provisioning, simple roles and audit reports.  But with a short-term (and maybe short sighted) plan, a company can just as easily limit their ability to solve more complex problems.

Read more

7 Minutes of Terror

Last month we witnessed an amazing feat of science & engineering with the landing of NASA’s Curiosity Rover on Mars. Before this could be accomplished years of preparation through innovation, design & testing had to occur. It all culminated towards what the NASA scientists and engineers at JPL call “the 7 minutes of terror” – the 7 minutes between when Curiosity entered the Mars atmosphere and when it was expected to land. Of course we know now that it was a fantastic success – but what made it so? How does an organization accomplish such a fantastic undertaking?

Well it got us here at PMG thinking; what is it that we do together with our clients that makes projects a success? We know we’re not rocket scientists, but it’s still fun to day dream & draw some interesting connections between the Curiosity mission and our own business and philosophies.  Read more

IT Disciplines of an Identity & Access Management Expert

The field of identity and access management is considered a small, specialized niche in the world of IT. Some would speculate that this is because of the very complex nature of the applications we deploy to an enterprise. Although that may be true, it goes far beyond just the complexity of the specific applications we work with. A true identity and access management expert must be very knowledgeable over many IT disciplines. This is due to the products we architect and implement being entire solutions, as opposed to singular purposed applications. Let me provide some examples of the typical IT disciplines covered during a deployment:

Gathering enterprise requirements:  The expert must be well versed in enterprise architecture, security, networking, hardware, and multiple operating systems. This is crucial as they will propose the best suite of products based upon the clients requirements and the current state of the enterprise architecture. The expert must consider things as simple as who the primary user base is, to more complex questions such as what hardware will be required based on expected application load. This phase will determine both the tempo of the project as well as its success. Lest we forget the expert must also play the role of a project manager, technical writer and business analyst. Any well-rounded expert can explain identity and access management plans and concepts to the client in simple, no nonsense terms, but also deliver highly technical documents to the various IT departments in which the project will affect. In addition, a precise project plan needs to be delivered to the client to stay on task and on budget. Read more

Using IBM Tivoli Identity Manager to recertify Active Directory Groups

Its audit time and you’re responsible for recertifying approximately 75 Active Directory Groups and each group has a membership of about 10 to 30 people.  An email needs to be sent to every manager for them to confirm the person still needs to be a member of the group.  You have to provide information to the Auditors to confirm that each person in each of these groups has been verified.  Before you can send out the verification requests to the managers you have to confirm each Active Directory Account has the correct person contact information and manager information.  All this has to be done in the next 30 days.

What are you going to do?  Book an early tee time!

How is this possible? Read more

An Overview of Digital Forensics and Electronic Discovery

Digital forensics and electronic discovery involve the collection and analysis of electronically-stored data. Together, these two fields of electronic security cover the entire digital information spectrum. To find out more about what each one is and when or why you may want to hire an investigative team to perform digital forensics and electronic discovery procedures for your company, continue reading this article.

What is digital forensics?

Digital forensics entails the thorough examination of electronic storage devices. In the process, electronic systems investigators identify, collect, maintain, and analyze the data stored on an electronic device. After doing so, they produce results based on their analyses that are defensible enough to be upheld in a court of law. Deleted, damaged, and encrypted files are all included in the analysis and the data explained in the results.

What is electronic discovery?

Electronic discovery, or e-discovery, is the process of gathering electronic data so that it is readily available and can be stored on a variety of electronic storage devices. This data is gathered and stored via:

  • Information and identity management.
  • Collection and preservation of all data.

When good e-discovery practices are employed at a company, e-discovery records can be sent to a team of digital forensics investigators for:

  • Processing, analysis, review, and presentation of results.

When are these processes necessary?

Electronic discovery should be practiced by any company that stores sensitive data and records that are crucial to future business. Digital forensics should be employed when a company needs to draw on its performance history to justify a decision made in the present, as well as whenever a company is facing legal action. A forensics team can ensure the files and digital history stored on your computer that support your case will provide you with valid courtroom evidence.

Are you a Dallas-based business owner who is looking for services in the field of electronic security and identity? If so, call PathMaker Group at (817) 704-3644 and ask about our electronic discovery, digital forensics, and identity management services today!

 

Using IBM DataPower XI50 Appliance to Secure XML-based Web Services

Congratulations!!! Your IT organization, and more importantly your company, now enjoys the benefits of Service Oriented Architecture (SOA). These benefits include return on investment, code mobility and maintenance, agility, improved scalability and high availability.  But along with these rewards come some disadvantages.  These include degradation of application server performance and increased security concerns and risks.  The XML-based Web Services in use in your enterprise easily expose back-end systems to customers and partners.  Your Web Services pass through your enterprise network firewall and are based upon SOAP, XML and HTTP.  These all combine to introduce new threats and security exposures within your enterprise infrastructure.  These new type of threats can consist of some of the following below:

  • XML Denial of Service
    • Slowing down or disabling a Web Service so that service requests are hampered or denied
  • Unauthorized Access
    • Gaining unauthorized access to a Web Service or its data
  • Data Integrity and Confidentiality
    • Data integrity attacks of Web Service requests, responses or underlying databases
  • System Compromise
    • Corrupting the Web Service itself or the servers that host its Read more

Giving Thanks at PathMaker Group

This week is Thanksgiving and I have a lot reasons to be thankful. I enjoy my job, I work with great people, and we provide a valuable service to our clients by helping them make sense of an extremely complicated industry.

About ten years ago I set out to establish a company that would last and that would be comprised of people who enjoyed working together.  This didn’t happen accidentally.  From day one, the purpose and approach to building this company has been intentional and disciplined. And it’s not just been about finding good people or even great people.  It’s been about finding the right people.

When you examine PathMaker Group, you see . . .

  • People who successfully maintain a healthy balance between work life and personal life
  • People who are growing by fully understanding and utilizing our unique gifts and abilities, and as a result are making a significant difference in our work, families, communities and beyond
  • People who are committed to developing as leaders and passing on our lessons through coaching and mentoring
  • People who work in a culture promoting creativity and fun and thus produce standard setting thought leadership
  • People who achieve top-tier results because of our passion and commitment to discipline, quality and client satisfaction Read more