Category Archives: Cyber Security

AlertEnterprise Salutes National Cybersecurity Awareness Month


This entry was posted by on .

Nactional_Cyber_Month

October is coming to an end. It is also National Cybersecurity Awareness Month. Thankfully no major breaches have been announced this month. Please join us in supporting the mission of the Department of Homeland Security by promoting Cybersecurity Awareness all year round.

Department of Homeland Security has designated October as National Cybersecurity Month. Each week in October is meant to highlight certain areas of security. Here are some are some of them. Remember these can be done year-round, not only in October. read more

Visit AlertEnterprise at the API IT CyberSecurity Conference 2014


This entry was posted by on .

2014Cybersecurity_FeatureBanner

API IT CyberSecurity Conference 2014
November 11-12, 2014
Houston, TX

AlertEnterprise will be exhibiting its Security and Convergence Solution to Safeguard Critical Assets and Infrastructure

AlertEnterprise delivers cyber security convergence and safety software for the energy industry to prevent insider threat to Plant Processes and SCADA Systems. AlertEnterprise analyzes threats across IT, Physical Access Control Systems (PACS) and SCADA systems to assess risk and meet multi-regulatory compliance requirements. AlertEnterprise automates multi-regulatory compliance inclusive of NERC CIP, CFATS, and more. read more

All Aboard the Hype Train: DefCon 22 Has Arrived


This entry was posted by on .

SCADA is Bigger Than Ever at DefConDefCon 22 is one of the largest and most recognized hacker events of the year, hosted at the Rio in Las Vegas, NV.  In the past few years, the con has brought in 12,000+ hackers, feds and everyone in between to share ideas, tools and new tactics for defeating (and protecting) security measures and controls.  Recently there has been an increase in talks related to control systems.  For example, here’s this years list of SCADA-related talks – read more

Havex: Interesting in a Different Way


This entry was posted by on .

Lot’s of news recently about a resurgence of the Havex malware.  Here’s why (and why you should care)

‘Old’ Attack Vectors

There are a number of tried and true ways to get malware onto a target system, most common is via email.  The attacker sends an email to the target with a file and hopes the target opens that attachment.  There are a few tricks to this: Email Attachment
  1. Hope the target environment doesn’t block your attachment
  2. Because of point 1, attacker has to use malware embedded in a common file format, such as pdf/doc/xls
  3. Reliability of the malware reduces (as a result of point 2)
Attacker Used Spam!  It's Not Very Effective

Attacker Used Spam! It’s Not Very Effective

An alternate to plain attachment vectors is to insert a web link that sends the target to a malware infested domain.  A bit more sophisticated, this domain can now collect browser/system information and craft the malware page accordingly.  Attacker still has to rely on the target: Link to Malware Site

  • Receive the email
  • Recognize it’s not spam
  • Click the link
  • Interact with popups/alert boxes in order to install the malware
  • read more

    IAM: Providing Access to the Right People


    This entry was posted by on .

    “Role” can be defined as a technical phrase being used for the collection of individual privileges (access to company assets) which are assigned to an individual to perform his job. AlertEnterprise delivers a unique solution for Role Management across various external systems including physical & logical.

    role_management_AlertEnterprise

    Eg. When any person joins the organization, apart from creating/managing his digital identity, it is equally important to provide access to the devices (physical/logical) where he is supposed to work. Both of these things are well managed by the Role Module incorporated into the AlertEnterprise application. read more