Varonis Systems Inc, the leading provider of comprehensive data governance software, today announced it has extended its award-winning DatAdvantage® software to Microsoft Exchange. This platform extension gives Exchange administrators access to the Varonis® Metadata Framework™ technology (www.varonis.com/metadata) within DatAdvantage, which provides resource-saving automation for ongoing Exchange management tasks such as mailbox access management and consolidation, email activity tracking, access auditing and stale public folder and mailbox identification. By automating the way IT organizations perform daily Exchange management tasks, DatAdvantage delivers up to 70 percent time savings to overworked Exchange administrators.
“With traditional approaches, it was very difficult to understand access to mailboxes and public folders across all the Exchange servers, effectively audit email access and communication, and find owners for public folders and mailboxes,” said Bernard Besohe, local mail and system administrator for the Publications Office of the European Union. “With Varonis DatAdvantage for Exchange, we have significantly reduced our Exchange access and data management workload for tasks that we do many times every day. We now have a single console with a complete map to our ever-growing Exchange environment that has enabled our staff to identify and proactively manage and protect Exchange data.”
“Exchange data is a tremendous challenge to manage because permissions are not often well maintained, activity is not easily tracked or analyzed, and ownership for mailboxes and public folders is unknown,” said Vivian Tero, analyst for IDC. “Email systems contain a rapidly growing set of critical data that is very hard to protect and manage. By bringing the power of their widely used data governance system and Metadata Framework™ to the Exchange platform, Varonis is significantly increasing the control and efficiency that IT administrators have over this extremely important set of semi-structured data.”
Varonis DatAdvantage for Exchange enables customers to manage Exchange mailboxes and public folders alongside file servers and SharePoint sites through the proven Varonis Metadata Framework and DatAdvantage UI, offering the same trusted permissions visibility, audit trails and recommendations that customers have come to expect from Varonis Data Governance solutions.
“As the most widely adopted messaging platform and semi-structured data repository in the world, Microsoft Exchange is the go-to cross-functional collaboration system for many organizations,” said Yaki Faitelson, Chief Executive Officer, President and Co-founder of Varonis.. “Administrators are under enormous pressure to ensure that Exchange is secure, responsive, and constantly available. To do this, they require automation to understand activity patterns over the entire platform, understand ownership of the data, visualize access for all mailboxes and public folders across all the information stores, easily identify stale mailboxes and public folders and optimize processes for consolidation and migration. Varonis® DatAdvantage® for Exchange automates tasks that Exchange administrators are already doing manually, hundreds of times every day.”
With Varonis DatAdvantage for Exchange, customers can:
- Clean up shared mailboxes and identity appropriate delegation rights
- Clean up public folders and designate ownership assignments
- Audit and track message activity
- Identify spikes in activity
- Identify and remove stale public folders and mailboxes
Varonis DatAdvantage for Exchange features include:
- Bi-directional Permissions Visibility: From both a mailbox/folder and user/group view that allows administrators to easily analyze and report on permissions, spot permissions errors and improperly delegated access
- Auditing Automation: A detailed audit trail with highly granular filtering and sorting so administrators can easily see when email was sent, from and to whom it was sent, and when it was opened
- Recommendations and Permissions Modeling: Enabling administrators to quickly spot excessive rights and test permissions changes—prior to committing them—so that changes will not disrupt end-user productivity
- Ownership Identification: Automating ownership identification, assignment and reporting for mailboxes, public folders, and distribution groups to facilitate proper access authorization and review
- Stale Data Identification: Enabling IT to reduce storage overhead and costs
Meanwhile, Trusteer has warned that hackers are recoding Zeus to stay ahead of the malware pack
- Version 2.1 of Leading Online Fraud Platform Evolves to Stay Ahead of the Financial Malware Pack
Trusteer, the leading provider of secure browsing services, today reported that it has captured and analyzed a new version (2.1) of the Zeus financial malware and found that it has added sophisticated new mechanisms to commit online fraud and remain the Trojan of choice for criminals. Zeus has not only improved its business logic but also its ability to avoid detection and automatic analysis by antivirus vendors. Zeus is under the spotlight of security vendors, banks, and law enforcement, which forces its developers to continually improve it to avoid losing business to competing malware like Bugat, Clampi, and SpyEye. Just like commercial application developers, the creators of Zeus run an R&D programme to ensure it can avoid detection and side-step the growing number of IT security mechanisms designed to detect, block and eliminate it.
New capabilities in Zeus 2.1 include:
- URL matching based on a full implementation of the Perl Compatible Regular Expressions (PCRE) library. This allows much more flexibility for Zeus's configuration to define targets. For example, Zeus can now target all URLs that start with “https” and then zero in on those that contain specific digits and keywords. Earlier Zeus versions had a primitive regular expression implementation which provided very little flexibility in specifying target URLs.
- The injection mechanism (Zeus’s main “work horse”) now uses sophisticated regular expressions based on PCRE as well, which helps avoid detection. It can target individual web pages with elaborate injections, while not injecting into other pages. This surgical injection method creates more convincing pages and can target more banks using a single attack.
- Zeus now has a fine-grained "grabbing" mechanism, again based on PCRE, which can extract very specific areas of the page (e.g. the account balance) and report them to the C&C host. The grab mechanism provides an efficient way of collecting user data (such as account balance), as opposed to the cumbersome and wasteful way (supported by earlier Zeus variants) of having to copy the full page.
- As other researchers have already pointed out Zeus 2.1 completely changed the way it communicated with its Command &Control (C&C) servers with a daily list of hundreds of C&C hostnames, through which it cycles trying to find a live one which is a considerable improvement over the previous scheme.
- Zeus has added a 1024-bit RSA public key, which will probably be used for one-way encryption of data and authenticating the C&C server to Zeus clients.
“Since the Trusteer Secure Browsing software is installed on the PCs of millions of bank customers, automatically classifying, blocking, analyzing, and removing financial malware such as Zeus, our researchers can see enhanced attack vectors in real time,” said Mickey Boodaei, CEO of Trusteer. “The improvements are similar to those seen in commercial software, but instead of enhancements being released on a monthly or annual basis, the timescales are now being compressed to just days and weeks, largely because of the immense fraudulent revenues involved. While commercial software needs to undergo extensive quality assurance processes before being released, Zeus has the luxury of pushing rapid updates without worrying too much about software quality.”
Previous malware has risen in popularity, then been tweaked and then faded away, the enhancements in Zeus - which is currently into version 2.1 - show no signs of abating, largely because of the modular coding structure of Zeus. The modular approach, for example means that exploit hacks can be used to enhance the ability of Zeus to stage a real-time bank access attack, and so greatly extend its useful lifetime to the cybercriminals. As with any commercial application, software product maintenance and support are two of the more important reasons why users buy and use products, and Zeus has proven over the last three years that it does both very well for the cybercriminals.
The Zeus developers keep releasing new features - such as a highly granular browser injection facility - that allow them to stay one step ahead of the IT security community, as well as fixing bugs and other issues in previous versions. This level of commitment attracts the fraudsters' business and maintains interest in the Trojan amongst security vendors, banks and law enforcement officials. And this in turn re-enforces the security circle, with hacker coders constantly tweaking and improving the malware as time goes on.
"The big question is how long can Zeus stay in pole position in the malware fraud charts? Our researchers suggest that, given its ability to be morphed and enhanced, it's going to be some while yet before other malware gets a look in at the top spot. And this means that hackers have a vested interest to keep Zeus ahead of the game as far as its ability to defraud, forcing them to improve and increase their effort all the time to avoid losing the cybercriminal's business," Boodaei said.
IT security teams trying to defend against Zeus should:
- Recognize that antivirus technology is only partially effective against modern malware such as Zeus, Bugat, and SpyEye. Many of these fly under the radar of antivirus solutions while targeting employees and stealing sensitive corporate information. This version of Zeus is extremely elusive and is virtually undetectable by antivirus products.
- Recognize that the browser has emerged as the weakest link in the enterprise security infrastructure and is being exploited by malware authors and criminals to infect computers and steal sensitive information.
- Protect employees, contractors, and unmanaged computers with secure browsing services, which can detect, block, and remove browser-borne malware from computers.
- Put in place technology and processes that enable effective, and instant investigation of malware-related fraud incidents.