The National Institute of Standards and Technology has published a self-assessment tool designed to help organizations gauge the impact and effectiveness of their cybersecurity risk management initiatives. The NIST Framework for Improving Critical Infrastructure Cybersecurity (the “Framework”) enables organizations to apply the principles and best practices of risk management to improving the security and resilience of critical infrastructure. The Framework is not intended to be a one-size-fits-all solution to cybersecuirity. Rather, the Framework will help an organization align its cybersecurity activities with its business requirements, risk tolerances, and resources.
Pearl Echo helps organizations satisfy portions of the Protect, Detect and Respond “Functions” of the Framework by focusing on the following Framework “Categories”: More...
Video conferencing, once the purview of the Fortune 500, has become ubiquitous thanks to the popularity of Skype and Facetime. But with most things Internet, there are frequently unintended consequences. Welcome the latest scam: The Romance Extortion.
In this scam, the target is lured into participating in cyber-sex using a webcam. The scammer records the video session and uses it to blackmail the target. Who would fall for that? Welcome Nebraska State Senator Bill Kintner.
Sen. Kintner began messaging with a woman who contacted him via his Facebook page. Their interaction grew over time from casual, to explicit, to the point where the woman convinced the married senator to contact her on Skype. While on travel, the senator used his state-issued laptop to engage in video cyber-sex. The woman soon after threatened to release the captured video unless the senator acquiesced to her extortion demands. Realizing he blew it, the senator decided to come clean and report his activity to state officials. Public officials in Nebraska who misuse state property can be charged with a misdemeanor. Sen. Kintner, perhaps due to his position, got off easy by paying a $1000 fine. More...
An FACC employee wired 50 million euros after receiving emailed instructions from someone posing as FACC’s CEO. This forced the company to report a financial loss to investors which would have otherwise shown net positive earnings. FACC, whose customers include Airbus (EPA: AIR), Boeing (NYSE: BA) and Dassault (AM:EN), fired its CEO after he "severely violated his duties". The company’s CFO was also terminated.
The scam is known as the “Fake President” fraud. By using a fake email address that resembles that of the President’s, the scammer convinces an employee, usually working in the finance department, to make an bank wire transfer to a third party on the grounds of a debt to pay, a provision in contract or a purchase deposit. The order is given with authority and urgency. The scammer has usually done enough research on the target company to give them the necessary arguments to convince the victim to act in accordance with the request. More...
Pearl Echo 12 Monitors and Controls Encrypted Communications
Philadelphia, PA – June 15, 2016 - Pearl Software released Echo Crypto.View™ as part of its latest line of Internet monitoring and web filtering products. Echo Crypto.View provides administrators with full insight into encrypted communications including secure web (HTTPS) as well as secure email (SSL). Pearl’s real-time and remote endpoint security suite includes the ability to safely monitor and control communications that have been protected with encryption without the use of complicated proxy servers or Internet traffic redirection. More...
Extensive Pearl Echo Block and Allow lists are typically not necessary when using Echo.Filters, our URL categorization database. Despite the size of your control lists, it’s advisable to properly format and maintain control lists to ensure peak efficiency at your managed endpoints.
The following brief video discusses managing your lists including proper use of wild cards: Managing Control Lists
Ref: All Tutorials
Pearl Echo is not a proxy server. Internet traffic will flow via the path that it normally does when Pearl Echo is not installed. The Pearl Echo workstation agent resident on an endpoint will only “echo” back data necessary for reporting; it also periodically gathers Internet access rules set for the user at the Pearl Echo server.
As an example of overhead, CNN.com will deliver over 10.5MB in content and images from their web page. Pearl Echo will log 9800 bytes to the Pearl Echo server. That’s less than 0.09% overhead! This is described pictorially in this video.
Those Famous Dirty Words
By pressing the "F3" key, Pearl Echo automatically searches the active log based on George Carlin's "Seven Dirty Words". For more information on this topic see http://www.pearlsoftware.com/help/carlin.htm.
You can right-click on any entry in a Pearl Echo Log Window to link to and view a site, restore data like email content and chat, update a control list or decode email attachments.
For Web sites you can also view the Echo.Filters category to which the web site belongs.
Auto-Refresh the Activity Log
To automatically update the Pearl Echo Activity Log, select "Auto-Refresh" from the File menu. While in Auto-Refresh mode other Pearl Echo console features are unavailable. Press Alt+F5 to escape Auto-Refresh mode.
Internet Acceptable Use Policy
You can inform users of your Acceptable Use Policy by summarizing it in the Warning message box in the Options menu. Your message can be a maximum of 256 characters.
You can also set you user's browser to redirect to an web page that hosts your AUP.