La Liga has taken substantial flak for tapping into microphones and geolocation services in fans‘ phones in a bid to root out piracy
The post Spain’s top soccer league fined over its app’s ‘tactics’ appeared first on WeLiveSecurity
La Liga has taken substantial flak for tapping into microphones and geolocation services in fans‘ phones in a bid to root out piracy
The post Spain’s top soccer league fined over its app’s ‘tactics’ appeared first on WeLiveSecurity
At Apple’s World Wide Developers Conference last week, the message was all about Privacy. Apple has been more privacy-minded than other tech companies – that’s not news and it’s why I have an iPhone. They’ve introduced some interesting privacy features, such as showing location tracking, which I think is pretty cool. I don’t leave my […]
For years, organizations have recognized the need to pay close attention to and manage the access that their employees have with the help of identity governance and administration solutions. More recently, organizations are also being faced with the reality that they need to apply the same level of governance to non-employees as well. According to a 2018 Opus-sponsored Ponemon study, 59 percent of companies said they have experienced a data breach caused by one of their vendors or third parties. Many of these breaches go undetected. With most organizations agreeing that third-party cybersecurity incidents are on the rise, non-employee access management is more important than ever.
Access by non-employees like contractors, vendors, students, or consultants face additional challenges when it comes to entitlements. How does an organization ensure that a non-employee can get into the systems they need to do their job, while still enforcing enough limitations to avoid becoming a security risk? Read on to learn more about why non-employees present a unique challenge to identity and access management programs, how industries like healthcare handle managing their privileges, and best practices to find the balance between granting permissions and reducing risk.
Non-employees often need to be onboarded quickly, since they may only be temporary members of the organization. Contractors or consultants, for example, need to quickly be able to log on and get to work. Organizations with no identity governance and administration (IGA) solution, or a very limited identity and access management (IAM) program, likely do not have a way to easily limit access or keep track of those with non-employee status. Oftentimes there is no “non-employee” designation in the system, or security teams lack a centralized inventory of users, allowing atypical IDs to slip through the tracks. .
Even businesses with IGA solutions may end up quickly classifying consultants as employees as far as IT is concerned. Since these roles are typically not vetted as thoroughly as a full-fledged employee would be, giving them standard access may open the door to serious security issues. Providing a contractor with full employee access defies the principle of least privilege, since contractors don’t require access to nearly as many systems and applications but will be able to log into them anyway.
Additionally, non-employees may be not be working in your specific infrastructure as often, making them more prone to mistakes, making full access to sensitive information or data particularly risky. Some of the largest breaches have come from stolen non-employee credentials that allowed a hacker to get in through the front door.
Finally, non-employees tend to come and go far more frequently than employees, leaving behind an unused, but still active account. These orphaned accounts are key targets for threat actors looking for a way to get inside a system without setting off any alarms. Since the owner of the account isn’t using it, it may be too late before it’s noticed that it’s being utilized for malicious purposes.
Luckily, there are a few tangible ways to solve the potential challenges related to non-employee access. An organization with a solid IGA program can safeguard their infrastructure by a few important guidelines:
There are many ways to manage non-employees. For example, you could add non-employees to your HR system, segment them appropriately, and manage their contract status. If this is not possible within an organization, the right IGA solution can be configured to be the central repository for non-employee identities and have convenient methods for inputting relevant information about them as well as enforce appropriate controls to manage them more closely.
Whatever approach an organization chooses, the most important part is to regularly ensure these non-employee user accounts are correct and up to date. The work of a contract employee can often vary depending on the project. Without regular check-ins, entitlement creep and orphaned accounts may begin to occur. That is, a contractor simply gains additional access without removing privileges they no longer need, or the account is left active after the contractor has left the organization.
All IGA identity governance and administration programs should begin with the principle of least privilege. That is, no employee or non-employee should have more access than needed to get their job done. This is best achieved through role-based access, which provides permissions based on roles, instead of individual entitlements. Roles can easily be applied to well-managed non-employees as well as employees.
Manual provisioning can be labor intensive and take weeks before a new employee has access to every area they’ll need. This can lead to a frustrating experience for both the employee and non-employee and will cost the organization time and money. However, sloppy onboarding for the sake of speed can lead to security risks. While off boarding does not seem as time sensitive since no one is waiting on access, it is even more important from a security perspective.
Healthcare is a perfect example of an industry that needs to have a comprehensive yet flexible way of managing non-employees. It is highly regulated industry with a significant number of non-employees Potentially challenging use cases include the following:
Many doctors and clinicians that work in hospital systems are not actually employed by the hospitals themselves. They may be employed by a clinic or medical group that has established a partnership allowing them privileges at the hospital.
While they may not be official employees, this group need access to many of the systems within the hospital network. Not having access to scheduling software, communication applications, alerting systems, and of course, electronic health records (EHR) can put lives as risk. It is also important to make certain that the status of a physician’s relationship with the hospital is up to date and that access is removed when it is appropriate.
However, these doctors do not require access to employee portals that provide benefit and payment information or other human resources related applications. Granularity and visibility into the access via roles is important.
Physicians are perfect examples of a non-employee who will require longer term access, but do not require full access. Best practices and role-based access would ensure that regular entitlement reviews would renew this access as needed, verifying compliance without disrupting patient care.
Whether it be as part of a program to interact with and assist patients, or as part of an emergency response plan, hospitals often have a need to allow volunteers to have access to their resources and patient data. Some may be long-term; others may only last a week. Some come in large groups, others volunteer on their own. Regardless, volunteers still require a certain amount of access. It may be very minimal, perhaps to sign in to track hours and verify that they’re in the building.
With volunteers, it is imperative that their access be managed to a level corresponding with the significance of data they require. Most will not have any medical certifications and should not have any access to health records. It is important to consider the definition of roles for volunteers as well as a repository that can be used to understand their precise needs in relationship with the healthcare systems. Removing even minimal access for volunteers is important when it is no longer needed.
Medical students provide a unique middle ground between physicians and volunteers when it comes to access. While they need access to the EHR system, they may not require the privileges that nurses and doctors are entitled to. For example, a medical student may not need to be able to put through an order for a test or send a prescription to a pharmacy.
Administrators face additional challenges because large groups of students typically start on the same day. Since the window in which they will be working at the hospital is so short, it is important for them to have all of their access needs sorted by day one. Similarly, most students have a shared end date, so offboarding must also be well organized and efficient. Automated deprovisioning is ideal in this scenario, so that orphaned accounts don’t linger for longer than necessary. Continuous review is also still necessary in case a student drops out or transfers.
The best way to manage non-employees is with a robust IGA solution that can manage non-employees in addition to standard full-time employee. Core Access Assurance Suite provides the complete context of relationships between users, access rights, resources, user activity, and compliance policies so that you can efficiently provision a user appropriately from the beginning, using roles as necessary.
Automate the process of creating and managing non-employee accounts and identities as well as their associated access rights across the enterprise. Core Access Assurance Suite also ensures immediate disablement of access rights upon termination for increased security and regulatory compliance.
From long-term employees to short term contractors, our IGA solution will streamline access control and manage risk to provide a secure environment for your organization.
Core Access Assurance Suite provides complete identity, access risk, and compliance management, easily identifying, quantifying and managing the risks associated with information access.
Find out how to manage identites for everyone in your organization with the Identity Governance Toolkit.
According to the SANS CTI 2019 survey results, 72% of organizations either consume or produce Threat Intelligence. Although most organizations have Intelligence data, they struggle with defining requirements and managing Cyber Threat Intelligence (CTI) as a program with measurable output. This likely results from threat data and intelligence being perceived as a technical function unrelated to business objectives.
We need to change this perception.
In my opinion, the key business objectives most closely related to threat intelligence are Risk Management and Cyber Resilience. Threat Intelligence can influence the outcomes of both.
Cyber Resilience itself requires risk management and adaptability. The need for businesses to become more resilient is driving the demand for an adaptable security architecture—one that not only effectively leverages threat intelligence to improve Security Operations, especially Incident Response, but also adapts cyber defenses such as endpoint and network controls to prevent the latest threats.
Meanwhile, regulations focused on improving cyber security are driving a continuous risk management approach. For example, in 2016, the European Union released the NIS (Network and Information Systems) Directive, which provides a legal framework to boost the overall level of cybersecurity in critical industries and calls specifically for threat intelligence and incident sharing among organizations and national authorities. With these drivers in mind, we now need to design a managed process with the goal of creating an efficient way to increase the business value of CTI. We can define this process as follows:
The first step in the CTI Management Process is the collection, deduplication and aggregation of the data or feeds. One of the main gaps at the enterprise level is the collection of local produced Threat Intelligence. Local Threat Intelligence includes data generated from analytics solutions like sandboxes and from incidents. Sandboxes usually produce intelligence data in the form of Indicators of Compromise (IOCs). These local sources could expose targeted attacks, and therefore are potentially the most valuable threat data source.
McAfee’s Open Architecture allows for the production, consumption and sharing of threat intelligence in various ways. Here is an example of how our architecture automates aggregation of various CTI sources with an open-source tool, MISP. The MISP platform subscribes to the McAfee Data Exchange Layer messaging fabric to consume IoCs from McAfee’s Advanced Threat Defense sandbox in real time. Additionally, MISP consumes and manages feeds from open or paid sources, providing an entry-level tool to manage the threat intel process.
Here is another example of how our architecture supports the aggregation process, this time by working with a commercial vendor, ThreatQ.
The second step in the CTI management process is investigation and hunting. Here, the biggest task is figuring out how to make Threat Intelligence actionable, which can be done by answering questions like:
Before answering these questions, the right data must be collected from the enterprise sensors. Fundamental information should include IP address connections, file hashes on endpoints, web proxy, DNS and Active Directory logs. These logs provide the necessary data for correlation and historical analysis. The following example demonstrates how the architecture can automate some of the key triage steps.
MISP can push Threat Intelligence into McAfee’s SIEM solution, ESM (Enterprise Security Manager), to automate historical analysis. There, it can query McAfee’s Threat Intelligence Exchange server to identify which systems executed related artifacts, and where and when they did so. Furthermore, MISP can run real-time queries against McAfee-protected endpoints with McAfee Active Response to identify any persistent artifacts that are currently in the enterprise network.
Here is another example working with ThreatQ. This time, ThreatQ interacts with McAfee ESM, Active Response and McAfee TIE to identify systems that have or had artifacts related to Threat Intelligence indicators. These various integrations support manual enrichment task and investigations.
The screenshot below highlights the various McAfee integrations as part of an investigation.
The third step in the CTI Management Process is response. Cyber Threat Intelligence is essential to prevent the latest threats and should be integrated into key cyberdefense countermeasures. The following example demonstrates an automated update process using McAfee’s Open Architecture, with the Data Exchange Layer (DXL) fabric as the key component.
ThreatQ can communicate via the DXL fabric with McAfee technologies. During this process ThreatQ is able to update key cyber defense countermeasure tools with Threat Intelligence to protect against the latest threats.
Another part of this process step is sharing threat intelligence with other parties, such as partners and communities. Most Threat Intelligence Platforms (open source and commercial) support various protocols for external CTI sharing. This includes TLP, STIX, TAXII and DXL. These protocols support the automated exchange and governance of the shared data.
Another part of this process step is sharing threat intelligence with other parties, such as partners and communities. Most Threat Intelligence Platforms (open source and commercial) support various protocols for external CTI sharing. This list includes TLP, STIX, TAXII and DXL, which feature protocols facilitating the automated exchange and governance of the shared data.
Finally, the value of Threat Intelligence can be proven by measuring a variety of outcomes. The following are some of the metrics commonly quantified and reported on:
The creation and implementation of the right process is critical to the success of Cyber Threat Intelligence within the enterprise. In this blog, we defined a CTI management process of Collection, Investigation, Response and Measurement. McAfee’s research, management platform and open architecture enable you to implement this process and get the best value out of Cyber Threat Intelligence, promoting resilience and enabling better risk management.
The post Improving Cyber Resilience with Threat Intelligence appeared first on McAfee Blogs.
With the specter of advanced cybersecurity threats always on the horizon, enterprises are seriously considering harnessing the power of machine learning and automation to fight against these threats. For good reason too – a cybersecurity survey suggested that organizations with an extensive use of automation rated themselves as much more likely to prevent, detect, respond and contain a cyber attack.
These concepts are getting increasingly important in today’s changing era of fast-growing cyber threats but what do they mean exactly? Machine learning basically refers to computers learning from data instead of receiving explicit programming. Through such machine learning algorithms, computers are fed huge datasets and parse through them to recognize patterns or co-relations through extended data analysis.
The importance of machine learning
Machine learning is becoming a common feature in more and more industries and cybersecurity has not lagged behind. An ABI Research report estimated that machine learning in cybersecurity will boost big data, intelligence and analytics spending to $96 billion by 2021. It is quite clear why there is such extended growth – machine learning allows business to offer a better response and bolster their own defense when it comes to the big, bad world of cyber threats. Security companies are rejigging the solutions they offer in tune with this trend. They are moving from signature-based systems to layered solutions where machine learning systems interpret data to better detect malware.
Some of these advantages are:
Making Sense of Data – The amount of data that can be collected for cybersecurity is humongous. While the sheer size and amount of data may be too much for humans alone to analyze, this is where machine learning can step in. By analyzing and processing big amount of data, it may be possible to find patterns or categories of certain behavior which can be used to fight advanced cybersecurity threats.
Using Automation for Better Protection – Different threats can have different attack points for an enterprise and even one threat may attack different touchpoints in different ways. This is where automation can do a much more effective job. By understanding the predicted behavior and touchpoints of a potential attack, automation can create better protection measures across touchpoints suited to exactly the type of predicted attack.
Using A Cluster-based approach for better detection – Quick Heal already uses machine learning to solve various cybersecurity problems using a cluster-based approach, illustrated in this whitepaper. Sample are clustered through machine learning with each cluster having samples similar to each other. These generated clusters are huge and processing them happens through machine learning where they are aggregated, analyzed and automated. The data is then labeled and processed to generate models. After scrutiny on numerous factors including time, size, quality, they are qualified for endpoint deployment.
Machine Learning and automation will be great weapons in the fight against advanced cybersecurity threats but it also need to be backed up with a combination of data science and human expertise.
The post Harnessing Machine Learning and Automation against Advanced Threats appeared first on Seqrite Blog.
Microsoft on Tuesday released updates to fix 88 security vulnerabilities in its Windows operating systems and related software. The most dangerous of these include four flaws for which there is already exploit code available. There’s also a scary bug affecting all versions of Microsoft Office that can be triggered by a malicious link or attachment. And of course Adobe has its customary monthly security update for Flash Player.
Microsoft says it has so far seen no exploitation against any of the four flaws that were disclosed publicly prior to their patching this week — nor against any of the 88 bugs quashed in this month’s release. All four are privilege escalation flaws: CVE-2019-1064 and CVE-2019-1069 affect Windows 10 and later; CVE-2019-1053 and CVE-2019-0973 both affect all currently supported versions of Windows.
Most of the critical vulnerabilities — those that can be exploited by malware or miscreants to infect systems without any action on the part of the user — are present in Microsoft’s browsers Internet Explorer and Edge.
“This is another memory corruption vulnerability that requires an attacker to send a specially crafted Microsoft Word document for a victim to open, alternatively an attacker could convince a victim to click on a link to a website hosting a malicious Microsoft Word document,” Liska wrote. “This vulnerability affects all versions of Microsoft Word on Windows and Mac as well as Office 365. Given that Microsoft Word Documents are a favorite exploitation tool of cybercriminals, if this vulnerability is reverse engineered it could be widely exploited.”
Microsoft also pushed an update to plug a single critical security hole in Adobe’s Flash Player software, which is waning in use but it still is a target for malware purveyors. Google Chrome auto-updates Flash but also is now making users explicitly enable Flash every time they want to use it. By the summer of 2019 Google will make Chrome users go into their settings to enable it every time they want to run it.
Firefox also forces users with the Flash add-on installed to click in order to play Flash content; instructions for disabling or removing Flash from Firefox are here. Adobe will stop supporting Flash at the end of 2020.
Note that Windows 10 likes to install patches all in one go and reboot your computer on its own schedule. Microsoft doesn’t make it easy for Windows 10 users to change this setting, but it is possible. For all other Windows OS users, if you’d rather be alerted to new updates when they’re available so you can choose when to install them, there’s a setting for that in Windows Update. To get there, click the Windows key on your keyboard and type “windows update” into the box that pops up.
Staying up-to-date on Windows patches is good. Updating only after you’ve backed up your important data and files is even better. A good backup means you’re not pulling your hair out if the odd buggy patch causes problems booting the system. So do yourself a favor and backup your files before installing any patches.
As always, if you experience any problems installing any of the patches this month, please feel free to leave a comment about it below; there’s a good chance other readers have experienced the same and may even chime in here with some helpful tips.
With summertime just around the corner, families are eagerly looking to book their next getaway. Since vacation is so top-of-mind during the summer months, users are bound to come across websites offering cheap deals on flights, accommodations, and other experiences and activities. With so many websites claiming to offer these “can’t-miss deals,” how do you know who to trust?
It turns out that this is a common concern among folks looking for a little summer getaway. According to our recent survey of 8,000 people across the UK, US, Canada, Australia, France, Germany, Spain, and Singapore, 54% of respondents worry about their identity being stolen while booking and purchasing travel and accommodation online. However, 27% don’t check the authenticity of a website before booking their vacation online. Over half of these respondents say that it doesn’t cross their minds to do so.
These so-called “great deals” can be difficult to pass up. Unfortunately, 30% of respondents have been defrauded thanks to holiday travel deals that were just too good to be true. What’s more, 46.3% of these victims didn’t realize they had been ripped off until they arrived at their holiday rental to find that the booking wasn’t actually valid.
In addition to avoiding bogus bookings, users should also refrain from risky online behavior while enjoying their summer holidays. According to our survey, 44.5% of respondents are putting themselves at risk while traveling by not checking the security of their internet connection or willingly connecting to an unsecured network. 61% also stated that they never use a VPN, while 22% don’t know what a VPN is.
Unfortunately, travel-related attacks aren’t limited to just travelers either; hotels are popular targets for cybercriminals. According to analysis conducted by the McAfee Advanced Threat Research team, the most popular attack vectors are POS malware and account hijacking. Due to these attacks, eager vacationers have had their customer payment, credit card data, and personally identifiable information stolen. In order for users to enjoy a worry-free vacation this summer, it’s important that they are aware of the potential cyberthreats involved when booking their trips online and what they can do to prevent them.
We here at McAfee are working to help inform users of the risks they face when booking through unsecured or unreliable websites as well as when they’re enjoying some summertime R&R. Check out the following tips so you can enjoy your vacation without questioning the status of your cybersecurity:
The post Bargain or Bogus Booking? Learn How to Securely Plan Summer Travel appeared first on McAfee Blogs.