Daily Archives: October 20, 2020

Making a Difference: Accor

 

The PCI Security Standards Council (PCI SSC) recently announced the nomination period for the next PCI SSC Board of Advisors. The Board of Advisors represents PCI SSC Participating Organizations worldwide to ensure global industry involvement in the development of PCI Security Standards. As strategic partners, they bring industry, geographical and technical insight to PCI Council plans and projects. In this post, we talk with 2018 - 2020 PCI SSC Board of Advisor Member Marie-Christine Vittet, Vice President Compliance, at Accor about the role of the PCI SSC Board of Advisors in shaping payment security globally.

Data-Centric Security for the Cloud, Zero Trust or Advanced Adaptive Trust?

Over the last few months, Zero Trust Architecture (ZTA) conversations have been top-of-mind across the DoD. We have been hearing the chatter during industry events all while sharing conflicting interpretations and using various definitions. In a sense, there is an uncertainty around how the security model can and should work. From the chatter, one thing is clear – we need more time. Time to settle in on just how quickly mission owners can classify a comprehensive and all-inclusive, acceptable definition of Zero Trust Architecture.

Today, most entities utilize a multi-phased security approach. Most commonly, the foundation (or first step) in the approach is to implement secure access to confidential resources. Coupled with the shift to remote and distance work, the question arises, “are my resources and data safe, and are they safe in the cloud?”

Thankfully, the DoD is in the process of developing a long-term strategy for ZTA. Industry partners, like McAfee, have been briefed along the way. It has been refreshing to see the DoD take the initial steps to clearly define what ZTA is, what security objectives it must meet, and the best approach for implementation in the real-world. A recent DoD briefing states “ZTA is a data-centric security model that eliminates the idea of trusted or untrusted networks, devices, personas, or processes and shifts to a multi-attribute based confidence levels that enable authentication and authorization policies under the concept of least privilege access”.

What stands out to me is the data-centric approach to ZTA. Let us explore this concept a bit further. Conditional access to resources (such as network and data) is a well-recognized challenge. In fact, there are several approaches to solving it, whether the end goal is to limit access or simply segment access. The tougher question we need to ask (and ultimately answer) is how to do we limit contextual access to cloud assets? What data security models should we consider when our traditional security tools and methods do not provide adequate monitoring? And is securing data, or at least watching user behavior, enough when the data stays within multiple cloud infrastructures or transfers from one cloud environment to another?

Increased usage of collaboration tools like Microsoft 365 and Teams, SLACK and WebEx are easily relatable examples of data moving from one cloud environment to another. The challenge with this type of data exchange is that the data flows stay within the cloud using an East-West traffic model. Similarly, would you know if sensitive information created directly in Office 365 is uploaded to a different cloud service? Collaboration tools by design encourage sharing data in real-time between trusted internal users and more recently with telework, even external or guest users. Take for example a supply chain partner collaborating with an end user. Trust and conditional access potentially create a risk to both parties, inside and outside of their respective organizational boundaries. A data breach whether intentional or not can easily occur because of the pre-established trust and access. There are few to no limited default protection capabilities preventing this situation from occurring without intentional design. Data loss protection, activity monitoring and rights management all come into question. Clearly new data governance models, tools and policy enforcement capabilities for this simple collaboration example are required to meet the full objectives of ZTA.

So, as the communities of interest continue to refine the definitions of Zero Trust Architecture based upon deployment, usage, and experience, I believe we will find ourselves shifting from a Zero Trust model to an Advanced Adaptive Trust model. Our experience with multi-attribute-based confidence levels will evolve and so will our thinking around trust and data-centric security models in the cloud.

 

 

The post Data-Centric Security for the Cloud, Zero Trust or Advanced Adaptive Trust? appeared first on McAfee Blogs.

CISO Spotlight: How diversity of data (and people) defeats today’s cyber threats

This year, we have seen five significant security paradigm shifts in our industry. This includes the acknowledgment that the greater the diversity of our data sets, the better the AI and machine learning outcomes. This diversity gives us an advantage over our cyber adversaries and improves our threat intelligence. It allows us to respond swiftly and effectively, addressing one of the most difficult challenges for any security team. For Microsoft, our threat protection is built on an unparalleled cloud ecosystem that powers scalability, pattern recognition, and signal processing to detect threats at speed, while correlating these signals accurately to understand how the threat entered your environment, what it affected, and how it currently impacts your organization. The AI capabilities built into Microsoft Security solutions are trained on 8 trillion daily threat signals from a wide variety of products, services, and feeds from around the globe. Because the data is diverse, AI and machine learning algorithms can detect threats in milliseconds.

All security teams need insights based on diverse data sets to gain real-time protection for the breadth of their digital estates. Greater diversity fuels better AI and machine learning outcomes, improving threat intelligence and enabling faster, more accurate responses. In the same way, a diverse and inclusive cybersecurity team also drives innovation and diffuses group think.

Jason Zander, Executive Vice President, Microsoft Azure, knows firsthand the advantages organizations experience when embracing cloud-based protections that look for insights based on diverse data sets. Below, he shares how they offer real-time protection for the breadth of their digital estates:

How does diverse data make us safer?

The secret ingredient lies in the cloud itself. The sheer processing power of so many data points allows us to track more than 8 trillion daily signals from a diverse collection of products, services, and the billions of endpoints that touch the Microsoft cloud every month. Microsoft analyzes hundreds of billions of identity authentications and emails looking for fraud, phishing attacks, and other threats. Why am I mentioning all these numbers? It’s to demonstrate how our security operations take petabytes’ worth of data to assess the worldwide threat, then act quickly. We use that data in a loop—get the signals in, analyze them, and create even better defenses. At the same time, we do forensics to see where we can raise the bar.

Microsoft also monitors the dark web and scans 6 trillion IoT messages every day, and we leverage that data as part of our security posture. AI, machine learning, and automation all empower your team by reducing the noise of constant alerts, so your people can focus on meeting the truly challenging threats.

Staying ahead of the latest threats

As the pandemic swept the globe, we were able to identify new COVID-19 themed threats—often in a fraction of a second—before they breached customers’ networks. Microsoft cyber defenders determined that adversaries added new pandemic-themed lures to existing and familiar malware. Cybercriminals are always changing their tactics to take advantage of recent events. Insights based on diverse data sets empower robust real-time protection as our adversaries’ tactics shift.

Microsoft also has the Cyber Defense Operations Center (CDOC) running 24/7. We employ over 3,500 full-time security employees and spend about $1 billion in operational expenses (OPEX) every year. In this case, OPEX includes all the people, equipment, algorithms, development, and everything else needed to secure the digital estate. Monitoring those 8 trillion signals is a core part of that system protecting our end users.

Tried and proven technology

If you’re part of the Microsoft ecosystem—Windows, Teams, Microsoft 365, or even Xbox Live—then you’re already benefitting from this technology. Azure Sentinel is built on the same cybersecurity technology we use in-house. As a cloud-native security information and event management (SIEM) solution, Azure Sentinel uses scalable machine learning algorithms to provide a birds-eye view across your entire enterprise, alleviating the stress that comes from sophisticated attacks, frequent alerts, and long resolution time frames. Our research has shown that customers who use Azure Sentinel achieved a 90 percent reduction in alert fatigue.

Just as it does for us, Azure Sentinel can work continuously for your enterprise to:

  • Collect data across all users, devices, applications, and infrastructure—both on-premises and in multiple clouds.
  • Detect previously undetected threats (while minimizing false positives) using analytics and threat intelligence.
  • Investigate threats and hunt down suspicious activities at scale using powerful AI that draws upon years of cybersecurity work at Microsoft.
  • Respond to incidents rapidly with built-in orchestration and automation of common tasks.

Diversity equals better protection

As Jason explained, Microsoft is employing AI, machine learning, and quantum computing to shape our responses to cyber threats. We know we must incorporate a holistic approach that includes people at its core because technology alone will not be enough. If we don’t, cybercriminals will exploit group preconceptions and biases. According to research, gender-diverse teams make better business decisions 73 percent of the time. Additionally, teams that are diverse in age and geographic location make better decisions 87 percent of the time. Just as diverse data makes for better cybersecurity, the same holds true for the people in your organization, allowing fresh ideas to flourish. Investing in diverse teams isn’t just the right thing to do—it helps future proof against bias while protecting your organization and customers.

Watch for upcoming posts on how your organization can benefit from integrated, seamless security, and be sure to follow @Ann Johnson and @Jason Zander on Twitter for cybersecurity insights.

To learn more about Microsoft Security solutions visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

The post CISO Spotlight: How diversity of data (and people) defeats today’s cyber threats appeared first on Microsoft Security.