Author Archives: Japonica Jackson

Why Kubernetes is helping to make Cloud mainstream

By Ronald Sens, EMEA Director, A10 Networks

There has been a lot of talk in the first half of 2018 around how cloud is being adopted for mission critical applications and becoming mainstream. Right now, the impact of cloud services, cloud technologies and practices for organisations is rapidly accelerating as we enter the next wave of cloud adoption.  To this point, analysts at Forrester predict that the public cloud market will grow by 22 percent in 2018, to $178 billion. This momentum is being driven by companies that recognise the potential benefits of a cloud-based infrastructure i.e. lower operational costs, increased speed of deployment and greater business flexibility.

Today, many companies have moved well beyond the experimental stage and view the cloud as a critical component of their IT strategy, whether they are transitioning their on-premise infrastructure and applications to the cloud or adding cloud-based services as part of a hybrid approach. This transition is being made even easier thanks to the implementation of Kubernetes. Kubernetes can allow layering and application scaling within containers in the cloud. It works in tandem with the infrastructure provided by the cloud to allow for a more portable, more productive, environment.

At the same time, the services, tools and the organisational best practices for cloud continue to evolve to support the needs of large-scale enterprises. With these trends in mind, here are a few thoughts on cloud becoming mainstream and the growing role of Kubernetes in delivering powerful improvements to your infrastructure.

Driving agility in the business

The prime motivator behind the move to cloud for every business is how it improves operational efficiency. The cloud offers many benefits to businesses, like easy and near-instantaneous provisioning of compute, storage, networking resources, elastic scaling of resources and a business model of pay as you go.  All these benefits delivered by the cloud go towards driving agility in the business by improving the flexibility of employees and assisting in future expansion.

Containers further allow portability of applications across environments, easy separation of functionality into smaller microservices for more agile development and allow development teams to move fast, deploy software efficiently, and operate at an unprecedented scale. It is the next step in enterprise hybrid cloud deployment. 

Kubernetes dominates container orchestration

The fight for container orchestration dominance has been one of the cloud’s main events for the past two years. The three-way battle between Docker Swarm, Kubernetes and Mesos has been fierce. However, now Kubernetes is viewed as the clear winner.  Its rich set of contributors, rapid development of capabilities and support across many disparate platforms make it the victor.

Nevertheless, putting this into perspective, the overall number of companies using these technologies in earnest is still relatively low.  A recent report from Cloud Foundry shows that only 25% are currently using containers. But on the other hand, another research report, from Portworx, found that 69% of companies are ‘making the investment in containers’ so the key point here is that enterprise organisations are starting to take note and there are signs that the market for Kubernetes is growing very rapidly.

Kubernetes and the cloud in unison

Kubernetes is unique in that there is no single company behind it.  It is a fully open source community-driven initiative, and this has been a large factor in its adoption to date. As an open-source service it has a lot of flexibility in how it is used: what software Kubernetes works with; whether the infrastructure is private or shared; and which provider it can work with, whether Google or AWS. Kubernetes is especially useful with hybrid or multi-cloud deployments, which are emerging as the most frequently used cloud model for businesses in 2018. However this can make containers very difficult to manage when there are so many of them across multiple clouds and infrastructures for a single business.

This is where Kubernetes is a benefit as it manages containers and automates the deployment process for them. Automation saves lots of money for businesses as it improves efficiency and allows IT teams to focus on other areas of the business. This is especially true when good container management means that software deployment through Kubernetes is almost always painless. It could also potentially reduce hardware costs by making more effective use of current hardware. All of this combined pushes Kubernetes into more mainstream deployments with continued growth in large production workloads.

Providing load balancing for Kubernetes in the cloud

With more application workloads moving to containers, Kubernetes is clearly becoming the de-facto standard. That said, Kubernetes does not provide application load balancing. It is the customer’s responsibility to build this service. In theory open source application load balancers and traditional application delivery controllers (ADC) will work in Kubernetes. Unfortunately, in practice they fail to handle the dynamic environment of containers.

So, what are the requirements for load balancing on Kubernetes?

Organisations considering applications in Kubernetes with continuous availability need to consider the following:

  1. Scalable application load balancer that is built for containers and stateless with SSL termination
  2. Centralised management for application load balancer
  3. Application security
  4. Application traffic visibility and analytics
  5. Automation for monitoring container lifecycle events and keeping the application load balancer configuration in synchronisation with the environment

Here at A10 Networks our Kubernetes solution includes the Lightning ADC solution offers enterprise-grade application load balancing, the Harmony Controller  providing application and service analytics and centralized management and the  Ingress Controller for application load balancing in Kubernetes which provides tight integration with Kubernetes. This means that IT staff can focus on the application’s business value rather than being occupied with operations of application delivery.

In the cloud world, everything is moving very rapidly, and certainly many organisations are now adopting Kubernetes.  I personally believe that this adoption means that it will be mainstream in the next 12 months as organisations look to find innovative ways to consume cloud.

The post Why Kubernetes is helping to make Cloud mainstream appeared first on IT SECURITY GURU.

Emergence of Global Legislation Against ‘Fake News’ May Present Regulatory Risks

In response to fake news becoming an increasingly pervasive issue affecting the global political climate, many countries have implemented, or are in the process of implementing, legislation to combat the online spread of false information. While it’s difficult to reach uniform conclusions about these different legislative acts, organisations with an online presence in countries with anti-fake news laws may be subjected to increased government scrutiny, as well as potential fines or sanctions.

The following countries have passed legislation to combat the spread of fake news:

Qatar

As the first country to pass legislation criminalising the spread of fake news, Qatar’s 2014 cybercrime law provoked a great deal of controversy due to its broad language, which leaves ample room for interpretation. Under this law, it is illegal to spread false news that jeopardises the safety of the state, its general order, and its local or international peace. Offenders found guilty of circulating false information may face prison sentences and/or hefty fines. The law also places harsh sanctions on those found guilty of libel or slander.

The lack of clear criteria for fake news under Qatari law, as well as the prohibition of news that violates “any social values or principles,” presents considerable risks for individuals and businesses in Qatar. For example, in November 2015 a woman was found guilty of violating Qatari cybercrime law because she used insulting language in private messages to her landlord. In the absence of a clear standard for what constitutes such language, this law could similarly be used against firms doing business in Qatar if any of their employees happen to use insulting language over digital channels.

These laws have also been used against media organisations. In 2016, an assistant editor of a Doha newspaper was reportedly questioned by police and spent a night in jail after an individual convicted of child molestation demanded that the newspaper redact a story describing the crimes he had been accused of, on the grounds that such a story damaged his reputation. Although the assistant editor’s case was eventually dismissed, the arrest still illustrates the law’s ability to impact the operations of media outlets.

Malaysia

On April 2, the lower house of Malaysia’s parliament passed the controversial Anti-Fake News Act, a bill calling for fines of up to RM500,000 ($123,100 USD) or up to six years in prison for individuals found guilty of spreading “news, information, data and reports which is or are wholly or partly false.” The first person prosecuted under the law was a Danish citizen, who was fined RM10,000 ($2,460 USD) after accusing Malaysian police of responding slowly to the April 21 shooting of a Palestinian lecturer.

Since the legislation was passed shortly before Malaysia’s May elections following a corruption scandal involving then-incumbent prime minister Najib Razak, many a commentator framed the law as an attempt to shield Najib from negative publicity. Najib ultimately lost the election, and the Anti-Fake News Act was repealed on Aug. 16.

The passing and subsequent repeal of Malaysia’s short-lived Anti-Fake News Act demonstrates the potential for political volatility to affect the regulatory business climate. According to Reuters, the law applied to digital publications and social media, including offenders outside of Malaysia, if Malaysia or a Malaysian citizen were affected. As such, if it had achieved longevity, the law could have had serious implications for any international news outlet or social media platform with users in Malaysia.

Kenya

On May 16, Kenyan president Uhuru Kenyatta signed the Computer Misuse and Cybercrimes Act, intended to combat illegal online activity, including the spread of fake news. The law was criticised for the broad, ambiguous language used to define fake news, which leaves enough room for interpretation for the Kenyan government to prosecute dissenting journalism or online speech. Although Kenyatta has already signed the bill into law, it remains to be seen how the law will be implemented and whether it will stand up to legal challenges.

France

After heated debates, the French parliament passed a bill to combat fake news during the three months leading up to elections on July 3. The law requires social media platforms to allow users to flag stories they believe are false, notify authorities, and publicly disclose actions taken to address fake news. In addition, political candidates would be able to call upon a judge to rule on whether to take down a news story within 48 hours.

The law has been widely criticised for threatening free speech, causing confusion, and it’s unrealistic, 48-hour lead time for judges to verify contested news stories. Moreover, since the law concerns the spread of fake news rather than its production, it will affect a variety of social media websites and other digital platforms with users in France.

Egypt

On July 16, Egyptian parliament passed legislation that classifies social media users with more than 5,000 followers as media outlets, making them subject to prosecution if found guilty of spreading fake news or inciting readers to break the law. The bill fails to establish clear standards by which the veracity of reports could be judged, leading human-rights activists to express concern that the law was simply instated as a legal justification for ongoing efforts to suppress free speech.

The Egyptian bill has not yet been signed into law by President Abdel Fattah el-Sisi, but there are no indications that he opposes the measure, and he recently ratified other legislation tightening government control of online activity.

Russia

On July 22, the Russian parliament conducted its first of three votes on a bill that would hold social networks accountable for users’ circulation of false information on their platform. According to the legislation, websites with more than 100,000 visitors per day and a commenting function could be fined 50 million RUB ($800,000 USD) for not removing inaccurate content within 24 hours of its appearance. The law will also require social media companies operating in Russia to establish offices there, which could subject social media giants to increased surveillance from the Russian government.

Flashpoint analysts believe the bill is likely to pass without any serious hurdles, as Russian parliament has demonstrated a willingness to adopt laws governing social media content in the past.

Assessment

Laws intended to combat fake news introduce a variety of regulatory risk for businesses, especially in countries that adopt legislation broadly worded enough to hold online platforms accountable, not only for the content they publish, but also for the content shared or created by users. As such, companies operating media platforms or social networks with international user bases should monitor the global regulatory landscape for legislation that may present liabilities and adjust their operations accordingly.

The post Emergence of Global Legislation Against ‘Fake News’ May Present Regulatory Risks appeared first on IT SECURITY GURU.

Kroll Earns Global CREST Accreditation for Penetration Testing Services

Kroll, a division of Duff & Phelps, a global leader in risk mitigation, investigations, compliance, cyber resilience, security and incident response solutions, announces that CREST has accredited Kroll as a global CREST Penetration Testing service provider. This accreditation affirms Kroll’s expertise and authority to conduct penetration testing for clients around the world and helps provide assurance to organisations regarding the strength of their cyber resilience.

 

CREST was set up in 2006 in response to the need for more regulated professional services in the technical security sector. The non-profit organisation is now recognised globally as the preeminent accreditation and certification body for providers of penetration testing, cyber incident response, threat intelligence and security operations centre (“SOC”) services. CREST accreditation is a mandatory requirement for CBEST engagements commissioned under the framework of the Bank of England.

 

“Earning this elite accreditation exemplifies how Kroll is continuously enhancing the depth and breadth of our Cyber Risk offerings to help clients around the world achieve greater security and resiliency,” said Jason Smolanoff, Senior Managing Director and Global Cyber Risk Practice Leader for Kroll. “We are proud to be part of an influential community of organisations and professionals who are shaping cyber security best practices for a dynamically changing future.”

 

“Ultimately, it’s the knowledge, skills and relevant insight that the professional tester brings to the client’s environment that determines the value of penetration testing to an organisation,” said Andrew Beckett, Managing Director and EMEA Leader for Kroll’s Cyber Risk Practice. “Kroll works on hundreds of cases a year, including some of the most complex and highest profile matters in the world. This CREST accreditation underscores how our wide-ranging experience on the cyber security front lines, rigorous methodologies and threat intelligence-based technology all combine to deliver meaningful cyber risk assessments and, if necessary, pragmatic remedial solutions.”

 

“CREST is delighted to welcome Kroll as a member company,” said Ian Glover, president of CREST. “To become a CREST member, Kroll has been through a demanding assessment process that examined test methodologies, legal and regulatory requirements, data protection standards, logging and auditing, internal and external communications with stakeholders, as well as how test data security is maintained.  Awarding Kroll membership for its penetration testing services means that we are formally recognising that the company consistently delivers the highest professional security services standards to its customers.”

 

Associate Managing Director William Rimington, based in London, leads the global CREST program for Kroll. Rimington, a prominent authority in the area of penetration testing, has over 20 years of experience in technology architecture and testing, risk and cyber security. Prior to joining Kroll, Rimington led the Global Centre of Excellence for Ethical Hacking at a Big Four firm and was instrumental in the firm’s becoming a global member of CREST as well as a UK-approved provider of services for CBEST.

The post Kroll Earns Global CREST Accreditation for Penetration Testing Services appeared first on IT SECURITY GURU.

Weaving the security thread into the business conversation

It used to be difficult to discuss security within an organisation, terms like Phishing needed explanation, Denial of Service was when the local garage couldn’t change the oil in your car, and forget about Botnets. However over the years, and at an accelerated pace it has become easier for us security professionals to communicate types of risks and vulnerabilities – why? Because they are now part of our everyday lives, and when they become normal they don’t require explaining, they are familiar.

 

We all consume services that often today carry the same fundamental weaknesses as they did ten years ago. Can an attacker steal your password today? Yes. Can an adversary take down your preferred social channel? More than likely.

 

Agreed that improvements have been made, security has been bolstered to attempt to make successful attacks that much more difficult, but let’s not forget the opposition, those hackers, hacktivists, state sponsored military led attackers have also matured in leaps and bounds. The progression on both sides almost equal each other out. Good against bad, right against wrong, it’s a stalemate position right now and there doesn’t seem to be an end in sight.

 

“So Nick, what are the options, what do you suggest?”. One thing is for sure, we cannot stop, we must collectively continue to invest in all areas of security, to improve on what we have today and protect against what we sense may be the attacks of tomorrow; to do anything else would be almost negligent. But what we really need is a change to break this cycle. The hamster wheel will always spin when there is a hamster running on it.

 

Can we rely on technology when technologies can always be broken, after all if a human put it together, a human can pull it apart. As an example, there are a lot of companies in the security world hedging their bets on Blockchain as a silver bullet to some of our security problems, with practical uses being debated in R&D labs. Fighting technology with technology – is that what we are doing?

 

However, I do believe that we are closer to solving some of the problems we face such as Phishing. Changes to how we manage ‘identity’ and ‘access’, getting rid of passwords where possible, that ball is already rolling and gathering speed. But that’s just one example and there are many others where the ball isn’t rolling, it’s as good as stuck.

 

Once again it all comes back to people, to be vigilant, to understand the risks, to remain informed, to be responsible, to identify when something isn’t quite right. And until there is a breakthrough in the fundamental way we technically protect, such as a re-engineering or security overlay to the Internet, new attacks will be born and gifted a name, which at first will require explanation until they are simply weaved into the fabric of our everyday lives.

The post Weaving the security thread into the business conversation appeared first on IT SECURITY GURU.

The 3 Most Powerful Types of Threat Information Sharing – and How to Stay Compliant

By: Paul Kraus, CEO, Eastwind Networks

When it comes to IT security, the unknowns impose the greatest threat. Luckily, many types of threats are very much on the cybersecurity radar. Institutions and organizations who pay attention and take advantage of available threat information sharing are more likely to succeed in keeping their networks secure from hackers and attacks. Unfortunately, threat sharing isn’t a prevalent common practice and much available information isn’t the most complete or accurate. To discover potential threats, IT security teams need to dig deeper.

Threat information sharing – the sharing of threat intelligence – is an increasingly important method to thwarting hacker’s attack plans. But for many, compliance issues can seem like roadblocks to effective collaboration both pre- and post-intrusion. Openly communicating with others in information-sensitive industries presents legal obstacles, but navigating this landscape is increasingly worth the effort as the complex threat environment escalates.

The Power of Shared Information

Getting hacked can feel like failure and sharing that information is a vulnerability not high on anyone’s to-do list. But as the black hats are increasingly out there sharing information about hacks, vulnerabilities and zero-day threats, it only makes sense that the people on the other side of the equation need to share as well. Unfortunately, mountains of paperwork and notifying customers of a breach turns most financial institutions off from being open about any information security events. Then there are the PR troubles and lawyer fees for the potential lawsuits on top.

While the negatives of sharing information regarding a breach seems overwhelming, many industries do itself no favors by holding to the old habit of silence. After network security and breach detection is in place, the best way to counter hackers is learn from each other’s experience. In the world of IT security, shared beats scared every time. Here are three ways to engage with threat information sharing that will pay off for security and compliance.

Closed Communities

Many chatrooms and other discussion boards can provide advice and feedback for security issues, but for those who have been breached a deeper layer of support is now available. A number of closed communities have developed for mutual support in dealing with the fallout of being hacked. Tightly controlled and monitored because of the legal repercussions of sharing such delicate information, these could be likened to 12-step support groups for hacking victims. Examples include the Financial Services Information Sharing and Analysis Center (FS-ISAC) and the National Cyber-Forensics and Training Alliance (NCFTA). Corporate counsel has the final say in what is disclosed, but these groups can offer helpful advice and strategies for moving through the disclosure and compliance process.

The Threat Information Market

Every intrusion leaves a trace. Indicators of compromise (IoC) like IP addresses linked to viruses, domain names associated with botnets and other out of the ordinary network activity are precursors to an attack. While every network should have active breach detection in place, buying threat intel helps identify network traffic that falls outside the normal range.

A lot of free information can be gleaned from the Internet, but the companies that monitor threats and compile salable intel are often a step ahead of any unpaid source. File and IP reputation services are great resources as well as an updated list of threats maintained by the FBI.

The Power of Shared Experience

Many companies are finding that sharing experiences is a powerful tool against hackers. Whether a company has been breached or not, it can be helpful engaging with others doing the same job. Reading about threats is important, but hearing someone’s first hand account of how they first noticed symptoms and then investigated only to find someone lurking in their system brings home the risks and solutions more powerfully than anything else.

Like the closed communities above, these resources can present challenges from a legal aspect, but the benefits often outweigh the risks. Many companies find it worthwhile to navigate the hassle, liability and compliance issues to successfully build community and, in the end, create smarter defenses. If hindsight is 20/20, victims of hacks need only ask themselves how much they would have given to have been warned ahead of time about the risk that turned into their reality.

The Information Age

People generally think of the information age being all about data. For those who manage public and private networks, it also needs to be about breaking down silos and sharing information through effective relationships and community. Whether through closed, subscription-based groups or a wider threat intel sharing channel, IT security personnel need more contact than a yearly conference can provide. The integrity of their network may depend on it. After the initial damage of a breach is addressed, the power to mobilize stronger cybersecurity defenses lies in the ability to share threat information.

The post The 3 Most Powerful Types of Threat Information Sharing – and How to Stay Compliant appeared first on IT SECURITY GURU.

Exploit vendor Zerodium releases zero-day for old version of Tor

Exploit vendor Zerodium, which made headlines in September last year by offering a million-dollar bounty for any zero-day exploits in the Tor browser running on Tails Linux or Windows, has itself released a zero-day exploit for the browser.

View full story

ORIGINAL SOURCE: IT Wire

The post Exploit vendor Zerodium releases zero-day for old version of Tor appeared first on IT SECURITY GURU.

‘Web hackers held my data hostage,’ says Wiltshire police commissioner

The revelation came as Wiltshire Police plans to this week shine a light on its digital investigations team. Angus Macpherson, who has acted as police and crime commissioner for Swindon and Wiltshire since 2012, said: “I was actually subject to a ransomware attack on my personal computer two years ago. The criminals demanded money and effectively held some of my personal data and photographs hostage.”

View full story

ORIGINAL SOURCE: Swindon Advertiser

The post ‘Web hackers held my data hostage,’ says Wiltshire police commissioner appeared first on IT SECURITY GURU.

A group of researchers showed how a Tesla Model S can be hacked and stolen in seconds using only $600 worth of equipment

A savvy car thief could drive off with a Tesla Model S by using just a few, relatively inexpensive pieces of computing hardware and some radios — at least, the thief could have until recently, when Tesla fixed an overlooked vulnerability in its cars’ security systems.

View full story

ORIGINAL SOURCE: Business Insider

The post A group of researchers showed how a Tesla Model S can be hacked and stolen in seconds using only $600 worth of equipment appeared first on IT SECURITY GURU.

LuckyMouse Group is back and using a legitimate certificate to sign Malware

The Kaspersky Lab Global Research and Analysis Team (GReAT) has discovered several infections from a previously unknown Trojan, which is most likely related to the infamous Chinese-speaking threat actor – LuckyMouse. The most peculiar trait of this malware is its hand-picked driver, signed with a legitimate digital certificate, which has been issued by a company developing information security-related software.

View full story

ORIGINAL SOURCE: Engineering News

The post LuckyMouse Group is back and using a legitimate certificate to sign Malware appeared first on IT SECURITY GURU.