Category Archives: Cloud Security

Imperva Cloud Security Now Available Through UK Government’s GCloud 10 Digital Marketplace

Building on the success of Imperva listing our market-leading, single stack Incapsula cloud platform for DDOS protection; CDN; load balancing and WAF on the GCloud 9 framework, Imperva has now added more products to the GCloud 10 portfolio.

As the UK pushes for even greater digital adoption on a national scale, it constantly adds to and updates GCloud 10; a hotlist of preferred products and services for companies that seek to do business with government… simply put, partnering with Imperva now ticks an important box on the UK government’s procurement checklist.

Imperva SecureSphere data protection solutions protect databases from attack, reduce risk and streamlines compliance by enabling organizations to leverage common infrastructure, both in AWS, Azure, hybrid and on-prem.

Imperva SecureSphere Web Application Firewall (WAF) for AWS & Azure provides the industry’s leading WAF technology to protect web apps. It combines multiple defenses to accurately pinpoint and block attacks without blocking your citizens and partners.

Check us out on the Digital Marketplace if you’d like to learn more.

What’s On the Horizon for SIEM Technology? Five Upcoming Innovations in Security Analytics

All solutions evolve over time as new technologies are introduced and market shifts occur — and security information and event management (SIEM) is no exception. The most recent changes in SIEM technology are driven by increased cloud adoption, the limited availability of IT talent and mounting regulatory pressure, as well as the growing variety and sophistication of cyberthreats.

What do these changes mean for the future of SIEM technology? Let’s take a step back and consider five significant shifts we expect to see over the next few years.

1. SIEM Will Shift From On-Premises to the Cloud

SIEM will be as relevant to software-as-a-service (SaaS) and cloud systems as it is to on-premises environments. SIEM’s original purpose was to help organizations correlate multiple security telemetry sources to generate a prioritized risk and threat view and provide a single pane of glass for investigations.

The same will be true in the future, except those on-premises sources will eventually be replaced by multiple cloud and SaaS sources.

2. SIEM Technology Will Become the Foundation of Security Analytics

Machine learning and behavioral analytics will become increasingly important, but they won’t replace rules. A security operations center (SOC) must detect both known and unknown threats.

Using rules and signatures is the fastest and most accurate way to detect known threats, but this strategy is not always effective for identifying unknown threats. It also requires many core data pre-processing steps, such as management, interpretation, curation and enrichment. As a result, SIEM technology will become the foundational layer of all security-analytics solutions.

3. AI Will Relieve Overworked Analysts

Artificial intelligence (AI)-powered analytics that investigate and determine the root cause of existing anomalies — as opposed to solutions that generate new alerts and anomalies — will emerge in the marketplace and become essential tools for both full-scale and ad-hoc investigations. AI analytics will not replace existing rules or machine learning anomaly detection algorithms — since these are essential to help analysts detect potential threat signals.

But these signals must be investigated, and many SOCs lack the workforce to do so. AI tools can conduct automated investigations, drive intelligence orchestration and remediation, and act as a force multiplier to make the security team more productive.

4. Cloud Will Make Security Analytics More Consumable

The majority of SIEM — and, therefore, security analytics — will be consumed from the cloud. It will become increasingly challenging for organizations to juggle the breadth of required data sources, operationalize uses cases and analytics and manage the big data infrastructure of a SIEM on-premises. Cloud services deliver much of these resources on demand and in a fully automated manner — dramatically increasing the consumability and utility of SIEM and security analytics tools within the enterprise.

5. AI Assistants Will Augment Human Analysts

AI assistants will be introduced into the market to help analysts set up, configure and continuously maintain use cases within the SIEM. As organizations and their IT infrastructures evolve, so must their security capabilities. Most companies will still struggle to keep abreast of these changes and close gaps that emerge as a result, but AI assistants will be able to perform assessments and automate much of this workload.

We are already seeing signs of this evolution today with AI-powered security analytics solutions, improved outcomes with the adoption of SIEM-as-a-service and newer analytics, such as user behavior analytics (UBA), domain name system (DNS) and cloud analytics, revolutionizing the way SOCs work. It’s an exciting time to be adopting a security analytics strategy — and both the security and cybercrime landscapes are sure to change drastically in the near future in response to these innovations in SIEM technology.

View the interactive infographic: Transforming Noise to Knowledge

The post What’s On the Horizon for SIEM Technology? Five Upcoming Innovations in Security Analytics appeared first on Security Intelligence.

Departing Employees Should Not Mean Departing Data

Empowering your employees to do their best work means providing them access to physical and digital assets in the company network that can help them scale their initiatives. But when

The post Departing Employees Should Not Mean Departing Data appeared first on The Cyber Security Place.

Understanding SIEM Technology: How to Add Value to Your Security Intelligence Implementation

Security information and event management (SIEM) technology has been around for more than a decade — and the market is growing by the minute.

So, it may seem strange that so many organizations lack a proper understanding of what a security intelligence and analytics solution can do, what type of data it ingests and where to begin when it comes to implementation.

As the threat environment expands in both diversity and volume, IT skills are becoming increasingly scarce, and point solutions are increasingly flooding the market. As a result, many security leaders are at a loss when it comes to selecting the right SIEM solutions to serve their unique needs.

Clear the Fog Surrounding SIEM Technology

Why all the confusion? For one thing, many companies just throw money at a SIEM platform to solve all their security use cases or as a silver bullet for compliance. These are ill-advised strategies because customers are often left to their own devices to both define and implement the system.

So, how should these companies proceed? The first step is to identify the primary security challenges they are trying to solve and the outcomes they hope to achieve.

To shed light on their SIEM implementation, security leaders need a single pane of glass across the organization’s infrastructure to detect and investigate threats, both internal and external. In both cases, these threats are typically after the enterprise’s critical data, whether they aim to steal or destroy it. Since more and more of this data is being moved off premises, cloud security has become a critical function of security operations.

Threat actors will do anything they can to gain access to the enterprise’s crown jewels — and, when they do, security teams need a rapid and efficient incident-response process that enables analysts to take action quickly and confidently.

Finally, and perhaps most crucially, organizations must be able to prove all of the above to various compliance and regulatory auditors.

Related to this Article

How to Optimize Your SIEM Implementation

To clear up the uncertainty surrounding SIEM technology — and to maximize the value of their implementation — security leaders should:

  • Understand the outcomes their SIEM solution can deliver against common use cases;
  • Create a road map for SIEM maturity;
  • Understand how adding different types of data to the SIEM can improve outcomes; and
  • Continuously review their processes and educate staff and stakeholders accordingly.

By following these basic steps, chief information security officers (CISOs) can demonstrate the value of their SIEM implementation in a way that is easily communicable to business leaders and lead the way toward smarter, more prudent investments.

Download the 2017 Gartner Magic Quadrant for SIEM

The post Understanding SIEM Technology: How to Add Value to Your Security Intelligence Implementation appeared first on Security Intelligence.

Cloud Security For The Healthcare Industry: A No-Brainer

The healthcare industry has become one of the likeliest to suffer cyber-attacks, and there’s little wonder why. Having the financial and personal information of scores of patients makes it a very appetizing target for attackers.

Just over a year ago, the WannaCry ransomware attack wreaked havoc on the UK National Health Service (NHS), ultimately disrupting a third of its facilities and causing a rash of canceled appointments and operations.

As healthcare organizations face the prospect of increasing attack, their security teams look to cybersecurity experts with comprehensive, tested products to protect the sensitive information they hold. ALYN Woldenberg Family Hospital, Israel’s only pediatric rehabilitation facility, is no exception.

With a database of more than 70,000 patients and a website hosted in four languages and across three different domains; ALYN Hospital’s IT team was concerned that their content management system (CMS) could be vulnerable. The team didn’t feel their cybersecurity vendor was updating the security on their CMS as often as they should, leading them to go looking for a new vendor.

Initially checking out on-premises WAF systems, ALYN’s team kept coming up against the cost of securing their sites and, because of strict government regulations, they were initially hesitant to move to a cloud-based system. Ultimately, however, they decided that the Imperva Incapsula cloud-based WAF was just the thing, as it meets the most stringent enterprise-grade security criteria.

“We looked at community reviews and talked with colleagues at other hospitals and got the impression that Incapsula is one of the best in terms of cost-benefit ratio, which is important to us, in addition to robustness, ease-of-use, and integration, which was very smooth. It all proved to be correct, for which I am very glad,” said Uri Inbar, Director of IT for ALYN Hospital.

Setting up the system took less than a day and ALYN Hospital still manages its servers in-house, with a staff member who is now dedicated to security. Imperva Incapsula has been low maintenance from the start, so, while customer support was with them every step of the way at the beginning, they haven’t needed any for the last few years because the automatic system, managed and tuned by a team of Imperva security experts, has been running smoothly on its own.

“It gives us peace of mind to know that someone has dedicated themselves to the subject and keeps us updated. It’s one less worry to take care of.”

Since making the switch, ALYN Hospital has seen some significant improvements:

  • Increased visibility for monitoring security threats: The Imperva Incapsula dashboard is easy to use and provides information that helps ALYN Hospital keep its systems secure. And for their special projects, they can even see which countries are generating the most traffic.
  • Good cost-benefit ratio: One of the most important aspects of any new security system for ALYN, the costs were reasonable, especially given the security benefits they received from the Incapsula system.
  • Faster content delivery: While no formal studies were done, the IT staff has heard from some users that their CDN is delivering content faster than before.

Imperva Incapsula offers a single stack solution that integrates content delivery, website security, DDoS protection, and load balancing. Incapsula is PCI-compliant, has customizable security rules and offers 24/7 support.

Cloud Migration Fundamentals: Overcoming Barriers to App Security [Infographic]

As more organizations move to the cloud, the line of responsibility in securing applications can become rather blurred.

The concept of control has historically rested in physical location and ownership. With the move to the cloud, however, the idea of security by proxy is changing and so should our approach.

First things first though, how do we meet the challenges that come with an increasingly cloud-centric world? Understanding what your responsibilities are is a great place to start, check out our neat infographic to learn more about the basics of moving to the cloud, and see where you might be on the right track, or where you might need to focus your attention.

Whether you’ve already made the move to the cloud or you’re in the market for a vendor, there are a few key things you’ll also need to consider before making a decision on a specific product:

  • Can I easily tune and revert rules to changing application needs?
  • Is the solution PCI compliant?
  • Do I have round-the-clock support?
  • How quickly can I deploy?

Additionally, there are resources available to help you understand exactly what moving to the cloud means, and how to navigate these changes.

5 Key Factors to Consider When Comparing Cloud Security Solutions [Video]

Migrating to the cloud can be a challenge, and so can securing your platform once you’re there. It means having a security solution that is quick, adaptable and equipped to handle a wider breadth of attacks.

Whether you’re in the market for a new security product, or you’re looking to switch, there are several important questions you’ll need to ask:

  • Can I easily tune and revert rules to changing application needs?
  • Is the solution PCI compliant?
  • Do I have round-the-clock support?
  • How quickly can I deploy?

Imperva Incapsula offers a single stack solution that integrates content delivery, website security, DDoS protection, and load balancing. Incapsula is PCI compliant, has customizable security rules and offers 24/7 support.

Check out the video below and let the experts show you:

  • The operational advantages of switching to Incapsula.
  • How to plan and execute a successful migration.
  • The differences in functionality between us and our closest competitor.

With Incapsula you can deliver applications securely and efficiently.

Identifying Network Anomalies in Microsoft Azure – Cloud Workload Security and Azure Network Watcher

Monitoring the Microsoft Azure virtual network

Network Watcher is a native Azure service which provides performance monitoring and diagnostic services for Azure tenants. A plethora of logging and diagnostic data are available through Network Watcher which enable insights to your network performance and health. By combining the diagnostic and monitoring capabilities of Network Watcher with the automation and discovery and defense of elastic workloads provided by McAfee Cloud Workload Security (CWS), you now have a comprehensive toolset for end-to-end network visibility.

Network Topology 

Network Watcher enables you to visualize the complete network topology of your application in just a few clicks.

IP Flow Verify

A critical diagnostic tool is being able to check if a flow is allowed or denied to or from a virtual machine. With IP flow verify, you can easily validate whether the flow – ingress and egress – is allowed or denied. This includes combining data from source IP, destination IP, source port, destination port and protocol.

Security Group View

With Network Watcher, you can ensure proper security is present for audit and security measures with programmatic configuration of security groups. You also can increase security posture and more tightly configure firewall rules amongst resource groups by ensuring security groups are in place.

These are just a handful of diagnostic tools facilitated through Network Watcher, which are extensive and robust in data and can be utilized through Azure native APIs. While this context is rich and the logs are comprehensive, it’s critical to be able to quickly and efficiently identify threats and immediately enable actionable workflows that isolate root causes and diminish dwell time. Network Watcher and McAfee’s Cloud Workload Security (CWS) together form a firmly interlocked powerhouse that ensures tight audit controls, proper security control overlay, and effective remediation actions to provide an optimal threat mitigation solution.

McAfee Cloud Workload Security and Azure Network Watcher

As we have established a relative baseline understanding of Network Watcher, let’s peel back another layer to further analyze how Azure traffic flows into the mesh of interoperability with McAfee Cloud Workload Security (CWS).

How does Azure traffic work?

When Network Watcher and the Network Security Groups (NSG) Flow logs are properly enabled, Microsoft Network Watcher captures traffic flows in the Azure cloud. Once the flow logs are enabled for an NSG, Azure Connector collects traffic for successfully provisioned NSGs and VMs associated with them. The discovered traffic will be visible in the traffic visualization section of McAfee CWS.

How does CWS capture Azure Traffic?

  1. During every sync CWS verifies if there are any powered-on Azure instances in a region and if Network Watcher is enabled for that region. If the Network Watcher is not enabled for the region, CWS will enable the Network Watcher and configure that to a storage account.
  2. The next check is on the NSGs in that region. CWS verifies if NSG flow log is enabled for every NSG attached with powered-on instances. If the NSG flow logs are not enabled, CWS will enable NSG flow logs.
  3. Once the Network Watcher and the NSG flow logs are enabled, traffic flow logs are captured in the associated storage account. CWS reads these flow logs from the storage account and determines if there are any network anomalies associated with them.

NSG flow logs allow Network Watcher to view information about the traffic in the NSG. When Network Watcher is enabled, the retention period set by Cloud Workload Security for NSG flow logs is 15 days. You can reconfigure the retention period under Network Watcher in the Azure portal.

For more information on McAfee Cloud Workload Security, please visit the McAfee Cloud Workload Security page for feature and solution documentation.

To learn more about Azure Network Watcher and CWS integration check out the Azure Network Watcher blog post.

The post Identifying Network Anomalies in Microsoft Azure – Cloud Workload Security and Azure Network Watcher appeared first on McAfee Blogs.

Finals Week: Cloud Edition

It’s almost summertime—where the nights are longer and the water is warmer! Before we head to the beach it’s time to review all the things we learned about the cloud from the past two quarters.

For #CloudFinalsWeek we’re asking you to prove your knowledge on the current climate of cloud computing and security. Will you be valedictorian or be headed back to class for summer school? Share your cloud finals score on Twitter after completing the assessment to see if you outranked your peers.

Note: There is a widget embedded within this post, please visit the site to participate in this post's widget.

Not prepared? Lucky for you this is an “open-book” test. Find some cheat sheets and study guides below.

Report: Navigating a Cloudy Sky

Blog Post: Cloud is Ubiquitous and Untrusted

Good luck!

The post Finals Week: Cloud Edition appeared first on McAfee Blogs.

High-Tech & Hackable: How to Safeguard Your Smart Baby Devices

It’s just about as creepy as it gets: A hacker breaking into a smart device in your baby’s nursery. The Internet of Things (IoT) has wrapped our homes technology, which means any piece of technology you own — be it a smartphone, a thermostat, or even a baby toy or monitor — is fair game for hackers.

High tech products geared toward parents of newborns and kids are on the rise. Reports show that new parents are fueling this industry and purchasing everything from smart diapers, onesies, baby monitors, digital bassinets, soothers, high-tech swings, breathing monitors, play pads, and a string of smart toys. Parents purchasing baby tech and digital toys are counting on fresh tech ideas and products to increase efficiency and maintain a constant connection to their kids.

But these seemingly efficient products, some argue, could be increasing parent’s stress in some cases. Are these tech products, which are also highly hackable, worth the risk and worry?

The Pros

Peace of mind, safety. Smart baby devices give anxious parents added peace of mind when it comes to worries. Who doesn’t want to see their sweet baby deep in sleep and go to bed without worry? Given a chance, many parents welcome the opportunity to know their baby’s temperature, oxygen levels, heartbeat, and breathing are on track.

Remote monitoring, convenience. When you can be downstairs or working in the yard, or in your home gym, and still check on a sleeping baby, that’s an incredible convenience that many parents welcome as a productivity booster.

Learning and development. Many parents purchase smart devices for kids in an effort to help them stay on track developmentally and ensure they are prepared for the tech-driven world they are heading into.

The Cons

Hackable. Any device that is web-enabled or can connect to the cloud has the potential to be hacked, which can create a whole new set of issues for a family. If you are getting sleeping, breathing, and health data on your child, anyone else could be getting that same information.

False readings. Baby technology, as useful as it appears, can also have glitches that medical professionals argue can be more harmful than helpful. Can you imagine waking up at 2 a.m. to a monitor alarm that falsely says your baby isn’t breathing?

Complex, pricey. Some of the products can be complicated to program and set up and pricey to purchase or replace.

So why would a hacker even want to break into a baby monitor, you may ask? For some hackers, the motive is simply because they can. Being able to intercept data, crash a device, or prove his or her digital know-how is part of a hacker’s reward system. For others, the motives for stalking your family’s activities or talking to kids in the middle of the night can prove to be a far more nefarious activity.

Tips to safeguard baby tech:

Think before you purchase. According to the tech pros, think before buying baby tech and evaluate each item’s usefulness. Ask yourself: Do I need this piece of technology? Will this product potentially decrease or increase my stress? If a product connects to the wi-fi or the cloud, weight its convenience against any risk to your family’s data.

Change default passwords. Many products come with easy-to-guess default passwords that many consumers don’t take the time to change. This habit makes it easy for hackers to break in. Hackers can also gain access to entire wifi networks just by retrieving the password stored on one device. (Sometimes all a hacker does is google a specific brand to find the product’s password — yes, it’s as easy as that!)

Buy from known brands. Buy from reputable manufacturers and vendors. Google to see if that company’s products have ever been digitally compromised. And although it’s tempting to get your device used to save a little money, second-hand technology might have malware installed on it so beware.

Update software, use strong passwords. If there’s a software update alert connected to your baby tech, take the time to update immediately and be sure to choosing a password with a minimum of 16 characters and not using the same password for more than one device.

Turn off. When your devices are not on, there’s no vulnerability so, even with all the safeguards, remember to turn off devices not in use for that last layer of protection.

toni page birdsong



Toni Birdsong is a Family Safety Evangelist to McAfee. You can find her on Twitter @McAfee_Family. (Disclosures).

The post High-Tech & Hackable: How to Safeguard Your Smart Baby Devices appeared first on McAfee Blogs.

The Cloud: Crossroads or Fast Lane for Enterprise Databases?

As someone who has enjoyed spending time with many a DBA (database administrator) over the years, and for better or worse has spun up a fair few DBMS (Database Management System) himself, I’m excited and also just a little scared of the potential that the hybrid cloud holds.

It is exciting to think about all the possibilities hybrid cloud environments bring. Imagine, Database power at scale. Whenever, wherever, elastic with built-in failover and load balancing. No more long provisioning cycles, masses of approvals and justifications to get that new hardware. Everything is available at a moment’s notice and ready to help the business grow. In short, it’s any application developers dream come true and most DBA’s nightmare.

No matter which research, the trend is clear. Enterprise Databases are moving to the cloud, but what will end up lurking in the dark?

The management of DBMS instances in any organization is already challenging as it is. Not knowing exactly how many Databases exist at any given time is far too common, making it next to impossible to manage the risk appropriately. Making sure potential vulnerabilities are patched or at least can not be exploited (SQL Injections, misconfigured instances, weak account passwords etc) is the standard cat and mouse game of every DBA. On top of that, there is data protection. Monitoring and auditing access to the organization’s most valuable data has become one of the biggest challenges organizations face.

Location, Location, Location – Is not important!

Unlike in real estate, location really isn’t important. Monitoring the database workload and how many instances, databases, and servers are spun up must follow the same rigor in the cloud as it does within the on-premise datacenter.

The monitoring of suspicious requests that may indicate malicious behavior to the DBMS  needs to follow the same policies, rules, and possibilities in the cloud as on-premises. Intercepting and stopping malicious connections has to be possible across the whole infrastructure – from on-premises to cloud.

Last but by no means least, auditing and monitoring of sensitive information, whether that is PCI DSS, HIPAA, SOX or PII data must be seamless between on premise and any cloud instance.

Once these cross-locational policies and monitoring capabilities are in place, the hybrid database environment turns indeed into a fast lane, allowing businesses to scale much faster and much more seamlessly than ever before.

McAfee is helping to fill the need in this hybrid environment by offering a software-based Database Security solution that allows the monitoring of database instances across both on-premise and the cloud. Non-intrusive, lightweight and easy to deploy, McAfee’s Database Security allows customers to enjoy all the exciting benefits of moving to a hybrid cloud enterprise database environment, while retaining control over security, risk and data protection.

For more information, head over to the product information page here.

The post The Cloud: Crossroads or Fast Lane for Enterprise Databases? appeared first on McAfee Blogs.

Application Development GDPR Compliance Guidance

Last week IBM developerWorks released a three-part guidance series I have written to help 
Application Developers develop GDPR compliant applications.

Developing GDPR Compliant Applications Guidance

The General Data Protection Regulation (GDPR) was created by the European Commission and Council to strengthen and unify Europe's data protection law, replacing the 1995 European Data Protection Directive. Although the GDPR is a European Union (EU) regulation, it applies to any organizations outside of Europe that handle the personal data of EU citizens. This includes the development of applications that are intended to process the personal information of EU citizens. Therefore, organizations that provide web applications, mobile apps, or traditional desktop applications that can indirectly process EU citizen's personal data or allow EU citizens sign in are subject to the GDPR's privacy obligations. Organizations face the prospect of powerful sanctions should applications fail to comply with the GDPR.

Part 1: A Developer's Guide to the GDPR
Part 1 summarizes the GDPR and explains how the privacy regulation impacts and applies to developing and supporting applications that are intended to be used by European Union citizens.

Part 2: Application Privacy by Design
Part 2 provides guidance for developing applications that are compliant with the European Union’s General Data Protection Regulation. 

Part 3: Minimizing Application Privacy Risk

Part 3  provides practical application development techniques that can alleviate an application's privacy risk.

The Ramifications of the Skills Shortage on Cloud Security

Week over week, a new threat against valuable data emerges. Sometimes, adversaries in cybersecurity find ways to infiltrate systems through advanced malware strains. Other times, they’ll find holes in an organization’s infrastructure, which have been accidentally created by a well-intentioned employee. Both occur all too often, but the latter is actually tied to another threat facing the cybersecurity industry – the skills shortage.

Mind the gap

The skills shortage is a term those in the industry all are too familiar with. While agile and powerful threats are on the rise, the amount of talented cybersecurity professionals is not – leaving a gaping hole in security strategy that existing employees just can’t fill. In fact, according to McAfee’s recent study Winning the Game, IT leaders report needing to increase their security staff by 24% to adequately manage their organization’s cyberthreats. The absence of adequately trained professionals can leave holes in many aspects of modern-day security infrastructure, with one of the widest specifically involving cloud security.

A clouded education

The cloud is a nuanced area in technology and securely managing it requires specific knowledge – which is why it feels the effects of the skills shortage two-fold. In fact, according to our recent report Navigating a Cloudy Sky: Practical Guidance and the State of Cloud Security, more than 25% of organizations using infrastructure as a service (IaaS) or software as a service (SaaS) have experienced data theft from their hosted infrastructure or applications. Furthermore, one in five were infiltrated by advanced attackers targeting their public cloud infrastructures. All too often these attacks originate from user misconfigurations, a lack of updates, or a selection of the wrong technology.

Put two and two together, and these breaches make one thing apparent: organizations are not only lacking cybersecurity talent, but sufficient cloud security talent, which ultimately puts them more at risk of an attack. Mind you, this talent gap is also delaying enterprise migration to cloud computing.

Security skills vs. cloud security skills

However, it’s important to note that the list of skills required for successful cloud security isn’t precisely a carbon copy of what many expect from a cybersecurity professional. Plugging one gap will not always fill the other.

Of course, general security skills – such as incident response, data analysis, and threat hunting –are still crucial when it comes to securing the cloud. But they’re not entirely sufficient. For instance, cloud security professionals and architects need to come to the table with a deep knowledge of identity access management (IAM), deployment automation, and cloud regulatory compliance.

But just like cloud security is a shared responsibility between vendor and customer, so is the cloud security skills shortage between the cybersecurity industry and future professionals. While we must hope that professionals pursue the right training, the cybersecurity industry must also do its part in educating both future candidates and current employees on the ins and outs of modern-day cloud security. And this doesn’t just mean teaching the correct configurations for AWS either, but rather helping these professionals learn about the tenets of cloud adoption, including costs, monitoring, potential barriers, and more.

To plug your cloud security skills gap, the answer is not to hire quickly, but rather hire and train strategically. Evaluate what security issues your cloud infrastructure has faced and map those issues back to the applicable skills needed to address them. From there, securing IaaS and SaaS solutions shouldn’t seem so cloudy to your IT team.

To learn more about what McAfee is doing to help address the cybersecurity skills shortage, be sure to follow us at @McAfee and @McAfee_Business.

The post The Ramifications of the Skills Shortage on Cloud Security appeared first on McAfee Blogs.

Enriching Cloud Threat Intelligence and Visibility – Cloud Workload Security and AWS GuardDuty

This blog was written by Stan Golubchik.

Using cloud-native threat intelligence to enhance workload security

Risk assessment is crucial in today’s public cloud. In Amazon Web Services (AWS), native monitoring services for ingress and egress network data can shed light on potential network threats and anomalies. A service of AWS, GuardDuty, bridges the capability to ingest this data to and from an AWS tenant’s environments for continuous monitoring of the following data sources:

  • VPC Flow Logs
  • AWS CloudTrail event logs
  • DNS logs

With these threat intelligence feeds, GuardDuty can enrich the context of potentially unauthorized and malicious activity within a AWS environment. This context can be visualized through the GuardDuty console, or via the Amazon CloudWatch events, informing the security status of your AWS environment.

While GuardDuty can act as a standalone service with substantial benefit for security and risk assessment in an AWS environment, converging GuardDuty threat intelligence into a broader cloud workload protection platform can provide extended benefits:

  • Automated detection capabilities
  • A single pane of glass for visibility over AWS, along with Azure and VMware
  • Actionable remediation workflows

By bridging native AWS API driven data sources such as GuardDutty with a cloud workload protection platform like McAfee Cloud Workload Security (CWS), tenants of AWS can use the data-rich sources of AWS within CWS manage and secure mission critical workloads with advanced security from a single console.

Discover and protect with Cloud Workload Security

CWS directly integrates with the AWS GuardDuty API – An optimal scenario for visualizing anomalous network activity, and threat events. GuardDuty events which are categorized as low and medium events within AWS are subsequently flagged as medium severity events within the CWS console.

Setting up the connection between GuardDuty and McAfee CWS is straight forward. The pre-requisite configuration requirements are as follows:

  • Enable GuardDuty through your AWS management console.

  • The security credentials used for registering your account within CWS should have GuardDuty permissions assigned for read access to GuardDuty’s threat intelligence and network flow data.

Once the initial configuration has been instantiated, GuardDuty data will immediately be pulled by CWS.  Through the CWS management console (McAfee ePolicy Orchestrator, or ePO), you are able to visualize threat information directly from GuardDuty. The GuardDuty events you will see include:

  • Brute force attacks
  • Port scans
  • Tor communications
  • SSH brute force
  • Outbound DDoS
  • Bitcoin mining
  • Unusual DNS requests
  • Unusual traffic volume and direction

IAM related events are currently not supported. An immediate pivot into an action can be taken at the point GuardDuty provides a severity verdict to a potential threat. Such actions which can be taken include:

  • Shutting down the compromised EC2 instance(s) which have been flagged.
  • Through micro-segmentation, altering firewall settings via security groups i.e. altering the port, protocol, or IP to limit and control network connectivity to any EC2 instance.

For more information on McAfee Cloud Workload Security, please visit the following page for feature and solution documentation:


The post Enriching Cloud Threat Intelligence and Visibility – Cloud Workload Security and AWS GuardDuty appeared first on McAfee Blogs.

Trivia Time: Test Your Family’s Password Safety Knowledge

Strong PasswordPasswords have become critical tools for every citizen of the digital world. Passwords stand between your family’s gold mine of personal data and the entirety of the internet. While most of us have a love-hate relationship with passwords, it’s beneficial to remember they do serve a powerful purpose when created and treated with intention.

But asking your kids to up their password game is like asking them to recite the state capitals — booooring! So, during this first week of May as we celebrate World Password Day, add a dash of fun to the mix. Encourage your family to test their knowledge with some Cybersavvy Trivia.

Want to find out what kind of password would take two centuries to crack? Or, discover the #1 trick thieves use to crack your password? Then take the quiz and see which family member genuinely knows how to create an awesome password.

We’ve come a long way in our understanding of what makes a strong password and the many ways nefarious strangers crack our most brilliant ones. We know that unique passwords are the hardest to crack, but we also know that human nature means we lean toward creating passwords that are also easy to remember. So striking a balance between strong and memorable may be the most prudent challenge to issue to your family this year.

Several foundational principles remain when it comes to creating strong passwords. Share them with your family and friends and take some of the worries out of password strength once and for all.

5 Password Power Principles

  1. Unique = power. A strong password includes numbers, lowercase and uppercase letters, and symbols. The more complicated your password is, the more difficult it will be to crack. Another option is a password that is a Strong Passwordpassphrase only you could know. For instance, look across the room and what do you see? I can see my dog. Only I know her personality; her likes and dislikes. So, a possible password for me might be #BaconDoodle$. You can even throw in a misspelling of your password to increase its strength such as Passwurd4Life. Just be sure to remember your intentional typos if you choose this option.
  2. Diverse = power. Mixing up your passwords for different websites, apps, and accounts can be a hassle to remember but it’s necessary for online security. Try to use different passwords for online accounts so that if one account is compromised, several accounts aren’t put in jeopardy.
  3. Password manager = power. Working in conjunction with our #2 tip, forget about remembering every password for every account. Let a password manager do the hard work for you. A password manager is a tech tool for generating and storing passwords, so you don’t have to. It will also auto-log you onto frequently visited sites.
  4. Private = power. The strongest password is the one that’s kept private. Kids especially like to share passwords as a sign of loyalty between friends. They also share passwords to allow friends to take over their Snapchat streaks if they can’t log on each day. This is an unwise practice that can easily backfire. The most Strong Passwordpowerful password is the one that is kept private.
  5. 2-step verification = power. Use multi-factor (two-step) authentication whenever possible. Multiple login steps can make a huge difference in securing important online accounts. Sometimes the steps can be a password plus a text confirmation or a PIN plus a fingerprint. These steps help keep the bad guys out even if they happen to gain access to your password.

It’s a lot to manage, this digital life but once you’ve got the safety basics down, you can enjoy all the benefits of online life without the worry of your information getting into the wrong hands. So have a fun and stay informed knowing you’ve equipped your family to live their safest online life!

toni page birdsong



Toni Birdsong is a Family Safety Evangelist to McAfee. You can find her on Twitter @McAfee_Family. (Disclosures).

The post Trivia Time: Test Your Family’s Password Safety Knowledge appeared first on McAfee Blogs.

Cloud Clustering Vulnerable to Attacks

The authors thank John Fokker and Marcelo CaroVargas for their contributions and insights.

In our upcoming talk at the Cloud Security Alliance Summit at the RSA Conference, we will focus our attention on the insecurity of cloud deployments. We are interested in whether attackers can use compromised cloud infrastructure as viable backup resources as well as for cryptocurrency mining and other illegitimate uses. The use of containers has increased rapidly, especially when it comes to managing the deployment of applications. Our latest market survey found that 83% of organizations worldwide are actively testing or using containers in production. Applications need authentication for load balancing, managing the network between containers, auto-scaling, etc. One solution (called a cluster manager) for the automated installation and orchestration of containers is Kubernetes.

Some key components in the Kubernetes architecture appear below:

High-level Kubernetes architecture.

  • Kubernetes master server: The managing machine oversees one or more nodes
  • Node: A client that runs tasks as delegated by the user and Kubernetes master server
  • Pod: An application (or part of an application) that runs on a node. The smallest unit that can be scheduled to be deployed. Not intended to live long.

For our article, we need to highlight the etcd storage on the master server. This database stores the configuration data of the cluster and represents the overall state of the cluster at a given time. Kubernetes saves these secrets in Base64 strings; before Version 2.1 there was no authentication in etcd.

With that knowledge, security researcher Giovanni Collazo from Puerto Rico started to query the Shodan database for etcd databases connected to the Internet. He discovered many and by executing a query, some of these databases started to reveal a lot of credentials. Beyond leaking credentials from databases and other accounts, what other scenarios are possible?

Leaking Credentials

There are several ways that we can acquire credentials for cloud services without hacking into panels or services. By “creatively” searching public sites and repositories, we can find plenty of them. For example, when we searched on GitHub, we found more than 380,000 results for certain credentials. Let’s assume that half of them are useful: We would have 190,000 potentially valid credentials. As Collazo did for etcd, one can also use the Shodan search engine to query for other databases. By creating the right query for Django databases, for example, we were able to identify more cloud credentials. Amazon’s security team proactively scans GitHub for AWS credentials and informs their customers if they find credentials.

Regarding Kubernetes: Leaked credentials, complete configurations of the DNS, load balancers, and service accounts offer several possible scenarios. These include exfiltrating data, rerouting traffic, or even creating malicious containers in different nodes (if the service accounts have enough privileges to execute changes in the master server).

Creating malicious containers.

One of the biggest risks concerning leaked credentials is the abuse of your cloud resources for cryptomining. The adversaries can order multiple servers under your account to start cryptomining, enriching their bank accounts while you pay for the computing power “you” ordered.

Open Buckets

We have heard a lot about incidents in which companies have not secured their Amazon S3 buckets. A number of tools can scan for “open” buckets and download the content. Attackers would be most interested in write-enabled rights on a bucket. For our Cloud Security Alliance keynote address at RSA, we created a list of Fortune 1000 companies and looked for readable buckets. We discovered quite a few. That is no surprise, but if you combine the read-only buckets information with the ease of harvesting credentials, the story changes. With open and writable buckets, the adversaries have plenty of opportunities: storing and injecting malware, exfiltrating and manipulating data, etc.

McAfee cloud researchers offer an audit tool that, among other things, verifies the rights of buckets. As we write this post, more than 1,200 writable buckets belonging to a multitude of companies, are accessible to the public. One of the largest ad networks in the world had a publicly writable bucket. If adversaries could access that network, they could easily inject malicious code into advertisements. (As part of our responsible disclosure process, we reported the issue, which was fixed within hours.) You can read an extensive post on McAfee cloud research and how the analysts exposed possible man-in-the-middle attacks leveraging writable buckets.

Clustering the Techniques

To combat ransomware, many organizations use the cloud to back up and protect their data. In our talk we will approach the cloud as an attack vector for spreading ransomware. With the leaked credentials we discovered from various sources, the open and writable buckets created a groundwork for storing and spreading our ransomware. With attackers having a multitude of credentials and storage places such as buckets, databases, and containers, defenders would have difficulty keeping up. We all need to pay attention to where we store our credentials and how well we monitor and secure our cloud environments.

The post Cloud Clustering Vulnerable to Attacks appeared first on McAfee Blogs.

Cloud is Ubiquitous and Untrusted

At the end of 2017, McAfee surveyed 1,400 IT professionals for our annual Cloud Adoption and Security research study.  As we release the resulting research and report at the 2018 RSA Conference, the message we learned this year was clear: there is no longer a need to ask whether companies are in the cloud, it’s an established fact with near ubiquitous (97%) acknowledgement.  And yet, as we dug into the comments and information that industry professionals and executives shared about their use and protection of the cloud, another intriguing theme became clear: companies are investing in cloud well ahead of their trust in it!

For this year’s report, Navigating a Cloudy Sky, we sought respondents from a market panel of IT and Technical Operations decision makers.  These were selected to represent a diverse set of geography, verticals, and organization sizes.  Fieldwork was conducted from October to December 2017, and the results offered a detailed understanding of the current state and future for cloud adoption and security.

Cloud First

More than any prior year – the survey indicated that 97% of organizations worldwide are currently using cloud services, up from 93% just one year ago.  In the past year, a majority of organizations in nearly every major geography have even gone so far as to assert a “cloud first” strategy for new initiatives using infrastructure or technology assets.

Indeed, this cloud-first strategy has driven organizations to take on many different providers in their cloud ecosystem.  As organizations tackle new data use initiatives, intelligence building, new capabilities to store and execute on applications – the growth in cloud is exploding the number of sanctioned cloud providers that businesses are reporting.

In the survey, enterprises are recognizing and reporting at a statistically significant level the explosion in provider count – each a source of potential risk and management need for the organization.  The provider count requires readiness in governance strategy that joins security capabilities and procurement together to protect the data entrusted to each new cloud deployment.  Security operations teams will need enhanced visibility that is unified to compose a picture across so many different environments containing enterprise data.

Data and Trust

This year’s report highlights an intriguing trend – companies are investing their data in cloud providers well in advance of their trust in those providers.  An incredible 83% of respondents reported storing sensitive data in the public cloud – with many reporting nearly every major data sensitive data type stored in at least one provider.

Despite such a high level of data storage in cloud applications, software, and infrastructure, the same business executives are clearly concerned about the continuing ability to trust the cloud provider to protect the data.  While cloud trust continues to gain, and cloud respondents indicated continuing buy-in to using providers and trusting them with critical data and workloads, only 23% of those surveyed said they “completely trust” their data will be secured in the public cloud.

Part of that trust stems from a perception that using public cloud providers is likely to drive use of more proven technologies, and that the risk is not perceived as being any less than in the private cloud.

As cloud deployment trends continue, IT decision makers have strong opinions on key security capabilities that would increase and speed cloud adoption.

  • 33% would increase cloud adoption with visibility across all cloud services in use
  • 32% would increase cloud adoption with strict access control and identity management
  • 28% would increase cloud adoption with control over cloud application functionality

You can download the full report here, and keep following @mcafee_business for more insights on this research.

The post Cloud is Ubiquitous and Untrusted appeared first on McAfee Blogs.

Cloud Protection Moves Into a New Phase

This blog post was written by Sandy Orlando.

It’s RSA Conference season and a great time to talk about containers and security.

No, not traditional shipping containers.

Containers have become developers’ preferred deployment model for modern cloud applications, helping organizations accelerate innovation and differentiate themselves in the marketplace. This is part of the natural progression of the datacenter, moving from the physical, on-premise servers of old, to virtual servers, and then to the public cloud.

According to a report released today by McAfee, “Navigating a Cloudy Sky,” containers have grown rapidly in popularity over the past few years, with 80 percent of those surveyed using or experimenting with them. However, only 66 percent of organizations have a strategy to apply security to containers, so there is still work to be done.

Realistically, most companies will have a mixed, or “hybrid cloud” solution for some time. A big challenge for customers is to maintain security and visibility as they migrate to the public cloud and adopt new technologies like containers.

As containers gain in popularity, getting visibility of their container workloads and understanding how security policies are applied is something that enterprises will need to assess to ensure workloads are secure in the cloud. In the shared security responsibility model laid out by cloud providers, enterprises can leverage the available native controls and the interconnectivity with production workloads and data stores, but will need to actively manage the security of those workloads. Gaining visibility, mitigating risk and protecting container workloads helps build a strong foundation for secure container initiatives.

McAfee is helping to fill the security need in this new environment by offering hybrid cloud security solutions to customers. For example, the release of McAfee Cloud Workload Security (CWS) v5.1 – announced today and available Q2 2018 – gives customers a tool that identifies and secures Docker containers, workloads and servers in both private and public cloud environments.

McAfee CSW 5.1 quarantines infected workloads and containers with a single click, thus reducing misconfiguration risk and increasing initial remediation efficiency by nearly 90 percent.

Previously, point solutions were needed to help secure containers. But with multiple technologies to control multiple environments, security management faced unnecessary complexities. McAfee CWS can span multi-cloud environments: private data centers using virtual VMware servers, workloads in AWS, and workloads in Azure, all from a single interface.

McAfee CWS identifies Docker containers within five minutes from their deployment and quickly secures them using micro and nano-segmentation, with a new interface and workflow. Other new features include discovery of Docker containers using Kubernetes, a popular open source platform used to manage containerized workloads and services, and enhanced threat monitoring and detection with AWS GuardDuty alerts – available directly within the CWS dashboard.

McAfee is the first company to provide a comprehensive cloud security solution that protect both data and workloads across the entire Software as a Service and Infrastructure as a Service spectrum.  So, when you’re talking containers, be sure to include McAfee in the conversation.

And don’t forget to stop by the McAfee booth, North Hall, #3801, if you’re attending RSA.

The post Cloud Protection Moves Into a New Phase appeared first on McAfee Blogs.

GDPR Planning and the Cloud

Data protection is on a lot of people’s minds this week. The Facebook testimony in Congress has focused attention on data privacy. Against this backdrop, IT security professionals are focused on two on-going developments: the roll-out next month of new European regulations on data (the General Data Protection Regulation, or GDPR) as well as the continued migrations of data to the public cloud.

GDPR is mostly about giving people back their right over their data by empowering them. Among other rights and duties, it concerns the safe handling of data, the “right to be forgotten” (among other data subject rights) and breach reporting. But apparently it will not slow migration to the cloud.

According to a McAfee report being released today, Navigating a Cloudy Sky, nearly half of companies responding plan to increase or keep stable their investment in the public, private or hybrid cloud, and the GDPR does not appear to be a showstopper for them. Fewer than 10 percent of companies anticipate decreasing their cloud investment because of the GDPR.

Getting Help for GDPR Compliance

What is the practical impact of all this? Say your CISO is in the early stages of setting up a GDPR compliance program. In any enterprise it’s important to understand the areas of risk. The first step in managing risk is taking a deep look at where the risk areas exist.

McAfee will feature a GDPR Demo1 at the RSA conference in San Francisco this week that will help IT pros understand where to start. The demo walks conference attendees through five different GDPR compliance scenarios, at different levels of a fictional company and for different GDPR Articles, so that they can start to get a feel for GDPR procedure and see the tools which will help identify risk areas and demonstrate the capabilities for each.

Remember, with GDPR end-users are now empowered to request data that they are the subject of, and can request it be wiped away. With the latest data loss prevention software, compliance teams will be able to service these requests by exporting reports for given users, and the ability to wipe data on those users. But a lot of companies need to learn the specific procedures on compliance with GDPR rules.

GDPR could be looked at as another regulation to be complied with – but savvy companies can also look at it as a competitive advantage. Customers are increasingly asking for privacy and control. Will your business be there waiting for them?

The cloud, GDPR and customer calls for privacy are three developments that are not going away – the best stance is preparation.

1 McAfee will be in the North Hall, booth #N3801 (the “Data Protection and GDPR” booth) and also in the South Hall at the McAfee Skyhigh booth, # S1301.

The information provided on this GDPR page is our informed interpretation of the EU General Data Protection Regulation, and is for information purposes only and it does not constitute legal advice or advice on how to achieve operational privacy and security. It is not incorporated into any contract and does not commit promise or create any legal obligation to deliver any code, result, material, or functionality. Furthermore, the information provided herein is subject to change without notice, and is provided “AS IS” without guarantee or warranty as to the accuracy or applicability of the information to any specific situation or circumstance. If you require legal advice on the requirements of the General Data Protection Regulation, or any other law, or advice on the extent to which McAfee technologies can assist you to achieve compliance with the Regulation or any other law, you are advised to consult a suitably qualified legal professional. If you require advice on the nature of the technical and organizational measures that are required to deliver operational privacy and security in your organization, you should consult a suitably qualified privacy professional. No liability is accepted to any party for any harms or losses suffered in reliance on the contents of this publication.

The post GDPR Planning and the Cloud appeared first on McAfee Blogs.