Category Archives: Cloud Security

Aquilai Launches Ajax Intelligence Phishing Solution.

Aquilai has launched their cloud based Ajax Intelligence solution to combat all forms of email phishing prevalent on Microsoft Exchange, Office 365 and G Suite emails.

Shaped in collaboration with GCHQ and National Cyber Security Centre staff, Ajax Intelligence is the most effective solution against email phishing available on the market. The architecture is optimised and validated as being effective against current and evolving phishing threats that will continue to impact all types of business, from campaigns that trick employees into clicking a malicious link or being socially engineered into giving away sensitive data.

Using Artificial Intelligence and Machine Learning, Ajax Intelligence automatically learns and adapts without any user intervention. It learns about both the user’s email profile and the company email profile, enabling it to mitigate phishing compromise early in the attack cycle.

Ajax Intelligence inserts helpful contextual banners into each email to advise users while helping guide their responses. The solution will also protect users from malicious web sites by rewriting URLs as the email is processed and is easy to install, with little to no user training required.

An alumni of the GCHQ Cyber Accelerator, and member of the first cohort of the London Office for Rapid Cybersecurity Advancement (LORCA), Aquilai is the standard bearer for protecting organisations from phishing attacks. LORCA undertook extensive market research and ran industry need accelerators to scope out the cyber requirements of UK businesses. This means Ajax Intelligence has been finetuned to meet the requirements of both large and small businesses who want to protect their employees.

The post Aquilai Launches Ajax Intelligence Phishing Solution. appeared first on IT Security Guru.

How are businesses facing the cybersecurity challenges of increasing cloud adoption?

Cloud services serve core functions essential to all aspects of business operations, but getting cloud security right is still a challenge for many organizations, the 2019 Cloud Threat Report by Oracle and KPMG has shown. The two companies have asked 450 cyber security and IT professionals from private and public-sector organizations in the US, Canada, UK, Australia and Singapore about the problems surrounding cloud adoption and use in their environments. While 73 percent of them … More

The post How are businesses facing the cybersecurity challenges of increasing cloud adoption? appeared first on Help Net Security.

Lessons from the Encryption Front Line: Core Components in the Cloud

This is the second installment in a multipart series about data encryption. Be sure to read part one for the full story.

Now that we understand the common threats facing organizations and how to select the right solution for data-at-rest encryption (DaRE), what’s the next step in your data encryption journey?

Encrypting data is the relatively easy part of the solution, but securely managing keys is a major challenge. According to the National Institute of Standards and Technology (NIST), “Keys are analogous to the combination of a safe. If an adversary knows the combination, the strongest safe provides no security against penetration. Similarly, poor key management may easily compromise strong algorithms.”

DaRE needs more than software to encrypt data, because the keys still need to be managed. Let’s dive deeper into the key management challenge, the core components needed to manage keys effectively and the open standards security teams should use in their cloud environments.

The Encryption Key Management Challenge

In DaRE solutions, symmetric encryption is used for speed, and the same key is used to encrypt and decrypt the data. The security of the system relies on the encryption key being kept secret. Most organizations now encrypt disks within a laptop. To start the decrypting process, a password must be entered manually, which is impractical for cloud environments with thousands of servers.

If the data is being decrypted after a system has started, the encryption software can use a secret key stored locally on the server, which will be in an obscured format that can be decoded. The risk here is that a privileged insider or threat actor could potentially decode the key and decrypt the data. Therefore, security teams need a way to protect their encryption keys.

Unscrambling the Encryption Solution Components

A typical cloud encryption solution has three core components: an encryption client, a key management server (KMS) and a hardware security module (HSM).

The encryption client performs the actual encryption using a data encryption key (DEK). Since it needs to be stored encrypted, the DEK itself is obscured using a key encryption key (KEK).

The KEK is obtained from a KMS, which contains many hundreds or thousands of keys in a database. Once again, the KEKs need to be encrypted using a master encryption key (MEK) because there is a risk that the KMS could be compromised. The MEK is stored in the HSM, which enables the security team to store a key in hardware that physically prevents tampering or loss of the MEK.

Creating an Open Encryption Solution

In the past, encryption solutions have been built around proprietary protocols, making integration difficult. That’s why OASIS defined a set of standards to improve interoperability between encryption and key management solutions from different vendors.

Over the past few years, vendors have increasingly adopted standard protocols for communication between the KMS and HSM, such as OASIS PKCS#11, as well as communication between the encryption client and the KSM, such as the OASIS KMIP protocol. Look for solutions that use these standards when putting together your encryption strategy.

Encryption Solutions Are Maturing

With a standard set of components that support open standards, encryption technology is gradually maturing to make implementation and encryption key management easier. In cloud environments, these components are often available in a lower-cost implementation known as bring-your-own-key (BYOK), which integrates with supported DaRE solutions. These solutions are now reaching high levels of assurance with HSMs offering FIPS 140-2 Level 4 in the cloud.

Depending on your needs, you can develop encryption solutions based on open standards from components you build and run yourself or source them as managed services from cloud providers.

The post Lessons from the Encryption Front Line: Core Components in the Cloud appeared first on Security Intelligence.

Cyber Security Risk in Retail and How to Handle It

Hackers and their tactics are continually evolving but one thing remains the same: retailers are prime targets for a cyber-attack. This is such a widespread issue that in nearly every

The post Cyber Security Risk in Retail and How to Handle It appeared first on The Cyber Security Place.

The Exploit Model of Serverless Cloud Applications

Serverless platform-as-a-service (PaaS) offerings are being deployed at an increasing rate for many reasons. They relate to information in a myriad of ways, unlocking new opportunities to collect data, identify data, and ultimately find ways to transform data to value.

Figure 1. Serverless application models.

Serverless applications can cost-effectively reply and process information at scale, returning critical data models and transformations synchronously to browsers or mobile devices. Synchronous serverless applications unlock mobile device interactions and near-real-time processing for on-the-go insights.

Asynchronous serverless applications can create data sets and views on large batches of data over time. We previously needed to have every piece of data and run batch reports, but we now have the ability to stagger events, or even make requests, wait some time to check in on them, and get results that bring value to the organization a few minutes or an hour later.

Areas as diverse as tractors, manufacturing, and navigation are benefiting from the ability to stream individual data points and look for larger relationships. These streams build value out of small bits of data. Individually they’re innocuous and of minimal value, but together they provide new intelligence we struggled to capture before.

The key theme throughout these models is the value of the underlying data. Protecting this data, while still using it to create value becomes a critical objective for the cloud-transforming enterprise. We can start by looking at the model for how data moves into and out of the application. A basic access and data model illustrates the way the application, access medium, CSP provider security, and serverless PaaS application have to work together to balance protection and capability.

Figure 2. Basic access and data model for serverless applications.

A deeper exploration of the security environment—and the shared responsibility in cloud security—forces us to look more carefully at who is involved, and how each party in the cloud ecosystem is empowered to see potential threats to the environment, and to the transaction specifically. When we expand the access and data model to look at the activities in a modern synchronous serverless application, we can see how the potential threats expand rapidly.

Figure 3. Expanded access and data model for a synchronous serverless application.

Organizations using this common model for an integrated serverless PaaS application are also gaining information from infrastructure-as-a-service (IaaS) elements in the environment. This leads to a more specific view of the threats that exist:

Figure 4. Sample threats in a serverless application.

 

By pushing the information security team to more carefully and specifically consider the ways the application can be exploited, they can then take simple actions to ensure that both development activities and the architecture for the application itself offer protection. A few examples:

  • Threat: Network sniffing/MITM
  • Protection: High integrity TLS, with signed API requests and responses

 

  • Threat: Code exploit
  • Protection: Code review, and SAST/pen testing on regular schedule

 

  • Threat: Data structure exploit
  • Protection: API forced data segmentation and request limiting, managed data model

The organization first must recognize the potential risk, make it part of the culture to ask the question, “What threats to my data does my change or new widget introduce?” and make it an expectation of deployment that privacy and security demand a response.

Otherwise, your intellectual property may just become the foundation of someone else’s profit.

The post The Exploit Model of Serverless Cloud Applications appeared first on McAfee Blogs.

Roses Are Red, Violets Are Blue – What Does Your Personal Data Say About You?

A classic meet-cute – the moment where two people, destined to be together, meet for the first time. This rom-com cornerstone is turned on its head by Netflix’s latest bingeable series “You.” For those who have watched, we have learned two things. One, never trust someone who is overly protective of their basement. And two, in the era of social media and dating apps, it’s incredibly easy to take advantage of the amount of personal data consumers readily, and somewhat naively, share online and with the cloud every day.

We first meet Joe Goldberg and Guinevere Beck – the show’s lead characters – in a bookstore, she’s looking for a book, he’s a book clerk. They flirt, she buys a book, he learns her name. For all intents and purposes, this is where their story should end – but it doesn’t. With a simple search of her name, Joe discovers the world of Guinevere Beck’s social media channels, all conveniently set to public. And before we know it, Joe has made himself a figurative rear-window into Beck’s life, which brings to light the dangers of social media and highlights how a lack of digital privacy could put users in situations of unnecessary risk. With this information on Beck, Joe soon becomes both a physical and digital stalker, even managing to steal her phone while trailing her one day, which as luck would have it, is not password protected. From there, Joe follows her every text, plan and move thanks to the cloud.

Now, while Joe and Beck’s situation is unique (and a tad dramatized), the amount of data exposed via their interactions could potentially occur through another romantic avenue – online dating. Many millennial couples meet on dating sites where users are invited to share personal anecdotes, answer questions, and post photos of themselves. The nature of these apps is to get to know a stranger better, but the amount of personal information we choose to share can create security risks. We have to be careful as the line between creepy and cute quickly blurs when users can access someone’s every status update, tweet, and geotagged photo.

While “You” is an extreme case of social media gone wrong, dating app, social media, and cloud usage are all very predominant in 2019. Therefore, if you’re a digital user, be sure to consider these precautions:

  • Always set privacy and security settings. Anyone with access to the internet can view your social media if it’s public, so turn your profiles to private in order to have control over who can follow you. Take it a step further and go into your app settings to control which apps you want to share your location with and which ones you don’t.
  • Use a screen name for social media accounts. If you don’t want a simple search of your name on Google to lead to all your social media accounts, consider using a different variation of your real name.
  • Watch what you post. Before tagging your friends or location on Instagram and posting your location on Facebook, think about what this private information reveals about you publicly and how it could be used by a third-party.
  • Use strong passwords. In the chance your data does become exposed, or your device is stolen, a strong, unique password can help prevent your accounts from being hacked.
  • Leverage two-factor authentication. Remember to always implement two-factor authentication to add an extra layer of security to your device. This will help strengthen your online accounts with a unique, one-time code required to log in and access your data.
  • Use the cloud with caution. If you plan to store your data in the cloud, be sure to set up an additional layer of access security (one way of doing this is through two-factor authentication) so that no one can access the wealth of information your cloud holds. If your smartphone is lost or stolen, you can access your password protected cloud account to lock third-parties out of your device, and more importantly your personal data.

Interested in learning more about IoT and mobile security trends and information? Follow @McAfee_Home on Twitter, and ‘Like” us on Facebook.

The post Roses Are Red, Violets Are Blue – What Does Your Personal Data Say About You? appeared first on McAfee Blogs.

AI, cloud and security — top priorities for enterprise legal departments

A report released today indicates that legal professionals are at the forefront of piloting emerging technologies, such as AI and cloud, in the enterprise. Are you surprised? Legal departments are

The post AI, cloud and security — top priorities for enterprise legal departments appeared first on The Cyber Security Place.

ThreatList: Latest DDoS Trends by the Numbers

Trends in DDoS attacks show a evolution beyond Mirai code and point to next-gen botnets that are better hidden and have a greater level of persistence on devices – making them "far more dangerous."

Moving to the Hybrid Cloud? Make Sure It’s Secure by Design

Many organizations have such a positive first experience with cloud computing that they quickly want to move to a hybrid cloud environment with data and workloads shared between private and public clouds. The flexibility and control that a hybrid cloud provides is why it is expected to be the dominant cloud computing model for the foreseeable future.

However, companies often don’t think about security issues until after they are well along in the process of building a hybrid cloud. This can lead to nasty surprises when they realize this environment introduces some unique security considerations that don’t exist in traditional infrastructure. That’s why a hybrid cloud needs to be secure by design.

Cloud Security Is a Shared Responsibility

Public cloud providers offer enterprise-class security, but that doesn’t absolve customers from responsibility for protecting data, enforcing access controls and educating users. Private cloud security is complicated because private clouds can take many forms. They may be hosted entirely on-site, entirely in the public cloud or some combination. Private cloud infrastructure can also be dedicated to a single tenant or shared across multiple zones with isolation providing dedicated resources. Each environment has different security demands.

The scale and dynamism of cloud computing complicates visibility and control. Many customers incorrectly believe that cloud providers take care of security. In fact, security is a shared responsibility. In my experience, most cloud security failures occur because customers don’t live up to their part of the bargain.

No single cloud security mechanism does the entire job. There is also little consensus about what the ideal cloud security environment should look like. As a result, most product offerings in this market are still evolving. Secure by design starts with assessing risk and building a framework for technology.

A New Way of Computing

Moving to the cloud doesn’t mean relinquishing total control, but it does require embracing a new security mindset based on identity, data and workloads rather than underlying platforms. Security professionals who can reorient themselves around business enablement rather than device protection are particularly well-suited to securing public clouds.

Cloud computing is highly distributed and dynamic, with workloads constantly spinning up and down. Visibility is essential for security. According to Gartner, cloud security should address three core topics that have not traditionally been an IT discipline: multitenancy risk, virtualization security and software-as-a-service (SaaS) control.

Multitenancy risk is inherent to cloud architectures because multiple virtual machines (VMs) share the same physical space. Major public cloud providers go to great lengths to mitigate the possibility that one tenant could access data in another VM, but on-premises infrastructure is susceptible if the servers are not configured properly. Changes made to one hybrid cloud environment may also inadvertently affect another.

Virtualization security refers to the unique risks of virtualized environments. While hypervisors and VMs are in many ways more secure than bare-metal environments because the operating system is isolated from the hardware, the use of shared resources like storage and networking also introduces potential vulnerabilities that don’t exist on dedicated servers.

SaaS environments require greater attention to authentication and access control because the user doesn’t own the network. Governance standards need to be put in place to ensure that users take appropriate precautions with data and that all necessary regulatory and compliance guidelines are met.

Without these new competencies, organizations will struggle to gain visibility into their hybrid cloud environments, making it almost impossible to determine which computing and storage tasks are taking place where, using which data and under whose direction. In that situation, provisioning and enforcement of policy can quickly become impractical. But if organizations practice secure-by-design principles using new cloud-native tools, they can get a single-pane-of-glass view into activity that enables policy enforcement.

Three Keys to Secure Hybrid Cloud Deployments

Three areas merit special attention: encryption, endpoint security and access control.

Encryption is the best form of data protection. Data moving to and from the public cloud should be encrypted at all stages, and sensitive data should never be left unencrypted. All cloud providers support encryption, but not necessarily by default. Customers need to choose the type of encryption that is most appropriate and secure encryption keys.

When public cloud services are accessed over the public internet, special attention needs to be paid to endpoint security to prevent the risk of creating access points for attackers or becoming targets of malware. For example, an attacker who compromises a PC and logs on as an administrator for the company’s public cloud effectively has the keys to the kingdom. Hardware firewalls aren’t protection enough.

Secure web gateways (SWGs) utilize URL filtering, advanced threat defense (ATD) and malware detection to protect organizations and enforce internet policy compliance. SWGs are delivered as both physical and virtual on-premises appliances, cloud-based services or hybrid cloud/on-premises solutions. They provide an additional layer of protection against destructive attacks such as ransomware and enable safer and more efficient adoption of cloud-based services.

Finally, cloud-specific access control is a necessity if employees, contractors and vendors are to use both public and private clouds. Single sign-on (SSO) and federated access controls can minimize inconvenience while maintaining control and security monitoring.

Identity and access management-as-a-service (IDaaS) works in both multitenant and dedicated environments. It provides identity governance and administration, access management, and analytics functions that span the organization’s entire cloud environment. IDaaS can also be integrated with existing access management software to manage access to legacy applications.

The Cloud Security Alliance has an extensive library of resources that cover practices for hybrid cloud security. Organizations should familiarize themselves with these guidelines before beginning the migration process. Building security into hybrid infrastructure from the beginning minimizes the pain and delay of backfilling later.

The post Moving to the Hybrid Cloud? Make Sure It’s Secure by Design appeared first on Security Intelligence.

Avast And Barracuda Networks Enter Into Master Reseller Relationship.

Avast (LSE:AVST), a global leader in cybersecurity products, and Barracuda Networks, Inc., a leading provider of cloud-enabled security solutions, today announce an agreement under which Barracuda will become a master reseller of Avast Business CloudCare, Avast Management Console and Avast Antivirus Security solutions.

“Small to mid-size businesses are currently underserved by the market as security systems tend to be targeted to the needs of larger enterprises. Through Avast’s 30 years of cybersecurity expertise, we have the opportunity to deliver layered security systems that are built for SMBs and our partners serving the SMB community,” said Kevin Chapman, General Manager of Avast Business.

In addition, Barracuda will acquire the Managed Workplace business (a Remote Monitoring and Management Solution – RMM) from Avast to continue developing the platform and offer its MSP partners a security-centric RMM solution. Partners using Managed Workplace and transitioning to Barracuda will benefit from this dedicated expertise and extended support capabilities, while Avast will extend its endpoint security reach into the Barracuda MSP base.

Chapman continued, “We believe the best way for Avast to serve this market is to focus 100 percent on our core mission of protecting SMBs against advanced threats and the potential losses of data, revenue and reputation caused by cyberattacks, damages from which have been predicted to reach $6 trillion annually by 2021. The master reseller relationship with Barracuda supports our security focus and is the beginning of an important long-term partnership between our two organizations.”

“We are committed to the MSP marketplace, and acquiring Managed Workplace allows us to offer MSP partners a security-centric RMM solution that incorporates security requirements into a service provider’s daily routine. It complements the security solutions we have introduced via our MSP model, such as email protection, cloud-generation firewalls, and security awareness training,” said Brian Babineau, SVP and General Manager, Barracuda MSP.

Avast Business’s range of enterprise-grade security products are built on the world’s largest threat detection network powered by over 400 million devices worldwide that blocks over 50 million threats daily. Avast Business’ security portfolio is designed to make it simple and affordable to secure, manage, and monitor complex IT networks, serving over 700,000 businesses around the world:

Avast CloudCare: is a SaaS security platform that delivers layered endpoint and network security services to multiple devices and sites.

Avast Business Solutions: from simple to advanced protection, Avast’s endpoint security services keep any device in a network safe. Available standalone or managed, on-premise and cloud.

In 2018, Frost & Sullivan selected Avast Business as recipient of its Global Endpoint Management Growth Excellence Leadership Award.

About Avast:

Avast (LSE:AVST) is the global leader in digital security products. With over 400 million users online, Avast offers products under the Avast and AVG brands that protect people from threats on the internet and the evolving IoT threat landscape. The company’s threat detection network is among the most advanced in the world, using machine learning and artificial intelligence technologies to detect and stop threats in real time. Avast digital security products for Mobile, PC or Mac are top-ranked and certified by VB100, AV-Comparatives, AV-Test, OPSWAT, ICSA Labs, West Coast Labs and others. Visit: www.avast.com

About Barracuda Networks

At Barracuda we strive to make the world a safer place. We believe every business deserves access to cloud-enabled, enterprise-grade security solutions that are easy to buy, deploy, and use. We protect email, networks, data and applications with innovative solutions that grow and adapt with our customers’ journey. More than 150,000 organizations worldwide trust Barracuda to protect them — in ways they may not even know they are at risk — so they can focus on taking their business to the next level. For more information, visit barracuda.com.

The post Avast And Barracuda Networks Enter Into Master Reseller Relationship. appeared first on IT Security Guru.

Royal Air Force Selects SecureCloud+ For Team Tempest Network Collaboration Services.

Reading & Farnborough 4 February 2019. SecureCloud+, a trusted provider of next-generation secure information systems to government and defence, has been contracted by the Royal Air Force to deliver network collaboration services for Team Tempest.

Team Tempest is a global network of international partners formed by the Royal Air Force Rapid Capability Office (RCO) along with BAE Systems, Rolls Royce, MBDA and Leonardo. SecureCloud+ is the only SME to be part of the team, which is collaborating to meet a vision outlined in the UK Government’s defence modernisation plans. Team Tempest has signed a contract to develop a Next Generation Combat Air System capable of operating in the 2040+ environment.

Peter Williamson, founder and CEO of SecureCloud+, said: “We have a proven track record of delivering defence contacts on time and on budget using modern technologies to promote better communications. Our innovation and agility are critical components to rapidly build and develop greater collaboration.

“We are pleased to support Team Tempest and the vision for the Future Combat Air System Technology Initiative. This contract reinforces our commitment to innovation. And it is not just about secure collaboration – it is also about managing digital assets across industries to remove barriers to sharing and building trusted teamwork.”

Air Commodore Linc Taylor: “This is a critical programme that will deliver huge value for UK military defence capabilities. We have a long history of delivering world-class combat systems through collaboration with our best industries; this capability offers us the ability to fundamentally change the way we work and share information within and across our teams.”

The post Royal Air Force Selects SecureCloud+ For Team Tempest Network Collaboration Services. appeared first on IT Security Guru.

Microsoft rolls out new tools for enterprise security and compliance teams

Microsoft has announced a number of new capabilities and improvements for tools used by enterprise administrators. New Microsoft 365 security and compliance centers The new Microsoft 365 security center allows security administrators and other risk management professionals to manage and take full advantage of Microsoft 365 intelligent security solutions for identity and access management, threat protection, information protection, and security management. The new Microsoft 365 compliance center allows compliance, privacy, and risk management professionals to … More

The post Microsoft rolls out new tools for enterprise security and compliance teams appeared first on Help Net Security.

Break Through Cybersecurity Complexity With New Rules, Not More Tools

Let’s be frank: Chief information security officers (CISOs) and security professionals all know cybersecurity complexity is a major challenge in today’s threat landscape. Other folks in the security industry know this too — although some don’t want to admit it. The problem is that amid increasing danger and a growing skills shortage, security teams are overwhelmed by alerts and the growing number of complex tools they have to manage. We need to change that, but how? By completely rethinking our assumptions.

The basic assumption of security up until now is that new threats require new tools. After 12 years at IBM Security, leading marketing teams and making continuous contact with our clients — and, most recently, as VP of product marketing — I’ve seen a lot of promising new technology. But in our rapidly diversifying industry, there are more specialized products to face every kind of threat in an expanding universe of attack vectors. Complexity is a hidden cost of all these marvelous products.

It’s not just security products that contribute to the cybersecurity complexity conundrum; digitization, mobility, cloud and the internet of things (IoT) all contribute to the complexity of IT environments, making security an uphill battle for underresourced security teams. According to Forrester’s “Global Business Technographics Security Survey 2018,” 31 percent of business and IT decision-makers ranked the complexity of the IT environment among the biggest security challenges they face, tied with the changing nature of threats as the most-cited challenge.

I’ll give you one more mind-boggling statistic to demonstrate why complexity is the enemy of security: According to IBM estimates, enterprises use as many as 80 different security products from 40 vendors. Imagine trying to build a clear picture with pieces from 80 separate puzzles. That’s what CISOs and security operations teams are being asked to do.

7 Rules to Help CISOs Reduce Cybersecurity Complexity

The sum of the parts is not greater than the whole. So, we need to escape the best-of-breed trap to handle the problem of complexity. Cybersecurity doesn’t need more tools; it needs new rules.

Complexity requires us as security professionals and industry partners to turn the old ways of thinking inside out and bring in fresh perspectives.

Below are seven rules to help us think in new ways about the complex, evolving challenges that CISOs, security teams and their organizations face today.

1. Open Equals Closed

You can’t prevent security threats by piling on more tools that don’t talk to each other and create more noise for overwhelmed analysts. Security products need to work in concert, and that requires integration and collaboration. An open, connected, cloud-based security platform that brings security products together closes the gaps that point products leave in your defenses.

2. See More When You See Less

Security operations centers (SOCs) see thousands of security events every day — a 2018 survey of 179 IT professionals found that 55 percent of respondents handle more than 10,000 alerts per day, and 27 percent handle more than 1 million events per day. SOC analysts can’t handle that volume.

According to the same survey, one-third of IT professionals simply ignore certain categories of alerts or turn them off altogether. A smarter approach to the overwhelming volume of alerts leverages analytics and artificial intelligence (AI) so SOC analysts can focus on the most crucial threats first, rather than chase every security event they see.

3. An Hour Takes a Minute

When you find a security incident that requires deeper investigation, time is of the essence. Analysts can’t afford to get bogged down in searching for information in a sea of threats.

Human intelligence augmented by AI — what IBM calls cognitive security — allows SOC analysts to respond to threats up to 60 times faster. An advanced AI can understand, reason and learn from structured and unstructured data, such as news articles, blogs and research papers, in seconds. By automating mundane tasks, analysts are freed to make critical decisions for faster response and mitigation.

4. A Skills Shortage Is an Abundance

It’s no secret that greater demand for cybersecurity professionals and an inadequate pipeline of traditionally trained candidates has led to a growing skills gap. Meanwhile, cybercriminals have grown increasingly collaborative, but those who work to defend against them remain largely siloed. Collaboration platforms for security teams and shared threat intelligence between vendors are force multipliers for your team.

5. Getting Hacked Is an Advantage

If you’re not seeking out and patching vulnerabilities in your network and applications, you’re making an assumption that what you don’t know can’t hurt you. Ethical hacking and penetration testing turns hacking into an advantage, helping you find your vulnerabilities before adversaries do.

6. Compliance Is Liberating

More and more consumers say they will refuse to buy products from companies that they don’t trust to protect their data, no matter how great the products are. By creating a culture of proactive data compliance, you can exchange the checkbox mentality for continuous compliance, turning security into a competitive advantage.

7. Rigidity Is Breakthrough

The success of your business depends not only on customer loyalty, but also employee productivity. Balance security with productivity by practicing strong security hygiene. Run rigid but silent security processes in the background to stay out of the way of productivity.

What’s the bottom line here? Times are changing, and the current trend toward complexity will slow the business down, cost too much and fail to reduce cyber risk. It’s time to break through cybersecurity complexity and write new rules for a new era.

Discover Outcome-driven security solutions for the enterprise

The post Break Through Cybersecurity Complexity With New Rules, Not More Tools appeared first on Security Intelligence.

Vulnerable cloud infrastructure experiencing increasing attacks

Attackers are increasingly targeting vulnerable cloud infrastructure to exploit it for covert cryptojacking or to deliver ransomware, Securonix researchers warn. Some attacks are fairly trivial, but others are multi-vector/multi-platform threats where multiple functionalities are combined as part of the same malicious threat (e.g., XBash, which combines cryptomining, ransomware and botnet/worm activity). The way in The attacks are automated and probe the infrastructure and cloud services for vulnerabilities and/or weak or default login credentials. Among the … More

The post Vulnerable cloud infrastructure experiencing increasing attacks appeared first on Help Net Security.

AWS Provides Secure Access to Internal Assets With Amazon WorkLink

Amazon Web Services (AWS) on Wednesday announced the launch of Amazon WorkLink, a service that enables organizations to provide employees easy and secure access to internal websites and applications from their mobile devices without the need for a VPN or custom browser.

read more

CrowdStrike Recognized As The Highest-Ranking Vendor In The January 2019 Gartner Peer Insights Customers’ Choice For Endpoint Detection And Response Solutions.

CrowdStrike® Inc., the leader in cloud-delivered endpoint protection, today announced that as of January 21, 2019, it has an overall rating of 4.8 out of 5 stars – the highest overall score of all vendors named to the January 2019 Gartner Peer Insights Customers’ Choice for Endpoint Detection and Response Solutions. This distinction is based on 78 verified customer reviews.

Also, as of January 21, 2019, CrowdStrike has the highest overall rating of the vendors named to the November 2018 Gartner Peer Insights Customers’ Choice for Endpoint Protection Platforms, with a 4.8 rating out of 5 based on 256 verified customer reviews.

The Gartner Peer Insights Customers’ Choice Distinction is based on feedback and ratings from end-user professionals who have experienced purchasing, implementing and/or using the CrowdStrike Falcon® platform. Vendors recognized as a Customer’s Choice must have 50 or more approved ratings and an average overall rating of 4.2 stars or greater.

CrowdStrike customers praise CrowdStrike Falcon’s high return on investment (RoI), its ease of deployment through a single lightweight agent, its cloud-native architecture with innovative features, and round-the-clock customer support.

CrowdStrike customers had the following to say regarding CrowdStrike Falcon:

“Cutting edge world class product/company. They truly are a cutting edge world class product/company to deal with. From every stage of the product deployment CrowdStrike has exceeded our expectations. The ease of deployment/the ability to scale instantly is just amazing, when it comes to a simple cloud based solution CS EDR is leading the pack”

— Security Engineer in the Manufacturing Industry

“One of the best products I have encountered. User interface is superbly intuitive. Deployment was a breeze. Highly recommended”

— Head – IT Infrastructure in the Energy and Utilities Industry

“I sleep well at night knowing that Falcon is on guard. Support from CrowdStrike is incredibly responsive from the beginning of the sales cycle through implementation and daily use.”

— IT Director in the Transportation Industry

“Best on the market!! I’ve had the liberty of testing multiple EDR solution before we purchased CrowdStrike’s EDR and I believe we got the best product on the market with great visibility and functionality.”

— Network Security Administrator in the Healthcare Industry

“Cutting edge world class product/company. They truly are a cutting edge world class product/company to deal with. From every stage of the product deployment CrowdStrike has exceeded our expectations. The ease of deployment/the ability to scale instantly is just amazing, when it comes to a simple cloud based solution CS EDR is leading the pack”

— Security Engineer in the Manufacturing Industry

“Deployment, features, and support: Falcon has it all. It’s very easy to deploy and maintain. The investigate tools are easy to navigate and contain an overwhelming amount of data from installed endpoints. Best of all, the footprint on each sensor is impossibly small compared to any other AV product evaluated.”

— Network Security Analyst in the Miscellaneous Industry

The CrowdStrike Falcon platform remains the only next-generation endpoint protection solution that unifies next-generation antivirus (NGAV), IT hygiene, endpoint detection and response (EDR), threat intelligence, and managed hunting. No other solution is able to prevent never-before-seen threats with accuracy such as CrowdStrike Falcon. CrowdStrike continues to set the new standard in the unified platform approach to cybersecurity.

“At CrowdStrike, we believe in always putting the customer first. We also believe this validation, compiled from direct feedback of a representative group of customers, demonstrates the power of the CrowdStrike Falcon platform, the innovation of our technology and cloud architecture, and the dedication of our 24/7 support team,” said Dmitri Alperovitch, chief technology officer and co-founder of CrowdStrike. “A comprehensive, integrated solution like CrowdStrike Falcon is necessary to stop and remediate today’s threats and thwart the ones of tomorrow. We are thrilled to see customers continue to score our solutions at the highest level in the industry as we evolve our platform to best meet their needs.”

The post CrowdStrike Recognized As The Highest-Ranking Vendor In The January 2019 Gartner Peer Insights Customers’ Choice For Endpoint Detection And Response Solutions. appeared first on IT Security Guru.

Agents of disruption: Four testing topics argue the case for agentless security

Let me introduce myself. I’m a set of flaws in your otherwise perfect, agent-based security world. Like all disruptive agents, I derail your best-laid plans with expensive havoc; but in my case I create sticky situations inside your multi-cloud arrangement. You may be thinking that the premise of this article is bogus, because most cloud-based security systems automate the deployment and management of agents; and any one of those and their kid can microsegment and … More

The post Agents of disruption: Four testing topics argue the case for agentless security appeared first on Help Net Security.

Beware the man in the cloud: How to protect against a new breed of cyberattack

One malicious tactic that has become quite prevalent in recent years is known as a ‘man in the cloud’ (MitC) attack. This attack aims to access victims’ accounts without the need to obtain compromised user credentials beforehand. Below, this article explains the anatomy of MitC attacks and offers practical advice about what can be done to defend against them. What is MitC attack? To gain access to cloud accounts, MitC attacks take advantage of the … More

The post Beware the man in the cloud: How to protect against a new breed of cyberattack appeared first on Help Net Security.

Succeed in Your Cloud Migration With a Secure Hybrid Cloud Strategy

Picture this: An object storage misconfiguration has left thousands of customer records fully exposed. Your company is about to face costly compliance consequences and a loss of customer trust. How should you respond? More importantly, how could a secure hybrid cloud strategy have helped prevent such an incident from happening in the first place?

As IT teams face significant pressure to develop a successful cloud migration strategy, organizations are treating security as an afterthought in their rush to quickly move to the cloud. Today, 81 percent of organizations have a multicloud strategy, according to RightScale. Migration without cloud security services for visibility and governance can significantly increase the complexity, costs and risks of adoption.

In This Article

When Unsecure Cloud Migration Becomes Disastrous

Too often, security is forgotten in the excitement to capture the hybrid cloud’s remarkable potential. Perceptions that secure processes can slow digital transformation may lead to security being treated as an afterthought. While effectively managed cloud adoption can improve data security and disaster recovery, many organizations are wary of public cloud providers’ shared responsibility models with third-party security providers, which can increase the complexity for users and complicate processes for access and governing compliance compared to on-premises deployments. A Cybersecurity Insiders survey found that 43 percent of cloud adopters lack of visibility into infrastructure security, 38 percent report compliance troubles and 35 percent struggle to consistently enforce security policies.

Learn more about how to secure your hybrid cloud

Misconfigured cloud servers and other improperly configured systems were solely responsible for the exposure of 2 billion data records tracked by IBM X-Force researchers last year. In addition, inadvertent insider error has contributed to an over 400-percent year-over-year growth in cloud security risks, due in large part to misunderstandings about shared responsibility models to protect data in the cloud. Ultimately, if a data breach or disruption occurs, the organization is liable for the loss of customer trust, regulatory fines and other expensive consequences.

By rushing cloud adoption, business are more likely to generate risks than gain a competitive advantage. In fact, 74 percent of organizations reported that they likely experienced a data breach in the past year due to a lack of secure cloud migration processes. Secure cloud design, a full understanding of responsibility models and solutions for proactive risk management are critical to realizing cloud benefits.

How to Adopt Hybrid Cloud With Confidence

The organization’s ability to develop a successful cloud migration strategy depends, in part, on the IT team’s ability to effectively manage competing priorities of speed, cost efficiency and security. Across industries, hybrid cloud adoption is a necessary tool to balance expanding workloads and data assets. As cloud threats increase, managing hybrid cloud infrastructures requires the enterprise to develop new processes and adopt new solutions for visibility and control.

Strive for True Hybrid Cloud Visibility

Hybrid cloud environments can host a wide array of resources and application programming interfaces (APIs), which can make it challenging to orchestrate effective security controls.

The need for visibility necessitates management solutions designed to capture a diverse view of storage, networking and provisioning activities across public and private cloud environments. Cloud security services should offer visibility and analytics to proactively manage compliance, identify threats and accelerate remediation activities.

Proactively Manage the Cloud Life Cycle

Effective data governance in a hybrid cloud infrastructure requires comprehensive security policies that are proactively and consistently implemented across apps, services, databases, users and endpoints. Cloud security tools should support the organization’s transition to a DevSecOps model where security works alongside DevOps so that proper security controls are built into the design process from the beginning. In turn, this simplifies the process of access management, authentication and authorization in native and migrated cloud apps. To manage threats and compliance risks, organizations need solutions that automate policy enforcement and strengthen compliance posture in a hybrid cloud environment post-deployment.

Why the Enterprise Is Responsible for Protecting Customer Trust in the Hybrid Cloud

The revolution toward a digital economy is underway, and organizations recognize the potential of the hybrid cloud to introduce agility and scale. As IT teams face pressure to deploy a hybrid cloud infrastructure that supports digital transformation activities, many are rushing to the cloud without a comprehensive approach to protecting critical data by design and default.

To fully realize the potential benefits of the secure hybrid cloud, organizations must recognize and understand that the responsibility for protecting customer data and a secure move to the cloud continues to rest with their organization and IT teams. Implementing secure processes during migration and adoption can reduce the costs and risks that result from treating security as an afterthought. Cloud security services for visibility and orchestration are a necessity to proactively manage policy, compliance and access across cloud apps and services.

Learn more about how to secure your hybrid cloud

The post Succeed in Your Cloud Migration With a Secure Hybrid Cloud Strategy appeared first on Security Intelligence.

Mining malware evades agent-based cloud security solutions

Cloud infrastructures are a growing target for threat actors looking to mine cryptocurrency, as their vast computational power allows them to multiply the mining malware’s effect. Keeping its presence from being noticed

The post Mining malware evades agent-based cloud security solutions appeared first on The Cyber Security Place.

2018 Proved Highest Funding Year for Cybersecurity

Despite a 28% decrease in cybersecurity startups during 2017, global venture capital funding for cybersecurity rebounded with record high investments, according to Strategic Cyber Ventures. Though last year saw $5.3 billion

The post 2018 Proved Highest Funding Year for Cybersecurity appeared first on The Cyber Security Place.

Board Directors Can’t Afford to Ignore Cybersecurity Risk

As organizations rush to adopt new digital channels, big data, advanced analytics, and emerging technologies such as blockchain, artificial intelligence (AI) and quantum computing, they face new risks that may be difficult to quantify today.

The obvious challenge with emerging risk is the lack of historical perspective and measurement. Position credit risk against cyber, for example, and you’ll realize that credit professionals have the benefit of leveraging time-tested practices and numerous economic cycles as a basis for understanding risk quantification in familiar metrics. Credits that score a 6.2 (expected frequency of default) will, on average, lose a greater percentage of principle balance as compared to credits scoring 3.2, and this is a known quantity.

Now consider cyber risk in light of the imperative to embrace new technologies to remain competitive and the gradual emergence of risk mitigation strategies to match new technologies. Put simply, the unmanaged cybersecurity risk of tomorrow is the unintended consequence of today’s revolution.

Weighing the Benefits of Technology Against Cybersecurity Risk

New technology enables value creation, generates process efficiencies, and allows companies to assimilate and analyze information at an unprecedented speed. This creates numerous opportunities to drive substantive improvement for the public good. For instance, AI tools enable health care professionals to quickly and accurately assist doctors in their diagnosis and treatment of serious illnesses. Similarly, AI applications in the financial industry help mitigate bank fraud and other financial crimes and combat cyber risk.

However, cybercriminals have access to this same technology, which they use to launch attacks and breach corporate networks to steal or damage information. This, combined with the mass digitization of data, growth of internet of things (IoT) deployments and widespread adoption of AI, is straining security resources like nothing we’ve ever seen. Juniper Research forecast the number of records stolen by cybercriminals to reach 5 billion in 2020, and Cybersecurity Ventures predicted that cybercrime will cost the world $6 trillion annually by 2021, up from $3 trillion in 2015.

Continuous improvement has never been more crucial to cybersecurity risk management. The worst thing you can do is remain static or get comfortable with the status quo. The failure to reassess and invest in your strategy, evolve your practices, educate leaders and employees, and advance risk technology in lockstep with new business applications puts companies and even national economies at risk.

Cybercrime has evolved into a well-organized, well-funded industry that focuses all its attention on penetrating enterprise networks to disrupt, steal, extort and exploit sensitive data. That said, many of the incidents that have made the news have nothing to do with threat actors; instead, they are the result of human error or malicious insiders, which presents a unique type of risk management challenge.

Either way, a reactive and siloed approach to cyber risk management limits effectiveness. The increasing volume and spectrum of threats necessitates detection, management and mitigation strategies that are proactive, adaptable and offensive in nature. Most importantly, these strategies must engage all elements of senior leadership.

Part of the problem is that technology has advanced faster than risk mitigation practices and investments. In many instances, cyber risk management is compartmentalized with technology functions, not widely understood by senior leadership or overtly linked to business strategy. Confronting this new risk means that every member of the senior leadership team, board of directors and company staff must make an investment in understanding and managing cyber risk.

Do You Understand the Risks Facing Your Business?

The more aggressive a firm’s digital and data-driven business strategies are, the greater the need to ensure that cyber risk is understood at the senior executive and board levels. This is the only way to facilitate a healthy and informed dialogue about business strategies and technology deployments with the appropriate risk appetite, safety considerations and governance. Of course, this task becomes more complicated as more technologies are adopted and integrated into the IT environment.

The widespread adoption of big data and advanced analytics will make it increasingly difficult for companies to manage or govern the volume of data they are trying to utilize. This is already a problem for some regulated financial market data providers; datasets and the products derived from them have outrun firms’ ability to map, manage and quality-control the data.

Cloud is another notable example. Many firms are rushing to move workloads to a hybrid cloud environment, which introduces new risks in multiple forms and raises myriad questions, including:

  • Where is the data?
  • What controls will be provided by each cloud service provider (CSP) and what must be provided by the firm?
  • How can the firm risk-assess and performance-manage each CSP?
  • How can the firm implement an effective risk dashboard across data types and providers, both on and off premises?
  • How can the firm demonstrate regulatory compliance effectively amid rapid change in the industry?

In addition, digital channels, bots and robo-advisors are being used at an accelerating pace. Like other emerging technologies, these expose consumers to new risks, and providers face scrutiny for poor outcomes. Understandably, consumers are not ready for these risks, and they simply do not know how to protect themselves in a world of connected devices, smart appliances and mobile banking. In response to this demand for open banking, and to stimulate competition in payments, the European Union (EU) issued a new Payment Service Directive (PSD2), which requires all financial institutions to share their customer and payment data in a standardized format. This open banking era introduces new obstacles to effective implementation and meeting both regulators’ and customers’ expectations of availability and ease of use.

Finally, the IoT brings countless new endpoints — and countless new microvulnerabilities — to the enterprise. It also exponentially multiplies the volume of data to be handled, complicates operating models, and makes it hard to map concerning data and risks. Consider technologies such as smart homes, connected cars and power grids; attacks on these systems could have physical, even life-threatening consequences that go far beyond the cost of noncompliance and disruption.

The New Regulatory Landscape Demands More of Leadership

The level of regulatory scrutiny and public awareness of cyber risk is rising and, along with it, expectations that companies will appropriately address these risks. Consider the General Data Protection Regulation (GDPR), which gives consumers more control over their personal data, mandates that vendors build data protection safeguards into products and services, and places strict requirements on companies that manage EU citizens’ personal data. Failure to comply could carry fines up to 20 million euros or 4 percent of total worldwide turnover.

Another example is the New York State Department of Financial Services (NYDFS) regulation 23 NYCRR Part 500, which holds the board responsible for overseeing and certifying compliance with appropriate security standards. As mentioned above, PSD2 addressed payment systems and their security requirements for registration under a new set of conditions and other criteria enacted by member states on Jan. 13, 2018. Finally, the California Legislature recently approved the California Consumer Privacy Act (CCPA), which will take effect in 2020. This new legislation, the strictest in the U.S., gives consumers rights related to how their data is managed and sold and imposes obligations on the holders of this data.

As you can see, cybersecurity risk is a real business risk and must be managed holistically as enterprise risk rather than delegated to technical functions. Chief information security officers (CISOs), risk and compliance officers, technology managers and line-of-business leaders must own risk collectively, and it must be built into and considered a crucial component of the business strategy.

To accomplish this, top management and the board must engage in regular dialogue around cyber risks and business strategy and recognize them as inextricably linked. Investment in one necessitates investment in the other. This approach enables business and security leaders to replace defensive strategies with offensive capabilities and maintain an open, honest and direct dialogue about risk. Most importantly, it helps these leaders coordinate and prepare to play their roles when a security incident strikes.

The post Board Directors Can’t Afford to Ignore Cybersecurity Risk appeared first on Security Intelligence.

The Shifting Risk Profile in Serverless Architecture

Technology is as diverse and advanced as ever, but as tech evolves, so must the way we secure it from potential threats. Serverless architecture, i.e. AWS Lambda, is no exception. As the rapid adoption of this technology has naturally grown, the way we approach securing it has to shift. To dive into that shift, let’s explore the past and present of serverless architecture’s risk profile and the resulting implications for security.

Past

For the first generation of cloud applications, we implemented “traditional” approaches to security. Often, this meant taking the familiar “Model-View-Controller” view to initially segment the application, and sometimes we even had the foresight to apply business logic separation to further secure the application.

But our cloud security model was not truly “cloud-native.”  That’s because our application security mechanisms assumed that traffic functioned in a specific way, with specific resources. Plus, our ability to inspect and secure that model relied on an intimate knowledge of how the application worked, and the full control of security resources between its layers. In short, we assumed full control of how the application layers were segmented, thus replicating our data center security in the cloud, giving up some of the economics and scale of the cloud in the process.

Figure 2. Simplified cloud application architecture separated by individual functions.

Present

Now, when it comes to the latest generation of cloud applications, most leverage Platform-as-a-Service (PaaS) functions as an invaluable aid in the quest to reduce time-to-market. Essentially, this means getting back to the original value proposition for making the move to cloud in the first place.

And many leaders in the space are already making major headway when it comes to this reduction. Take Microsoft as an example, which cited a 67% reduction in time-to-market for their customer Quest Software by using Microsoft Azure services. Then there’s Oracle, which identified 50% reduction in time-to-market for their customer HEP Group using Oracle Cloud Platform services.

However, for applications built with Platform-as-a-Service, we have to think about risk differently. We must ask ourselves — how do we secure the application when many of the layers between the “blocks” of serverless functions are under cloud service provider (CSP) control and not your own?

Fortunately, there are a few things we can do. We can start by having the architecture of the application become a cornerstone of information security. From there, we must ask ourselves, do the elements relate to each other in a well understood, well-modeled way?  Have we considered how they can be induced to go wrong? Given that our instrumentation is our source of truth, we need to ensure that we’re always in the know when something does go wrong – which can be achieved through a combination of CSP and 3rd party tools.

Additionally, we need to look at how code is checked and deployed at scale and look for opportunities to complete side by side testing. Plus, we must always remember that DevOps, without answering basic security questions, can often unwittingly give away data in any release.

It can be hard to shoot a moving target. But if security strategy can keep pace with the shifting risk profile of serverless architecture, we can reap the benefits of cloud applications without worry. Then, serverless architecture will remain both seamless and secure.

The post The Shifting Risk Profile in Serverless Architecture appeared first on McAfee Blogs.

The Top 5 Vendor-Neutral Cloud Security Certifications of 2019

Many organizations migrate to the cloud because of increased efficiency, data space, scalability, speed and other benefits. But cloud computing comes with its own security threats. To address these challenges, companies should create a hybrid cloud environment, confirm that their cloud security solution offers 24/7 monitoring and multi-layered defenses as well as implement security measures […]… Read More

The post The Top 5 Vendor-Neutral Cloud Security Certifications of 2019 appeared first on The State of Security.

Cyber Security Conferences to Attend in 2019

A list of Cyber and Information Security conferences to consider attending in 2019. Conference are not only great places to learn about the evolving cyber threat landscape and proven security good practices, but to network with industry leading security professionals and likeminded enthusiasts, to share ideas, expand your own knowledge, and even to make good friends.

JANUARY 2019

SANS Cyber Threat Intelligence Summit
Monday 21st & Tuesday 22nd January 2019
Renaissance Arlington Capital View Hotel, VA, USA
https://www.sans.org/event/cyber-threat-intelligence-summit-2018


AppSec California 2019 (OWASP)
Tuesday 22nd & Wednesday 23rd January 2019
Annenberg Community Beach House, Santa Monica, USA
https://2019.appseccalifornia.org/


PCI London
Thursday 24th January 2019
Park Plaza Victoria Hotel, London, UK
https://akjassociates.com/event/pcilondon

The Future of Cyber Security Manchester
Thursday 24th January 2019
Bridgewater Hall, Manchester, UK
https://cybermanchester.events/

BSides Leeds
Friday 25th January 2019
Cloth Hall Court, Leeds, UK
FEBRUARY 2019
Cyber Security for Industrial Control Systems

Thursday 7th & Friday 8th February 2019
Savoy Place, London, UK
https://events.theiet.org/cyber-ics/index.cfm

NOORD InfoSec Dialogue UK
Tuesday 26th & Wednesday 27th February 2019
The Bull-Gerrards Cross, Buckinghamshire, UK

MARCH 2019
RSA Conference
Monday 4th to Friday 8th March 2019
At Moscone Center, San Francisco, USA
https://www.rsaconference.com/events/us19

17th Annual e-Crime & Cybersecurity Congress
Tuesday 5th & Wednesday 6th March 2019
Park Plaza Victoria

Security & Counter Terror Expo
Tuesday 5th & Wednesday 6th March 2019
Olympia, London, UK
https://www.counterterrorexpo.com/


ISF UK Spring Conference
Wednesday 6th & Thursday 7th March 2019
Regent Park, London, UK
https://www.securityforum.org/events/chapter-meetings/uk-spring-conference-london/


BSidesSF
Sunday 3rd and Monday 4th March 2019
City View at Metreon, San Francisco, USA
https://bsidessf.org/

Cloud and Cyber Security Expo
Tuesday 12th to Wednesday 13 March 2019
At ExCel, London, UK
https://www.cloudsecurityexpo.com/

APRIL 2019

(ISC)2 Secure Summit EMEA
Monday 15th & Tuesday 16th April 2019
World Forum, The Hague, Netherlands
https://web.cvent.com/event/df893e22-97be-4b33-8d9e-63dadf28e58c/summary

Cyber Security Manchester
Wednesday 3rd & Thursday 4th April 2019
Manchester Central, Manchester, UK
https://cybermanchester.events/

BSides Scotland 2019
Tuesday 23rd April 2019
Royal College of Physicians, Edinburgh, UK
https://www.contextis.com/en/events/bsides-scotland-2019


CyberUK 2019
Wednesday 24th & Thursday 25th April 2019
Scottish Event Campus, Glasgow, UK
https://www.ncsc.gov.uk/information/cyberuk-2019

Cyber Security & Cloud Expo Global 2019
Thursday 25th and Friday 29th April 2019
Olympia, London, UK
https://www.cybersecuritycloudexpo.com/global/


JUNE 2019
Infosecurity Europe 2019
Tuesday 4th to Thursday 6th June 2019
Where Olympia, London, UK
https://www.infosecurityeurope.com/

BSides London

Thursday 6th June 2019
ILEC Conference Centre, London, UK
https://www.securitybsides.org.uk/

Blockchain International Show
Thursday 6th and Friday 7th June 2019
ExCel Exhibition & Conference Centre, London, UK
https://bisshow.com/

Hack in Paris 2019
Sunday 16th to Friday 20th June 2019
Maison de la Chimie, Paris, France
https://hackinparis.com/

UK CISO Executive Summit
Wednesday 19th June 2019
Hilton Park Lane, London, UK
https://www.evanta.com/ciso/summits/uk#overview

Cyber Security & Cloud Expo Europe 2019
Thursday 19th and Friday 20th June 2019
RIA, Amsterdam, Netherlands
https://cybersecuritycloudexpo.com/europe/

Gartner Security and Risk Management Summit
Monday 17th to Thursday 20th June 2019
National Harbor, MD, USA
https://www.gartner.com/en/conferences/na/security-risk-management-us

European Maritime Cyber Risk Management Summit
Tuesday 25th June 2019
Norton Rose Fulbright, London, UK


AUGUST 2019
Black Hat USA
Saturday 3rd to Thursday 8th August 2019
Mandalay Bay, Las Vegas, NV, USA
https://www.blackhat.com/upcoming.html

DEF CON 27

Thursday 8th to Sunday 11th August 2019
Paris, Ballys & Planet Hollywood, Las Vegas, NV, USA
https://www.defcon.org/


SEPTEMBER 2019
44Con
Wednesday 11th to Friday 13th September 2019
ILEC Conference Centre, London, UK
https://44con.com/

2019 PCI SSC North America Community Meeting
Tuesday 17th to Thursday 19th September 2019
Vancouver, BC, Canada
https://www.pcisecuritystandards.org/about_us/events

OCTOBER 2019

Hacker Halted
Thursday 10th & Friday 11th October 2019
Atlanta, Georgia, USA
https://www.hackerhalted.com/

BruCON
Thursday 10th & Friday 11th October 2019
Aula, Gent, Belgium
https://www.brucon.org/2019/

EuroCACS/CSX (ISACA) 2019

Wednesday 16th to Friday 19th October 2019
Palexpo Convention Centre, Geneva, Switzerland
https://conferences.isaca.org/euro-cacs-csx-2019

6th Annual Industrial Control Cyber Security Europe Conference
Tuesday 29th and Wednesday 30th October 2019
Copthorne Tara, Kensington, London, UK
https://www.cybersenate.com/new-events/2018/11/13/6th-annual-industrial-control-cyber-security-europe-conference

2019 PCI SSC Europe Community Meeting

Tuesday 22nd to Thursday 24th October 2019
Dublin, Ireland
https://www.pcisecuritystandards.org/about_us/events

ISF 30th Annual World Congress
Saturday 26th to Tuesday 29th October 2019
Convention Centre Dublin, Dublin, Ireland



NOVEMBER 2019
Cyber Security & Could Expo North America 2019
Wednesday 13th and Thursday 14th November 2019
Santa Clara Convention Centre, Silicon Valley, USA
https://www.cybersecuritycloudexpo.com/northamerica/

DevSecCon London 
Thursday 14th & Friday 15th November 2019
CodeNode, London, UK


Cyber Security Summit 2019
Wednesday 20th November 2019
QEII Centre, London, UK
https://cybersecuritysummit.co.uk/

2019 PCI SSC Asia-Pacific Community Meeting 

Wednesday 20th and Thursday 21st November 2019
Melbourne, Australia
https://www.pcisecuritystandards.org/about_us/events

DeepSec
Thursday 20th to Saturday 30th November 2019
The Imperial Riding School Vienna, Austria
https://deepsec.net/

Post in the comments about any cyber & information security themed conferences or events you recommend.

McAfee Labs 2019 Threats Predictions Report

These predictions were written by Eoin Carroll, Taylor Dunton, John Fokker, German Lancioni, Lee Munson, Yukihiro Okutomi, Thomas Roccia, Raj Samani, Sekhar Sarukkai, Dan Sommer, and Carl Woodward.

As 2018 draws to a close, we should perhaps be grateful that the year has not been entirely dominated by ransomware, although the rise of the GandCrab and SamSam variants show that the threat remains active. Our predictions for 2019 move away from simply providing an assessment on the rise or fall of a particular threat, and instead focus on current rumblings we see in the cybercriminal underground that we expect to grow into trends and subsequently threats in the wild.

We have witnessed greater collaboration among cybercriminals exploiting the underground market, which has allowed them to develop efficiencies in their products. Cybercriminals have been partnering in this way for years; in 2019 this market economy will only expand. The game of cat and mouse the security industry plays with ransomware developers will escalate, and the industry will need to respond more quickly and effectively than ever before.

Social media has been a part of our lives for more than a decade. Recently, nation-states have infamously used social media platforms to spread misinformation. In 2019, we expect criminals to begin leveraging those tactics for their own gain. Equally, the continued growth of the Internet of Things in the home will inspire criminals to target those devices for monetary gain.

One thing is certain: Our dependency on technology has become ubiquitous. Consider the breaches of identity platforms, with reports of 50 million users being affected. It is no longer the case that a breach is limited to that platform. Everything is connected, and you are only as strong as your weakest link. In the future, we face the question of which of our weakest links will be compromised.

—Raj Samani, Chief Scientist and McAfee Fellow, Advanced Threat Research

Twitter @Raj_Samani

 

Predictions

Cybercriminal Underground to Consolidate, Create More Partnerships to Boost Threats

Artificial Intelligence the Future of Evasion Techniques

Synergistic Threats Will Multiply, Requiring Combined Responses

Misinformation, Extortion Attempts to Challenge Organizations’ Brands

Data Exfiltration Attacks to Target the Cloud

Voice-Controlled Digital Assistants the Next Vector in Attacking IoT Devices

Cybercriminals to Increase Attacks on Identity Platforms and Edge Devices Under Siege

Cybercriminal Underground to Consolidate, Create More Partnerships to Boost Threats

Hidden hacker forums and chat groups serve as a market for cybercriminals, who can buy malware, exploits, botnets, and other shady services. With these off-the-shelf products, criminals of varying experience and sophistication can easily launch attacks. In 2019, we predict the underground will consolidate, creating fewer but stronger malware-as-a-service families that will actively work together. These increasingly powerful brands will drive more sophisticated cryptocurrency mining, rapid exploitation of new vulnerabilities, and increases in mobile malware and stolen credit cards and credentials.

We expect more affiliates to join the biggest families, due to the ease of operation and strategic alliances with other essential top-level services, including exploit kits, crypter services, Bitcoin mixers, and counter-antimalware services. Two years ago, we saw many of the largest ransomware families, for example, employ affiliate structures. We still see numerous types of ransomware pop up, but only a few survive because most cannot attract enough business to compete with the strong brands, which offer higher infection rates as well as operational and financial security. At the moment the largest families actively advertise their goods; business is flourishing because they are strong brands (see GandCrab) allied with other top-level services, such as money laundering or making malware undetectable.

Underground businesses function successfully because they are part of a trust-based system. This may not be a case of “honor among thieves,” yet criminals appear to feel safe, trusting they cannot be touched in the inner circle of their forums. We have seen this trust in the past, for example, with the popular credit card shops in the first decade of the century, which were a leading source of cybercrime until major police action broke the trust model.

As endpoint detection grows stronger, the vulnerable remote desktop protocol (RDP) offers another path for cybercriminals. In 2019 we predict malware, specifically ransomware, will increasingly use RDP as an entry point for an infection. Currently, most underground shops advertise RDP access for purposes other than ransomware, typically using it as a stepping stone to gain access to Amazon accounts or as a proxy to steal credit cards. Targeted ransomware groups and ransomware-as-a-service (RaaS) models will take advantage of RDP, and we have seen highly successful under-the-radar schemes use this tactic. Attackers find a system with weak RDP, attack it with ransomware, and propagate through networks either living off the land or using worm functionality (EternalBlue). There is evidence that the author of GandCrab is already working on an RDP option.

We also expect malware related to cryptocurrency mining will become more sophisticated, selecting which currency to mine on a victim’s machine based on the processing hardware (WebCobra) and the value of a specific currency at a given time.

Next year, we predict the length of a vulnerability’s life, from detection to weaponization, will grow even shorter. We have noticed a trend of cybercriminals becoming more agile in their development process. They gather data on flaws from online forums and the Common Vulnerabilities and Exposures database to add to their malware. We predict that criminals will sometimes take a day or only hours to implement attacks against the latest weaknesses in software and hardware.

We expect to see an increase in underground discussions on mobile malware, mostly focused on Android, regarding botnets, banking fraud, ransomware, and bypassing two-factor authentication security. The value of exploiting the mobile platform is currently underestimated as phones offer a lot to cybercriminals given the amount of access they have to sensitive information such as bank accounts.

Credit card fraud and the demand for stolen credit card details will continue, with an increased focus on online skimming operations that target third-party payment platforms on large e-commerce sites. From these sites, criminals can silently steal thousands of fresh credit cards details at a time. Furthermore, social media is being used to recruit unwitting users, who might not know they are working for criminals when they reship goods or provide financial services.

We predict an increase in the market for stolen credentials—fueled by recent large data breaches and by bad password habits of users. The breaches lead, for example, to the sale of voter records and email-account hacking. These attacks occur daily.

Artificial Intelligence the Future of Evasion Techniques

To increase their chances of success, attackers have long employed evasion techniques to bypass security measures and avoid detection and analysis. Packers, crypters, and other tools are common components of attackers’ arsenals. In fact, an entire underground economy has emerged, offering products and dedicated services to aid criminal activities. We predict in 2019, due to the ease with which criminals can now outsource key components of their attacks, evasion techniques will become more agile due to the application of artificial intelligence. Think the counter-AV industry is pervasive now? This is just the beginning.

In 2018 we saw new process-injection techniques such as “process doppelgänging” with the SynAck ransomware, and PROPagate injection delivered by the RigExploit Kit. By adding technologies such as artificial intelligence, evasion techniques will be able to further circumvent protections.

Different evasions for different malware

In 2018, we observed the emergence of new threats such as cryptocurrency miners, which hijack the resources of infected machines. With each threat comes inventive evasion techniques:

  • Cryptocurrency mining: Miners implement a number of evasion techniques. Minerva Labs discovered WaterMiner, which simply stops its mining process when the victim runs the Task Manager or an antimalware scan.
  • Exploit kits: Popular evasion techniques include process injection or the manipulation of memory space and adding arbitrary code. In-memory injection is a popular infection vector for avoiding detection during delivery.
  • Botnets: Code obfuscation or anti-disassembling techniques are often used by large botnets that infect thousands of victims. In May 2018, AdvisorsBot was discovered using junk code, fake conditional instructions, XOR encryption, and even API hashing. Because bots tend to spread widely, the authors implemented many evasion techniques to slow reverse engineering. They also used obfuscation mechanisms for communications between the bots and control servers. Criminals use botnets for activities such as DDOS for hire, proxies, spam, or other malware delivery. Using evasion techniques is critical for criminals to avoid or delay botnet takedowns.
  • Advanced persistent threats: Stolen certificates bought on the cybercriminal underground are often used in targeted attacks to bypass antimalware detection. Attackers also use low-level malware such as rootkits or firmware-based threats. For example, in 2018 ESET discovered the first UEFI rootkit, LoJax. Security researchers have also seen destructive features used as anti-forensic techniques: The OlympicDestroyer malware targeted the Olympic Games organization and erased event logs and backups to avoid investigation.

Artificial intelligence the next weapon

In recent years, we have seen malware using evasion techniques to bypass machine learning engines. For example, in 2017 the Cerber ransomware dropped legitimate files on systems to trick the engine that classifies files. In 2018, PyLocky ransomware used InnoSetup to package the malware and avoid machine learning detection.

Clearly, bypassing artificial intelligence engines is already on the criminal to-do list; however, criminals can also implement artificial intelligence in their malicious software. We expect evasion techniques to begin leveraging artificial intelligence to automate target selection, or to check infected environments before deploying later stages and avoiding detection.

Such implementation is game changing in the threat landscape. We predict it will soon be found in the wild.

Synergistic Threats Will Multiply, Requiring Combined Responses

This year we have seen cyber threats adapt and pivot faster than ever. We have seen ransomware evolving to be more effective or operate as a smoke screen. We have seen cryptojacking soar, as it provides a better, and safer, return on investment than ransomware. We can still see phishing going strong and finding new vulnerabilities to exploit. We also noticed fileless and “living off the land” threats are more slippery and evasive than ever, and we have even seen the incubation of steganography malware in the Pyeongchang Olympics campaign. In 2019, we predict attackers will more frequently combine these tactics to create multifaced, or synergistic, threats.

What could be worse?

Attacks are usually centered on the use of one threat. Bad actors concentrate their efforts on iterating and evolving one threat at a time for effectiveness and evasion. When an attack is successful, it is classified as ransomware, cryptojacking, data exfiltration, etc., and defenses are put in place. At this point, the attack’s success rate is significantly reduced. However, if a sophisticated attack involves not one but five top-notch threats synergistically working together, the defense panorama could become very blurry. The challenge arises when an attempt is made to identify and mitigate the attack. Because the ultimate attack goals are unknown, one might get lost in the details of each threat as it plays a role in the chain.

One of the reasons synergic threats are becoming a reality is because bad actors are improving their skills by developing foundations, kits, and reusable threat components. As attackers organize their efforts into a black-market business model, they can focus on adding value to previous building blocks. This strategy allows them to orchestrate multiple threats instead of just one to reach their goals.

An example is worth a thousand words

Imagine an attack that starts with a phishing threat—not a typical campaign using Word documents, but a novel technique. This phishing email contains a video attachment. When you open the video, your video player does not play and prompts you to update the codec. Once you run the update, a steganographic polyglot file (a simple GIF) is deployed on your system. Because it is a polyglot (a file that conforms to more than one format at the same time), the GIF file schedules a task that fetches a fileless script hosted on a compromised system. That script running in memory evaluates your system and decides to run either ransomware or a cryptocurrency miner. That is a dangerous synergistic threat in action.

The attack raises many questions: What are you dealing with? Is it phishing 2.0? Is it stegware? Is it fileless and “living off the land”? Cryptojacking? Ransomware? It is everything at the same time.

This sophisticated but feasible example demonstrates that focusing on one threat may not be enough to detect or remediate an attack. When you aim to classify the attack into a single category, you might lose the big picture and thus be less effective mitigating it. Even if you stop the attack in the middle of the chain, discovering the initial and final stages is as important for protecting against future attempts.

Be curious, be creative, connect your defenses

Tackling sophisticated attacks based on synergic threats requires questioning every threat. What if this ransomware hit was part of something bigger? What if this phishing email pivots to a technique that employees are not trained for? What if we are missing the real goal of the attack?

Bearing these questions in mind will not only help capture the big picture, but also get the most of security solutions. We predict bad actors will add synergy to their attacks, but cyber defenses can also work synergistically.

Cybercriminals to Use Social Media Misinformation, Extortion Campaigns to Challenge Organizations’ Brands

The elections were influenced, fake news prevails, and our social media followers are all foreign government–controlled bots. At least that’s how the world feels sometimes. To say recent years have been troubled for social media companies would be an understatement. During this period a game of cat and mouse has ensued, as automated accounts are taken down, adversaries tactics evolve, and botnet accounts emerge looking more legitimate than ever before. In 2019, we predict an increase of misinformation and extortion campaigns via social media that will focus on brands and originate not from nation-state actors but from criminal groups.

Nation-states leverage bot battalions to deliver messages or manipulate opinion, and their effectiveness is striking. Bots often will take both sides of a story to spur debate, and this tactic works. By employing a system of amplifying nodes, as well as testing the messaging (including hashtags) to determine success rates, botnet operators demonstrate a real understanding of how to mold popular opinion on critical issues.

In one example, an account that was only two weeks old with 279 followers, most of which were other bots, began a harassment campaign against an organization. By amplification, the account generated an additional 1,500 followers in only four weeks by simply tweeting malicious content about their target.

Activities to manipulate public opinion have been well documented and bots well versed in manipulating conversations to drive agendas stand ready. Next year we expect that cybercriminals will repurpose these campaigns to extort companies by threatening to damage their brands. Organizations face a serious danger.

Data Exfiltration Attacks to Target the Cloud

In the past two years, enterprises have widely adopted the Software-as-a-Service model, such as Office 365, as well as Infrastructure- and Platform-as-a-Service cloud models, such as AWS and Azure. With this move, far more corporate data now resides in the cloud. In 2019, we expect a significant increase in attacks that follow the data to the cloud.

With the increased adoption of Office 365, we have noticed a surge of attacks on the service— especially attempts to compromise email. One threat the McAfee cloud team uncovered was the botnet KnockKnock, which targeted system accounts that typically do not have multifactor authentication. We have also seen the emergence of exploits of the trust model in the Open Authorization standard. One was launched by Fancy Bear, the Russian cyber espionage group, phishing users with a fake Google security app to gain access to user data.

Similarly, during the last couple of years we have seen many high-profile data breaches attributed to misconfigured Amazon S3 buckets. This is clearly not the fault of AWS. Based on the shared responsibility model, the customer is on the hook to properly configure IaaS/PaaS infrastructure and properly protect their enterprise data and user access. Complicating matters, many of these misconfigured buckets are owned by vendors in their supply chains, rather than by the target enterprises. With access to thousands of open buckets and credentials, bad actors are increasingly opting for these easy pickings.

McAfee has found that 21% of data in the cloud is sensitive—such as intellectual property, and customer and personal data—according to the McAfee Cloud Adoption and Risk Report. With a 33% increase in users collaborating on this data during the past year, cybercriminals know how to seek more targets:

  • Cloud-native attacks targeting weak APIs or ungoverned API endpoints to gain access to the data in SaaS as well as in PaaS and serverless workloads
  • Expanded reconnaissance and exfiltration of data in cloud databases (PaaS or custom applications deployed in IaaS) expanding the S3 exfiltration vector to structured data in databases or data lakes
  • Leveraging the cloud as a springboard for cloud-native man-in-the-middle attacks (such as GhostWriter, which exploits publicly writable S3 buckets introduced due to customer misconfigurations) to launch cryptojacking or ransomware attacks into other variants of MITM attacks.

Voice-Controlled Digital Assistants the Next Vector in Attacking IoT Devices

As tech fans continue to fill their homes with smart gadgets, from plugs to TVs, coffee makers to refrigerators, and motion sensors to lighting, the means of gaining entry to a home network are growing rapidly, especially given how poorly secured many IoT devices remain.

But the real key to the network door next year will be the voice-controlled digital assistant, a device created in part to manage all the IoT devices within a home. As sales increase—and an explosion in adoption over the holiday season looks likely—the attraction for cybercriminals to use assistants to jump to the really interesting devices on a network will only continue to grow.

For now, the voice assistant market is still taking shape, with many brands still looking to dominate the market, in more ways than one, and it is unclear whether one device will become ubiquitous. If one does take the lead, its security features will quite rightly fall under the microscope of the media, though not perhaps before its privacy concerns have been fully examined in prose.

(Last year we highlighted privacy as the key concern for home IoT devices. Privacy will continue to be a concern, but cybercriminals will put more effort into building botnets, demanding ransoms, and threatening the destruction of property of both homes and businesses).

This opportunity to control a home’s or office’s devices will not go unnoticed by cybercriminals, who will engage in an altogether different type of writing in relation to the market winner, in the form of malicious code designed to attack not only IoT devices but also the digital assistants that are given so much license to talk to them.

Smartphones have already served as the door to a threat. In 2019, they may well become the picklock that opens a much larger door. We have already seen two threats that demonstrate what cybercriminals can do with unprotected devices, in the form of the Mirai botnet, which first struck in 2016, and IoT Reaper, in 2017. These IoT malware appeared in many variants to attack connected devices such as routers, network video recorders, and IP cameras. They expanded their reach by password cracking and exploiting known vulnerabilities to build worldwide robot networks.

Next year we expect to see two main vectors for attacking home IoT devices: routers and smartphones/ tablets. The Mirai botnet demonstrated the lack of security in routers. Infected smartphones, which can already monitor and control home devices, will become one of the top targets of cybercriminals, who will employ current and new techniques to take control.

Malware authors will take advantage of phones and tablets, those already trusted controllers, to try to take over IoT devices by password cracking and exploiting vulnerabilities. These attacks will not appear suspicious because the network traffic comes from a trusted device. The success rate of attacks will increase, and the attack routes will be difficult to identify. An infected smartphone could cause the next example of hijacking the DNS settings on a router. Vulnerabilities in mobile and cloud apps are also ripe for exploitation, with smartphones at the core of the criminals’ strategy.

Infected IoT devices will supply botnets, which can launch DDoS attacks, as well as steal personal data. The more sophisticated IoT malware will exploit voice-controlled digital assistants to hide its suspicious activities from users and home-network security software. Malicious activities such as opening doors and connecting to control servers could be triggered by user voice commands (“Play music” and “What is today’s weather?”). Soon we may hear infected IoT devices themselves exclaiming: “Assistant! Open the back door!”

Cybercriminals to Increase Attacks on Identity Platforms and Edge Devices Under Siege

Large-scale data breaches of identity platforms—which offer centralized secure authentication and authorization of users, devices, and services across IT environments—have been well documented in 2018. Meanwhile, the captured data is being reused to cause further misery for its victims. In 2019, we expect to see large-scale social media platforms implement additional measures to protect customer information. However, as the platforms grow in numbers, we predict criminals will further focus their resources on such attractive, data-rich environments. The struggle between criminals and big-scale platforms will be the next big battleground.

Triton, malware that attacks industrial control systems (ICS), has demonstrated the capabilities of adversaries to remotely target manufacturing environments through their adjacent IT environments. Identity platform and “edge device” breaches will provide the keys to adversaries to launch future remote ICS attacks due to static password use across environments and constrained edge devices, which lack secure system requirements due to design limitations. (An edge device is any network-enabled system hardware or protocol within an IoT product.) We expect multifactor authentication and identity intelligence will become the best methods to provide security in this escalating battle. We also predict identity intelligence will complement multifactor authentication to strengthen the capabilities of identity platforms.

Identity is a fundamental component in securing IoT. In these ecosystems, devices and services must securely identify trusted devices so that they can ignore the rest. The identity model has shifted from user centric in traditional IT systems to machine centric for IoT systems. Unfortunately, due to the integration of operational technology and insecure “edge device” design, the IoT trust model is built on a weak foundation of assumed trust and perimeter-based security.

At Black Hat USA and DEF CON 2018, 30 talks discussed IoT edge device exploitation. That’s a large increase from just 19 talks on the topic in 2017. The increase in interest was primarily in relation to ICS, consumer, medical, and “smart city” verticals. (See Figure 1.) Smart edge devices, combined with high-speed connectivity, are enabling IoT ecosystems, but the rate at which they are advancing is compromising the security of these systems.

Figure 1: The number of conference sessions on the security of IoT devices has increased, matching the growing threat to poorly protected devices. 

Most IoT edge devices provide no self-defense (isolating critical functions, memory protection, firmware protection, least privileges, or security by default) so one successful exploit owns the device. IoT edge devices also suffer from “break once, run everywhere” attacks—due to insecure components used across many device types and verticals. (See articles on WingOS and reverse engineering.)

McAfee Advanced Threat Research team engineers have demonstrated how medical device protocols can be exploited to endanger human life and compromise patients’ privacy due to assumed trust. These examples illustrate just a few of many possible scenarios that lead us to believe adversaries will choose IoT edge devices as the path of least resistance to achieve their objectives. Servers have been hardened over the last decade, but IoT hardware is far behind. By understanding an adversary’s motives and opportunities (attack surface and access capability), we can define a set of security requirements independent of a specific attack vector.

Figure 2 gives a breakdown of the types of vulnerabilities in IoT edge devices, highlighting weak points to address by building identity and integrity capabilities into edge hardware to ensure these devices can deflect attacks.

Figure 2: Insecure protocols are the primary attack surface in IoT edge devices.

IoT security must begin on the edge with a zero-trust model and provide a hardware root of trust as the core building block for protecting against hack and shack attacks and other threats. McAfee predicts an increase in compromises on identity platforms and IoT edge devices in 2019 due to the adoption of smart cities and increased ICS activity.

The post McAfee Labs 2019 Threats Predictions Report appeared first on McAfee Blogs.

Imperva Integration With AWS Security Hub: Expanding Customer Security Visibility

This article explains how Imperva application security integrates with AWS Security Hub to give customers better visibility and feedback on the security status of their AWS hosted applications.

Securing AWS Applications

Cost reduction, simplified operations, and other benefits are driving organizations to move more and more applications onto AWS delivery platforms; because all of the infrastructure maintenance is taken care of by AWS.  As with migration to a cloud service, however, it’s important to remember that cloud vendors generally implement their services in a Shared Security Responsibility Model.  AWS explains this in a whitepaper available here.

Imperva solutions help diverse enterprise organizations maintain consistent protection across all applications in their IT domain (including AWS) by combining multiple defenses against Application Layer 3-4 and 7 Distributed Denial of Service (DDoS) attacks, OWASP top 10 application security risks, and even zero-day attacks.  Imperva application security is a top-rated solution by both Gartner and Forrester for both WAF and DDoS protection.

Visibility Leads to Better Outcomes

WAF security is further enhanced through Imperva Attack Analytics, which uses machine learning technology to correlate millions of security events across Imperva WAFs assets and group them into a small number of prioritized incidents, making security teams more effective by giving them clear and actionable insights.

AWS Security Hub is a new web service that provides a consolidated security view across AWS Services as well as 3rd party solutions.  Imperva has integrated its Attack Analytics platform with AWS Security Hub so that the security incidents Attack Analytics generates can be presented by the Security Hub Console.

Brief Description of How the Integration Works

The integration works by utilizing an interface developed for AWS Security Hub for what is essentially an “external data connector” called a Findings Provider (FP). The FP enables AWS Security Hub to ingest standardized information from Attack Analytics so that the information can be parsed, sorted and displayed. This FP is freely available to Imperva and AWS customers on Imperva’s GitHub page listed at the end of this article.

Figure 1: Screen Shot of Attack Analytics Incidents in AWS Security Hub

The way the data flows between Attack Analytics and AWS Security Hub is that Attack Analytics exports the security incidents into an AWS S3 bucket within a customer account, where the Imperva FP can make it available for upload.

Figure 2: Attack Analytics to AWS Security Hub event flow

To activate AWS Security Hub to use the Imperva FP, customers must configure several things described in the AWS Security Hub documentation. As part of the activation process, the FP running in the customer’s environment needs to acquire a product-import token from AWS Security Hub. Upon FP activation, the FP is authorized to import findings into their AWS Security Hub account in the AFF format, which will happen at configurable time intervals.

It’s critically important that organizations maintain robust application security controls as they build or migrate applications to AWS architectures.  Imperva helps organizations ensure every application instance can be protected against both known and zero-day threats, and through integration with AWS Security Hub, Imperva Attack Analytics can ensure organizations always have the most current and most accurate status of their enterprise application security posture.

 

Security Hub is initially being made available as a public preview.  We are currently looking for existing Attack Analytics customers that are interested in working with us to refine our integration. If you’re interested in working with us on this please get in touch.  Once SecurityHub becomes generally available we intend to release our Security Hub integration as an open source project on Imperva’s GitHub account.

The post Imperva Integration With AWS Security Hub: Expanding Customer Security Visibility appeared first on Blog.

Why Traditional Database Security Doesn’t Protect Data

If we asked database administrators, security teams, and risk teams about their definition of what database security is, the answers would vary widely.

Each team views the definition based on their own requirements, but the one answer that most likely won’t appear is: “To protect data.”

Traditionally, database security has always been seen as a means to protect the database systems from vulnerabilities, missing patches, simple misconfigurations, or SQL injections. While this certainly holds true in today’s environments too, we cannot ignore the fact that requirements for securing a company’s most valuable asset—its data—have changed.

Adding data to database security

With the increase in regulatory compliance requirements such as PCI-DSS, HIPAA, SOX, and GDPR, enterprises are asking more and more from their data protection solutions. Data is seen as the new oil—a way to fuel companies. Protecting data must be at the core of every strategy. Where better to start than the one place most data resides, the database?

Database security solutions in today’s data- and compliance-driven environments must not only allow companies to measure the level of security of their databases but must provide the ability to locate personal identifiable data, business critical data, and any other data that is of value to the organization.

In addition, any data that is discovered must be monitored, in real time, 24/7. Long gone are the days when audit logs were sufficient or simple network monitoring was considered adequate. Data is the world’s greatest asset and companies must invest in protecting their own data as well as their customers’ data.

As-a-service: a world of shared responsibilities

Database(s)-as-a-service is one of the fastest growing markets within the world of cloud. It provides organizations with unparalleled amounts of scalability and compute power while at the same time removing many of the challenges that we would see as traditionally related to database security (vulnerability and patch management, for example). In the shared responsibility world of the cloud, the one constant is data. Customers are always responsible for protecting and monitoring their data.

Too many data breaches are successful because the exfiltration of data was made possible by either very little or no real-time monitoring of the data. Traditional database security is not designed to protect data, it’s designed to protect the database from malicious SQL injections or vulnerabilities. One might argue that is data protection. But in reality, database security in today’s data-driven environments must allow organizations to monitor anyone and anything that accesses the “crown jewels,” in real time, with the ability to stop unauthorized access to data.

McAfee helps fill that gap by offering software-based database security solutions that allow the monitoring of database instances across both on-premises solutions and the cloud. Non-intrusive, lightweight, and easy to deploy, McAfee database security solutions allow customers to enjoy all the benefits of moving to a hybrid cloud enterprise database environment while retaining control over security, risk, and data protection.

For more information, visit the database security product information page.

The post Why Traditional Database Security Doesn’t Protect Data appeared first on McAfee Blogs.

Complexity is the Worst Enemy of Security, Time for a New Approach with Network Security?

Bruce Schneier summed it up best in 1999 when he said "Complexity is the Worst Enemy of Security" in an essay titled A Plea for Simplicity, correctly predicting the cybersecurity problems we encounter today.

The IT industry has gone through lots of changes over the past few years, yet when it comes to cybersecurity, the mindset has remained the same. The current thinking around cybersecurity falls into the definition of insanity, with many organisations doing the same thing over and over again, expecting different results, and are then shocked when their company is the latest to hit the hacking headlines.

The current security model is broken and is currently too complex. As Paul German, CEO, Certes Networks, argues, it’s time to strip network security back and focus on the data. 

What should Organisations Really be Protecting?
Ultimately, by overcomplicating network security for far too long, the industry has failed - which won’t come as a surprise to many. We’ve all learned the lessons from the high profile data breaches such as Dixon’s Carphone and historical breaches like Ticketmaster or Target; what they succeeded in showing us was that current attempts to secure corporate networks are just not enough. And the reason for this? Quite simply, it’s because organisations are trying to protect something they no longer own. For a long time, security thinking has focused purely on the network, honing in on the insecurity of the network and trying to build up network defences to protect the data that runs over it in order to combat the challenges.

Yet, this way of thinking still leaves a problem untouched: we don’t always own the networks over which our data runs, so therefore focusing on this aspects is leaving many other doors wide open. The corporate network used to remain in the data centre, but in the digital economy present today, the corporate network spans over corporate locations worldwide, including data centres, private clouds and public clouds. Additionally, this data is not just shared with employees, but to third parties whose devices and policies cannot be easily controlled. Add legacy security measures into the mix which simply weren’t constructed to address the complexity and diversity of today’s corporate network, and it is extremely apparent why this is no longer enough.

So, what needs to change? First and foremost, the industry needs to take a step in the right direction and put data at the forefront of security strategies.

The Security Mindset Needs to Change - and It Needs to Change Now
In an attempt to keep their data and infrastructure secure, organisations have layered technology on top of technology. As a result of this, not only has the technology stack itself become far too complicated but the number of resources, operational overhead and cost needed to manage it have only contributed to the failing security mindset.

Anyone in the IT industry should be able to acknowledge that something needs to change. The good news is that the change is simple. Organisations need to start with a security overlay that covers the networks, independent of the infrastructure, rather than taking the conventional approach of building the strategy around the infrastructure. The network itself must become irrelevant, which will then encourage a natural simplicity in approach.

As well as enabling organisations to better secure their data, this approach also has economic and commercial benefits. Taking intelligence out of the network allows organisations to focus it on its core task: managing traffic. In turn, money and resources can be saved and then better invested in a true security model with data protection at its heart.

A New Era of Cybersecurity
To begin this mindset change, organisations need to start thinking about security as an overlay on top of existing infrastructure. They also need to introduce a software-defined approach to data security, enabling a centralised orchestration of security policy. This centralised orchestration enforcing capabilities such as software-defined application access control, cryptographic segmentation, data-in-motion privacy and a software-defined perimeter, data is completely protected on its journey across any network, while hackers are restricted from moving laterally across the network once a breach has occurred. Additionally, adopting innovative approaches such as Layer 4 encryption which renders the data itself useless, and therefore worthless to hackers, without impacting the operational visibility of the enterprise network and data flows, will further ensure the protection of the organisation’s network.

The fact is that the industry has overcomplicated network security for too long. If the industry continues to try the same methods over and over again, without making any changes, then there is no chance of progression. It’s time for organisations to start afresh and adopt a new, simple software-defined security overlay approach. 

Have You Talked to Your Kids About a Career in Cybersecurity?

career in cybersecurityHere’s some cool trivia for you: What profession currently has a zero-percent unemployment rate, pays an average of $116,000 a year, and is among the top in-demand jobs in the world? A lawyer? A pharmacist? A finance manager, perhaps?

Nope. The job we’re talking about is a cybersecurity specialist and, because of the increase in cyber attacks around the world, these professionals are highly employable.

Job Security

According to numbers from the Bureau of Labor and Statistics, a career in cybersecurity is one of the most in-demand, high-paying professions today with an average salary of $116,000, or approximately $55.77 per hour. That’s nearly three times the national median income for full-time wage and salary workers. How’s that for job security?

Why is the demand so high? Sadly, because there are a lot of black hats (bad guys) out there who want our data — our user IDs, passwords, social security numbers, and credit card numbers. Every month it seems banks, hospitals, and major corporations are reporting security breaches, which has put the global cybersecurity talent an estimated deficit of two million professionals.career in cybersecurity

It’s exciting to see gifts and passions emerge in our kids as they grow and mature. If a child is good at math and sciences, we might point them toward some the medical field. If they a child shows an affinity in English and communication skills, maybe a law, teaching, or media career is in their future.

But what about a cybersecurity expert? Have you noticed any of these skills in your kids?

Cybersecurity skills/traits:

Problem-solving
Critical thinking
Flexible/creative problem solving
Collaborative, team player
Continual learner
Gaming fan
A sense of duty, justice
Persistent, determined
Works well under pressure
Curious and perceptive
Technology/tech trend fan
Verbal and written communications

Education

Most jobs in cybersecurity require a four-year bachelor’s degree in cybersecurity or a related field such as information technology or computer science. Students take coursework in programming and statistics, ethics, and computer forensics, among other courses.

Conversation Starters

First, if your child has some of the skills/personality traits mentioned, how do you start directing him or her toward this field? The first place to begin is in the home. Model smart cybersecurity habits. Talk about digital safety, the importance of protecting personal data and the trends in cybercrimes. In short, model and encourage solid digital citizenship and family security practices. career in cybersecurity

Second, bring up the possibility, or plant the seed. Be sure to encourage both boys and girls equally. Help your child find answers to his or her questions about careers in computer and data science, threat research, engineering and information on jobs such as cybersecurity analyst, vulnerability analyst, and penetration tester.

Third, read and share takeaways from the Winning The Game a McAfee report that investigates the key challenges facing the IT Security industry and the possible teen gaming link to a successful cybersecurity career.

Additional resources*

CyberCompEx. A connection point for everything cybersecurity including forums, groups, news, jobs, and competition information.

CyberCorps® Scholarship for Service. SFS is a program providing scholarships and stipends to undergraduate and graduate students studying cybersecurity at participating institutions. Great for those who want to work in government.

CyberPatriot. This site is created by the Air Force Association (AFA) to inspire K-12 students toward careers in cybersecurity or other science, technology, engineering, and mathematics (STEM).

GenCyber. This is a summer cybersecurity camp for K-12 students and teachers that focuses on inspiring kids to direct their talents toward cybersecurity skills and closing the security skills gap.

career in cybersecurityNational CyberWatch Center. The National CyberWatch Center is a consortium of higher education institutions, public and private businesses, and government agencies focused on advancing cybersecurity education and strengthening the workforce.

National Initiative for Cybersecurity Careers and Studies. NICCS provides information on cybersecurity training, formal education, and workforce development.

National Initiative for Cybersecurity Education. NICE is an initiative to energize and promote a robust network and an ecosystem of cybersecurity education, cybersecurity careers, training, and workforce development.

*Resource list courtesy of Stay Safe Online.

 

Toni Birdsong is a Family Safety Evangelist to McAfee. You can find her onTwitter @McAfee_Family. (Disclosures)

The post Have You Talked to Your Kids About a Career in Cybersecurity? appeared first on McAfee Blogs.

5 Things Your Organization Needs to Know About Multi-Cloud

Cloud awareness and adoption continues to grow as more enterprises take advantage of the benefits that come with multiple cloud platforms. As this trend continues its upward trajectory, we see more tech vendors coming to market with new tools designed to address a variety of different challenges.

Whether you are switching up your multi-cloud strategy or starting from scratch, here are a few things your organization needs to know first about multi-cloud.

Determine what features will either make or break your multi-cloud strategy

When picking the best multi-cloud structure for your business, be bold. Build a vision for what you need cloud services to do for your company; worry less about “how” and more about the “why” and “what” you need from your providers. The reality is that top cloud providers in IaaS/PaaS and, separately, SaaS spaces are offering extremely versatile capabilities and compelling value. It is important to understand what features are make or break and which ones change the way your organization works when it comes to selecting vendors.

Outside of single requests for a new or different capability, your organization needs to rationalize the different needs for each down to “collections” of related needs. For example, consider SaaS for well-known, repeatable needs first, then look to move or re-deploy capability into IaaS or build natively in PaaS for efficient applications.

Security measurements that are important when architecting a multi-cloud structure

First and foremost, avoid looking at your new cloud infrastructure as a separate environment. It’s not merely a new data center, so an organization also needs to consider how switching to a cloud infrastructure will shift how the organization secures assets. Consider looking to resources like the MITRE ATT&CK matrix and the Center for Internet Security’s Basic and Foundational Controls list as a guide for answering this question: “In the future, how do I maintain unified visibility and security when I incorporate new cloud providers?”

For a successful multi-cloud migration, use your cloud access security layer and a platform that ultimately unifies your policy and threat identification approaches. Identity is another common challenge area. Moving to the cloud at scale often requires your organization to “clean up” your identity directory to be ready and accommodating of shared sign-on. By using an identity management and/or aggregation platform to expose identity to well-known cloud services, you will be able to ease the cloud implementation burden and threat exposure of any given provider.

Ensure compliance

It’s important to know that your organization’s compliance requirements are not mitigated or transmuted simply because the data has left your internal environment and entered the one your cloud provider(s) uses. As your organization matures, the way you manage and align your cloud provider’s capabilities to your compliance requirements should evolve accordingly.

Initially, ensure that your company requires business unit executives to apply or accept the risk of compliance obligations where service providers may not have every requirement. Your legal team should be a part of the initial purchase decisions, armed with technical knowledge to help identify potential “rogue” cloud services and policy guidelines that dissuade employees from adding services “on a credit card” without appropriate oversight.

As your organization gains more experience with the cloud, request that providers share copies of the SSAE16 attestations / audits. This, together with more formal due diligence processes, should become commonplace.  Organizations looking to advance in this space would be well-advised to look at the Cloud Security Alliance’s STAR attestation and the associated Cloud Controls Matrix as a ready accelerator to benchmark cloud providers.

Approaching buy-in from exec/C-level on a multi-cloud strategy

Use of cloud services should reflect the strategic focus of the business. Technology leaders can leverage the benefits of these services to underpin initiatives in efficiency, bringing innovation to market and controlling costs. To strengthen this message, technology department heads should consider the metrics and operations adjustments that will allow them to demonstrate the enhanced value of the cloud beyond just the bottom line. If you are trying to get exec/C-level buy in, consider the following:

  • How will you measure the speed of introducing new capabilities?
  • Are new areas of value or product enhancement made possible through cloud services?
  • How will the organization measure and control usage to hit your cost targets?
  • How do you know whether your organization is getting what you have contracted for from cloud providers?
  • Do you have a mechanism for commercial coverage of the organization when things go wrong?

Protect your organization and secure the cloud

Organizations will often “upgrade” in some areas of basic security (perimeter, basic request hygiene) when making the move to well-known cloud providers. How the overall security posture is affected depends heavily on the level of diligence that goes into onboarding new cloud providers. Implementing critical technical measures like the Cloud Access Security layer and policy around how the cloud is procured and technically implemented should drive basic control requirements.

We previously discussed the challenges of governing cloud and the maturity model that we use with customers to ascertain their readiness for new cloud providers.

As the number of cloud providers scales in the environment, your organization needs to assess and document them based on how much your organization depends on a given service and the sensitivity of the data those services will hold. Services that are prioritized higher on these two fronts should have increased organizational scrutiny and technical logging integration in order to maintain the overall defensive posture of the company.

As with any other technology trend, the missteps in making the transition to business and consumer cloud services have received outsized coverage. Take the time to dive into the “hows” and “whys” of early cloud breaches to avoid becoming a potential victim. A resource like the Cloud Security Alliance’s “Top Threats to Cloud Computing: Deep Dive” and McAfee’s report on “Practical Guidance and the State of Cloud Security” can be a great place to start.

Learning from someone else’s experiences is always highly preferred, though. After all, learning about cloud incident response after the fact can be a hard, costly lesson!

The post 5 Things Your Organization Needs to Know About Multi-Cloud appeared first on McAfee Blogs.

#CyberAware: Will You Help Make the Internet a Safe Place for Families?

National Cyber Security Awareness MonthDon’t we all kinda secretly hope, even pretend, that our biggest fears are in the process of remedying themselves? Like believing that the police will know to stay close should we wander into a sketchy part of town. Or that our doors and windows will promptly self-lock should we forget to do so. Such a world would be ideal — and oh, so, peaceful — but it just isn’t reality. When it comes to making sure our families are safe we’ve got to be the ones to be aware, responsible, and take the needed action.

Our Shared Responsibility

This holds true in making the internet a safe place. As much as we’d like to pretend there’s a protective barrier between us and the bad guys online, there’s no single government entity that is solely responsible for securing the internet. Every individual must play his or her role in protecting their portion of cyberspace, including the devices and networks they use. And, that’s what October — National Cyber Security Awareness Month (NCSAM) — is all about.

At McAfee, we focus on these matters every day but this month especially, we are linking arms will safety organizations, bloggers, businesses, and YOU — parents, consumers, educators, and digital citizens — to zero in on ways we can all do our part to make the internet safe and secure for everyone. (Hey, sometimes the home team needs a huddle, right!?)

8 specific things you can do!

National Cyber Security Awareness Month

  1. Become a NCSAM Champion. The National Cyber Security Alliance (NCSAM) is encouraging everyone — individuals, schools, businesses, government organizations, universities — to sign up, take action, and make a difference in online safety and security. It’s free and simple to register. Once you sign up you will get an email with a toolbox packed with fun, shareable memes to post for #CyberAware October.
  2. Tap your social powers. Throughout October, share, share, share great content you discover. Use the hashtag #CyberAware, so the safety conversation reaches and inspires more people. Also, join the Twitter chat using the hashtag #ChatSTC each Thursday in October at 3 p.m., ET/Noon, PT. Learn, connect with other parents and safety pros, and chime in.National Cyber Security Awareness Month
  3. Hold a family tech talk. Be even more intentional this month. Learn and discuss suggestions from STOP. THINK. CONNECT.™ on how each family member can protect their devices and information.
  4. Print it and post it: Print out a STOP. THINK. CONNECT.™ tip sheet and display it in areas where family members spend time online.
  5. Understand and execute the basics. Information is awesome. But how much of that information do we truly put into action? Take 10 minutes to read 10 Tips to Stay Safe Online and another 10 minutes to make sure you take the time to install a firewall, strengthen your passwords, and make sure your home network as secure as it can be.National Cyber Security Awareness Month
  6. If you care — share! Send an email to friends and family informing them that October is National Cybersecurity Awareness Month and encourage them to visit staysafeonline.org for tips and resources.
  7. Turn on multi-factor authentication. Protect your financial, email and social media accounts with two-step authentication for passwords.
  8. Update, update, update! This overlooked but powerful way to shore up your devices is crucial. Update your software and turn on automatic updates to protect your home network and personal devices.

Isn’t it awesome to think that you aren’t alone in striving to keep your family’s digital life — and future — safe? A lot of people are working together during National Cyber Security Awareness Month to educate and be more proactive in blocking criminals online. Working together, no doubt, we’ll get there quicker and be able to create and enjoy a safer internet.

 

 

Toni Birdsong is a Family Safety Evangelist to McAfee. You can find her onTwitter @McAfee_Family. (Disclosures)

The post #CyberAware: Will You Help Make the Internet a Safe Place for Families? appeared first on McAfee Blogs.

Application Development GDPR Compliance Guidance

Last week IBM developerWorks released a three-part guidance series I have written to help 
Application Developers develop GDPR compliant applications.

Developing GDPR Compliant Applications Guidance

The GDPR
The General Data Protection Regulation (GDPR) was created by the European Commission and Council to strengthen and unify Europe's data protection law, replacing the 1995 European Data Protection Directive. Although the GDPR is a European Union (EU) regulation, it applies to any organizations outside of Europe that handle the personal data of EU citizens. This includes the development of applications that are intended to process the personal information of EU citizens. Therefore, organizations that provide web applications, mobile apps, or traditional desktop applications that can indirectly process EU citizen's personal data or allow EU citizens sign in are subject to the GDPR's privacy obligations. Organizations face the prospect of powerful sanctions should applications fail to comply with the GDPR.

Part 1: A Developer's Guide to the GDPR
Part 1 summarizes the GDPR and explains how the privacy regulation impacts and applies to developing and supporting applications that are intended to be used by European Union citizens.

Part 2: Application Privacy by Design
Part 2 provides guidance for developing applications that are compliant with the European Union’s General Data Protection Regulation. 

Part 3: Minimizing Application Privacy Risk

Part 3  provides practical application development techniques that can alleviate an application's privacy risk.