• Search for:
    12Jul, 2023
    Web Security Gateway: Best Security Practices to Protect Enterprise Users

    Protecting employees from harmful content was a far more straightforward task once upon a time. COVID-19 changed all of that in an instant. The new hybrid work model has forced IT professionals to rethink their security strategy game plans. As threats continue to emerge, it becomes an ongoing game of cat and mouse for IT teams to outmaneuver cybercriminals.

    One of the biggest challenges is keeping up with the latest forms of malware. Kaspersky detected 516,617 malicious installation packages in Q1 2022. Any one of these packages could be unknowingly downloaded by a remote worker. 

    The focus then shifts to securing remote access to a corporate network to block dangerous websites and applications beyond the traditional perimeter that would give way to what we know as a Secure Web Gateway.

    A Secure Web Gateway or SWG, operates at the application level, unlike traditional firewalls that work by inspecting packets at the network level. It allows companies to enforce tighter security policies and block access to harmful sites with rules set by the admin, preventing malicious web traffic from entering a network.

    What is Enterprise Security Architecture?

    Enterprise security architecture is a term that encompasses all the policies, principles, and models implemented by an organization to ensure that the network is protected from cyber threats. Security architecture involves a detailed plan for web security that incorporates different security concepts and tools such as tiered networks, security domains, security policies, and different types of security systems and devices.

    An enterprise’s security architecture must include a layered plan covering all web security bases and implementing various security models and devices as needed. Enterprise security architecture recognizes that it is not enough to have standard security measures in place but they must be implemented expertly and accurately to ensure complete protection.

    Preparing efficient enterprise security architecture takes place in the following stages:

    • Research and risk assessment
    • Security protocol and system design
    • Security implementation and installation
    • Testing, assurance, and system operations and monitoring

    How an SWG Works in a Modern Enterprise Security Architecture Setting

    Secure Web Gateways can be immediately incorporated into an enterprise’s security architecture. They provide multi-layered protection covering different web security areas and protecting remote employees requiring corporate network access.

    Modern enterprise security architecture includes the most progressive methods, systems, and models for web security. Secure web gateways are one of these.

    SWG provides the following features:

    Traffic Monitoring

    All traffic that passes through a network is inspected and monitored. Content not aligning with corporate policies can be immediately blocked or restricted. Default turnkey inspection policies can be customized to suit the organization’s needs.

    Enforcing Corporate Policies

    The security policies of a network determine who and what is allowed on the network, where or when they are allowed, and what kinds of interactions are permissible between internal users. These policies can be enforced to ensure all employees safely access the corporate network, regardless of device or location.

    URL Filtering

    A Secure Web Gateway can protect users by blocking access to known malicious websites. This can be done by setting restrictions on certain websites and applications. Permissions may be either “allowed” or “restricted” based on the employee’s role. Specific sites like gambling, gaming, and social media may be blocked by default, increasing productivity and minimizing the threat surface.

    Conclusion

    A Secure Web Gateway is an ideal addition to any enterprise security architecture’s line of defense. They provide a well-rounded form of security that protects an organization’s network and workforce from malicious threats. It also prevents Shadow IT, where employees use IT-related software without authorization or knowledge from the IT department. Avoid the risks and add a Secure Web Gateway to your enterprise security today.

    Resource : https://cybersecuritynews.com/secure-web-gateway-to-protect-enterpris/

    5Jul, 2023
    What is the OWASP API Security Top 10?

    Since 2003, the non-profit Open Web Application Security Project (OWASP) has maintained its Top 10 list of the most severe and pervasive web-application security risks — otherwise known as the OWASP Top 10. Web developers and security practitioners use the OWASP Top 10 as a reference to avoid common and dangerous mistakes when building and maintaining web applications.

    From that main Top 10 list, OWASP has since spun off nearly a dozen “daughter” lists of Top 10 risks for other aspects of information security, such as desktop-application security, privacy, machine-learning security and mobile-device security.

    One of the most important daughter lists is the OWASP API Security Top 10 list, which first appeared in 2019 and was given a full refresh in early June 2023. This list concerns itself with application-programming interfaces (APIs), the bits of software that let two or more separate computer programs communicate and exchange information with each other.

    APIs are crucial to the development of software functions, and APIs for web applications, which communicate across the internet rather than through a closed network, are frequently sources of security vulnerabilities.

    “APIs are a critical part of modern mobile, SaaS, and web applications and can be found in customer-facing, partner-facing, and internal applications,” states the foreword to the 2023 OWASP API Security Top 10 list. “By nature, APIs expose application logic and sensitive data such as personally identifiable information (PII) and because of this, APIs have increasingly become a target for attackers. Without secure APIs, rapid innovation would be impossible.”

    The OWASP API Security Top 10 list doesn’t list specific vulnerabilities but rather categories of common weaknesses in APIs, especially web-based APIs, that often result in vulnerabilities. Like the main OWASP Top 10 list, developers and DevSecOps personnel use the OWASP API Security Top 10 list to guide their work and steer away from pitfalls.

    What’s on the OWASP API Security Top 10 list

    The final version of the OWASP API Security Top 10 list, released June 7, 2023, is as follows. We’ll briefly go through each item.

    1. Broken Object Level Authorization

    OWASP says that “APIs tend to expose endpoints that handle object identifiers, creating a wide attack surface of Object Level Access Control issues.”

    It gives the example of an automaker using vehicle identification numbers (VINs) to control cars via a mobile app without verifying vehicles’ authorized users. Because of that mistake, an attacker could use a VIN — visible through every vehicle’s windshield — to unlock and start someone else’s car.

    2. Broken Authentication

    “This category encompasses all sorts of weaknesses that could allow an attacker to act as a valid user,” explains Invicti’s Zbigniew Banach in a recent blog post, “whether by permitting credential stuffing for brute-force access, failing to verify token signatures, or simply allowing unauthenticated access in some circumstances.”

    3. Broken Object Property Level Authorization

    “This is closely related to object-level authorization failures but applies at a more granular level, where defining and enforcing access control is much harder,” writes Banach. “Even with proper access control to, say, customer data records, you still need to define who can perform which operations on which data fields, and whether they can import, export, or modify data in bulk.”

    4. Unrestricted Resource Consumption

    This one involves failing to guard against running out of bandwidth, memory, processing power or other basic resources so that systems aren’t overwhelmed by too many requests. This most commonly leads to a denial of service for authorized users, but OWASP’s examples show how a malicious third-party vendor could abuse such a weakness to rack up fraudulent charges.

    5. Broken Function Level Authorization

    “This category covers weaknesses that expose application functionality rather than data,” writes Banach. “For example, if an attacker can access the export operation for customer records, they could extract sensitive information in bulk even if they cannot access each customer record object separately.”

    6. Unrestricted Access to Sensitive Business Flows

    This weakness comes from a failure to detect and limit rapid-fire automated requests that might not create a security issue but could nonetheless harm the business. For example, bots exploit this to quickly buy up popular concert tickets, limited-edition sneakers or scarce gaming consoles, earning a profit for resellers while creating bad publicity for the retailers.

    7. Server-Side Request Forgery

    “In the context of APIs,” writes Banach, “server-side request forgery vulnerabilities allow attackers to smuggle URLs through an API and trick a back-end server into sending a request to that URL.”

    OWASP gives an example of an attacker inputting a specially crafted URL to a social-media network’s image-upload function, resulting in a port scan (often part of pre-attack reconnaissance) from inside the social-media company’s internal network.

    8. Security Misconfiguration

    One of the most severe weaknesses on the list, this type of flaw lets attackers probe for “unpatched flaws, common endpoints, services running with insecure default configurations, or unprotected files and directories” to break into systems, steal data or completely hijack servers, OWASP writes.

    9. Improper Inventory Management

    “As interfaces and their underlying applications both undergo changes,” writes Banach, “any gaps in version control and documentation can expose additional attack surfaces in the form of deprecated APIs that are still accessible or undocumented API endpoints that go unnoticed during testing.”

    10. Unsafe Consumption of APIs

    “In this case, ‘unsafe consumption’ refers to using data retrieved from an API without sanitizing and validating it to the same standard as user-supplied data,” explains Invicti’s Banach.

    Banach adds that injection attacks fall into this category, and OWASP indeed supplies an example of a malicious third-party vendor using SQL injection to steal data from a company through a vulnerable API.  

    How to use the OWASP API Security Top 10 list

    With every entry on the list, OWASP provides several suggestions for how to prevent that particular sort of weakness, as well as links to further references on the OWASP website and externally.

    For example, with item No. 3, Broken Object Property Level Authorization, the suggestions are:

    — When exposing an object using an API endpoint, always make sure that the user should have access to the object’s properties you expose.
    — Avoid using generic methods such as to_json() and to_string(). Instead, cherry-pick specific object properties you specifically want to return.
    — If possible, avoid using functions that automatically bind a client’s input into code variables, internal objects, or object properties (“Mass Assignment”).
    — Allow changes only to the object’s properties that should be updated by the client.
    — Implement a schema-based response validation mechanism as an extra layer of security. As part of this mechanism, define and enforce data returned by all API methods.
    — Keep returned data structures to the bare minimum, according to the business/functional requirements for the endpoint.

    Among all 10 entries, there are dozens of such suggestions. There are also two pages detailing and linking to further OWASP resources specifically for developers and DevSecOps personnel.

    “Building secure APIs is crucial,” states the latter page. “Security cannot be neglected, and it should be part of the whole development life cycle. Scanning and penetration testing yearly are no longer enough.”

    Resource : https://www.scmagazine.com/resource/application-security/what-is-the-owasp-api-security-top-10

    4Jul, 2023
    What is Cyberwar?

    Ask any three people to define cyberwar and you will get three different answers. But as global geopolitics worsen and aggressive cyberattacks increase, this becomes more than an academic question.

    The common view is that cyberwar is war in the cyber domain. This is only partially true. It is more productive to consider war and cyberwar as two separate entities, albeit with overlapping edges.

    The Merck insurance ruling illustrates this. For most people outside of government and military, the NotPetya attack against Ukraine was an obvious act of cyberwar. It was aggressive, it caused damage, and it was perpetrated by a Russian agency (the GRU) as part of an undeclared war against Ukraine. If it was an act of war within Ukraine, surely it was an act of war beyond Ukraine?

    The answer is no. NotPetya was never, technically, an act of cyberwar. Misunderstanding this and the definition of cyberwar cost the insurance industry $1.4 billion. Trying to shine a light on a common person’s actionable understanding of cyberwar and cybersecurity is the purpose of this article. 

    What is war?

    War is usually defined as kinetic military action between two nations, following the declaration of a state of war. This not a universal view. The purpose of war is for one party to exert supremacy over another – and this can be achieved by means other than armed conflict. It can be achieved just as effectively by economic means, by psyops including disinformation, or any other non-military means of effecting regime change.

    Kevin Tierney, VP of global cybersecurity at General Motors and a member of the CISA cybersecurity Advisory committee (CSAC), holds this wider view. “If two countries are fighting over something, it’s not always by kinetic means. Sometimes it involves economic disruption,” he told SecurityWeek.

    “If you disrupt large parts of the operational system of the target country, disrupt the financial systems, have a country lose trust in its information, lose governmental data, halt transportation or damage energy or water supplies, you can win a war without killing each other.”

    [See The Vulnerable Maritime Supply Chain – a Threat to the Global Economy for the potential effect of disrupting the maritime supply chain.]

    ADVERTISEMENT. SCROLL TO CONTINUE READING.

    The Cold War was an undeclared war, primarily non-kinetic (with localized flare-ups around the world), between the USSR and the West. The West prevailed in this war by economic means rather than force of arms – the USSR ceased to exist.

    But however you define war, there is a fundamental difference between the physical and cyber domains. Physical war is largely constrained within the national boundaries of the combatant nations. Cyberwar is not constrained by national boundaries and has a greater potential for spilling out to become global in effect, very rapidly. 

    Largely for this reason, cyberwar is usually and arbitrarily described as something separate to the wider concept of war. Cyberwar is neither viewed nor defined in the same terms as non-cyber-war.

    What is cyberwar?

    Most nations consider the correct response to a foreign nation-state’s cyberattack against their critical industries could include kinetic action. Cyber activity thus has the potential to spread accidentally and expand into a global military conflict. To limit this potential, the definition of what constitutes cyberwar must be, and is, set very high. 

    Most definitions ultimately derive from the Tallinn Manual – developed by international experts at the NATO Cooperative Cyber Defense Centre of Excellence based in Tallinn, Estonia. From this work, cyberwar is limited to cyber activity that causes, or can be expected to cause, death or destruction.

    Anything less than this is generally considered to be cyberespionage rather than cyberwar – and cyberespionage is specifically excluded by Tallinn. This ultimately leads to a common binary view of cyberwar based solely on the delivery of death or damage – especially if that occurs to the critical infrastructure.

    Tom Kellermann, senior VP of cyber strategy at Contrast Security, takes this view. “Cyberwarfare is when a nation state launches a destructive cyberattack against a critical infrastructure,” he told SecurityWeek. Almost everything else he would describe as cyberespionage.

    John Hultquist, VP of intelligence analysis at Mandiant, agrees. “Economic suppression isn’t war,” he said. He disagrees with calling the Cold War an actual war, describing the term as a metaphor. “The moment it is war is when violence or the threat of violence is being applied. I think that’s a crucial element. You only really cross that line when people start dying.” The implication is that anything that falls short of death (or at least the expectation and intent to cause death or destruction) can only –at the worst – be classified as cyberespionage and not part of cyberwar.

    The argument for excluding cyberespionage as a part of cyberwar is simple. It is spying conducted in the cyber domain. Spying is and always has been a part of everyday life, from individuals to corporations to governments. If spying is an act of war, the world has been at war with itself since the dawn of time. The only difference in the modern world is that cyber-spying is easier, more scalable, and more deniable than ever before.

    The danger here is the difference between genuine cyberespionage and actual cyberwar could be a simple instruction from a C2 server at any time, or a mistake from the attackers, or a bug in their software. This brings two other terms into the classification: expectation and intent, both of which are fundamentally subjective interpretations that are easily deniable by an aggressor.

    Vladimir Putin once famously denied government involvement in hacking, saying it may have been patriotic Russian citizens “contributing, as they believe, to the justified fight against those speaking ill of Russia.” In short, it wasn’t the Russian state, it didn’t cause death or destruction, and it cannot be considered an act of cyberwar.

    Deniability is important. In a western democracy, legality is defined by the courts. Knowing something is not enough – it must be provable to the higher standards of a civilian court. Intelligence agencies may know something to be true, but be unable to make public the source of their knowledge.

    Helder Figueira, founder at Incrypteon, studied and briefly practiced law before becoming an Electronic Warfare Signals Officer commanding a cryptanalysis unit with the South African Army. “Cyberwarfare is military action in the digital domain,” he said. “But a cyberattack by a sovereign state is hard to prove or identify. To complicate identification further, such activities are usually outsourced to independent contractors – which leads to the incidence of these activities increasing, since there are no actual diplomatic repercussions.” 

    He adds a further complication for the future. “Now imagine AI attackers waging ‘cyberwar’ against a target.” There are no legal remedies against a sub-contracted AI attacker.

    Dr. Stephanie Carter, principal of FedRAMP advisory services at Coalfire, comments, “The last official release of what this means was published by the Senate Armed Services Committee stating that ‘The determination of what constitutes an act of war in or out of cyberspace, would be made on a case-by-case and fact-specific basis by the President.’” 

    Right now, she continued, “We are at the mercy of the Presidents to declare what is a part of cyberwar and what is not. That decision will be greatly influenced by political power and national defense… the goal should be defining cyberwar so that there are only clear-cut lines, not ‘clear as mud’ interpretations.”

    NotPetya

    A commonsense view of NotPetya is that it was an act of cyberwar undertaken by Russia against Ukraine in 2017. There was an undeclared state of war between the two nations since the annexation of Crimea in 2014. The attack was perpetrated by a Russian state agency (the GRU), and it caused damage.

    It would be equal commonsense to view any collateral damage (such as that to the US pharmaceutical giant, Merck) to be a part of that act of cyberwar. However, on May 1, 2023, the US courts declared that the NotPetya attack could not be classified as an act of cyberwar. Among other arguments, the ruling stated, “While the attack caused property damage, there was no evidence the NotPetya malware caused bodily injury or death… the NotPetya attack is not sufficiently linked to a military action or objective as it was a non-military cyberattack against an accounting software provider.”

    Juan Andres Guerrero-Saade, senior director of SentinelLabs at SentinelOne and an adjunct professor of strategic studies at John Hopkins SAIS, explains some of the complexities in describing a cyberattack as an act of cyberwar. Firstly, can it be proven in a court of law (beyond simply known to the intelligence agencies) that it was delivered by (in this case) the GRU? “Who exactly did it; where they were sitting; what uniform were they wearing. Who ordered what, and to what extent was it a premeditated action rather than the result of fat fingering something that turned it from a simple cyberattack into a potential act of war?”

    This is where expectation and intent become important. The NotPetya weaponry could hardly be called a traditional weapon of war – it was fundamentally ransomware. The aggressor could simply claim that it was criminal ransomware that went wrong – certainly not an act of war. “In the context of intentional damage to critical infrastructure, I really like to point to malware such as Industroyer, as a really clear case,” continued Guerrero-Saade. “Industroyer has specialized tooling that is baked into the code and is specifically designed to interact with infrastructure so that it can damage it.”

    If it is difficult for a third party (the US) to prove NotPetya was an act of war within Ukraine, it becomes impossible to prove that collateral damage outside of Ukraine (such as that caused to Merck and very many other global companies) was caused by an act of cyberwar against the US or other nations. “I’m not sure how you could prove intent to cause collateral damage without having access to the notes or recording of the meeting at which the decision to use NotPetya was made,” comments Robin Long, founder of Kiowa Security.

    The basic problem is that much of the artifacts of any cyberattack are primarily dual purpose tools used as much for ‘friendly’ purposes as for nefarious purposes. “Many of the things that would be considered reconnaissance phases in cyber [and therefore a fat finger away from causing damage] are things that are currently being done to our systems every day by ad tracking networks, by Google – run of the mill things,” added Guerrero-Saade.

    But herein lies an example of the fundamental problems with what amounts to an interpretive definition of cyberwar. A cyberwar wiper could be delivered by ransomware with broken decryption and be invisible as an act of war. Any damage could be claimed as accidental to the proffered purpose of collecting money, while the perpetration could be blamed on criminals.

    This is not just a theoretical possibility. “The actors,” said Hultquist. “have known that for a long time. They were doing it before NotPetya. They were experimenting with that for a year. They’ve done it many, many times since the invasion in Ukraine. It’s a wonderful tool if you want to hide yourself behind an operation that looks criminal. I’ll go one step further,” he continued. “I’m certain that has already happened, and the real motivation has simply been ascribed to financial motivation.”

    The Colonial Pipeline incident demonstrates these blurred lines. It caused damage to the critical infrastructure but is not classed as an act of cyberwar. “If you look at Colonial Pipeline” comments Hultquist, “there was a massive disruption to American critical infrastructure. But the intent wasn’t to disrupt the infrastructure, the intent was to just make money. So, although it followed the same sort of blueprint you might expect from a state actor in a time of war, it was just designed to make money.”

    Now apply this reasoning to Russian meddling in the 2016 US elections. To many, it may appear to be an attempt at engineering regime change – from a global liberalism to a local America First platform (and from there to a weakened NATO and a more successful war against Ukraine). While attempted regime change might seem an obvious act of war, how can you prove this when you cannot prove the perpetrator in a court of law, no physical damage was done, and nobody died?

    So, what is the definition of Cyberwar?

    The official definition is clear: it must result in physical damage and or loss of life. Cyberespionage is excluded. Intent, which is largely a value judgment by the defender, is part of the argument. It is perpetrated by one nation state against another nation state. Knowing that an action is an act of cyberwar is not enough – it must be provable to a western democracy’s court of law.

    The difficulties in this semi-formal definition are not all bad because it allows flexibility in government response. A government is not required to ask a civilian court of law, ‘is this an act of war to which we can respond?’ Politically, the government can simply say, this is too much – we respond. 

    The international danger is that the UK made it clear as long ago as 2018 that it considers an actual cyberwar attack can legally trigger in an immediate and unannounced kinetic response; and that since this is an interpretation of international law, any of its allies can take a similar stance. For this ultimate reason, the definition of cyberwar is purposely set high.

    The Merck ruling makes it clear that the political/military definition of cyberwar is not a common person’s understanding of cyberwar. The correct response to what appears to be cyberwar needs to be based on the visible effect of a nation-state or nation affiliated attack, and not a government’s definition of cyberwar.

    Does it matter?

    A cyber act that is a clearcut act of cyberwar could easily demand or spiral into military kinetic retribution. For the reasons we have discussed, that final decision is ultimately left to the President – and that being so, the final question we need to ask is whether this distinction between cyberwar and cyberespionage has any practical relevance to the corporate cyber defender. After all, that defender must be resilient to all attacks by whomever and for whatever purpose.

    Just as there are multiple opinions on the constitution of cyberwar and its relation to general war, there are multiple answers to this question.

    “There’s a risk equation,” says Malcolm Harkins, chief security and trust officer at Epiphany Systems. “Risk is a function of threat, vulnerability, and consequence. I have no ability to control either the threat actor or the threat agent – it’s an uncontrollable variable. As a CISO, the only thing I have in my ability to manage security for my organization is my ability to manage how exploitable I am. That’s the only thing I can control. Everything else is just what it is. Running security is managing exploitability. If I over-focus on the nature of the perpetrator, I’m wasting time, because I have no ability to affect the actor.”

    Hultquist has a different view. “It absolutely matters. You can’t do risk assessments if you don’t care who the attacker is. If you were in Ukraine two years ago and were responsible for securing the IT infrastructure, and you decided it didn’t matter whether or not there was a war looming, you would have failed. If you don’t consider who the adversary is, you can’t begin to secure your systems.”

    He continued, “We sometimes forget to ask, who are the bad guys and what capabilities do they have – when will they attack and when will they not attack? Am I even at risk of these people? Imagine it’s the eve of World War Two, and you are responsible for making all the purchasing decisions for the military. You want to know what capabilities the enemy has developed, but somebody says to you: ‘You don’t need to know that; you can just make decisions based on what you think is best.’“

    A third, potentially more political view comes from Guerrero-Saade. “This should be a very real nuanced concern for people both as citizens of law-abiding nations and as people trying to figure out what the right measures are for defense.” If the President is ultimately responsible for the right measures beyond CISOs defending their networks, we need to understand the arguments underlying those decisions taken in our name.

    4Jul, 2023
    The Impacts of Data Loss on Your Organization

    What are the causes of Data Loss and which are their impact on your organization?

    In today’s digital age, data has become the lifeblood of organizations, driving critical decision-making, improving operational efficiency, and allowing for smoother innovation. Simply put, businesses heavily rely on data. In an era where data has become the cornerstone of business operations, the loss of vital information can result in severe setbacks and irreparable damage. Whether it’s due to accidental deletion, hardware failure, cyber-attacks, or natural disasters, the loss of valuable data can have devastating impacts on an organization. In a survey, it was found that 26% of businesses suffered some form of data loss in 2022, bringing to light worrisome statistics and further stressing the need for organizations to simply be more proactive in protecting their data.

    Types of Data

    Organizations deal with different types of data in their day-to-day activities. Understanding the different types of data is crucial for organizations as it helps them devise appropriate data protection and management strategies. Data can be classified into;

    Structured Data:

    Structured data refers to information that is organized in a predefined format. It is usually stored in databases and can be easily categorized and analyzed. Structured data is highly valuable for generating reports, performing statistical analysis, and gaining insights into operational efficiency.

    Examples: Customer Personal Identifiable Information, transactional data, inventory records, and financial statements.

    Unstructured Data:

    Unstructured data, on the other hand, is characterized by its lack of organization and predefined format. It includes information that does not fit neatly into databases or spreadsheets. Extracting meaningful insights from unstructured data can be challenging, but advancements in natural language processing and machine learning techniques have enabled organizations to derive valuable insights from this vast and untapped data source.

    Examples: emails, social media posts, customer feedback, audio and video files, images, and documents.

    Semi-Structured Data:

    Semi-structured data lies between the structured and unstructured categories. It contains elements of both organized and unorganized data. While this type of data may have some level of organization, it lacks a rigid schema or predefined structure, requiring specific parsing techniques to extract relevant information.

    Examples: XML files, JSON files, and log files.

    MetaData:

    Metadata refers to data about data. It provides context and information about the characteristics, properties, and attributes of other data. This additional layer of information is essential for data management, data governance, and data integration processes.

    Example: Metadata can include information about the source, creation date, file format, or authorship of a document.

    Causes of Data Loss:

    Data loss is almost inevitable and can occur in any organization of any size at any scale. Understanding what can lead to a loss of data is important for organizations when drafting their cyber security policies, especially with relating to compliance. Data loss can be a result of technical issues, human error, and malicious activities. For better context, the causes of data loss are:

    Hardware Failures: Hardware failures can occur at any time. The longer hardware is being used, the more wear and tear occurs in its basic components. Over time, these components housing sensitive data can fail and shut down, leading to data loss. Without adequate backups, the data they house can be lost forever.

    Human Error: Human error is another contributing factor to data loss, one that accounts for a significant portion of data loss incidents. Accidental actions by employees, such as deleting files, formatting drives, or overwriting data, can result in the loss of data. These errors may occur due to a lack of awareness, improper training, or simple oversight.

    Software Corruption: Software are not infallible products. They can experience failures that can occur due to bugs, malware, operational glitches, or runtime conflicts between different applications on an operating system. Software vulnerabilities can also be exploited using malware to steal and/or corrupt the data they house.

    Cyber Attacks: Cyber-attacks are another cause of data loss. Cyber-attacks can include malware infections, ransomware, rootkits, viruses, and worms. They pose a significant threat to data security. These cyberattacks can gain unauthorized access to systems, steal or encrypt data, or delete valuable information.

    Natural Disasters: Natural disasters occur unexpectedly and can cause severe physical damage to infrastructure of all kinds. When natural disasters affect physical data storage devices, it can lead to data loss especially if backups and disaster recovery plans are not in place.

    Theft or Loss of Devices: At times, data storages can simply be stolen or lost, potentially exposing sensitive data to unauthorized individuals.  Encrypting physical storage devices, and following industry guidelines for the storage and transport of these physical devices is a good way to mitigate data theft and loss.

    Power Failures/Outages: Unexpected outages can inadvertently lead to hardware failure by interrupting ongoing operations, resulting in data loss. A permanent loss of this data can then occur in a situation where there are no backup copies.

    Consequences of Data Loss

    Data loss has a wide range of consequences ranging from financial loss and intellectual property theft to operational disruption and Legal and Regulatory consequences. Some of the consequences of data loss are;

    Financial Loss: Financial loss can be devastating to organizations. The finances associated with data recovery efforts, potential legal actions, business interruptions, and reputational damage can be a lot for any organization to have to bear. Financial loss can also lead to revenue decline, especially if organizations have not yet recovered fully.

    Operational Disruption: Data loss can disrupt the way organizations function. Without employee access to essential data and systems, day-to-day functionality can become challenging. Leading to reduced operational functionality which can invariably lead to reputational damage and a loss in revenue.

    Reputational Damage: Data loss incidents can severely damage an organization’s reputation and erode the trust of customers, partners, and stakeholders. Rebuilding trust and restoring a damaged reputation can be a challenging and time-consuming process. Especially if the organization does not have the right business continuity and disaster recovery processes in place.

    Legal and Regulatory Consequences: Data loss can have legal and regulatory ramifications on organizations, especially when it involves the loss of personally identifiable information (PII) or sensitive data subject to data protection laws. Organizations may face penalties, fines, or legal actions if they fail to comply with data privacy regulations, such as the General Data Protection Regulation (GDPR) or the California Consumer Privacy Act (CCPA).

    Increased risks to future cyber-attacks: Data loss incidents can leave organizations more vulnerable to future cyber-attacks. This would be the case if the data loss was a result of an exploited vulnerability in the software or systems. Malicious actors could decide to exploit these vulnerabilities in subsequent attacks, leading to a heightened risk of further data loss or security breaches.

    Intellectual Property (IP) Theft: Data loss can also involve the loss or theft of valuable intellectual property, trade secrets, or proprietary information. This can directly impact an organization’s competitiveness, market position, and future innovations.

    How to prevent a data loss

    Reducing or preventing data loss is crucial for organizations and their operational health. Here are some ways organizations can prevent data loss;

    • Implement regular data backups.
    • Ensure robust cybersecurity measures and protocols.
    • Train employees on data security best practices.
    • Use encryption to protect sensitive data.
    • Establish access controls and permissions.
    • Conduct regular vulnerability assessments and penetration testing.
    • Develop and implement a comprehensive data loss prevention strategy.

    Resource : https://securityaffairs.com/148086/security/impacts-of-data-loss.html

    1Jun, 2023
    Security Policies

    Security policies are a formal set of rules which is issued by an organization to ensure that the user who are authorized to access company technology and information assets comply with rules and guidelines related to the security of information. It is a written document in the organization which is responsible for how to protect the organizations from threats and how to handles them when they will occur. A security policy also considered to be a “living document” which means that the document is never finished, but it is continuously updated as requirements of the technology and employee changes.

    Need of Security policies-

    1) It increases efficiency.

    The best thing about having a policy is being able to increase the level of consistency which saves time, money and resources. The policy should inform the employees about their individual duties, and telling them what they can do and what they cannot do with the organization sensitive information.

    2) It upholds discipline and accountability

    When any human mistake will occur, and system security is compromised, then the security policy of the organization will back up any disciplinary action and also supporting a case in a court of law. The organization policies act as a contract which proves that an organization has taken steps to protect its intellectual property, as well as its customers and clients.

    3) It can make or break a business deal

    It is not necessary for companies to provide a copy of their information security policy to other vendors during a business deal that involves the transference of their sensitive information. It is true in a case of bigger businesses which ensures their own security interests are protected when dealing with smaller businesses which have less high-end security systems in place.

    4) It helps to educate employees on security literacy

    A well-written security policy can also be seen as an educational document which informs the readers about their importance of responsibility in protecting the organization sensitive data. It involves on choosing the right passwords, to providing guidelines for file transfers and data storage which increases employee’s overall awareness of security and how it can be strengthened.

    We use security policies to manage our network security. Most types of security policies are automatically created during the installation. We can also customize policies to suit our specific environment. There are some important cybersecurity policies recommendations describe below-

    1. Virus and Spyware Protection policy

    This policy provides the following protection:

    • It helps to detect, removes, and repairs the side effects of viruses and security risks by using signatures.
    • It helps to detect the threats in the files which the users try to download by using reputation data from Download Insight.
    • It helps to detect the applications that exhibit suspicious behaviour by using SONAR heuristics and reputation data.

    2. Firewall Policy

    This policy provides the following protection:

    • It blocks the unauthorized users from accessing the systems and networks that connect to the Internet.
    • It detects the attacks by cybercriminals.
    • It removes the unwanted sources of network traffic.

    3. Intrusion Prevention policy

    This policy automatically detects and blocks the network attacks and browser attacks. It also protects applications from vulnerabilities. It checks the contents of one or more data packages and detects malware which is coming through legal ways.

    4. LiveUpdate policy

    This policy can be categorized into two types one is LiveUpdate Content policy, and another is LiveUpdate Setting Policy. The LiveUpdate policy contains the setting which determines when and how client computers download the content updates from LiveUpdate. We can define the computer that clients contact to check for updates and schedule when and how often clients computer check for updates.

    5. Application and Device Control

    This policy protects a system’s resources from applications and manages the peripheral devices that can attach to a system. The device control policy applies to both Windows and Mac computers whereas application control policy can be applied only to Windows clients.

    6. Exceptions policy

    This policy provides the ability to exclude applications and processes from detection by the virus and spyware scans.

    7. Host Integrity policy

    This policy provides the ability to define, enforce, and restore the security of client computers to keep enterprise networks and data secure. We use this policy to ensure that the client’s computers who access our network are protected and compliant with companies? securities policies. This policy requires that the client system must have installed antivirus.

    Resource : https://www.javatpoint.com/cyber-security-policies

    1Jun, 2023
    Security Technologies

    Introduction to Security Technologies

    The following article, Security Technologies, provides you with an outline of the most common technologies used in security. We all aware of the pace with which the internet is growing. For everything that we had to travel or to stay in long queues for longer, the Internet had made them easy for us, and now almost all of the things are available at our fingertips. In simple words, we can say that it is not easy to imagine a single day without the internet. It is known to everyone that everything had two sides: pros and cons, and the same applies to the Internet as well. With the fast increase in Internet usage, the attacks happening in organizations have also been increased. For contemporary business or organizations, a new challenge has been evolved that protects their body from cyber attacks. Here we will be discussing the technologies that are available to protect the organizations from cyber attacks so that the flow of their operations remains smooth.

    1. Data Loss Prevention

    Data Loss Prevention may be defined as the technology concerned with validating if the data sent out from the organization is sensitive enough to hinder the business. Usually, the data are sent through emails and under this technology, the mails have been monitored to ensure that it is not carrying the confidential data out from the organization. By virtue of this technology, all the emails and their attachments are monitored closely to ensure that all the data sent outside the organization are appropriate and not something confidential.

    2. Intrusion Detection System

    An intrusion Detection System(IDS) can be defined as the technology which monitors all the traffic that enters the organization to ensure that those are not malicious. It can also be considered a tool responsible for checking the traffic and raising the alert if the traffic is found malicious or appears to be originated from the untrusted source. This technology is mainly concerned with giving a close view of the traffic to ensure that it is something that the organization should allow to get in.

    3. Intrusion Prevention System

    Intrusion Prevention System(IPS) may be defined as the technology or tool that takes action against the traffic that is labelled malicious by the IDS. Usually, the IPS drops the packet entering into the system once it is considered untrusted. It is the main protection point that makes sure that malicious traffic should not enter into the organization’s network. It is IPS that makes sure that all the traffic that enters the system should comply with the policies that are defined by the organizations so that it should not affect the working of the systems in any way.

    4. Security Incident and Event Management

    It is also known as SIEM. It is mainly concerned with invoking the alert once anything unusual is found on the organization’s network. Several tools can be integrated into SIEM to make sure that anything that is malicious must generate the alert so that the security team could take action against it and keep the internal environment protected. It also keeps track of the logs that are generated while ensuring the security of the network. It can also be considered as the central system that has other tools attached to it. All the tools work as peers that protect the network in their own way.

    5. Firewall

    The firewall works as the first layer of protection of any system or network. There are various types of Firewalls based on their role. In order to protect the internet, network firewalls are used, while in order to protect the web application, there are web application firewalls. This technology has been developed to ensure that the internal network is protected from unusual traffic, and nothing malicious could make it to the internal network. The technology ensures that the ports should be open only for the appropriate communication, and the untrusted data should not hit the system anyhow. The firewall could either allow the traffic to enter or could configure the port filtration to make sure that all the traffic passes through it must be useful for the service running on any particular port,

    6. Antivirus

    Antivirus is another technology used in cybersecurity. As its name states, it protects the system from the virus. The virus is nothing but the malicious code that makes the host or network to take unexpected actions. It is deployed in the network and can also be used as endpoint protection. All the devices connected to the network can have an antivirus installed in them to protect themselves from virus attacks. In order to detect whether the particular file is a virus, the antivirus used the signatures present in the repository of that antivirus. The latest antivirus has the capability to leverage the anomalies to detect the virus and take action against it.

    Resource : https://www.educba.com/security-technologies/

    30May, 2023
    What the Email Security Landscape Looks Like in 2023

    Email-based threats have become increasingly sophisticated, how is changing the Email Security Landscape?

    For over a decade, email has been a common source of cybersecurity threats. During that time, email-based threats have become increasingly sophisticated. What started as notes from Nigerian princes that needed large sums of money to help them get home has evolved into bad actors that use refined social engineering tactics to convince the receiver to unknowingly share important information. It’s not likely to stop there.

    Recently, VIPRE Security Group published their Email Security in 2023 report, where they shared insights on the development of email-based threats and how they can impact organizations. What follows is an overview of some of the key findings from the report and some of the thing’s businesses can do to protect their employees and data.

    Email Threats Are Becoming More Sophisticated

    There are a number of ways that email can be leveraged to compromise the security of an organization, but the most prominent approach is phishing. In a phishing attack, an individual receives an email from a sender that seems legitimate with a request to share information, log into a system, or click a link. In this email, the bad actor pretending to be the sender may nefariously capture the individual’s authentication details or prompt a malicious download that then compromises the system. At this point, the bad actor has access to the information they were after.

    Today, according to the Verizon 2022 Data Breach Investigation Report, phishing is one of the leading five tactics used to initiate data breaches. It’s a trend that’s growing. In 2022, email phishing attacks made up 24% of all spam emails — up from 11% in 2021. Given that phishing requires a relatively low lift for attackers, and has a fairly decent rate of return for them, it’s no surprise that there has been an increase in this trend.

    The prevalence of phishing attacks has been bolstered by a number of risk factors, including:

    • Insider threats whereby disgruntled or compromised employees leverage their position in the company to get access to certain items. They can use their corporate email and their insider knowledge to make requests to others using social engineering.
    • Domain compromise, where attackers compromise a website or newly registered domain to create seemingly legitimate communications and links.
    • Phishing-as-a-Service has emerged as a model that’s standardizing the underground economy and making it easier for bad actors to access phishing and hacking services.
    • QR code spoofing. Bad actors are starting to leverage QR codes as part of their email phishing tactics, largely because of how comfortable people got with them over the pandemic.
    • Domain warming, a process through which someone creates a positive reputation for a domain so that its emails don’t get flagged as spam. Bad actors use the domain until it starts getting blocked, and then move onto the next one.

    What Can We Expect in 2023?

    As part of their report, the team at VIPRE made three predictions for the email security landscape this year.

    #1 There will be more remote work-based attacks. Since remote work relies significantly on email as a form of communication, the statistical chance of a successful phishing attack only goes up. In addition, there is also a number of collaboration tools — like Asana, Slack, and Teams — that leverage email as a verification method, and that could be compromised.

    #2 The “as-a-Service” economy is going to keep growing. Cybercriminals are finding out that they don’t need to be technical experts to execute their campaigns anymore. Now they can hire a team to do it for them. The potential of this growing space is dangerous, and companies need to stay on their toes.

    #3 Small businesses are at risk. As bad actors opt for a more agile and efficient approach, they’re turning their attention to “easy” targets: small businesses. As large enterprises focus more on security, they are getting harder to penetrate, and smaller companies require less effort to infiltrate. This ultimately makes them more valuable to hackers.

    Being aware of the threats is an important first step, but organizations need to also be well-positioned to protect themselves from these activities.

    What Companies Can Do to Protect Themselves

    Just as the email threat landscape has evolved over the last decade, the same is true for email security. Today, companies have a wealth of options to choose from when it comes to strengthening their email security posture. These include:

    • Implementing a layered email security strategy that accounts for different types of phishing attacks and dissuades bad actors from attempting an attack.
    • Investing in behavioral-driven analytics so that they can quickly identify any red flags and respond to a behavioral anomaly before it causes any real impact.
    • Securing data in transit to avoid sensitive data being captured in email responses. This can be done using encryption.
    • Deploying email-specific security controls that go beyond traditional security methods, such as dynamic crawl abilities.
    • Protecting all endpoints by building a comprehensive security posture and reviewing all files, processes, and network activity proactively.
    • Training users to be more aware. Education is a key element in building a culture of security, so it’s vital to get employees onboard when rolling out new standards and policies.

    There’s no time like the present to get started with these strategies. Investing in best-in-class systems now will ensure that you’re keeping pace with the ongoing evolution of email threats and keeping your company protected.

    Resource : https://securityaffairs.com/146141/hacking/email-security-landscape-2023.html

    27May, 2023
    Microsoft Security Copilot is a new GPT-4 AI assistant for cybersecurity

    After announcing an AI-powered Copilot assistant for Office apps, Microsoft is now turning its attention to cybersecurity. Microsoft Security Copilot is a new assistant for cybersecurity professionals, designed to help defenders identify breaches and better understand the huge amounts of signals and data available to them daily.

    Powered by OpenAI’s GPT-4 generative AI and Microsoft’s own security-specific model, Security Copilot looks like a simple prompt box like any other chatbot. You can ask “what are all the security incidents in my enterprise?” and it will summarize them. But behind the scenes, it’s making use of the 65 trillion daily signals Microsoft collects in its threat intelligence gathering and security-specific skills to let security professionals hunt down threats.

    Microsoft Security Copilot is designed to assist a security analyst’s work rather than replace it — and even includes a pinboard section for co-workers to collaborate and share information. Security professionals can use the Security Copilot to help with incident investigations or to quickly summarize events and help with reporting.

    Security Copilot accepts natural language inputs, so security professionals could ask for a summary of a particular vulnerability, feed in files, URLs, or code snippets for analysis — or ask for incident and alert information from other security tools. All prompts and responses are saved, so there’s a full audit trail for investigators.

    Results can be pinned and summarized into a shared workspace, so colleagues can all work on the same threat analysis and investigations. “This is like having individual workspaces for investigators and a shared notebook with the ability to promote things you’re working on,” says Chang Kawaguchi, an AI security architect at Microsoft, in an interview with The Verge.

    One of the most interesting aspects of Security Copilot is a prompt book feature. It’s essentially a set of steps or automations that people can bundle into a single easy-to-use button or prompt. That could involve having a shared prompt to reverse engineer a script so security researchers don’t have to wait for someone on their team to perform this type of analysis. You can even use Security Copilot to create a PowerPoint slide that outlines incidents and the attack vectors.

    Much like Bing, Microsoft is also sourcing results clearly when security researchers ask for information on the latest vulnerabilities. Microsoft is using information from the Cybersecurity and Infrastructure Security Agency, the National Institute of Standards and Technology’s vulnerability database, and Microsoft’s own threat intelligence database.

    That doesn’t mean Microsoft’s Security Copilot will always get things right, though. “We know sometimes these models get things wrong, so we’re offering the ability to make sure we have feedback,” says Kawaguchi. The feedback loop is a lot more involved than just the thumbs-up or thumbs-down found on Bing. “It’s a little more complicated than that, because there are a lot of ways it could be wrong,” explains Kawaguchi. Microsoft will let users respond with exactly what’s wrong to get a better understanding of any hallucinations.

    “I don’t think anyone can guarantee zero hallucinations, but what we are trying to do through things like exposing sources, providing feedback, and grounding this in the data from your own context is ensuring that it’s possible for folks to understand and validate the data they’re seeing,” says Kawaguchi. “In some of these examples there’s no correct answer, so having a probabilistic answer is significantly better for the organization and the individual doing the investigation.”

    While Microsoft’s Security Copilot looks like a prompt and chatbot interface like Bing, the company has limited it to just security-related queries. You won’t be able to grab the latest weather information here or ask the Security Copilot what its favorite color is. “This is very intentionally not Bing,” says Kawaguchi. “We don’t think of this as a chat experience. We really think of it as more of a notebook experience than a freeform chat or general purpose chatbot.”

    Security Copilot is the latest example of Microsoft’s big push with AI. The Microsoft 365 Copilot feels like it will forever change Office documents, and Microsoft-owned GitHub is supercharging its own Copilot into more of a chatty assistant to help developers create code. Microsoft doesn’t appear to be slowing down with its Copilot ambitions, so we’re likely to see this AI assistant technology appear throughout the company’s software and services.

    Microsoft is starting to preview this new Security Copilot with “a few customers” today, and the company doesn’t have a date in mind for rolling this out more broadly. “We’re not yet talking about timeline for general availability,” says Kawaguchi. “So much of this is about learning and learning responsibly, so we think it’s important to get it to a small group of folks and start that process of learning and to make this the best possible product and make sure we’re delivering it responsibly.”

    Resource : https://www.theverge.com/2023/3/28/23659711/microsoft-security-copilot-gpt-4-ai-tool-features?&web_view=true

    24May, 2023
    5 emerging security technologies set to level the battlefield

    The war between data defenders and data thieves has been described as a cat-and-mouse game. As soon as the white hats counter one form of black-hat malicious behavior, another malevolent form rears its ugly head. How can the playing field be tilted in favor of the infosec warriors? Here are five emerging security technologies that may be able to do that.

    1. Hardware authentication

    The inadequacies of usernames and passwords are well known. Clearly, a more secure form of authentication is needed. One method is to bake authentication into a user’s hardware. Intel is moving in that direction with the Authenticate solution in its new, sixth-generation Core vPro processor. It can combine a variety of hardware-enhanced factors at the same time to validate a user’s identity.

    Intel has built on previous efforts to dedicate a portion of the chipset for security functions to make a device part of the authentication process. Good authentication requires three things from users: what they know, such as a password; who they are, such as a username; and what they have, such as a token. In the case of Authenticate, the device becomes the what-you-have.

    “This isn’t new,” said Scott Crawford, research director for information security at 451 Research. “We’ve seen this in other manifestations, such as licensing technologies and tokens.”

    Hardware authentication can be particularly important for the Internet of Things (IoT) where a network wants to ensure that the thing trying to gain access to it is something that should have access to it.

    However, Crawford noted, “The most immediate application for the technology is for authenticating an endpoint in a traditional IT environment — laptops, desktops, and mobile devices using Intel chipsets.”

    2. User-behavior analytics

    Once someone’s username and password are compromised, whoever has them can waltz onto a network and engage in all kinds of malicious behavior. That behavior can trigger a red flag to system defenders if they’re employing user behavior analytics (UBA). The technology uses big data analytics to identify anomalous behavior by a user.

    “There’s a lot of interest in this in the enterprise,” 451’s Crawford said.

    He explained that the technology addresses a blind spot in enterprise security. “Once an attacker gains entry into an enterprise, what happens then?” he asked. “One of the first things they do is compromise credentials. So then the question becomes, Can you differentiate between a legitimate user’s activity and an attacker who has gained entry, compromised a legitimate user’s credentials and is now looking for other targets?”

    Visibility into activity that does not fit the norm of the legitimate user can close a blind spot in the middle of the attack chain. “If you think of the attack chain as initial penetration, lateral movement, and then compromise, theft, and exfiltration of sensitive data, the middle links in that attack chain have not been very visible to enterprise security pros, and that’s why the interest in user behavior analytics today,” Crawford said.

    Comparing a user’s present behavior to past behavior isn’t the only way UBA can identify a malicious actor. “There’s something called ‘peer analysis’,” explained Steven Grossman, vice president for program management at Bay Dynamics, a threat analytics company. “It compares how someone is behaving compared to people with the same manager or same department. That can be an indicator that the person is doing something they shouldn’t be doing or someone else has taken over their account.”

    In addition, UBA can be a valuable tool for training employees in better security practices. “One of the biggest problems in a company is employees not following company policy,” Grossman said. “To be able to identify those people and mitigate that risk by training them properly is critical.”

    3. Data loss prevention

    A key to data loss prevention is technologies such as encryption and tokenization. They can protect data down to field and subfield level, which can benefit an enterprise in a number of ways:

    • Cyber-attackers cannot monetize data in the event of a successful breach.
    • Data can be securely moved and used across the extended enterprise — business processes and analytics can be performed on the data in its protected form, dramatically reducing exposure and risk.
    • The enterprise can be greatly aided in compliance to data privacy and security regulations for protection of payment card information (PCI), personally identifiable information (PII) and protected health information (PHI).

    “There’s been a lot of security spending over the last several years, and yet the number of records breached in 2015 went up considerably over the prior year,” noted 451’s Crawford. “That’s contributing to the surge in interest in encryption.”

    However, as John Pescatore, director of Emerging Security Trends at the SANS Institute, points out, authentication plays an important role in data loss prevention.

    4. Deep learning

    Deep learning encompasses a number of technologies, such as artificial intelligence and machine learning. “Regardless of what it’s called, there a great deal of interest in it for security purposes,” 451’s Crawford said.

    Like user behavior analytics, deep learning focuses on anomalous behavior. “You want to understand where malicious behavior deviates from legitimate or acceptable behavior in terms of security,” Crawford explained.

    Instead of looking at users, the system looks at “entities,” explained Brad Medairy, a senior vice president with Booz Allen. “Exact business analytics and recent developments in machine-learning models mean we are now able to look at the various entities that exist across the enterprise at the micro to the macro levels. For example, a data center, as an entity, can behave a certain way, similar to a user.”

    Use of machine learning can help stamp out the bane of advanced persistent threats, added Kris Lovejoy, president of Acuity Solutions, maker of an advanced malware detection platform. “With its ability to decipher between good and bad software, at line speed, machine-learning technologies will offer a significant boon to security practitioners who seek to decrease time to advanced threat detection and eradication,” she said.

    Crawford said he expects investments in deep learning for security purposes to continue. He added, however, that “the challenge for enterprises is there are a lot of companies coming to market with similar approaches for the same problem. Differentiating distinctions from one vendor to another is going to be a major challenge for enterprises in the coming year and beyond.”

    5. The cloud

    “The cloud is going to have a transformative impact on the security technology industry generally,” Crawford said.

    He explained that as more organizations use the cloud for what has traditionally been the domain of on-premises IT, more approaches to security that are born in and for the cloud will appear. On-premises techniques will be transitioned to the cloud. Things such as virtualized security hardware, virtualized firewalls, and virtualized intrusion detection and prevention systems. But that will be an intermediate stage.

    “If you think about what an infrastructure-as-a-service provider can do on a very large scale for all of its customers, there may not be the need to pull out all the defenses you need on-prem,” Crawford said. “The infrastructure-as-a-service provider will build that into their platform, which will relieve the need to do that for the individual cloud customer.”

    SANS’ Pescatore added that government agencies and private industry have increased the security of their data centers by using IaaS services such as Amazon and Firehost. “The GSA FedRAMP program is a great example of ‘certified secure-enough’ cloud services that make it easier for the average enterprise to have above-average data center security,” he said.

    These five should help out the infosec warriors get the upperhand. Any we missed? Which technologies do you suggest will move the needle on information security? Weigh in via the comments below.

    Resource : https://techbeacon.com/security/5-emerging-security-technologies-set-level-battlefield

    18May, 2023
    A new perspective on security and business

    The battle continues, cyber-criminals versus their organizational victims. However, another battle is often raging under the surface inside organizations – security versus the rest of the business. Fighting the global war on cybercrime is much more challenging when the targets are distracted by internal turf wars. If security and business teams step back from the ledge, it’s not hard to see that everyone is working toward a common goal. Both groups want the same thing, not to be a victim of cybercrime. Understanding how to attack this problem without friendly fire is the missing element. A new perspective can show a path toward it.

    A challenge of standing on the ledge is the limited view of options available to work the problem. Abraham Maslow described it well, “if all you have is a hammer, everything looks like a nail.” If you focus solely on security methodologies, you will likely only view the problem from this angle. If a cybersecurity threat exists within a system, removing that threat is all that matters. The hammer is the security tool available to remove threats; the threat is a nail.

    But what if we looked at the threats from a different perspective? For a more pointed example, we can look at the threats in an OT environment. Like IT, OT devices are vulnerable to various cyber threats. However, threats to device and process configurations are an equally important concern. These operation-focused threats include misconfigurations, unexpected setting changes, unplanned updates, or anything else that could alter a device’s expected functionality. Reducing this type of threat is the focus of OT operation teams. By taking a step back, we can view the operation-focused threats the OT teams are concerned with alongside the security team’s cyber-focused threats. Doing so reveals that both teams have a common goal – maintaining operational continuity.

    Now that we have a common goal, one that both security and the business (specifically the operations team in this example) can agree on, the challenge remains how to mitigate the threat best. Continuing our OT example, this step is where a shift is needed from traditional IT security methodologies. The tools used to mitigate threats in IT systems, such as Endpoint Detection and Response (EDR), are often unsuitable for use in an OT environment. The differences between OT and IT, including system resource constraints, legacy software and operating systems, unique devices, and specialty applications, explain part of the reason IT EDR is unsuitable. It can’t monitor threat behaviors it doesn’t understand. More importantly, because of the singular focus on cyber threats, some actions taken by IT EDR tools may inadvertently introduce new operation threats. This explains the reluctance of OT teams to deploy security tools. They could hurt operational continuity more than it helps.

    Supporting the new perspective’s common goal requires a new approach simultaneously addressing cyber and operation threats—Cyber-Physical System Detection and Response (CPSDR) does just that. It takes the proven cyber threat detection and response concepts from EDR and introduces operation-threat protection to support the common goal. With this new dual context and focus, security teams can mitigate against cyber-attacks, and operation teams can lockdown configurations, allowing each to complete their mission without risking operational continuity in the process.

    TXOne Networks is pioneering this new paradigm of protection with TXOne Stellar. Designed specifically for the OT environment, Stellar supports business and security team goals by defending the operational stability of OT devices and Cyber-Physical Systems and detecting and responding to cyber threats. With TXOne Network’s deep OT industry knowledge, there is no longer a need to settle for “IT solutions will have to do.” Stellar can accelerate your OT resiliency by providing newfound confidence to operations teams that it is safe for security teams to apply security controls without impacting availability because they are dual-focused on their goals too.

    Announce your organization’s turf war reconciliation. Keep the operation running with TXOne Stellar.

    Resource : https://www.scmagazine.com/native/incident-response/a-new-perspective-on-security-and-business