Home Podcasts Videos Guest Posts Q&A My Take Bio Contact
 

Steps forward

 

MY TAKE: What the Uber hack tells us about fresh attack vectors created by the rise of DevOps

By Byron V. Acohido

Dissecting the root cause of Uber’s catastrophic data breach is a worthwhile exercise. Diving one level deeper into the scenario that led up to the popular ride-hailing service losing personal data for 50 million passengers and seven million drivers shows us why this particular type of hack is likely to recur many more times in 2018.

Related podcast: Why DevOps and security are destined to intersect

Hackers got deep into Uber’s Amazon Web Services platform. They did this by somehow obtaining, then using the AWS logon credentials of one of Uber’s software developers, who left those credentials accessible on GitHub. Though we don’t know nitty gritty details, security analysts say something like this had to have happened:

While working on an AWS coding task, the Uber developer took some of this code base and uploaded it to GitHub.  No security sins to this point. ‘Git’ is a system for controlling the latest version of software programs; GitHub is an online repository where developers upload code for peer reviews and such.

Here’s the wider context: imagine the degree to which Uber, in order to connect riders and drivers, uses software to tie into services hosted by Amazon, Google, Facebook, Twitter, iPhone and Android. Uber is a prime example of an Internet-centric enterprise comprised of a collection of tools and services hosted by myriad partners. Think about how frenetic the software development process must be too keep Uber humming. …more

PODCAST: The case for rethinking security — starting with smarter management of privileged access logons

By Byron V. Acohido

Two cybersecurity trend lines have moved unremittingly up the same curve over the past two decades — and that’s not a good thing.

Year-in and year-out, organizations have steadily increased spending to defend their networks — and they continue to do so, with no end in sight. Research firm MarketsandMarkets estimates that the global cybersecurity market size will grow from $137.85 billion in 2017 to $231.94 billion by 2022, a compound annual growth rate of 11.0%.

Related podcast: Much stronger security can come from simple ‘Identity Access Management’ improvements

At the same time, the damage and disruption caused by malicious hackers has also continued to rise, with no end in sight. One recent measure of this comes from a survey of senior officials at 120 large enterprises, conducted by research firm Forrester and sponsored by Centrify, a leading supplier of identity and access management (IAM) technologies.

 

C-level executives disclosed to Forrester that two thirds of their companies had been breached multiple times –  a startling five times on average over the past two years. What’s more, respondents indicated these break-ins occurred evenly all across the network, at endpoints, servers, data bases and in software-as-a-service systems. …more

GUEST ESSAY: What ‘Fight Club’ taught me about protecting my online personas

By Thomas Yohannan

Dissociative identity disorder, AKA multiple personality disorder, is a human condition by which the victim’s personality becomes fragmented into two or more distinctive states.

DID has long been a rich topic for Hollywood screen writers. The movie Fight Club, in which Edward Norton and Brad Pitt portray polar opposite personalities of the main protagonist, is a classic example.

Related podcast: Phil Lieberman calls for resetting the C-suite mindset

DID sufferers subvert themselves in self-contained sets of memories, behaviors, attitudes, even perceived age. This is done so that the victim can insulate certain fragile areas of his or her psyche, and thus is able to function with a sense of security in otherwise threatening environments, psychologically speaking.

It may not be a bad idea …more

GUEST ESSAY: The top 4 cybersecurity certificates every IT staffer should have

By Victoria Zambito

Assuredly, it is a very positive development that more companies are looking to boost the security expertise of their in-house IT teams. This is being manifested by flow of IT professionals seeking out and participating in security-related certificate programs.

Numerous third-party organizations offer these educational tracks; a select few garner great respect within the field. Here’s the cream of the crop:

CompTIA A+ Certification

The CompTIA A+ Certification provides essential foundational knowledge for IT professionals. It covers basic enterprise hardware and software deployment, management techniques and cloud computing. Approximately 1 million IT professionals hold the highly coveted IT CompTIA A+ certification.

Certified Ethical Hacker (CEH v9) – EC-Council
The Certified Ethical Hacker Certification demonstrates an IT professional has an understanding of how to …more

GUEST ESSAY: A call for rethinking incidence response playbooks

By Liz Maida

We see it week after week. Insidious cyber threats that spread throughout enterprises like wildfire and proliferate around the globe, interfering with crucial work and holding data hostage. These attacks make the news cycle for a few days, security teams wring their hands over it, and then forget all about it – until the next attack. Lather, rinse, repeat.

When will the security community get smarter about our approach to identifying and thwarting cyber threats, instead of just responding to the one at hand?

Related video: Tempered Networks introduces identity-based networks

The known threat of today — whether it’s malware, social engineering or phishing — inevitably morphs into the zero-day threat of tomorrow. Which means that all the tactical work security teams …more

PODCAST: Why ‘machine learning’ is perfectly suited to mitigating network breaches

By Byron V. Acohido

The essence of  “machine learning” is that ML is perfectly suited to extracting value from large sets of data.

Thus, whether you realize it or not, ML has come to intersect with just about every aspect of daily living. ML today is used pervasively to profile our online behaviors. When we search for something on Google, make a purchase on Amazon, stream a movie from Netflix, post to Facebook, or Tweet, all of that data is stored and analyzed. And now ML advances are being applied to vehicle and driver data to rapidly steer us (pun intended) towards everyday dependence on driverless vehicles.

But there is another arena where one would expect ML to be making a much larger impact than it has to date: cybersecurity.

Related article: 2018 – Year of the CISO

Consider this: the typical corporate IT system is a sprawling amoeba generating large sets of data, minute-by-minute, day-by-day, from dozens of disparate systems. Hidden in this tumult of network logs are the fingerprints of threat actors actively stealing and disrupting – or getting into position to do so. …more

PODCAST: The quest for relevant, actionable threat intelligence

By Byron V. Acohido

In the war on cyber crime, access to rich stores of threat intelligence has never really been the problem.

Quasi-government entities, like the United States Computer Emergency and Readiness Team (US-CERT,) and industry sharing groups, like the Information Sharing and Analysis Centers (ISACS,) supply a rich baseline of threat data.

Related video: Why the NIST framework is vital to baseline security

Meanwhile, cybersecurity companies like FireEye, Symantec, CrowdStrike, Palo Alto Networks, Dell SecureWorks, Kaspersky Lab and countless others routinely share some of their hard won intel publicly, for the greater good, while keeping some intel close — for primary use by their paying customers.

In 2013 a couple of buddies working as security analysts at organization deep within the U.S. military complex got frustrated by their inability to truly leverage the deluge of threat intel in an efficient way. So the two analysts, Ryan Trost and Wayne Chiang, launched ThreatQuotient. …more