MY TAKE: The back story on the convergence, continuing evolution of endpoint security

By Byron V. Acohido

No one in cybersecurity refers to “antivirus” protection any more. The technology that corrals malicious software circulating through desktop PCs, laptops and mobile devices has evolved into a multi-layered security technology referred to as ‘endpoint security.’

This designation change unfolded a few years back. It was a reflection of attackers moving to take full advantage of the fresh attack vectors cropping up as companies retooled their legacy networks – comprised of ‘on-premises’ servers and clients – to operate in the expanding world of cloud services, mobile devices and the Internet of Things.

Having covered the Symantec, McAfee, Trend Micro, Sophos, Kaspersky, et. al. since the nascent days of the antivirus market, I find in fascinating that the top dozen or so antivirus players have all managed to remain in the game. What’s more, they’ve all successfully grown into multi-layered full-service endpoint security suppliers.

I visited with Joe Sykora, vice president of worldwide channel development for Bitdefender, at Black Hat USA 2018, and asked him to put the remarkable staying power of endpoint security in context. In 1990, Florin and Mariuca Talpes parlayed a $300 stake borrowed from a relative into a company which would become Bitdefender in 2001. Founded in Bucharest, the company of 1,600 employees is in the thick of reshaping endpoint security.

For a drill down on my discussion with Sykora, please listen to the accompanying podcast. Here are a few big takeaways:

Smarter spending

In this fast-evolving, digitally-transformed, business environment, enterprises in 2018 will spend a record $3.8 billion for endpoint protection, according to Gartner. For a variety of reasons, many organizations just cannot seem to wean themselves off legacy antivirus suites, even as the effectiveness of legacy solutions continues to steadily wane.

Two thirds of the large enterprises recently surveyed by 451 Research and Digital Guardian reported maintaining as many as five endpoint security services, and one in 10 respondents dealt with as many as 10 solutions.

This usage pattern has persisted even though companies are being challenged to spend security dollars much more judiciously. Compliance requirements from regulators in Europe and the U.S. keep intensifying. But the big driver compelling companies to spend smarter is obvious: the risk of sustaining a catastrophic network breach keeps rising.

One-upmanship

Endpoint security is all about one-upmanship. Through the course of the past two decades, threat actors and security vendors have engaged in a continuing contest of leapfrog. In the early days, antivirus suites were threat-centric and device-centric. So attackers simply quickened the pace of developing malware variants. Evasion of the latest antivirus signatures quickly became an art form.

Security vendors responded with new systems designed to detect and quarantine malware that slipped through signature-based antivirus detectors and firewalls — before any harm could be done. “We took more advanced steps to put anything suspicious into a sandbox, and then blow it up to see if it was good or bad,” says Sykora.

So next, threat actors focused on honing techniques to gain access to privileged accounts. They discovered how readily privileged access could be gained via social engineering, or simply by purchasing stolen account credentials on the Dark Web. The end game became to usurp control of existing admin tools – and use them to stealthily execute malicious activities from deep inside the targeted network. These so-called “fileless” attacks bypassed legacy antivirus systems altogether: there simply weren’t any malicious files to detect!

Looming consolidation

In response, endpoint security vendors are currently consolidating their endpoint tools portfolios. In fact, a wider convergence may be afoot in which endpoint systems increasingly merge with leading-edge threat detection and incident response technologies.

Consolidation of leading-edge security technologies makes a lot of sense; it drives companies toward consistent collection of security-related data. Over time this should result in more clarity, sifting out truly malicious events from the ocean of benign network activity.

“Our approach is to do consolidation with ease of use in mind,” Sykora told me. “Our solution takes legacy endpoint software, next-gen endpoint systems, data center security and storage security and gives the user a single interface. This enables the user to actually manage it all and see everything that’s going on. Of course, it’s important to have a mediation plan, if something does happen.”

Most of Bitdefender’s competitors in the endpoint security space are similarly driving toward a platform approach that, at some level, consolidates, the many and varied security systems enterprises already have in house, systems that today don’t easily talk to each other.

This is the natural course of things. As companies increase their reliance on cloud-based services, and as digital transformation accelerates, endpoint security will remain engrained as a fundamental component of defending modern business networks.

(Editors note: Last Watchdog has supplied consulting services to Bitdefender.)

How ‘digital transformation’ gave birth to a new breed of criminal: ‘machine-identity thieves’

By Byron V. Acohido

There’s a new breed of identity thief at work plundering consumers and companies.

However, these fraudsters don’t really care about snatching up your credentials or mine. By now, your personal information and mine has been hacked multiple times and is readily on sale in the Dark Web. This has long been true of the vast majority of Americans.

The identities most sought after by cyber criminals today are those associated with machines. This is because the digital wizardry driving modern society relies heavily on machine-to-machine communications. And guess what? No one is really watching authentication and privileged access, with respect to those machines very closely.

It’s my belief that every consumer and every company will very soon come to realize that a new breed of criminal – machine-identity thieves – will soon become all-powerful, and not in a good way. Here’s why:

Fresh attack surface

If you haven’t heard, we are undergoing “digital transformation.” Digital advances are coming at us fast and furious. Consumers have begun accustomed to conveniently accessing clever services delivered by a sprawling matrix of machines, and not just traditional computer servers.

The machines enabling digital transformation include virtual instances of computers created and maintained in the Internet cloud, as well as myriad instances of software “microservices” and “containers” that come and go as part of the dynamic processes that make all of this happen.

Each machine must continually communicate with countless other machines. And as the number of machines has skyrocketed, so has the volume of machine identities. From a criminal’s perspective, each machine represents an opportunity to slip into the mix and take control. And each machine identity represents a key to get in the door.

Machine-identity capers

The creation of this vast new attack surface isn’t just theoretical. It’s tangible and threat actors are on the move. “Hackers are stealing machine identities, and using them in attacks, and it’s happening more and more,” says Jeff Hudson, CEO of security supplier Venafi. …more

MY TAKE: These 7 nation-state backed hacks have put us on the brink of a global cyber war

By Byron V. Acohido

Nation-state backed hacking collectives have been around at least as long as the Internet.

However, evidence that the ‘golden age’ of cyber espionage is upon us continues to accumulate as the first half of 2018 comes to a close.

What’s changed is that cyber spies are no longer content with digital intelligence gathering. Military operatives and intelligence units today routinely hack to knock down critical infrastructure, interfere with elections, and even to exact revenge on Hollywood studios.

Recently, one of the most powerful and notorious cyber spies on the planet, North Korean General Kim Yong Chol, stepped from obscurity into global celebrity status.

Last month President Trump invited the heretofore obscure General Kim into the White House for an impromptu state visit. For about two hours, Trump exchanged pleasantries with the man who orchestrated North Korea’s devastating hack of Sony Pictures in 2014, the aforementioned revenge caper. The tête-à-tête unfolded as Trump prepared for his summit in Singapore with General Kim’s boss, North Korean despot Kim Jong-un.

Rise of North Korea

It’s notable that, since the Sony Pictures hack, General Kim has steadily gotten more powerful and adept at the cyber spy game. Today he commands a cyber army, some 7,000 hackers and support staff strong, that has emerged as a potent and disruptive force. The Wall Street Journal recently reported that North Korea is cultivating elite hackers much like other countries train Olympic athletes.

Meanwhile, Iran-sponsored cyber operatives are making hay, as well. Trump’s decision …more

Will GDPR usher in a new paradigm for how companies treat consumers’ online privacy?

By Byron V. Acohido

Back in 2001, Eric Schmidt, then Google’s CEO, described the search giant’s privacy policy as “getting right up to the creepy line and not crossing it.”

Well, Europe has now demarcated the creepy line – and it is well in favor of its individual citizens. The General Data Protection Regulation, or GDPR, elevates the privacy rights of individuals and imposes steep cash penalties for companies that cross the creepy line – now defined in specific detail.

Europe’s revised online privacy regulations took effect last Friday. European businesses are bracing for disruption – and U.S. companies won’t be immune to the blowback. There are more than 4,000 U.S. companies doing business in Europe, including many small and midsize businesses. All of them, from Google, Facebook and Microsoft, down to mom-and-pop wholesalers and service providers, now must comply with Europe’s new rules for respecting an individual’s online privacy.

The EU is expected to levy GDPR fines totaling more than $6 billion in the next 12 months, an estimate put out by insurance giant Marsh & McLennan. As these penalties get dished out, senior management will become very uncomfortable; they’ll be forced to assume greater responsibility for cybersecurity and privacy, and not just leave it up to the IT department.

This is all unfolding as companies globally are racing to embrace digital transformation – the leveraging of cloud services, mobile computing and the Internet of Things to boost innovation and profitability. In such a heady business environment, a regulatory hammer was necessary to give companies pause to consider the deeper implications of poorly defending their networks and taking a cavalier attitude toward sensitive personal data. …more

Q&A: Here’s how Google’s labeling HTTP websites “Not Secure” will strengthen the Internet

By Byron V. Acohido

In a move to blanket the Internet with encrypted website traffic, Google is moving forward with its insistence that straggling website publishers adopt HTTPS Secure Sockets Layer (SSL).

Related: How PKI can secure IoT

Google’s Chrome web browser commands a 60% market share. So the search giant has been leading the push to get 100% of websites to jettison HTTP and replace it with HTTPS. The former – Hypertext Transfer Protocol – standardized the way web browsers fetch a web page from its host server and thus made the world wide web as we know it today possible.

But HTTP connections are carried out in plain text. This makes it trivial for eavesdroppers to snatch plain-text communications, such as when users fill out forms on web pages or use shopping carts or conduct online banking. This makes any personal information and details of financial transactions typed on HTTP web pages easy pickings.

So along came SSL and its successor, Transport Layer Security (TLS), the underpinnings of secure online transactions. SSL and TLS come into play in the form of digital certificates issued by Certificate Authorities (CAs) — vendors that diligently verify the authenticity of websites, and then also help the website owners encrypt the information consumers type into web page forms.

The PKI (public key infrastructure) encryption protocol makes all this happen instantaneously, triggering a visual confirmation – the tiny green padlock preceding the HTTPS address in Chrome’s address bar.

With the release its Chrome 68 browser on July 24, any web page not running HTTPS with a valid TLS certificate will display a “Not Secure” warning in Chrome’s address bar. …more

Q&A: How your typing and screen swiping nuances can verify your identity

The recent data breaches at Timehop and Macy’s are the latest harbingers of what’s in store for companies that fail to vigorously guard access to all of their mission-critical systems.

Related podcast: Why identities are the new firewall

A common thread to just about every deep network breach these days is the failure of the victimized entity to effectively deploy multi-factor authentication (MFA) to at least make it harder for threat actors to access their sensitive systems.

Compromised accounts came into play in data breaches of Uber, Tesla, Gemalto, Aviva, Equifax and many others. Threat actors are authenticating themselves at numerous junctures in order to gain deep access and deliver malicious payloads without being detected.

And with “digital transformation” accelerating, there are so many more weakly-secured login accounts just waiting to be maliciously manipulated.

Generally speaking, companies have yet to fully address authentication weaknesses, with respect to their legacy on-premises systems. And yet they doubling down on public cloud services, as well as increasing their dependence on an entire new solar system of software “microservices” and “containers” that come and go.

The vast majority of these new, interconnected components and layers that make up digital transformation require login accounts, which translates into a fresh galaxy of attack vectors.

The good news is that this is a solvable problem. The Identity Access Management (IAM) space is one of the more mature subsectors of the cybersecurity industry. And IAM vendors are innovating like crazy. They are bringing data-analytics, machine-learning and behavioral biometrics to bear, to help companies more effectively manage account authentication, without slowing down digital transformation.

For instance, IAM supplier Optimal IdM recently announced that it is partnering with TypingDNA to add “typing behavior analysis” as an added feature to its core MFA services. I asked Chris Curcio, vice-president of channel sales at Optimal IdM to set the wider context. Here are excerpts of the interview, edited for clarity and length. …more

Q&A: Crypto jackers redirect illicit mining ops to bigger targets — company servers

By Byron V. Acohido

Illicit crypto mining is advancing apace.

It was easy to see this coming. It began when threat actors began stealthily embedding crypto mining functionality into the web browsers of unwitting individuals. Cryptojacking was born. And now, the next-level shift is underway.

Cybercriminals have shifted their focus to burrowing onto company servers and then redirecting those corporate computing resources to crypto mining chores. They are doing this using both tried-and-true, as well as leading-edge, hacking techniques.

I recently unwrapped these developments in a discussion with Liviu Arsene, senior security analyst at Bitdefender, which has been closely monitoring this trend. One key bit of intelligence Bitdefender shares in a whitepaper is a breakdown of how EternalBlue has come into play, once again.

You may recall EternalBlue was one of the cyber weapons stolen from the NSA and used in the milestone WannaCry ransomware attack in the spring of 2017. WannaCry used EternalBlue to deploy a self-spreading worm to help rapidly spread a globe-spanning ransomware campaign. It also used PowerShell and Windows Management Instrumentation script to infect the victim, followed by Mimikatz to pull logins and passwords from a computer’s memory in order to move laterally across the infrastructure.

And now in 2018 EternalBlue is propagating a very similar worm, dubbed WannaMine, that has been seeking company servers to infect – and redirect to crypto mining chores – in 150 countries.

This is part of a rising number of advanced attacks designed to penetrate data centers of private and public cloud infrastructures which have the computing resources coveted by crypto miners.

The criminals aren’t asking for any ransom. They’re just taking – or more precisely, consuming — what they want: …more

National Cybersecurity Alliance advocates ‘shared responsibility’ for securing the Internet

By Byron V. Acohido

The targeting of Sen. Claire McCaskill by Russian intelligency agency hackers, as she runs for re-election, underscores the need for each individual and organization to take online privacy and security as a core part of our everyday lives.

The National Cyber Security Alliance is a non-profit group, underwritten by the top tech companies and biggest banks, that has been out there since 2001 promoting best practices and supplying programs to engrain this mindset in our society. NCSA operates the StaySafeOnline website that provides a variety of cybersecurity educational resources and programs.

I sat down with Russ Schrader, NCSA’s new executive director, who outlined the terrific resources NCSA makes available. One program, for instance, puts on workshops for Congressional staffers and other federal employees on how to recognize and avoid nation-state backed hackers looking to interfere in elections.

For a full drill down on our conversation, please listen to the accompanying podcast. Here are excerpts, edited for clarity and length:

LW: What is the National Cyber Security Alliance?

Schrader: We are a leading nonpartisan, nonprofit group that’s very involved as a convener of experts to talk about a number of the top issues in cybersecurity. We also have a lot of educational programs that reach far beyond the insular, cybersecurity expert areas.

LW: How did this organization get started?

Schrader

Schrader: The legacy is a group of CISOs from companies like Facebook, Google, Microsoft, Cisco, Oracle, Mastercard, Visa, Bank of America, Wells Fargo and a lot of others. They built a very robust group of committed cybersecurity professionals in their own businesses. But they also realized there was a greater good in encouraging safety and security of the Internet, as it becomes more and more an important part of people’s lives.

LW: Your high-level mission, as I understand it, is generally to build the level of awareness across the board?

Schrader: Absolutely. We have a lot of programs geared toward education at a lot of different levels. In addition to the consumer levels that we’re doing, we also work with people on the Hill, and try to help them during this election time, or when there may be unfriendly actors trying to hack into their e-mails or hijack their social media accounts. …more

NEW TECH: DataLocker introduces encrypted flash drive — with key pad

One sliver of the $90 billion, or so, companies are expected to spend this year on cybersecurity products and services is an estimated $85 million they will shell out for encrypted flash drives.

One of more fascinating innovators in this space is 11-year-old DataLocker, based in Overland Park, Kansas.

Related: How DataLocker got its starth

Co-founder Jay took a business trip to South Korea in the fall of 2007. A chance meeting – in an elevator, no less – led to Kim veering over to the cybersecurity industry.

DataLocker honed its patented approach to manufacturing encrypted portable drives and landed some key military and government clients early on; the company has continued branching out ever since. DataLocker has grown to 40 employees and this summer moved it’s headquarters to a larger office, with room to grow.

I recently had the chance to visit with Shauna Park, channel manager at DataLocker. We discussed why encrypted flash drives have become established as a must-have portable business tool in the digital age. For a full drill down please listen to the accompanying podcast. Here are excerpts edited for clarity and length.

LW: With all the wonders of the digital age, it’s fascinating how important it can be to have an encrypted drive in the palm of your hand when you really need one.

Park: Exactly. The encryption in our products is handled by a chip inside the actual hardware itself. So it’s easy to use for anybody; you don’t have to know how to do encryption. The hardware itself takes care of it for you. All the user needs is a strong password to access to the data.

LW: Where do encrypted drives typically come into play in a business setting? …more

GUEST ESSAY: A case for moving beyond SIEMS, UEBAs to ‘real-time threat hunting’

By Rick Costanzo

Understanding today’s cybersecurity landscape is complex. The amount of threats aimed at enterprises is staggering. More than 230,000 new malware samples are launched every day. The average small and medium-size business experiences a cyber attack 44 times every day. And the cost of damage directly related to cybercrime is adding up, expected to reach $6 trillion by 2021, according to Cybersecurity Ventures.

Related article: SIEMs strive for a comeback

Costanzo

The painful impact of cyber attacks on businesses is worsening despite advances in technology aimed at protecting enterprises from malicious network traffic, insider threats, malware, denial of service attacks and phishing campaigns.

This has left many CISOs questioning if today’s incumbent cybersecurity solutions are enough.

Categorizing solutions

Over the past decade, cyber security solutions have evolved into specific categories of solutions. Grouping similar items into categories serve a particular purpose. They help compartmentalize. They help rank. They help compare.

For example, sports cars represent an entirely different category of vehicles than luxury vehicles. It is easier to compare features and capabilities of one sports car with another sports car than it is to compare a sports car with a luxury vehicle.

Categories of cybersecurity solutions, like many categories in IT, have been defined by third parties. Many vendors devote significant resources to be highly positioned in coveted reports issued by these third parties. However, the reality is many of these third parties are interested observers. They are not on the front lines fighting the cybersecurity battle. …more

Older Articles »

The Last Watchdog

By Byron V. Acohido

By Byron V. Acohido

By Byron V. Acohido

By Byron V. Acohido

By Byron V. Acohido

By Byron V. Acohido

By Byron V. Acohido

By Rick Costanzo