Home Podcasts Videos Guest Posts Q&A My Take Bio Contact
 

SHARED INTEL: How ‘observability’ has enabled deep monitoring of complex modern networks

By Byron V. Acohido

An array of promising security trends is in motion.

New frameworks, like SASE, CWPP and CSPM, seek to weave security more robustly into the highly dynamic, intensely complex architecture of modern business networks.

Related: 5 Top SIEM myths

And a slew of new application security technologies designed specifically to infuse security deeply into specific software components – as new coding is being developed and even after it gets deployed and begins running in live use.

Now comes another security initiative worth noting. A broad push is underway to retool an old-school software monitoring technique, called observability, and bring it to bear on modern business networks. I had the chance to sit down with George Gerchow, chief security officer at Sumo Logic, to get into the weeds on this.

Based in Redwood City, Calif., Sumo Logic supplies advanced cloud monitoring services and is in the thick of this drive to adapt classic observability to the convoluted needs of company networks, today and going forward. For a drill down on this lively discussion, please give the accompanying podcast a listen. Here are the main takeaways: (more…)

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone

GUEST ESSAY: Why it’s worrisome that China has integrated Huawei switches into telecoms worldwide

By Sarina Krantzler

In the previous discussion, China’s 14th Five-Year Plan was summarized to capture relevant aspects of dual circulation, the Digital Silk Road (DSR), and the Belt Road Initiative (BRI) that aim to advance China as an economic, technological, and foreign policy powerhouse.

Related: Part 1. China’s 5 year digital plans

Both of those initiatives are well-funded, thoughtful, and strategic in their attempts to spread influence and widespread dependency on Chinese products.

The first blog concluded with a strong message of encouragement for the U.S. to evolve its own creative cybersecurity strategy leveraging strategic goals with economics and public policy to create a sustainable, secure cyber system consistent with Western ethical standards, our free market philosophy, and our democratic traditions.

The FCC’s Rip and Replace Model was introduced, by title only, to provide a glimpse into how the U.S. should, and is beginning to, take action to counteract intrusive Chinese technology within our critical infrastructure. To understand our options in this fight, however, we first need to understand who we’re up against.

Huawei Technologies, or Huawei for short, is a Chinese telecommunications firm that has been fed tens of billions of dollars in financial assistance by the Chinese government on a scale of subsidization that dwarfs the next closest competitors’ monetary receipt. To fuel their rise to the top of the global telecommunications landscape, Huawei had access to as much as $75 billion in state support as it grew from a little-known vendor of phone switches to the world’s largest telecom equipment company (Wall Street Journal).

Subsidies aside, since 1998, Huawei has received an estimated $16 billion in loans, export credits, and other forms of financing from Chinese banks for the firms’ operations and customers.

As referenced in the previous blog, Brazil was originally firmly in opposition of adopting Huawei technology into their infrastructure until the country became desperate amidst the COVID-19 pandemic.

ROUNDTABLE: Why T-Mobile’s latest huge data breach could fuel attacks directed at mobile devices

By Byron V. Acohido

TMobile has now issued a formal apology and offered free identity theft recovery services to nearly 48 million customers for whom the telecom giant failed to protect their sensitive personal information.

At the start of this week, word got out that hackers claimed to have seized personal data for as many as 100 million T-Mobile  patrons.

Related: Kaseya hack worsens supply chain risk

This stolen booty reportedly included social security numbers, phone numbers, names, home addresses, unique IMEI numbers, and driver’s license information.

Once more, a heavily protected enterprise network has been pillaged by data thieves. Last Watchdog convened a roundtable of cybersecurity experts to discuss the ramifications, which seem all too familiar. Here’s what they had to say, edited for clarity and length:

Allie Mellen, analyst, Forrester

According to the attackers, this was a configuration issue on an access point T-Mobile used for testing. The configuration issue made this access point publicly available on the Internet. This was not a sophisticated attack. T-Mobile left a gate left wide open for attackers – and attackers just had to find the gate.”

T-Mobile is offering two free years of identity protection for affected customers, but ultimately this is pushing the responsibility for the safety of the data onto the user. Instead of addressing the security gaps that have plagued T-Mobile for years, they are offering their customers temporary identity protection when breaches happen, as if to say, ‘This is the best we can do.’

Chris Clements, VP of Solutions Architecture, Cerberus Sentinel

Author Q&A: In modern cyberwarfare ‘information security’ is one in the same with ‘national security’

By Byron V. Acohido

What exactly constitutes cyberwarfare?

The answer is not easy to pin down. On one hand, one could argue that cyber criminals are waging an increasingly debilitating economic war on consumers and businesses in the form of account hijacking, fraud, and extortion. Meanwhile, nation-states — the superpowers and second-tier nations alike — are hotly pursuing strategic advantage by stealing intellectual property, hacking into industrial controls, and dispersing political propaganda at an unheard-of scale.

Related: Experts react to Biden’s cybersecurity executive order

Now comes a book by John Arquilla, titled Bitskrieg: The New Challenge of Cyberwarfare, that lays out who’s doing what, and why, in terms of malicious use of digital resources connected over the Internet. Arquilla is a distinguished professor of defense analysis at the United States Naval Postgraduate School. He coined the term ‘cyberwar,’ along with David Ronfeldt, over 20 years ago and is a leading expert on the threats posed by cyber technologies to national security.

Bitskrieg gives substance to, and connects the dots between, a couple of assertions that have become axiomatic:

•Military might no longer has primacy. It used to be the biggest, loudest weapons prevailed and prosperous nations waged military campaigns to achieve physically measurable gains. Today, tactical cyber strikes can come from a variety of operatives – and they may have mixed motives, only one of which happens to be helping a nation-state achieve a geo-political objective.

•Information is weaponizable. This is truer today than ever before. Arquilla references nuanced milestones from World War II to make this point – and get you thinking. For instance, he points out how John Steinbeck used a work of fiction to help stir the resistance movement across Europe.

Steinbeck’s imaginative novel, The Moon is Down, evocatively portrayed how ordinary Norwegians took extraordinary measures to disrupt Nazi occupation. This reference got me thinking about how Donald Trump used social media to stir the Jan. 6 insurrection in … more

Black Hat insights: How to shift security-by-design to the right, instead of left, with SBOM, deep audits

By Byron V. Acohido

There is a well-established business practice referred to as bill of materials, or BOM, that is a big reason why we can trust that a can of soup isn’t toxic or that the jetliner we’re about to board won’t fail catastrophically

Related: Experts react to Biden cybersecurity executive order

A bill of materials is a complete list of the components used to manufacture a product. The software industry has something called SBOM: software bill of materials. However, SBOMs are rudimentary when compared to the BOMs associated with manufacturing just about everything else we expect to be safe and secure: food, buildings, medical equipment, medicines and transportation vehicles.

An effort to bring SBOMs up to par is gaining steam and getting a lot of attention at Black Hat USA 2021 this week in Las Vegas. President Biden’s cybersecurity executive order, issued in May, includes a detailed SBOM requirement for all software delivered to the federal government.

ReversingLabs, a Cambridge, MA-based software vendor that helps companies conduct deep analysis of new apps just before they go out the door, is in the thick of this development. I had the chance to visit with its co-founder and chief software architect Tomislav Pericin. For a full drill down on our discussion please give the accompanying podcast a listen. Here are the big takeaways:

Gordian Knot challenge

The software industry is fully cognizant of the core value of a bill of materials and has been striving for a number of years to adapt it to software development.

Black Hat insights: All-powerful developers begin steering to the promise land of automated security

By Byron V. Acohido

Software developers have become the masters of the digital universe.

Related: GraphQL APIs pose new risks

Companies in the throes of digital transformation are in hot pursuit of agile software and this has elevated developers to the top of the food chain in computing.

There is an argument to be made that agility-minded developers, in fact, are in a terrific position to champion the rearchitecting of Enterprise security that’s sure to play out over the next few years — much more so than methodical, status-quo-minded security engineers.

With Black Hat USA 2021 reconvening in Las Vegas this week, I had a deep discussion about this with Himanshu Dwivedi, founder and chief executive officer, and Doug Dooley, chief operating officer, of Data Theorem, a Palo Alto, CA-based supplier of a SaaS security platform to help companies secure their APIs and modern applications.

For a full drill down on this evocative conversation discussion please view the accompanying video. Here are the highlights, edited for clarity and length:

LW:  Bad actors today are seeking out APIs that they can manipulate, and then they follow the data flow to a weakly protected asset. Can you frame how we got here?

Dwivedi: So 20 years ago, as a hacker, I’d go see where a company registered its IP. I’d do an ARIN Whois look-up. I’d profile their network and build an attack tree. Fast forward 20 years and everything is in the cloud. Everything is in Amazon Web Services, Google Cloud Platform or Microsoft Azure and I can’t tell where anything is hosted based solely on IP registration.

So as a hacker today, I’m no longer looking for a cross-site scripting issue of some website since I can only attack one person at a time with that. I’m looking at the client, which could be an IoT device, or a mobile app or a single page web app (SPA) or it could be an … more

NEW TECH: How the emailing of verified company logos actually stands to fortify cybersecurity

By Byron V. Acohido

Google’s addition to Gmail of something called Verified Mark Certificates (VMCs) is a very big deal in the arcane world of online marketing.

Related: Dangers of weaponized email

This happened rather quietly as Google announced the official launch of VMCs in a blog post on July 12. Henceforth companies will be able to insert their trademarked logos in Gmail’s avatar slot; many marketers can’t wait to distribute email carrying certified logos to billions of inboxes. They view logoed email as an inexpensive way to boost brand awareness and customer engagement on a global scale.

However, there is a fascinating back story about how Google’s introduction of VMCs – to meet advertising and marketing imperatives — could ultimately foster a profound advance in email security. Over the long term, VMCs, and the underlying Brand Indicators for Message Identification (BIMI) standards, could very well give rise to a bulwark against email spoofing and phishing.

I had a chance to sit down with Dean Coclin, senior director of business development at DigiCert, to get into the weeds of this quirky, potentially profound, security development. DigiCert is a Lehi, Utah-based Certificate Authority (CA) and supplier of Public Key Infrastructure services.

Coclin and I worked through how a huge email security breakthrough could serendipitously arrive as a collateral benefit of VMCs. Here are the main takeaways from our discussion:

ROUNDTABLE: Kaseya hack exacerbates worrisome supply-chain, ransomware exposures

By Byron V. Acohido

It was bound to happen: a supply-chain compromise, ala SolarWinds, has been combined with a ransomware assault, akin to Colonial Pipeline, with devasting implications.

Related: The targeting of supply chains

Last Friday, July 2, in a matter of a few minutes,  a Russian hacking collective, known as REvil, distributed leading-edge ransomware to thousands of small- and mid-sized businesses (SMBs) across the planet — and succeeded in locking out critical systems in at least 1,500 of them. This was accomplished by exploiting a zero-day vulnerability in Kaseya VSA, a network management tool widely used by managed service providers (MSPs)  as their primary tool to remotely manage IT systems on behalf of SMBs.

REvil essentially took full control of the Kaseya VSA servers at the MSP level, then used them for the singular purpose of extorting victimized companies — mostly SMBs —  for payments of $45,000, payable in Minera. In a few instances, the attackers requested $70 million, payable in Bitcoin, for a universal decryptor.

Like SolarWinds and Colonial Pipeline, Miami-based software vendor, Kaseya, was a thriving entity humming right along, striving like everyone else to leverage digital agility — while also dodging cybersecurity pitfalls. Now Kaseya and many of its downstream customers find themselves in a  crisis recovery mode faced with shoring up their security posture and reconstituting trust. Neither will come easily or cheaply.

MY TAKE: Why monetizing data lakes will require applying ‘attribute-based’ access rules to encryption

By Byron V. Acohido

The amount of data in the world topped an astounding 59 zetabytes in 2020, much of it pooling in data lakes.

Related:  The importance of basic research

We’ve barely scratched the surface of applying artificial intelligence and advanced data analytics to the raw data collecting in these gargantuan cloud-storage structures erected by Amazon, Microsoft and Google. But it’s coming, in the form of driverless cars, climate-restoring infrastructure and next-gen healthcare technology.

In order to get there, one big technical hurdle must be surmounted. A new form of agile cryptography must get established in order to robustly preserve privacy and security as all this raw data gets put to commercial use.

I recently had the chance to discuss this with Kei Karasawa, vice president of strategy, and Fang Wu, consultant, at NTT Research, a Silicon Valley-based think tank which is in the thick of deriving the math formulas that will get us there.

They outlined why something called attribute-based encryption, or ABE, has emerged as the basis for a new form of agile cryptography that we will need in order to kick digital transformation into high gear.

For a drill down on our discussion, please give the accompanying podcast a listen. Here are the key takeaways:

Cloud exposures

Data lakes continue to swell because each second of every day, every human, on average, is creating 1.7 megabytes of fresh data. These are the rivulets feeding the data lakes.

A zettabyte equals one trillion gigabytes. Big data just keeps getting bigger. And we humans crunch as much of it as we can by applying machine learning and artificial intelligence to derive cool new digital services. But we’re going to need the help of quantum computers to get to the really amazing stuff, and that hardware is coming.

As we press ahead into our digital future, however, we’ll also need to retool the public-key-infrastructure. PKI is the authentication and encryption framework … more

GUEST ESSAY: ‘Cybersecurity specialist’ tops list of work-from-home IT jobs that need filling

By Scott Orr

Even before the COVID-19 pandemic turned many office workers into work-from-home (WFH) experts, the trend toward working without having to commute was clear.

Related: Mock attacks help SMBs harden defenses

As internet bandwidth has become more available, with homes having access to gigabit download speeds, a whole new world of career paths has opened for those who want to control their work hours and conditions. Maybe you want better pay, to be home near your kids or you just like the idea of avoiding the daily drive to an office. Whatever the reason, you can likely find work online.

One of the hottest fields right now on the WFH radar is the information technology (IT) sector. But you’ll first need to learn the specifics to get to work. Fortunately, there are online classes you can take to get that knowledge – and best of all, you can take them for free.  Let’s look at what’s available and how you might jumpstart a new career.

Most IT jobs require you to have some sort of experience before you can start charging enough to make them viable as full-time employment. And some are more like a side hustle or temp job.

Having said that, here are some examples of IT careers you can learn online through free courses:

Security specialist

The more we do online, the more criminals want to take advantage of us. That makes fighting cybercrime a definite growth industry. A wide range of companies, in just about every field, are adding computer security specialists. In fact, these jobs are expected to increase a whopping 31% by 2029. This job involves planning and implementing security measures for large and small companies that rely on computer networks. You will need to develop the ability to anticipate techniques used in future cyberattacks so they can be prevented.

MY TAKE: Apple users show strong support for Tim Cook’s privacy war against Mark Zuckerberger

By Byron V. Acohido

Like a couple of WWE arch rivals, Apple’s Tim Cook and Facebook’s Mark Zuckerberg have squared off against each other in a donnybrook over consumer privacy.

Cook initially body slammed Zuckerberg — when Apple issued new privacy policies aimed at giving U.S. consumers a smidgen more control over their personal data while online.

Related: Raising kids who care about their privacy

Zuckerberg then dropped kicked Cook by taking out full-page newspaper ads painting Apple’s social responsibility flexing as bad for business; he then hammered Cook with a pop-up ad campaign designed to undermine Apple’s new privacy policies.

But wait. Here’s Cook rising from the mat to bash Z-Man at the Brussels’ International Privacy Day, labeling his tormentor as an obsessive exploiter who ought to be stopped from so greedily exploiting consumers’ digital footprints for his personal gain.

This colorful chapter in the history of technology and society isn’t just breezing by unnoticed. A recent survey of some 2,000 U.S. iPhone and iPad users, conducted by SellCell.com, a phone and tech trade-in website, shows American consumers are tuned in and beginning to recognize what’s at stake.

Fully 72 percent of those polled by SellCell said they were aware of new privacy changes in recent Apple software updates, not just in a cursory manner, but with a high level of understanding; some 42 percent said they understood the privacy improvements extremely well or at least very well, while 21 percent said they understood them moderately well.

Another telling finding: some 65 percent of respondents indicated they were extremely or very concerned about websites and mobile apps that proactively track their online behaviors, while only 14 percent said they were not at all concerned.

MY TAKE: Surfshark boosts ‘DIY security’ with its rollout of VPN-supplied antivirus protection

By Byron V. Acohido

Surfshark wants to help individual citizens take very direct control of their online privacy and security.

Thus, Surfshark has just become the first VPN provider to launch an antivirus solution as part of its all-in-one security bundle Surfshark One.

Related: Turning humans into malware detectors

This development is part and parcel of rising the trend of VPN providers hustling to deliver innovative “DIY security” services into the hands of individual consumers.

It’s notable that this is happening at a time when Microsoft, Apple and Google are going the opposite direction – by natively embedding more consumer-grade security services into their popular operating systems, like Windows, Mac, IoS and Android. And let’s not forget the longstanding, multi-billion market of antivirus software subscriptions directed at consumers.

The consumer anti-virus vendors have been generating massive subscription revenue for two decades; though this market is mature and in a consolidation phase, it is not going to disappear anytime soon, as suggested by  NortonLifeLock’s $8 billion buyout of Avast.

Last year I agreed to serve a one-year term on Surfshark’s advisory board. I accepted because I appreciated Surfshark’s emphasis on privacy and security — and saw it as a way to learn more about the consumer cybersecurity market.

GUEST ESSAY: How China’s updated digital plans impacts U.S. security and diplomacy

By Sarina Krantzler

In May 2021, China unveiled their updated Five-Year Plan to the world. This plan marks the 14th edition of their socioeconomic, political, and long-range objectives, and has set the tone for a Chinese-dominated supply chain that will be accomplished using antitrust, intellectual property, and standards tools to promote industrial policies.

Their plan poses a grave threat to the US.

Related: Part 2. The danger posed by Huawei switches

Despite this threat, the United States currently does not possess a similar strategic plan to combat China’s advancements or create a sustainably secure cyber system.

China is developing a self-reliant domestic economy supported by a domestic cycle of production, distribution, and consumption. Strategic investments made on behalf of the Chinese government to the technology industry, in the form of annual 7% increases and billion-dollar loans, will move China closer to their goals of technological independence and global influence.

The external aspect of this strategy attempts to secure their supply chains against pressures from the United States.

This portion of the strategy is integrated with China’s largest foreign policy known as the “One Belt One Road Initiative” (BRI), which includes offering critical infrastructure investment to cash-strapped nations and has led to an increasingly complex and prevalent alliance between China and its homegrown internet companies in the construction of their “Digital Silk Road” (DSR).

Both the BRI and DSR initiatives have been strategically positioned to facilitate secure trade and gain initial global footholds to accomplish the “Made in China 2025” goal.

Enormous subsidization efforts by the Chinese government, as part of their BRI initiative, allow internet giants such as Huawei and ZTE to conduct sweeping internet infrastructure strategies to secure rights to provide to poor or developing nations. Those providers will be discussed in detail in the following blog.

By embedding Chinese infrastructure in networks around the world, the Chinese government could have the ability to access information traveling across these networks … more

GUEST ESSAY: The Top 5 myths about SIEM –‘security information and event management’

By Allie Mellen

One of the most commonly repeated phrases in the security industry is, “Security teams hate their SIEM!”

Related: The unfolding SIEM renaissance

Security Information and Event Management (SIEM) is not what it was 20 years ago. Don’t get me wrong, SIEMs do take work through deployment, maintenance, and tuning. They also require strategic planning. Yet, much to the chagrin of everyone who believed the vendor hype, they fail to provide the “single pane of glass” for all tasks in security operations promised so long ago.

With all that said, there are some aspects of the SIEM that have improved significantly over the past 20 years, despite a barrage of security marketing suggesting otherwise.

Further, there are innovations happening in the market today to bring forth a new era for the SIEM. This evolution is more aptly named security analytics platforms, which not only handle log ingestion and storage, but also more effectively address the detection and response use cases SOCs need.

Security analytics platforms combine SIEM, SOAR, and UEBA to cover the complete incident response lifecycle from detection, investigation, and response, in conjunction with other important use cases like compliance.

GUEST ESSAY: Top 5 cyber exposures tied to the rising use of international remote workforces

By April Miller

While every business needs to prioritize cybersecurity, doing so is becoming increasingly complicated. With many employees now working remotely, securing company data isn’t as straightforward as it used to be. Things get even more complicated if you have an international remote workforce.

Related: Employees as human sensors

As of 2018, more than 2 million people were working abroad for U.S. companies in China alone. Since then, as remote work has become more popular and accessible, that figure has likely only increased. International workforces can be an excellent way to find top talent, but they can introduce unique security risks.

Here are five unique cybersecurity challenges you should know about.

•Inconsistent data regulations. Countries have different data security laws, and these can get in the way of one another. For example, suppose you have workers in the EU. In that case, you must abide by the General Data Protection Regulation (GDPR), which imposes fines on some activities that are perfectly legal in the U.S.

Having workers in multiple countries with laws like this introduces further complications. For instance, if you have employees in China and the EU, you’ll have to obtain Chinese government approval to provide data from China to EU authorities enforcing the GDPR. These conflicts and inconsistencies can make it hard to create a cybersecurity program that abides by all relevant laws.