Home Podcasts Videos Guest Posts Q&A My Take Bio Contact
 

Best Practices

 

SHARED INTEL: How ‘observability’ has enabled deep monitoring of complex modern networks

By Byron V. Acohido

An array of promising security trends is in motion.

New frameworks, like SASE, CWPP and CSPM, seek to weave security more robustly into the highly dynamic, intensely complex architecture of modern business networks.

Related: 5 Top SIEM myths

And a slew of new application security technologies designed specifically to infuse security deeply into specific software components – as new coding is being developed and even after it gets deployed and begins running in live use.

Now comes another security initiative worth noting. A broad push is underway to retool an old-school software monitoring technique, called observability, and bring it to bear on modern business networks. I had the chance to sit down with George Gerchow, chief security officer at Sumo Logic, to get into the weeds on this.

Based in Redwood City, Calif., Sumo Logic supplies advanced cloud monitoring services and is in the thick of this drive to adapt classic observability to the convoluted needs of company networks, today and going forward. For a drill down on this lively discussion, please give the accompanying podcast a listen. Here are the main takeaways:

Black Hat insights: Deploying ‘human sensors’ to reinforce phishing email detection and response

By Byron V. Acohido

Human beings remain the prime target in the vast majority of malicious attempts to breach company networks.

Related: Stealth tactics leveraged to weaponize email

Cybersecurity awareness training is valuable and has its place. Yet as Black Hat USA 2021 returns today as a live event in Las Vegas, it remains so true that we can always be fooled — and that the prime vehicle for hornswoggling us remains phishing messages sent via business email.

Cofense, a Leesburg, VA-supplier of phishing detection and response solutions, has set out to take another human trait – our innate willingness to help out, if we can — and systematically leverage our better instincts to help fix this while combining advanced automation technology to stop phishing attacks fast.

I had a lively discussion about this with Rohyt Belani, co-founder and CEO of Cofense, which started out as PhishMe in 2011.

Inspired by Homeland Security’s see-something-say-something anti-terrorism initiative, as well as by crowd-sourcing services like Waze, Cofense has set out to squash those phishing messages that circumvent Security Email Gateways and fool even well-intentioned employees. It is doing this essentially by training and encouraging employees, not just to be on high alert for phishing ruses, but also to deliver useful reconnaissance from the combat zone.

Black Hat insights: WAFs are getting much more dynamic making them well-suited to protect SMBs

By Byron V. Acohido

A cornucopia of cybersecurity solutions went on public display today as Black Hat USA 2021 convened once more as a live event in Las Vegas.

Related: Kaseya hack raises more supply chain worries

For small- and mid-sized businesses (SMBs) cutting through the marketing hype can be daunting. That said, there is one venerable technology – web application firewalls (WAFs) – that is emerging as a perfect fit for SMBs in today’s environment, as all companies shift to a deeper reliance on cloud services and mobile apps.

I had the chance to get into the weeds of this trend with Venky Sundar, co-founder and chief marketing officer of Indusface, a Bengalura, India-based supplier of  cloud-hosted WAF services (Indusface has numerous enterprise deployments and also offers the same protections, cost-effectively, to SMBs.)

For a full drill down on our discussion, please give the accompanying podcast a listen. Here are the big takeaways:

WAF resurgence

Web apps and mobile apps are where they action is. SMBs must continually come up with cool new apps to stay competitive; it’s no surprise that this is also where threat actors are focusing their attention.

Criminal hacking rings are carrying out big sweeps, 24X7, hunting for well-known application vulnerabilities that they can manipulate to breach company networks. WAFs help companies keep track of these malicious probes by scanning incoming HTTPS traffic and taking note of parameters such as IP address, port routing, cookie data and incoming data.

The knock on WAFs for many years has been that while they are excellent at parsing HTTPS traffic, all too many companies choose not to instruct their WAFs to actually block any traffic that might be malicious.

Black Hat insights: Will Axis Security’s ZTNA solution hasten the sunsetting of VPNs, RDP?

By Byron V. Acohido

Company-supplied virtual private networks (VPNs) leave much to be desired, from a security standpoint.

Related: How ‘SASE’ is disrupting cloud security

This has long been the case. Then a global pandemic came along and laid bare just how brittle company VPNs truly are.

Criminal hackers recognized the golden opportunity presented by hundreds of millions employees suddenly using a company VPN to work from home and remotely connect to an array of business apps. Two sweeping trends resulted:  one bad, one good.

First, bad actors instantly began to hammer away at company VPNs; and attacks against instances of Remote Desktop Protocol (RDP) spiked dramatically, as well. VPNs and RDP both enable remote access that can put an intruder deep inside the firewall. And attempts to break into them have risen exponential over the past 17 months.

Conversely, Zero Trust has gained some material traction. As Black Hat USA 2021 convenes in Las Vegas this week, consensus is quickening around the wisdom of sunsetting legacy remote access tools, like VPNs and RDP, and replacing them with systems based on Zero Trust, i.e. trust no one, principles.

One start-up, Axis Security, couldn’t be more in the thick of these trends. Based in San Mateo, CA, Axis publicly announced its advanced Zero Trust access tool in March 2020, just as the global economy was slowing to a crawl.

“We came out of stealth mode right at the beginning of all the big shutdowns, and we got a number of customers, pretty fast, who were looking for solutions to remotely connect users to systems,” says Deena Thomchick, vice president of product marketing at Axis. “These were users who never had remote access before.”

NEW TECH: How the emailing of verified company logos actually stands to fortify cybersecurity

By Byron V. Acohido

Google’s addition to Gmail of something called Verified Mark Certificates (VMCs) is a very big deal in the arcane world of online marketing.

Related: Dangers of weaponized email

This happened rather quietly as Google announced the official launch of VMCs in a blog post on July 12. Henceforth companies will be able to insert their trademarked logos in Gmail’s avatar slot; many marketers can’t wait to distribute email carrying certified logos to billions of inboxes. They view logoed email as an inexpensive way to boost brand awareness and customer engagement on a global scale.

However, there is a fascinating back story about how Google’s introduction of VMCs – to meet advertising and marketing imperatives — could ultimately foster a profound advance in email security. Over the long term, VMCs, and the underlying Brand Indicators for Message Identification (BIMI) standards, could very well give rise to a bulwark against email spoofing and phishing.

I had a chance to sit down with Dean Coclin, senior director of business development at DigiCert, to get into the weeds of this quirky, potentially profound, security development. DigiCert is a Lehi, Utah-based Certificate Authority (CA) and supplier of Public Key Infrastructure services.

Coclin and I worked through how a huge email security breakthrough could serendipitously arrive as a collateral benefit of VMCs. Here are the main takeaways from our discussion:

MY TAKE: A path for SMBs to achieve security maturity: start small controlling privileged accounts

By Byron V. Acohido

The challenge of embracing digital transformation while also quelling the accompanying cyber risks has never been greater for small- and mid-sized businesses.

Related: How ‘PAM’ improves authentication

SMBs today face a daunting balancing act. To boost productivity, they must leverage cloud infrastructure and participate in agile software development. But this also opens up a sprawling array of fresh security gaps that threat actors are proactively probing and exploiting.

Somehow SMBs must keep pace competitively, while also tamping down the rising risk of suffering a catastrophic network breach.

There’s a glut of innovative security solutions, to be sure, and no shortage of security frameworks designed to help companies mitigate cyber risks. Leading-edge cybersecurity systems in service today apply machine learning in some amazing ways to help large enterprises identify and instantly respond to cyber threats.

However, this is overkill for many, if not most, SMBs. Day in and day out their core security struggle boils down to making it harder for intruders to attain and manipulate remote access. And it doesn’t take enterprise-grade security systems to accomplish this.

I’ve had several discussions about this with Maurice Côté, vice president of business solutions at Devolutions, a Montreal, Canada-based supplier of remote desktop management services. We talked about how Devolutions has been guiding its SMB customers

GUEST ESSAY: A full checklist on how to spot pharming attacks — and avoid becoming a victim

By Peter Baltazar

Cybercriminals use various techniques for conducting cyberattacks. One such popular way to infiltrate a system is Pharming. It is an online scam attack quite similar to Phishing.

Related: Credential stuffing explained

The term Pharming is a combination of two words Phishing and Farming. It is a type of social engineering cyberattack in which the website’s traffic is manipulated to steal confidential credentials from the users. Cybercriminals design a fake website, basically the clone of an official one, and use various means to redirect users to the phony webpage when visiting any other legit site.

Primarily the Pharming attack is planned to gain sensitive data like login credentials, personally identifiable information (PII), social security numbers, bank details, and more. The attackers can also use it for installing malware programs on the victim’s system.

Pharming vs phishing

Though Pharming and Phishing share almost similar goals, the approach to conduct Pharming is entirely different from Phishing. Unlike Phishing, Pharming is more focused on sabotaging the system rather than manipulating the victims. However, we will later know how Phishing plays a vital role in conducting Pharming.

The Pharming attacks are carried out by modifying the settings on the victim’s system or compromising the DNS server. Manipulating the Domain Name Service (DNS) protocol and rerouting the victim from its intended web address to the fake web address can be done in the following two ways:

•Changing the Local Host file. In this method of manipulating DNS, the attackers infiltrate the victim’s device and change the local host file. A local host file is a directory of IP addresses. The modified local host file would redirect users to the fake website whenever they try to open the legit site the next time. The phony website is designed similar to the one victims intended to visit so that the users are not alarmed.

To modify the local host file, the attacker primarily uses the Phishing technique so … more