Home Podcasts Videos Guest Posts Q&A My Take Bio Contact
 

Best Practices

 

MY TAKE: Peerlyst shares infosec intel; recognizes Last Watchdog as a top cybersecurity influencer

By Byron V. Acohido

Sharing intelligence for the greater good is an essential component of making Internet-centric commerce as safe and as private as it needs to be.

Related: Automating threat feed analysis

Peerlyst is another step in that direction. Started by infosec professionals, Peerlyst takes the characteristics of B2B communications we’ve become accustomed to on Twitter and LinkedIn and directs it toward cybersecurity.

By signing up for Peerlyst, company decision makers focused on mitigating cyber risks, as well as vendor experts, academics and independent researchers, are provided with a personalized feed of content based on specific interests, as well as the topics and people you follow.

One fresh resource issued this week is a new eBook: 52 Influential Cyber Security Bloggers and Speakers, a …more

SHARED INTEL: Here’s one way to better leverage actionable intel from the profusion of threat feeds

By Byron V. Acohido

Keeping track of badness on the Internet has become a thriving cottage industry unto itself.

Related: ‘Cyber Pearl Harbor’ is upon us

There are dozens technology giants, cybersecurity vendors, government agencies and industry consortiums that identify and blacklist IP addresses and web page URLs that are obviously being used maliciously; and hundreds more independent white hat hackers are doing much the same.

This activity results in a rich matrix of overlapping threat feeds that, if all of the slices could somehow be combined, would present a heat map of an Internet throbbing with malicious traffic that unceasingly changes and steadily intensifies. Many of the badness trackers do, in fact, publish their blacklists for the greater good. This intel often gets leveraged by firewall suppliers who tap into a small selection of what they figure to be the most helpful threat feeds to configure their products.

Centripetal has gone several steps further. This 10-year-old cybersecurity services vendor pulls in threat feeds from some 90 plus sources, assigns a team of cybersecurity analysts to make sense of this intel, and then makes the output of this heavy lifting available to companies to help them better defend their networks. Byron Rashed, Centripetal’s vice president of marketing, broke this down for me. We had a chance to visit at Black Hat 2019. For a drill down of our conversation, give the accompanying podcast a listen. Here are key takeaways: 

Effective blocking

Centripetal’s CleanINTERNET service is built around correlating and analyzing threat feeds pulled in from some 90 commercial, government and open-source entities. The heavy lifting Centripetal does on behalf of its customers involves correlating billions of threat indicators to derive a set of robust correlation rules that, in turn, become the basis for which traffic is allowed to enter – or leave — a customer’s network.

This rule enforcement is done at Centripetal’s RuleGATE Threat Intelligence Gateway in such a way that minimizes false positives yet doesn’t sacrifice performance. Centripetal also delivers a Splunk-based SIEM (some clients opt for integration into their existing SIEM) that enables the client and Centripetal’s team of cyberthreat analysts to view events and work directly …more

MY TAKE: Poll shows senior execs, board members grasp strategic importance of cybersecurity

By Byron V. Acohido

A singular topic has risen to the top of the agenda in executive suites and board rooms all across the planet: cybersecurity.

Related: Security, privacy fallout of IoT

A recent survey by Infosys, a tech consulting and IT services giant based in Bangalore, India, quantifies the degree to which the spotlight has landed on cybersecurity in large organizations.

Infosys polled 867 senior officials from 847 firms in a dozen industries, each with at least $500 million in annual revenue; the companies are based in the US, Europe, Australia or New Zealand. Some 83% of respondents said they viewed cybersecurity as critical to their organization, while 66% of the companies reported having implemented a well-defined cybersecurity strategy.

What jumped out at me was that 60% of C-level executives and 48% of board members indicated they actively participated in formulating cybersecurity strategy. Just five years ago a participation level like this was more of an optimistic hope, than anything else. At least that’s what I took away from a memorable fireside chat I had, back then, with the late Howard Schmidt, former White House Cybersecurity Advisor under Presidents Bush and Obama.

Last week, I had the chance to sit down with Vishal Salvi, Infosys’ chief information security officer. We met at the Infosys Americas Confluence conference in Scottsdale, AZ, and had a well-rounded discussion about the drivers behind this new board-level awareness – and the going forward implications. For a full drill down, please give a listen to the accompanying podcast. Here are a few key takeaways:

Time to execute

Salvi walked me through other survey findings illustrating how pervasively a cybersecurity consciousness has taken hold in the upper echelons of the corporate sector. According to the Infosys poll, these items are on the front burner:

•The top concerns faced by enterprises are hackers and hacktivist (84 percent), low awareness among employees (76 percent), insider threats (75 percent), and corporate espionage (75 percent)

•Challenges in building a security aware culture combined with embedding security into design affects nearly two thirds of enterprises

•Across industries, cybersecurity is consistently viewed as critical in an enterprise’s digital transformation journey. Manufacturing emerged at the top (87 percent), followed by energy and utilities (85 percent), and banking, financial services and insurance (83 percent.) …more

NEW TECH: Baffin Bay Networks takes a ‘cloud-first’ approach to securing web applications

By Byron V. Acohido

Hear about the smart toaster that got attacked three times within an hour after its IP address first appeared on the Internet?

That experiment conducted by a reporter for The Atlantic crystalizes the seemingly intractable security challenge businesses face today.

Related: How 5G will escalate DDoS attacks

Caught in the pull of digital transformation, companies are routing ever more core operations and services through the Internet, or, more precisely, through IP addresses, of one kind or another. This trend has greatly expanded the attack surface for malicious botnets to automatically probe and infiltrate company networks, at scale. And in a double-whammy, the efficacy of legacy cybersecurity defenses — which were deployed, at great expense, mainly to protect on-premises data centers – by many measures is rapidly eroding.

I had the chance to discuss this with Joakim Sundberg, founder and CEO of a cybersecurity startup, Baffin Bay Networks, based in Stockholm, Sweden. We met at Black Hat USA 2019,  where Baffin Bay touted its cloud-first, full-stack suite of threat protection services.  For a full drill down on our conversation, give a listen to the accompanying podcast. Here are my key takeaways:

Formula for poor practices

Launched in 2017, Baffin Bay has attracted VC funding of $6.4 million and grown to 42 employees, winning customers in leading media firms, financial services companies and government agencies in the Nordics.

“We’ve been in production about 19 months and we have a 100 percent retention rate,” Sundberg told me. “We’re protecting about 220 different brands, everything from companies with two people and an app, to big European banks.”

There’s room for Baffin Bay’s cloud-first approach to security because in today’s cyber threat landscape, low hanging fruit – like the smart toaster — does not go unnoticed by threat actors for very long. The business equivalent of the toaster probe might well be two categories of automated attacks: Distributed Denial of Service (DDoS) attacks and SQL injection (SQLi) hacks. Both DDoS and SQLi have been around for quite some time, are well understood and, by now, should be well defended. …more

MY TAKE: How advanced automation of threat intel sharing has quickened incident response

By Byron V. Acohido

Threat intelligence sharing is such a simple concept that holds so much promise for stopping threat actors in their tracks. So why hasn’t it made more of an impact stopping network breaches?

Related: Ground zero for cybersecurity research

Having covered the cybersecurity industry for the past 15 years, it’s clear to me that there are two primary reasons. One is the intensely competitive nature of organizations, and the other has to do with the escalating digitalization of commerce.

I had an illuminating discussion about this with Jonathan Couch, senior vice president of strategy at ThreatQuotient. We spoke at Black Hat USA 2019. ThreatQuotient is a Reston, Virg.-based security vendor in the thick of helping companies make more of their threat feeds.

The company launched in 2013, the brainchild of Ryan Trost and Wayne Chiang, a couple of buddies working as security analysts in a U.S. military complex, who got frustrated by their inability to extract actionable intel from a deluge of threat feeds. For a full drill down of my conversation with Couch, give a listen to the accompanying podcast. Here are key takeaways:

Ripe for badness

Let’s face it, for-profit enterprises, and even public agencies, are geared to keep their rivals in the rearview mirror. Sharing proprietary information, even from one in-house department to the next, is simply not in their DNA. At the same time, digital transformation has redoubled the complexity of company networks, catapulting us from Big Data to Very Big Data.

Consider that 90% of the data that exists in the world was created in two years — 2017 and 2018 — and that our digital universe is on track to swell from 3.2 zettabytes to 40 zettabytes, as the Internet of Things and 5G networks take hold. …more

MY TAKE: Six-figure GDPR privacy fines reinforce business case for advanced SIEM, UEBA tools

By Byron V. Acohido

Europe came down hard this summer on British Airways and Marriott for failing to safeguard their customers’ personal data.

The EU slammed the UK airline with a $230 million fine, and then hammered the US hotel chain with a $125 million penalty – the first major fines under the EU’s toughened General Data Protection Regulation, which took effect May 25, 2018.

Related: Will GDPR usher in new age of privacy?

It’s no wonder security analysts toiling in security operations centers (SOCs) are depressed. There’s a widening security skills shortage, the complexity of company networks is going through the roof, cyber attacks continue to intensify and now regulators are breathing down their necks.

More than half of the 554 IT and security pros recently polled by the Ponemon Institute consider their SOCs to be ineffectual and some 66% indicated they are considering quitting their jobs.

I had an evocative discussion about this with Sam Humphries, senior product marketing manager for Exabeam. We spoke at Black Hat USA 2019. Exabeam, which sponsored the Ponemon study, is a San Mateo, Calif.-based supplier of advanced security management systems.

Fortunately, there is a cottage industry of cybersecurity vendors, Exabeam among them, engaged in proactively advancing ways for SOC analysts to extract more timely and actionable threat intelligence from their security information and event management (SIEM) and user and entity behavior (UEBA) systems. For a full drill down on our meeting, give a listen to the accompanying podcast. A few key takeaways:

Sticks & carrots

Poor security practices at British Airways resulted in hackers pilfering credit card information, names, addresses, travel booking details and logins for some 500,000 airline customers. Marriott, meanwhile, failed to notice a breach that persisted for four years, exposing some 339 million customer records, of which about 30 million belonged to European residents.

Under GDPR, Europe has the authority to fine organizations up to 4 percent of their annual global revenue if they violate any European citizen’s privacy rights, for example, by failing to secure their personal data. What’s more, organizations that run afoul of the GDPR’s new data loss reporting requirements could face additional fines up to 2 percent of annual global revenue. …more

ROUNDTABLE: Huge Capital One breach shows too little is being done to preserve data privacy

By Byron V. Acohido

Company officials at Capital One Financial Corp ought to have a crystal clear idea of what to expect next — after admitting to have allowed a gargantuan data breach.

Capital One’s mea culpa coincided with the FBI’s early morning raid of a Seattle residence to arrest Paige Thompson. Authorities charged the 33-year-old former Amazon software engineer with masterminding the hack.

Related: Hackers direct botnets to manipulate business logic

Thompson is accused of pilfering sensitive data for 100 million US and 6 million Canadian bank patrons. That includes social security and social insurance numbers, bank account numbers, phone numbers, birth dates, email addresses and self-reported income; in short, just about everything on an identity thief’s wish list.

Just a few days before Capital One’s disclosure,  Equifax rather quietly agreed to pay up to $700 million to settle consumer claims and federal and state investigations into its 2017 data breach that compromised sensitive information of more than 145 million American consumers. Also very recently,  the Federal Trade Commission slammed Facebook with a record $5 billion fine for losing control over massive troves of personal data and mishandling its communications with users.

Sure enough, it didn’t take long (less than 24 hours) for Keven Zosiak, a Stamford, Connecticut resident and Capital One credit card holder, to file a lawsuit  against Capital One for its failure to protect sensitive customer data. Many more lawsuits, as well as federal probes and Congressional hearings, are sure to follow.

Oh, and let’s not forget how Equifax summarily canned five top execs, including Equifax CEO Richard Smith, in the aftermath of its big breach. Not even doing this YouTube video apology was enough to save Smith his job.  It’s going to be interesting to see who Capital One’s board of directors designates to throw under the bus on this one.

Larger lessons

Arguably the most fascinating twist to the Capital One caper is the FBI’s rather quick arrest of Paige Thompson. Arrests in network breaches are rare, indeed. For instance, we know a lot of details about the Equifax breach, thanks to a GAO investigation and report. But no suspects have ever been publicly named.

What’s more, the usual suspects in high-profile breaches – i.e. professional Russian, Eastern European, Chinese and North Korean hacking collectives – appear to be out of the loop with respect to this particular caper. The Capital One breach, it seems to me, vividly highlights the depth and breadth of the Internet underground. Anyone with technical aptitude, diligence and a lack of scruples, such as an out-of-work IT staffer, can engage in criminal activity at a fairly high level. …more