Home Podcasts Videos Guest Posts Q&A My Take Bio Contact
 

My Take

 

MY TAKE: Here’s why identities are the true firewalls, especially as digital transformation unfolds

By Byron V. Acohido

Was it really that long ago that company networks were comprised of a straightforward cluster of servers, data bases, applications and user devices corralled largely on premises?

Related article: Taking a ‘zero-trust’ approach to authentication

In today’s digitally transformed environment, companies must monitor and defend systems housed on-premises and in overlapping public and private clouds. And they must account for employees, partners and customers using their smartphones to log in from Timbuktu.

This presents a convoluted matrix to access the company network —  and an acute exposure going largely unaddressed in many organizations. Massive data breaches continue to occur because companies caught up in the swirl of digital transformation continue to unwittingly authenticate threat actors — and allow them to take a dive deep into mission-critical systems.

The good news is that the identity management space is chock full of strong vendors innovating at a furious pace. I sat down with Mark Foust, Chief Product Evangelist at Optimal IdM, a leading supplier of Identity Access Management (IAM) systems, to get a better sense of what’s unfolding.

We discussed the leading-edge solutions being designed to help companies make much more precise judgements about each and every user trying to access sensitive assets. For a full drill down, please listen to the accompanying podcast. Here are the key takeaways:

Fresh vectors

Here’s the rub: accelerated use of cloud services, DevOps, software containers and microservices may be giving companies amazing agility and scalability; but they’ve also created a vast new attack surface, rife with fresh attack vectors. …more

Companies need CASBs now more than ever — to help secure ‘digital transformation’

By Byron V. Acohido

When I first wrote about Cloud Access Security Brokers in 2015, so-called CASBs were attracting venture capital by the truckloads — and winning stunning customer testimonials.

CASBs (pronounced caz-bees) originally sought to resolve a fast rising security nightmare: Shadow IT.

Related podcast: Web gateways emerge as crucial defense layer

Striving to be productive, well-intentioned employees raced out to subscribe to cloud-enabled storage services, collaboration suites and project management tools. These hustlers were unwilling to slog through lugubrious IT onboarding processes in order to get their hands on the latest, greatest software-as-a-service tools.

But these early-adopter employees were also blissfully ignorant about how Shadow IT exposed sensitive business data in new and novel ways.

Thus, CASBs arrived on the scene to help companies monitor and manage Shadow IT. And they were so successful at, so quickly, that six of nine CASBs got gobbled up in a spectacular feeding frenzy.

CASBs new role

Ever see the video of dolphins gorging on a bait ball? In about a two year span, Microsoft acquired Adallom; Oracle purchased Palerra; Proofpoint grabbed FireLayers; McAfee nabbed Skyhigh Networks; Forcepoint acquired Skyfence from Imperva, which had bought that CASB earlier; and Blue Coat Systems bought Perspecsys, just before Blue Coat itself was swallowed up by Symantec.

I recently had a chance to speak at length with Anthony James, chief marketing officer for CipherCloud, one of the three CASBs still operating as a standalone independent. The other two are Netskope and Bitglass.

…more

How ‘digital transformation’ gave birth to a new breed of criminal: ‘machine-identity thieves’

By Byron V. Acohido

There’s a new breed of identity thief at work plundering consumers and companies.

However, these fraudsters don’t really care about snatching up your credentials or mine. By now, your personal information and mine has been hacked multiple times and is readily on sale in the Dark Web. This has long been true of the vast majority of Americans.

Related article: 7 hacks signaling a coming global cyber war

The identities most sought after by cyber criminals today are those associated with machines. This is because the digital wizardry driving modern society relies heavily on machine-to-machine communications. And guess what? No one is really watching authentication and privileged access, with respect to those machines very closely.

It’s my belief that every consumer and every company will very soon come to realize that a new breed of criminal – machine-identity thieves – will soon become all-powerful, and not in a good way. Here’s why:

Fresh attack surface

 If you haven’t heard, we are undergoing “digital transformation.” Digital advances are coming at us fast and furious. Consumers have begun accustomed to conveniently accessing clever services delivered by  a sprawling matrix of machines, and not just traditional computer servers.

The machines enabling digital transformation include virtual instances of computers created and maintained in the Internet cloud, as well as myriad instances of software “microservices” and “containers” that come and go as part of the dynamic processes that make all of this happen.

Each machine must continually communicate with countless other machines. And as the number of machines has skyrocketed, so has the volume of machine identities. From a criminal’s perspective, each machine represents an opportunity to slip into the mix and take control. And each machine identity represents a key to get in the door.

 Machine-identity capers

The creation of this vast new attack surface isn’t just theoretical. It’s tangible and threat actors are on the move. “Hackers are stealing machine identities, and using them in attacks, and it’s happening more and more,” says Jeff Hudson, CEO of security supplier Venafi. …more

Will GDPR usher in a new paradigm for how companies treat consumers’ online privacy?

By Byron V. Acohido

Back in 2001, Eric Schmidt, then Google’s CEO, described the search giant’s privacy policy as “getting right up to the creepy line and not crossing it.

Well, Europe has now demarcated the creepy line – and it is well in favor of its individual citizens. The General Data Protection Regulation, or GDPR, elevates the privacy rights of individuals and imposes steep cash penalties for companies that cross the creepy line – now defined in specific detail.

Related article: Zuckerberg’s mea culpa reveals reprehensible privacy practices

Europe’s revised online privacy regulations took effect last Friday. European businesses are bracing for disruption – and U.S. companies won’t be immune to the blowback. There are more than 4,000 U.S. companies doing business in Europe, including many small and midsize businesses. All of them, from Google, Facebook and Microsoft, down to mom-and-pop wholesalers and service providers, now must comply with Europe’s new rules for respecting an individual’s online privacy.

The EU is expected to levy GDPR fines totaling more than $6 billion in the next 12 months, an estimate put out by insurance giant Marsh & McLennan. As these penalties get dished out, senior management will become very uncomfortable; they’ll be forced to assume greater responsibility for cybersecurity and privacy, and not just leave it up to the IT department.

This is all unfolding as companies globally are racing to embrace digital transformation – the leveraging of cloud services, mobile computing and the Internet of Things to boost innovation and profitability. In such a heady business environment, a regulatory hammer was necessary to give companies pause to consider the deeper implications of poorly defending their networks and taking a cavalier attitude toward sensitive personal data. …more

Can Cisco, FBI stop Russia from deploying VPNFilter to interfere with U.S. elections?

By Byron V. Acohido

KINGSTON, WA – NewsWrap 23May2018.  Cisco’s Talos cyber intelligence unit today said that it has high confidence that the Russian government is behind the campaign, dubbed VPNFilter, to launch destructive attacks on Ukraine.

Related article: How Russian bots supported Nunes memo

Talos researchers disclosed that VPNFilter has :

•Infected 500,000 routers and networking devices 54 countries.

•Is capable of stealing website credentials and monitoring industrial controls

•Can render any router or other devices it infects inoperable

•Can be used for espionage or to disrupt internet communications

Cisco appears to be working very closely with U.S law enforcement on this. The FBI also announced Wednesday that they’ve seized one of the primary domains the Russians have been using to distribute VPNFilter malware.

Safe to assume Russia has backup domains – and isn’t about to just abandon VPNFilter. So the key, going forward, is for Cisco and the FBI to stay a step ahead. It is vital to stop Russia from using VPNFilter to influence the U.S. midterm federal elections in November.

Stephenson

An assessment from Ashley Stephenson, CEO, Corero Network Security: “We often know about potential threats earlier in their lifecycle, before the actual attacks are launched. Ironically the cybersecurity community is frequently powerless to intervene before these weaponized IoTs are activated so we must continue to prepare our cyber defenses and response strategies for future attacks.” …more

Why antivirus has endured as a primary layer of defense — 30 years into the cat vs. mouse chase

By Byron V. Acohido

Antivirus software, also known as antimalware, has come a long, long way since it was born in the late 1980’s to combat then nascent computer viruses during a time when a minority of families had a home computer.

One notable company’s journey in the space started in 1987 when three young men, Peter Paško, Rudolf Hrubý, and Miroslav Trnka, built one of the earliest antivirus prototypes while working out of a house in the former Czechoslovakia. A few years later they formally launched ESET in the central European country of Slovakia in the city of Bratislava.

Related article: NSA super weapons fuel cyber attacks

ESET has endured as part of a select group of legacy antivirus companies that got started in that era. The list includes Avira, Avast, AVG, Bitdefender, F-Secure, G Data, Kaspersky, McAfee, Panda, Sophos, Symantec and Trend Micro.

It’s amazing that these companies all continue to thrive years later, long after pundits declared traditional antivirus too anachronistic to keep pace with the rise of ecommerce, cloud computing, mobile computing and now the Internet of Things. But they were wrong.

Today the “endpoint security” market, which includes antimalware, antispyware and firewalls, is as healthy as ever; research firm Marketsandmarkets estimates global spending on endpoint security will rise to $17.4 billion by 2020, up from $11.6 billion in 2015, a robust 8% per annum growth rate.

I had the chance to discuss ESET’s evolution from traditional antivirus to a full suite of security solutions (ransomware protection, threat intelligence, encryption and the like) with Tony Anscombe, ESET’s global security evangelist, at RSA Conference 2018. For a drill down on our conversation please give the accompanying podcast a listen. A few big takeaways: …more

MY TAKE: Why DDoS attacks continue to escalate — and how businesses need to respond

By Byron V. Acohido

Law enforcement’s big win last month dismantling ‘Webstresser,’ an online shopping plaza set up to cater to anyone wishing to purchase commoditized DDoS attack services, was a stark reminder of the ever present threat posed by Distributed Denial of Service attacks.

Related video: How DDoS attacks leverage the Internet’s DNA

The threat actors running Webstresser accepted all paying customers — no questions asked.  Anybody could use Webstresser’s online payment system to rent out stressers or booters, available for hire for as little as $18 per month — and most effective at flooding targeted servers with traffic, no technical skills required.

Webstresser had more than 136,000 registered users who patronized it to launch some 4 million DDoS attacks against government agencies, banks, police and gambling sites, according to Europol. Keep in mind, Webstresser is just one colorful example of how far DDoS attacks have come.

DDoS originated a decade or more before anyone ever thought up ransomware attacks; and DDoS has advanced and expanded, approximately on par with targeted phishing and leading-edge data breach tactics.

I recently had a chance to discuss the current state of DDoS threats with Lee Chen, CEO of A10 Networks, a leading supplier of advanced DDoS detection and mitigation systems. For a full drill down on our discussion please listen to the accompanying podcast. Here are a few takeaways: …more