Home Podcasts Videos Guest Posts Q&A My Take Bio Contact
 

Privacy

 

GUEST ESSAY: The Top 5 myths about SIEM –‘security information and event management’

By Allie Mellen

One of the most commonly repeated phrases in the security industry is, “Security teams hate their SIEM!”

Related: The unfolding SIEM renaissance

Security Information and Event Management (SIEM) is not what it was 20 years ago. Don’t get me wrong, SIEMs do take work through deployment, maintenance, and tuning. They also require strategic planning. Yet, much to the chagrin of everyone who believed the vendor hype, they fail to provide the “single pane of glass” for all tasks in security operations promised so long ago.

With all that said, there are some aspects of the SIEM that have improved significantly over the past 20 years, despite a barrage of security marketing suggesting otherwise.

Further, there are innovations happening in the market today to bring forth a new era for the SIEM. This evolution is more aptly named security analytics platforms, which not only handle log ingestion and storage, but also more effectively address the detection and response use cases SOCs need.

Security analytics platforms combine SIEM, SOAR, and UEBA to cover the complete incident response lifecycle from detection, investigation, and response, in conjunction with other important use cases like compliance.

GUEST ESSAY: Top 5 cyber exposures tied to the rising use of international remote workforces

By April Miller

While every business needs to prioritize cybersecurity, doing so is becoming increasingly complicated. With many employees now working remotely, securing company data isn’t as straightforward as it used to be. Things get even more complicated if you have an international remote workforce.

Related: Employees as human sensors

As of 2018, more than 2 million people were working abroad for U.S. companies in China alone. Since then, as remote work has become more popular and accessible, that figure has likely only increased. International workforces can be an excellent way to find top talent, but they can introduce unique security risks.

Here are five unique cybersecurity challenges you should know about.

•Inconsistent data regulations. Countries have different data security laws, and these can get in the way of one another. For example, suppose you have workers in the EU. In that case, you must abide by the General Data Protection Regulation (GDPR), which imposes fines on some activities that are perfectly legal in the U.S.

Having workers in multiple countries with laws like this introduces further complications. For instance, if you have employees in China and the EU, you’ll have to obtain Chinese government approval to provide data from China to EU authorities enforcing the GDPR. These conflicts and inconsistencies can make it hard to create a cybersecurity program that abides by all relevant laws.

MY TAKE: What NortonLifeLock’s $8 billion buyout of Avast portends for consumer security

By Byron V. Acohido

So NortonLifeLock has acquired Avast for more than $8 billion.

This deal reads like to the epilogue to a book titled The First 20 Years of the Supremely Lucrative Antivirus Market. Way back in 1990, Symantec acquired Norton Utilities and made Norton the heart of its antivirus subscription offering.

Related: The coming of ubiquitous passwordless access

This was around the same time antivirus vendors like Trend Micro, McAfee, Kaspersky, ESET, Sophos, Bitdefender, Avira, AVG and Avast were staking out turf in what they saw, very accurately, as a profitable new software subscription market.

A lot of water has flowed under the bridge since then. Norton got ‘demergered’ from Symantec in 2014 and then acquired LifeLock for $2.3 billion in 2017; Avast acquired AVG  for $1.3 billion in 2016, for instance.

Meanwhile, native security is increasingly being built into popular operating systems, and there’s a trend toward beefing up application security, as well. These are eminently complex times. Companies are migrating to the cloud IT; consumers are working from home much more often.

NortonLifeLock and Avast appear to be betting on the next iteration of the huge and longstanding consumer antivirus market. Last Watchdog asked Forrester analyst Allie Mellen to connect the dots –- and clarify the significance — for individual consumers:

Author Q&A: In modern cyberwarfare ‘information security’ is one in the same with ‘national security’

By Byron V. Acohido

What exactly constitutes cyberwarfare?

The answer is not easy to pin down. On one hand, one could argue that cyber criminals are waging an increasingly debilitating economic war on consumers and businesses in the form of account hijacking, fraud, and extortion. Meanwhile, nation-states — the superpowers and second-tier nations alike — are hotly pursuing strategic advantage by stealing intellectual property, hacking into industrial controls, and dispersing political propaganda at an unheard-of scale.

Related: Experts react to Biden’s cybersecurity executive order

Now comes a book by John Arquilla, titled Bitskrieg: The New Challenge of Cyberwarfare, that lays out who’s doing what, and why, in terms of malicious use of digital resources connected over the Internet. Arquilla is a distinguished professor of defense analysis at the United States Naval Postgraduate School. He coined the term ‘cyberwar,’ along with David Ronfeldt, over 20 years ago and is a leading expert on the threats posed by cyber technologies to national security.

Bitskrieg gives substance to, and connects the dots between, a couple of assertions that have become axiomatic:

•Military might no longer has primacy. It used to be the biggest, loudest weapons prevailed and prosperous nations waged military campaigns to achieve physically measurable gains. Today, tactical cyber strikes can come from a variety of operatives – and they may have mixed motives, only one of which happens to be helping a nation-state achieve a geo-political objective.

•Information is weaponizable. This is truer today than ever before. Arquilla references nuanced milestones from World War II to make this point – and get you thinking. For instance, he points out how John Steinbeck used a work of fiction to help stir the resistance movement across Europe.

Steinbeck’s imaginative novel, The Moon is Down, evocatively portrayed how ordinary Norwegians took extraordinary measures to disrupt Nazi occupation. This reference got me thinking about how Donald Trump used social media to stir the Jan. 6 insurrection in … more

Black Hat insights: Deploying ‘human sensors’ to reinforce phishing email detection and response

By Byron V. Acohido

Human beings remain the prime target in the vast majority of malicious attempts to breach company networks.

Related: Stealth tactics leveraged to weaponize email

Cybersecurity awareness training is valuable and has its place. Yet as Black Hat USA 2021 returns today as a live event in Las Vegas, it remains so true that we can always be fooled — and that the prime vehicle for hornswoggling us remains phishing messages sent via business email.

Cofense, a Leesburg, VA-supplier of phishing detection and response solutions, has set out to take another human trait – our innate willingness to help out, if we can — and systematically leverage our better instincts to help fix this while combining advanced automation technology to stop phishing attacks fast.

I had a lively discussion about this with Rohyt Belani, co-founder and CEO of Cofense, which started out as PhishMe in 2011.

Inspired by Homeland Security’s see-something-say-something anti-terrorism initiative, as well as by crowd-sourcing services like Waze, Cofense has set out to squash those phishing messages that circumvent Security Email Gateways and fool even well-intentioned employees. It is doing this essentially by training and encouraging employees, not just to be on high alert for phishing ruses, but also to deliver useful reconnaissance from the combat zone.

Black Hat insights: The retooling of SOAR to fit as the automation core protecting evolving networks

By Byron V. Acohido

In less than a decade, SOAR — security orchestration, automation and response — has rapidly matured into an engrained component of the security technology stack in many enterprises.

Related: Equipping SOCs for the long haul

SOAR has done much since it entered the cybersecurity lexicon to relieve the cybersecurity skills shortage. SOAR leverages automation and machine learning to correlate telemetry flooding in from multiple security systems. This dramatically reduces the manual labor required to do a first-level sifting of the data inundating modern business networks

However, SOAR has potential to do so much more, observes Cody Cornell, chief strategy officer and co-founder of Swimlane. SOAR, he argues, is in a position to arise as a tool that can help companies make the pivot to high-reliance on cloud-centric IT infrastructure. At the moment, a lot of organizations are in this boat.

“Covid 19 turned out to be the best digital transformation initiative ever,” Cornell says. “It forced us to do things that probably would’ve taken many more years for us to do, in terms of adopting to remote work and transitioning to cloud services.”

Swimlane, which launched in 2014 and is based in Denver, finds itself in the vanguard of cybersecurity vendors hustling to retool not just SOAR, but also security operations centers (SOCs,) security information and event management (SIEM) systems, and endpoint detection and response (EDR) tools. A core theme at RSA 2021 earlier this year – and at Black Hat USA 2021, taking place this week in Las Vegas – is that the combining of these and other security systems is inevitable and will end up resulting in something greater than the parts, i.e. not just more efficacious security, but optimized business networks overall.

Black Hat insights: Will Axis Security’s ZTNA solution hasten the sunsetting of VPNs, RDP?

By Byron V. Acohido

Company-supplied virtual private networks (VPNs) leave much to be desired, from a security standpoint.

Related: How ‘SASE’ is disrupting cloud security

This has long been the case. Then a global pandemic came along and laid bare just how brittle company VPNs truly are.

Criminal hackers recognized the golden opportunity presented by hundreds of millions employees suddenly using a company VPN to work from home and remotely connect to an array of business apps. Two sweeping trends resulted:  one bad, one good.

First, bad actors instantly began to hammer away at company VPNs; and attacks against instances of Remote Desktop Protocol (RDP) spiked dramatically, as well. VPNs and RDP both enable remote access that can put an intruder deep inside the firewall. And attempts to break into them have risen exponential over the past 17 months.

Conversely, Zero Trust has gained some material traction. As Black Hat USA 2021 convenes in Las Vegas this week, consensus is quickening around the wisdom of sunsetting legacy remote access tools, like VPNs and RDP, and replacing them with systems based on Zero Trust, i.e. trust no one, principles.

One start-up, Axis Security, couldn’t be more in the thick of these trends. Based in San Mateo, CA, Axis publicly announced its advanced Zero Trust access tool in March 2020, just as the global economy was slowing to a crawl.

“We came out of stealth mode right at the beginning of all the big shutdowns, and we got a number of customers, pretty fast, who were looking for solutions to remotely connect users to systems,” says Deena Thomchick, vice president of product marketing at Axis. “These were users who never had remote access before.”