Home Podcasts Videos Guest Posts Q&A My Take Bio Contact
 

Q & A

 

Q&A: Why SOAR startup Syncurity is bringing a ‘case-management’ approach to threat detection

By Byron V. Acohido

There’s a frantic scramble going on among those responsible for network security at organizations across all sectors.

Related: Why we’re in the Golden Age of cyber espionage

Enterprises have dumped small fortunes into stocking their SOCs (security operations centers) with the best firewalls, anti-malware  suites, intrusion detection, data loss prevention and sandbox detonators money can buy. But this hasn’t done the trick.

There is a gaping shortage of analysts talented enough to make sense of the rising tide of data logs inundating their SIEM (security information and event management) systems. In many cases the tedious, first-level correlating of SIEM logs to sift out threats has moved beyond human capability. Some 27 percent of IT professionals who partook in a survey conducted by next-gen firewall supplier Imperva at RSA 2018 reported receiving more than 1 million security alerts daily.

Now toss in the fact that digital transformation is redoubling software development and data handling complexities. This has exponentially expanded the attack surface available to motivated, well-funded threat actors. This, in short, is the multi-headed hydra enterprises must tame in order to mitigate rising cyber risks.

Smart money

Enter SOAR, the acronym for “Security Orchestration, Automation & Response.”  SOAR, if you haven’t heard, is a hot new technology stack that takes well-understood data mining and business intelligence analytics methodologies —  techniques that are deeply utilized in financial services, retailing and other business verticals  – and applies them to cybersecurity. …more

MY TAKE: Why the next web-delivered ad you encounter could invisibly infect your smartphone

By Byron V. Acohido

Google, Facebook and Amazon have gotten filthy rich doing one thing extremely well: fixating on every move each one of us makes when we use our Internet-connected computing devices.

Related: Protecting web gateways

The tech titans have swelled into multi-billion dollar behemoths by myopically focusing on delivering targeted online advertising, in support of online retailing. This has largely shaped the digital lives we’ve come to lead.

Turns out all of this online profiling has a dark side. Cybercriminals have begun escalating their efforts to bend the legitimate online advertising and retailing fulfillment ecosystem to their whims.

This development is unfolding largely off the radar screen of the website publishers who depend on this ecosystem, says Chris Olson, CEO of the Media Trust, a 15-year-old website security vendor, based in McLean, VA that is on the front lines of mitigating this seething threat.

Meanwhile, billions of consumers who participate in this ecosystem each minute of every day remain blissfully ignorant of how they are increasingly being placed in harm’s way, simply doing routine online activities, Olson told Last Watchdog.

Losing control of risk

Like most other pressing cybersecurity challenges today, the problem is rooted in digital transformation. Specifically, to make their digital operations ever more flexible and agile, enterprises have grown ever more reliant on third-party software developers. …more

Q&A: Here’s why robust ‘privileged access management’ has never been more vital

By Byron V. Acohido

Malicious intruders have long recognized that getting their hands on privileged credentials equates to possessing the keys to the kingdom. This is because privileged accounts are widely deployed all across modern business networks — on-premises, in the cloud, across DevOps environments and on endpoints.

Related: California enacts pioneering privacy law

However, lacking robust protection, privileged accounts, which are intended to give administrators the access they need to manage critical systems, can instead be manipulated to enable attackers to move laterally across an organization’s network.

In recognition of the significant security risks privileged accounts can pose, industry research firm Gartner recently released the first-ever Magic Quadrant for Privileged Access Management.1-

Last Watchdog asked Adam Bosnian, executive vice president at CyberArk – the company that pioneered the market – to put into context how much can be gained by prioritizing privilege in today’s dynamic, fast-evolving digital business landscape. Here are excerpts edited for clarity and length:

LW: Why is privileged access management so important?

Bosnian: Privileged access has become the fulcrum of the success or failure of advanced attacks. Nearly 100 percent of all advanced attacks involve the compromise of privileged credentials.

This is a mounting challenge for organizations because privileged accounts exist and ship in every single piece of technology, including servers, desktops, applications, databases, network devices and more.  …more

Q&A: Why emerging IoT platforms require the same leading-edge security as industrial controls

By Byron V. Acohido

The heyday of traditional corporate IT networks has come and gone.

In 2019, and moving ahead, look for legacy IT business networks to increasingly intersect with a new class of networks dedicated to controlling the operations of a IoT-enabled services of all types, including smart buildings, IoT-enabled healthcare services and driverless cars.

Related podcast: Why the golden age of cyber espionage is upon us

This coming wave of IoT networks, architected to carry out narrowly-focused tasks, will share much in common with the legacy operational technology, or OT, systems long deployed to run physical plants — such as Industrial Control Systems (ICS,)  Supervisory Control and Data Acquisition (SCADA ,) Data Control System (DCS,) and Programmable Logic Controller (PLC.)

The global cybersecurity community is keenly aware of these developments and earnest discussions are underway about how to deal with the attendant security exposures. This includes a rising debate about the efficacy of the Common Vulnerability Scoring System, or CVSS.  Initially introduced in 2005, CVSS is a framework for rating the severity of security vulnerabilities in software.

Last Watchdog recently sat down with a couple of senior executives at Radiflow, a Tel Aviv-based supplier of cybersecurity solutions for ICS and SCADA networks, to get their perspective about how NIST and ICS-CERT, the two main organizations for disclosing and rating vulnerabilities, are sometimes not aligned. Radiflow currently is conducting this survey to collect feedback from IT and OT professionals about the ramifications of this conflict.

Radiflow expects to release its survey findings in late January. This is not just another arcane tussle among nerdy IT professionals. New vulnerabilities and exposures are part and parcel of accelerating the deployment of vast distributed systems, fed by billions of IoT sensors. And they must be fully addressed if digital commerce is to reach its full potential. Here are excerpts of my discussion about this with Radiflow’s CEO Ilan Barda and CTO Yehonatan Kfir, edited for clarity and length:

LW: As we move forward with digital transformation and the Internet of Things, is it becoming more urgent to think about how we protect OT systems?

Barda: Yes. The risks are growing for two reasons. One is the fact that there are more and more of these kinds of OT networks, …more

Port Covington, MD re-emerges as ‘CyberTown, USA’ — ground zero for cybersecurity research

By Byron V. Acohido

When CyberTown, USA is fully built out, it’s backers envision it emerging as the world’s premier technology hub for cybersecurity and data science.

DataTribe, a Fulton, MD-based cybersecurity startup incubator, has been a key backer of this ambitious urban redevelopment project, which broke ground last October in Port Covington, MD, once a bustling train stop on the south side of Baltimore.

Related podcast: Enveil commericializes ‘homomorphic encryption’

The brainchild of Under Armour founder Kevin Plank, Goldman Sachs Urban Development Group and Weller Development, the Port Covington project also has the enthusiastic backing of the large population of cybersecurity companies already thriving in the Baltimore-Washington metropolitan area.

Rendering of completed Chapter 1B development of Port Covington. –Weller Development Company

When the 235-acre waterfront parcel opens for business at the end of 2020, a trio of anchor tenants — DataTribe, Silicon Valley-based cybersecurity venture capital firm AllegisCyber, and technology investment and corporate advisory firm Evergreen Adviser —  expect to be joined by 25 to 30 cybersecurity firms, as well as retail and restaurant tenants.

DataTribe itself was co-founded in 2015 by a California venture capitalist, a former CIA officer and an ex-Navy SEAL. It’s mission has been to seek out and assist government cyber specialists in a position to enter the private sector and build commercial cyber and data science companies. DataTribe recruits talent, then provide seed capital, mentoring, infrastructure and follow-on venture funding.

DataTribe co-founder Mike Janke, the ex-Navy SEAL, told Last Watchdog that Port Covington made sense because Maryland boasts a massive pool of nation-state trained cyber security engineering talent, and has long been the wellspring of pivotal data security and data science advances.

“With more than 100,000 cyber-related engineering and data science professionals, Maryland has the no. 1 cyber workforce in the world, and leads the US in cyber employment for classified nation-state jobs,” says Janke, a six-time company founder and CEO. “In today’s digital landscape, engineering talent is the new oil in the ground, and Maryland has the densest concentration of this new digital oil that you’ll find anywhere on the planet.”

Some 40 security-minded federal agencies are located in Maryland, including the National Security Agency, National Institute of Standards and Technology, Defense Information Systems Agency, Intelligence Advanced Research Projects Activity, USCYBERCOM, NASA and DoD Cyber Crime Center.

…more

Q&A: How certifying in-house IT staffers as cyber analysts, pen testers can boost SMB security

By Byron V. Acohido

A security-first mindset is beginning to seep into the ground floor of the IT departments of small and mid-sized companies across the land.

Senior executives at these SMBs are finally acknowledging that a check-box approach to security isn’t enough, and that instilling a security mindset pervasively throughout their IT departments has become the ground stakes.

Related: The ‘gamification’ of cybersecurity  training

Ransomware, business email compromises and direct ACH system hacks continue to morph and intensify. The exposure faced by SMBs is profound. Cyber intruders skilled at taking the quickest route to digitally exfiltrating the largest amount of cash prey on the weak. No small organization can afford to be lackadaisical.

More and more SMBs have begun dispatching their line IT staff to undergo training and get tested in order to earn basic cybersecurity certifications issued by the Computing Technology Industry Association, aka CompTIA, the non-profit trade association that empowers people to build successful tech careers.

Many companies are taking it a step further, selecting certain techies to also receive advanced training and pursue specialty CompTIA certifications in disciplines such as ethical hacking and penetration testing. Last Watchdog recently sat down with James Stanger, CompTIA’s Chief Technology Evangelist, to discuss how and why SMBs have finally come to see the light. Below are excerpts of our discussion edited for clarity and length:

LW: What are the drivers behind SMBs finally ‘getting’ security?

Stanger: It’s two things. First, companies are more reliant on digital systems than ever before. Frankly, a lot of companies got away with using analogue processes for years, and now they’re finally having to adopt the cloud and the Internet of Things. Secondly, businesses with 10 to 250 people generally have felt for a long time that they weren’t big enough to attack. That’s just not the case anymore. …more

Q&A: Reddit breach shows use of ‘SMS 2FA’ won’t stop privileged access pillaging

By Byron V. Acohido

The recent hack of social media giant Reddit underscores the reality that all too many organizations — even high-visibility ones that ought to know better —  are failing to adequately lock down their privileged accounts.

Related: 6 best practices for cloud computing

An excerpt from Reddit’s mea culpa says it all:  “On June 19, we learned that between June 14 and June 18, an attacker compromised a few of our employees’ accounts with our cloud and source code hosting providers. Already having our primary access points for code and infrastructure behind strong authentication requiring two factor authentication (2FA), we learned that SMS-based authentication is not nearly as secure as we would hope, and the main attack was via SMS intercept. We point this out to encourage everyone here to move to token-based 2FA.”

It’s safe to assume that Reddit has poured a small fortune into security, including requiring employees to use SMS-delivered one-time passcodes in order to access sensitive company assets.

But here’s the rub: Reddit overlooked the fact that SMS 2FA systems are useful only up to a point. It turns out they can be subverted with just a modicum of effort. SIM card hijacking, for instance, is a scam in which a threat actor persuades the phone company to divert data to a new address. And then there’s SS7 hacking, which leverages known flaws in the global SMS infrastructure to intercept data in transit — including passcodes.

In fact, SMS attacks are being refined and improved daily. This is because they are useful in targeting big companies. This summer alone, in the wake of the Reddit hack, British mobile phone retailer Carphone Warehouse, ticketing giant Ticketmaster, telecom company T-Mobile and British Airways disclosed huge data compromises of similar scale and methodology. …more