Home Podcasts Videos Guest Posts Q&A My Take Bio Contact
 

Steps forward

 

NEW TECH: Can Project Furnace secure DX — by combining serverless computing and GitOps?

By Byron V. Acohido

Assuring the privacy and security of sensitive data, and then actually monetizing that data, — ethically and efficiently — has turned out to be the defining challenge of digital transformation.

Today a very interesting effort to address this complex dilemma is arising from the ferment, out of the UK. It’s called Project Furnace, an all-new open source software development platform.

Related: The need to fold ‘SecOps’ into ‘DevOps’

I had the chance to sit down with Furnace Ignite’s co-founders: John Blamire, chief operating officer, and Danny Waite, chief technology officer,  for a pre-launch briefing.

They walked me through how Project Furnace began as a quest to improve the output of SIEM (security information and event management) systems.

However, beyond improving legacy appproachs to network security, Blamire and Waite explained why they firmly believe Furnace could ultimately accelerate the design and implementation of all smart software — the next generation of apps destined to run everything from our shopping experiences to our driverless cars and our smart homes and cities. Here are takeaways from our meeting:

DX context

Furnace, in essence, seeks to aid and abet digital transformation, or DX, the ongoing digitization of essentially all human endeavors into a machine-readable format that can be automatically acted upon. DX is the wider context, here, in the sense that DX is made possible because of the rise of “datafication” — the processes by which we’ve come to rapaciously collect and store mind-boggling amounts of data from web forms, social media, mobile apps, surveillance cameras, IoT sensors and the like.

In 2016, Waite was assigned the task of coming up with a much better way to extract …more

Q&A: Here’s why robust ‘privileged access management’ has never been more vital

By Byron V. Acohido

Malicious intruders have long recognized that getting their hands on privileged credentials equates to possessing the keys to the kingdom. This is because privileged accounts are widely deployed all across modern business networks — on-premises, in the cloud, across DevOps environments and on endpoints.

Related: California enacts pioneering privacy law

However, lacking robust protection, privileged accounts, which are intended to give administrators the access they need to manage critical systems, can instead be manipulated to enable attackers to move laterally across an organization’s network.

In recognition of the significant security risks privileged accounts can pose, industry research firm Gartner recently released the first-ever Magic Quadrant for Privileged Access Management.1-

Last Watchdog asked Adam Bosnian, executive vice president at CyberArk – the company that pioneered the market – to put into context how much can be gained by prioritizing privilege in today’s dynamic, fast-evolving digital business landscape. Here are excerpts edited for clarity and length:

LW: Why is privileged access management so important?

Bosnian: Privileged access has become the fulcrum of the success or failure of advanced attacks. Nearly 100 percent of all advanced attacks involve the compromise of privileged credentials.

This is a mounting challenge for organizations because privileged accounts exist and ship in every single piece of technology, including servers, desktops, applications, databases, network devices and more.  …more

GUEST ESSAY: The case for engaging in ‘threat hunting’ — and how to do it effectively

By Mike James

Modern cyber threats often are not obvious – in fact it is common for them to lurk inside a business’ systems for a long time without anyone noticing. This is referred to as ‘dwell time’, and a recent report from the Ponemon Institute indicates that the average dwell time is 191 days.

Related podcast: The re-emergence of SIEMs

In an ideal world there would no dwell time at all, and threats would be identified before they can penetrate business’ defenses. To achieve this for your organization, it is no longer possible just to run reactive cyber security. It is essential that should invest in a proactive approach – that’s why you need to start threat hunting.

Seeking anomalous activity

Threat hunting is the practice of actively seeking out dangers to cyber security by detecting and eliminating new and emerging threats that are able to evade preventative controls such as firewalls and antivirus software.

It consists of actively looking for anomalous activity that has not been identified by existing tools and involves thorough, on-going analysis of data sources such as network traffic and server logs as well as web and email filter traffic.

Businesses that embrace threat hunting are likely to significantly reduce the dwell time of attacks, identify advanced threats that could otherwise be missed, and enhance security controls and processes. Effective threat hunting requires not only the right tools, but an advanced understanding of the latest tactics and techniques used by criminals. So, what do you need to get started? …more

NetSecOPEN names founding members, appoints inaugural board of directors

SAN JOSE, Calif. – Dec. 11, 2018 – NetSecOPEN, the first industry organization focused on the creation of open, transparent network security performance testing standards, today announced that 11 prominent security vendors, test solutions and services vendors, and testing laboratories have joined the organization as founding members.

Related podcast: The importance of sharing alliances

The organization also announced the appointment of its first board of directors, who will guide NetSecOPEN toward its goal: making open network security testing standards a reality.

These developments signal decisive momentum for the organization, which formed in 2017 to close the gap between proprietary performance metrics and the observed real-world performance of security solutions.  Certification of security product performance today is typically conducted by independent testing laboratories using proprietary testing methodologies.

True “apples-to-apples” evaluations of security products pose a challenge for enterprise buyers, because the methodologies and test criteria differ from lab to lab. NetSecOPEN believes that testing methodology requires greater transparency, consensus, and standardization, and that real-world factors need to be integrated into the testing methodology.

The NetSecOPEN standard is designed to provide metrics that can be used to compare solutions fairly and to understand the impact on network performance of different solutions under the same conditions. The goal is to examine the performance ramifications of a solution with all of that solution’s security features enabled, conveying the true costs of the solution.

“There is great urgency for open, transparent standards for the testing of network security equipment,” said Brian Monkman, executive director of NetSecOPEN. “Today, security professionals face significant challenges when evaluating, deploying, and optimizing new solutions. Similar product specifications may deliver different results, and products often behave differently with real-world traffic than they do in lab environments. …more

GUEST ESSAY: 5 security steps all companies should adopt from the Intelligence Community

By Angela Hill and Edwin Hill

The United States Intelligence Community, or IC, is a federation of 16 separate U.S. intelligence agencies, plus a 17th administrative office.

The IC gathers, stores and processes large amounts of data, from a variety of sources,  in order to provide actionable information for key stakeholders. And, in doing so, the IC has developed an effective set of data handling and cybersecurity best practices.

Related video: Using the NIST framework as a starting point

Businesses at large would do well to model their data collection and security processes after what the IC refers to as the “intelligence cycle.” This cycle takes a holistic approach to detecting and deterring external threats and enforcing best-of-class data governance procedures.

The IC has been using this approach to generate reliable and accurate intelligence that is the basis for making vital national security decisions, in particular, those having to do with protecting critical U.S. infrastructure from cyber attacks.

In the same vein, businesses at large can use the intelligence cycle as a model to detect and deter any attacks coming from foreign intelligence services. Such threats impact more businesses than you may think.

Per a 2017 CNN source, nearly 100,000 agents from as many as 80 nations operate within the United States with the intention of targeting businesses to gain …more

MY TAKE: Why security innovations paving the way for driverless cars will make IoT much safer

By Byron V. Acohido

Intelligent computing systems have been insinuating themselves into our homes and public gathering places for a while now.

But smart homes, smart workplaces and smart shopping malls are just the warm-up act. Get ready for smart ground transportation.

Related: Michigan’s Cyber Range hubs help narrow talent gap

Driverless autos, trucks and military transport vehicles are on a fast track for wide deployment in the next five years. The good news is that there is some very deep, behind-the-scenes research and development work being done to make driverless vehicles safe and secure enough for public acceptance.

I’m encouraged that this work should produce a halo effect on other smart systems, ultimately making less-critical Internet of Things systems much more secure, as well.

These sentiments settled in upon returning from my recent visit to Detroit, Ann Arbor and Grand Rapids. I was part of a group of journalists escorted on a tour of cybersecurity programs and facilities hosted by the Michigan Economic Development Corp., aka the MEDC.

One of our stops was at a freshly-erected skunk works for auto software research set up in a low-slung warehouse – previously a country western bar – in rural Sparta, on the outskirts of Grand Rapids. The warehouse today is home to Grimm, an Arlington, VA – based cyber research firm that specializes in embedded systems security, and whose claim to fame is doing proprietary projects for U.S. military and intelligence agencies.

Deep testing

Grimm received a $216,000 MEDC grant to set up shop in Sparta and direct its expertise towards discovering security flaws in autonomous vehicle systems under development by Detroit’s big car makers. …more

MY TAKE: Michigan’s cybersecurity readiness initiatives provide roadmap others should follow

By Byron V. Acohido

Michigan is known as the Wolverine State in deference to the ornery quadruped that roams its wild country.

However, after a recent visit to Detroit, Ann Arbor and Grand Rapids as a guest of the Michigan Economic Development Corp., or MEDC, I’m prepared to rechristen Michigan the Cybersecurity Best Practices State.

Related: Michigan moves to close the cybersecurity skills gap. 

This new nickname may not roll off the tongue. But it does fit like a glove. (Michigan’s other nickname, by the way, is the Mitten State, referring to the shape of the larger of its two main peninsulas.)

Cobo Center

I was recently privileged to be part of a group of journalists covering the 2018 North American International Cyber Summit at Detroit’s Cobo Convention Center. My reporting trip included meetings with Michigan-based cybersecurity vendors pursuing leading-edge innovations, as well as a tour of a number of thriving public-private cybersecurity incubator and training programs.

It was the latter that jumped out at me. In an age when cybersecurity intelligence sharing and collaboration is in dire need — but all too short supply —  Michigan has quietly and methodically, stood up some well-thought-out programs that could – if not should – be a model for other states to follow.

I had the chance to meet briefly with two-term Gov. Rick Snyder, who is about to leave office and can point to significant strides Michigan has made ‘reinventing’ its economy under his watch. What’s noteworthy, from my perspective, is that Snyder had the foresight to make cybersecurity readiness a key component of his reinvent Michigan strategy, from day one.

Getting proactive

Snyder says his experience as head of Gateway Computers and as an investor in tech security startups, prior to entering politics, gave him an awareness of why putting Michigan ahead of the curve, dealing with cyber threats, would be vital. …more