Home Podcasts Videos Guest Posts Q&A My Take Bio Contact
 

Steps forward

 

MY TAKE: How ‘CAASM’ can help security teams embrace complexity – instead of trying to tame it

By Byron V. Acohido

The shift to software-defined everything and reliance on IT infrastructure scattered across the Internet has boosted corporate productivity rather spectacularly.

Related: Stopping attack surface expansion

And yet, the modern attack surface continues to expand exponentially, largely unchecked. This dichotomy cannot be tolerated over the long run.

Encouragingly, an emerging class of network visibility technology is gaining notable traction. These specialized tools are expressly designed to help companies get a much better grip on the sprawling array of digital assets they’ve come to depend on. Gartner refers to this nascent technology and emerging discipline as “cyber asset attack surface management,” or CAASM.

I sat down with Erkang Zheng, founder and CEO of JupiterOne, a Morrisville, NC-based CAASM platform provider, to discuss how security got left so far behind in digital transformation – and why getting attack surface management under control is an essential first step to catching up.

For a full drill down, please give the accompanying podcast a listen. Here are my takeaways:

NEW TECH SNAPSHOT: Can ‘CAASM’ help slow, perhaps reverse, attack surface expansion?

By Byron V. Acohido

Defending companies as they transition to cloud-first infrastructures has become a very big problem – but it’s certainly not an unsolvable one.

Coming Wed., May 18: How security teams can help drive business growth — by embracing complexity. 

The good news is that a long-overdue transition to a new attack surface and security paradigm is well underway, one built on a fresh set of cloud-native security frameworks and buttressed by software-defined security technologies.

It strikes me that the security systems we will need to carry us forward can be divided into two big buckets: those that help organizations closely monitor network traffic flying across increasingly cloud-native infrastructure and those that help them keep their critical system configurations in shipshape.

There’s a lot percolating in this second bucket, of late. A bevy of cybersecurity vendors have commenced delivering new services to help companies gain visibility into their cyber asset environment, and remediate security control and vulnerability gaps continuously. This is the long-run path to slowing the expansion of a modern attack surface.

“The challenge is that cyber assets are exploding out of control and security teams are having a hard time getting a grasp on what’s going on,” says Ekrang Zheng, founder and CEO of JupiterOne, a Morrisville, NC-based asset visibility platform. “But at the same time, because everything is now software-defined, we actually can approach this problem with a data-driven and an automation-driven mechanism.”

JupiterOne is in a group of cybersecurity vendors that are innovating new technology designed to help companies start doing what they should have done before racing off to migrate everything to the cloud. What happened was that digital transition shifted into high gear without anyone giving due consideration to the security gaps they were creating.

The need to start doing this is glaring; so the rise of specialized technology to get this done is a welcomed development.

Indeed, research firm Gartner very recently created yet … more

GUEST ESSAY: The many ways your supply chain is exposing your company to a cyber attack

By Josel Lorenzo

It’s a scenario executives know too well.

Related: Third-party audits can hold valuable intel

You and your cybersecurity team do everything correctly to safeguard your infrastructure, yet the frightening alert still arrives that you’ve suffered a data breach.

It’s a maddening situation that occurs far more often than it should.

One of the main culprits for these incredibly frustrating attacks has not so much to do with how a team functions or the protocols a company employs, but instead, it’s a procurement issue that results from supply-chain shortcomings and the hard-to-detect vulnerabilities layered into a particular device.

“The same technologies that make supply chains faster and more effective also threaten their cybersecurity,” writes David Lukic, a privacy, security, and compliance consultant. “Supply chains have vulnerabilities at touchpoints with manufacturers, suppliers, and other service providers.”

The inherent complexity of the supply chain for modern technology is a reason why so many cybercrime attempts have been successful. Before a device reaches the end user, multiple stakeholders have contributed to it or handled it.

GUEST ESSAY: Rising global tensions put us a few lines of code away from a significant cyber event

By Emil Sayegh

Reflecting on the threats and targets that we are most concerned with given the Russia-Ukraine war, cybersecurity is now the front line of our country’s wellbeing. Cyber threats endanger businesses and individuals — they can affect supply chains, cause power grid failures, and much more.

Related: Reaction to Biden’s cybersecurity order

This growing environment of risks and increasingly aggressive adversaries demand our readiness, yet our national response continues to be largely reactive to threat conditions. History shows how a small event built on daisy-chained circumstances can kick off a catastrophe, or even a shooting war.

As the war in Ukraine endures and as countries around the world align, a rising threat emerges from Russian sources, adversarial states, unscrupulous opportunists, and a shadow world of 5th column provocateurs. An 800% increase in activities was observed in the first 48 hours of the invasion alone, and scanning and probes on domestic network infrastructures are reaching historic highs.

Cyber vs kinetic warfare

This is a heightened condition of hostilities that will continue and extend beyond physical engagements. We must confront the fact that globally sourced cyberattacks are the essence of modern warfare. It is simpler, cheaper, and more impactful to run a cyberattack campaign than a traditional kinetic act of war.

GUEST ESSAY: Best practices checklists each individual computer user still needs to follow

By Peter Stelzhammer

In the days of non-stop attacks on personal and work devices, the common day consumer wouldn’t know where to begin in order to protect their devices.

Related: Apple’s privacy stance questioned

The rise of attacks is unavoidable and with the everyday announcement of a new strain of malware, ransomware and now data wipers, consumers find themselves asking: where do I start? How do I do this?

Whether you are focused on your home computer, work laptop or business operating system as a whole, it’s important to learn the key steps you can take to ensure your defenses are active and up to date.

Update checklist

•Use and keep your security software (i.e. anti-virus program) up to date and turned on. Many users switch off their real-time protection to gain some speed, but safety should come before. We strongly recommend making sure that you use the latest version of the anti-virus software, and for that matter of any software that you are using on your computer. Newest versions come with improved and additional features to enhance software capability.

•Keep your firewall turned on. Software based firewalls are widely recommended for single computers, while hardware firewalls are typically provided with routers for networks. Some operating systems provide native software firewalls (such as Windows OS). For Microsoft Windows home users we recommend using the firewall in its default settings.

GUEST ESSAY: Leveraging ‘zero trust’ and ‘remote access’ strategies to mitigate ransomware risks

By Den Jones

Ransomware? I think you may have heard of it, isn’t the news full of it? Well, the stats are even scarier with over 50% increase in ransomware attacks in 2021, compared to 2020.

Related: Make it costly for cybercriminals

The media paid close attention to ransomware attacks last year, as they had a significant impact on Colonial Pipeline, the nation’s largest fuel distributor, and JBS, the nation’s largest meat distributor. In fact, Colonial Pipeline shut down, causing major problems at the gas pumps for days.

When these ransomware attacks occurred, RiskyBiz podcast host Patrick Grey commented that the U.S. would respond: “Don’t take away our gas or burgers.” What an outstanding response! And, he’s not wrong. When supply chain attacks start impacting everyone’s daily life, it becomes very real for us all.

Ransomware is likely going to be here for years to come. It’s such a big industry that Ransomware-as-a-Service (RaaS) actually offers criminals customer service and tech support. This means it’s now a commoditized industry leveraging backend services and capabilities all built for scale.

Best practices

Let’s walk through some practical steps organizations can take today, implementing zero trust and remote access strategies to help reduce ransomware risks:

•Obvious, but difficult – get end users to stop clicking unknown links and visiting random websites that they know little about, an educational challenge. As an enterprise security team, you could restrict internet access at your egress points, but this doesn’t do much when the workforce is remote.

GUEST ESSAY: A primer on Biden’s moves to protect U.S. water facilities from cyber attacks

By Ilan Barda

Potable water and wastewater management is a top priority for cybersecurity professionals and the Biden administration alike. With new regulations and funding, companies must find the best way to implement and manage cybersecurity to protect these systems.

Related: Keeping critical systems patched

As the US federal government begins to put its eye on securing more of its infrastructure against the rising risk of large-scale cybersecurity attacks, a late January statement from the White House has put its eye on securing water facilities.

The U.S. Environmental Protection Agency (EPA), the National Security Council (NSC), the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), and the Water Sector Coordinating Council and Water Government Coordinating Council (WSCC/GCC), are taking part in President Biden’s Industrial Control Systems (ICS) Initiative. This is part of National Security Memorandum 5, Improving Cybersecurity for Critical Infrastructure Control Systems.