Home Podcasts Videos Guest Posts Q&A My Take Bio Contact
 

Top Stories

 

GUEST ESSAY: Why the hack of South Korea’s weapons, munitions systems was so predictable

By Pravin Kothari

The disclosure that malicious intruders hacked the computer systems of the South Korean government agency that oversees weapons and munitions acquisitions for the country’s military forces is not much of a surprise.

Related podcast. Evidence shows we’re in ‘Golden Age’ of cyber spying

The breach of some 30 computers of South Korea’s Defense Acquisition Program Administration (DAPA), which is part of the Ministry of National Defense, reportedly occurred last October. News reports this week indicate internal documents, including details of arms procurement for the country’s next-generation fighter aircraft, were pilfered from at least 10 of the hacked computers.

The hackers reportedly manipulated server software and succeeded in siphoning records from connected workstations. Though South Korean officials stopped short of blaming North …more

Comment | Read | January 18th, 2019 | For consumers | For technologists | Guest Blog Post | Top Stories

GUEST ESSAY: What your company should know about addressing Kubernetes security

By Gary Duan

Kubernetes is one of many key enabling technologies of digital transformation that has tended to remain obscure to non-technical company decision makers.

Related podcast: Securing software containers

Kubernetes is an administration console — an open source project from Google that makes containerized software applications easy to  deploy, scale, and manage.

As beneficial as Kubernetes is for orchestrating containerized environments, a maturing set of security best practices must be adhered to for enterprises to ensure that their applications and data are as safe as possible from emerging vulnerabilities and exploits.

The most dangerous attacks on container environments will execute a “kill chain” of events – not striking all at once but instead through a sequence of lateral moves within the dynamic container environment to ultimately take over containers, attack Kubernetes services, or gain unauthorized access.

Attackers are shaping their attacks to take advantage of recently discovered vulnerabilities and systems which have not yet been patched or equipped to counter efforts to exploit them. In addition, the discovery of malicious ‘backdoors’ hidden in popular Docker images is another cause for concern.

Three recent examples illustrate this seemingly endless stream of vulnerabilities that attackers can leverage in a containerized environment: the Dirty Cow exploit, the Linux Stack Clash vulnerability, and the even more recently discovered CVE-2018-1002105 vulnerability in Kubernetes. Here’s how each inflicts damage: …more

Comment | Read | January 16th, 2019 | For technologists | Guest Blog Post | Top Stories

Q&A: Here’s why robust ‘privileged access management’ has never been more vital

By Byron V. Acohido

Malicious intruders have long recognized that getting their hands on privileged credentials equates to possessing the keys to the kingdom. This is because privileged accounts are widely deployed all across modern business networks — on-premises, in the cloud, across DevOps environments and on endpoints.

Related: California enacts pioneering privacy law

However, lacking robust protection, privileged accounts, which are intended to give administrators the access they need to manage critical systems, can instead be manipulated to enable attackers to move laterally across an organization’s network.

In recognition of the significant security risks privileged accounts can pose, industry research firm Gartner recently released the first-ever Magic Quadrant for Privileged Access Management.1-

Last Watchdog asked Adam Bosnian, executive vice president at CyberArk – the company that pioneered the market – to put into context how much can be gained by prioritizing privilege in today’s dynamic, fast-evolving digital business landscape. Here are excerpts edited for clarity and length:

LW: Why is privileged access management so important?

Bosnian: Privileged access has become the fulcrum of the success or failure of advanced attacks. Nearly 100 percent of all advanced attacks involve the compromise of privileged credentials.

This is a mounting challenge for organizations because privileged accounts exist and ship in every single piece of technology, including servers, desktops, applications, databases, network devices and more.  …more

Comment | Read | January 14th, 2019 | For technologists | Imminent threats | Q & A | Steps forward | Top Stories

Q&A: Why emerging IoT platforms require the same leading-edge security as industrial controls

By Byron V. Acohido

The heyday of traditional corporate IT networks has come and gone.

In 2019, and moving ahead, look for legacy IT business networks to increasingly intersect with a new class of networks dedicated to controlling the operations of a IoT-enabled services of all types, including smart buildings, IoT-enabled healthcare services and driverless cars.

Related podcast: Why the golden age of cyber espionage is upon us

This coming wave of IoT networks, architected to carry out narrowly-focused tasks, will share much in common with the legacy operational technology, or OT, systems long deployed to run physical plants — such as Industrial Control Systems (ICS,)  Supervisory Control and Data Acquisition (SCADA ,) Data Control System (DCS,) and Programmable Logic Controller (PLC.)

The global cybersecurity community is keenly aware of these developments and earnest discussions are underway about how to deal with the attendant security exposures. This includes a rising debate about the efficacy of the Common Vulnerability Scoring System, or CVSS.  Initially introduced in 2005, CVSS is a framework for rating the severity of security vulnerabilities in software.

Last Watchdog recently sat down with a couple of senior executives at Radiflow, a Tel Aviv-based supplier of cybersecurity solutions for ICS and SCADA networks, to get their perspective about how NIST and ICS-CERT, the two main organizations for disclosing and rating vulnerabilities, are sometimes not aligned. Radiflow currently is conducting this survey to collect feedback from IT and OT professionals about the ramifications of this conflict.

Radiflow expects to release its survey findings in late January. This is not just another arcane tussle among nerdy IT professionals. New vulnerabilities and exposures are part and parcel of accelerating the deployment of vast distributed systems, fed by billions of IoT sensors. And they must be fully addressed if digital commerce is to reach its full potential. Here are excerpts of my discussion about this with Radiflow’s CEO Ilan Barda and CTO Yehonatan Kfir, edited for clarity and length:

LW: As we move forward with digital transformation and the Internet of Things, is it becoming more urgent to think about how we protect OT systems?

Barda: Yes. The risks are growing for two reasons. One is the fact that there are more and more of these kinds of OT networks, …more

Comment | Read | January 8th, 2019 | For consumers | For technologists | Imminent threats | Q & A | Top Stories

Port Covington, MD re-emerges as ‘CyberTown, USA’ — ground zero for cybersecurity research

By Byron V. Acohido

When CyberTown, USA is fully built out, it’s backers envision it emerging as the world’s premier technology hub for cybersecurity and data science.

DataTribe, a Fulton, MD-based cybersecurity startup incubator, has been a key backer of this ambitious urban redevelopment project, which broke ground last October in Port Covington, MD, once a bustling train stop on the south side of Baltimore.

Related podcast: Enveil commericializes ‘homomorphic encryption’

The brainchild of Under Armour founder Kevin Plank, Goldman Sachs Urban Development Group and Weller Development, the Port Covington project also has the enthusiastic backing of the large population of cybersecurity companies already thriving in the Baltimore-Washington metropolitan area.

Rendering of completed Chapter 1B development of Port Covington. –Weller Development Company

When the 235-acre waterfront parcel opens for business at the end of 2020, a trio of anchor tenants — DataTribe, Silicon Valley-based cybersecurity venture capital firm AllegisCyber, and technology investment and corporate advisory firm Evergreen Adviser —  expect to be joined by 25 to 30 cybersecurity firms, as well as retail and restaurant tenants.

DataTribe itself was co-founded in 2015 by a California venture capitalist, a former CIA officer and an ex-Navy SEAL. It’s mission has been to seek out and assist government cyber specialists in a position to enter the private sector and build commercial cyber and data science companies. DataTribe recruits talent, then provide seed capital, mentoring, infrastructure and follow-on venture funding.

DataTribe co-founder Mike Janke, the ex-Navy SEAL, told Last Watchdog that Port Covington made sense because Maryland boasts a massive pool of nation-state trained cyber security engineering talent, and has long been the wellspring of pivotal data security and data science advances.

“With more than 100,000 cyber-related engineering and data science professionals, Maryland has the no. 1 cyber workforce in the world, and leads the US in cyber employment for classified nation-state jobs,” says Janke, a six-time company founder and CEO. “In today’s digital landscape, engineering talent is the new oil in the ground, and Maryland has the densest concentration of this new digital oil that you’ll find anywhere on the planet.”

Some 40 security-minded federal agencies are located in Maryland, including the National Security Agency, National Institute of Standards and Technology, Defense Information Systems Agency, Intelligence Advanced Research Projects Activity, USCYBERCOM, NASA and DoD Cyber Crime Center.

…more

Comment | Read | January 7th, 2019 | Q & A | Top Stories

GUEST ESSAY: The case for engaging in ‘threat hunting’ — and how to do it effectively

By Mike James

Modern cyber threats often are not obvious – in fact it is common for them to lurk inside a business’ systems for a long time without anyone noticing. This is referred to as ‘dwell time’, and a recent report from the Ponemon Institute indicates that the average dwell time is 191 days.

Related podcast: The re-emergence of SIEMs

In an ideal world there would no dwell time at all, and threats would be identified before they can penetrate business’ defenses. To achieve this for your organization, it is no longer possible just to run reactive cyber security. It is essential that should invest in a proactive approach – that’s why you need to start threat hunting.

Seeking anomalous activity

Threat hunting is the practice of actively seeking out dangers to cyber security by detecting and eliminating new and emerging threats that are able to evade preventative controls such as firewalls and antivirus software.

It consists of actively looking for anomalous activity that has not been identified by existing tools and involves thorough, on-going analysis of data sources such as network traffic and server logs as well as web and email filter traffic.

Businesses that embrace threat hunting are likely to significantly reduce the dwell time of attacks, identify advanced threats that could otherwise be missed, and enhance security controls and processes. Effective threat hunting requires not only the right tools, but an advanced understanding of the latest tactics and techniques used by criminals. So, what do you need to get started? …more

Comment | Read | December 26th, 2018 | For technologists | Guest Blog Post | Steps forward | Top Stories

GUEST ESSAY: ‘Tis the season — to take proactive measures to improve data governance

By Todd Feinman

The holiday season is upon us and the bright lights and greenery aren’t the only indicators that we’ve reached December.

Sadly, data breaches often occur at this time of year. Recently we’ve seen major news stories about breaches at Starwood Hotels and Quora.

Related podcast: The need to lock down unstructured data

Last year, at this time, it was announced that there was a significant privacy leak at eBay affecting many customers. And, it was just before the holidays in 2013 that Target announced the infamous breach impacting more than a hundred million people.

The list goes on, and with each incident everyone is always asking the same question — Could this have been prevented and how? Every large brand is acutely aware that securing its data is of foremost importance in today’s world, and that by protecting data you are protecting the brand’s equity.  That should be obvious after what we see in the news, however, it’s not always so straightforward.

According to the Poneman analyst report, The Importance of DLP in Cybersecurity Defense, many organizations still believe, “it’s probably not going to happen to me.” The first step toward fortifying one of the company’s most valuable assets — customer or employee data — is to get to know the data better. …more

Comment | Read | December 10th, 2018 | For technologists | Guest Blog Post | Top Stories

Older Articles »