Home Podcasts Videos Guest Posts Q&A My Take Bio Contact
 

Uncategorized

 

MY TAKE: How ‘CASBs’ are evolving to close the security gaps arising from digital transformation

By Byron V. Acohido

The Cloud Access Security Broker (CASB) space is maturing to keep pace with digital transformation.

Related: CASBs needed now, more than ever

Caz-bees first took shape as a cottage industry circa 2013 to 2014 in response to a cry for help from companies reeling from new Shadow IT exposures: the risk created by early-adopter employees, quite often the CEO, insisting on using the latest smartphone and Software-as-a-Services tools, without any shred of security vetting.

A wave of acquisitions absorbed a half-dozen early CASB startups. One company still actively innovating as an independent CASB is San Jose, CA-based security vendor CipherCloud. I had the chance to visit with CipherCloud CTO Sundaram Lakshmanan at RSA 2019.

We discussed how the basic notion of flowing all data coming into a company’s network — from whatever device or web app — through a cloud gateway for security scanning has become elemental. For a full drill down, give the accompanying podcast a listen. Here are the key takeaways:

Shifting role

As with almost any security solution, the bottom line for CASBs is all about protecting the data — without detracting from users’ experience, and thus eroding productivity.  This is especially important within the cloud. CASBs began by closing glaring security gaps created by the rapid  adoption of mobile devices and cloud tools. Quite naturally, that role is now shifting and expanding.

Now that CASBs have been around for half a decade, companies are figuring out how to utilize them to reinforce specific silos within their IT and security teams. More enterprises are rethinking their internal processes, seeking a more centralized, convenient approach to securing web apps, Lakshmanan told me.

“At the end of the day, it is about business productivity and helping users get their job done,” he said. Enterprises are starting to understand that as they pursue velocity and scale, …more

Comment | Read | April 5th, 2019 | For technologists | My Take | Podcasts | RSA Podcasts | Top Stories | Uncategorized

MY TAKE: These 7 nation-state backed hacks have put us on the brink of a global cyber war

By Byron V. Acohido

Nation-state backed hacking collectives have been around at least as long as the Internet.

However, evidence that the ‘golden age’ of cyber espionage is upon us continues to accumulate as the first half of 2018 comes to a close.

Related podcast: Obsolescence is creeping into legacy security systems

What’s changed is that cyber spies are no longer content with digital intelligence gathering. Military operatives and intelligence units today routinely hack to knock down critical infrastructure, interfere with elections, and even to exact revenge on Hollywood studios.

Recently, one of the most powerful and notorious cyber spies on the planet, North Korean General Kim Yong Chol, stepped from obscurity into global celebrity status.

Last month President Trump invited the heretofore obscure General Kim into the White House for an impromptu state visit. For about two hours, Trump exchanged pleasantries with the man who orchestrated North Korea’s devastating hack of Sony Pictures in 2014, the aforementioned revenge caper. The tête-à-tête unfolded as Trump prepared for his summit in Singapore with General Kim’s boss, North Korean despot Kim Jong-un.

Rise of North Korea

It’s notable that, since the Sony Pictures hack, General Kim has steadily gotten more powerful and adept at the cyber spy game. Today he commands a cyber army, some 7,000 hackers and support staff strong, that has emerged as a potent and disruptive force. The Wall Street Journal recently reported that North Korea is cultivating elite hackers much like other countries train Olympic athletes.

Meanwhile, Iran-sponsored cyber operatives are making hay, as well. Trump’s decision …more

Comment | Read | June 28th, 2018 | For consumers | For technologists | Privacy | Top Stories | Uncategorized

MY TAKE: Why Google is labeling websites ‘unsafe’ — what publishers need to do about it

By Byron V. Acohido

One of the things Google’s security honchos have long championed – for the most part out of the public spotlight  — is to make HTTPS Transport Layer Security (TLS) the de facto standard for preserving the integrity of commercial websites.

TLS and its predecessor, Secure Sockets Layer, (SSL), rely on digital certificates to validate that a website is really what it claims to be. In an environment where spoofed and booby-trapped websites have come to clutter the Internet, this is a vital function.

Related article: How the PKI ecosystem can secure IoT

TLS also leverages public key infrastructure (PKI) encryption to protect the data submitted by users at legit sites. Companies, known as Certificate Authorities (CAs,) play a pivotal role issuing TLS certificates and assisting website owners with implementation of PKI.

For the most part, this arrangement has worked very well, although, like anything else in security, it can be improved. On March 15, Google will take a bold step to strengthen TLS – it will advance the process of ending trust in hundreds of thousands of TLS certificates issued by Symantec, the former kingpin CA. With the release of the beta and stable versions of Chrome 66, Google will begin issuing “distrust” alerts to those who visit web sites using any Symantec-rooted certificates issued prior to June 1, 2016.

Engendering trust

Starting Thursday, March 15, this could play out as a rude awakening for web site publishers who haven’t been paying attention. However, the good news is that, thanks to the sudden — and remarkably smooth — handoff of Symantec’s digital certificate …more

One Comment | Read | March 12th, 2018 | My Take | Top Stories | Uncategorized

MY TAKE: Necurs vs. Mirai – what ‘classic’ and ‘IoT’ botnets reveal about evolving cyber threats

By Byron V. Acohido

I’ve written about how botnets arose as the engine of cybercrime, and then evolved into the Swiss Army Knife of cybercrime. It  dawned on me very recently that botnets have now become the bellwether of cybercrime.

This epiphany came after checking in with top experts at Proofpoint, Forcepoint, Cloudflare and Corero — leading vendors that devote significant talent and resources to monitoring and analyzing botnets. I also spoke with SlashNext, a startup that specializes in detecting stealthy botnet activity.

Related article: Russian botnets ignite social media blitz

There’s much we can discern from the distinctive ebb and flow of botnet-borne malicious activity. ‘Classic’ botnets are comprised of vast numbers of infected PCs, servers and virtual computing nodules. One of particular note is called Necurs, a massive botnet-for-hire and the king of delivering phishing email attacks, ransomware campaigns and Banking Trojans.

Then there are any number of smaller, single-purpose botnets owned and operated by nation-state-backed hacking rings. The obvious example: the Russian botnet operators who orchestrated the wave of social media spoofing and propagandizing designed to influence political discourse and meddle in elections in the U.S. and all across Europe. the most recent example: Russian botnets hyped the hyped the #Releasethememo campaign on Twitter to lend credence to Rep. Devin Nunes’, R-Calif.,  secret ‘memo’ purportedly discrediting and disqualifying the FBI from investigating Russia’s meddling in the last U.S. election. That came after Russian botnets fueled wildly conflicting polling results during the 2016 presidential race, and fabricated 6.1 million Twitter followers for then-candidate Trump.

Leonard

Meanwhile, a new generation of Internet of Things botnets has arrived on the scene. IoT botnets, like Mirai and Reaper, are comprised of infected home routers, surveillance cameras and other IoT devices. Monitoring the badness emanating from the likes of Necurs, Mirai and Reaper can tell us a lot about where cyber criminals’ attention is focused – and where it might turn next. “The cyber threat landscape is constantly changing; fashions come and go,” observes Carl Leonard, principal security analyst at Forcepoint. “Cyber criminals are always seeking to increase their return on investment and they’re only going to perform an activity if it’s worthwhile for them and if they can still continue to see success over time.”

Botnets for hire

Let’s start with a basic definition and take a look at the aforementioned Necurs, a preeminent botnet, in terms of delivering malicious payloads. A bot is a computing nodule infected with a small bit of coding that causes it to obey instructions from a command and control server. A botnet is a network of thousands upon thousands of bots under control of an attacker. …more

Comment | Read | March 5th, 2018 | My Take | Top Stories | Uncategorized

NEWS WRAP-UP: Walmart tracks customers’ facial expressions; teachers hacked; Asians seek cyber insurance

By Byron V. Acohido

Week ending Aug. 11. Walmart has filed a patent for video technology to track customers’ facial expressions as they shop, potentially allowing employees to address customer needs before they have to ask. The system would use video to scan for customers who are frustrated or unhappy if they can’t find a product or figure out pricing. The system also could see when a display or product pleases shoppers. According to the patent filing, Walmart says it’s easier to retain existing customers than acquire new ones. Walmart also will use the technology to analyze trends in shoppers’ purchase behavior over time, according to the patent filing. The system links customers’ facial expressions to their transaction data—meaning how much they’re spending and what …more

Comment | Read | August 12th, 2017 | News This Week | Top Stories | Uncategorized

VIDEO: How phishers are coming after you — and what you should do about it

By Byron V. Acohido

The current cybersecurity climate makes it hard not to be cautious of phishing attacks. Forget reclaiming lost family fortunes or assisting Nigerian princes, today’s phishing scams are targeted, complex and incredibly prevalent.

It feels like a new, high-profile phishing attack is getting reported every other month. In May, Google Docs users were being targeted with malicious invitations to edit fictional documents. Before that, DocuSign users were sent bogus emails encouraging them to download a Microsoft Word document that installed malicious malware.

Related infographics: Phishers focus on smaller financial institutions

Despite increased awareness for these attacks and “I’d never fall for that” attitudes, Verizon’s 2017 Data Breach Investigations Report showed that 1 in 14 users fell for a phishing …more

Comment | Read | August 10th, 2017 | Uncategorized

GUEST ESSAY: 6 ways to use a ‘secure code review’ to engrain security during software development

By Amit Ashbel

An application or update is days, or possibly just hours away, from release and you’ve been working hard to ensure that security tools and processes are integrated throughout the development process. You believe you’ve followed all the steps and your app is ready to go, right?

Wrong. You have one more step in the security process before you can give the green light: a secure code review.

Related podcast: How application security testing can dovetail into ‘DevOps’

Ashbel

If you’re wondering what a secure code review is, it’s the process organizations go through to identify and fix potentially risky security vulnerabilities in the late and final stages of development. They …more

2 Comments | Read | August 9th, 2017 | For consumers | For technologists | Guest Blog Post | Uncategorized

Older Articles »