Home Podcasts Videos Guest Posts Q&A My Take Bio Contact
 

NEW TECH: CASBs continue evolving to help CISOs address multiplying ‘cloud-mobile’ risks

By Byron V. Acohido

It can be argued that we live in a cloud-mobile business environment.

Related: The ‘shared responsibility’ burden

Most organizations are all caught up, to one degree or another, in migrating to hybrid cloud networks. And startups today typically launch with cloud-native IT infrastructure.

Mobile comes into play everywhere. Employees, contractors, suppliers and customers consume and contribute from remote locations via their smartphones. And the first tools many of them grab for daily is a cloud-hosted productivity suite: Office 365 or G Suite.

The cloud-mobile environment is here to stay, and it will only get more deeply engrained going forward. This sets up an unprecedented security challenge that companies of all sizes, and in all sectors, must deal with. Cloud Access Security Brokers (CASBs), referred to as “caz-bees,” are well-positioned to help companies navigate this shifting landscape.

I had the chance to discuss this with Salah Nassar, vice president of marketing at CipherCloud, a leading San Jose, CA-based CASB vendor. We met at RSA 2020 and had a lively discussion about how today’s cloud-mobile environment enables network users to bypass traditional security controls creating gaping exposures, at this point, going largely unaddressed.

MY TAKE: Why COVID-19 ‘digital distancing’ is every bit as vital as ‘social distancing’

By Byron V. Acohido

As coronavirus-themed cyber attacks ramp up, consumers and companies must practice digital distancing to keep themselves protected.

Related: Coronavirus scams leverage email

As we get deeper into dealing with the coronavirus outbreak, the need for authorities and experts to communicate reliably and effectively with each other, as well as to the general public, is vital.

That, of course, presents the perfect environment for cybercrime that pivots off social engineering. Sadly, coronavirus phishing and ransomware hacks already are in high gear.

“There’s a special ring of hell reserved for those who take advantage of a public health crisis to make money,” says Adam Levin, founder and chairman of CyberScout, a Scottsdale, AZ-based  supplier of identity and data theft recovery services. I agree wholeheartedly with Levin on this, as I imagine most folks would.

Social engineering invariably is the first step in cyber attacks ranging from phishing and ransomware to business email compromise (BEC) scams and advanced persistent threat (APT) hacks.

“While this kind of fraud is the new normal, often fine-tuned for specific holidays and big news stories, a global health disaster creates an even more fertile field than usual for fraudsters,” Levin observes.

SHARED INTEL: New book on cyber warfare foreshadows attacks on elections, remote workers

By Byron V. Acohido

It’s difficult to convey the scope and scale of cyber attacks that take place on a daily basis, much less connect the dots between them.

Related: The Golden Age of cyber spying

A new book by Dr. Chase Cunningham —  Cyber Warfare – Truth, Tactics, and Strategies —   accomplishes this in a compelling, accessible way. Cunningham has the boots-on-the-ground experience and storytelling chops to pull this off. As a  cybersecurity principal analyst at Forrester,  he advises enterprise clients on how to stay in front of the latest iterations of cyber attacks coming at them from all quarters.

Cunningham’s 19 years as a US Navy chief spent in cyber forensic and cyber analytic operations included manning security controls at the NSA, CIA and FBI. He holds a PhD and MS in computer science from Colorado Technical University and a BS from American Military University focused on counter-terrorism operations in cyberspace.

Cunningham sets the table in Cyber Warfare by relating detailed anecdotes that together paint the bigger picture. Learning about how hackers were able to intercept drone feed video from CIA observation drones during the war in Iraq, for instance, tells us a lot about how tenuous sophisticated surveillance technology really can be, out in the Internet wild.

And Cunningham delves into some fascinating, informative nuance about industrial systems attacks in the wake of Stuxnet. He also adds historical and forward-looking context to the theft and criminal deployment of the Eternal Blue hacking tools, which were stolen from the NSA, and which have been used to cause so much havoc, vis-à-vis WannaCry and NotPetya. What’s more, he comprehensively lays out why ransomware and deep fake campaigns are likely to endure, posing a big threat to organizations in all sectors for the foreseeable future.

NEW TECH: Why it makes more sense for ‘PAM’ tools to manage ‘Activities,’ instead of ‘Access’

By Byron V. Acohido

Privileged Access Management (PAM) arose some 15 years ago as an approach to restricting  access to sensitive systems inside of a corporate network.

Related: Active Directory holds ‘keys to the kingdom’

The basic idea was to make sure only the folks assigned “privileged access’’ status could successfully log on to sensitive servers. PAM governs a hierarchy of privileged accounts all tied together in a Windows Active Directory (AD) environment.

It didn’t take cyber criminals too long to figure out how to subvert PAM and AD – mainly by stealing or spoofing credentials to log on to privileged accounts. All it takes is one phished or hacked username and password to get a toehold on AD. From there, an intruder can quickly locate and take control of other privileged accounts. This puts them in position to systematically embed malware deep inside of compromised networks.

Shoring up legacy deployments of PAM and AD installations has become a cottage industry unto itself, and great strides have been made. Even so, hacking groups continue to manipulate PAM and AD to plunder company networks. And efforts to securely manage privileged access accounts isn’t going to get any easier, going forward, as companies increase their reliance on hybrid IT infrastructures.

I had the chance to discuss this with Gerrit Lansing, Field CTO at Stealthbits Technologies, a Hawthorne, NJ-based supplier of software to protect sensitive company data. We spoke at RSA 2020. For a full drill down of our discussion, give the accompanying podcast a listen. Here are the key takeaways.

Enticing target

For 90 percent of organizations, Windows Active Directory is the hub for all identities, both human and machine. AD keeps track of all identities and enables all human-to-machine and machine-to-machine communications that take place on the network. PAM grants privileges to carry out certain activities on higher level systems.

NEW TECH: Semperis introduces tools to improve security resiliency of Windows Active Directory

By Byron V. Acohido

Ransomware continues to endure as a highly lucrative criminal enterprise.

Ransomware hacking groups extorted at least $144.35 million from U.S. organizations between January 2013 and July 2019. That’s the precise figure recently disclosed by the FBI — the true damage is almost certainly a lot steeper, given only a portion of cyber crimes ever get reported to law enforcement.

To get a foot in the door, ransomware purveyors direct weaponized email at a targeted employee. Once inside a network, they move laterally to locate and encrypt mission-critical systems; a ransom demand for a decryption key follows. In many cases, the lateral movement phase is being facilitated by the hijacking of an ubiquitous network administrator’s tool: Windows Active Directory, or AD.

I had a chance, once again, to discuss the yin vs. yang relating to Active Directory’s pivotal placement in the heart of corporate networks with Mickey Bresman,  co-founder and CEO of Semperis, an identity-driven cyber resilience company based in the new World Trade Center in Lower Manhattan. We met at RSA 2020. For a drill down on our discussion, give the accompanying podcast a listen. Here are key excerpts.

Ransomware uptick

AD enables IT staffers to manage access to servers and applications across the breadth of any Windows-based network; it’s used in 90 percent of U.S. organizations, which translates into tens of thousands of companies and agencies. In the spring of 2017, the WannaCry and NotPetya ransomware worms blasted around the globe, freezing up the Active Directory systems of thousands of companies.

SHARED INTEL: Study shows mismanagement of ‘machine identities’ triggers $52 billion in losses

By Byron V. Acohido

In one sense, digital transformation is all about machines.

Related: Authenticating IoT devices

Physical machines, like driverless vehicles and smart buildings; but, even more so, virtual machines. I’m referring to the snippets of “microservice” coding placed inside of modular software “containers” that get mixed and matched in “storage buckets,” and then processed in  “serverless computers” residing in the Internet cloud.

These virtual machines – which happen to be mushrooming in number — underly the physical machines. This all adds up to high-speed, agile innovation. But the flip side is that fresh software vulnerabilities are getting spun up, as well. Machines control the flow of all types of sensitive data. As a result, the way in which they connect and authorize communication makes them a primary security risk for organizations. And, cyber criminals, no surprise, are taking full advantage.

Now comes a study from Boston-based consultancy Air Worldwide that puts some hard numbers on the degree to which threat actors are plundering virtual machines. The report, titled The Economic Impact of Machine Identity Breaches, was commissioned by Salt Lake City, UT-based security vendor Venafi.

According to the study, poor management of machine identities leads directly to an estimated $52 billion to $72 billion in losses annually. What’s more, large enterprises, i.e. those with $2 billion or more in annual revenue, are getting hit twice as hard as smaller organizations, when it comes to cyber attacks that exploit anemic protections for machine identities.

I had a chance to visit once again with Jeff Hudson, Venafi’s outspoken CEO at RSA 2020. We had a lively discussion about the backdrop of the study, and its going-forward implications. For a full drill down, please give the accompanying podcast a listen. Here are excerpts, edited for clarity and length:

STEPS FORWARD: How the Middle East led the U.S. to implement smarter mobile security rules

By Byron V. Acohido

We’ve come to rely on our smartphones to live out our digital lives, both professionally and personally.

When it comes to securing mobile computing devices, the big challenge businesses have long grappled with is how to protect company assets while at the same time respecting an individual’s privacy.

Reacting to the BYOD craze, mobile security frameworks have veered from one partially effective approach to the next over the past decade. However, I recently learned about how federal regulators in several nations are rallying around a reinvigorated approach to mobile security: containerization. Containerizing data is a methodology that could anchor mobile security, in a very robust way, for the long haul.

Interestingly, leadership for this push came from federal regulators in, of all places, the Middle East.  In May 2017, the Saudi Arabian Monetary Authority (SAMA) implemented its Cyber Security Framework mandating prescriptive measures, including a requirement to containerize data in all computing formats. A few months later the United Arab Emirates stood up its National Electronic Security Authority (NESA) which proceeded to do much the same thing.

Earlier this year, US regulators essentially followed the Middle East’s lead by rolling out sweeping new rules — referred to as Cybersecurity Maturity Model Certification (CMMC)  — which require use of data containerization along much the same lines as Saudi Arabia and the UAE mandated some three years ago. The implementation of CMMC represents a big change from past U.S. federal data handling rules for contractors, for which compliance was by-and-large voluntary.