Greg Kelton, Regional Director of Europe at Virsec, is on the frontlines of that revolution. The enemy? Dwell time.

“We’re seeing a monumental shift in the industry – from detection to protection response. So what does that mean? Detection response is the traditional approach to cybersecurity, stemming from traditional tools such as EDRs, WAFs, and so on. The problem with these tools is their dwell time – that’s the key phrase here. Traditional tools will detect an attack but expect a human to respond, dwell time is the interval between detection and response. A typical dwell time is 6-7 days, but ransomware takes milliseconds to kick in – an obvious flaw, right? What we’re trying to do is eradicate dwell time entirely by moving from a reactive to a proactive approach, protection response, or as we like to call it, a probabilistic to deterministic approach,” Kelton said.

It isn’t just dwell time that Kelton takes issue with. He argues that in the current system, a company must suffer a breach before they, or anyone else, can respond. 

“So right now, the game looks like this: A company suffers a zero-day attack, they put their hand up and admit to it, then every other company scrambles to patch their own zero-days before they suffer an attack. What we’re trying to say is: if we reduce dwell time, no-one needs to get attacked. Of course, this is very difficult to do, and isn’t actually in everyone’s best interest. See, a lot of big names make a lot of money reading log files spit out from the runtime – but by this point it’s too late. Once the data has been analysed, correlated, and placed in front of a human, the attack has already been carried out. This is why it’s called a probabilistic approach. Your traditional tools tell you that you have ‘probably’ been attacked, but it’s up to a human to sift through the false positives and determine whether you were actually being attacked. By the time you know, it’s all over,” Kelton said. 

This is where the deterministic approach comes in. Virsec’s technology doesn’t tell you that you might have been attacked, it determines that you have been hacked, and stops it before the damage is done. 

“Attacks are only exposed at the time of execution. This is the problem with tools such as EDRs, they have no insight into execution, and thus have no idea whether code is malicious or not. We only look at the execution. We’re constantly staring at the runtime, be that memory level, web level, or host level, at execution. Then as soon as we see it’s malicious, we stop it. This is the key difference between a deterministic and probabilistic approach – a probabilistic approach employing tools such as EDRs lets you know when there’s something that might be malicious in your network, but by that point it’s too late, it’s on its way to be executed. A deterministic approach cuts down the perimeter solely to the execution stage, determines if the code is trying to do something it shouldn’t, and shuts it down if it needs to,” Kelton said. 

When asked about the performance impacts that come with a deterministic approach, Kelton argued that it isn’t so much a technology problem, but rather to do with how it is perceived. 

“Staring at the runtime is obviously going to be a performance inhibitor, but our tests have found that it’s only around 1-2%. We like to think of our technology as like wearing a bulletproof vest – yes, it will slow you down a bit, but you’re far more protected than you would be without one. The simple question is, do you want to be the guinea pig, the sacrificial lamb that puts their hand up and admits they’ve been hacked so that your competitors can patch their vulnerabilities, or do you want to know you’re protected?” He concluded.

The post A shifting paradigm – Virsec’s deterministic approach to cybersecurity appeared first on IT Security Guru.

One Identity recognised the paradigm shift early. Already an established player in the identity management space, their acquisition of access management provider OneLogin was a key move in cementing the company as a leader in the burgeoning identity space.

Andrew Clarke, Global Head of Channel and Strategic Alliances at One Identity, and a veteran of the cybersecurity industry, provided fascinating insight into contemporary identity and access management, and how One Identity fits into the narrative.

“Up until recently, our portfolio only included Identity Governance and Administration (IGA), Privileged Access Management (PAM), and AD Management and Security. Our strategic acquisition of OneLogin rounded out our portfolio by adding Identity and Access Management (IAM). This is important because IAM is the final piece of the portfolio, it realises our vision of a unified identity security management platform”, he said.

As the dust kicked up by COVID-19 began to settle, security professionals at long last were able to step back and examine the havoc it wreaked on the cybersphere. Clarke believes that the OneLogin acquisition came at the perfect time – just when the world needed a unified identity security management platform, One Identity provided it.

“We recognised the increased demand for identity security management platforms as it became apparent that remote working wasn’t going anywhere, and realised that there was a huge gap in the market for a unified identity security management platform. In the old days, security was all about perimeters, everything inside the firewall was protected – this is no longer true – businesses need to control identity at an individual level. The entire cybersecurity space has shifted from physical protective security, to Identity and Access Management portfolios which are built around people,” Clarke said.

Aside from the dawn of remote working, Clarke believes that regulations have played a major role in bringing forth a new era of identity management.

“While I do think that remote working was the most important factor in attitude changes towards identity and access management, it’s closely followed by the introduction of regulations such as GDPR. When regulations were first introduced, many companies were confused as to how they applied to them – but it’s common sense really. When the pandemic hit, data was moved into the cloud at a speed and scale we had never seen, and likely will not see again. If employees need to access data from outside the premises and there isn’t rigorous security in place, it’s very likely that someone will break into that data. I think a lot of companies didn’t realise this. GDPR and other regulations have forced organisations to think about the risks inherent with remote working,” he said.

Clarke also says that One Identity’s platform works to simplify an increasingly complex problem. For organisations attempting to navigate the murky waters of GDPR and remote working, a unified identity security management platform isn’t just a map – it’s a fully fledged GPS system.

“Organisations should be dedicating time and resources towards driving business and providing value for their own customers. Before we launched our unified identity security management platform – which is a unique proposition – businesses were forced to purchase separate platforms for each facet of identity management. This means building and maintaining multiple relationships, getting acquainted with multiple technologies, paying multiple invoices. By combining the four key elements of identity management, this problem goes away, allowing our customers to dedicate their time to what’s really important – their business,” Clarke said.  

Clarke recognises that effective technology isn’t enough – the message needs to resonate with and get in front of customers. Not only is the company recognised as a leader in the identity management space by Gartner, but the channel also plays a crucial role in One Identity’s success, which can be attributed to its partnerships and healthy, productive relationships across the globe. 

“From a technology perspective, we build the best and get it validated. But how do we show this off to our target market? The answer is through partnerships. Our partner programme – which spans across businesses of all sizes – really is second to none. We provide our partners with an experience that allows them to speak accurately and intelligently about our technology, in order to best represent our interests. What’s more, our extensive partner portfolio allows potential customers to select who they think would be the best fit, which in turn increases the likelihood of customer success. And at the end of the day, that’s what we really care about,“ Clarke concluded. 

The post A conversation with Andrew Clarke, Global Head of Channel and Strategic Alliances at One Identity appeared first on IT Security Guru.

Lookout was founded in 2007 as an endpoint security service, but the acquisition of CipherCloud in March of 2021 marked the beginning of the company’s expansion into cloud security. Since then, Lookout has already facilitated huge advances within the cloud security sector. 

“Cloud security revolves around companies moving data and workloads into the cloud, our focus is securing the private data centres that store said data. Traditionally, the three elements of cloud security – software as a service (SaaS), enterprise applications that have been moved into the cloud, and traditional web access – are secured by three separate applications: Cloud Access Security Brokers (CASB), VPNs and zero trust technology, and secure web gateways respectively. Lookout and some other forward-thinking vendors have consolidated those applications into a single platform, defined by Gartner as a Security Service Edge (SSE),” Jim said. 

While Lookout isn’t the only company that has recognised the value of SSEs, Jim firmly believes that not only is his platform superior, but the company’s approach to cloud security as a whole is unique. 

“We are of the opinion that data is the most important thing in our business, and that our data-centric approach differentiates us from our competitors. We are unique in our conviction that security should be about data protection. A huge part of our business model lies in data loss protection (DLP) and encryption, and our primary focus is protecting key data in the cloud. This, combined with our common platform, sets us apart from any other vendor in the cloud security space,” he said. 

Looking to the future, Jim sees cloud security as the emerging trend in cybersecurity. He argues that COVID-19 and the shift to remote working accelerated the move to the cloud by as much as five years, with the security industry still playing catch up. 

“When the world first went into lockdown, IT professionals scrambled to move as much data as possible onto the cloud as fast as they could – this was necessary for business continuity as employees were forced to work from home. It’s important to remember that the work from home revolution was supported almost entirely by the cloud. Now that the dust has settled, we believe it’s essential that we shift our focus back to security.” 

Jim also believes that the impacts of regulations such as GDPR will only continue to grow in significance as organisations settle into their use of the cloud. 

“Let me give you an example of how important cloud security is now. Some of our customers are hospitals, and during the pandemic they had to move patient health records into the cloud. While this is great for accessibility, organisation and cost effectiveness, the move into the cloud exposed vast quantities of sensitive patient data – we cannot go any longer without addressing these issues, and that’s where Lookout comes in,” he said. 

Aside from cloud security, Jim says that identity management is a key facet of Lookout’s future. Just this month Lookout acquired SaferPass, a password management company, with the intent of providing both endpoint and cloud security, alongside identity management as a holistic package, particularly to midsize businesses. 

The post A conversation with Jim Dolce, CEO of Lookout appeared first on IT Security Guru.

Cybersecurity and compliance are now essential pillars within the modern enterprise. They are integral to the business continuity and legal responsibility of every organization, large or small.  What’s more, these obligations are exponentially more complex than they were just 5 years ago. However, since these are relatively new obligations that means finding the best vendors and understanding the right services for your company can be uncharted territory for your team. With this in mind, the team at the IT Security Guru has compiled a comprehensive list of the industry-leading solutions that every company needs for a well-rounded and robust cybersecurity and compliance program.  

First, we will help you make sense of the complicated web of cybersecurity solutions. Shown below in ‘figure 1’, are the many intertwined and interwoven cybersecurity services and vendors. It’s likely that not all of these will be relevant to every business, so it’s crucial for you to develop an understanding of which vendor would be most appropriate for your company/industry before beginning the buying process. What follows is a list of IT Security Guru’s ‘best in class’ recommendations for cybersecurity purchasing in 2022, based on our extensive industry knowledge, research, and comparative analysis, based on value for money and convenience, we selected the best vendors with the best products and services for every industry.  

“Best in Class” 2022  

Cybersecurity & Compliance Services: Cerberus Sentinel   

 When it comes to protecting your company against cyber-attacks and ensuring regulatory compliance it’s best to look at these obligations in aggregate rather than separately. They are so heavily codependent that it just makes your life easier if they are approached this way. However, it is nearly impossible to handle them this way since they are typically handled by a constellation of service providers. This multi-vendor approach, while common practice today, is far too complicated to be considered a ‘best in class’ solution. For this reason, we have selected Cerberus Sentinel as the ‘Best in Class’ provider for their holistic approach to Cybersecurity and Compliance Services. They are pioneering an end-to-end offering that provides both services from one company. The secret to their success is that their services are delivered by dedicated teams of experts for each program who work collaboratively to solve your cybersecurity and compliance needs.    

“Cerberus Sentinel is different from other companies in this industry, our employees are not consultants, they are dedicated partners available to our clients on a recurring monthly contract. Due to the numerous challenges in hiring experienced cybersecurity and compliance professionals, assimilating our team of industry and subject matter experts into our client’s team is the ideal solution.”   

 – David Jemmett, CEO, Cerberus Sentinel  

About Cerberus Sentinel  

“Cybersecurity is a culture, not a product” this is the Cerberus Sentinel mantra. They were founded on the belief that service providers should be technology and product agnostic and that the best approach to cybersecurity and compliance is one of proactive prevention accomplished through the development of a culture of awareness. In an era when ‘add another tool to the stack’ is the prevailing recommendation, their approach is relatively new, however, it doesn’t ignore the importance of technical tools, rather Cerberus Sentinel offers solutions that go beyond the tools, working to build a deeply rooted solution at the heart of your organization; your people.  

What does it mean to be technology agnostic? While most cybersecurity firms are locked into working with a single technology, Cerberus Sentinel has differentiated themselves by remaining technology agnostic. This approach enables their teams to work with any business, no matter what systems or tools they use. For their customers, the benefit is equally valuable; they’re able to choose the best tools and technology for their business needs without affecting their relationship with the team at Cerberus Sentinel.  

 Cerberus Sentinel Solutions    

 Cerberus Sentinel solutions cover the full range of cybersecurity and compliance services enabling them to deliver the holistic approach that so many companies need today. They call this unique approach MCCP+ which stands for Managed Compliance and Cybersecurity Provider + Culture. This is the only holistic solution that provides all three of these elements under one roof from a dedicated team of subject matter experts.   

Cerberus Sentinel offers the following solutions:   

 Secured Managed Services, Compliance Services, SOC Services, Virtual CISO Services, Incident Response, Certified Forensics, Assessment Services, and Cybersecurity & Compliance Training.  

• Secured Managed Services:  Competing cybersecurity companies may be able to point out vulnerabilities or configuration issues, but Cerberus Sentinel has experts with the capability to fix them, as well as to manage the subsequent IT infrastructure which may be put in place.   
• Compliance: As an authorized FedRAMP vendor Cerberus Sentinel  an insider’s perspective to the process in a variety of industry standards, including FedRAMP, FISMA 2014, HIPAA and NIST.  
• SOC Services:  They offer SOC-as-a-service, a subscription-based service that manages and monitors client’s logs, devices, clouds, network and assets for possible cyber threats.  This service provides Cerberus clients with the knowledge and skills necessary to combat cybersecurity threats without the strain on internal teams.   
• Virtual CISO Service:  Corporations are in need of cybersecurity services but do not have the capital resources or knowledge base to hire a dedicated in-house Chief Information Security Officer (“CISO”).  They offer this service to companies on an ongoing managed service basis as a resource to augment their management team.  CISO-as-a-service includes road mapping future policy frameworks for clients and providing knowledgeable expertise to help them achieve their security needs.  

• Incident Response and Forensics:  Focusing on identification, investigation, and remediation of cyberattacks.   
• Assessment Services: Cerberus Sentinel specializes in advanced cyber security assessments that highlight the skills and experience of the Cerberus team’s top-tier talent. Cerberus customers love them because they routinely identify issues that no one else does due to the emphasis on real-world manual testing techniques, and custom exploit development to uncover new avenues of attack.   
• Cybersecurity & Compliance Training: This targets the root cause for 75% of cyber breach events by starting with a culture of security-first forward thinking. Cerberus Sentinel’s security awareness training can prevent a catastrophic cyberattack before it even occurs by equipping users with the tools and techniques required to spot a potential cyberattack in the early stages.   

Guru’s conclusion: A holistic, cultural approach to security purpose built for our age, the Cerberus Sentinel team and offerings provide their customers and partners with an approach to cybersecurity which is both holistic and tailored to the specific buying needs of organizations in security and compliance. Their consultative approach means that they are able to support and engage with customers all through the process, guiding organizations through the buying process, through implementation, to eventually becoming full-embedded and trusted partners, who can take on the day-to-day security and compliance functions of an organization indefinitely.   

Their wide-ranging offering means an ability to slim down an overly complex vendor stack, and effectively outsource whole departments to a trusted, expert provider. In the current climate of financial uncertainty and talent shortages, working with a consultative, technology agnostic vendor allows for a certainty in your security posture, which can allow internal and compliance teams the confidence to operate effectively, and can provide your C-Suite with the reassurance they need that security is being purchased strategically.   

This kind of holistic offering could not be better timed to ensure businesses are able to operate securely; and indeed, to operate at all. Cyber insurance premiums have risen by a third over the course of the last year, as ransomware and other security incidents have put a huge squeeze on the viability of existing cyber-insurance policies. Having a certified external organisation such as Cerberus who can complete a rigorous security audit, which can be presented back to insurers as proof of a robust, overarching approach to cybersecurity can work to back up any claims made to your insurers, reducing premiums in the process – Good news for both the underwriters and the companies in question. 

To learn more about Cerberus Sentinel or to schedule a meeting with their sales team, visit www.CerberusSentinel.com  

“Honorable mentions” 2022  

KnowBe4  

About KnowBe4 

  KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, is used by more than 41,000 organizations around the globe. Founded by IT and data security specialist, Stu Sjouwerman, KnowBe4 helps organizations address the human element of security by raising awareness about ransomware, CEO fraud, and other social engineering tactics through a new-school approach to awareness training on security. Kevin Mitnick, an internationally recognized cybersecurity specialist and KnowBe4’s Chief Hacking Officer, helped design the KnowBe4 training based on his well-documented social engineering tactics. Tens of thousands of organizations rely on KnowBe4 to mobilize their end users as their last line of defense. 

KnowBe4’s Mission 

KnowBe4 enables your employees to make smarter security decisions, every day through various Enterprise Security Awareness Training activities: 

Specific Offerings:  

Security Awareness Training 

KnowBe4 provides baseline testing to assess the Phish-prone percentage of your users through a simulated phishing, vishing or smishing attack. KnowBe4 boasts the world’s largest library of security awareness training content, including interactive modules, videos, games, posters and newsletters. Automated training campaigns with scheduled reminder emails. The KnowBe4 user phishing training offers best-in-class, fully automated simulated phishing, vishing and smishing attacks, thousands of templates with unlimited usage, and community phishing templates. Complete with enterprise-strength reporting, both high-level and granular stats and graphs ready for management reports. KnowBe4 even has a personal timeline for each user. 

GRC 

Manage and Automate Compliance and Audit Cycles, reduce the time you need to satisfy requirements to meet compliance goals with pre-built requirements templates for the most widely used regulations. Centralize Policy Distribution and Tracking. Save time when you manage distribution of policies and track attestation through campaigns. Identify, Respond, and Monitor Your Risk. Simplify risk initiatives with an easy-to-use wizard with risk workflow based on the well-recognized NIST 800-30. 

Compliance Plus Training: 

Compliance training typically once a year is far from enough to train your users effectively or reinforce the important legal and regulatory requirements your organization needs to address for compliance. With a constant cadence of always fresh, up-to-date and short content from KnowBe4, you can stay on top of current compliance requirements and deliver a variety of training campaigns to your users on a monthly or quarterly basis. 

One Identity  

With the proliferation of human and machine identities, the race to the cloud and the rise of remote working, protecting identity has never been more important. The key impediment to doing so is the fragmented way in which most organizations manage access rights. One Identity brings together the four core elements of identity security – Identity Governance and Administration (IGA), Identity and Access Management (IAM), Privileged Access Management (PAM), and Active Directory Management and Security (ADMS) – to help customers holistically address this challenge. We call this unified identity security 

Moving from a fragmented state to a unified approach to identity security delivers numerous operational benefits, such as correlating all identities, removing friction between formerly distinct technologies, and facilitating automation and orchestration. This model also provides a critical level of added protection. With 360-degree visibility, adaptive security controls, and the ability to apply analytics across all identities in the enterprise, organizations can verify everything before granting access to their most-critical assets. This level of response and control allows cybersecurity executives to shrink windows of exposure, move closer to achieving Zero Trust and improve their overall security posture. 

The One Identity Offering: 

One Identity’s vision is not to simply help customers solve all their identity security problems with fragmented point solutions. They believe there is significant value in integrating these technologies into a single, cloud-first platform – what One Identitycall the Unified Identity Security Platform. 

The foundation of One Identity’s platform is in an identity-correlation system that delivers a consistent view across users, machine identities and accounts to help organizations move from a fragmented to a unified state. Workflow orchestration eliminates manual and error-prone activities; connectors deliver flexibility by bringing disparate applications and security ecosystems under a single point of control. Powering all of this is identity intelligence and analytics to help cybersecurity professionals get a clear view of their risk profile and take corrective actions as needed.  

Key Offerings: 

• Identity Governance and Administration: Complete, business-driven governance for identity, data and privileged permissions 
• Identity and Access Management: Secure workforce, partners, and customers while increasing operational efficiency and accelerating digital transformation efforts 
• Privileged Access Management: Protect privileged accounts and enable identity-centric Zero Trust for just-in-time access 
• Active Directory Management and Security: Enhance management of Active Directory/Azure AD for efficiency, security and to achieve Zero Trust

Synopsys 

Moving from a fragmented state to a unified approach to identity security delivers numerous operational benefits, such as correlating all identities, removing friction between formerly distinct technologies, and facilitating automation and orchestration. This model also provides a critical level of added protection. With 360-degree visibility, adaptive security controls, and the ability to apply analytics across all identities in the enterprise, organizations can verify everything before granting access to their most-critical assets. This level of response and control allows cybersecurity executives to shrink windows of exposure, move closer to achieving Zero Trust and improve their overall security posture. 

“From Silicon to Software” is the mantra at the heart of Synopsys. The team works to provide innovations that are changing the way we work and play. Autonomous vehicles. Artificial intelligence. The cloud. 5G. These breakthroughs are ushering in the era of Smart Everything―where devices are getting smarter, everything’s connected, and everything must be secure. Powering this new era of digital innovation are advanced silicon chips and exponentially growing amounts of software content―all working together, smartly and securely. Synopsys is at the forefront of Smart Everything with the world’s most advanced technologies for chip design and verification, IP integration, and software security and quality testing. We help our customers innovate from silicon to software so they can deliver Smart Everything. The three strands of this are represented via a mission statement to: 

• Build The Best Chips, Faster: Synopsys is the world’s leading provider of solutions for designing and verifying advanced silicon chips, and for designing the next-generation processes and models required to manufacture those chips.  

• Integrate More Capabilities, Faster: Synopsys offers the world’s broadest portfolio of silicon IP―pre-designed blocks of logic, memory, interfaces, analog, security, and embedded processors―to help our customers introduce more capabilities and reduce integration risk.  
• Build Secure Software, Faster: Synopsys helps customers build security and quality into the DNA of their software code―at any stage of the software development lifecycle and across the supply chain―to minimize risks while maximizing speed of application development 

Selection of specific offerings:  

Coverity Static Application Security Testing: This compliance standard gives you the speed, ease of use, accuracy, industry standards compliance, and scalability that you need to develop high-quality, secure applications. Coverity identifies critical software quality defects and security vulnerabilities in code as it’s written, early in the development process when it’s least costly and easiest to fix.  

Precise actionable remediation advice and context-specific eLearning help your developers understand how to fix their prioritized issues quickly, without having to become security experts. Coverity seamlessly integrates automated security testing into your CI/CD pipelines and supports your existing development tools and workflows. Choose where and how to do your development: on-premises or in the cloud with the Polaris Software Integrity Platform (SaaS), a highly scalable, cloud-based application security platform. Coverity supports 22 languages and over 70 frameworks and templates.  

Seeker: Interactive Application Security Testing , gives you unparalleled visibility into your web app security posture and identifies vulnerability trends against compliance standards (e.g., OWASP Top 10, PCI DSS, GDPR, CAPEC, and CWE/SANS Top 25). Seeker enables security teams to identify and track sensitive data to ensure that it is handled securely and not stored in log files or databases with weak or no encryption. Seeker’s seamless integration into CI/CD workflows enables fast interactive application security testing at DevOps speed. Unlike other IAST solutions, which only identify security vulnerabilities, Seeker can also determine whether a security vulnerability (e.g., XSS or SQL injection) can be exploited, thus providing developers with a risk-prioritized list of verified vulnerabilities to fix in their code immediately.  

Black Duck Binary Analysis 

Black Duck Binary Analysis is a software composition analysis (SCA) solution to help you manage the ongoing risks associated with a complex, modern software supply chain. Empower procurement, operations, and development teams with visibility and insight into the composition of commercial applications, vendor-supplied binaries, and other third-party software.  

Black Duck Binary Analysis quickly generates a complete software bill of materials (BOM), which tracks third-party and open source components, and identifies known security vulnerabilities, associated licenses, and code quality risks. Because Black Duck Binary Analysis analyzes binary code, as opposed to source code, it can scan virtually any software, including desktop and mobile applications, embedded system firmware, and more.

The post The IT Security Guru Buyer’s Guide 2022 appeared first on IT Security Guru.

This all changed in 2014 when Espinosa’s itch to succeed led him to start his own cybersecurity company: Alpine Security. Now, Alpine Security has been acquired by security consulting firm Cerberus Cyber Sentinel Corporation, bringing in a new era with Espinosa offering his expertise as a new Managing Director.

However, Espinosa’s hard-earned experience is not simply limited to the boardroom. In his latest book, ‘The Smartest Person in the Room: The Root Cause and New Solution for Cybersecurity’, Espinosa shares his decades of experience in the fast-paced world of IT Security. The decades of combined experience can practically be felt dripping through the pages as the chapters outline the essential steps to overcome the biggest adversary in cybersecurity. No, not the cybercriminals, but the toxic culture that many cybersecurity professionals find themselves in. The book takes a holistic approach to self-betterment, discussing the importance of so called ‘soft skills’ in the world of cybersecurity.

Perhaps this is what makes this book so challenging and engaging is that it peels back the cultural aspects of the cybersecurity industry that have been fermenting for decades. Espinosa states that “business leaders rely on their cybersecurity staff to protect their data”, yet “in my more than thirty years of experience in cybersecurity and leadership, I found that these technical employees are the root of the problem”. In order to solve this problem, Espinosa proposes “The Secure Methodology” and its seven steps, beginning with ‘Awareness’, and culminating in ‘Kaizen’ –the Japanese philosophy of continuous self-improvement in a world where the need to be the smartest person in the room stems from deep rooted insecurity rather than confidence.

The book outlines how technical employees, who may struggle with interpersonal skills and insecurity, can deploy Espinosa’s methodology, not just to help security professionals to communicate better and reduce risk overall, but for anyone that would like to work on becoming more confident and fulfilled with the life we are given. While I will not outline each step – that is for you to discover when you read the book – I will state that they intuitively link together to form a comprehensive formula for self-betterment.

Espinosa’s choice words make for an interesting read as humorous anecdotes are woven in seamlessly with heartfelt advice and genuine concern for industry and personal wellbeing. Espinosa is certainly one to watch as his knack for storytelling and his experience in business and the world promises exciting things in the future as Christian and Cerberus Sentinel use their combined experience to better the world of cybersecurity.

You can buy the book here now for less than the price of a coffee!

The post Book Review: ‘The Smartest Person in the Room: The Root Cause and New Solution for Cybersecurity’ By Christian Espinosa appeared first on IT Security Guru.

While the White Hat Ball (affectionately known as WHB) is a familiar event in the information security industry calendar. However, this year it will take an unfamiliar form; as with most business operations this year, the festivities will move to the virtual. However, despite the virtual nature of this charitable event, what transpires on the 29th of January will have real-world implications. The WHB is an event that provides support for the most vulnerable amongst us. While the spread of a global pandemic has made lives universally difficult, it has become even more challenging for young, vulnerable people who tragically may be forced to spend lockdown without the resources they so desperately need.

Is this the most important White Hat Ball yet?

The past few months has seen reliance on the UK’s foodbanks soar, despite high-profile efforts from footballer, Marcus Rashford MBE, to achieve at least one meal per day for school children. Rashford’s concerns were compounded during the recent outrage surrounding government funded food parcels, and as a result, demand for children’s mental health advice from Childline is currently surging. Considering all of these variables, Tyley believes this to be the most important WHB to date. The purpose of WHB is to raise enough money to fund the NSPCC’s Childline for a whole day. The £30,000 required to facilitate this is an ambitious but achievable target if we come together as a community to foster unilateral change.

Tyley hopes that this White Hat Ball will truly be one to remember. Harking back to his first foray into the world of the White Hat Ball, Tyley reminisced that as a fresh-faced, junior member of the community, he perhaps failed to grasp the importance of this event. However, it was not long before it really “clicked”. The White Hat Ball is not simply a networking event for the infosec industry. Instead, it is an important date that has the ability to change people’s lives forever. Although, this requires a concerted effort on behalf of all of us.

What can we do to help?

Besides donating to the White Hat’s Unforgettable Day JustGiving page there are a whole host of ways that you can make a positive impact. You can also bid on a variety of items on the White Hat’s Unforgettable Day’s Charity Stars page with the profits going towards Childline. More importantly, utilising your skills for the greater good could go a lot further than a simple donation. Inspired by the events that transpire annually at the White Hat Ball, Martin Tyley uses his platform to spread education and awareness of issues facing children today. Speaking to children about being safe online is becoming even more important as social media solidifies its virtual grip on digital native generations. In fact, Tyley stated that applying the skills gained from decades in the industry can have an incredibly positive impact. Since 2018, Tyley has found time in his already busy schedule to educate more than 3,000 children on the importance of digital safety. However, there is undoubtedly more that must be done. Afterall, one person cannot educate every child in the UK. Cybersecurity is all about protecting that which is vulnerable from exploitation. Therefore, protecting vulnerable children from abuse, exploitation and hunger is certainly within this remit.

If you are a white hat, a grey hat or a black hat with a charitable side, let’s work together to make The White Hat Ball not just an unforgettable day, but the year we changed the world.

The post The White Hat Ball 2021 appeared first on IT Security Guru.

The set of vulnerabilities is collectively known as “Ripple20” , and yes – like all big exploits it has its own website https://www.jsof-tech.com/ripple20/  (a fascinating read) and of course a logo. Refer also to the Treck response https://treck.com/vulnerability-reply-information/.

We at Corelight Research have been following developments closely, as there a number of key ingredients that add up to a dangerous situation here.

• The vast number of vulnerable systems. As I developed this package I even found a printer that was vulnerable, and which was not on the list of known vulnerable devices.
• The wide range of vendors that are affected. There are some very big names, you can read the list of affected vendors on the Ripple20 site.
• The types of systems that are potentially vulnerable – anything from UPS, printers, lights, tractors, medical devices, cars, air conditioning systems, refrigerators… Who really knows?
• The difficulty in patching. In most cases, IoT/ICS devices simply aren’t built for “automatic install” of security patches like modern end user systems are. You also need to know whether you even have these devices on your network in the first place, which isn’t trivial in its own right.
• The depth of the vulnerability. Remote Code execution with a CVE rating of a perfect 10.0 – that’s as bad as it gets.
• The attractiveness of these vulnerabilities to threat groups can’t be understated, to have such a stealthy foothold deep within a victim’s network is like the holy grail for some threat groups.
• There WILL be more and more automated, commodity exploit kits becoming available in the near future – this is a common theme with exploit evolution. This tends to put the exploit tools in the hands of an ever increasing breadth of threat groups, lowering the bar of entry in terms of technical ability required to make use of these exploits.

I could go on and on but the tl;dr is: We need all the protection we can get.

If there is one silver lining, it’s that any discovery or exploit traffic must traverse the network, which of course means that Corelight and Zeek are right in our element.

Today we are open sourcing a Zeek package (https://github.com/corelight/ripple20) that passively detects the presence of some of the tell-tale signs that Treck devices can exhibit. The package also detects when such devices are being scanned by currently available discovery scanners, and when signs of exploitation are observed on the wire.

We hope the open sourcing of this Zeek package helps organizations defend against this threat.

Credit to JSOF who discovered these vulnerabilities and to all of the CERTs and vendors who are currently coordinating discovery and patching efforts.

Source: https://corelight.blog/2020/06/30/ripple20-zeek-package-open-sourced/

The post Guest Blog: Ripple20 Zeek Package Open Sourced appeared first on IT Security Guru.

Cybercrime and mental health issues are both rampant. This article will look at how mental health issues can leave organisations more at risk to cybercrime, and how combatting cybercrime can affect mental health. 

Professional burnout is defined as a work-related condition of stress causing exhaustion, a sense of reduced accomplishment and loss of personal identity. Extensive literature exists about this phenomenon in relations to healthcare professionals, who need to make important decisions day to day, work under great pressure and with significant resource constraints. Recently, however, professional burnout has come to be associated with the cybersecurity industry. 

New technologies equate to new challenges from a security perspective, which fall on the shoulders of cybersecurity teams. It doesn’t help that digital transformation has significantly widened the attack surface that security practitioners need to protect, that new compliance rules are coming into effect globally, and that threats continue to evolve to evade detection. To add to the problem, these teams are chronically understaffed, overworked and operate with constrained budgets they need to fight very hard to obtain.  

Therefore, perhaps unsurprisingly, security professionals have started reporting high stress levels and symptoms compatible with burnout.

The Price of Stress  

A survey conducted by Exabeam found that sixty-two percent of cybersecurity professionals cite that they are stressed or very stressed at their jobs, and 44% don’t feel like they are achieving a work/life balance.

Certainly, the links between stress and physical health, as well as stress and performance, have been widely documented. One study that looked specifically at the effects of repetition, fatigue and work environment on human error in manufacturing industries found that as much as 48.8% of variance in human error can be explained by these four factors.

While no specific statistics exist to describe which proportion of human errors in cybersecurity teams is due to burnout symptoms, we can expect at least some of the 90% of security breaches due to human error to be associated with the high level of stress that experienced by IT security professionals.

This translates to high employee turnover: CISOs only have an average tenure of 26 months, and a report from the Ponemon institute found that the problem extends far beyond the C-suite. In fact, 65% of IT and security professionals consider quitting their job due to burnout, a worrying statistic that could place further burden on an already resource constrained industry. 

The Solutions 

Offer specific mental health resources

Employees should feel comfortable talking about their mental wellbeing. The culture of your organization should allow professionals to be vocal about their level of stress, and there should be a commitment to offer counselling and psychological resources to help them cope with the demands of their mission-critical day job. 

Identifying the problem is the first step to build a meaningful conversation around mental health in IT security functions. Managers should educate themselves on how to best offer their teams support, building a frank and honest like of communication to encourage individuals to discuss their concerns and symptoms, and refer them to the appropriate resources. 

In an insightful talk at Black Hat 2018, Rhett Greenhagen, Senior Security Researcher for McAfee’s Advanced Programs Group, who was diagnosed with Asperger syndrome at the age of 12, stressed the importance of tailoring the workplace to the needs of all employees. From encouraging employees to seek professional attention to help them understand their symptoms to remaining attuned to everyone’s requirement – being that having a quiet area where to take a break, or taking some time off their day to walk and unwind – there are several small changes that can make a dramatic difference in security practitioners’ everyday wellbeing. 

Boost the recruitment drive 

It’s easier said than done, but recruiting more security personnel is the first step to ensure that professionals aren’t overworked and have the chance to set up jobs on a rotation basis (when appropriate). 

Appointing more security leaders can also help relieve the pressure and share the burden of responsibility, so that everyone knows what they need to do to tackle specific problems and won’t have to deal with the confusion of picking up the pieces when one individual leaves.

Consider a backup team 

Recruiting and retaining talent is difficult, and perhaps bringing in an external team could be more cost effective for your business. Nowadays, there are managed service providers to suit the specific needs of virtually any organisation, with packages that suit businesses of all sizes. 

You can choose to outsource all or just some of your security operations, allowing your internal team to focus on what you consider to be higher security tasks, while a dedicated team takes care of anything that you may struggle to manage internally. 

Automate mundane tasks

According to a recent survey DomainTools conducted with the Ponemon Institute, one of the main reasons why automation is introduced by enterprises is to reduce security practitioners’ workload and the time they need to spend on mundane and repetitive tasks. 

While it needs to be carefully planned to make sure it will integrate with other security solutions, and that training will be provided to ensure that the workforce has the necessary skills to operate it, an automation tool can greatly improve the efficiency of the IT Security Function, allowing humans to focus where they are most needed. 

Provide training and recognition

Keeping up with the evolving threat landscape is demanding and time consuming and can leave employees feeling overwhelmed by the challenge of juggling the tasks of their day-to-day role and the need to continuously upskill. For this reason, offering employees training courses, seminars and educational activities will boost morale and release some of the pressure that weighs on IT security professionals. Provide your team with up-to-date, on-hand playbooks and material on recent training experiences that they can refer to in case of an incident.

It’s important for staff to feel valued and investing in their professional development and training is one of the ways to show them that you recognize the efforts they put in keeping your organization safe. 

Create space for employees to take a break

Without having to go to the lengths of Google, where $5,000 sleep-pods were installed for employees to take naps during their breaks, organizations can reorganize their space to make sure there are areas allocated for security teams to relax and wave the stress away. 

Implementing policies such as required breaks and off-time is ultimately beneficial to efficiency, as workers will get back to work refreshed and will perform better, as well as feel their health and wellbeing is valued by their employer. 

Ultimately, cybersecurity may be in some ways an inherently high-stress profession, but by turning our attention to the problem there is no reason why the situation shouldn’t be alleviated. Prevention is always better than the cure, and communication and education remain the key to create a supportive, positive culture, where employees feel they can speak up and where managers are able to recognise the signs of burnout and have the knowledge and the resources to address them.

The post Cyber-burnout: The hidden cost of a security career appeared first on IT Security Guru.

But while many are anxiously waiting for a relaxation of safety guidelines in order to be able to see their families and friends again, there is one thing most people in the UK are not looking forward to: going back to the office. Rather than being concerned with when they’ll be back at their desks, as many as 91% of Britons hope they’ll be able to continue to work from home when the restrictions will be eased.

In fact, a new nation-wide survey conducted by Eskenzi PR and OnePoll, found that a third of respondents would prefer to continue working from home either every day or four days per week (31%). Just under a third of respondents are at the other end of the spectrum and would like to work from home one day a week, or less than weekly (25%).  However, for over a third of people (35%), the dream scenario would be to opt for a half-way house and work from home for half the week. Either way, only 9% would want to work in the office full-time, suggesting that 91% of the general working population would like to have the option of working from home.

There are numerous reasons for this change in attitude, including the time wasted through commuting. Indeed, over half of respondents (54.19%) agreed that this was their main reason for favouring a greater remote working culture. Nevertheless, it appeared that the older the population, the more pertinent this was. For those aged over 55, this was a concern cited over 20% more than those aged 18-24. The second most referenced response was the more relaxed working environment at home (44.92%).

Remarkably, the opportunity to dress down for work attained 38.41% of the poll; ranking higher than the ability to work more productively (35.98%), or the feeling of being less stressed (34%) at home. In fact, it also ranks higher than spending quality time with family (28.48%).

“This survey shows that for the first time ever, people have had a taste of working from home and they love it because they’re more relaxed, they don’t need to travel and can spend time with their family and pets. Interestingly, a third of respondents think the ideal working week would be better spent half at home and half in the office.  We can only hope that this great remote working experiment has shown employers that their staff can be trusted to work just as productively from home; particularly as it also appears to have a positive impact on their well-being as well as the environment. This can also be good for companies’ productivity and profitably, as they’ll need less office space with fewer people there 100% of the time, “ said Yvonne Eskenzi, founder and owner of Eskenzi PR.

The post The UK Workforce Prefers Working Remotely appeared first on IT Security Guru.

Now, here’s the funny thing. Somehow even in a world that has been graced by the peanut butter cup, many people still believe that decisions have to be binary. Such people believe that, because they are naturally drawn to one of the ways of addressing a problem, then other ways of addressing the problem must be invalid.

IT vendors and security pundits also fall into the trap. There are those that claim technology, not training, Protects Users from phishing while muddying the water to up-sell their products as a way to protect against phishing. They may even use the term phishing very broadly to make sweeping statements about where technology can assist in mitigating the phishing threat. But it turns out that they are really only discussing “credential harvesting” phishing attacks… and that the true answer is to use multifactor authentication (MFA) instead of training.

Here’s lies a big problem. If organisations ditch all phishing training and adopt MFA, what can organisations do about protect against phishing attacks that aren’t after a user’s credentials? MFA doesn’t help with that.

What about phishing attacks that are all about tricking users into clicking links or downloading attachments with the intent of infecting their computer with malware? What about phishing emails with no links or attachments whatsoever (BEC, anyone???) And what about situations where users are working in situations where MFA isn’t an option, like some of their home systems? Or when users forget their MFA key, so the app then allows for knowledge-based authentication (KBA)?

Here’s the thing: MFA is a great help. It can drastically reduce the effectiveness of credential harvesting attacks. But it is not – and will likely never be – a full ‘fix’ for phishing and social engineering. In fact, Roger Grimes, who is well-known for his work on uncovering the many, many ways that MFA can be hacked or bypassed. BTW – Roger is currently up to 38 ways to hack and bypass MFA, and at least 5 to 7 apply to any MFA solution. On top of that, even Google’s own stats admit that MFA doesn’t work nearly as well against targeted attacks as they do on bulk, generic attacks…and that’s before attackers have even begun to concentrate on hacking MFA as they surely will as it becomes more popular.

What we’ve seen throughout history is that criminals are persistent. When they are stymied by technology-based defences, they will find a way to go around the technology and exploit a human vulnerability. The way that they do that typically involves social engineering (phishing).

And so, having MFA is something recommended… but it doesn’t mitigate the impact of phishing. Because as an attacker, the attack can be adjusted with different types of phish.

Luckily, not every technology vendor falls into the techno-centric trap. Here’s a great example from a recent Microsoft blog post. In the blog, Girish Chander Group Program Manager, Office 365 Security, outlines the Top 6 email security best practices to protect against phishing attacks and business email compromise. One of his points is all about the importance of training your users.

Here’s what he says:

Your users are the target. You need a continuous model for improving user awareness and readiness. An informed and aware workforce can dramatically reduce the number of occurrences of compromise from email-based attacks. Any protection strategy is incomplete without a focus on improving the level of awareness of end users. A core component of this strategy is raising user awareness through Phish simulations, training them on things to look out for in suspicious emails to ensure they don’t fall prey to actual attacks. A quote from the introduction to Bruce Schneier’s book Secrets & Lies

comes to mind: “If you think technology can solve your security problems, then you don’t understand the problems and you don’t understand the technology.”

The answer for phishing isn’t technology or training in the same way that the answer for snacking doesn’t have to be chocolate or peanut butter. A layered approach to security is the key to making your organisation a hard target. And your human layer is critical to the success of that strategy.

The post What Chocolate Peanut Butter Cups Can Teach Us About Phishing appeared first on IT Security Guru.