endpoint Archives - IT Security Guru

Security professionals unaware of NCSC Cyber Essentials framework – Lookout

The Gurus — Mon, 31 Jul 2023 11:37:26 +0000

New research by Lookout has revealed that there is a lack of awareness towards the NCSC Cyber Essentials framework. The endpoint-to-cloud security provider found only 28% of organisations had fully implemented Cyber Essentials, with over a third (40%) of security professionals claiming they were unfamiliar with the scheme. Of those that had not implemented the scheme, over half (58%) said a lack of awareness or understanding as the reason why their organisation had not done so.

Having evaluated the opinions of 246 security professionals towards the NCSC Cyber Essentials framework at Infosecurity Europe 2023 (20 – 22 June), it is clear more works needs to be done to raise awareness for the UK government backed programme that aims to help UK organisations improve their cyber resiliency against the most common cyberattacks. There are two levels of certification provided by Cyber Essentials, a basic level and ‘plus’, which organisations can achieve when showing commitment to cyber security. Achieving the basic Cyber Essential certificate indicates the organisation knows how to prevent the vast majority of common cyberattacks. With Cyber Essentials Plus, there is an added hands-on technical verification and vulnerability scanning that is conducted on the systems used by the organisation.

Of those that answered they were Cyber Essential certified, 58% stated they had the standard level while 42% had completed Cyber Essential Plus. The top three benefits experienced from being certified were: an improvement in cybersecurity measures (60%), an increase in customer trust and confidence (54%), and compliance with regulatory requirements (48%).

“The findings from the study are concerning and showcase the work needed to be done to not only build awareness around the NCSC Cyber Essentials framework, but also to get more organisations accredited,” said Bastien Bobe, Field CTO EMEA at Lookout.

“In the modern, remote-working world, with mobile and cloud-based threats on the rise, it is imperative to deploy cloud-native defences that can deliver zero-trust security to safeguard corporate data from any location, device, application or network. The objective for many businesses is to reduce their overall risk. However, to achieve this, they must have a proactive security strategy that enhances their own cybersecurity practices as well as ensures compliance with industry standards and accreditations – specifically frameworks like UK Cyber Essentials.”

To see the results in full, click here.

The post Security professionals unaware of NCSC Cyber Essentials framework – Lookout appeared first on IT Security Guru.

Lookout expands partnership with Google Cloud to deliver endpoint to cloud security

The Gurus — Tue, 22 Jun 2021 14:55:56 +0000

Mobile security specialists, Lookout Inc. has announced it now has an expanded partnership with Google Cloud to provide endpoint-to-cloud security to organisations around the world. The new partnership will see Lookout deliver BeyondCorp Alliance product integrations and debuted its Lookout Mobile Endpoint Security solution on Google Cloud Marketplace. Lookout will reportedly bring additional choice of security capabilities for customers on Google Workspace, helping them mitigate the risk of endpoints compromising corporate data.

In early 2019, Lookout joined the BeyondCorp Alliance, a group of Google Cloud partners that share its Zero Trust vision. Lookout delivers essential requirements of the BeyondCorp security model, including device inventory, state and security posture. These are essential to making context-aware Zero Trust access decisions.

The customer benefits include The Lookout BeyondCorp Alliance Integration with Google Workspace and Google Cloud BeyondCorp Enterprise Solution to Deliver Zero Trust Security From Endpoint to Cloud.

For an organization to fully protect its data, it must assume that no endpoint is trustworthy until its security posture is verified. Failing to verify and continuously assess an endpoint’s security posture can lead to corporate data leaks and breaches.

“Our strategic partnership with Google Cloud will deliver industry-leading endpoint-to-cloud security,” said David Richardson, Vice President of Product, Lookout. “Enabling productivity from any endpoint in any location is critical in today’s remote-work environment. We are proud to deliver on the BeyondCorp mission to accelerate and simplify the adoption of a Zero Trust model that enables organizations to stay secure, agile and productive.”

“We’re committed to providing customers with the technology, support, and partner solutions they need to ensure they have choice when it comes to security,” said Manvinder Singh, Director of Technology Partnerships at Google Cloud. “We’re delighted that Lookout will expand its integrations with Google Cloud and make its Mobile Endpoint Security solution available on Google Cloud Marketplace, bringing customers additional choice and security capabilities as they expand their cloud footprints.”

The Lookout and Google relationship began in 2008 when Lookout Mobile Endpoint Security became available on the Google Play store. In 2019, Lookout became a member of the Google App Defense Alliance to protect users from potentially harmful applications by stopping them before they ever make it onto the Google Play Store.

The post Lookout expands partnership with Google Cloud to deliver endpoint to cloud security appeared first on IT Security Guru.

Don’t be a fool about endpoint protection

The Gurus — Wed, 05 Apr 2017 10:10:08 +0000

In the U.S., 35 percent of working-age adults do not know what phishing is. Considering the average office worker can see up to one risky email a day, that’s quite alarming. Clearly, this awareness gap is putting both business data and systems at risk. Factoring end users into the endpoint protection equation just makes sense.
Discussions about phishing prevention are on the rise, which is good. Unfortunately, that’s partially at the expense of organizations and end users. When companies like Google and Amazon make the news because attackers are corrupting their brands in order to propagate phishing scams, there are certainly more conversations — but at the tradeoff of more compromised networks, accounts, and devices.
But even though more and more companies and individuals are falling victim to phishing emails, and publications and news outlets are shining a light on this threat vector, that doesn’t mean end users have a solid awareness of this threat or that they’re actively trying to avoid these types of attacks. Those who do have some sense of the risk phishing messages pose are complicating the matter in another way: overconfidence.
A recent study published by the University of Texas at San Antonio found that a growing reason many end users fall for phishing scams is due to overconfidence; they simply believe they are smarter than the actors responsible for an attack. This is leading to a carelessness that is compromising endpoints with alarming regularity.
Compounding the problem is the fact that phishing messages are becoming more sophisticated. While overconfident users are looking for Nigerian prince emails, attackers are developing more targeted and more detailed messages that are exceedingly sophisticated and difficult for even infosec professionals to spot. And with ransomware on the rise and continuous advances in malware, these attacks can come with some crippling payloads.
The reality is that end users — and their decision-making skills — are attached to a vast number of your endpoints. If you are not continually educating employees about how to spot the evolving techniques and nuances cybercriminals are using to attempt to penetrate your defenses, you are allowing unnecessary risk to percolate within your security chain.
The first step in an effective security awareness training program is assessing employees’ depth and breadth of knowledge, and attempting to identify your organization’s most pressing susceptibilities. Though we’ve talked almost exclusively about phishing within this piece, the reality is that end-user risk management is bigger than email-based attacks. Many of the worst breaches we’ve seen of late weren’t caused by a single mistake, but rather a series of them. Typically, multiple employees could have taken action to stop an attack if they knew what to look for. A comprehensive training program helps to fill in the knowledge gaps, which can mean the difference between a single compromised endpoint, and a major data breach. As such, it’s important to assess your users and figure out where your organization’s gaps and weak links really are.
Some of today’s best security awareness programs incorporate phishing simulations, which allow companies to evaluate end users’ susceptibilities without exposing their networks to an actual attack. To ensure longevity, choose a tool that supports customizable email templates, multiple types of attachments, data entry fields, and the ability to test users’ recognition of embedded links and spoofed senders. Content updates are also critical, as cybercriminals are always coming up with new attack scenarios. Tools that regularly provide new and refreshed templates and materials help to ensure your program remains relevant and effective.
When using assessment tools like simulated attacks, it’s important to have a plan and measurable goals; this will allow you to take your program to another level. A good place to start is measuring failure rates (i.e., interactions with simulated phishing emails). Tools that allow you to dig in and analyze failure rates by user attributes — like department, office location, and manager — give you visibility into important susceptibility metrics and variations between groups, job functions, and geographies. It’s also valuable to be able to identify users who have had multiple failures — so-called “repeat offenders” — as this allows you to work with managers and your HR department to adjust access permissions and develop other escalation paths that will help employees become more careful (and keep your endpoints more secure).
A step that organizations sometimes overlook is delivery of ongoing cybersecurity training. Simulations are great for assessing end users’ ability to detect attacks, but they have a limited ability to educate employees about the breadth of techniques attackers use. The most successful program administrators educate end users about the types of threats they will encounter and give them the knowledge and well-placed confidence — not overconfidence — they need to make good decisions. The most sophisticated programs educate their users multiple times per year, opting for short and easily digestible lessons that don’t just teach new concepts but also help to reinforce previous lessons to prevent knowledge loss. Look for an education tool that offers brief, focused modules that will allow you to regularly provide training without overwhelming end users. If you can automatically assign training to employees who fall for a simulated attack, that’s a great advantage. This allows users to more clearly connect the dots between the phishing simulation and the follow-up education. If you send a simulated attack in January and then don’t provide training until August, you’ve lost any possibility for a logical connection between the two events.
Phishing can have serious impacts on endpoint security, which in turn can affect your organization’s intellectual property, reputation, customer confidence, and other important business indicators. If you are involved with developing an endpoint protection strategy, don’t be foolish and overlook how your end users’ awareness and knowledge (or lack thereof) play into your metrics for success.
By Kurt Wescoe, Chief Architect at Wombat Security Technologies

The post Don’t be a fool about endpoint protection appeared first on IT Security Guru.

£10k on offer for hackers who can beat Bromium

The Gurus — Wed, 01 Jun 2016 13:10:31 +0000

This year’s InfoSecurity Europe, taking place in London between the 7th and 9th of June, has just gotten a bit more exciting as Bromium, a leading endpoint security provider, has put a £10k prize up for anyone who can successfully compromise a system protected with their renowned security technology.
Attendees are invited to bring the most destructive, devastating malware into the conference and use it to target a Bromium-protected endpoint. If someone is clever enough to beat the system, they’ll walk away with a £10k cheque and be given validation through an official Bromium press announcement.
The reason Bromium is doing this seems to be in part to improve the accountability of security vendors in the modern ecosystem, with them suggesting participants take their malware to other vendors at the show and allowing them to test it on their own offerings. In short, it seems like Bromium is one of very few vendors who are allowing people to come in and actively test the promises they make about their security software – a ‘try before you buy’ if you will. Bromium claims that protected users can ‘click on anything without risk of a breach’, so this should be a good one to watch.
“Today, more than 99% of malware morphs into new, undetectable variants in under a minute, making them more difficult to detect and remediate,” said Simon Crosby, Bromium CTO. “Yet the cybersecurity industry continues to peddle false promises and failed technologies that don’t protect customers from today’s attacks. Our goal with the Bromium Bring-Your-Own-Malware Challenge is twofold. First, allow IT security professions to test our endpoint protection platform assess its revolutionary security capabilities firsthand, and second, shine a bright light on the false claims of other endpoint vendors, whose ‘detect to protect’ promises are repeatedly proven bogus. Only a fundamentally different approach – such as micro-virtualization protection – can change the odds and truly secure enterprises in this battle.”
To participate, stop by the Bromium stand at InfoSec Europe (B220) with malware of your choosing or participate remotely by uploading the malware to their servers. The PCs in the booth are unpatched Windows machines and vulnerable to Flash, Java and other exploits. Reckon you’re up to the challenge?

The post £10k on offer for hackers who can beat Bromium appeared first on IT Security Guru.

Most companies are over-exposed to cyberattacks – Varonis shows us why

The Gurus — Tue, 22 Mar 2016 13:00:25 +0000

Varonis, provider of software solutions that protect data from insider threats and cyberattacks, has just announced their findings after analysing a year’s worth of anonymoused data collected during risk assessments on behalf of certain customers and it looks as if a lot of organisations are over-exposed.
On average, companies held 9.9 million files on their systems that were accessible to every employee.
To put that in context, Varonis found the average company held 35.3 million files – meaning more than 1 in 6 of a company’s files are exposed to all employees.
Mass access by making files easily accessible means that staff can find and use resources quickly and easily. However, this is also true for hackers; once in, they can do their work quickly and easily. Not the best from a security angle.
There are some extremes – for example Varonis saw one instance where every employee could access 82% of the 6.1 million folders on their network. Another company had more than 2 million files containing sensitive data (credit card, social security or account numbers) that everyone in the company could access. If a hacker were to penetrate these organisations, say through spoofing or stolen credentials, it’s clear they’d have little difficult in finding some files they could make a quick buck off the back of. In one case, 50% of a company’s folders had “everyone” group permission and more than 14,000 files in those folders were found to contain sensitive data.
So why don’t these companies take security seriously? Often cited are the problems brought about by permissions stopping workers having immediate access to anything and everything. Others say it’s the cost of implementation. However with new regulations coming in, research like this shows many are a country mile from compliance and will need to take action.

The post Most companies are over-exposed to cyberattacks – Varonis shows us why appeared first on IT Security Guru.

IT Guys vs the World – The Trust is Broken on BYOD

The Gurus — Fri, 18 Mar 2016 11:46:05 +0000

A study by endpoint security pros Code42 has shown that IT decision makers (ITDMs) are close to losing the trust of workers in the rest of their organisations.
67% of the 1500 knowledge workers surveyed do not believe their company has a clearly defined BYOD policy – yet 65% of the c. 400 ITDMs asked the same question think to the contrary. So what’s going on?
well considering 42% of all corporate data is currently eld on endpoint devices, outside the traditional security parameters and 1 in 4 knowledge workers don’t trust their IT teams/employers with their personal data, the situation is ripe to be capitalised on by cyber criminals.
We caught up wth Rick Orloff, Code42’s Chief Security Officer, to gain further insight, and here’s what he told ITSG:
GURU: Why would ITDMs and knowledge workers have this difference in understanding over BYOD policy and what can be done to bridge the gap?
Rick Orloff: It often comes down to lack of communication. Unfortunately, many IT departments operate in a silo, giving the impression to the rest of the organisation that they simply ‘keep the lights on’ as technology service providers. The policies and safeguards they implement have exponential business value, yet IT struggles to communicate that value to the rest of the organisation. IT teams must lean on lines of business managers to help build awareness and enforce policies in the interest of enterprise data protection and security. Doing so will position themselves as a technology business partner enabling remote computing capabilities. They will be seen as a collaborative partner instead of a barrier.
GURU: How can we build up trust in our IT teams?
Rick Orloff: More communication between IT and business departments is the key. With a deeper understanding of why IT does what it does to protect enterprise data, lines of business managers and end users will adopt data safeguards. There should be a cross-functional InfoSec steering committee with senior stakeholders that align on strategies and risk mitigation issues. This will also help prevent unauthorised ‘shadow IT’ practices as well as provide support from the executives.
GURU: Should we trust anyone with our personal data? If it’s a necessity, how can we minimise the amount of data needed to be retained for the effective operation of the company?
Rick Orloff: All entities are on a “need-to-know basis.” Personal data should only be shared “if” required. That said, enterprises have a duty of care to monitor how and where data is accessed. In modern organisations, it’s essential to provision end-users with the appropriate technology that will protect data outside of the perimeter. The best endpoint protection solutions centralise data on a single platform, which gives security teams full visibility and control, as well as the ability to detect, respond and remediate breaches or other data security incidents. These solutions offer controls for the amount and types of end-user data to back up—some organisations want and need to retain more data than others.
GURU: Where should we keep our data, if not on endpoint devices?
Rick Orloff: Today it’s no longer realistic to say that data won’t also be available on the endpoint. It’s how employees work and there’s no reasonable way around that. To stay productive, end users want and need access to their data—both corporate and personal—while they’re mobile and/or working remotely. If IT doesn’t provide the right tools, they will simply find a way around IT’s data security measures. Data can and should be stored at the endpoint, but it must be secured and backed up (to the cloud or on-premises) so the company has control and visibility of its data—no matter where or how its employees are working.
GURU: How can we elevate the role of CISOs etc to make them more respected as a key component in keeping a business running?
Rick Orloff: Due to the many high-profile breaches and widespread fear of ransomware, the CISO role has grown in importance and taken its place on the executive team and in the boardroom. Recently, boards realise the importance of data security in the enterprise, and are looking to the CSO and CISO to keep operations running smoothly and safely. It’s also imperative that the CISO work closely with the rest of the C-suite, such as the CMO and CFO, on strategies to mitigate risk across the enterprise.

The post IT Guys vs the World – The Trust is Broken on BYOD appeared first on IT Security Guru.

Almost half of Endpoint Systems Compromised in the last 12 months, finds SANS Insititute

The Gurus — Thu, 17 Mar 2016 15:49:52 +0000

Cyber attackers are still riding the wave of success by attacking those surfing the web through their endpoint systems.
All the valuable data – logins, access credentials and more – are still being regularly accessed by hackers, SANS has found in their 3rd endpoint security survey.
After quizzing 829 IT professionals, they’ve concluded that there’s a clear need for a more proactive approach to detecting threats and compromises. 44% of respondents said their endpoint systems had been compromised ovethe last 2 years, with a brave 15% admitting they didn’t know how many threats were detected through actively hunting for them.
Over 1 in 4 respondents said it was a third party that notified them of the breach, rather than it being detected initially by the company under attack. So does someone, or something, need to get its act together? Or are the hackers one step ahead of the security community?
Well we know that hackers are always looking for new methods and we know that they have several methods at their disposal – with new phishing methods, new exploit kits and like cropping up left right and centre. What’s more, methods that have been used consistently for decades (quite literally a lifetime in computing terms), such as DDoS attacks, have been found to evolve and change in nature to evade security measures, as found by companies such as Corero in their analyses.
Many experts have in the past cited a lack of network visibility as the core factor undermining their security posture. However it depends who you ask and what experiences they’ve had in the past – ask the CISO of a company that was badly phished and they’ll say their end users are the weak point, as hackers target their lack of awareness in order to get in. Ask someone who’s had an APT lurking on their system for 12 months that then blew up and they’ll say it’s a visibility problem.
What SANS has found is that 41% of respondents said they were unable to acquire information about unauthorised sesnsitive data that they need to detect threats. Furthermore 74% of those surveyed said that they want results from endpoint quesries in an hour or less – 38% want that data in 5 minutes or less!
As is so often with apprehending crime and fraud, it appears that SPEED is of the essence, with the ability to act quickly beng essential to prevent further damage and expense.

The post Almost half of Endpoint Systems Compromised in the last 12 months, finds SANS Insititute appeared first on IT Security Guru.

Williams Takes Pole Position in the Race for Formula One Information Protection

The Gurus — Mon, 14 Mar 2016 12:16:22 +0000

Symantec Corp. (NASDAQ: SYMC), the global leader in cybersecurity, today announced it is helping Williams combat the latest threats and accelerate its security posture ahead of the 2016 Formula 1 season.
The Williams group, which includes the WILLIAMS MARTINI RACING Formula One team and Williams Advanced Engineering, is replacing its existing security technology to keep pace with the rapidly evolving threats today’s IT environments face. With critically important IP to protect across the business, maintaining a future-proof approach to security is essential for maintaining Williams’s F1 and engineering competitive edge.
“We are taking the right steps to get to the front of the grid in Formula One, while maintaining our leadership in advanced engineering,” said Graeme Hackland, IT Director, Williams. “We chose Symantec because, as the global industry leader, it is best placed to give us the protection and assurance we need against the latest cyber threats, and help safeguard our business-critical information.”
Total Cybersecurity – Against the Clock & Around the World
With the first race of the Formula One season – the Australian Grand Prix in Melbourne on 20th March – fast approaching, Williams looked to Symantec to ensure data and devices leaving their Oxfordshire headquarters would be completely protected. In order to maintain a secure and stable connection between the UK base and the Williams F1 team as it travels the world, Williams began to implement a new security solution combining Symantec Endpoint Protection, Symantec Web Security.cloud, Symantec Encryption and Symantec Datacenter Security.
Symantec Endpoint Protection safeguards Williams’s 1,200 computers, both within their headquarters and remotely at races around the globe. The solution provides proactive protection to catch the latest threats, such as the growing Cryptolocker ransomware, and secured Williams against many pieces of malware on day one alone. It includes cutting-edge technology such as behavioural blocking and intrusion prevention. Symantec Web Security.cloud also helps protect Williams’ network from web-borne malware and spyware threats by scanning all web requests in real time. This all means the Williams IT team can now remotely manage, control and enforce policies across all devices via the cloud, to best protect confidential data, regardless of location.
To guarantee Williams’ highly confidential information remains secure, Symantec Encryption is used across the business to protect data and support strong authentication. This is critical for protecting details of Williams Advanced Engineering’s top secret innovations – from Formula E battery development and solar energy storage to the Jaguar C-X75 hybrid supercar design. And it is equally important on race day, for protecting the remote laptops sending live, detailed race telemetry data back to Williams’s headquarters.
Bulletproof Data Centres – 100 Percent Availability & Guarding Against Downtime
Comprehensive protection starts at the data centre, the number one target for cyberattacks because it is where companies’ most important data assets are stored. Williams needed to enhance the protection of its critical applications, and both physical and virtual servers to ensure its teams have 100% data availability and are safeguarded against downtime. Symantec Datacenter Security: Server Advanced will be implemented to help accelerate security within Williams’ server estate. This Symantec solution isolates critical processes and restricts access to those that need it, whilst automating configuration and simplifying remediation.
“This is just the beginning of our partnership with Williams,” said Darren Thomson, chief technology officer and vice president, EMEA, Symantec. “We are proud to be providing Williams with additional consultancy to aid implementation, staff training, project management and strategy. This strengthens their business as well as our understanding of it, and we look forward to supporting them on and off the track in the years ahead.”

The post Williams Takes Pole Position in the Race for Formula One Information Protection appeared first on IT Security Guru.

Security Professionals Sick of Stupid Users, Bromium Finds

The Gurus — Tue, 08 Mar 2016 10:36:05 +0000

Bromium, the micro-virtualisation specialists from California, have just released the results of a survey conducted at RSA 2016 with some surprising results. Users take note!
Asking 100 security professionals whether users were causing them the most headaches in their work, 70% of respondents replied “yes” – a pretty conclusive answer. What’s more Bromium have completed similar surveys in previous year which have delivered the same answer, showing that something really must be done in this area.
The threat of data breaches being caused by employee error or lack of awareness has evidently not abated, despite the security sector experiencing fantastic growth in recent years and a renewed emphasis on security in the business world.
Bromium’s suvey also found that security pros still see endpoint risk as the biggest security risk – 49% of respondents said this, following on from another Bromium survey that found endpoint security risks were perceived as 5 times greater than network or cloud risk.
So why is this the case? Well endpoints are often cited as vulnerable for a few reasons – because they’re often not up to date patch-wise, so many devices connect to corporate networks with the dawn of BYOD and companies can’t control what their employees are doing on their smartphones. This list is hardly exhaustive, as there are so many reasons endpoints can become compromised.
When it comes to patching, the survey also revealed what some in the security industry would consider a gaping hole in defences – that more than a quarter of respondents took more than a month to patch zero-days. Bromium found the same at Black Hat – however there’s hope on the horizon as 50% of respondents said patches for zero-days were implemented in the first week.
To see what else Bromium found at RSA, the full results are available here: http://blogs.bromium.com/2016/03/04/rsa-conference-2016-state-of-security-survey/

The post Security Professionals Sick of Stupid Users, Bromium Finds appeared first on IT Security Guru.

Understanding 'Man in the Cloud' Attacks

The Gurus — Mon, 11 Jan 2016 11:59:19 +0000

Already widely adopted by enterprises, use of cloud file sharing services such as Office 365, OneDrive, Dropbox, Box and Google Drive is on the rise. As adoption increases, so does the motivation for attack. The Imperva Application Defense Center (ADC) recently announced new research on a new type of attack we call “Man in the Cloud” (MITC). These attacks rely on common file synchronization services as their infrastructure for command and control, data exfiltration and remote access. Without using any exploits, a bad actor can turn them into a devastating attack tool undetected by traditional security measures.
Join Imperva CTO Amichai Shulman and Frank Cabri, Vice President of Marketing for Imperva Skyfence, to learn about:
* Cloud file sharing application trends, adoption and risk
* The anatomy of a MITC attack and how to identify it
* How traditional endpoint and perimeter security measures are insufficient to protect against these threats
* Recommendations for securing and protecting cloud apps and data
https://www.brighttalk.com/webcast/11399/179535
This webinar was originally hosted as part of Security Serious Week 2015 – find out more about the campaign at www.securityserious.com or via twitter @SecSerious

The post Understanding 'Man in the Cloud' Attacks appeared first on IT Security Guru.