IT Archives - IT Security Guru

Can you prevent the mega breach?

The Gurus — Tue, 07 Nov 2017 11:27:15 +0000

The threat landscape today is more complex and more dangerous than it has ever been. Where once hackers tended to operate individually, now organisations face much more sophisticated threats from organised eCriminal groups, hacktivists, and nation-state adversaries. The immense resources and know-how that these cybercriminals can deploy means that organisations need to update their approach to security. If they do not, then they will find themselves the victims of the next big breach, and could suffer the devastating reputational and financial consequences that follow a successful attack.
Traditional approaches to IT security are no longer enough in the face of these new, advanced threats. What’s more, many organisations are failing to understand the missing link in the continuous ‘people, process and technology’ conversation, which could make all the difference in the constant fight against hackers. By harnessing the power of the cloud, a variety of next-generation technologies, and threat intelligence, businesses can steer clear of the dreaded mega breach.

The power of the cloud
As organizations grow and become more distributed, adding more endpoints across the enterprise, sophisticated adversaries will continue to aggressively target their data and IT infrastructure. The cloud offers new means of providing pervasive protection throughout the enterprise – with lower cost and reduced management overhead while adding significantly increased performance, agility and scalability. In fact, cloud-based endpoint protection provides organisations with the ability to monitor and learn from attackers as it tests attack strategies, apply crowdsourced threat protection and provides seamless upgrades. The cloud enables for better protection and offers a level of scalability and speediness that on-premise solutions do not.

Looking to next-generation solutions
In today’s modern IT landscape, organisations need to look to more next-gen solutions to combat effectively against modern threats.
Replacing traditional, legacy antivirus (AV) technology with a more sophisticated approach that completely monitors your network is a key component of this. Traditional antivirus (AV) technologies rely on a signature-based approach and as such, can only identify known threats. All it takes for an attacker to circumvent these systems is to make a small tweak between signature updates for the malware to become “invisible.” With next-gen AV, more strains of malware and other threats become visible, so you can detect and stop these types of attacks instantly.
Traditional AV products fail to deliver the efficacy improvements required to protect organizations against modern threats. These products miss more advanced threats because they lack effective machine learning and behavioral detection capability. Traditional AV continues to have blind spots because their endpoint detection and response (EDR) features are immature and unintelligent. While they are able to record and search events collected from endpoints, customers are then tasked with sifting through the sea of data to find meaningful security events. This process is painstakingly antiquated against modern, speedy vulnerabilities. With next-generation technology, the opposite is the case, and you can pinpoint threats in an efficient manner for more complete protection and faster remediation.

Tracking threats through threat intel
Organised cybercriminals today have many motivations to infiltrate their chosen targets – from financial gain to cyberwar and more. Traditionally, eCriminals and hacktivists implemented extortionist tactics to get precious data, but there has been an uptick in cyber espionage activity this year from nation-state threat actors in North Korea, Russia and China.
In the face of these diverse, highly-motivated threats, it is no longer sufficient for organisations to take a reactive stance. Instead, organisations need to have a clear and comprehensive understanding of the different threats they face, if they are to have any chance of defending against them effectively. Threat intelligence is therefore central to modern day cyber risk mitigation, enabling organisations to anticipate and detect potential threats from across the entire web and thereby, choose the right defensive approaches.
To protect revenue, customer and other stakeholder data, jobs, IP and shareholder value, organisations must invest in real-time threat intelligence, while developing a well-trained team that can monitor, capture and analyse threat data effectively. To get out of reactive mode and prevent breaches, businesses must take steps to prioritise actionable intelligence so that they can get ahead of the threats that could compromise their business.
Ultimately, steering clear of a breach comes down to two key points: speed of detection and efficacy. Being able to assess any intrusion and contain it immediately is the only way to future-proof your business. A combination of detection technologies and comprehensive strategy is critical to ensure that no matter where the bad guys move, or whatever new tactics they deploy, the business is well equipped to repel risk.
By Amol Kulkarni, Sr. Vice President, Engineering at CrowdStrike

The post Can you prevent the mega breach? appeared first on IT Security Guru.

Are Bored Employees the Biggest Security Risk?

The Gurus — Thu, 28 Sep 2017 10:10:55 +0000

In an Infosec survey, Centrify have revealed that distractions and boredom are the main causes of human error in IT.
Read Full Story
ORIGINAL SOURCE: Information Age

The post Are Bored Employees the Biggest Security Risk? appeared first on IT Security Guru.

Phishing tops list of most prevalent security threats facing organisations globally

The Gurus — Fri, 11 Aug 2017 09:22:09 +0000

Results of SANS Institute 2017 Threat Landscape survey paints users and endpoints as primary targets, and part of the solution

Security professionals rated phishing (72%), spyware (50%) and ransomware (49%) as top threats

37% of security professionals indicated that calls to the help desk enabled them to discover their most impactful threats

According to results of a new survey on today’s threat landscape, to be released by SANS Institute on Tuesday 15 August, both users and their endpoint devices are the primary target for cyber criminals in 21^st century security battles.
The survey questioned security and IT professionals globally on the threats their organisations face today. Phishing (72%), spyware (50%), ransomware (49%) and Trojans (47%) were named the threats most seen by respondents’ organisations, demonstrating how cyber criminals continue to target individual employees within businesses to gain access to sensitive information. When it comes to impact, phishing causes the most damage, and 40% of survey respondents experienced phishing attacks, including spearphishing and whaling in the last year.
“Users and their endpoints are still in the cross hairs,” says Lee Neely, SANS Analyst, Mentor Instructor and author of the survey report. “Traditional and malware-less threats keep popping up at every corner, making our jobs as defenders resemble an ongoing game of Whack-a-Mole to keep them at bay.”
Malware-less threats are ever-present; almost one-third of respondents have experienced a malware-less threat entering their organisation, impacting IT systems and adding to IT staff workload. These attacks are more difficult to find because they can’t be detected by signature-based technologies. Scripting attacks were the most common malware-less incident, while credential compromise or privilege escalation caused the most impact.
Few of the threats were new zero-day threats, on the other hand, with 76% of security professionals admitting that under 10% of the significant threats they saw were zero-day.
“Today’s threats predominately leverage the same old vulnerabilities and techniques,” added Neely. “The time is ripe to change our protections as well as remediation processes to stem the tide of successful threat vectors.”
But it’s not all doom and gloom. While users are the primary target of these attacks, it’s the users themselves that are also part of the solution. In the survey, 37% of respondents indicated that calls to the help desk helped them discover the most impactful threats. User training, improved operational security practices and improved visibility into network and endpoint behavior were all cited as the top measures to improve threat prevention success.
The full results of the 2017 Threat Landscape survey will be shared during a webcast on Tuesday, August 15 at 1 PM EDT, sponsored by Cylance, FireEye, McAfee, and Qualys, and hosted by SANS. Register to attend the webcast at www.sans.org/u/uGU
Those who register for the webcast will also receive access to the published results paper developed by SANS Analyst and network security expert, Lee Neely.

The post Phishing tops list of most prevalent security threats facing organisations globally appeared first on IT Security Guru.

A ghost story – The haunting presence of an ex-employee

The Gurus — Wed, 09 Aug 2017 09:42:33 +0000

From recruiting the most talented employees, to ensuring accounts are in order and providing staff with the latest technological innovations, businesses across the globe work tirelessly every day to strive for success. Lurking behind every policy, best practice and guideline, however, is a world that often gets neglected. What happens when someone leaves the company? Of course, in an ideal world, businesses recruit a capable replacement, tie up any loose ends on a project they were previously working on, and of course, throw a leaving party to ensure both the employee and business can part ways on the best of terms. Sadly, we do not live in an ideal world and, on occasion, an employee’s departure isn’t quite so clean cut and can cause issues months after they have left the company. This begs the question, are organisations doing everything in their power to make sure a soon-to-be ex (employee) does not walk out the door with access to everything the business holds dear?
Former employees are not always your friends
We have all seen the hugely damaging actions that former employees can inflict upon businesses. One such example is a huge data breach experienced by OFCOM^[1], when they discovered that a former employee had downloaded and shared over six years’ worth of data with their new employer, which happened to be a major broadcaster. Luckily for OFCOM, the broadcaster in question chose not to exploit the data and alerted OFCOM to the stolen information. Shockingly, the latest research from OneLogin shows that despite the threat of former employees, more than half (58 per cent) still have access to the corporate network once they have left an organisation and almost a quarter of businesses (24 per cent) experience data breaches due to the action of ex-employees. The OFCOM data breach could have been catastrophic if it had have been used by a competitor, not to mention the potential damage to brand reputation. Similarly, businesses must also consider that when the European Union’s General Data Protection Regulation (GDPR) comes into effect in 2018, UK firms could face a penalty of up to 2% of their annual worldwide revenue, or €10 million, whichever is higher^[2], enough to leave an organisation with financial difficulties. Of course, there are scenarios where organisations have not been as lucky as OFCOM.
In fact, Marriott Hotels experienced the full force of a disgruntled former employee in 2016. According to court documents^[3], a former Marriott employee was fired from the company in August 2016, and was told not to access the company’s internal systems. However, despite this warning, the former employee accessed Marriott’s reservation system from the comfort of their home, slashing room rates down from $159-$499 to $12-$59. This particular breach cost Marriott $50,000. Mariott, however, isn’t the only organisation to have left themselves open to disgruntled ex-employees. In fact, 28 per cent of former employee’s accounts remain active for longer than a month.
HR & IT must collaborate and take accountability
A former employees’ word is not enough. HR and IT must work together to avoid situations such as this and it doesn’t have to be difficult or time intensive. Automated processes can be used to deprovision all access to corporate accounts within minutes of an employee’s contract being terminated to protect valuable corporate data. There are tools available to ensure that once an employee has logged off for the final time they are locked out from that moment onwards. OneLogin’s research revealed that only half of UK businesses use automated de-provisioning technology to ensure this happens. In addition, 45 per cent of businesses don’t use a Security and Information Manager (SIEM) to check for application use by former employees, leaving vital corporate data exposed to potential leaks. Businesses revoke a former employees’ means of physically getting into the office, so it is essential that their digital access is also revoked on departure.
Stick to the solution
It is crucial that businesses wake up and acknowledge that former employees exploiting corporate access is a problem and yes, it could happen to any company. It is clearly not enough to rely on the goodwill of ex-employees, however trustworthy they may appear to be. With so much at stake, are organisations really willing to leave the key to the business’ most precious assets in their hands? Quite frankly, there is no reason to.
Some employees leaving an organisation don’t have many loyalties to their previous employer, no matter how amicable their departure was, meaning security risks are highly likely. Therefore, it is imperative that deprovisioning employees’ corporate access on their last day is an absolute priority. Companies need to use the right tools to ensure this happens. These include:

Automated syncing of HR directories such as Workday, UltiPro, and Namely, which are the source of truth for employee status, and IT directories such as Active Directory and LDAP, which often control access to applications.
Automated deprovisioning of employees from applications that have an application programming interface (API) for user management. Most “birthright” applications that are widely used in companies, such as Office365 and G Suite, have these APIs.
Automatic checklist generation for IT admins, to ensure that they manually deprovision all ex-employees from all apps. Most applications don’t yet have an automated deprovisioning API and require manual intervention from IT.
Application access events sent to SIEM systems, to double-check that no ex-employees are accessing applications.

IT and HR can work collaboratively to fully deprovision all employees. If these steps are carried out correctly, a business can be safe in the knowledge that precautionary measures have been taken to protect confidential data from a departing employee.

Alvaro Hoyos, CISO at OneLogin

The post A ghost story – The haunting presence of an ex-employee appeared first on IT Security Guru.

The CIO will report to the CISO

The Gurus — Tue, 08 Aug 2017 09:51:45 +0000

J.J. Guy, Senior Director of Cloud Engineering, Carbon Black
Several years ago, security leaders in many organisations were promoted from a mid-tier manager to the CISO. In the early org chart iterations, security was considered as “just one more job” of the IT department, so the manager who owns security took the CISO title but continued to report to the CIO.
As businesses learned security was more about overall business risk than simply a function of technology, the reporting chain for CISOs started to move outside the CIO’s organisation and CISOs began reporting to the CEO, CFO or COO.
This evolution is still underway, but it will shift again soon: the CIO will report to the CISO.
CISOs are operationalising their information security programmes, transforming security from a checkbox product the CIO bought from a vendor into an operation that combines products, people and processes. Those operations are gaining discipline and rigor from a painful but effective feedback loop, thanks to constant testing by attackers. CISOs are discovering the IT basics such as network management, asset management and patching are critical to secure operations, but in many organisations they are poorly managed.
As WannaCry and Petya have acutely demonstrated, there were millions of machines both unpatched for weeks and with SMB open to the world. Patching is hard and open SMB is silly, but unpatched systems with open SMB is gross negligence – and this is just one recent and high-profile example. It is impossible to secure an enterprise network when the organisation can’t handle the basic blocking and tackling of IT.

To secure their networks, enterprises must begin operationalising their IT programmes, growing discipline as strong as their security operations teams. As realisation of this truth grows, we will see a shift: the CISO will own not just the security functions, but all the core infrastructure – networks, devices and operating systems. The CIO will own the business processes: the core value of IT making the business more efficient. The CISO owns the core infrastructure that makes the network run, the CIO owns the applications that run on that infrastructure and the business processes they support.
Today’s titles won’t make sense at that point. The position we call CISO today will be something more similar to the Chief Information Operations Officer, to reflect his duty to operationalising both the IT and security programs, with the 24/7 operational rigor required to maintain security and availability. He’ll have something like three direct reports: the operations centre, the enterprise applications team and a compliance team.
Of course, this organisation looks much like the one we had ten years ago: the CIO and his team. Except now we recognise security and an operational culture are critical components to the CIO’s role, something that was not widely recognised before. Perhaps the simplest answer is we return to the original org chart, but with a more acute understanding of responsibilities. Today’s “CISOs” get promoted to “CIO” and we return to one “technology CxO” in the executive team.
However it shakes out, it will be fun to watch unfold – and our networks will continue to get more secure as a result.

The post The CIO will report to the CISO appeared first on IT Security Guru.

Does the cloud really live up to its security expectations?

The Gurus — Mon, 07 Aug 2017 09:03:17 +0000

Having worked in the data management industry for nearly two decades, I have noticed that “the new data culture” promised by the introduction of cloud technologies hasn’t quite taken off to the level promised to the enterprise market.
As the cloud model has matured from basic hosting all the way up to full services, a huge element of competitive uniqueness and identity is the data that is generated and leveraged across businesses. Cloud architectural models have evolved from hosted hardware through to sophisticated virtual, multi-tenant services.
In enterprise these models were initially met with scepticism, and we haven’t really yet seen the great leap forward that was predicted in the take up of these services across the globe. Whether that’s cost or cultural reasons, there may also be a genuine and increasingly high profile reason – that of data security.
Enterprises had of course always developed private, purpose built IT fortresses which are secured by isolation and both physical and virtual perimeters. Through perimeterisation came the belief that trust could be obtained within these highly controlled environments. This traditional datacentre model would include scale-up, proprietary hardware orientated architecture where business services were limited to a physical unit. ‘Locking the cabinet’ provided a great deal of comfort against any external threats. However, this model has quickly moved from being an asset to a liability.
Whilst there is no doubt this type of isolation provides a degree of security, modern business no longer happens in proprietary siloed methods. Other business partners, clients and systems are highly distributed, and the idea of centralising is against the modern trajectory of business. We even see a new breed of business and technology ‘cloud native’ which has been built and designed in (and for) exactly this type of hosted, distributed architecture. These agile and fast moving new entrants are global from the beginning and are focused on consumer grade engagement. The ease of use is core to their success.
This modern type of collaborative and sharing mentality means that traditional enterprise has sprung a plethora of ‘shadow’ IT workarounds across its data borders, and in many cases lost control of their vital data assets. Countless examples abound of intercompany and extra-company data sharing that punch holes straight through the “secure” perimeters and make a mockery of the once hallowed silo walls. CSV files extracted and sent across insecure email channels, or downloaded onto a CD and sent on a physical courier to a trusted partner – these are not unusual activities to find somewhere within an enterprise, either with or without official permission from IT owners and certainly going against standard company and regulatory protocols.
This activity isn’t usually malicious of course, it’s simply a necessary way to break the chains on the valuable enterprise data contained within each isolated silo, and to allow efficient and profitable use of that data to maintain a competitive edge over the more agile rivals, or to reduce the pressure on the bottom line. More and more managers are demanding access and availability to data right across their networks, whether that be system data or personal records,to allow them the insight and knowledge to compete.
And that of course is a major driver of enterprises who are taking up the challenge and moving toward digital transformation. It is no longer a question of if, it is a question of when.
But are the traditional data managers right to be cynical? The perceived loss of “control” once the data effectively leaves the confines of your protected environment can be alarming, and has certainly come at a cost for some high profile companies. Practically every week we hear of yet another data breach happening across the ultra-connected digital world that was meant to come with a high level of data resilience. In March this year alone, 74 million pieces of individual data were leaked globally. In May of next year we have the General Data Protection Regulation (GDPR) which will see a company who doesn’t report on a data breach within 72 hours be subject to a fine of 4% of their previous year’s global turnover or €20, whichever is the biggest. No wonder so many IT overseers are quaking in their boots about “releasing” their data to the cloud.
And this is just from external threats, how can you control and monitor what’s happening to the data within your decentralised infrastructure?
So could a new technology be the key to allowing enterprises the freedom they want (and their managers demand) without exposing them wide open to a malicious attack or a leak that could cost them millions in fines? In order to truly have the freedom and agility to act on the data collected, generated and shared within your organisation’s networks, you absolutely have to trust where it is, where it’s been and who or what has accessed it.
Blockchains, or more specifically distributed ledger technologies,are not really a new technology (and you would have to be from Mars not to have heard the hype), but the way they have mainly been used previously has been as the underwriting ledger to crypto currencies like bitcoins. Huge public shared ledgers that mathematically deliver trust in an uncontrolled environment, where the distributed results and grouped consensus is derived to determine the integrity of the absolute result.
As an append-only database technology, every new block of information is encrypted with a part of the previous one, making the historical record of data unchangeable. This builds up into a chain, where if it were even possible to remove a link, this would be identified immediately.
What if that same immutability could be applied across the enterprise to the both its corporate system data and that of the personally identifiable information (PII) that they hold and wish to share, but within a private, permissioned blockchain?
As it happens the underlying principles are perfect for just such a set-up, and a small number of firms are developing these enterprise blockchains: private, permission based ledgers that maintain the consensus architecture and high governance, whilst dropping the unnecessary and energy sapping public computing side.
What’s more, the data logic in the platforms being built upon these ledgers means that highly sophisticated and encrypted methods of authorisation and authentication can be built in, allowing not only consent based distribution of personal information (by the owner), but limited access rights to any such information by any particular sanctioned 3rd party.
Not only would the ledger have a complete immutable record of what has happened to that data, but the software can also completely control who has access, when and what is shared.
It’s early days for such systems, but it certainly seems that distributed ledger technologies could hold the key for finally allowing the de-perimeterisation of data to safely follow the de-perimeterisation of infrastructure into the clouds.

Ian Smith, Founder and CEO of Gospel Technology.

The post Does the cloud really live up to its security expectations? appeared first on IT Security Guru.

Just another I.T. manic Monday? Automation can help

The Gurus — Tue, 18 Apr 2017 08:46:37 +0000

Okay, it’s true. I’m a big fan of the song “Manic Monday” by The Bangles. Released in 1986 by Columbia Records, the song—written by Prince under the pseudonym “Christopher”—was the band’s first hit.
It’s a sure bet Prince didn’t have the IT Service Management (ITSM) world in mind when he penned the lyrics. But after reading the research report “Anatomy of the Service Desk in 2016” prepared by the Service Desk Institute (SDI), the song’s chorus could be the IT analyst’s anthem:
It’s just another manic Monday
I wish it were Sunday
‘Cause that’s my fun day
My I don’t have to run day
It’s just another manic Monday.
The SDI report, created from responses to an online survey sent out to more than 10,000 senior ITSM professionals earlier this year, unearthed some interesting findings. For example, most survey respondents (32 percent) said Monday is the day of the week where the service desk is most productive, up from 23 percent when the survey was first administered in 2012.
In response to the question “At what time of day do you receive most of your calls?”, 60 percent of respondents selected 8:00 am to 10:00 am, while 33 percent chose 10:00 am to 12:00 pm. For a variety of reasons, including password and login issues and issues of people working remotely, only a small number of respondents indicate they receive most of their calls after 12:00 pm.
Concerning the question “Do you feel under pressure at work?”, 67 percent of respondents said yes while 33 percent said no. In addition, a majority of respondents (64 percent) agreed that there aren’t enough hours in the day to complete their work.
Ticket volumes rise faster than IT headcount
Couple SDI’s findings with data from Forrester Research that “57 percent of service desks struggle with increased ticket volumes, but only 31 percent are expanding headcount.”
SDI and Forrester Research shed light on the fact that IT departments today need to speed up service response, optimize cost management, and shift resources when needed to react faster to the operating environment of the enterprise.
In the eBook “Five Ways to Modernize IT Service Management,” the third section discusses the necessity to adopt automation. The eBook’s author, Ivanti manager of product marketing Melanie Karunaratne, states: “Recent Gartner research cites the top three reasons for driving organizations to automate:

Efficiency (78 percent)
Cost reduction (58 percent)
Risk mitigation (40 percent)

“Whether you’re aiming to work faster, maintain consistency, or reduce costs, automation can help. Automated service management processes let you refocus your time and resources on strategic activities that support business initiatives and goals.”
Where do you start?
Karunaratne recommends reviewing any routine, low-complexity, resource-intensive tasks such as password resets. “Employing automation to reduce call volumes will deliver immediate value to the operation and the business user experience. Any repetitive request is an opportunity for automation.”
According to Forrester, respondents to one of its surveys reported that “the average cost of resolving a password issue was $31 and that approximately 20 percent of all help desk calls were password-related.”
Enabling business users to access self-service and reset passwords automatically reduces direct contact with your team, offers an enhanced experience, and saves administrative costs.
By Brent Bluth, Ivanti

The post Just another I.T. manic Monday? Automation can help appeared first on IT Security Guru.

IT Pros Don’t Change Their Passwords – Oh, the Irony

The Gurus — Fri, 13 May 2016 09:24:57 +0000

You are probably sick and tired of your IT team banging on about changing your passwords regularly, but there is no one to chase the IT team to change their own privileged passwords (admin, root and such). We assume they follow their own advice but ironically, the majority (55%) of IT professionals make end users change their passwords more often than they change administrative credentials. This is according to a survey of almost 200 IT professionals at RSA Conference 2016 by Lieberman Software.
That figure is not surprising. Without an automated solution to manage all the privileged credentials that exist in large networks, it’s not uncommon for administrative passwords to be rarely updated in many organisations. Admittedly, it’s difficult for IT staff to keep track of all their admin passwords, but this gets even more complicated when you’re expected to know every place where the credentials are used – and what might break when they’re updated. However, because of the sensitive systems that these credentials protect, frequent privileged password changes are essential for good security.
So just how often are privileged credentials changed? Shockingly, never, according to 10% of respondents who were brave enough to admit this. Fortunately, 74% change administrative passwords on at least a monthly basis, which is much better as most regulatory compliance regulations require organisations to change privileged credentials every 30 days minimally.
Although, even a 30 day password update rate may not be frequent enough when you consider that cyber intruders and malicious insiders look for passwords that let them jump from system to system on a network until they find what they want. How much damage can they do in that time before their stolen credentials are invalidated?
Meanwhile, the gold star goes to only 1% of those that change their administrative passwords daily, according to the survey.

The Threats Behind Privileged Passwords

So what exactly are the potential problems that could arise if privileged credentials area not looked after properly? Well, when an employee leaves a job, there’s typically a standard set of practices that are followed; checking in physical keys and equipment, transitioning documents and contacts to other employees, and so on. But 15% of respondents said that if they left their organisation they could still access their admin credentials remotely. This is a huge potential threat as they often know the password secrets that let them log in to systems and applications on the network.
If privileged credentials aren’t continuously changed, thus shutting off former employees’ log ins, odds are these ex-employees can still gain administrative access long after their employment ends. Every company must have a procedure in place for changing all passwords and revoking access as soon as someone leaves the company.
But how secure are the privileged credentials of current employees? As it turns out, 36% of respondents share administrative passwords within their IT groups. Believe it or not, this is a common IT administration practice. IT pros are busy people, balancing their daily administration tasks with unexpected emergency repairs. So, looking to simplify matters, systems administrators often re-use the same password across many systems and share this password with other IT administrators.
Yet, if a hacker or malicious insider gets hold of this shared password, they’ve just gained access to systems around the network. We have to start asking ourselves if the convenience of sharing passwords is really worth it? Or is there a better way to deal with the problem of administrative passwords? And what is the best way to mitigate the risk?
There are three steps that businesses can take to protect themselves from the burden of passwords:

As this survey highlights, we need to train staff, especially staff that has administrative rights, that they won’t have access to the power to do harm all the time without a gate. They will still be able to do everything they did before, but there will be an extra step. They can think of it as scanning their badge before they walk into the server room. Now they will scan their virtual badge before they can walk into a secure library where all the rights are stored. They can check out the power they need, everyone will be able to see who has it checked out, and then it will get checked back in where they’re done. It’s a small change, but it makes a big difference.

When a password is checked out, we would change the security for that password when it gets checked back in or when the checkout expires. However, if that’s the only time we rotate that security that means the bad guys can get in through an email and start collecting rights to use later. But, if a program is in place to aggressively rotate admin rights and credentials all the time, even when they’re not in use, then the bad guys get the rug pulled out from under them.

Now that we have this power to control rights and privileges we should hook it up to our other security systems to make sure everything is working in a healthy, closed loop process. If you have analytics and logging solutions looking at all the security event data to find patterns, then you would surely want to throw in all the data about who has legitimate privilege. That leads to simple correlations – like an action that takes place using a privileged identity that was not currently checked out to any authorised user is suspicious. If you have solutions that are detecting malware and other incidents as they happen, you can automate a privileged response in near real-time with no operational impact.

If businesses automate privileged password management and follow the steps above they will be in a much better position to fight off cybercriminals who attempt to leap over network defences and move around laterally within an organisation’s systems.
For more information on these and other findings (including how many respondents say they’re prepared for a cyber attack) see http://go.liebsoft.com/rsa-conference-2016-survey.

The post IT Pros Don’t Change Their Passwords – Oh, the Irony appeared first on IT Security Guru.

Customer Trust and Revenues are where DDoS hits hardest

The Gurus — Thu, 24 Mar 2016 11:45:16 +0000

Corero Network Security has unveiled research from this year’s RSA showing that the most damaging consequence of DDoS attacks is the loss of customer trust.
After polling tech decision makers at RSA, Corero also foud that 34% of respondents felt loss of revenue was the biggest threat.
Dave Larson, Coerero’s chief operating officer, informed us that ‘network or website service availability is crucial to ensure customer trust and satisfaction, and vital to acquire new customers in a highly competitive market. When an end user is denied access to Internet-facing applications or if latency issues obstruct the user experience, it immediately impacts the bottom line.’
DDoS attacks make the media regularly, but get much more attention when there’s actually a firewall failre or a service/website is fully derailed. However Corero’s recent research has found that that there’s been a huge increase in sub-saturation attacks – those which are part of alrge plan, designed to knock one particular aspect of a service or site down as other nefarious activities take place or intelligence is gathered on behalf of the attackers.
Larson noted that small DDoS attacks often escape the radar of traditional scrubbing solutions. Many organizations have no systems in place to monitor DDoS traffic, so they are not even aware that their networks are being attacked regularly.
‘Industry research, as well as our own detection technology, shows that cyber criminals are increasingly launching low-level, small DDoS attacks,’ said Larson. The problem with such attacks is two-fold: small, short-duration DDoS attacks still negatively impact network performance, and-more importantly, such attacks often act as a smokescreen for more malicious attacks. While the network security defenses are degraded, logging tools are overwhelmed and IT teams are distracted, the hackers may be exploiting other vulnerabilities and infecting the environment with various forms of malware.’
Corero also found that many companies rely on upstrea providers to eliminate the attacks, with 30% of respondents saying this was their technique for protection. 85% of those surveyed believe their upstream provider should offer this protection as a service to their subscribers – over half of respondents said they’d pay their provider for this as a premium service.
When looking at the current methods of handling the DDoS threat used by companies, nearly one third (30%) of respondents rely on traditional security infrastructure products (firewall, IPS, load balancers) to protect their businesses from DDoS attacks. ‘Those companies are very vulnerable to DDoS attacks because it’s well-documented that traditional security infrastructure products aren’t sufficient to mitigate DDoS attacks,’ said Larson.

The post Customer Trust and Revenues are where DDoS hits hardest appeared first on IT Security Guru.

IT Guys vs the World – The Trust is Broken on BYOD

The Gurus — Fri, 18 Mar 2016 11:46:05 +0000

A study by endpoint security pros Code42 has shown that IT decision makers (ITDMs) are close to losing the trust of workers in the rest of their organisations.
67% of the 1500 knowledge workers surveyed do not believe their company has a clearly defined BYOD policy – yet 65% of the c. 400 ITDMs asked the same question think to the contrary. So what’s going on?
well considering 42% of all corporate data is currently eld on endpoint devices, outside the traditional security parameters and 1 in 4 knowledge workers don’t trust their IT teams/employers with their personal data, the situation is ripe to be capitalised on by cyber criminals.
We caught up wth Rick Orloff, Code42’s Chief Security Officer, to gain further insight, and here’s what he told ITSG:
GURU: Why would ITDMs and knowledge workers have this difference in understanding over BYOD policy and what can be done to bridge the gap?
Rick Orloff: It often comes down to lack of communication. Unfortunately, many IT departments operate in a silo, giving the impression to the rest of the organisation that they simply ‘keep the lights on’ as technology service providers. The policies and safeguards they implement have exponential business value, yet IT struggles to communicate that value to the rest of the organisation. IT teams must lean on lines of business managers to help build awareness and enforce policies in the interest of enterprise data protection and security. Doing so will position themselves as a technology business partner enabling remote computing capabilities. They will be seen as a collaborative partner instead of a barrier.
GURU: How can we build up trust in our IT teams?
Rick Orloff: More communication between IT and business departments is the key. With a deeper understanding of why IT does what it does to protect enterprise data, lines of business managers and end users will adopt data safeguards. There should be a cross-functional InfoSec steering committee with senior stakeholders that align on strategies and risk mitigation issues. This will also help prevent unauthorised ‘shadow IT’ practices as well as provide support from the executives.
GURU: Should we trust anyone with our personal data? If it’s a necessity, how can we minimise the amount of data needed to be retained for the effective operation of the company?
Rick Orloff: All entities are on a “need-to-know basis.” Personal data should only be shared “if” required. That said, enterprises have a duty of care to monitor how and where data is accessed. In modern organisations, it’s essential to provision end-users with the appropriate technology that will protect data outside of the perimeter. The best endpoint protection solutions centralise data on a single platform, which gives security teams full visibility and control, as well as the ability to detect, respond and remediate breaches or other data security incidents. These solutions offer controls for the amount and types of end-user data to back up—some organisations want and need to retain more data than others.
GURU: Where should we keep our data, if not on endpoint devices?
Rick Orloff: Today it’s no longer realistic to say that data won’t also be available on the endpoint. It’s how employees work and there’s no reasonable way around that. To stay productive, end users want and need access to their data—both corporate and personal—while they’re mobile and/or working remotely. If IT doesn’t provide the right tools, they will simply find a way around IT’s data security measures. Data can and should be stored at the endpoint, but it must be secured and backed up (to the cloud or on-premises) so the company has control and visibility of its data—no matter where or how its employees are working.
GURU: How can we elevate the role of CISOs etc to make them more respected as a key component in keeping a business running?
Rick Orloff: Due to the many high-profile breaches and widespread fear of ransomware, the CISO role has grown in importance and taken its place on the executive team and in the boardroom. Recently, boards realise the importance of data security in the enterprise, and are looking to the CSO and CISO to keep operations running smoothly and safely. It’s also imperative that the CISO work closely with the rest of the C-suite, such as the CMO and CFO, on strategies to mitigate risk across the enterprise.

The post IT Guys vs the World – The Trust is Broken on BYOD appeared first on IT Security Guru.