Article | February 20, 2020
Technology is reshaping society – artificial intelligence (AI) is enabling us to increase crop yields, protect endangered animals and improve access to healthcare. Technology is also transforming criminal enterprises, which are developing increasingly targeted attacks against a growing range of devices and services. Using the cloud to harness the largest and most diverse set of signals – with the right mix of AI and human defenders – we can turn the tide in cybersecurity. Microsoft is announcing new capabilities in AI and automation available today to accelerate that change. Cybersecurity always comes down to people – good and bad. Our optimism is grounded in our belief in the potential for good people and technology to work in harmony to accomplish amazing things. After years of investment and engineering work, the data now shows that Microsoft is delivering on the potential of AI to enable defenders to protect data and manage risk across the full breadth of their digital estates.
Article | July 29, 2020
1. Zero Trust – Demystified
Everyone seems to be talking about Zero Trust in the security world at the moment. Unfortunately there seems to be multiple definitions of this depending on which vendor you ask. To help others understand what Zero Trust is, this white paper covers the key aspects of a Zero Trust model.
1.1. What is Zero Trust
Zero Trust is a philosophy and a related architecture to implement this way of thinking founded by John Kindervag in 2010. What it isn’t, is a particular technology!
There are three key components to a Zero Trust model:
1. User / Application authentication – we must authenticate the user or the application (in cases where applications are requesting automated access) irrefutably to ensure that the entity requesting access is indeed that entity
2. Device authentication – just authenticating the user / application is not enough. We must authenticate the device requesting access as well
3. Trust – access is then granted once the user / application and device is irrefutably authenticated.
Essentially, the framework dictates that we cannot trust anything inside or outside your perimeters. The zero trust model operates on the principle of 'never trust, always verify’. It effectively assumes that the perimeter is dead and we can no longer operate on the idea of establishing a perimeter and expecting a lower level of security inside the perimeter as everything inside is trusted. This has unfortunately proven true in multiple attacks as attackers simply enter the perimeter through trusted connections via tactics such as phishing attacks.
1.2. Enforcing the control plane
In order to adequately implement Zero Trust, one must enforce and leverage distributed policy enforcement as far toward the network edge as possible. This basically means that granular authentication and authorisation controls are enforced as far away from the data as possible which in most cases tends to be the device the user is using to access the data. So in essence, the user and device are both untrusted until both are authenticated after which very granular role based access controls are enforced.
In order to achieve the above, a control plane must be implemented that can coordinate and configure access to data. This control plane is technology agnostic. It simply needs to perform the function described above. Requests for access to protected resources are first made through the control plane, where both the device and user must be authenticated and authorised. Fine-grained policy can be applied at this layer, perhaps based on role in the organization, time of day, or type of device. Access to more secure resources can additionally mandate stronger authentication. Once the control plane has decided that the request will be allowed, it dynamically configures the data plane to accept traffic from that client (and that client only). In addition, it can coordinate the details of an encrypted tunnel between the requestor and the resource to prevent traffic from being ‘sniffed on the wire’.
1.3. Components of Zero Trust and the Control Plane
Enforcing a Zero Trust model and the associated control plan that instructs the data plane to accept traffic from that client upon authentication requires some key components for the model to operate. The first and most fundamental is micro-segmentation and granular perimeter enforcement based on:
Their devices and its security posture
Their Context and other data
The above aspects are used to determine whether to trust a user, machine or application seeking access to a particular part of the enterprise.
In this case, the micro-segmentation technology essentially becomes the control plane. Per the above section, encryption on the wire is a key component of Zero Trust. For any micro-segmentation technology to be an effective control plane, it must:
Enforce traffic encryption between endpoints
Authenticate the user and machine based on their identity and not the network segment they are coming from.
1.4. Zero Trust Technologies
As stated earlier, Zero Trust is an architecture. Other than micro-segmentation, the following key technologies and processes are required to implement Zero Trust:
Multifactor authentication – to enforce strong authentication
Identity and Access Management – to irrefutably authenticate the user / application and the device
User and network behaviour analytics – to understand the relative behaviours of the user and the network they are coming from and highlight any unusual behaviour compared to a pre-established baseline which may indicate a compromised identity
Endpoint security – to ensure that the endpoint itself is clean and will not act as a conduit for an attacker to gain unauthorised access to data
Encryption – to prevent ‘sniffing of traffic on the wire’
Scoring – establishing a ‘score’ based on the perimeters above that will then determine whether access can be granted or not
Apart from the above key components, the following are needed as well:
File system permissions – needed in order to implement role based access controls
Auditing and logging – to provide monitoring capabilities in case unauthorised access is achieved
Granular role based access controls – to ensure access is on a ‘need to know basis only’
Supporting processes – all of the above needs to be supported by adequate operational procedures, processes and a conducive security framework so that the model operates as intended
Mindset and organisational change management – since Zero Trust is a shift in security thinking, a mindset change managed by robust change management is required to ensure the successful implementation of Zero Trust in an organisation.
1.5. Challenges with Zero Trust
So Zero Trust sounds pretty awesome, right? So why haven’t organisations adopted it fully?
As with any new technology or philosophy, there are always adoption challenges. Zero Trust is no different. At a high level, the key challenges in my experience are:
Change resistance – Zero Trust is a fundamental shift in the way security is implemented. As a result, there is resistance from many who are simply used to the traditional perimeter based security model
Technology focus as opposed to strategy focus – since Zero Trust is a model that will impact the entire enterprise, it requires careful planning and a strategy to implement this. Many are still approaching security from the angle that if we throw enough technology at it, it will be fine. Unfortunately, this thinking is what will destroy the key principles of Zero Trust
Legacy systems and environments – legacy systems and environments that we still need for a variety of reasons were built around the traditional perimeter based security model. Changing them may not be easy and in some cases may stop these systems from operating
Time and cost – Zero Trust is an enterprise wide initiative. As such, it requires time and investment, both of which may be scarce in an organisation.
1.6. Suggested Approach to Zero Trust
Having discussed some challenges to adopting a Zero Trust model above, let’s focus on an approach that may allow an organisation to implement a Zero Trust model successfully:
1. Take a multi-year and multi-phased approach – Zero Trust takes time to implement. Take your time and phase the project out to spread the investment over a few financial years
2. Determine an overall strategy and start from there – since Zero Trust impacts the entire enterprise, a well-crafted strategy is critical to ensure success. A suggested, phased approach is:
a. Cloud environments, new systems and digital transformation are good places to start – these tend to be greenfield and should be more conducive to a new security model
b. Ensure zero trust is built into new systems, and upgrades or changes – build Zero Trust by design, not by retrofit. As legacy systems are changed or retired, a Zero Trust model should be part of the new deployment strategy
c. Engage a robust change management program – mindset adjustment through good change management
3. Take a risk and business focus – this will allow you to focus on protecting critical information assets and justify the investments based on ROI and risk mitigation
4. Ensure maintenance and management of the new environment – as with everything, ensure your new Zero Trust deployment is well maintained and managed and does not degrade over time.
To summarise, Zero Trust is a security philosophy and architecture that will change the way traditional perimeter based security is deployed. A key component of it is the control plane that instructs the data plane to provide access to data. Zero Trust dictates that access can only be granted once the user / application and device are irrefutably authenticated and even then this access is provided on a ‘need to know’ basis only. Micro-segmentation is a key technology component of Zero Trust implementation and this paper has stated other key technology components and processes that are needed to implement Zero Trust adequately. This paper has discussed some of the challenges with implementing Zero Trust which include change resistance as well as legacy systems. The paper then provided an approach to implementing Zero Trust which included taking a phased approach based on a sound strategy underpinned by a risk and business focused approach.
Article | February 21, 2020
Researchers have identified eight malicious Android apps in the official Google Play marketplace distributing a new malware family. The “Haken” malware exfiltrates sensitive data from victims and covertly signs them up for expensive premium subscription services. The eight apps in question, which have since been removed, had collectively been downloaded 50,000 times. The apps were mostly camera utilities and children’s games, including “Kids Coloring,” “Compass,” “qrcode,” “Fruits coloring book,” “soccer coloring book,” “fruit jump tower,” “ball number shooter” and “Inongdan.” The apps legitimately function as advertised, but in the background covertly perform an array of malicious functions. “Haken has shown clicking capabilities while staying under the radar of Google Play,” said researchers with Check Point Research, in an analysis on Friday. “Even with a relatively low download count of 50,000+, this campaign has shown the ability that malicious actors have to generate revenue from fraudulent advertising campaigns.
Article | April 22, 2020
According to a Gartner study in 2018, the global Cybersecurity market is estimated to be as big as US$170.4 billion by 2022. The rapid growth in cybersecurity market is boosted by new technological initiatives like cloud-based applications and workloads that require security beyond the traditional data centres, the internet of things devices, and data protection mandates like EU’s GDPR.
Cybersecurity, at its core, is protecting information and systems from cyberthreats that come in many forms like ransomware, malware, phishing attacks and exploit kits. Technological advancements have unfortunately opened as many opportunities to cybercriminals as it has for the authorities. These negative elements are now capable of launching sophisticated cyberattacks at a reduced cost. Therefore, it becomes imperative for organizations across all industries to incorporate latest technologies to stay ahead of the cybercriminals.
Table of Contents:
- What is the cybersecurity scenario around the world?
- Driving Management Awareness towards Cybersecurity
- Preparing Cybersecurity Workforce
- Cybersecurity Awareness for Other Employees
What is the cybersecurity scenario around the world?
Even as there has been a steady increase in cyberattacks, according to the 2018 Global State of Information Security Survey from PwC: 44% companies across the world do not have an overall information security strategy, 48% executives said they do not have an employee security awareness training program, and 54% said they do not have an incident response process.
So, where does the problem lie?
Many boards still see it as an IT problem.
Matt Olsen, Co-Founder and President of Business Development and Strategy, IronNet Cybersecurity.
The greater responsibility of building a resilient cybersecurity of an organization lies with its leaders. There is a need to eliminate the stigma of ‘risk of doing business lies solely with the technology leaders of an organization. Oversight and proactive risk management must come under CEO focus. According to the National Association of Corporate Directors' 2016-2017 surveys of public and private company directors, very few leaders felt confident about their security against cyberattacks, perhaps due to their lack of involvement into the subject.
Driving Management Awareness towards Cybersecurity
• Gain buy-in by mapping security initiatives back to business objectives and explaining security in ways that speak to the business
• Update management about your current activities pertaining to the security initiatives taken, recent news about breaches and resolve any doubts.
• Illustrate the security maturity of your organization by using audit findings along with industry benchmarks such as BSIMM to show management how your organization fares and how you plan to improve, given their support.
• Running awareness program for your management regarding spear-phishing, ransomware and other hacking campaigns that aim for executives and teach how to avoid them.
The bottom line is that leaders can seize the opportunity now to take meaningful actions designed to bolster the resilience of their organizations, withstand disruptive cyber threats and build a secure digital society.
The bottom line is that leaders can seize the opportunity now to take meaningful actions designed to bolster the resilience of their organizations, withstand disruptive cyber threats and build a secure digital society..
READ MORE: WEBROOT: WIDESPREAD LACK OF CYBERSECURITY BEST PRACTICES
Preparing Cybersecurity Workforce
Hackers are able to find 75% of the vulnerabilities within the application layer. Thus, developers have an important role to play in the cybersecurity of an organization and are responsible for the security of their systems. Training insecure codingis the best way to raise their cybersecurity awareness levels.
Raising Cybersecurity Awareness in Developers:
• Training developers to code from the attackers’ point of view, using specific snippets from your own apps.
• Explain in-depth about vulnerabilities found by calling remedial sessions.
• Find ways to make secure coding easier on developers, like integrating security testing and resources into their workflow and early in the SDLC/
• Seek feedback from developers on how your security policies fit into their workflow and find ways to improve.
Cybersecurity Awareness for Other Employees
According to the Online Trust Alliance’s2016 Data Protection and Breach Readiness Guide, employees cause about 30% of data breaches. Employees are the weakest link in the cybersecurity chain. But that can be changed by creating awareness and educating them on the risks surrounding equipment, passwords, social media, the latest social engineering ploys, and communications and collaboration tools.Make standard security tasks part of their everyday routine, including updating antivirus software and privacy settings, and taking steps as simple as covering cameras when they end a video conference call.
The technological advancements are moving faster than anF-16, so the measure are by no means exhaustive. The important thing is to keep pace with numerous cybersecurity measures to not fall prey to a cyberattack. Every organizational level plays an important role in achieving a matured security infrastructure, thus making awareness and participation mandatory.
Organizations should consider a natively integrated, automated security platform specifically designed to provide consistent, prevention-based protection for endpoints, data centers, networks, public and private clouds, and software-as-a-service environments
READ MORE: A 4 STEP GUIDE TO STRONGER OT CYBERSECURITY