Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd

Posts By :

Guest Post

Four Steps to Security Automation Success

960 640 Guest Post

By Ofer Elzam, VP and GM, FireMon Cloud & Automation Solutions

Security automation projects are making headlines, with everyone looking to automate at least some portion of the policy management process. Usually, the goal is to save time and money by automating firewall administration and policy management.

However, these two categories have grown exponentially in scope and complexity in recent years, so automation projects often become much larger and time-consuming than originally intended and produce varied results.  In some less-than-stellar cases, they even collapse all together, and people revert to the original manual processes they were seeking to automate.

How can this situation be avoided? There are four steps security organizations can take to dramatically increase the likelihood of success in security automation projects, we’ll cover the first two now:

  1. Have a clear goal. Almost everyone automates to save money and improve efficiency.  But you must define more functional requirements than that – after all, there are many approaches for saving money. Focusing on a clearly defined operational goal is the key to determining the right approach, which, in turn, defines how much and where you will realize cost savings and efficiency gains. 

    What if you defined your goal to achieve a standard security process to meet a service level agreement (SLA) of 24 hours instead of the week or so it takes now? You could do this by analyzing the existing process and mitigating inefficiencies through the surgical application of automation, or even simply improving on existing manual processes.  

    Other projects like micro-segmentation, Zero Trust implementations, on-prem-to-cloud migrations, will necessitate their own functional requirements and SLAs. It is important to set goals for these projects that are realistic, while also delivering substantial cost and efficiency improvements. 
  2. Don’t try to automate everything.  Automation projects succeed when there is a clear set of success criteria and a clearly defined and achievable scope. They often fail when trying to implement a process that will work in every scenario. A good example of this is in the change-request workflow. There are two places where time and resources can be saved in a change-request workflow: better requirements (less refinement of inputs) and reducing the wait time between individuals. Better requirements are generally achieved by focused training and more intuitive system design for a select group of users. 

    User and requirement creep tends to happen when relatively infrequent processes are folded into the project. This puts security organizations in a position where they spend significant time, effort and budget on automating processes that may only be encountered once or twice a month. This can delay the overall automation project and reduce ROI once it is complete, since significant resources will be invested for only marginal gains.

    Consuming project time to customize the workflow or software for a task that takes 10 minutes twice a month not only delays the overall project, but also causes stakeholders to question the overall value of the project. 

Let’s be honest: You’re almost certainly exploring automation to save money and time. Follow our next blog, for the last two steps to build your security policy automation roadmap. 

Barracuda: Growing confidence and emerging gaps in cloud security

960 640 Guest Post

For modern organisations, digital transformation is increasingly the only game in town. CIOs are turning to multiple cloud providers in droves for new app-based models, driving enhanced business agility to meet ever-changing market demands.

Yet security remains a constant challenge. Web applications themselves remain a major target for data theft and DDoS. A Verizon report from earlier this year claimed that a quarter of the breaches it analysed stemmed from web application attacks.

So, what are organisations doing about it? Chris Hill, RVP Public Cloud and Strategic Alliance International at Barracuda Networks reveals some interesting findings from its latest research…

Cloud maturity grows

The survey of over 850 security professionals from around the world reveals a growing confidence in public cloud deployments. Over two-fifths (44 percent) now believe public cloud environments to be as secure as on-premises environments, while 21 percent claim they are even more secure. What’s more, 60 percent say they are “fairly” or “very” confident that their organisation’s use of cloud technology is secure.

This makes sense. After all, cloud providers are capable of running more modern, secure infrastructure than many organisations could in-house. That means customers benefit from the latest technology, accredited to the highest security standards, versus heterogeneous, legacy-heavy in-house environments. As long as they pick the right third-party security partners and understand the concept of shared responsibility in the cloud, cyber risk can be mitigated effectively. The cloud even offers more options for backup and redundancy to further minimise risk.

Yet this isn’t the whole picture. Respondents to the study are still reluctant about hosting highly sensitive data in the cloud, with customer information (53 percent) and internal financial data (55 percent) topping the list. They complain of cybersecurity skills shortages (47 percent) and a lack of visibility (42 percent) as hampering cloud security efforts. And over half (56 percent) aren’t confident that their cloud set-up is compliant.

Could some of these concerns be linked to web application threats?

Websites under attack

The truth is that web apps are a ubiquitous but often poorly understood part of the modern cloud-centric organisation. As a business-critical method of delivering experiences to customers and productivity-enhancing capabilities to employees, web applications are a major target for cyber-criminals looking to steal sensitive data and interrupt key business processes. A Forrester study from 2018 found that the leading cause of successful breaches was external attacks — the most common of which focused on web applications (36 percent).

Fortunately, Barracuda Networks’ survey finds more than half (59 percent) of global firms have web app firewalls (WAFs) in place to mitigate these threats. The most popular option is sourcing a WAF from a third-party provider (32 percent), which makes sense, as long as they can protect customers from the automated bot-driven traffic that dominates the threat landscape. Not all can.

Patching and configuring

However, a greater concern is the fact that many organisations don’t appear to be taking the threat of web application vulnerabilities seriously. The Barracuda study found that 13 percent of respondents claim they haven’t patched their web application frameworks or servers at all over the past 12 months. Of those that did, it takes over a third (38 percent) of them between seven and 30 days to do so. For a fifth (21 percent), it takes over a month.

This is the kind of approach that landed Equifax in a heap of trouble when it failed to promptly patch an Apache Struts 2 flaw, leading to a mega-breach that has so far cost has over $1.4 billion. It’s an extreme example, but it is one that highlights the potential risks for businesses.

Another potential area of risk with web application environments is human error. A massive breach at Capital One earlier this year affected around 100 million customers and applicants, and it was blamed on a misconfiguration of an open source WAF.

Some 39 percent of respondents told Barracuda Networks they don’t have a WAF because they don’t process any sensitive information via their applications. But attacks aren’t just focused on stealing data. They can also impede mission-critical services. WAFs are certainly not a silver bullet. But as part of a layered approach to cybersecurity, they’re an important tool in the ongoing fight against business risk.

Conclusion

Growing cloud confidence is enabling digital transformations across organisations of every shape and size. However, that confidence comes with a cautionary tale. Attackers are also zeroing in on vulnerabilities and weaknesses that may have been ignored in the past, and many organisations are unaware of how these multi-layered attacks can unfold from a single access point. Web application security and cloud security posture are the key weapons customers need to deploy in order to continue their digital transformations safely in the cloud.

To ensure you are secure in the cloud, here are some tips:

• Ensure you have WAFs protecting all your apps. Don’t assume that just because an app doesn’t appear to have outside visitor engagement that it can’t be used as an attack vector. Once any vulnerabilities are discovered, attackers will exploit them, and it may help them gain access to your network and more valuable resources.
• Don’t leave application security in the hands of your development team. They aren’t security experts, nor do you pay them to be — you pay them to build great products.
• Deploy a cloud security posture management solution. Not only will this eliminate many security risks and failures, along with providing your development team with necessary guardrails to “build secure,” it greatly simplifies remediation and speeds investigations when issues do arise.

GUEST BLOG: The Growing DDoS Landscape

960 640 Guest Post

By Anthony Webb, EMEA Vice President at A10 Networks

A new wave of DDoS attacks on South Africa’s internet service provider has highlighted that these attacks continue to grow in frequency, intensity and sophistication.

A10 Networks’ recent report on the Q2 2019: The State of DDoS Weapons has shed more light on the loud, distributed nature of DDoS attacks and the key trends that enterprises can learn from in adopting a successful defence.

IoT: A Hotbed for DDoS Botnets

A10 Networks has previously written that IoT devices and DDoS attacks are a perfect match. With the explosion of the Internet of Things (growing at a rate of 127 connected devices per second and accelerating), attackers target vulnerable connected devices and have even begun to develop a new strain of malware named Silex- a strain just for IoT devices. Silex affected 1650 devices in over an hour and wiped the firmware of IoT devices in attacks reminiscent of the old BrickerBot malware that destroyed millions of devices back in 2017.

The report has highlighted the top-three IoT binary dropped by malware families – two of the three belonged to Mirai – with the Netherlands, UK, USA, Germany and Russia being the top five hosting malware droppers.

The New IoT Threat

A new threat has emerged due to industry-wide adoption of technology with weak security: the UDP implementation of the Constrained Application Protocol (CoAP). This new threat does not have anything to do with Mirai or malware, but its impact has enabled millions of IoT devices to become weaponised as reflected amplification cannons. CoAP is a machine-to-machine (M2M) management protocol, deployed on IoT devices supporting applications such as smart energy and building automation. CoAP is a protocol implemented for both TCP and UDP and does not require authentication to reply with a large response to a small request. A10 identified over 500,000 vulnerable IoT devices with an average response size of 749 bytes. The report also highlights that 98% of CoAP threats originate from China and Russia, with the capability to amplify by 35x.

On the Horizon: 5G

Ericsson recently predicted that the number of IoT devices with cellular connection will reach 4.1 billion by 2024. 5G, with its higher data speeds and lower latency, will be the primary driver behind this rapid expansion. Whilst this is great news in an open dynamic world, the downside is that we will also see an increase in the DDoS weaponry available to attackers.

We have seen mobile carriers hosting DDoS weapons skyrocket over the last six months. Companies such as T-Mobile, Guangdong Mobile and China Mobile have been guilty of amplifying attacks. With 5G, intelligent automation aided by machine learning and AI will become essential to detecting and mitigating threats. IoT devices by Linux are already the target of a new strain of malware which is predominantly dedicated to running DDoS attacks.

Amplified Attack

Amplified reflection attacks exploit the connectionless nature of the UDP protocol with spoofed requests to misconfigured open servers on the internet. Attackers send volumes of small requests with the spoofed victim’s IP address to exposed servers, which are targeted because they’re configured with services that can amplify the attack. These attacks have resulted in record-breaking volumetric attacks, such as the 1.3 Tbps Memcached-based GitHub attack in 2018, and account for many DDoS attacks.

Battling the landscape

Every quarter, the findings of our DDoS attack research point to one thing: the need for increased security. Sophisticated DDoS weapons intelligence, combined with real-time threat detection and automated signature extraction, will allow organisations to defend against even the most massive multi-vector DDoS attacks, no matter where they originate. Actionable DDoS weapons intelligence enables a proactive approach to DDoS defences by creating blacklists based on current and accurate feeds of IP addresses of DDoS botnets and available vulnerable servers commonly used for DDoS attacks. With DDoS attacks not going away, it’s time for organisations to match their attackers’ sophistication with a stronger defence, especially as new technology like IoT and 5G gains momentum.

VIDEO – Top tips to spot phishing attacks

960 640 Guest Post

By Falanx

Phishing, viruses and ransomware are some of the most common attacks aimed at organisations of all sizes, with phishing emails proving the most successful.

With this October being Cyber Security Awareness month, empower your staff to recognise and defend against these attacks.

Here are some of the signs to look out for > https://falanx.com/cyber/top-tips-to-spot-phishing-attacks/

How to manage, detect and respond to a data breach

960 640 Guest Post

Can you be 100% confident that your business has not been compromised?

How would you know if the attacker has not used malware or a virus that would be picked up by the perimeter defences?

Even when a compromise is identified, many companies aren’t sure what the next steps should be.

It is the speed with which a breach is detected, and the effectiveness with which it is remediated, that will provide the most value.

Learn how to manage, detect and respond to a data breach in Corvid’s latest blog:

https://www.corvid.co.uk/blog/how-to-manage-detect-respond-to-a-data-breach

Is email security training a waste of your time?

960 640 Guest Post

If users are the ones being tricked, train users and they won’t get tricked. Easy! Except it doesn’t quite work like that.

Can user training ever hope to keep pace with the constantly evolving threat landscape?

And who decided user training was the right solution in the first place?

Click here to read the latest advice from Corvid.

INDUSTRY SPOTLIGHT: Falanx penetration testing

960 640 Guest Post

To minimise risks from hackers you need to think and act like a hacker.

Penetration testing does just that, pseudo hackers attack your systems to help expose and fix vulnerabilities.

Whether it’s web applications, internal networks, mobile devices or wireless networks, penetration testing is critical to ensure high levels of cyber security. But why, when and how often should you penetration test?

Find out more at: https://falanx.com/cyber/why-when-and-how-often-should-you-pen-test/

Save £35k by deleting emails from your CEO

960 640 Guest Post

You work in finance. You get an email from your CEO addressing you by your first name, apologising for the late Friday email, but requesting you make an urgent payment to a regular supplier, with account details helpfully provided in the email. You’d pay it, right?

CEO fraud is an increasingly common type of phishing attack, where a threat actor impersonates a senior executive, and attempts to coerce an employee into transferring funds or personal information to the attacker’s account.

The average cost of this attack has risen to £35,000, but how do they keep getting away with it? Check out the latest advice from Corvid:

https://www.corvid.co.uk/blog/save-yourself-35k-delete-ceo-emails

FREE GUIDE: How to reduce the security vulnerabilities in Office 365

960 640 Guest Post

You’re likely to follow the path of least resistance, attacking wherever you have the biggest chance of success on the most widely used programs.

You will put out Phishing emails, Malware attacks, simple extortion mailers and Business Email compromise (BEC) attacks to gain entry to the target system.

Many enterprise organisations’ SaaS technology of choice is Microsoft Office 365 due to its mobility, ease of use and opportunities for collaboration. Office 365 provides the latest versions of Excel, Word, PowerPoint and Outlook, as well as cloud-based collaboration and productivity platforms OneDrive, Exchange Online, Yammer and SharePoint Online.

Many have come to see Microsoft Office as the gold standard for enterprise businesses. However, being a major player in the market also makes you a major target.

In this comprehensive guide, EveryCloud covers the 10 steps you can take to ensuring improving your office 365 security posture.

Click here to download the free guide.

The Rising Email Threat: Are instant messaging tools the answer?

960 640 Guest Post

By Barracuda Networks

At Barracuda we believe two heads are better than one. Following that logic, we can’t argue the value of the opportunity to hear from our peers on industry trends. We recently discovered through such means that, for the channel, email security is its biggest focus in 2019, as partners are increasingly helping their customers fight the battle against email attacks.

This got us thinking: how do end users view email security? And does it match with their channel counterparts? Are they too prioritising it over the next 12 months?

To answer our question, we quizzed 280 high-level decision makers across different industries throughout EMEA on their email security measures, where it falls on their ever-changing priority list, and ultimately how equipped they are for the inevitable attack.

Attacks are going up, up, up 

The results pointed to an industry already aware of – and often affected by – the rising new wave of email threats. Of the 280 decision makers polled, a majority (87%) predicted email threats to increase in the coming year. Perhaps unsurprisingly, the majority (75%) also said they had witnessed a steady increase in email attacks over the past three years against their own organisation. 

Breaking those attacks down, in the last year, almost half (47%) were attacked by ransomware, 31% were victim to a business email compromise attack, and a huge 75% admitted to having been hit with brand impersonation. This final statistic gives credence to our recent spear phishing report, which found that 83% of all the email attacks we analysed focused on brand impersonation. Clearly the criminal’s favourite choice, and for good reason.

Email remains the weakest link

However, regardless of this awareness, many organisations admit to being vastly unprepared when it comes to email security. Despite email being used since the 1990s, a staggering 94% admitted that email is still the most vulnerable part of organisations’ security postures. 

Unsurprisingly, finance departments seem to experience the most attacks, with 57% identifying it as the most targeted department. What was surprising was the rise in customer support attacks; a not insignificant 32% identified this as their most attacked department in what could indicate a new emerging trend for would-be attackers.

Without proper employee training, these attacks will continue to succeed. However, training is still hugely lacking across most organisations we spoke to, with the most popular answer (29%) being from respondents who receive it just once a year. Shockingly, 7% stated they’d either never had training or that they weren’t sure.

The lack of training is clearly leaving employees either confused or unaware of security protocol, as over half (56%) stated that some employees do not adhere to security policies. Of those, 40% said their employees used a ‘workaround’ to do so, perhaps referring to shadow IT solutions and the issues they continue to cause in enterprise IT environments. Both of these issues could be solved by regular and in-depth employee security training.

Not all doom and gloom

That being said, we’d be amiss to ignore those taking measures to reduce email threats. For the 38% whose security budgets are increasing next year, we’d hope security awareness training will play a key role in where the funds will be spent – after all, regardless of whether you have the latest technology, your employees are still the last line of defence. 

However, with 62% of security budgets to either stay the same or decrease over the next year, it seems that organisations are taking to other ways to try and reduce the rising email threat. Over a third (36%) are implementing instant messaging applications such as Slack or Yammer, to reduce email traffic.

This approach comes with a warning from us: while we haven’t yet seen attacks using messaging platforms such as Slack, this may well change in the future and doesn’t necessarily mean that these platforms are immune to attacks. Any organisation going down this route should do so with care, as if we know anything about cyber attackers, it’s that they’re always trying new ways to catch their victims out.

Interestingly, those companies using instant messaging tools are more likely to use Office 365 (78%), compared to an average of 56% across the rest of the study. They were also slightly more likely to pinpoint email as the weakest link (97%) versus 92%. With that in mind, security should be front of mind in order to ensure Office 365 environments are fully protected in the move away from Exchange.

In the short term, while a shift away from email to communications tools such as Slack might be tempting in order to temporarily ease the email burden, it might not work out in the long run, as we wouldn’t be surprised if cyber attackers just changed their tactics in response. In the longer term, the right combination of technology and security awareness training is the key to email attack protection. Attacks will always increase in sophistication, but as long as you stay ahead of the game, it is possible to keep the bad guys out. After all, even at 30 years old, email attacks are still proving profitable for cyber criminals, so they won’t stop any time soon… 

Image by rawpixel from Pixabay

  • 1
  • 2