infoblox Archives - Cyber Secure Forum | Forum Events Ltd
Posts Tagged :

infoblox

Network protection in the hybrid era  

 960 640 Guest Post
By:
0
0

By Gary Cox, Director of Technology Western Europe at Infoblox  

Since emerging from the worst effects of the pandemic, a mix of in-office and remote work has become common practice for many organisations. Initially seen as a temporary way of easing employees back into the workplace after almost two years working from home, it appears that hybrid work is here to stay for the foreseeable future. As of May 2022, almost a quarter of UK employees worked in a hybrid fashion.

However, in an effort to accommodate the needs of their new hybrid workforce, business leaders have inadvertently increased their organisations’ security and compliance risks. This distributed way of working has dramatically increased the attack surface. It’s perhaps little surprise, then, that according to Infoblox’s 2022 UK State of Security Report, the majority of UK businesses experienced up to five security incidents in a year. The advent of the hybrid era means it’s never been more important for businesses to protect their network – or harder to achieve.

Expanded attack surface

Lockdown forced many organisations to leave their physical offices for good, while others adopted hybrid work where most of their employers worked remotely for at least part of the week. Whatever their preference, companies needed to move their applications and data into the cloud and protect them beyond traditional security solutions like firewalls and VPNs.

But employees logging in over their home WiFi networks, and using personal devices for work purposes – or work devices for personal affairs – meant the attack surface was enormous. As a result, businesses experienced a large number of attacks, many of which resulted in downtime, which can cost organisations considerable financial and reputational damage. Indeed, 43 percent of respondents cited breach damages of $1 million.

Hybrid work was found to provide bad actors with a much wider range of entry points into a company’s network, too. Insecure WiFi, for instance, was reported as being the biggest reason for data breaches, followed by insider access through current or former employees or contractors, and employee-owned endpoints, such as mobile devices and laptops.

Trust nothing

Most people today are aware of the perennial threat of cyberattack, but most can do little to protect themselves beyond just changing the password on their home WiFi router. Organisations must therefore take responsibility for security. This requires them to adopt a zero trust approach, which works on the assumption that attackers have already breached the network.

A multi-layered zero trust framework means all parties must undergo authentication checks at every point, as data flows in and out of an organisation’s network. Doing so will enable the organisation to protect everything that’s connected to that network, as well as limiting the damage in the event that an attacker breaches its defences.

Improved security posture

Organisations everywhere, regardless of industry, should consider how to leverage their existing technology to improve their security posture. For example, solutions that take advantage of DDI – a combination of DNS (Domain Name System), DHCP (Dynamic Host Configuration Protocol), and IPAM (IP Address Management) services, which are already used for device connectivity – to  gain visibility into network activities down to the device level.

In addition to this, DNS security is essential for a zero trust approach. Given that more than 90 percent of threats that enter or leave a network will touch DNS, it is ideal for detecting potential threats. DNS security can help IT teams spot threats that other security tools miss, accelerate threat hunting, and reduce the burden on stretched perimeter defences. It helps them get more value out of third-party security solutions, through real-time, two-way sharing of security event information and through automation, which lowers the costs associated with manual effort and human error.

The COVID crisis has changed the way we work – potentially forever. As long as people continue to work remotely – even only once a week – the use of home WiFi networks will continue to increase the threat of compromise. It’s essential, then, that organisations have sufficiently robust security strategies in place to meet the demands of the hybrid era. A zero trust approach, supported by DDI metadata and DNS security, will help businesses adjust.

The rise of Ransomware-as-a-Service and how organisations can protect themselves 

 960 640 Guest Post
By:
0
0

By Keith Glancey, Head of Solutions Architect at Infoblox

Over the years, ransomware has become an increasingly popular attack method for hackers looking to make a large return on investment. The COVID-19 pandemic only accelerated this problem further, opening up new opportunities for cybercriminals to cause disruption and find vulnerabilities.

As businesses continue to struggle with securing the new remote and hybrid working landscape, cybercriminals will continue to use it to their advantage. In fact, today it is estimated that there is at least one ransomware attack on a business every 11 seconds. These attacks are not just frequent. They are also damaging, with recent research discovering that the average ransomware recovery costs for businesses have more than doubled in the past year, rising from $761,106 in 2020 to $1.85 million in 2021. And that’s without the long-term reputational damage.

Whilst tried and tested ransomware distribution tactics – such as malicious websites, email campaigns and even USB memory sticks – are still very much in use, over the last year or so other, newer methods have also increased in popularity. One such method – which is quickly becoming the number one headache for security teams and business leaders – is Ransomware-as-a-Service (RaaS).

A new era in ransomware

RaaS is changing the game. A subscription-based model that enables users to use pre-developed ransomware tools to execute attacks, RaaS gives everyone the power to become a hacker. There’s no technical knowledge required; all individuals need to do is sign up for the service.

RaaS platforms are closely modelled after legitimate SaaS products. They include support, community forums, documentation, updates, and more. Some even offer supporting marketing literature and user testimonials. Users can choose to sign up for a one-time fee or for a monthly subscription. There are also special features which you can pay for, such as a status update of active ransom infections, the number of files encrypted, and payment information.

Although deploying this new type of ransomware requires no specific skills, it still enables threat actors to develop highly targeted attacks on large organisations, where they can ask for large ransoms. In these highly targeted cases, threat actors use carefully researched social-engineering tactics, such as well-crafted emails to entice targets to click dangerous URLs or open malicious attachments. In other cases, threat actors may target a vulnerability that is particular to or commonly used by their target victim group.

It’s no surprise that RaaS is becoming so popular. In fact, research discovered that almost two-thirds of ransomware attacks in 2020 used RaaS tools. It has also been behind some of the most notorious attacks this year, including those on the Colonial Pipeline and JBS. The size and sophistication of these attacks should concern all cybersecurity professionals, and their successes highlight how the RaaS market is only likely to grow moving forward.

Future proofing with DNS

When it comes to ransomware, failing to prepare really is preparing to fail. More often than not, attacks are successful when victims do not have an effective strategy in place. Therefore, businesses need to expect attempted ransomware attacks and prepare accordingly.

Getting detection and prevention right can help businesses to gain the upper hand. This is where Domain Name System (DNS) tracking comes in. DNS is a core network service, which means that it touches every device that connects to a company’s network and the wider internet. What’s more, some 90% of malware, including ransomware, touches DNS when entering and exiting the networking, making it a powerful tool in the cyberdefense toolkit. When applied to security, DNS can help protect against ransomware attacks by detecting and blocking communication with known C&C servers that distribute malware, helping to stop an attack before it even starts.

To take DNS-based security to the next level, businesses can merge DNS with DHCP (Dynamic Host Configuration Protocol), and IPAM (IP Address Management). This combination of modern technologies – known as DDI – can pinpoint threats at the earliest stages, and paired with DNS security, can identify compromised machines and correlate disparate events related to the same device.

With RaaS becoming so established, organisations battling against ransomware need to level up. As with most complex issues, there’s no silver bullet for cybersecurity. However, by focusing on detection and prevention and using core infrastructure like DDI, security teams can get the upper hand.

Cybersecurity in 2022: A view from the experts

 1024 682 Stuart O'Brien
By:
0
0

There is no doubt that this year has been a year of disruption, change and opportunity within the cybersecurity industry. With 2022 on the horizon, find out what the experts have to say about the top trends impacting the industry now and what to look out for in the future…

Carlos Morales, VP Solutions, Neustar Security Solutions:

“Cybercrime has become a lucrative and mature market. We have witnessed the proliferation of extortion tactics and the huge disruption they can cause to both public and private interests. Meanwhile, criminal groups have openly collaborated with peers – aligning their strategies, picking targets, and agreeing on safe-havens. This sophistication, combined with a booming market, means that what were once individual criminal ‘groups’ and malicious actors are now fully-fledged criminal enterprises, providing as-a-service offerings and malware licenses to established customer bases and target markets.

“As a result, we will see stronger strains of existing well-known malware and refined attack strategies emerge, while targets become ever more ambitious. What’s (or rather, who’s) next? Public infrastructure and large, private businesses that provide vital services (like cloud providers or data centres) will likely remain at the top of the target list – with the risk of the potential knock-on effects making paying-up an enticing offer. Organisations really need to implement an ‘always on’ approach to network security to ensure fast and automated responses to attacks and they need to partner with security providers that continually evolve their defence capabilities.  These new best practices offer far, far more cost-effective in the long run and provide peace of mind for organisations.”

Jim Hietala, Vice President of Business Development and Security, The Open Group

“2021 saw the emergence of Zero Trust security architecture as the forward-looking security architecture, and as a consequence, we also saw vendors using and abusing Zero Trust in their messaging. In 2022, we expect to see Zero Trust move from concept to practical implementation, with the availability of more vendor-neutral industry standards and best practices, including reference models and architectures that will help end users to build viable, multi-vendor security architectures based on Zero Trust principles. Open standards will be key to this development.”

Stephan Jou, CTO Security Analytics, Interset at CyberRes, a Micro Focus Line of Business

“All indications are that AI technologies will be increasingly prevalent in cybersecurity. This includes everything from the increasing adoption of technologies like UEBA by enterprises, surveys that show investment in AI by SOC teams, and the adoption of ML and other AI methods by SIEM, IAM and other systems.

“However, the types of AI that will be adopted in 2022 will be focused on specific, battle-tested techniques such as statistical learning, anomaly detection, and (in a more limited capacity) NLP. Certain areas of AI research, such as large language models (like GPT-3), will not be heavily adopted in 2022 for cybersecurity. This is because there is not yet a good use case match within cybersecurity for those technologies, and also because the computationally expensive and non-transparent nature of these approaches do not lend themselves well to the SOC needs at present.”

Kai Waehner, Field CTO and Global Technology Advisor, Confluent

“Cyber threats are not new. However, our more and more connected world increases the risks. Successful ransomware attacks across the globe enforce enterprises to take action by implementing situational awareness and threat intelligence in real-time at scale to act proactively against cyberattacks.”

Fabien Rech, EMEA Vice President, McAfee Enterprise

“Our reliance on API-based services is rising, as they quickly become the foundations of most modern applications. This is only set to rise further in 2022, as global use of the internet, 5G, and connected devices continues to boom – this year alone, we saw a 57% increase in online activity.

“Often business-critical data and capabilities lie behind these APIs, and cybercriminals have been quick to take note of this and exploit the increase in API usage. However, attacks targeting APIs go undetected in many cases, as they are generally considered trusted paths and lack the same level of governance and security controls.

“It’s therefore critical that enterprises make API security a priority next year. Organisations must ensure they have visibility of all application usage across their systems, with the ability to look at consumed APIs. Adopting a Zero Trust mindset will support this. It allows enterprises to maintain control over access to the network and all its instances, including applications and APIs, and restrict them if necessary.

“Shoring up on API security is particularly crucial amidst the current supply chain crisis, as APIs are often used as an entry vector for wider supply chain attacks due to their interconnected nature. Next year, supply chains will continue to be a prime target for hackers, and so enterprises should look one step ahead and use threat intelligence solutions to predict and prevent API attacks before they take place.”

Rory Duncan, Security Go To Market Leader UK at NTT

“This year, as we’ve started to recover from the pandemic, demonstrating effective cyber-resilience has become more crucial than ever. This will continue to be a priority for organisations as we move into 2022, as the shift towards permanent hybrid working models for many enterprises will put continued pressure on their ability to detect threats. It’s essential that businesses leaders prioritise security, especially as the trusted perimeter expands to encompass remote users.

“As businesses consider their 2022 hybrid workplace strategies, they need to revisit and re-evaluate security from the ground up and assess where they may have unwittingly created gaps in their security armour. 80.7% of IT leaders have said it’s more difficult to spot IT security or business risk when employees are working remotely, so ensuring visibility by developing a multi-pronged approach to re-imagining enterprise security will be fundamental in 2022.

“The ability to respond quickly and effectively across the distributed IT environment will be paramount next year. The number of cyber-attacks in the headlines is only rising and it’s no longer a case of “if” but “when” an attack will occur. Ultimately, your business will be more exposed if it doesn’t have the right security measures and response capability in place.”

Pritesh Parekh, VP of Engineering and Chief Trust & Security Officer at Delphix

“With intense scrutiny on how businesses prepare for and respond to breaches next year, it’s clear that security and compliance concerns will be the key determinant for any interactions with third parties – whether customers, partners, or vendors. Following the pandemic, digital guides every third party interaction – potentially exposing data as soon it moves outside of the business’s digital walls. Endpoints have become beyond critical when it comes to securing data, but you can’t always control your endpoints if they exist within another organization, right? The answer is, you must, meaning that technology vendors who don’t rise to the occasion and implement the same standards as their enterprise customers will lose business, big time.”

Keith Glancey, Director of Technology Western Europe, Infoblox

“Cybercrime is getting organised. Gone are the days of lone hackers operating from back bedrooms. Cybercriminals are banding together to form businesses, using the dark web to recruit new “talent” and advertise “jobs” they’re looking to fulfil. With bigger businesses behind attacks, the stakes are significantly higher for organisations under fire. It’s not just businesses, either – we’re seeing an increasing number of nation state-led attacks from major players like Russia, China and the US. Their target? Personal data.”

“This systematic approach to cybercrime is a continuation of a broader trend towards “as-a-service” business models. Cybercrime-as-a-Service (CaaS) brings together malware developers, hackers, and other threat actors selling out or loaning their hacking tools and services to people on the dark web. Ultimately, CaaS makes these tools and services accessible to anyone who wants to launch a cyberattack, even those without the technical knowledge to do so.”

World Password Day: Security advice from McAfee, Nuance and more…

 960 640 Stuart O'Brien
By:
0
10

Thursday (May 6th) marks the annual World Password Day – an awareness event designed to promote better password habits. This year, with so many of us working from home and cybersecurity stretched to the limit, safe and secure passwords are more important than ever before. With that in mind, we spoke to several experts to find out how consumers and businesses alike can ensure that their passwords stand up in today’s climate. Here’s what they had to say:

Brett Beranek, Vice-President & General Manager, Security & Biometrics Line of Business, Nuance

“World Password Day represents a reminder that PINs and passwords are an archaic tool, no longer fit for purpose. Passwords are being sold on the dark web, exploited for fraudulent activity and have even cost unfortunate individuals vast sums of money in terms of forgotten passwords to safeguard cryptocurrencies. 

“Indeed, new UK research from Nuance has found that over one in five (22%) consumers have admitted to relying on the same two or three different passwords or similar variations of them. A similar number (20%) say they receive notifications their passwords have been compromised on at least a monthly basis. This could leave those individuals at an increased risk of fraud, and it is the enterprises that must take responsibility to address this by strengthening their customers’ security with more modern solutions. 

“Given the same poll has found that on average victims of fraud lost over £3,200 each in the last 12 months – three times higher than two years ago – it is high time PINs and passwords are confined to the history books, so that technology – such as biometrics – can be more widely deployed in order to robustly safeguard customers.  Biometrics authenticates individuals immediately based on their unique characteristics – taking away the need to remember PINs, passwords and other knowledge-based credentials prone to being exploited by fraudsters and providing peace of mind, as well as security, for end-users.”

Raj Samani, Chief Scientist and McAfee Fellow:   

“When it comes to online safety, password hygiene has never been more relevant. Over the past year alone, we’ve seen a massive surge in online activity, with the pandemic leaving many Brits reliant on conducting daily activities such as shopping and banking online.  

“Passwords are of course a key part of our digital lives, enabling people to gain quick access to a variety of online platforms, accounts and devices.  However, it can be easy to take them for granted and forget the basics of password hygiene during our busy lives, particularly now as we have so many accounts to keep on top in order to get on with our day-to-day activities. 

“Passwords which include personal information, such as your name, or pet’s name, make them easier to guess. This is especially true when we share a lot of personal information online, making it easier for online criminals to make guesses about your password. You should also never share a password, even with a close relative. While this may seem harmless, sharing these details could result in critical personal information falling into the wrong hands. In fact, McAfee recommends changing your passwords about every three months at a minimum. This is so that if a password has been shared or compromised, the safety of your online information has a higher chance of being kept safe by making this change. 

“World Password Day is an excellent time to highlight the importance of password safety to consumers. But it is just as important to ensure password hygiene remains top of mind at all times and not just for one day.”

Krupa Srivatsan, Director of Product Marketing at Infoblox

“The average person manages anywhere between 60 and 90 password-protected accounts–a number that goes up for IT professionals. In an ideal world, each password would be a unique set of randomly generated characters and numbers. But that doesn’t really happen. 

“Weak passwords represent a cybersecurity threat for organizations already struggling with security compliance during remote work and the blurring of personal and professional spaces. In fact, more than 80% of data breaches involved brute force or stolen credentials. 

“Organisations need to take a few extra steps to ensure that they don’t compromise on security while their employees are working at home. Improved last-mile endpoint security solutions paired with password best practices can help improve network security.

“For example, Organisations can leverage the benefits of a DNS-first approach for a wide variety of detection and protection purposes, both on and off-premises. Because it sits at the core of the network and touches every device that connects to it, DNS is a powerful tool that can be used to catch the more than 90% of malware that uses it to enter or exit a network.”

John Smith, Solutions Architect at Veracode

“As businesses continue to operate remotely, and companies deploy their infrastructure into online environments, it’s clear that password hygiene should be a big focus. Hackers have the ability to crack a 7-character password in 0.29 milliseconds, which is why it’s time to focus on application authentication. A simple static password will not suffice, and companies should avoid using predictable passwords to avoid damaging password spraying attacks. Passwords should always be unique, not recycled, and stored in a secure password safe. 

“Although businesses are conscious of the role that software security plays in keeping data protected, banks and other industries need to take more ownership of application authentication to help detect fraudulent account access. This World Password Day, I urge businesses to empower developers by training them on best practices in secure coding and providing the right tools to prevent users being more exposed to data breaches from hackers who will continue to look past passwords for weak points in the application layer.“

Ramsés Gallego, International Chief Technology Officer, CyberRes, a Micro Focus line of business: 

“As digital-first approaches and distributed workforces become the status quo for many industries, raising awareness around the importance of password security has arguably never been more important. And with recent NCSC research finding that people are using passwords which are an easy target for hackers, it’s clear more needs to be done by businesses to provide the technology and training to ensure better cyber-resiliency across the board.

“It is imperative that we secure systems and infrastructure to ensure that the right people have the right access to the right assets at the right time. No more, no less. Importantly, we now live in an era where we do not need passwords alone – or sometimes at all – to enable trusted access. Multi-factor authentication is a useful tool, using more personal attributes, such as biometric data in someone’s voice, or devices, such as a code sent to an individual’s watch, to replace or augment passwords.

“Yet despite these advances, there is no doubt that, for now, passwords aren’t going anywhere anytime soon. What’s more, boosting password security – and cyber-resiliency more widely – cannot be achieved by technology alone. Businesses must ensure they are educating their employees on best practice cybersecurity hygiene, beginning with how to create strong passwords and the importance of using different ones for different applications and services. Not only that, they must make sure workforces understand the various tactics used by hackers to target unsuspecting users, from phishing to fake websites. Crucially, increasing awareness among staff on how they could potentially be putting their organisation’s data at risk is key, especially as workforces continue to access systems remotely during and after the pandemic.”

The cloud security challenge every CISO must overcome

 960 640 Guest Post
By:
0
0

By Keith Glancey, Systems Engineering Manager at Infoblox 

Cloud adoption has never been higher. Whether it’s public, private, multi- or even hybrid-cloud environments, organisations of all sizes, across all sectors are benefiting from the enhanced flexibility, reduced cost and greater stability that cloud can bring. 

However, whilst cloud can be an enabler in many areas, it can also cause complications for both security and compliance. In fact, recent research revealed that over half of UK businesses cite security concerns as the biggest barrier to public cloud adoption. To add to this, over a third of business leaders (35%) who have adopted cloud aren’t completely confident that it is secure. 

Cloud environments present some unique security challenges. One such challenge is achieving visibility across an entire organisation. When a business uses multiple providers – and stores data in different locations across on-premise and cloud environments – total visibility can become almost impossible to achieve. But, without it, businesses leave themselves vulnerable to attack. For the modern CISO, visibility has become a huge headache in recent years. 

Ensuring everyone is on the same page 

The average CISO will probably have a snapshot view of the ‘bigger picture’ in terms of the security of their cloud providers. However, when it comes to the day-to-day details – such as relatively minor changes to the identities of and contracts with external partners, for example – it can be very difficult to keep track. Add to this that many organisations will have multiple cloud systems running side by side, as well as on-premise infrastructure that is typically full of legacy applications, and it’s easy to see how certain information can get lost in the ether. 

Although most cloud providers have security measures in place that are more than adequate, there is a tendency for them to focus on their own platform. This method totally ignores the user’s unique ecosystem. This one-size-fits-all security method does not always work to the advantage of an individual organisation, which is why it’s important for CISOs to remain in the driver’s seat. 

CISOs looking to increase visibility could start with an analysis of their key partners. This can help them to determine the best course of action on a case-by-case basis. For example, when a business relies on external server services, it can be difficult for the network team to obtain a 360-degree view across the entire critical infrastructure. This can lead to certain oversights and a lack of understanding in terms of the overall network security posture, especially when you throw IoT devices into the mix. In this case, instead of monitoring all used platforms separately, it is more effective to add a layer to the network that provides centralised insight into the entire ecosystem.  

This is where modern technologies – such as cloud DDI (DNS, DHCP, and IPAM) – come in. By giving CISOs and network teams the ability to automate and consolidate critical aspects of cloud network management, respond quickly to business needs and integrate cloud service platforms across a business, DDI augments visibility into network activities and increases control. It grants visibility into networking activities, no matter where devices might be connected from – including remote locations. 90% of malware touches DNS – the first D in DDI – when entering or leaving the network, making DNS a critical detection tool that, when connected to the security stack, can enable stronger threat remediation. Ultimately, DDI enables the network team to quickly detect and fix any vulnerabilities, no matter where they originate. 

Solving compliance complexity 

Navigating a myriad of different cloud providers also makes compliance more difficult than it should be. Suppose a business is legally obliged to store data on European servers – what happens if a supplier has this order, but its partners don’t follow the same policy? The same applies to subpoenas; a third party abroad could simply reveal sensitive data, even if this is in violation of European law. 

When it comes to compliance, it’s not enough to simply rely upon a supplier’s word. In order to avoid potentially the devastating fines and reputational damage associated with failure to comply, CISOs need to enforce a certain level of visibility across all third parties and ensure that everyone is following the same rules. 

CISOs can take some simple steps to monitor the situation and ensure compliance in the cloud. For example, when it comes to meeting guidelines such as the EU’s Security of Networks & Information Systems (NIS) – which is intended to establish a common level of security for network and information systems – adding a layer to an organisation’s infrastructure can help to boost visibility and reduce complexity. This can also help to automate processes that enable a network team to make their entire security stack work together and thus better anticipate vulnerabilities. 

As cloud becomes an increasingly important part of IT infrastructure, CISOs will continue to face many different security and compliance challenges. In order to get ahead and keep both employees and customers safe, they will need to focus on establishing total visibility across the network of providers and partners. Only then will CISOs be able to take back control and the wider business reap the rewards associated with cloud adoption.