infoblox Archives - Security IT Summit | Forum Events Ltd
  • Covid-19 – click here for the latest updates from Forum Events & Media Group Ltd

Security IT Summit Security IT Summit Security IT Summit Security IT Summit Security IT Summit

Posts Tagged :

infoblox

World Password Day: Security advice from McAfee, Nuance and more…

960 640 Stuart O'Brien

Thursday (May 6th) marks the annual World Password Day – an awareness event designed to promote better password habits. This year, with so many of us working from home and cybersecurity stretched to the limit, safe and secure passwords are more important than ever before. With that in mind, we spoke to several experts to find out how consumers and businesses alike can ensure that their passwords stand up in today’s climate. Here’s what they had to say:

Brett Beranek, Vice-President & General Manager, Security & Biometrics Line of Business, Nuance

“World Password Day represents a reminder that PINs and passwords are an archaic tool, no longer fit for purpose. Passwords are being sold on the dark web, exploited for fraudulent activity and have even cost unfortunate individuals vast sums of money in terms of forgotten passwords to safeguard cryptocurrencies. 

“Indeed, new UK research from Nuance has found that over one in five (22%) consumers have admitted to relying on the same two or three different passwords or similar variations of them. A similar number (20%) say they receive notifications their passwords have been compromised on at least a monthly basis. This could leave those individuals at an increased risk of fraud, and it is the enterprises that must take responsibility to address this by strengthening their customers’ security with more modern solutions. 

“Given the same poll has found that on average victims of fraud lost over £3,200 each in the last 12 months – three times higher than two years ago – it is high time PINs and passwords are confined to the history books, so that technology – such as biometrics – can be more widely deployed in order to robustly safeguard customers.  Biometrics authenticates individuals immediately based on their unique characteristics – taking away the need to remember PINs, passwords and other knowledge-based credentials prone to being exploited by fraudsters and providing peace of mind, as well as security, for end-users.”

Raj Samani, Chief Scientist and McAfee Fellow:   

“When it comes to online safety, password hygiene has never been more relevant. Over the past year alone, we’ve seen a massive surge in online activity, with the pandemic leaving many Brits reliant on conducting daily activities such as shopping and banking online.  

“Passwords are of course a key part of our digital lives, enabling people to gain quick access to a variety of online platforms, accounts and devices.  However, it can be easy to take them for granted and forget the basics of password hygiene during our busy lives, particularly now as we have so many accounts to keep on top in order to get on with our day-to-day activities. 

“Passwords which include personal information, such as your name, or pet’s name, make them easier to guess. This is especially true when we share a lot of personal information online, making it easier for online criminals to make guesses about your password. You should also never share a password, even with a close relative. While this may seem harmless, sharing these details could result in critical personal information falling into the wrong hands. In fact, McAfee recommends changing your passwords about every three months at a minimum. This is so that if a password has been shared or compromised, the safety of your online information has a higher chance of being kept safe by making this change. 

“World Password Day is an excellent time to highlight the importance of password safety to consumers. But it is just as important to ensure password hygiene remains top of mind at all times and not just for one day.”

Krupa Srivatsan, Director of Product Marketing at Infoblox

“The average person manages anywhere between 60 and 90 password-protected accounts–a number that goes up for IT professionals. In an ideal world, each password would be a unique set of randomly generated characters and numbers. But that doesn’t really happen. 

“Weak passwords represent a cybersecurity threat for organizations already struggling with security compliance during remote work and the blurring of personal and professional spaces. In fact, more than 80% of data breaches involved brute force or stolen credentials. 

“Organisations need to take a few extra steps to ensure that they don’t compromise on security while their employees are working at home. Improved last-mile endpoint security solutions paired with password best practices can help improve network security.

“For example, Organisations can leverage the benefits of a DNS-first approach for a wide variety of detection and protection purposes, both on and off-premises. Because it sits at the core of the network and touches every device that connects to it, DNS is a powerful tool that can be used to catch the more than 90% of malware that uses it to enter or exit a network.”

John Smith, Solutions Architect at Veracode

“As businesses continue to operate remotely, and companies deploy their infrastructure into online environments, it’s clear that password hygiene should be a big focus. Hackers have the ability to crack a 7-character password in 0.29 milliseconds, which is why it’s time to focus on application authentication. A simple static password will not suffice, and companies should avoid using predictable passwords to avoid damaging password spraying attacks. Passwords should always be unique, not recycled, and stored in a secure password safe. 

“Although businesses are conscious of the role that software security plays in keeping data protected, banks and other industries need to take more ownership of application authentication to help detect fraudulent account access. This World Password Day, I urge businesses to empower developers by training them on best practices in secure coding and providing the right tools to prevent users being more exposed to data breaches from hackers who will continue to look past passwords for weak points in the application layer.“

Ramsés Gallego, International Chief Technology Officer, CyberRes, a Micro Focus line of business: 

“As digital-first approaches and distributed workforces become the status quo for many industries, raising awareness around the importance of password security has arguably never been more important. And with recent NCSC research finding that people are using passwords which are an easy target for hackers, it’s clear more needs to be done by businesses to provide the technology and training to ensure better cyber-resiliency across the board.

“It is imperative that we secure systems and infrastructure to ensure that the right people have the right access to the right assets at the right time. No more, no less. Importantly, we now live in an era where we do not need passwords alone – or sometimes at all – to enable trusted access. Multi-factor authentication is a useful tool, using more personal attributes, such as biometric data in someone’s voice, or devices, such as a code sent to an individual’s watch, to replace or augment passwords.

“Yet despite these advances, there is no doubt that, for now, passwords aren’t going anywhere anytime soon. What’s more, boosting password security – and cyber-resiliency more widely – cannot be achieved by technology alone. Businesses must ensure they are educating their employees on best practice cybersecurity hygiene, beginning with how to create strong passwords and the importance of using different ones for different applications and services. Not only that, they must make sure workforces understand the various tactics used by hackers to target unsuspecting users, from phishing to fake websites. Crucially, increasing awareness among staff on how they could potentially be putting their organisation’s data at risk is key, especially as workforces continue to access systems remotely during and after the pandemic.”

The cloud security challenge every CISO must overcome

960 640 Guest Post

By Keith Glancey, Systems Engineering Manager at Infoblox 

Cloud adoption has never been higher. Whether it’s public, private, multi- or even hybrid-cloud environments, organisations of all sizes, across all sectors are benefiting from the enhanced flexibility, reduced cost and greater stability that cloud can bring. 

However, whilst cloud can be an enabler in many areas, it can also cause complications for both security and compliance. In fact, recent research revealed that over half of UK businesses cite security concerns as the biggest barrier to public cloud adoption. To add to this, over a third of business leaders (35%) who have adopted cloud aren’t completely confident that it is secure. 

Cloud environments present some unique security challenges. One such challenge is achieving visibility across an entire organisation. When a business uses multiple providers – and stores data in different locations across on-premise and cloud environments – total visibility can become almost impossible to achieve. But, without it, businesses leave themselves vulnerable to attack. For the modern CISO, visibility has become a huge headache in recent years. 

Ensuring everyone is on the same page 

The average CISO will probably have a snapshot view of the ‘bigger picture’ in terms of the security of their cloud providers. However, when it comes to the day-to-day details – such as relatively minor changes to the identities of and contracts with external partners, for example – it can be very difficult to keep track. Add to this that many organisations will have multiple cloud systems running side by side, as well as on-premise infrastructure that is typically full of legacy applications, and it’s easy to see how certain information can get lost in the ether. 

Although most cloud providers have security measures in place that are more than adequate, there is a tendency for them to focus on their own platform. This method totally ignores the user’s unique ecosystem. This one-size-fits-all security method does not always work to the advantage of an individual organisation, which is why it’s important for CISOs to remain in the driver’s seat. 

CISOs looking to increase visibility could start with an analysis of their key partners. This can help them to determine the best course of action on a case-by-case basis. For example, when a business relies on external server services, it can be difficult for the network team to obtain a 360-degree view across the entire critical infrastructure. This can lead to certain oversights and a lack of understanding in terms of the overall network security posture, especially when you throw IoT devices into the mix. In this case, instead of monitoring all used platforms separately, it is more effective to add a layer to the network that provides centralised insight into the entire ecosystem.  

This is where modern technologies – such as cloud DDI (DNS, DHCP, and IPAM) – come in. By giving CISOs and network teams the ability to automate and consolidate critical aspects of cloud network management, respond quickly to business needs and integrate cloud service platforms across a business, DDI augments visibility into network activities and increases control. It grants visibility into networking activities, no matter where devices might be connected from – including remote locations. 90% of malware touches DNS – the first D in DDI – when entering or leaving the network, making DNS a critical detection tool that, when connected to the security stack, can enable stronger threat remediation. Ultimately, DDI enables the network team to quickly detect and fix any vulnerabilities, no matter where they originate. 

Solving compliance complexity 

Navigating a myriad of different cloud providers also makes compliance more difficult than it should be. Suppose a business is legally obliged to store data on European servers – what happens if a supplier has this order, but its partners don’t follow the same policy? The same applies to subpoenas; a third party abroad could simply reveal sensitive data, even if this is in violation of European law. 

When it comes to compliance, it’s not enough to simply rely upon a supplier’s word. In order to avoid potentially the devastating fines and reputational damage associated with failure to comply, CISOs need to enforce a certain level of visibility across all third parties and ensure that everyone is following the same rules. 

CISOs can take some simple steps to monitor the situation and ensure compliance in the cloud. For example, when it comes to meeting guidelines such as the EU’s Security of Networks & Information Systems (NIS) – which is intended to establish a common level of security for network and information systems – adding a layer to an organisation’s infrastructure can help to boost visibility and reduce complexity. This can also help to automate processes that enable a network team to make their entire security stack work together and thus better anticipate vulnerabilities. 

As cloud becomes an increasingly important part of IT infrastructure, CISOs will continue to face many different security and compliance challenges. In order to get ahead and keep both employees and customers safe, they will need to focus on establishing total visibility across the network of providers and partners. Only then will CISOs be able to take back control and the wider business reap the rewards associated with cloud adoption.