Cyber Defense eMagazine January 2020 Edition
Cyber Defense eMagazine January Edition for 2020 #CDM #CYBERDEFENSEMAG @CyberDefenseMag by @Miliefsky a world-renowned cyber security expert and the Publisher of Cyber Defense Magazine as part of the Cyber Defense Media Group as well as Yan Ross, US Editor-in-Chief, Pieruligi Paganini, Co-founder & International Editor-in-Chief, Stevin Miliefsky, President and many more writers, partners and supporters who make this an awesome publication! Thank you all and to our readers! OSINT ROCKS! #CDM #CDMG #OSINT #CYBERSECURITY #INFOSEC #BEST #PRACTICES #TIPS #TECHNIQUES Cyber Defense eMagazine January Edition for 2020 #CDM #CYBERDEFENSEMAG @CyberDefenseMag by @Miliefsky a world-renowned cyber security expert and the Publisher of Cyber Defense Magazine as part of the Cyber Defense Media Group as well as Yan Ross, US Editor-in-Chief, Pieruligi Paganini, Co-founder & International Editor-in-Chief, Stevin Miliefsky, President and many more writers, partners and supporters who make this an awesome publication! Thank you all and to our readers! OSINT ROCKS! #CDM #CDMG #OSINT #CYBERSECURITY #INFOSEC #BEST #PRACTICES #TIPS #TECHNIQUES
1 Best Practices for Building A Comprehensive Cyber Risk Management Program The Dark Truth of Insider Threat What’s the Security Misconfiguration Antidote? Automation. The Ultimate Guide to SSL/TLS Decryption Getting PKI Right How to build a career in Cyber Security …and much more… 1
- Page 2 and 3: 2 2
- Page 4 and 5: 4 @MILIEFSKY From the Publisher…
- Page 6 and 7: 6 Welcome to This Very Special Janu
- Page 8 and 9: 8 8
- Page 10 and 11: 10 10
- Page 12 and 13: 12 12
- Page 14 and 15: 14 14
- Page 16 and 17: 16 16
- Page 18 and 19: 18 18
- Page 20 and 21: 20 Best Practices for Building A Co
- Page 22 and 23: 22 knowledge and insights in the fo
- Page 24 and 25: 24 The Dark Truth of Insider Threat
- Page 26 and 27: 26 As such, process control is also
- Page 28 and 29: 28 Just a few months ago, Imperva a
- Page 30 and 31: 30 How To Mitigate The Risks Of Rem
- Page 32 and 33: 32 policies. This includes stipulat
- Page 34 and 35: 34 How do hackers pull this off? We
- Page 36 and 37: 36 8 Common Types of Small Business
- Page 38 and 39: 38 · Password attacks - In this si
- Page 40 and 41: 40 The Ultimate Guide to SSL/TLS De
- Page 42 and 43: 42 SSL traffic is growing, and it w
- Page 44 and 45: 44 Your SSL/TLS inspection platform
- Page 46 and 47: 46 Encryption Is Key to Guarantee D
- Page 48 and 49: 48 protected from third-parties. Im
- Page 50 and 51: 50 The Europe cybersecurity market
1<br />
Best Practices for Building A<br />
Comprehensive <strong>Cyber</strong> Risk<br />
Management Program<br />
The Dark Truth of Insider Threat<br />
What’s the Security Misconfiguration<br />
Antidote? Automation.<br />
The Ultimate Guide to SSL/TLS<br />
Decryption<br />
Getting PKI Right<br />
How to build a career in <strong>Cyber</strong> Security<br />
…and much more…<br />
1
2<br />
2
3<br />
CONTENTS<br />
Welcome to This Very Special <strong>January</strong> <strong>2020</strong> <strong>Edition</strong> ........................................................................................ 6<br />
Best Practices for Building A Comprehensive <strong>Cyber</strong> Risk Management Program ............................................ 20<br />
The Dark Truth of Insider Threat ................................................................................................................... 24<br />
What’s the Security Misconfiguration Antidote? Automation. ....................................................................... 27<br />
How To Mitigate The Risks Of Remote Desktop Protocol ............................................................................... 30<br />
How to Know If Someone Is Watching You on Your Camera .......................................................................... 33<br />
8 Common Types of Small Business <strong>Cyber</strong> Attacks ........................................................................................ 36<br />
The Ultimate Guide to SSL/TLS Decryption ...................................................................................................... 40<br />
Encryption Is Key to Guarantee Data Is Anonymous ...................................................................................... 46<br />
Europe <strong>Cyber</strong>security Market Size to Steer At 13% CAGR To 2025 ................................................................. 49<br />
Iot Security and Privacy ................................................................................................................................ 53<br />
Getting PKI Right .......................................................................................................................................... 56<br />
Seven Security Predictions For <strong>2020</strong> ............................................................................................................. 59<br />
How To Build A Career In <strong>Cyber</strong> Security ....................................................................................................... 64<br />
Fraud: A Look Back At 2019 And What to Expect in The New Year ................................................................. 67<br />
Anomaly Detection Is the Next <strong>Cyber</strong>security Paradigm ................................................................................ 70<br />
More Spending Won’t Solve Your Hardest IT Challenges In <strong>2020</strong> And Beyond. Here’s What Will. ................... 74<br />
The Decade Ahead for <strong>Cyber</strong>security ............................................................................................................ 77<br />
Moving Network Security to The Cloud ......................................................................................................... 80<br />
3
4<br />
@MILIEFSKY<br />
From the<br />
Publisher…<br />
New <strong>Cyber</strong><strong>Defense</strong>Magazine.com website, plus updates at <strong>Cyber</strong><strong>Defense</strong>TV.com & <strong>Cyber</strong><strong>Defense</strong>Radio.com<br />
Dear Friends,<br />
It’s now <strong>2020</strong>. Do you have <strong>2020</strong> vision on the threats, vulnerabilities and assets on<br />
your network as we ring in a new year? Do you know what an OODA Loop is? Have<br />
you been to FairInstitute.org? Are you turning up your human firewall using<br />
companies like www.knowbe4.com one of our black unicorn award winners among<br />
nine other amazing players, found here:<br />
https://cyberdefensemagazine.tradepub.com/free/w_cyba53/? Are you<br />
leveraging time-based security and new deception technologies like those from<br />
www.attivonetworks.com to slow down the breach or totally mitigate it, leaving<br />
the bad guys in a sweet or salty trap? If not, now is the time. It’s also nearly the time where more than a dozen of our team<br />
members head to the biggest infosec show on earth coming to us in late February – it’s the RSA Conference <strong>2020</strong>, held once<br />
again in San Francisco, CA, USA and found online at https://www.rsaconference.com.<br />
Our 8 th annual InfoSec Awards for <strong>2020</strong> are closing in less than a month and a few days and we hope to find more winners<br />
this year who are market leaders, innovators and those offering some of the best solutions for cyber security in the global<br />
marketplace. For those women who did not make our Top 25 Women in <strong>Cyber</strong>security for last year or missed out on the<br />
deadline, we have added Women in <strong>Cyber</strong>security as a new category this year and you can even ask our judges if they will<br />
create a new category for your unique product or service. If you’re an infosec innovator, please consider applying at:<br />
https://www.cyberdefenseawards.com/ We offer our own statistics that you are free to reuse anytime, from this page:<br />
http://www.cyberdefensemagazine.com/quotables/. We have many new interviews going live on<br />
https://www.cyberdefensetv.com and https://www.cyberdefenseradio.com this month, so please check them out and share<br />
links to them with your friends and co-workers.<br />
With over 5m views on <strong>Cyber</strong> <strong>Defense</strong> Magazine just for the month of December, we expect big improvements and changes<br />
to how we handle growth, respond to customer and partner needs as we all work together to continue to learn new and<br />
better ways to get one step ahead of the next threat!<br />
Warmest regards,<br />
Gary S. Miliefsky<br />
Gary S.Miliefsky, CISSP®, fmDHS<br />
CEO, <strong>Cyber</strong> <strong>Defense</strong> Media Group<br />
Publisher, <strong>Cyber</strong> <strong>Defense</strong> Magazine<br />
P.S. When you share a story or an article or information about CDM, please use #CDM and @<strong>Cyber</strong><strong>Defense</strong>Mag<br />
and @Miliefsky – it helps spread the word about our free resources even more quickly.<br />
4
@CYBERDEFENSEMAG<br />
CYBER DEFENSE eMAGAZINE<br />
Published monthly by the team at <strong>Cyber</strong> <strong>Defense</strong> Media Group and<br />
distributed electronically via opt-in Email, HTML, PDF and Online<br />
Flipbook formats.<br />
5<br />
InfoSec Knowledge is Power. We will<br />
always strive to provide the latest, most<br />
up to date FREE InfoSec information.<br />
From the International<br />
Editor-in-Chief…<br />
It’s <strong>2020</strong> and the threat matrix continues to evolve. We’re<br />
finding the US and global media outlets are enjoying Deep<br />
Fake as much as they enjoy emoji keyboard software for their<br />
mobile phones, downloaded with keylogger technology<br />
planted within.<br />
If you don’t have your glasses on, you might believe this is Tom<br />
Cruise running for President of the USA in <strong>2020</strong>, for a small<br />
example: https://www.youtube.com/watch?v=5Btb8gLy3-E<br />
was this a mix of real ‘look alike’ and some innovative facial<br />
morphing of Deep Fake?<br />
When it comes to dealing with threats, expect these to scale<br />
this year:<br />
• Nation State <strong>Cyber</strong>espionage and <strong>Cyber</strong>warfare<br />
• Supply Chain Management Exploitation<br />
• Cloud-based Identity Attacks<br />
• New Deep Fake Spear Phishing Attacks<br />
• Mobile Devices Become the Ultimate Backdoor<br />
• IoT Devices Become New Critical Targets<br />
• Ransomware will continue to escalate<br />
….from Italy with Love, America and <strong>Cyber</strong> <strong>Defense</strong> Media<br />
Group – you complete me. Show me <strong>2020</strong>!<br />
To our faithful readers, we thank you,<br />
Pierluigi Paganini<br />
Editor-in-Chief<br />
PRESIDENT & CO-FOUNDER<br />
Stevin Miliefsky<br />
stevinv@cyberdefensemagazine.com<br />
INTERNATIONAL EDITOR-IN-CHIEF & CO-FOUNDER<br />
Pierluigi Paganini, CEH<br />
Pierluigi.paganini@cyberdefensemagazine.com<br />
US EDITOR-IN-CHIEF<br />
Yan Ross, JD<br />
Yan.Ross@cyberdefensemediagroup.com<br />
ADVERTISING<br />
Marketing Team<br />
marketing@cyberdefensemagazine.com<br />
CONTACT US:<br />
<strong>Cyber</strong> <strong>Defense</strong> Magazine<br />
Toll Free: 1-833-844-9468<br />
International: +1-603-280-4451<br />
SKYPE: cyber.defense<br />
http://www.cyberdefensemagazine.com<br />
Copyright © 2019, <strong>Cyber</strong> <strong>Defense</strong> Magazine, a division of<br />
CYBER DEFENSE MEDIA GROUP (a Steven G. Samuels LLC d/b/a)<br />
276 Fifth Avenue, Suite 704, New York, NY 10001<br />
EIN: 454-18-8465, DUNS# 078358935.<br />
All rights reserved worldwide.<br />
PUBLISHER<br />
Gary S. Miliefsky, CISSP®<br />
Learn more about our founder & publisher at:<br />
http://www.cyberdefensemagazine.com/about-our-founder/<br />
WE’RE TURNING A CORNER INTO<br />
8 YEARS OF EXCELLENCE!<br />
Providing free information, best practices, tips and<br />
techniques on cybersecurity since 2012, <strong>Cyber</strong> <strong>Defense</strong><br />
magazine is your go-to-source for Information Security.<br />
We’re a proud division of <strong>Cyber</strong> <strong>Defense</strong> Media Group:<br />
CYBERDEFENSEMEDIAGROUP.COM<br />
MAGAZINE TV RADIO AWARDS<br />
5
6<br />
Welcome to This Very Special <strong>January</strong> <strong>2020</strong> <strong>Edition</strong><br />
In my capacity as US Editor-in-Chief, I’m pleased to welcome readers of <strong>Cyber</strong> <strong>Defense</strong> Magazine to the<br />
<strong>January</strong> <strong>2020</strong> issue. Based on our current experience, some 5 Million individual online inquiries will land<br />
on our pages this month.<br />
We find ourselves at the beginning of a new decade. It’s a good time to recall how recently it seems we<br />
were entering the new century. And what was the most pressing concern at the end of 1999?<br />
Y2K! Almost no one thinks of that much anymore, but at the time, it was feared that the entire digital<br />
system on which so many functions depended might come to a crashing halt. 50 years ago, when<br />
programming dates were being assigned to many operating systems and program features, it seemed<br />
that a 2-digit year format would suffice. As we approached the time when “xx99” would turn into “xx00,”<br />
dire predictions emerged – fortunately few of which ever came to pass.<br />
If we consider for a moment the increasing speed at which cyber developments occur, and place that in<br />
the perspective of 20-year increments, we must be prepared to deal with new and growing challenges to<br />
cybersecurity.<br />
Foremost among them will likely be based on Artificial Intelligence, Machine Learning, the 5G network,<br />
and no doubt more we have not yet seen or imagined.<br />
That is the value proposition of <strong>Cyber</strong> <strong>Defense</strong> Magazine: keeping our audience informed and ahead of<br />
the curve of these very developments.<br />
Wishing you all success in your cyber security endeavors,<br />
Yan Ross<br />
US Editor-in-Chief<br />
<strong>Cyber</strong> <strong>Defense</strong> Magazine<br />
About the US Editor-in-Chief<br />
Yan Ross, J.D., is a <strong>Cyber</strong>security Journalist & US Editor-in-Chief for <strong>Cyber</strong><br />
<strong>Defense</strong> Magazine. He is an accredited author and educator and has provided<br />
editorial services for award-winning best-selling books on a variety of topics.<br />
He also serves as ICFE's Director of Special Projects, and the author of the<br />
Certified Identity Theft Risk Management Specialist ® XV CITRMS® course.<br />
As an accredited educator for over 20 years, Yan addresses risk management<br />
in the areas of identity theft, privacy, and cyber security for consumers and<br />
organizations holding sensitive personal information. You can reach him via<br />
his e-mail address at yan.ross@cyberdefensemediagroup.com<br />
6
7<br />
7
8<br />
8
9<br />
9
10<br />
10
11<br />
11
12<br />
12
13<br />
Your website could be vulnerable to outside attacks. Wouldn’t you like to know where those<br />
vulnerabilities lie? Sign up today for your free trial of WhiteHat Sentinel Dynamic and gain a deep<br />
understanding of your web application vulnerabilities, how to prioritize them, and what to do about<br />
them. With this trial you will get:<br />
An evaluation of the security of one of your organization’s websites<br />
Application security guidance from security engineers in WhiteHat’s Threat Research Center<br />
Full access to Sentinel’s web-based interface, offering the ability to review and generate reports as well<br />
as share findings with internal developers and security management<br />
A customized review and complimentary final executive and technical report<br />
Click here to sign up at this URL: https://www.whitehatsec.com/info/security-check/<br />
PLEASE NOTE: Trial participation is subject to qualification.<br />
13
14<br />
14
15<br />
15
16<br />
16
17<br />
17
18<br />
18
19<br />
19
20<br />
Best Practices for Building A Comprehensive <strong>Cyber</strong> Risk<br />
Management Program<br />
By Haythem Hammour, Product Marketing Manager, Brinqa<br />
A primary goal for most information security organizations today is the identification, prioritization and<br />
remediation of cyber risk. Businesses struggle with risk management for a variety of reasons, including<br />
disconnected teams and stakeholders, limited resources, data overload and lack of consistency.<br />
The enterprise IT infrastructure is evolving at a rapid pace. SaaS, IaaS, and cloud-native technologies<br />
have enabled businesses to embrace digital transformation, but they have also made enterprise IT<br />
environments more diverse and complex, and difficult to manage and secure. Software applications also<br />
represent an important attack surface. Most organizations’ software infrastructure comprises very diverse<br />
entities – internally developed applications, externally sourced software, desktop applications, web<br />
applications, mobile applications, open source components, SaaS, APIs and web services.<br />
The cybersecurity infrastructure to secure these elements is equally diverse. Different products may be<br />
used for testing for vulnerabilities in network, cloud, and container infrastructure. Separate, dedicated<br />
security products may be used for static application testing, dynamic or web application testing, and<br />
software composition analysis. Securing software infrastructure also requires DevSecOps, mobile<br />
security, penetration testing, and more. And, in most cases, these components and the corresponding<br />
security infrastructure are owned and managed by different teams, with little communication and<br />
collaboration.<br />
20
21<br />
A further challenge arises from the use of the cybersecurity tools themselves. They provide valuable and<br />
useful insights, but this data can easily get lost in a deluge of irrelevant information. Threat intelligence<br />
is a prime example of the need to identify and utilize relevant information while ignoring the noise. Making<br />
things more difficult is the reality that information about a particular entity may be distributed across<br />
multiple tools and locations.<br />
Organizations need to be able to connect, model and analyze relevant security, context and threat data.<br />
That’s the best way to deliver knowledge-driven insights for cyber risk prioritization, reporting and<br />
remediation. Companies need to implement a cyber risk management program that can:<br />
• Intelligently connect vulnerability, asset and threat data from all sources for complete visibility and<br />
understanding of cyber risk.<br />
• Prioritize remediation to address the most impactful, exploitable, and prevalent risks.<br />
• Eliminate the noise of false positives and irrelevant information.<br />
• Automate closed-loop remediation of risks at scale through creation, tracking and escalation of<br />
tickets.<br />
• Narrow communication gaps across teams with a common data model, nomenclature, and<br />
language.<br />
• Communicate real-time program metrics and risk indicators to all key stakeholders.<br />
Information security organizations looking to build out their own cyber risk management programs should<br />
have the following best practice recommendations at the top of their minds:<br />
Develop a comprehensive, extensible cybersecurity data ontology – Security teams must implement a<br />
cyber risk management process that is built on a comprehensive, standardized, and dynamic data<br />
ontology. Such an ontology will clearly define, delineate, and represent the common IT, security, and<br />
business components that comprise the enterprise technology infrastructure, and the relationships<br />
between them. To deliver risk insights that are relevant to a business, security teams must ensure that<br />
any unique organizational factors that have an impact on risk analysis are reflected in the cyber risk data<br />
ontology. The ontology must also be able to evolve with changes in the IT and cybersecurity landscape,<br />
without adversely impacting the risk management processes.<br />
Expand the scope of cyber risk management to include network, applications, cloud, and emerging<br />
technologies – Organizations need comprehensive coverage of risk analysis and management across<br />
the entire enterprise technology infrastructure. InfoSec organizations must implement a consistent cyber<br />
risk management strategy across critical infrastructure components using dedicated, purpose-built<br />
processes for vulnerability management, network security, application security, cloud security, and<br />
emerging technologies such as IoT.<br />
Adjust risk prioritization models as necessary – Another critical factor for success comes from being able<br />
to leverage information from disparate cybersecurity tools and stakeholders to develop and present new<br />
21
22<br />
knowledge and insights in the form of risk scores, ratings, alerts and notifications. To do so, security<br />
teams need to have complete visibility and control over the risk methodology—resulting in accurate and<br />
relevant results and a better understanding of the factors driving risk prioritization and remediation.<br />
Automate remediation management – Instead of ad hoc decisions, security teams should formulate and<br />
implement policies for risk remediation through automated ticket creation, tracking, and validation.<br />
Strong, comprehensive capabilities around consolidation, dynamic ownership and SLA assignment can<br />
significantly improve the effectiveness of the remediation process.<br />
Leverage cybersecurity process automation where possible – <strong>Cyber</strong> Risk Management involves<br />
processing and analyzing massive volumes of IT, security, and business data. This can be very time and<br />
resource intensive, and automation should be used where possible to alleviate these needs. Automated<br />
processes for risk analysis, prioritization and reporting not only make the program more efficient, but also<br />
lead to more consistent and accurate results.<br />
Develop and communicate integrated analytics – For a cyber risk management program to function<br />
effectively, it must intuitively engage and inform all the varied stakeholders across IT, security, and<br />
business at the appropriate instant in the risk lifecycle. The ability to visually communicate key risk and<br />
performance indicators through powerful metrics and reports are crucial to program success.<br />
Organizations must empower and encourage stakeholders to develop and communicate the metrics and<br />
reports that matter to them.<br />
The pace of change in enterprise IT is not letting up and cyber risk management programs must evolve<br />
and grow to keep pace. Best practices are taking shape as businesses and the public sector come to<br />
terms with the scale of the challenge. These include establishing and maintaining an extensible<br />
cybersecurity data ontology as well as process automation, integrated analytics, use of the open risk<br />
prioritization model and more. With such practices in place, the challenge of protecting complex<br />
enterprise software infrastructure becomes more manageable and dynamic.<br />
22
23<br />
About the Author<br />
Haythem Hammour Product Marketing Manager. Haythem brings<br />
education, experience, and serious credibility to his role as Product<br />
Marketing Manager at Brinqa. A customer-focused Information<br />
Security professional and <strong>Cyber</strong> Security evangelist, Haythem uses his<br />
engineering background and diverse experience to inform his work and<br />
to successfully collaborate with engineers and creative teams. He is a<br />
<strong>Cyber</strong> Security scholar, and is an official member of both the Product<br />
Marketing Alliance and the Forbes Communication Council.<br />
haythem.hammour@brinqa.com I ☎ (512) 372-1004<br />
8310 N Capital of Texas Hwy, Suite 155, Austin, TX 78731<br />
www.brinqa.com |Twitter | LinkedIn | Free! Webinars<br />
https://twitter.com/hammour_haythem<br />
23
24<br />
The Dark Truth<br />
of Insider Threat<br />
By Richard Menear, CEO, Burning Tree<br />
In any business, we inherently want to<br />
trust the people we work with. By and<br />
large, we can. However, the reality is<br />
that insiders remain one of the main<br />
threats to your organisation’s<br />
information and cyber security, and if<br />
you think your company can’t be<br />
breached — think again!<br />
Although it can sometimes be difficult to separate incidents caused by insiders from general data<br />
breaches, Verizon’s 2019 Data Breach Investigations Report found that 34% of all breaches in 2018<br />
happened as a result of insider work. The same report also found that 68% of data compromise is internal.<br />
Internal incidents can be especially tricky to detect because actors know exactly where sensitive data is<br />
stored and have a good understanding of your cyber security processes and the solutions you have<br />
implemented. As such, some breaches may go undetected for months — or even years.<br />
But with the cost of an insider attack remaining high (the average cost rose 15% from 2018 to 2019), it<br />
has never been more crucial for organisations to be aware of insider threats.<br />
Defining “insiders”<br />
We might think of “insiders” as disgruntled or malicious employees waiting to steal your corporate data<br />
and sell it on the dark web. Malicious intent from a disgruntled employee can be the worst type of insider<br />
threat — with fraudulent activity often going undetected and eroding company profitability. However, more<br />
often than not, a data leak is simply due to a mistake or unintentional misuse.<br />
According to reports, privileged IT users or admins are the most dangerous insiders. It is normal for IT<br />
operational staff to have direct administrative access to all systems. The information on these systems<br />
can be highly confidential or valuable and is often subject to strict compliance requirements such as<br />
GDPR. Plus, even if personal information is locked down at the application, IT administrators can access,<br />
copy, change or delete data — which could result in a GDPR compliance issue.<br />
24
25<br />
Focus on detection<br />
Although prevention, mitigation and response are crucial parts of security policies, when it comes to<br />
insider threats, it is essential to shift the focus to detection. This means investing in and deploying suitable<br />
solutions.<br />
The different approaches used to detect and eliminate insider threats depends on infrastructure and<br />
applications.<br />
Privileged Access Management<br />
Weak authentication or shared credentials can further extend the risk of a highly privileged account being<br />
compromised, so application access control and password rotation are vital for improved adaptive<br />
authentication.<br />
At the simplest level, insider threat detection solutions will ‘vault’ administrative passwords to protect and<br />
safeguard passwords, only releasing them as and when required.<br />
Solutions could include AD Bridging to onboard Unix servers, policy enforcement, management of<br />
workstations, password rotation and command auditing.<br />
For example, One Identity’s Privileged Access Management solutions and Quest’s audit and reporting<br />
solutions enable you to provide the full credential when necessary or limit access with granular delegation<br />
for least privileged access. Security can also be enhanced by requiring a second factor of authentication<br />
for user, administrative or superuser access.<br />
Privileged Session Management<br />
To proactively detect and limit insider threats, Privileged Session Management is also crucial. By<br />
monitoring activity, software can help to identify and alert security officers to any broken rules — allowing<br />
them to inspect and respond to suspicious activity as it happens.<br />
One Identity and Quest’s software records and logs all privileged activity — down to the keystroke, mouse<br />
movement and windows viewed — in real-time. Privileged access is then granted based on established<br />
policies with appropriate approvals. This eliminates shared credentials and assigns individual<br />
accountability, resulting in enhanced security and easier compliance.<br />
Process control is key<br />
Without adequate security controls around Privileged Account Management in place, the resulting<br />
damage and fraud from an insider attack could be disastrous. Changing user behaviour and vetting<br />
privileged users is arguably as important as implementing the right software.<br />
25
26<br />
As such, process control is also key to managing privileged users. Over the years, Burning Tree has<br />
helped many companies address required change within their security practices. This involves<br />
implementing a combination of appropriate software and enhanced processes to provide a complete<br />
Privileged Account Management solution that helps to detect and prevent insider attacks.<br />
To find out how we can help tackle insider threats within your organisation, contact us today. If you would<br />
like to learn more about corporate cyber security issues, please follow us on LinkedIn to stay up to date<br />
with our latest articles.<br />
About the Author<br />
Richard is responsible for the overall management and day to day<br />
running of Burning Tree. He supports the Directors in the delivery of<br />
their assignments and on the development of the consulting practice<br />
in the field of Information Risk Management. Richard specialises in<br />
Operational Risk Management and has held senior positions in a<br />
number of Global Financial Institutions.<br />
With a successful track record of over 26 years in Financial Services<br />
and 13 years in Risk Management, Richard has a wealth of<br />
experience. He was Head of Operational Risk for a Global service<br />
unit of HSBC Bank and worked at a number of UK based banks<br />
helping them achieve AMA status under the Basel II accord.<br />
https://burningtree.co.uk/<br />
26
27<br />
What’s the Security Misconfiguration Antidote? Automation.<br />
By Joshua Williams, Senior Cloud and Automations Solutions Engineer, FireMon<br />
The collective security community is spending too time much worrying about vulnerabilities. They need<br />
to shift some of those resources and take a good hard look at misconfigurations, especially in the cloud.<br />
According to Gartner, through the year 2023, 99 percent of all firewall breaches will be caused by<br />
misconfigurations, not flaws.<br />
What’s more, data sources such as the Identity Theft Resource Center suggest that there were<br />
approximately 1,244 reported data breaches in 2018 in the United States and more than 30 percent (377<br />
total) were directly attributed to unauthorized access.<br />
Misconfigurations Continue to Result from Human Error<br />
Misconfigurations, aka human error, almost always occur during the change process, when new rules<br />
are added, modified or deleted. This often happens manually, and the misconfigurations leave an<br />
organization’s network vulnerable to a data breach. In fact, many data breaches today are the result of<br />
this user error. This typically occurs when a system operator has misconfigured a platform or server.<br />
When this happens, a malicious actor can gain unauthorized access and an organization is now at risk.<br />
Firewall and cloud misconfigurations come in all shapes and sizes and no business is immune to their<br />
threats. Misconfigurations can include overly permissive access, incorrect access, open ports to known<br />
vulnerable hosts, rules that bypass the proxy, and access that violates internal or regulatory compliance<br />
standards.<br />
Bottom line, a simple misconfiguration can open your server up to remote access by anyone with an<br />
internet connection, or allow data to be accessed, stolen and used for nefarious purposes.<br />
Misconfigurations can also significantly violate compliance rules and cause devastating service outages.<br />
27
28<br />
Just a few months ago, Imperva announced that a misconfiguration of an Amazon Web Services cloud<br />
enabled hackers to access customer information using its Web Application Firewall product. In<br />
November, Texas Health Resources was breached from a misconfiguration error in its billing system,<br />
which impacted 82,000 patients.<br />
Why is This Happening<br />
Misconfigurations are happening for a number of reasons. FireMon’s sixth annual “State of the Firewall”<br />
report found that there are several key reasons for the increase. First, the pace of business and digital<br />
transformation is simply happening faster than the ability to protect it. The Internet of Things and our<br />
quest to connect every aspect of our business to the internet to move data at lightning speed is outpacing<br />
the level of security needed to protect all the new access points.<br />
Further, we are facing a widening gap in finding the right security talent. The lack of experienced and<br />
properly trained security professionals are driving increases in misconfigurations and the overall number<br />
of breaches annually.<br />
Of course, we are also seeing more firewalls deployed on premise and in the cloud and the number of<br />
rules associated with these firewalls also increase simultaneously. The legacy process of manually<br />
changing policies within a growing firewall environment is a recipe for further disaster and needs a<br />
process change.<br />
The Right Level of Automation Can Remove Human Error and Protect Businesses<br />
The automation of network rules, policies and configurations on premise and off can greatly remove<br />
human error and protect businesses of all sizes from data breaches. It eliminates<br />
guesswork and manual input, especially when rolling out error-prone, late-night changes across multiple<br />
vendors, platforms and data centers. When businesses automate their firewall policy change<br />
management processes, they can move valuable resources to higher priority security needs.<br />
Overall, automation can increase operational efficiency, reduce security cost and increase compliance.<br />
However, it’s important to note that automation isn’t something that you simply turn on.<br />
Businesses need a solution that aligns security automation to meet them where they are in their digital<br />
transformation initiative. By mapping to the current workflow and processes, automation can give<br />
customers the flexibility to automate at their own pace and confidence level.<br />
Organizations should also implement automation that doesn’t add any new complexities or make their<br />
security operations more complex. The best automation allows customers to keep their hands on the<br />
wheel, and ultimately free up the resources of an already short-staffed team to enable speed, lower<br />
compliance risk and close the innovation gap.<br />
28
29<br />
As more and more businesses begin to automate their network security management processes, we will<br />
begin to see a decrease in misconfigurations and ultimately breaches caused by incorrect access and<br />
open ports.<br />
About the Author<br />
Joshua Williams is a Senior Cloud and Automations<br />
Solutions Engineer at FireMon. In this role, Josh helps<br />
enterprises navigate unique network security challenges and<br />
map requirements to meet their needs. Previously, Josh<br />
worked on the FireMon development team to integrate cloud<br />
platforms and on-premise devices into its award-winning<br />
platform. Before joining FireMon, Josh was an engineer for<br />
a major stock exchange and a government agency where he<br />
led the implementation of automation practices across<br />
security and network devices. Josh also teaches as an<br />
adjunct professor of Computer Science at a community<br />
college in Kansas City. He can be reached on LinkedIn and<br />
the company website: www.firemon.com.<br />
29
30<br />
How To Mitigate The Risks Of Remote Desktop Protocol<br />
By Chris Morales, head of security analytics at Vectra<br />
Remote Desktop Protocol (RDP) is an invaluable tool for any business wanting to save money and create<br />
efficiencies through centrally controlling all its computer assets no matter how far away or isolated.<br />
However, such a capability is also a tempting prospect for cybercriminals looking to exploit the system<br />
for their own gains, with Vectra research highlighting that malicious RDP behaviours are experienced by<br />
nine out of ten organisations.<br />
The research also reveals which industries and size of organisations have the most RDP detections,<br />
along with examples of how cybercriminals and state-sponsored actors are using RDP.<br />
Why is RDP so attractive?<br />
Traditionally, a business that wanted to fix issues on its computers that were situated away from its central<br />
offices had two choices; either send out engineers to resolve the issue or have them permanently<br />
stationed locally. Neither option is ideal with a call out costing in the region of US$2,200, while having an<br />
engineer based on a remote site is unlikely to be cost effective. Further, as more than 60 percent of<br />
machine issues can be fixed remotely, it is no wonder more and more companies are turning to RDP.<br />
Using the protocol, one engineer can do the work of a whole team without the need to leave a central<br />
control room through being able to potentially access and control every computer on the network.<br />
However, it is this very capability that makes infiltrating an organisation’s RDP so attractive for threat<br />
actors, enabling them to cause chaos without being detected. No wonder the FBI has warned that such<br />
activity has been on the rise since mid-late 2016.<br />
30
31<br />
Industries under threat<br />
According to our research, manufacturing was the most targeted sector for malicious RDP behaviours,<br />
accounting for 20 percent of incidents monitored across nine industries, followed by finance and retail.<br />
Manufacturing also accounted for the highest number of RDP Recon and Suspicious Remote Desktop<br />
activities observed.<br />
An RDP Recon incident is when several failed attempts to establish an RDP connection are detected,<br />
potentially indicating that a threat actor is trying to access a system using different login combinations or<br />
is looking to identify active accounts. Conversely, Suspicious Remote Desktop is activated when unusual<br />
characteristics are detected following a successful RDP connection, such as an RDP server that is usually<br />
logged into using English keyboard inputs, is accessed by someone using a German keyboard.<br />
In relation to the size of an organisation experiencing RDP attacks, medium manufacturing firms topped<br />
the list with large manufacturing businesses also making the top ten. Medium retailers and medium<br />
financial institutions also witnessed high levels of malicious RDP behaviour. As a whole, medium<br />
organisations experienced the most RDP detections with 6.9 per 10,000 workloads or devices, small<br />
organisations had 6.5, while large businesses had 4.5.<br />
There are two factors worth considering when looking at these numbers. First is that the size of the<br />
company in relation to the number of employees is not indicative of number of devices. For example,<br />
manufacturing has significantly more connected devices than workers. The second is that larger<br />
organisations are likely to have greater resources focused on countering cyber threats.<br />
Using RDP to attack<br />
RDP has been used in many cyberattacks recently, the most notable of which is SamSam. This hacking<br />
and extortion scheme affected more than 200 organisations, enabling the perpetrators to amass US$6<br />
million in ransom payments and inflict US$30 million of damage. Through RDP the threat actors were<br />
able to carry out privilege escalation, malware infection and execute files without user authorisation or<br />
action.<br />
State-sponsored actors are also using RDP to commit espionage and sabotage. Take APT40, a threat<br />
actor cell identified by FireEye as supporting China’s naval ambitions for modernisation. The group uses<br />
RDP to move laterally through the networks of organisations involved in the development and production<br />
of naval technologies to steal data, carry out reconnaissance and execute malware.<br />
FireEye research also points to a threat actor group using RDP to carrying out clandestine operations on<br />
behalf of Iran, called APT39. The group leverages RDP against targets in the Middle East, Europe and<br />
the United States to facilitate movement and long-term access to a network to gather information and<br />
cause sabotage.<br />
Mitigating the risk of RDP attacks<br />
While there are significant risks of threat actors maliciously using RDP to gain access to a network,<br />
businesses around the world find it invaluable for their day-to-day operations, seeing the benefits far<br />
outstripping any danger.<br />
Therefore, those continuing to use RDP must look to mitigate these risks. This can be achieved through<br />
limiting RDP access to only those that need to use it and employing strong credential and authentication<br />
31
32<br />
policies. This includes stipulating that employees must use their own unique username and password<br />
when accessing the RDP. Such a move should ensure that unauthorised people do not get their hands<br />
on RDP credentials and help to identify the source of any cyberattack.<br />
To further protect their networks, businesses need to be able to quickly detect and deal with those<br />
cyberattacks that target RDP. This can be achieved by putting in place solutions that can monitor remote<br />
access behaviours to determine whether or not the network has been infiltrated and then enable a<br />
response if necessary.<br />
In this way business can be sure that their useful RDP tool continues to benefit them instead of being<br />
used as an attack vector by cyber criminals.<br />
About the Author<br />
Chris Morales, head of security analytics at Vectra. Christopher Morales is<br />
Head of Security Analytics at Vectra, where he advises and designs incident<br />
response and threat management programs for Fortune 500 enterprise clients.<br />
He has nearly two decades of information security experience in an array of<br />
cybersecurity consulting, sales, and research roles. Christopher is a widely<br />
respected expert on cybersecurity issues and technologies and has<br />
researched, written and presented numerous information security architecture<br />
programs and processes.<br />
Chris can be reached online at https://www.linkedin.com/in/cmatx/ and at our<br />
company website https://www.vectra.ai/<br />
32
33<br />
How to Know If Someone Is Watching You on Your Camera<br />
In this era of video chatting and social media live streaming, your computer’s webcam can never be<br />
more relevant.<br />
By Anda Warner, Marketing Specialist , SEOforX<br />
In this era of video chatting and social media live streaming, your computer’s webcam can never be<br />
more relevant. But just like any other tech devices, webcams are prone to hacking, which can lead to a<br />
serious, unprecedented privacy breach. Think of a case where authorized person access and illegally<br />
takes control of your webcam, without your knowledge. Such a person will effortlessly spy on you and<br />
the people around you and, depending on the value and quantity of data he steals, there can be dire<br />
repercussions on your part.<br />
And because it hasn’t happened to you yet shouldn’t be a reason for you to imagine that you are safe.<br />
The art of criminals recording video footage and then extorting money from people through isn’t an idle<br />
Hollywood cliché. It happens to real people. That is why you should be extra careful whenever you see<br />
any suspicious changes to your camera.<br />
33
34<br />
How do hackers pull this off?<br />
Well, a webcam hacker doesn’t need much to take control of your webcam. All the hacker needs to do is<br />
get a malware program that hijacks a webcam and remotely install it into your computer. Then without<br />
your knowledge, he starts to take videos and images of you from his remote location. And if he is<br />
interested in your personal information such as files stored in the computer and your regular browsing<br />
history, the malware will help him accomplish that, too.<br />
That being said, you don’t need to panic as there are ways of knowing if a hacker is watching you on<br />
camera. Besides, it isn’t easy for anyone to control your webcam remotely without you noticing that<br />
something is amiss. Once you realize your vulnerability, you can always use a VPN to keep the hackers<br />
at bay.<br />
Now that we are all on the same page, let’s look at 4 signs that you can use to check if your webcam is<br />
being used by hackers to spy on you.<br />
1.Does the camera misbehave, e.g. change position without your command?<br />
If your webcam is modern enough, then it has the ability to rotate and move in different directions in order<br />
to capture the best video/image at the most convenient angle. That is a cool feature when you are using<br />
it, but it increases your vulnerability when a hacker takes charge. Always be keen to check if the camera<br />
is moving or rotating without your command. If you realize any unusual movement, that is an indication<br />
that someone is spying on you.<br />
And because webcams work synonymously with built-in microphones and speakers whenever you videochat,<br />
a misbehaving camera will most likely affect the mic and speakers as well. Be aware of any changes<br />
in them as well.<br />
2.Strange storage files<br />
After a hacker records footage via your webcam, that footage - be it video or audio - will be saved among<br />
your existing storage files. That is to mean that if a file pops up from nowhere, then that would be a red<br />
alert. “Always check out for files you did not create, most particularly in your webcam recordings folder.<br />
You cannot also rule out the chances of the hacker having relocated some of his and some of your files<br />
to new folders or to a location where you aren’t likely to check on a regular basis,” suggest Diceus, an<br />
outsourcing Java development company. For that, always comb every corner of your storage locations<br />
and confirm that your webcam settings are in accordance your specifications at all times.<br />
3.Is the indicator light misbehaving?<br />
Does your webcam indicator blink abnormally or go on without you prompting it? If yes, someone could<br />
be controlling it without your consent. Sometimes other computer programs or browser extension that<br />
34
35<br />
you are running in the background could be using your webcam thus causing the abnormal blinking. On<br />
other occasions, the indicator will malfunction because of a technical problem with your computer. But<br />
you shouldn’t leave anything to chance when it gets to your cybersecurity. Be on top of things at all times.<br />
4.Check for background apps<br />
Sometimes malware will be sneaked into your computer as a normal application. This is especially the<br />
case when you are fond of downloading apps from unsecured websites, so a malware app finds an easy<br />
way to your operating system. Always be on the lookout for software/apps that are running on your<br />
computer without you having installed them.<br />
About the Author<br />
Anda Warner is an experienced marketing specialist with a demonstrated<br />
history of working in the marketing and advertising industry. Anda<br />
possesses a strong entrepreneurial mindset and has devoted her career to<br />
enhancing the sphere of marketing and event production.<br />
warnderanda@gmail.com<br />
website www.seoforx.com<br />
35
36<br />
8 Common Types of Small Business <strong>Cyber</strong> Attacks<br />
By Jonathan Krause, Owner, Forensic Control<br />
Whilst large scale cyber-attacks are well documented, there is also an increasing number of e-commerce<br />
small businesses at threat from targeted attacks. A report released by Verizon showed that approximately<br />
43% of cyber-attacks targeted small and medium enterprises (SMEs). Out of these, only 14% are<br />
prepared to defend themselves against cyber threats.<br />
A further study conducted by the Ponemon Institute revealed that there is a rise in the number of attacks.<br />
67% of SMEs experienced a cyber-attack in the form of either phishing, ransom-ware, or advanced<br />
malware, with another 58% also having experienced a data breach.<br />
About half of these victims (47%) confirmed that they did not understand how to protect their<br />
organisations against digital attacks. That needs to change.<br />
It’s vital that small businesses owners educate themselves on the basics of cyber security. They need to<br />
learn about the different types of attacks that can be launched against them.<br />
Organised criminal gangs conducted 39% of the attacks. The methods used varies as well. Hacking<br />
accounted for 52%; Malware for 28%; and unauthorised users for 15% of the attacks.<br />
Small businesses currently seem to lack the resources and knowledge to fight them, with many spending<br />
less than £500 annually on <strong>Cyber</strong>security products. This low spend could be linked to the fact that 54%<br />
of small enterprises believe that their companies are 'too small' to be targeted by cyber criminals.<br />
According to Hiscox it costs on average $200,000 to deal with a cyber security incident.<br />
That's a big cost for a small business. It's also reported that 60% of the affected companies close down<br />
within six months after the incident.<br />
36
37<br />
These stats make it clear why small businesses are almost the perfect target. They don't have the<br />
knowledge and they don't spend enough to protect themselves properly, because they don't think they<br />
will be targeted.<br />
The Most Common Types Of <strong>Cyber</strong> Attacks Small Businesses Face<br />
There are many different cyber-attack types, but these are the most common that small business owners<br />
will face:<br />
· Malware – Also known as malicious software. It's one of the most prominent digital threats to small<br />
and medium-sized enterprises. It is designed to damage and gain access to a specific network and the<br />
digital devices connected to it. In most cases, security is breached when a user clicks on a bad link and<br />
downloads infected files into their devices. These links are placed on the internet by cyber criminals who<br />
have harmful intentions.<br />
· DDoS – Distributed denial of service happens when a group of infected computers attacks a server,<br />
website, or any other network device by sending a high volume of messages and connection requests.<br />
This group of infected computers is known as Bot Network or simply Botnet. The attacked device slows<br />
down or “crashes”, which makes it unavailable to the users.<br />
· Phishing – This is a common scam whereby cyber criminals trick people into clicking a link within a<br />
fake email or website. They do this so that they can gain access to a network or digital device. Phishing<br />
allows criminals to have access to private passwords, financial records, credit card information, and other<br />
data.<br />
<strong>Cyber</strong> criminals understand that it is easy for employees in an organization to click on interesting links<br />
over a particular website or email. This gives them ready access to the organization's network and<br />
computers.<br />
· Inside attacks – There has been an incredible increase in cases of insider attacks. They mostly come<br />
from trusted outsiders, employees and contractors who have authorized access to a particular network.<br />
The following may lead to an inside cyber-attack:<br />
1. Components of a system are affected by an unintentional mistake<br />
2. Intentional attempts to harm or destruct an organization – this is often done by a former or current<br />
dissatisfied employee<br />
3. An attempt to find specific data that is not accessible by the user<br />
4. Checking for weaknesses on the network<br />
· Email initiated attacks – These occur when an individual clicks on a link or attachment in an email,<br />
either by mistake or thinking that the link or attachment is legitimate. The emails are nicely formatted,<br />
and the links in these emails are attractive and enticing. However, once you click on the link, it may collect<br />
personal data, download a virus to the computer, or open up a file back at the command server asking<br />
for further instructions. The majority of small businesses do not have measures to prevent all that from<br />
happening. This enhances the spread of malware.<br />
37
38<br />
· Password attacks - In this situation, an automated system is used to generate various password<br />
combinations in an attempt to try and access a particular network. Consistently changing the users’<br />
passwords, accounts and admin credentials is one way of fighting this crime. The credentials can be<br />
changed in period intervals preferable to the business. It's easy enough to do this quarterly or even<br />
monthly.<br />
· Ransom-ware– This type of attack encrypts a device on a network and locks it down, rendering the<br />
device unavailable to the user until there is a payment. Some hackers may remove the encryption and<br />
unlock the device after payment. In some extreme cases, the hackers do not remove the encryption,<br />
forcing the business to incur more expenses in recovering the device.<br />
· Website hijacking – In this scenario, hackers set up a legitimate website to download viruses and<br />
malware to any device that accesses the site. Legitimate sites are often not on the blacklist. Therefore,<br />
website hijacking can go unnoticed for quite some time, and this makes it a dangerous cyber-attack<br />
Ways of Preventing <strong>Cyber</strong> Attacks for Small Businesses<br />
Hackers and other cyber criminals are discovering new ideas every day to access small businesses'<br />
computers, networks and information.<br />
If you’re in the UK you can benefit from <strong>Cyber</strong> Essentials. <strong>Cyber</strong> Essentials helps you to guard against<br />
the most common cyber threats and demonstrate your commitment to cyber security.<br />
It's hard to prevent cyber-attacks completely, but small business owners should always strive to educate<br />
themselves so they don't fall victim to one.<br />
Below are some ways of minimizing such attacks:<br />
· Use of anti-virus and firewalls. This is one of the most common methods of dealing with malware.<br />
However, the anti-virus and firewall should be regularly updated to counteract any viruses, programs,<br />
and network or DDoS attacks. Encryption tools should also be used to scan files and links for malware.<br />
· Minimize the use of removable media, such as USB drives, on the business’s computers.<br />
Additionally, it is advisable to routinely monitor and scan every device connected to your network or<br />
computer system.<br />
· Make daily back up and duplicates of all files and data. This way, it will be easy to restore your<br />
data in the event of a digital attack which compromises the system or network.<br />
· Limit the employees' access to files, folders and programs required for critical routine tasks.<br />
· Always remind the employees to stay away from unsolicited links and attachments in emails.<br />
· Carry out regular vulnerability tests and risk assessments on computer systems and networks.<br />
This helps to identify and rectify possible entry points into the net.<br />
38
39<br />
· Provide staff especially those in the IT department, with training on the current online threats and<br />
trends in digital attacks.<br />
· Using multifactor authentication. This is adds a layer of security, so there are more hurdles for an<br />
attacker to bypass before they get access to sensitive information.<br />
· Invest in <strong>Cyber</strong>security insurance. <strong>Cyber</strong> criminals are becoming more and more sophisticated,<br />
meaning they can strike even the most security-conscious companies. Most of the insurance policies<br />
today will cover the cost of any lost data, as well as partly pay for the process of recovering any lost<br />
information.<br />
· Protect your hardware that contains essential data such as hard- drives, USB drives, and laptops.<br />
Losing such equipment could have severe implications on the security of the company if it landed in<br />
criminals’ hands.<br />
Conclusion<br />
Loss of data has been one of the significant challenges that organizations face and fall victim to. <strong>Cyber</strong>attacks<br />
are on the rise today, with 43% of the attacks targeting small and medium businesses.<br />
<strong>Cyber</strong> criminals are getting wiser and more cunning by the day. They are continually designing new ways<br />
of infecting businesses' computers with malware with the aim of stealing sensitive data and disrupting<br />
the core activities of an organisation. Business cyber security needs to be a priority, with the whole<br />
organisation providing a united front.<br />
The options highlighted above can be used to minimize and negate the occurrence of cyber-attacks in<br />
small businesses. Regular backups, duplicating files and data, installing updated anti-viruses, and limiting<br />
the use of removable media on the business’s computers are some of the best ways to minimize cyberattacks<br />
and improve security. Companies must also train all their staff on cyber-security and establish a<br />
robust security strategy.<br />
About the Author<br />
Jonathan Krause, Owner of Forensic Control. He is a leading cyber security<br />
and digital forensic specialist based in London, UK. After working as a<br />
computer forensic specialist in the Hi-Tech Crime Unit for the Metropolitan<br />
Police at New Scotland Yard, Jonathan founded Forensic Control in 2008.<br />
Since then, Jonathan and his team have advised on hundreds of data<br />
breaches for corporate clients of all sizes. Jonathan can be reached online<br />
at jonathan@forensiccontrol.com and at our company website<br />
https://www.forensiccontrol.com/<br />
39
40<br />
The Ultimate Guide to SSL/TLS Decryption<br />
Six Features to Consider When Evaluating SSL/TLS Inspection Solutions<br />
By Babur Khan, Technical Marketing Engineer, A10 Networks<br />
Encrypted traffic accounts for a large and growing percentage of all internet traffic. While the adoption of<br />
Secure Sockets Layer (SSL), and its successor, Transport Layer Security (TLS), should be cause for<br />
celebration – as encryption improves confidentiality and message integrity – these protocols also put your<br />
organization at risk as they create encrypted blind spots that hackers can use to conceal their exploits<br />
from security devices that are unable to inspect SSL/TLS traffic.<br />
The threat of SSL/TLS blind spots is a serious one. According to a Ponemon survey, legacy security<br />
infrastructure is not built to take care of these evolved, hidden attacks, and almost two out of three<br />
organizations are not able to decrypt and inspect their SSL/TLS traffic.<br />
To stop cyberattacks, you need to gain insight into encrypted data; to gain insight into encrypted data,<br />
you need a dedicated security platform that can decrypt SSL/TLS traffic and send it to the security stack<br />
for inspection in clear text. This paper describes six features to consider when evaluating an SSL/TLS<br />
inspection platform. With this information, you will be able to easily define evaluation criteria and avoid<br />
common deployment pitfalls.<br />
40
41<br />
The current state of insecurity<br />
Worldwide spending on information security will exceed a staggering $124 billion in 2019 as organizations<br />
stack up security products around their network perimeters. Unfortunately, as SSL traffic increases, our<br />
collective $124+ billion investment in security is falling far short of protecting all our digital assets.<br />
Attackers are wising up and taking advantage of this gap in corporate defenses. In fact, as much as 70%<br />
of cyberattacks will use encryption as part of their delivery mechanisms by 2019. As a result, companies<br />
that do not inspect SSL communications are providing an open door for attackers to infiltrate defenses<br />
and steal data.<br />
<strong>Cyber</strong>criminals can use encryption to hide the delivery of malware as well as the extraction of data, which<br />
leaves legacy security devices blind to data breaches. Such breaches can have a disastrous impact on<br />
your company’s reputation and brand, and you could be subject to disciplinary action and fines. For<br />
instance, over 200,000 computers worldwide were affected by last year’s WannaCry ransomware attack<br />
most notably, Britain’s National Health Service (NHS), causing serious disruptions in the delivery of health<br />
services across that nation. To prevent cyberattacks, enterprises need to inspect all traffic and encrypted<br />
traffic in particular, for advanced threats such as WannaCry.<br />
Existing security solutions can’t hack it<br />
While some security solutions can decrypt SSL/TLS traffic, many are collapsing under growing SSL/TLS<br />
bandwidth demands and SSL key lengths. Today, the use of 2048-bit SSL keys has become common,<br />
and the impact is startling.<br />
NSS Labs looked at how decryption impacts performance in its 2018 SSL/TLS Performance Tests. They<br />
measured product performance with a Next Generation Firewall (NGFW) with decryption turned on<br />
versus turned off and found significant performance degradation and increased latency in the tested<br />
products.<br />
• A 92% drop in the average connection rate. Connection degradation ranged from 84% to 99%.5<br />
• An increase in latency in the average application response time of 672%. Latency ranged from<br />
99% to 2,910%.<br />
• A 60% drop in the average throughput. Throughput degradation ranged from 13% to 95%.<br />
The importance of being earnest…when evaluating ssl/tls inspection platforms<br />
To eliminate the SSL/TLS blind spot in corporate defenses, you should provision a solution that can<br />
decrypt SSL/TLS traffic and enable all security products that analyze network traffic to inspect the<br />
encrypted data. You must carefully evaluate all the features and performance of your SSL/TLS inspection<br />
platform before selecting a solution. If you deploy an SSL/TLS inspection platform in haste, you might be<br />
blindsided later by escalating SSL bandwidth requirements, deployment demands or regulatory<br />
implications.<br />
41
42<br />
SSL traffic is growing, and it will continue to increase in the foreseeable future due to concerns about<br />
privacy and government snooping. Many leading websites today, including Google, Facebook, Twitter<br />
and LinkedIn encrypt application traffic. With SSL traffic accounting for a growing percentage of all<br />
internet traffic, you should factor in performance needs and future bandwidth usage when evaluating an<br />
SSL inspection solution. However, you should also make sure that your proposed architecture will comply<br />
with regulatory requirements such as the European Union’s (EU’s) General Data Protection Regulation<br />
(GDPR) or healthcare’s Health Insurance Portability and Accountability Act (HIPAA).<br />
Six features to consider when selecting an ssl/tls inspection platform<br />
Because SSL/TLS inspection potentially touches so many different security products from firewalls and<br />
intrusion prevent systems (IPS) to data loss prevention (DLP), forensics, advanced threat prevention<br />
(ATP), and more, you should develop a list of criteria and evaluate SSL/TLS inspection platforms against<br />
these criteria before selecting a solution. An SSL/TLS inspection platform should:<br />
1. Meet current and future ssl/tls performance demands<br />
Performance is one of the most important evaluation criteria for an SSL/TLS inspection platform. You<br />
need to assess current internet bandwidth requirements and ensure the inspection platform can also<br />
handle future SSL throughput requirements.<br />
2. Satisfy compliance requirements<br />
Privacy and regulatory concerns have emerged as one of the top hurdles preventing some organizations<br />
from inspecting SSL traffic. While your security team may have deployed a wide array of products to<br />
detect attacks, data leaks, and malware, and rightfully, so you have to walk a thin line between protecting<br />
your company’s intellectual property without violating employees’ privacy rights.<br />
Companies that don’t comply with these regulatory rules can be subject to hefty fines and lawsuits. In a<br />
study by the Ponemon Institute, 36% of surveyed companies said compliance/regulatory failure was a<br />
major factor in justifying funding of their organizations’ IT security budget. Forrester Research also<br />
recently reported that as many as “80% of companies will fail to comply with GDPR”<br />
To address regulatory requirements like GDPR, HIPAA, Federal Information Security Management Act<br />
(FISMA), Payment Card Industry Data Security Standard (PCI DSS), and Sarbanes-Oxley (SOX), an<br />
SSL/TLS inspection platform should be able to bypass sensitive traffic, such as traffic to banking and<br />
healthcare sites. Once sensitive traffic is bypassed, you can rest easy knowing that confidential banking<br />
or healthcare records will not be sent to security devices or stored in log management systems.<br />
42
43<br />
3. Support heterogeneous networks with diverse deployment and security requirements<br />
You have to contend with a wide array of security threats from external actors as well as potential<br />
malicious insiders. Therefore, to safeguard digital assets, you need to deploy an ever-increasing number<br />
of security products to stop intrusions, attacks, data loss, malware, and more.<br />
Some of these security products are deployed inline, while others are deployed non-inline as passive<br />
network monitors. Some analyze all network traffic, while others focus on specific applications, like web<br />
or email.<br />
However, virtually all of these products need to examine traffic in cleartext in order to pinpoint illicit activity.<br />
Recently, though, the rise in SaaS adoption has caused many applications to move to the cloud.<br />
Productivity and storage applications like Office 365, Box, Dropbox, G Suite, etc., are commonly used by<br />
many companies. However, many of these applications have their own security stacks in the cloud and,<br />
in the interest of a better user experience, SaaS vendors generally recommend bypassing on-premise<br />
security stacks.<br />
You will need the flexibility to deploy best-of-breed security products from multiple vendors to prevent<br />
getting locked into a single vendor solution. The security landscape constantly evolves to combat<br />
emerging threats, and in one or two years, your company may want to provision new security products;<br />
your SSL/TLS inspection platform needs to be able to interoperate with these new products. An<br />
inspection platform that supports flexible deployment, traffic steering and granular traffic controls will be<br />
able to provision a wide range of security solutions into the future.<br />
4. Maximize the uptime and the overall capacity of your security infrastructure<br />
A security infrastructure blocks cyberattacks and prevents data exfiltration. If your security infrastructure<br />
fails, threats may go undetected and your company may be unable to perform business-critical tasks,<br />
resulting in loss of revenue and brand damage.<br />
Most firewalls today can granularly control access to applications and detect intrusions and malware.<br />
Unfortunately, analyzing network traffic for threats is a resource-intensive task. While firewalls have<br />
increased their capacity over time, they often cannot keep up with network demand, especially when<br />
multiple security features like IPS, URL filtering, and virus inspection are enabled. Therefore, your<br />
SSL/TLS inspection platform should not just offload SSL processing from security devices, but should<br />
maximize uptime and performance of these devices.<br />
When evaluating an SSL/TLS inspection platform, look for a platform that can:<br />
• Scale security deployments with load balancing.<br />
• Avoid network downtime by detecting and routing around failed security devices.<br />
• Support advanced health monitoring to rapidly identify network or application errors.<br />
• Provide better value by supporting N+1 redundancy rather than just 1+1 redundancy.<br />
43
44<br />
Your SSL/TLS inspection platform should not be another point product and should not introduce risk to<br />
your network. Instead, it should lower risk by maximizing the availability and the overall capacity of your<br />
security infrastructure. Only then can the full potential of your SSL/TLS inspection platform be unlocked.<br />
5. Securely manage ssl certificates and keys<br />
When providing visibility to SSL traffic, your SSL/TLS inspection solution must securely manage SSL<br />
certificates and keys. SSL certificates and keys form the basis of trust for encrypted communications. If<br />
they are compromised, attackers can use them for snooping on encrypted traffic and stealing data.<br />
To ensure certificates are stored and administered securely, look for an SSL/TLS inspection platform<br />
that:<br />
• Provides device-level controls to protect SSL keys and certificates.<br />
• Integrates with third-party SSL certificate management solutions to discover, catalog, track and<br />
centrally control certificates.<br />
• Supports FIPS 140-2 Level 2 and Level 3 certified equipment and Hardware Security Modules<br />
(HSMs) that can detect physical tampering and safeguard cryptographic keys.<br />
6. Simply and easily deploy and manage your enterprise security solution<br />
When investing in either a firewall or a decryption solution, two of the biggest problems are the complexity<br />
and the lack of rich usable analytics. A solution that can be easily deployed allows your organization to<br />
become operational and prevent hidden threats as soon as possible. Unfortunately, most decryption<br />
solutions are too complex to be deployed easily. If your solution is deployed quickly, usually after paying<br />
hefty professional services fees, more problems can emerge; are the analytics provided with the solution<br />
humanly consumable and useful? Is the solution providing any usable insights?<br />
When managing encrypted traffic, rich analytics with data delivered in an easy-to-consume format is<br />
critical in order to free up valuable human analysts to make effective and informed decisions. Real-time<br />
analysis provides deep insights into anomalies and threats in encrypted traffic, so adaptive controls and<br />
policy updates can be set through behavior analysis. Products from partners like Splunk may be deployed<br />
in your security network to capture insights into the traffic flowing through network devices.<br />
Furthermore, as your organization grows and spreads to multiple, geographically-distributed<br />
deployments, a ‘single pane of glass’ solution becomes necessary to provide management and analytics<br />
available at a single centralized location. Simplicity becomes a must.<br />
When choosing an SSL/TLS inspection solution, look for a platform that:<br />
• Is easy to use and can be deployed in minutes.<br />
• Ensures the application of security best practices, reducing human errors introduced during<br />
deployment.<br />
• Provides detailed real-time analytics that will help in advanced troubleshooting.<br />
44
45<br />
• Enables troubleshooting of issues that you might have with the platform itself, with ease.<br />
• Provides customizable dashboards that deliver tailored statistics widgets.<br />
• Provides a centralized management option to support your organization as it grows, allowing all<br />
your geographically distributed deployments to be managed and analyzed from a central location.<br />
Conclusion<br />
As privacy concerns are propelling SSL/TLS usage, you face increased pressure to encrypt application<br />
traffic and keep data safe from hackers and foreign governments. In addition, because search engines<br />
such as Google rank HTTPS websites higher than standard websites, application owners are clamoring<br />
to encrypt traffic. At the same time, you face threats like cyberattacks and malware that can use<br />
encryption to bypass corporate defenses.<br />
With SSL accounting for nearly 85% of enterprise traffic in North America and more applications<br />
supporting bigger keys and complex ciphers like ECC for PFS, you can no longer avoid the cryptographic<br />
elephant in the room. If you wish to prevent devastating data breaches, you must gain insight into your<br />
SSL/TLS traffic. Since legacy firewalls are inefficient at decrypting and inspecting traffic simultaneously,<br />
creating bottlenecks in your network, a dedicated SSL/TLS inspection platform that will support your<br />
existing security infrastructure is necessary.<br />
Before provisioning an SSL/TLS inspection solution, consider criteria like performance, flexibility,<br />
analytics, ease-of-use, and secure key management, which are critical to your organization’s success.<br />
Armed with this information, you can make a well-informed decision and avoid the deployment pitfalls<br />
that SSL/TLS inspection can potentially expose.<br />
About the Author<br />
Babur Nawaz Khan is a technical marketing engineer at A10 Networks. He<br />
primarily focuses on the company’s enterprise security solutions, including<br />
Thunder® SSL Insight for TLS inspection and Cloud Access Proxy, which is a<br />
SaaS access security and optimization solution. Prior to his current role, he was<br />
a member of A10 Networks’ corporate systems engineering team, working on<br />
application delivery controllers. Khan holds a master’s degree in computer<br />
science from the University of Maryland, Baltimore County. Babur can be<br />
reached online at our company website http://www.a10networks.com<br />
45
46<br />
Encryption Is Key to Guarantee Data Is Anonymous<br />
By Julian Weinberger, CISSP, Director of Systems Engineering at NCP engineering<br />
Regulatory initiatives such as the EU General Data Protection Regulation (GDPR) have granted<br />
consumers powerful rights to determine how organizations collect and use personally identifiable<br />
information. Companies that hold on to personal data without consent, or who fail to employ adequate<br />
measures to protect it, may face stringent penalties.<br />
Yet, there is one important exception. Anonymized data – information held without key details to prevent<br />
identification – is exempt from the rules.<br />
Data in anonymized form is meant to reduce the chance of a breach or damage from its loss because it<br />
cannot be used to identify specific individuals. Received wisdom holds that with no threat to personal<br />
privacy there is no risk of punitive fines.<br />
Anonymized data is ideal for medical trials and market research. Healthcare organizations, for example,<br />
can take patient names, addresses, and dates of birth out of digitally stored medical records to use<br />
information for research purposes without the risk of disclosing individual identities.<br />
46
47<br />
It’s not just medical research that benefits from anonymized data. Transport for London recently mined<br />
anonymized mobile phone data of passengers to gather information that enabled it to create more<br />
accurate travel times and arrival estimates.<br />
While anonymized data undoubtedly has its uses, it is far from perfect.<br />
Deciphering the Datasets<br />
On its own, anonymized data is impossible to decipher – until, that is, someone starts to cross-reference<br />
it against publicly available data sets such as an electoral roll or a national census.<br />
Belgium’s Université Catholique de Louvain (UCLouvain) and Imperial College London discovered this<br />
can be achieved with alarming accuracy. The study found that an anonymized dataset containing 15<br />
demographic attributes could be used to identify individuals in the state of Massachusetts with 99.98<br />
percent accuracy. Considering the state population is close to seven million people, the findings are<br />
remarkable.<br />
In another prominent example, researchers found that publicly available anonymous data about routes<br />
taken by New York City cab drivers could be used to reveal their home addresses. The de-anonymizing<br />
process seems to be more accurate with smaller datasets – especially when cross-referenced against<br />
the right database.<br />
Data Encryption<br />
European regulators have shown they are ready to issue stiff penalties to organizations that do not take<br />
proper precautions with anonymized data. Most recently, Denmark’s data protection agency fined a taxi<br />
company approximately $180,000 for failing to anonymize data properly.<br />
Clearly, organizations cannot expect anonymized database data alone to protect sensitive customer<br />
information. Firms must be proactive and implement the proper security measures and technology to<br />
ensure customer privacy is safeguarded.<br />
Encryption is one of the most reliable strategies for protecting the privacy of digital assets, especially if<br />
the organization needs to send or share them over the public Internet. Encrypted data is encoded and<br />
can only be accessed with the correct key, usually using symmetric- or public-key encryption. Data<br />
treated this way is impossible to decipher, effectively rendering it unintelligible to outside observers.<br />
Encryption is essential to protect database data in storage but also on the move. A professional,<br />
enterprise-quality virtual private network (VPN) is an extremely effective way to secure digital<br />
communications.<br />
In summary, database anonymization is useful for storing personal information that is collected in the<br />
course of research. However, researchers cannot trust anonymization alone to keep personal data<br />
47
48<br />
protected from third-parties. Implementing a robust, enterprise-standard VPN is the best way to<br />
guarantee customers’ personal information remains fully protected at all times.<br />
About the Author<br />
Julian Weinberger, CISSP, is Director of Systems<br />
Engineering for NCP engineering. He has over 10 years of<br />
experience in the networking and security industry, as well<br />
as expertise in SSL ‐ VPN, IPsec, PKI, and firewalls. Based<br />
in Mountain View, CA, Julian is responsible for developing IT<br />
network security solutions and business strategies for<br />
NCP.<br />
NCP can be emailed at info@ncp-e.com, reached on Twitter<br />
at @NCP_engineering, and on our company website at<br />
https://www.ncp-e.com/en/.<br />
48
49<br />
Europe <strong>Cyber</strong>security Market Size to Steer At 13% CAGR To<br />
2025<br />
Europe <strong>Cyber</strong>security Market is estimated to be over USD 25 billion in 2018 and is expected to register<br />
a lucrative growth between 2019 and 2025 with a CAGR of over 13%<br />
By Shashie Pawar , PR & Media Communicator (Graphical Research)<br />
According to the Graphical Research new growth forecast report titled “Europe <strong>Cyber</strong>security<br />
Market By Industry (Banking, Government, Manufacturing, Transportation, IT & Telecom, Insurance,<br />
Securities), Industry Analysis Report,, Industry Analysis Report, Regional Outlook (Germany, UK,<br />
France, Spain, Netherlands, Norway, Italy, Ireland, Sweden), Growth Potential, Competitive Market<br />
Share & Forecast, By Product Type (Identity, Authentication and Access Management (IAAM) [Access<br />
Management, Identify Access Management], Infrastructure Protection [Endpoint Protection, Email/Web<br />
Gateway, Security Information and Event Management (SIEM), Vulnerability Management, Cloud<br />
Security, Data Loss Prevention (DLP)], Network Security [Internet Service Provider Equipment, Virtual<br />
Private Network (VPN), Unified Threat Management (UTM), Firewall], Security Services [Implementation,<br />
Managed Security Services, Consultancy & Training, Hardware Support]), By Organization (SME,<br />
Government, Large Enterprises)”, Determined to exceed USD 65 billion by 2025.<br />
49
50<br />
The Europe cybersecurity market growth is attributed to strong government initiatives to promote data<br />
safety and hefty investments in cybersecurity solutions. The increasing cases of data breaches and<br />
malicious cyber-attacks on critical business infrastructure have driven several business enterprises<br />
toward partnering with government agencies for enhanced cybersecurity. For instance, in July 2016, the<br />
EU Commission announced a Public-Private partnership program on cybersecurity with USD 2 billion<br />
investments by <strong>2020</strong>. The private sector is estimated to contribute USD 1,498 million, with the remaining<br />
USD 502 million contributed by various governments across the region. This is expected to spur the<br />
growth of cybersecurity solutions in the region.<br />
The network security segment is expected to register an accelerated growth over the forecast period with<br />
a CAGR of over 15%. These solutions protect data integrity and usability of critical business networks,<br />
safeguarding enterprises against intrusions and virus attacks on their IT networks. The proliferation of<br />
new devices, applications, and complex networking architectures has increasingly made network<br />
management difficult for enterprises, driving them toward adopting network security solutions for<br />
efficiently managing modern complex networks. The rapidly changing network has pressured enterprises<br />
to deploy network monitoring tools, accentuating the growth of network security solutions.<br />
The large enterprises segment is projected to exhibit a lucrative growth of over 10% in the Europe<br />
cybersecurity market. Large enterprises are severely affected by cyber-attacks due to the involvement of<br />
substantial financial assets. Malicious attacks can also hamper an enterprise’s market image and cause<br />
investor dissatisfaction; hence, large enterprises are proactively adopting cybersecurity solutions for<br />
mitigating such risks. Increasing budget allocations and the growing awareness regarding cybersecurity<br />
are further expected to accentuate the adoption of cybersecurity solutions by large enterprises.<br />
The banking sector is anticipated to exhibit an accelerated growth between 2019 and 2025, growing at a<br />
CAGR of over 15%. The rapid adoption of digital banking platforms and stringent government regulations<br />
for financial institutions have driven banks toward adopting cybersecurity solutions to prevent financial<br />
abuse and mitigate losses. For instance, in June 2017, the Financial Conduct Authority (FCA), a leading<br />
bank regulator in the UK made it mandatory for all banks in the UK to adopt cybersecurity measures.<br />
50
51<br />
Some of the key vendors in the Europe cybersecurity market include Check Point Software, Sophos<br />
Group plc, BAE Systems, Cisco Systems, Inc., Symantec Corporation, <strong>Cyber</strong>Ark Software Ltd., F-Secure<br />
Corporation, Proofpoint Inc. , McAfee LLC , F5networks, Inc., Microsoft Corporation, FireEye, Inc.,<br />
Fortinet, Inc., Hewlett-Packard, Ltd., IBM Corporation, Intel Corporation, Oracle Corporation, Palo Alto<br />
Networks, Inc., Rapid7, RSA Security, LLC., Splunk, Inc, and Trend Micro, Inc.<br />
The Europe cybersecurity market research report includes in-depth coverage of the industry, with<br />
estimates & forecast in terms of revenue in USD million from 2019 to 2025, for the following segments:<br />
Europe <strong>Cyber</strong>security Market Share, By Product Type<br />
• Identity, Authentication and Access Management (IAAM)<br />
• Access Management<br />
• Identity Access Management<br />
• Infrastructure Protection<br />
• End Point Protection<br />
• Email/Web Gateway<br />
• Security Information and Event Management (SIEM)<br />
• Vulnerability Assessment<br />
• Cloud Security<br />
• Data Loss Prevention (DLP)<br />
• Others<br />
• Network Security<br />
• Internet Service Providers (ISPs)<br />
• Virtual Private Network (VPN)<br />
• Unified Threat Management<br />
• Firewall<br />
• Security Services<br />
• Implementation<br />
• Managed Security Services<br />
• Consulting & Training<br />
• Hardware Support<br />
• Others<br />
Europe <strong>Cyber</strong>security Market Size, By Organization Type<br />
• SME<br />
• Government<br />
• Large Enterprise<br />
Europe <strong>Cyber</strong>security Market Forecast, By Industry<br />
• Banking<br />
• Government<br />
• Manufacturing<br />
• Transportation<br />
51
52<br />
• IT & Telecom<br />
• Insurance<br />
• Securities<br />
• Others<br />
Source:https://www.graphicalresearch.com/industry-insights/1246/europe-cybersecurity-market<br />
About the Author<br />
Preeti Wadhwani leads the next-generation technology team at<br />
Graphical Research. She has more than 4 years of market research<br />
and consulting experience in niche and emerging technologies<br />
including SMAC (Social, Mobile, Analytics and Cloud), IoT,<br />
virtualization, and containers.<br />
52
53<br />
Iot Security and<br />
Privacy<br />
Security and Privacy in the IoT age<br />
By Lokesh Yamasani, Director – IT<br />
Security (Security Officer), Satellite<br />
Healthcare<br />
We are living in a digital age, let alone so-called “Age of IoT”. What makes it an “Age of IoT”? The answer<br />
is simple. It is the ability to be able to connect and manage everything from fish tanks, baby monitors to<br />
industrial devices, home monitoring devices via internet to accomplish our objectives. Such convenience<br />
has led to increased attack vector through which these devices/things could be easily compromised. The<br />
scary part is that someone with barely any technical skillset could easily compromise these<br />
devices/things. (i.e., someone could easily learn on the internet on how to compromise these things and<br />
simulate the same a.k.a “Annoying Script Kiddies”), let alone nation state actors, hacking groups, and<br />
other known/unknown threat actors/groups.<br />
With that being said, privacy has become a major concern in the IoT age along with security. (Funny<br />
Story: Most recently, I attended a work meeting where someone I was talking to had their smartwatch<br />
turned on. Towards the end of our conversation, that person’s smartwatch started responding to what we<br />
were talking about). Now that we got security and privacy icebreakers out of our way. Come on in, feel<br />
comfortable. Let’s dissect the security and privacy aspects of Internet of Things. Shall we?<br />
Chapter 1: Security<br />
Before talking about the “security” of IoT architecture. Let’s get to the basics of IoT architecture. The IoT<br />
architecture consists of: 1. Things (Things that are equipped with sensors) 2. Gateways (Data from things<br />
goes to the cloud/infrastructure through these gateways) 3. Data gathering and processing Infrastructure<br />
(Data is gathered, processed here and decision is made based on the data received and Artificial<br />
Intelligence techniques) 4. Control Apps (The apps that send the actual commands to perform an<br />
operation on that smart device). To put in the real world context:<br />
Me: Hey google, I am bored!<br />
Google Assistant: Yes, here are the options. Do you want Mickey Mouse adventures? Car adventures?<br />
Do you want to listen to music?<br />
Me: I want to listen to music.<br />
Google Assistant: Music playing….<br />
53
54<br />
There is quite an amount of technology or rather amalgamation of multiple technologies and related<br />
architectures involved behind that simple transaction. Wherever there is an amalgamation of multiple<br />
technologies and related architectures, there are IoT protocols that run the IoT universe. (Did I say I<br />
wanted to be a Geologist?). As a sample, let’s look at two IoT network protocols:<br />
a) Bluetooth<br />
Bluetooth protocol is mostly used in smart wearables, smartphones, and other mobile devices,<br />
where small fragments of data can be exchanged without high power and memory. Bluetooth<br />
protocol is effective for short-range communication. However, as we all know the threats related<br />
to Bluetooth are becoming more prevalent these days: Blueborne, Bluebugging, Bluejacking, and<br />
Bluesnarfing. With consumers keeping these smart devices that operate on Bluetooth protocol<br />
powered on all the time, the likelihood of such Bluetooth attacks is “High”.<br />
b) ZigBee<br />
ZigBee is an IoT protocol that allows things that are retrofitted with “sensors” to work together.<br />
ZigBee is used with apps that support low-rate data transfer between short distances. ZigBee was<br />
created by ZigBee alliance. When it was designed, security related tradeoffs were made to keep<br />
the devices low-cost, low-energy and highly compatible. Some parts of ZigBee’s security controls<br />
are poorly implemented (what are those poorly implemented controls?). As an example, Killerbee<br />
is a Python-based framework used to exploit the security of the devices implemented with Zigbee<br />
standard. Killerbee provides facilities for sniffing the keys, injecting network traffic, decoding the<br />
packets captured, and packet manipulation that takes advantage of “Trust Center Link Key”. If a<br />
cyber-attacker has to take advantage of that “Trust Center Link Key” within the Zigbee protocol.<br />
<strong>Cyber</strong>-attacker must capture Zigbee network traffic at the same time the device joins the IoT<br />
network.<br />
As noted above, these security risks are just the tip of the iceberg. On top of these security risks,<br />
since the backend IoT infrastructure is virtualized and in cloud, it is prone to the same security<br />
risks as any cloud and virtualized infrastructure. Hence, it is highly vulnerable and exploitable.<br />
Bottom-Line: As I’m writing this as a security officer for a healthcare company, what does it all<br />
mean to me? What’s the answer to reduce the likelihood of threat and exploitation of vulnerability?<br />
One simple solution from securing the backend IoT infrastructure perspective is to implement zero<br />
trust access model. On the consumer side, deprecate all the less secure protocols. Design and<br />
regulate the mandatory use of relatively more secure protocols (IEEE – Help us please!). In the<br />
future, patient care is delivered at Home and we can already imagine a situation where sensors<br />
that capture patient data are compromised and used as bots to join a network of bots to perform<br />
malicious activity thereby compromising patient care. That could be a wide spread reality and we<br />
are almost seeing that wide spread reality these days.<br />
Chapter 2: Privacy<br />
Next on, Privacy! I’m going to take on it from a healthcare perspective. Imagine, a home care dialysis<br />
patient using one of these IoT sensors that captures the needed data such as: blood pressure level, fluid<br />
levels, heartbeat rate, Total body water percentage etc. Instead, it has also captured patients’ other<br />
54
55<br />
information such as DNA information, Patient’s private conversations etc. that was never needed within<br />
the context of that particular diagnosis.<br />
By default, most sensors do not give patients the ability to influence where they want their data to be<br />
stored, seen by whom etc. within the context of their diagnostics. This leads to patient data gathering<br />
misuse, patient data storage and processing misuse. Privacy issues like this are some of the privacy<br />
risks at the tip of the privacy iceberg (Yeah, let’s create stringent privacy regulations). Creating privacy<br />
regulations is not the challenge, enforcing them is.<br />
One of the solutions could be to give the control/ability back to patients, consumers as to what these<br />
sensors can or cannot collect, or by design make these sensors in terms of what they can collect and<br />
transmit. In short, giving more power back to consumers! (Consumer power)<br />
Bottom-Line: If you are looking to manage security and privacy risks in the IoT age, use frameworks like<br />
NISTIR 8228 - Considerations for Managing Internet of Things (IoT) <strong>Cyber</strong>security and Privacy Risks and<br />
customize the framework based on your needs. You gotta start somewhere!<br />
About the Author<br />
Lokesh Yamasani works as Director – IT Security (Security Officer) at<br />
Satellite Healthcare/WellBound. He is an experienced and diligent security<br />
expert with about 15 years of overall IT experience and over 14 years of<br />
experience in all information security domains with a record of<br />
accomplishment of successful security leadership with emphasis on metrics<br />
based performance. Lokesh Yamasani can be reached online at<br />
(yamasanil@satellitehealth.com, @LYamasani)<br />
55
56<br />
Getting PKI Right<br />
Program Failures and How to Avoid Them<br />
By Chris Hickman, chief security officer, Keyfactor<br />
Public Key Infrastructure (PKI) has survived the test of time. Today, IT leaders and managers view PKI<br />
as a vital layer within the security framework, helping to authenticate and encrypt sensitive endpoints,<br />
software and applications. Historically, managing PKI has been a manual, on-premises process. Despite<br />
its critical role within the cybersecurity framework, PKI has struggled to find a clear owner within the<br />
organization. Add to that, results from a recent survey where just 36% of respondents said their<br />
organizations have enough IT security staff members dedicated to PKI deployment.<br />
With the industry’s skill shortage, shifting compliance requirements and competing budget priorities, how<br />
can you sidestep deployment landmines and manage a program that’s right for your enterprise and its<br />
budget?<br />
CISOs tackling their organization’s PKI program have two options: build or buy. Deploying DIY PKI onpremises<br />
requires significant investment while keeping the program running takes a dedicated team.<br />
Without appropriate resourcing and continuous care and feeding, PKI can degrade, leading to vulnerable<br />
keys, certificates, system outages or worse – a significant breach event. In addition to the added costs<br />
of network downtime, PKI events can create preventable network vulnerabilities.<br />
56
57<br />
Lessons Learned<br />
Unlike newer processes, PKI and its long history gives us countless real-life case studies of what has<br />
worked and what hasn’t. One recent case study followed a financial institution as they opted to build an<br />
application to manage its PKI and growing number of certificates. While the company was able to<br />
leverage an existing data center and physical security, implementation alone took the company four<br />
months, requiring the dedication of multiple team members across development, engineering and IT. In<br />
addition to resourcing, the project racked up significant hardware, licensing and integration costs.<br />
On the other hand, like other security functions, a growing number of leaders see the advantages of<br />
outsourced or managed PKI and are opting to ‘buy’ PKI via cloud deployment. Here are 5 reasons why:<br />
1. Robust Security: If the root key or private keys within the network are compromised, it can result<br />
in significant disruption and downtime to PKI-dependent applications. In addition to specific tools<br />
used to protect keys, the facility housing critical PKI functions must be secure. PKI-as-a-Service<br />
(PKIaaS) vendors and their security policies and practices have been tested over time and at<br />
scale. If your enterprise falls under attack, you also have one less critical system to restore, as<br />
PKI is hosted safely in an isolated, off-premises cloud location.<br />
2. Reduced Cost & Complexity: Moving PKI to the cloud can alleviate multiple security controls,<br />
maintenance tasks and infrastructure costs. Frankly, the capital expenditure and expertise<br />
needed to properly manage a solid internally run PKI is considerable, forcing many organizations<br />
to make critical PKI operations a secondary task. Adopting the right PKIaaS platform leads to<br />
greater productivity as IT and security teams can focus on core projects. Costs also become much<br />
more predictable, since the many hidden and traditional expenses of PKI are replaced with a flat<br />
rate billing model.<br />
3. Scalability & Availability: A PKI that supports mission-critical applications must run 24/7 and<br />
have the ability to scale as the enterprise grows and adds new devices and identities. High<br />
availability and scalability built into cloud-delivered PKI models support growth demands, while<br />
24/7 service monitoring ensures that critical components are always running. Most importantly,<br />
service level agreements (SLAs) guarantee response times and ensure that there is only “one<br />
throat to choke” should an incident occur.<br />
4. Business Continuity: Finding and retaining IT and security staff capable of running PKI is no<br />
simple task. Shifts in PKI ownership inevitably increase the risk of security gaps as inexperienced<br />
hands fall on mission-critical infrastructure. Lapses in regular maintenance tasks, such as signing<br />
and publishing certificate revocation lists (CRLs) and renewing CAs, can cause significant<br />
outages that take days or even weeks to remediate. Deploying cloud-based PKI ensures that<br />
regardless of personnel changes, the infrastructure can continue to operate at full capacity.<br />
57
58<br />
5. Lifecycle Automation: Certificate-related issues are almost synonymous with PKI oversights.<br />
Manual scripts and spreadsheets simply cannot keep up with the thousands, or hundreds of<br />
thousands, of certificates in use within the average enterprise. Just one expired certificate can<br />
cause a serious network or application outage. Choosing the right PKIaaS provider can help<br />
manage and automate the lifecycle of keys and digital certificates issued from both cloud-hosted<br />
private PKI and any number of third-party public CAs, such as DigiCert, Entrust, Sectigo and<br />
others.<br />
Ultimately, teams must shift their perception of what PKI can help them and their enterprise achieve.<br />
Whether the choice is to build or buy, next generation PKI is key in establishing a new approach to identity<br />
management that’s sustainable, scalable and secure.<br />
About the Author<br />
Chris Hickman is the chief security officer at Keyfactor, a leading<br />
provider of secure digital identity management solutions. As a<br />
member of the senior management team, Chris is responsible for<br />
establishing and maintaining Keyfactor's leadership position as a<br />
world-class, technical organization with deep security industry<br />
expertise. He leads client success initiatives and helps integrate<br />
the voice of the customer directly into Keyfactor's platform and<br />
capability set. For more information visit: www.keyfactor.com or<br />
follow @Keyfactor on Twitter and LinkedIn.<br />
58
59<br />
Seven Security Predictions For <strong>2020</strong><br />
By Corey Nachreiner, CTO of WatchGuard Technologies<br />
Each year, the WatchGuard Threat Lab research team examines the top emerging threats and trends<br />
across the information security landscape to develop predictions for the coming year. Even though the<br />
threats coming at you won’t be any less intense, complicated, or difficult to manage moving forward, <strong>2020</strong><br />
will be the year of simplified security. This year, we believe there are seven key security trends to watch,<br />
and have provided actionable tips for simplifying your approach to handling each of them:<br />
1) Ransomware Targets the Cloud<br />
Ransomware is now a billion-dollar industry for hackers, and over the last decade we’ve seen extremely<br />
virulent strains of this malware wreak havoc across every industry. As with any big-money industry,<br />
ransomware will continue to evolve in order to maximize profits. In <strong>2020</strong>, we believe ransomware will<br />
focus on the cloud.<br />
Recently, untargeted “shotgun blast” ransomware has plateaued with attackers showing preference for<br />
targeted attacks against industries whose businesses cannot function with any downtime. These include<br />
healthcare, state and local governments, and industrial control systems.<br />
Despite its far-reaching damages and soaring revenues, ransomware has largely left the cloud<br />
untouched. As businesses of every size move both their servers and data to the cloud, it has become a<br />
one-stop shop for all of our most important data. In <strong>2020</strong>, we expect to see this safe haven crumble as<br />
59
60<br />
ransomware begins targeting cloud-based assets including file stores, S3 buckets, and virtual<br />
environments.<br />
Do you have cloud security? Virtual or cloud UTM? Asking these questions is where to start. Use<br />
advanced malware protection to detect evasive malware. More importantly, consider new security<br />
paradigms that allow you to implement security controls, like advanced malware protection, in cloud use<br />
cases. Finally, the cloud can be secured, but it requires work. Make sure you’ve hardened your cloud<br />
workloads. For instance, investigate resources for properly securing S3 buckets.<br />
2) GDPR Comes to the United States<br />
Two years ago, the General Data Protection Regulation (GDPR) came into force, protecting the data and<br />
privacy rights of European Union citizens. As of yet, few places outside the EU have similar laws in place,<br />
but we expect to see the United States (U.S.) come closer to matching it in <strong>2020</strong>.<br />
GDPR boils down to placing restrictions on how organizations can process personal data, and what rights<br />
individuals have in limiting who may access that data, and it has already shown teeth. To date, companies<br />
have been fined millions of euros for GDPR violations, including massive €50 million and £99 million<br />
judgements in 2019 against Google and Marriott respectively. While the burden placed on companies<br />
can be intense, the protections provided to individuals are massively popular.<br />
Meanwhile, the U.S. has suffered a social media privacy plague the last few years, with no real GDPR<br />
equivalent to protect local consumers. As organizations like Facebook leak more and more of our<br />
personal data, which bad actors have used in everything from targeted election manipulation to unethical<br />
bounty hunting, U.S. citizens are starting to clamor for privacy protections like those enjoyed by our<br />
European brothers and sisters. So far, only one state, California, has responded by passing their<br />
California Consumer Privacy Act (CCPA), which goes in effect in early <strong>2020</strong>.<br />
Though the same senator who introduced CCPA in California has proposed a Federal Consumer Data<br />
Privacy Act (CDPA) bill, we don’t think it will gain enough support to pass nationwide in <strong>2020</strong>. However,<br />
we do expect more and more states to jump onto California’s bandwagon, and pass state-level consumer<br />
privacy acts of their own. In <strong>2020</strong>, we anticipate that 10 or more states will enact similar laws to<br />
California’s CCPA.<br />
There isn’t a specific security tip for this prediction, but you can still take action. Contact your local<br />
congressperson to share your opinion on regulations to protect your privacy. Meanwhile, consider the<br />
lack of regulation here when sharing your private information online and with social networks.<br />
3) Voter Registration Systems Targeted During the <strong>2020</strong> Elections<br />
Election hacking has been a hot topic ever since the 2016 U.S. elections. Over the last four years, news<br />
cycles have covered everything from misinformation spread across social media to alleged breaches of<br />
state voter systems. During the <strong>2020</strong> U.S. presidential elections, we predict that external threat actors<br />
60
61<br />
will target state and local voter databases with a goal of creating voting havoc and triggering voter fraudalerts<br />
during the <strong>2020</strong> elections.<br />
Security experts have already shown that many of the systems we rely on for voter registration and<br />
election day voting suffer from significant digital vulnerabilities. In fact, attackers even probed some of<br />
these weaknesses during the 2016 election, stealing voter registration data from various states. While<br />
these state-sponsored attackers seemed to draw the line by avoiding altering voting results, we suspect<br />
their previous success will embolden them during the <strong>2020</strong> election, and they will target and manipulate<br />
our voter registration systems to make it harder for legitimate voters to submit their votes, and to call into<br />
question the validity of vote counts.<br />
While there isn’t a specific cyber security tip for this prediction, we do have some voter preparedness tips<br />
in the event this prediction comes true. First, double-check the status of your voter registration a few days<br />
before the election. Also, monitor the news for any updates about voter registration database hacks, and<br />
be sure to contact your local state voter authority if you are concerned. Be sure to print out the result of<br />
a successful voter registration, and bring you ID on election day, even if technically unnecessary.<br />
4) 25% of All Breaches Will Happen Outside the Perimeter<br />
Mobile device usage and remote employees have been on the rise for several years now. A recent survey<br />
by WatchGuard and CITE Research found 90% of mid-market businesses have employees working half<br />
their week outside the office. While remote working can increase productivity and reduce burnout, it<br />
comes with its own set of security risks. Mobile employees often work without any network perimeter<br />
security, missing out on an important part of a layered security defense. Additionally, mobile devices can<br />
often mask telltale signs of phishing attacks and other security threats. We predict that in <strong>2020</strong>, one<br />
quarter of all data breaches will involve telecommuters, mobile devices, and off-premises assets.<br />
Make sure you’re as diligent implementing off-network protection for your employees as you are<br />
perimeter protection. Any laptop or device that leaves the office needs a full suite of security services,<br />
including a local firewall, advanced malware protection, DNS filtering, disk encryption, and multi-factor<br />
authentication, among other protections.<br />
5) The <strong>Cyber</strong> Security Skills Gap Widens<br />
<strong>Cyber</strong> security, or the lack of it, has gone mainstream. A day doesn’t seem to go by where the general<br />
public doesn’t hear of some new data breach, ransomware attack, company network compromise, or<br />
state-sponsored cyber attack. Meanwhile, consumers have also become intimately aware of how their<br />
own personal data privacy contributes to their own security (thanks, Facebook). As a result, it’s no<br />
surprise that the demand for cyber security expertise is at an all-time high.<br />
The problem is, we don’t have the skilled professionals to fill this demand. According to the latest studies,<br />
almost three million cyber security jobs remained unfilled during 2018. Universities and cyber security<br />
61
62<br />
trade organizations are not graduating qualified candidates fast enough to fill the demand for new<br />
information security employees. Three-fourths of companies claim this shortage in cyber security skills<br />
has affected them and lessened their security.<br />
Unfortunately, we don’t see this cyber security skills gap lessening in <strong>2020</strong>. Demand for skilled cyber<br />
security professionals keeps growing, yet we haven’t seen any recruiting and educational changes that<br />
will increase the supply. Whether it be from a lack of proper formal education courses on cyber security<br />
or an aversion to the often-thankless job of working on the frontlines, we predict the cyber security skills<br />
gap to increase an additional 15% next year. Let’s hope this scarcity of expertise doesn’t result in an<br />
increase in successful attacks.<br />
While the available cyber security workforce won’t appear immediately, you do have options to help<br />
create and manage a strong cyber defense. Taking a long-term view, you can work with your local<br />
educational institutes to identify future cyber security professionals so that you might fill your open roles<br />
first. In the short term, focus on solutions that provide layered security in one solution, or work with a<br />
managed services provider (MSP) or managed security services provider (MSSP) to whom you can<br />
outsource your security needs.<br />
6) Multi-Factor Authentication (MFA) Becomes Standard for Midsized Companies<br />
We predict that multi-factor authentication (MFA) will become a standard security control for mid-market<br />
companies in <strong>2020</strong>. Whether it’s due to billions of emails and passwords having leaked onto the dark<br />
web, or the many database and password compromises online businesses suffer each year, or the fact<br />
that users still use silly and insecure passwords, the industry has finally realized that we are terrible at<br />
validating online identities.<br />
Previously, MFA solutions were too cumbersome for midmarket organizations, but recently three things<br />
have paved the way for pervasive MFA, both SMS one-time password (OTP) and app-based models,<br />
among even SMBs. First, MFA solutions have become much simpler with cloud-only options. Second,<br />
mobile phones have removed the expensive requirement of hardware tokens, which were cost-prohibitive<br />
for mid-market companies. And finally, the deluge of password problems has proven the absolute<br />
requirement for a better authentication solution. While SMS OTP is now falling out of favor for legitimate<br />
security concerns, app-based MFA is here to stay.<br />
The ease of use both for the end user and the IT administrator managing these MFA tools will finally<br />
enable organizations of all sizes to recognize the security benefits of additional authentication factors.<br />
That’s why we believe enterprise-wide MFA will become a de-facto standard among all midsized<br />
companies next year.<br />
This tip is simple – implement MFA throughout your organization. Everything from logging in to your<br />
laptop each day to accessing corporate cloud resources should have some sort of multi-factor<br />
authentication tied to it. Products like AuthPoint can do this for your company.<br />
62
63<br />
7) Attackers Will Find New Vulnerabilities in the 5G/Wi-Fi Handover to Access the Voice and/or<br />
Data of 5G Mobile Phones<br />
The newest cellular standard, 5G, is rolling out across the world and promises big improvements in speed<br />
and reliability. Unknown to most people, in large public areas like hotels, shopping centers, and airports,<br />
your voice and data information of your cellular-enabled device is communicated to both cell towers and<br />
to Wi-Fi access points located throughout these public areas. Large mobile carriers do this to save<br />
network bandwidth in high-density areas. Your devices have intelligence built into them to automatically<br />
and silently switch between cellular and Wi-Fi. Security researches have exposed some flaws in this<br />
cellular-to-Wi-Fi handover process and it’s very likely that we will see a large 5G-to-Wi-Fi security<br />
vulnerability be exposed in <strong>2020</strong> that could allow attackers to access the voice and/or data of 5G mobile<br />
phones.<br />
Most mobile devices don’t allow the users to disable cellular to Wi-Fi handover (also known as Hotspot<br />
2.0). Windows 10 currently does, however. If unsure, individuals should utilize a VPN on their cellular<br />
devices so that attackers who are eavesdropping on cellular to Wi-Fi connections won’t be able to access<br />
your data. For businesses looking to enable Hotspot 2.0, make sure your Wi-Fi access points (APs) have<br />
been tested independently to stop the six known Wi-Fi threat categories detailed<br />
at http://trustedwirelessenvironment.com. If the APs block these threats, attackers cannot eavesdrop on<br />
the cellular to Wi-Fi handoff.<br />
About the Author<br />
Corey Nachreiner, CTO of WatchGuard Technologies<br />
Recognized as a thought leader in IT security, Nachreiner<br />
spearheads WatchGuard's technology vision and direction.<br />
Previously, he was the director of strategy and research at<br />
WatchGuard. Nachreiner has operated at the frontline of cyber<br />
security for 16 years, and for nearly a decade has been evaluating<br />
and making accurate predictions about information security<br />
trends.<br />
As an authority on network security and internationally quoted<br />
commentator, Nachreiner's expertise and ability to dissect<br />
complex security topics make him a sought-after speaker at<br />
forums such as Gartner, Infosec and RSA. He is also regularly<br />
contributes to leading industry publications and delivers<br />
WatchGuard's "Daily Security Byte" video Secplicity.<br />
63
64<br />
How To Build A Career In <strong>Cyber</strong> Security<br />
By Pedro Tavares<br />
Nowadays, cybersecurity is seen as an attractive landscape for ambitious people and a truly great<br />
opportunity to fight cybercrime. During the past few months, many cyberattacks have targeted companies<br />
around the world. The reason being, there’s a significant shortage of specialized people working in this<br />
field to resolve the problem.<br />
This suggests that the demand for professionals working in cybersecurity has increased in all industry<br />
sectors due to the rising number of cyberattacks happening every day.<br />
If you want a career in cybersecurity, this is the right time to start. Although you do not need to be a young<br />
or old person, or even to need any specialist approval, certification or academic degree, I believe that<br />
some of them, such as online certification programs, can help you to reach your goals at the best time.<br />
Enrolling in a University degree such as a four-year program in Computer Science or Computer<br />
Information Systems or Information Technology can be an excellent start for those who want to get a job<br />
in this area. The know-how and analytical mindset can be developed by studying several subjects, such<br />
as mathematics, programming, networking, and others. If this is a possibility for you, academic research<br />
could be a good start as well.<br />
However, there is another way to get experience and developing your skills quickly and with great<br />
accuracy. Of course, I'm speaking about certifications.<br />
64
65<br />
Certification Programs<br />
There are some interesting certifications programs you need to consider to improve your knowledge on<br />
specific topics., for example:<br />
CISSP - Certified Information Systems Security Professional<br />
ISACA: CISM - Certified Information Security Manager<br />
CompTIA Security+<br />
CEH (v10) - Certified Ethical Hacking Course<br />
These certifications aren’t equivalent and each of them focuses on different topics. Focusing on the<br />
CEH(v10) course, for instance, it will train you on the advanced step-by-step methodologies that hackers<br />
actually use, such as writing virus codes and reverse engineering, so you can better protect corporate<br />
infrastructure from data breaches. These ethical hacking certifications will help you master advanced<br />
network packet analysis and advanced system penetration testing techniques to build your network<br />
security skill-set and beat hackers at their own game.<br />
The CEH ethical hacking course can help you:<br />
• Grasp the step-by-step methodology and tactics that hackers use to penetrate network systems.<br />
• Understand the finer nuances of trojans, backdoors, and countermeasures.<br />
• Get a better understanding of IDS, firewalls, honeypots, and wireless hacking.<br />
• Master advanced hacking concepts, including mobile device, and smartphone hacking, writing<br />
virus codes, exploit writing & reverse engineering and corporate espionage.<br />
• Gain expertise on advanced concepts such as advanced network packet analysis, securing IIS &<br />
Apache web servers, Windows system administration using Powershell, and hacking SQL and<br />
Oracle databases.<br />
• Cover the latest developments in mobile and web technologies including Android, iOS,<br />
BlackBerry, Windows Phone, and HTML 5.<br />
• Learn advanced log management for information assurance and allow you to manage information<br />
security with more clarity.<br />
As a final note, and one of the most import things within this field is the great set of inputs for news,<br />
articles, tools, and others.<br />
For instance, taking as an example Twitter. Here, it’s available a huge volume of fresh news and<br />
resources based on the type of security person you are. Twitter is real-time, which gives it an advantage<br />
over traditional sources; you can create or join as a subscriber.<br />
As an active security professional within the cybersecurity landscape, you can check my Twitter updates<br />
here.<br />
Don’t wait for the perfect moment in your life, start your next professional journey right now.<br />
65
66<br />
About the Author<br />
Pedro Tavares is a cybersecurity professional and a<br />
founding member and Pentester of CSIRT.UBI and the<br />
founder of seguranca-informatica.pt.<br />
In recent years he has invested in the field of<br />
information security, exploring and analyzing a wide<br />
range of topics, such as pentesting (Kali Linux),<br />
malware, hacking, cybersecurity, IoT and security in<br />
computer networks. He is also a Freelance Writer.<br />
Segurança Informática blog: www.segurancainformatica.pt<br />
LinkedIn: https://www.linkedin.com/in/sirpedrotavares<br />
Contact me: ptavares@seguranca-informatica.pt<br />
66
67<br />
Fraud: A Look Back At 2019 And What to Expect in The New<br />
Year<br />
By Christina Luttrell, IDology<br />
The approach of the new year is a good time to reflect on the fraud landscape and its impact on<br />
businesses and consumers. Fraudsters continue to push the envelope, exploring new tactics and<br />
expanding the tried and true. At the same time, businesses have deployed more identity verification and<br />
anti-fraud technologies, more companies are sharing fraud data in consortiums, and Americans are doing<br />
more to protect themselves.<br />
However, it’s still important to understand the advances in fraud schemes and tactics, their potential<br />
impact, the best methods for protecting against them, and how to successfully manage customer<br />
expectations in their wake.<br />
Recent IDology research captures the fraud trends that dominated in 2019 and offers a glimpse into fraud<br />
in <strong>2020</strong>.<br />
Card-funded fraud, phishing, and account takeover. Credit, debit, and prepaid card<br />
fraud remains the most predominant form of fraud. This is closely followed by phishing,<br />
which includes business email compromise (BEC) and account takeover. In addition, the<br />
emergence of real-time ACH payment initiatives and higher adoption rates of person-toperson<br />
(P2P) payments are driving increases in ACH/wire fraud.<br />
67
68<br />
Mobile fraud vulnerabilities. While mobile devices provide an effective means of<br />
delivering authentication and biometric capabilities, they also create points of vulnerability.<br />
The level of mobile fraud stayed the same this year for 50% and increased for 28% of<br />
respondents to the IDology report. As more consumers utilize one-time mobile passcodes<br />
for multi-factor authentication, circumventing and intercepting them becomes more<br />
lucrative for fraudsters, especially with orchestrated multi-channel attacks.<br />
Elusive small-dollar fraud. Criminals are always on the hunt for new ways to commit<br />
fraud at scale, but they also don’t want to get caught. Over the last 12 months, the average<br />
transactional dollar value of attempted fraud attacks in the under $500 range increased<br />
by 31%. These low dollar amounts are likely to be missed by consumers as they scan<br />
their card statements; when these schemes are carried out on a large scale, they add up<br />
to a lot of money for fraudsters who aren’t afraid to nurture a fraud scheme over time in<br />
order to get the biggest benefit.<br />
Challenging synthetic identity fraud. Synthetic identity fraud (SIF) ranks as the top<br />
fraud type that executives believe will be most severe in the next three years. Why? By<br />
nature, SIF is difficult to detect, stop, and report. There are no real people from whom to<br />
recoup losses. Businesses simply don’t know how many cases of seemingly real accounts<br />
are synthetic identities incubating until a “bust out” occurs. And because businesses are<br />
unable to accurately determine and report synthetic fraud, regulators are asking how well<br />
they can apply Know Your Customer (KYC) regulations.<br />
Declining consumer trust. Businesses are still working to understand the implications of<br />
large-scale chronic breaches and related fines and settlements. IDology found that<br />
companies see the biggest casualty of large-scale breaches and settlements as the loss<br />
of customer trust. Protecting against fraud doesn’t always equate to an “easy” customer<br />
experience, and deploying a safe and easy process can prove elusive. Maintaining the<br />
delicate balance between strong fraud prevention and a seamless user experience is the<br />
number one challenge fraud executives and professionals say they face.<br />
Balancing it all in <strong>2020</strong><br />
While their defenses may be improving, businesses are bracing for more attacks. SIF, mobile attacks,<br />
card-funded fraud, phishing, new account fraud, account takeover, and faster ACH fraud are looming<br />
threats.<br />
Fraudsters continue to push the envelope and expand mobile tactics, such as SMS text interception,<br />
while fighting anti-fraud machine learning with their own machine learning and credential-stuffing<br />
68
69<br />
technologies. They’re also collaborating and sharing best practices on the dark web while they continue<br />
to avoid detection by lowering transaction amounts and opting for larger-scale attacks.<br />
While it’s logical that a higher number of hurdles for users to clear corresponds to greater fraud<br />
deterrence, there’s also a higher likelihood of frustration and abandonment, leading consumers to move<br />
to a competitor. In this balancing act, most businesses lean toward frictionless experiences at the risk of<br />
more fraud. While the decision to capture revenue over stopping fraud is not surprising, it could result in<br />
greater material risks down the road.<br />
Basic identity proofing and data matching are no longer sufficient methods for verifying identities.<br />
Leveraging multiple layers of data, including mobile network data, device information and geolocation,<br />
as well as the integration of machine learning and artificial intelligence to improve the processing of that<br />
data, is the key to balancing fraud and customer experience. By utilizing smart layers of identity attributes<br />
and analyzing disparate identity characteristics behind the scenes, businesses escalate to additional<br />
authentication methods only when necessary and can quickly greenlight legitimate customers.<br />
About the Author<br />
Christina Luttrell is the chief operating officer for IDology, a GBG<br />
company and leader in multi-layered identity verification and fraud<br />
prevention. In her 10 years at IDology, Luttrell has significantly advanced the<br />
company’s technology, forged close relationships with IDology customers<br />
and driven the development of technology innovations that help<br />
organizations stay ahead of constantly shifting fraud tactics without<br />
impacting the customer experience. Luttrell has been recognized as one of<br />
the Top 100 influencers in identity by One World Identity.<br />
69
70<br />
Anomaly Detection Is the Next <strong>Cyber</strong>security Paradigm<br />
It’s time to move beyond static lists of things forbidden and things allowed.<br />
By Aron Hsiao, Director of Marketing and Insights, Plurilock<br />
Static lists have long been at the heart of cybersecurity.<br />
Today, virtually every cybersecurity practice currently depends on lists of some kind. In network security,<br />
lists of addresses, ports, peers, and keys. In malware and environment security, lists of suspicious code<br />
and process "signatures." In access management and authentication, lists of user credentials.<br />
It’s rapidly becoming clear that these lists are no longer adequate. Their management, maintenance, and<br />
distribution drives countless billions in GDP, yet cybersecurity is as far from a solved problem as it’s ever<br />
been. Both breach rates and breach concerns amongst regulators and the public continue to grow<br />
exponentially.<br />
Why <strong>Cyber</strong>security is Still Hard<br />
At the end of the day, the problem is that these lists all fall short in the same way. We think of them as<br />
lists of exclusions and protections, but each such list is also secretly a direct avenue for attack, precisely<br />
through what it allows—or at least doesn’t forbid.<br />
70
71<br />
• A list of valid credentials is also by nature a list of methods to compromise protected data,<br />
accounts, and privileges.<br />
• A configured firewall is also by nature a set of ports, addresses, and subnetworks that will remain<br />
vulnerable.<br />
• A set of malware signatures is also by nature a description of the patterns that malware can avoid<br />
exhibiting in order to escape detection.<br />
• A PKI is inherently a set of doors that can always be opened with the right data—no matter how<br />
narrow or obscure we try to ensure that these doors remain.<br />
• And so on.<br />
For years, security professionals have bemoaned "security through obscurity" even as so much of<br />
cybersecurity is fundamentally still about obscurity—ensuring that these lists remain either obscure or<br />
difficult to understand or decode. At the end of the day, it’s all security through obscurity. Once these<br />
things are no longer obscure, the doors are open.<br />
If the last several decades have taught us anything, they’ve taught us that malicious actors are amazingly<br />
adept at finding ways to get ahold of or exploit these lists—these avenues for attack. Crooks pursue this<br />
strategy precisely because these lists are, unavoidably, avenues for attack.<br />
No matter how sure we've been of each new (and often newly complex) protection method, each has<br />
always become, in the end, the latest door through which malicious actors enter.<br />
New Authentication Practices: Behavioral Biometrics<br />
Governments and security-critical organizations, faced over the last decade with millions or billions of<br />
new users, growing cloud profiles, and ballooning data and systems footprints—not to mention expanding<br />
attack and risk surfaces—have increasingly looked for new approaches.<br />
In user authentication and PAM circles, behavioral-biometric authentication methods are now the leading<br />
solution to this problem. While usernames, passwords, tokens, fingerprints, and mobile SIMs are all<br />
attack vectors that bad actors can use to impersonate real users and gain illicit access, behavioralbiometric<br />
systems are fundamentally different.<br />
In behavioral-biometric systems, which are driven by machine learning and observation over time, there<br />
is no particular credential that can be stolen and reused in order to gain entry. There are also no<br />
biographical or other credentials used or kept on file to act as objects of theft in order to access still other<br />
systems.<br />
Instead, behavioral-biometric technologies recognize people based on tiny, machine-observable patterns<br />
in input or sensor data that they generate as they go about their business. In other words, on behavioralbiometric<br />
systems users must be “recognizable" in wholly organic, multifaceted, and embodied ways—<br />
71
72<br />
ways that are difficult if not impossible to simulate. Authentication happens inadvertently, as users simply<br />
act like—and are—themselves.<br />
Generalizing Behavioral Biometrics to Anomaly Detection<br />
At Plurilock we’ve long considered behavioral biometrics to be our core competency, yet recently we’ve<br />
been increasingly engaged in research and development on machine-to-machine security models for the<br />
Internet of Things and in new ways to detect and stop malware.<br />
It’s rapidly becoming clear that all of these are cases in which stronger, more efficient, and more costeffective<br />
security can be achieved using a group of very similar anomaly detection technologies.<br />
The claim that "identity is the new perimeter" has been making the rounds over the last year or two, and<br />
we don't disagree with it for human users. But this claim is actually a specialized instance of a more<br />
general claim that will shape cybersecurity in the decades to come. After all, identity is exactly the<br />
problem—and more and more, anomaly detection methods are the best way to establish it. So it’s not<br />
identity that is the new perimeter—it's anomaly.<br />
Securing User Accounts, Things, and Environments<br />
But how does anomaly detection address the other problems I just mentioned?<br />
Recall that behavioral biometrics enables us to recognize real users. It does this not with lists of static<br />
facts like credentials or fingerprints—that are in fact themselves vulnerabilities—but through the ability to<br />
recognize, without biographical data or physical markers, whether someone is “being themselves” or not.<br />
It’s fundamentally about detecting user anomalies.<br />
Because users are human beings, we’ve long called this a biometric technology. But the same<br />
approach—using machine learning for anomaly detection—is now proving to be effective in other areas<br />
of cybersecurity as well. Devices are more and more like individuals in our era of highly complex things—<br />
individual in timings, characteristics, and tendencies. This is especially true as machine learning and<br />
automation—and the unique ways in which these affect memory, process, and latency characteristics—<br />
take hold across more and more devices.<br />
In the realm of malware, too, the Spy vs. Spy game of signature library updates versus new threat<br />
"strains" in the wild will soon be supplantable by anomaly detection through machine learning. Computing<br />
environments, process tables, and schedulers are now deep and nuanced enough to offer—once again—<br />
rich signal environments that enable the recognition of both normal and anomalous states. The result is<br />
software security without signature scanning.<br />
Rather than relying on static policies—which credentials grant access, which don’t, which MAC<br />
addresses and keys are in, which are out, which code fragments are allowed, and which aren’t—it's time<br />
for the cybersecurity industry to begin to think in terms of recognition and anomaly detection, just as<br />
behavioral-biometric solutions now do with human users.<br />
72
73<br />
Making the Transition<br />
The shift from list-based and credential-based forms of cybersecurity isn't one that can or will happen<br />
overnight, but it's one that needs urgently to happen nonetheless—and one that will happen simply<br />
because the traditional paradigm can’t be sustained much longer. It’s just too expensive, complex, and<br />
ineffective at this point.<br />
The old, static methods for securing data, accounts, and cyber-systems haven't kept pace with the threat<br />
landscape—and the gap is now growing exponentially. For corporate officers and security professionals<br />
tasked with protecting users, systems, and data, it's time to reorient thinking toward anomaly detection<br />
technologies as tomorrow’s keys to cybersecurity.<br />
It’s time to stop thinking about how to keep our many lists obscure—and to start considering technologies<br />
that make list-based cybersecurity (and its vulnerabilities) obsolete.<br />
About the Author<br />
Aron Hsiao is the Director of Marketing and Insights at Plurilock<br />
Security Solutions, Inc. One of a number of PhDs on Plurilock’s<br />
senior team, Aron’s research background is in the analysis of<br />
human-computer interaction systems. Aron previously worked at big<br />
data startup Terapeak, at e-commerce giant eBay, Inc., and as an<br />
instructor at NYU, CUNY, and The New School for Social Research.<br />
In addition to his academic work and work at Plurilock, Aron is also<br />
the author of a number of books on Linux, cybersecurity, and open<br />
source technologies.<br />
Aron can be reached online at aron.hsiao@plurilock.com and at<br />
http://www.plurilock.com/.<br />
73
74<br />
More Spending Won’t Solve Your Hardest IT Challenges In<br />
<strong>2020</strong> And Beyond. Here’s What Will.<br />
By Chris Hallenbeck, CISO of the Americas at Tanium<br />
U.S. state and local governments have been observing the proposed State and Local <strong>Cyber</strong>security<br />
Government Act of 2019, especially since it was endorsed by the National Association of State Chief<br />
Information Officers (NASCIO) in July. The federal legislation contains the promise of more funding for<br />
cybersecurity efforts and improved collaboration and resource-sharing among federal state and local<br />
governments.<br />
Overall, it is intended to provide an advantage to governments in the battle over cyberattacks. But, like<br />
so many other examples of an ongoing technology challenge that is met with the promise of resources,<br />
the additional funding that this legislation will provide could inadvertently steer things in the wrong<br />
direction.<br />
Learning from the enterprise<br />
More funding can actually lead to weaker defenses, not stronger ones. When IT gets a windfall, decisionmakers<br />
tend to buy more tools to tackle their security issues and IT operations challenges—attempting<br />
to address each new threat or operational issue with a promising new product. But rather than providing<br />
teams with more control, these point tools add more complexity to the environment. It becomes harder<br />
74
75<br />
to get a view on the entire IT estate, how much of it is patched and up-to-date, and where vulnerabilities<br />
lie across endpoints, both on-premises and cloud.<br />
That’s not to say that budget relief is without merit—of course it can help. But many large enterprises and<br />
government agencies already have 20 or more tools for security and IT operations—usually from more<br />
than 10 different vendors—already in their arsenals. For large enterprises, the number is often higher<br />
than 40.<br />
In a rush to solve every issue with a so-called “tailored” solution, IT teams ultimately end up with a cluster<br />
of fixes that don’t work well together, and they could cause more problems cumulatively than they solve<br />
individually. It’s why these environments aren't seeing improved IT hygiene. As a result, forward-thinking<br />
organizations are embracing a platform approach—specifically a unified platform for endpoint<br />
management and security—to simplify their environments, provide that visibility and control, and make<br />
themselves ultimately more resilient to disruption.<br />
Bringing vigilance into <strong>2020</strong><br />
Today, data flows throughout organizations in a variety of ways, including the cloud and on mobile<br />
devices. Serious visibility gaps arise when we implement architectures that were designed for a time<br />
when IT was the custodian of technology and held a tight set of reins on how it was used within the<br />
enterprise. That is, in part, why organizations underestimate their asset inventory by as much as 20%.<br />
At the scale of hundreds of thousands of endpoints, this poses a significant risk to the organization.<br />
Obtaining data in real-time is as important as identifying where that data sits. Even organizations that<br />
have visibility into each of their endpoints might need to stitch together asynchronous data from a range<br />
of sources, such as EDR telemetry or PCI systems. If one asset is scanned for vulnerabilities every five<br />
minutes, but the other is only scanned once a month, then it is impossible to glean any actionable insight<br />
on the IT environment as a whole. The best you can do is take an educated guess.<br />
Any government organization that wants to enter <strong>2020</strong> with a more robust security posture must prioritize<br />
real-time, actionable data that is drawn from all assets connected to the network.<br />
Creating your own roadmap<br />
So how do IT leaders begin to think holistically and make better investments? It’s useful to start with an<br />
audit. While it can be cumbersome, cataloging the capabilities that each tool provides will help to identify<br />
redundancies and provide teams with a plan of action. If any overlap exists between them, that’s an<br />
opportunity to consolidate. Doing so will improve both efficiency and the bottom line, but that’s not the<br />
only benefit. It could also help increase just how much teams can see in their IT environment.<br />
Think of all the types of tools currently deployed, from asset discovery solutions to SIEMs an CMBDs.<br />
On an individual basis, these tools may very well provide a relatively complete, contextual or timely<br />
solution that serves its purpose. Collectively, however, they are much less effective. Visibility gaps start<br />
to develop, creating another unnecessary problem that will only get worse with time.<br />
75
76<br />
Resolving to plan in the new year<br />
State and local governments are sorely in need of the funds that the proposed legislation would inject.<br />
Hackers targeted municipalities more often in 2019 than they did a year ago, and critical systems in<br />
particular have been held ransom. But without a holistic strategy this blessing could quickly become a<br />
curse for any organization, with too many tools and low-quality data making organizations more<br />
vulnerable to attack. To gain resilience in the long-term, organizations should prioritize a unified endpoint<br />
management and security platform that allows for true visibility and control.<br />
About the Author<br />
Chris Hallenbeck is a security professional<br />
with years of experience as a technical lead<br />
and cybersecurity expert. In his current role as<br />
CISO for the Americas at Tanium, he focuses<br />
largely on helping Tanium’s customers ensure<br />
that the technology powering their business<br />
can adapt to disruption. Before joining Tanium<br />
in 2016, Hallenbeck worked for six years on<br />
the U.S. Department of Homeland Security’s<br />
Computer Emergency Readiness Team,<br />
where he gained a strong background in<br />
computer-related investigative work.<br />
76
77<br />
The Decade Ahead for <strong>Cyber</strong>security<br />
By Matthew Gyde, CEO, Security, NTT Ltd.<br />
The Dawn of a New Era<br />
As <strong>2020</strong> dawns, we stand at the threshold of a new decade that’s certain to reveal challenges to the<br />
security landscape we could scarcely have imagined in 2010. But if the past has taught this industry<br />
anything, it’s that a forward-thinking and progressive approach is the best way to mitigate the risk of<br />
threats and intrusion.<br />
In this brave new era before us, our industry must adapt to how security is acquired. While cloud-based<br />
security, machine learning and the move from zero trust to digital trust were trending topics last year,<br />
we’ve witnessed a fundamental shift in how security is being acquired. Automation and orchestration will<br />
be the watchwords for <strong>2020</strong>. Things are about to change—and drastically. Security orchestration,<br />
automation and response (SOAR) will be the hottest area in cybersecurity in the year to come. Accepting<br />
and embracing this approach will allow managed security service providers (MSSPs) to build trust equally<br />
across both infrastructure and applications.<br />
What are the driving factors behind this shift in strategy? Simply put, the threats and cyberattacks<br />
themselves are no longer conducted at human speed. Rather, they’ve evolved to occur at machine<br />
speed. And as the old adage goes, you must fight fire with fire. This will be accomplished by embedding<br />
security intelligence into both infrastructure and applications.<br />
77
78<br />
Predictive Over Proactive<br />
Machines, under the supervision of data scientists, will use the power of algorithms to elevate threat<br />
detection capabilities. These algorithms will help machines recognize patterns across applications and<br />
infrastructure. They’ll identify anomalies that point to potential attacks and orchestrate security controls<br />
automatically—and instantaneously—without a human touch. As machines are fed more data to learn<br />
from, they’ll become better at recognizing and identifying threat patterns and anomalies. In turn, they’ll<br />
use this learned knowledge and adapt to apply the right controls for each situation. In summary,<br />
cybersecurity best practices must evolve from a proactive to predictive approach.<br />
Security in the Cloud<br />
In the coming decade, as legacy business models and aging infrastructure wanes, we’ll witness a majority<br />
of applications and workloads hosted in cloud environments. The threats and hackers are sure to follow<br />
suit, targeting this influx into cloud-based ecosystems. For organizations using hosting centers or<br />
hyperscalers, a one-size-fits-all software-based security control is difficult to apply across the whole<br />
infrastructure. To truly mitigate cloud-based threat risks, it will take a separate application of security<br />
assigned to the application or workload itself. Companies will then be able to monitor threats precisely<br />
where they appear, rather than oversight of the entire infrastructure.<br />
MVP – Most Vulnerable Player<br />
Threats constantly probe for the most vulnerable entry point. And the bad actors have declared a clear<br />
winner. Apps remain the most vulnerable gateway, falling prey to hostile attacks now also occurring at<br />
machine, rather than human, speed. According to our latest Global Threat Intelligence Report,<br />
application-specific and web-application attacks now account for a third of hostile traffic—making them<br />
the single most common targets of hostile activity.<br />
The Next 10 Years<br />
Addressing cybersecurity through the next decade will require a new mindset, advanced levels of<br />
monitoring capabilities and a growing reliance on machine-based learning and application. But I do<br />
believe that cybersecurity organizations will rise to meet these and other challenges yet unseen, primarily<br />
because they’re left with no choice but to improvise, adapt and overcome threats. This level of vigilance<br />
is best served by taking an intelligent-based approach to security. Only by implementing an intelligencebased<br />
strategy can businesses achieve a predictive, agile and automated security posture, wholly aligned<br />
to their individual level of risk tolerance. Let’s hope the next 10 years will be remembered for the<br />
achievements, milestones and solutions put into practice to eradicate the scourge of unseen threats.<br />
78
79<br />
About the Author<br />
Matthew Gyde is the CEO, Security Division, of NTT Ltd., a leading<br />
global technology services company. Gyde is responsible for<br />
executing the security, services, and go-to-market strategies with<br />
the goal of building the world’s most recognized security business<br />
supported by a team of highly talented professionals.<br />
His career in IT security spans more than 20 years, providing him<br />
with a deep understanding of how security platforms should be<br />
implemented and managed to ensure clients’ business outcomes<br />
are achieved, while simultaneously ensuring their risk is minimized.<br />
Matthew has completed the International Executive Program<br />
from INSEAD Business School, Asia, and holds an Advanced<br />
Diploma in Business Management from Randwick College,<br />
New South Wales, Australia.<br />
79
80<br />
Moving Network Security to The Cloud<br />
What Is Secure Access Service Edge (Sase) And Why It Matters<br />
By Paul Martini, CEO, iboss<br />
The world of technology that exists today is substantially different from that of only a few years ago. The<br />
cloud has changed everything. Mobile phones and devices have allowed users to work from virtually<br />
anywhere. Applications which were once hosted within datacenters have moved to the cloud. The<br />
combination of mobility combined with business applications available in the cloud, from any location,<br />
has allowed companies to become more agile and productive. Bandwidth is through the roof and secure<br />
encrypted network connections are mandatory. While the revolution driven by SaaS applications provides<br />
new possibilities, the challenges they bring to the world of network security are substantial.<br />
Network security is an area responsible for inspecting content as it moves between devices and the<br />
cloud. Fundamentally, network security technology stacks require access to the data in motion to prevent<br />
malware, detect breaches and prevent data loss. Traditionally, access to this data was very straight<br />
forward. Users were constrained to physical network perimeters, such as an office building. As devices<br />
interacted with public cloud services, the data could be forced through on-prem firewall and proxy network<br />
security appliances. The data was forced to flow through chokepoints before heading to and from the<br />
internet. With mobility, users are no longer constrained to any physical location. The data leaving their<br />
devices run on public networks and organizations do not have the luxury of forcing that traffic through<br />
company owned firewalls and proxies. The data could be hair-pinned back through centralized<br />
80
81<br />
datacenters before heading out to the internet but increasing bandwidth and the need for speed quickly<br />
makes this approach unsustainable and cost prohibitive.<br />
Mobility changes the perspective of what the perimeter is defined by and completely inverts the traditional<br />
network topology model. Instead of using a physical building to define a network perimeter, the device<br />
itself becomes the perimeter. A user working on the road is a network of one. A group of three users<br />
working from a conference is a network of three, essentially forming a remote branch office. The same<br />
could be said for branch offices or headquarters. The device and the user is where the network is defined<br />
and where trust should begin and end. Firewall and proxy appliances inherently do not fit this model<br />
because they are physical infrastructure designed to protect physical locations by inspecting all of the<br />
data leaving that location. In the new model, where should the firewall or proxy be installed? If a user is<br />
working from home, should a company owned firewall appliance be installed at user’s home office? How<br />
will this help when the user decides to take their laptop and work from the road, immediately leaving the<br />
home network perimeter?<br />
The network security functions are still required for both security and compliance. Intrusion prevention<br />
and inspection of network content for malware and data loss are fundamental techniques that are still<br />
required and essential. However, sending network data to appliances hosted at any specific location does<br />
not make sense when the connectivity is not originating from any specific location. This is where the shift<br />
of network security from on-prem network security appliances to network security delivered in the cloud<br />
is essential. Instead of sending device and user data to the network security appliance hosted at the<br />
datacenter, network security delivered in the cloud allows cybersecurity functions to move to where the<br />
user is located automatically. Since users are connected to cloud applications and cloud-based network<br />
security lives in the cloud as well, network security running in the cloud can move to the location from<br />
which those connections are originating. The network security functions in essence live where the<br />
applications live, in the cloud, allowing all data to be secured from anywhere.<br />
81
82<br />
To make things worse for an appliance-based approach to network security, the shear increases of<br />
bandwidth and encrypted data has been explosive. Network security appliances have theoretical<br />
throughput limits, governing the amount of data they can process and secure before becoming completely<br />
saturated and slowing down connections. Slow connections are just as bad as down connections<br />
because they drastically affect user productivity due to the inability to access business cloud applications<br />
efficiently. Network security delivered in the cloud is free from these restrictions as the compute and<br />
processing power available is not limited by any physical constraint and can scale on demand as needed.<br />
Cloud-based network security can decrypt any volume of content and inspect it for malicious or harmful<br />
transfers with ease. Containerized approaches to cloud network security also allow for low latency and<br />
fast connections with the ability to take advantage of horizontal scaling to process any volume of traffic.<br />
Moving network security to the cloud is a requirement with the new reality of an inverted network<br />
perimeter that exists today. When evaluating cloud-based network security platforms, it’s critical that the<br />
platform is able to deliver the same functionality found in network firewalls and proxies leaving only the<br />
appliances behind. Containerized architectures, like that found in platforms like iboss, allow both streambased<br />
security functions found in firewalls and file-based security functions found in proxies to be<br />
delivered via a SaaS solution in the cloud. Containerization allows for raw packet processing capabilities<br />
which are required for firewall functionality, such as Intrusion Prevention protection. Ensuring that the<br />
cloud-based platform also has the policy engine capable of transitioning the network security functions<br />
mired in appliances to the cloud-based solution should also be considered.<br />
In the Gartner paper titled “The Future of Network Security is in the Cloud” which introduced the SASE<br />
(“sassy”) model which describes this new phenomenon which must be addressed for a sustainable path<br />
to the future. Cloud SaaS network security platforms, such as iboss, allow organizations to easily migrate<br />
from traditional on-prem appliances to a sustainable cloud-based solution.<br />
82
83<br />
About the Author<br />
Paul Martini is the CEO, co-founder and chief architect of iboss,<br />
where he pioneered the award-winning iboss platform. Prior to<br />
founding iboss, Paul developed a wide-variety of complex security<br />
and technology solutions for clients such as Phogenix, the U.S.<br />
Navy, and Hewlett Packard. He was also a key contributor at<br />
Copper Mountain Networks working on designing and implementing<br />
FPGAs and broadband network infrastructure used by Telcos to<br />
build the cloud. His work at Science Applications International<br />
Corporation (SAIC) involved building distributed real-time systems<br />
for companies such as Rolls Royce. Copper Mountain and SAIC<br />
both launched successful IPOs. Paul has been recognized for his<br />
leadership and innovation, receiving the Ernst & Young<br />
Entrepreneur of The Year award and being named one of Goldman Sachs’ 100 Most Intriguing<br />
Entrepreneurs. Paul holds over 100 issued patents in cybersecurity, networking and technology and has<br />
had his work published in many scientific journals, including the Journal of Foundations in Computer<br />
Science and the Journal of Analytical Biochemistry. He holds a Computer Science Degree from the<br />
University of California.<br />
Paul can be reached online via LinkedIn at https://www.linkedin.com/in/martinipaul. For more information,<br />
visit the iboss company website at https://www.iboss.com.<br />
83
84<br />
84
85<br />
85
86<br />
86
87<br />
87
88<br />
88
89<br />
89
90<br />
90
91<br />
91
92<br />
92
93<br />
93
94<br />
94
95<br />
95
96<br />
96
97<br />
97
98<br />
98
99<br />
99
100<br />
100
101<br />
101
102<br />
Meet Our Publisher: Gary S. Miliefsky, CISSP, fmDHS<br />
“Amazing Keynote”<br />
“Best Speaker on the Hacking Stage”<br />
“Most Entertaining and Engaging”<br />
Gary has been keynoting cyber security events throughout the year. He’s also been a<br />
moderator, a panelist and has numerous upcoming events throughout the year.<br />
If you are looking for a cybersecurity expert who can make the difference from a nice event to<br />
a stellar conference, look no further email marketing@cyberdefensemagazine.com<br />
102
103<br />
You asked, and it’s finally here…we’ve launched <strong>Cyber</strong><strong>Defense</strong>.TV<br />
At least a dozen exceptional interviews rolling out each month starting this summer…<br />
Market leaders, innovators, CEO hot seat interviews and much more.<br />
A new division of <strong>Cyber</strong> <strong>Defense</strong> Media Group and sister to <strong>Cyber</strong> <strong>Defense</strong> Magazine.<br />
103
104<br />
Free Monthly <strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> Via Email<br />
Enjoy our monthly electronic editions of our Magazines for FREE.<br />
This magazine is by and for ethical information security professionals with a twist on innovative consumer<br />
products and privacy issues on top of best practices for IT security and Regulatory Compliance. Our<br />
mission is to share cutting edge knowledge, real world stories and independent lab reviews on the best<br />
ideas, products and services in the information technology industry. Our monthly <strong>Cyber</strong> <strong>Defense</strong> e-<br />
Magazines will also keep you up to speed on what’s happening in the cyber-crime and cyber warfare<br />
arena plus we’ll inform you as next generation and innovative technology vendors have news worthy of<br />
sharing with you – so enjoy. You get all of this for FREE, always, for our electronic editions. Click here<br />
to sign up today and within moments, you’ll receive your first email from us with an archive of our<br />
newsletters along with this month’s newsletter.<br />
By signing up, you’ll always be in the loop with CDM.<br />
Copyright (C) <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine, a division of CYBER DEFENSE MEDIA GROUP (STEVEN G.<br />
SAMUELS LLC. d/b/a) 276 Fifth Avenue, Suite 704, New York, NY 10001, Toll Free (USA): 1-833-844-9468 d/b/a<br />
<strong>Cyber</strong><strong>Defense</strong>Awards.com, <strong>Cyber</strong><strong>Defense</strong>Magazine.com, <strong>Cyber</strong><strong>Defense</strong>Newswire.com,<br />
<strong>Cyber</strong><strong>Defense</strong>Professionals.com, <strong>Cyber</strong><strong>Defense</strong>Radio.com and <strong>Cyber</strong><strong>Defense</strong>TV.com, is a Limited Liability<br />
Corporation (LLC) originally incorporated in the United States of America. Our Tax ID (EIN) is: 45-4188465,<br />
<strong>Cyber</strong> <strong>Defense</strong> Magazine® is a registered trademark of <strong>Cyber</strong> <strong>Defense</strong> Media Group. EIN: 454-18-8465, DUNS#<br />
078358935. All rights reserved worldwide. marketing@cyberdefensemagazine.com<br />
All rights reserved worldwide. Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved. No part of this<br />
newsletter may be used or reproduced by any means, graphic, electronic, or mechanical, including photocopying,<br />
recording, taping or by any information storage retrieval system without the written permission of the publisher<br />
except in the case of brief quotations embodied in critical articles and reviews. Because of the dynamic nature of<br />
the Internet, any Web addresses or links contained in this newsletter may have changed since publication and may<br />
no longer be valid. The views expressed in this work are solely those of the author and do not necessarily reflect<br />
the views of the publisher, and the publisher hereby disclaims any responsibility for them. Send us great content<br />
and we’ll post it in the magazine for free, subject to editorial approval and layout. Email us at<br />
marketing@cyberdefensemagazine.com<br />
<strong>Cyber</strong> <strong>Defense</strong> Magazine<br />
276 Fifth Avenue, Suite 704, New York, NY 1000<br />
EIN: 454-18-8465, DUNS# 078358935.<br />
All rights reserved worldwide.<br />
marketing@cyberdefensemagazine.com<br />
www.cyberdefensemagazine.com<br />
NEW YORK (US HQ), LONDON (UK/EU), HONG KONG (ASIA)<br />
<strong>Cyber</strong> <strong>Defense</strong> Magazine - <strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> rev. date: 01/03/<strong>2020</strong><br />
104
105<br />
TRILLIONS ARE AT STAKE<br />
No 1 INTERNATIONAL BESTSELLER IN FOUR CATEGORIES<br />
Released:<br />
https://www.amazon.com/Cryptoconomy-Bitcoins-Blockchains-Bad-Guys-ebook/dp/B07KPNS9NH<br />
In Development:<br />
105
106<br />
106
107<br />
107
108<br />
Nearly 8 Years in The Making…<br />
Thank You to our Loyal Subscribers!<br />
We've Completely Rebuilt <strong>Cyber</strong><strong>Defense</strong>Magazine.com - Please Let Us Know<br />
What You Think. It's mobile and tablet friendly and superfast. We hope you<br />
like it. In addition, we're shooting for 7x24x365 uptime as we continue to<br />
scale with improved Web App Firewalls, Content Deliver Networks (CDNs)<br />
around the Globe, Faster and More Secure DNS<br />
and <strong>Cyber</strong><strong>Defense</strong>MagazineBackup.com up and running as an array of live<br />
mirror sites.<br />
5m+ DNS queries monthly, 2m+ annual readers and new platforms coming…<br />
108
109<br />
109
110<br />
110
111<br />
111
112<br />
112