Tuesday, February 21, 2017

New York State’s New Cybersecurity Regulation and What it Means to you

New York is launching a new regulation in cybersecurity which will come into effect March 1. This new regulation will target banking and insurance sectors with the aim of better protecting institutions and consumers against the bad actors that target these firms.
This new cyber security regulation, believed to be the first of its kind adopted by a U.S. state, highlights need as well as the inability to quall the attack on businesses and government agencies regardless of the countless monies invested in information security being thrown at the bad guys.
Take a look at the rest of the article here to determine what this means for youi http://www.ccsinet.com/ny-states-cybersecurity-regulation/

Friday, February 10, 2017

Establishing a Data Protection Committee for the Boardroom

Within other countries, especially Europe, there’s requirement to have data protection committees to enforce the privacy and protection of a countries or organizations data. Within America we don’t have those particular laws enforced here, but it’s something we should still strive towards even if it’s not mandated by government….yet. By establishing a committee regarding data protection within an organization there needs to be upper management approval, understanding of risk and law and the proper tools to complete the job. With this in mind the two largest concerns to data itself is security and privacy. These two topics overlap in certain areas, but can each standalone individually. When building a committee to protect these two aspects of data we’ll need to understand what the role of the committee is and how it will function going forward.


By far the most important part of the committee is the membership of who’s been asked to attend. There needs to be chairs, preferably co-chairs, that have been either voted on or assigned to the committee by upper management or leadership. The committee itself should include all walks of life when it comes to its members and not only include those in the security field. By only including members within security you miss out on valuable insight from other areas of the business. 

Membership should include representation from legal, compliance, particular business units, M&A teams, security & privacy, operations, etc. The membership can grow, but it should be kept to individuals who have the authority and acumen to make decisions regarding the topics at hand. They don’t always have to be experts on data security, but should bring knowledge of their business unit or field and how it relates to the protection of the organizations data. These members should be a cross-functional group of individuals working together with potentially a few advisors to help guide the conversation. This group should be in attendance for the majority of the committee meetings and not continually sending someone in their place. If this happens the meeting will be derailed and won’t bring about change. The tone of the committee should be one of top down management that’s making strategic decisions about data security and should be less operational in nature.

The need for this committee should be one that stimulates conversation with each business group, while guiding, proposing and advising the company on how to handle data protection as an organization. They’ll have to have an understanding of the current threat landscape and where the company is with protecting their data and privacy. By understanding this they’ll also have to understand where the gaps lie within their strategic vision. Once this occurs they can start putting plans in motion for standards and deliverables for subsequent meetings. By creating a vision of the future and reacting towards gaps that are in the company currently the data protection committee can start making real progress within the organization.

With this progress, there will also need to be resources, budget and metrics. Proposing a plan of the future might require budget, but many times there are things that can be done without even spending a dime. Creating an agenda for each meeting with the appropriate deliverables to be accomplished is a helpful way to determine the progress of the committee. By brining metrics of these deliverables and holding those accountable to the data protection tasks will help involvement and participation. Long story short, this data protection committee needs to be made up people throughout the business that are looking to the future to protect the security and privacy of the data your organization holds. By using this committee to shine a light to your data protection efforts it can improve the safety of your data going forward.

The Difference Between Sandboxes and Containers

Isolating malware before it spreads and infects your endpoints is important. In doing so multiple technologies have come out with ways to defend against the threat of malware by isolating and detonating malware before it's able to exploit your systems. In this article, I speak about the differences between sandboxes and containers and recommendations on when they should be used.

It's really up to your architecture as to what makes the most sense for your environment, but understand the difference between containers and sandboxes will definitely give you a good starting point.

You can read my opinion on the matter here: http://searchsecurity.techtarget.com/answer/Whats-the-difference-between-software-containers-and-sandboxing

Tuesday, January 31, 2017

Cloud Adoption is Driving Security Innovation

Cloud adoption is bringing about a revolution in security innovation. Only a few short years ago security professionals were terrified to even utter the word “cloud”, but today as organizations see the benefit of moving towards the cloud it’s adoption has forced innovations that weren’t around just a few short years ago. If the cloud was to ever be taken seriously cloud service providers knew security had to be wrapped in from the start. By taking this approach leading cloud providers have driven security into their infrastructure and have arguably created environments that are not only as secure as where a business’s data was previously, but potentially even better. In many cases it’s up to the organization to create and manage the configuration in a secure manner. With this being said, CSP’s and security vendors have taken advantage of security in the cloud and are pushing it to their advantage and securing their clients in the meantime.

Cloud Service Providers Benefit from Security
It’s not a secret that AWS and Azure have been making giant strides in security. This has been done by either partnering with third party vendors to integrate their solution into their infrastructure, or with home grown features allowing clients the ability to have the needed architecture to implement a secure network. The security risks of the cloud were made known right away and without the CSP’s foreseeing this blocker as early as they did the cloud adoption wouldn’t be as prevalent as it is today. Not only did they secure their infrastructure to a point where it would pass regulatory audits, but added additional features within their cloud ecosystem that allowed security to come to the masses (E.G Logging, WAF, firewalls, security assessments, etc) that are built into their offerings. In the past other companies might have shied away from these options with on premise equipment, but having these services available has helped spread the awareness and implementation of security to the masses. The major CSP’s have to be given credit on the way they’ve banked on security and turned their offerings not only more secure, but more successful.

Security Vendors Adoption and SecSaas
With the cloud providers shoring up their infrastructure it was only a matter of time before the security vendors started to dabble in the cloud. Today there numerous cloud options available to security your enterprise and the security industry has made a large push to make sure that they’re products are all functional in a cloud based architecture. The security industry has been given a green light to proceed developing their products to be cloud friendly. If they didn’t they’d be left behind by competitors that are taking advantage of all the benefits the cloud has to offer. Just like the CSP’s pushed security into their offering early on, the security vendors are now pushing cloud into theirs.
Security vendors are using the cloud now to produce innovate products that are changing the way businesses work. The flexibility of the cloud and the capability to communicate remotely is allowing vendors to perform additional analysis, monitor more efficiently and remove management systems that once lived on premise at a client’s site. This is also allowing protection of endpoints to be up consistently up to date no matter where that endpoint happens to be. These vendors are also able to setup SOC like monitoring since all data lives on their site and assist the clients with 24x7 monitoring. No longer does an endpoint leaving the boundaries of your enterprise also leave security behind with it. These vendors are able to have their hybrid solutions produce the same level of security and monitoring without being tied to a geographic location.

Also, this has produced a huge increase in SecSaaS or security as a service. These services allow customers to have the flexibility of security services in the cloud and outsource the infrastructure to a third party. This industry has been growing and will continue to be a large part of the security in the cloud. A few examples of these services would be: MFA, IdP, SIEM, spam/phishing, DLP, MDM and the list goes on. These providers are taking particular security services that would normally be done on premise and outsourcing them to the cloud. The innovation here allows quick turn around on implementation, mergers and acquisitions to be unified, adoption of technology that might not have the in-house resources to manage, etc.

Many security companies today will start in the cloud and by having the ability to launch something in startup mode allows for innovators to test their ideas without having to be strapped for capital. This allows the burden of finances to be lifted and for new technology to be developed without the fear of financial loss. The cloud is enabling new ideas that are able to be tested quickly and efficiently and with that the industry will continue to grow and ideas that might have been stifled in the past will flourish and have the ability to be used by the masses.


Monday, January 30, 2017

Reviewing the Stampado Ransomware Variant

It seems like every day there's a new variant of ransomware popping up in the wild. Attackers are constantly tweaking code and making feature enhancements to their product to keep one step ahead of defenders. In this article, we discuss the Stampado variant, how it worms its way through your netowrk and why it became so popular.

http://searchsecurity.techtarget.com/answer/How-does-Stampado-ransomware-spread-to-external-drives

Forget Mobile Apps the Battle's on Your Infrastructure

Mobile apps might be a newer threat landscape within information security, but it’s not where the war is being waged. Don’t get me wrong there are some very dodgy things happening in the mobile arena and it’s something we need to be diligent with when it comes to security, but the biggest threats are occurring here, they’re happening in your infrastructure. Many mobile apps, I’m saying many when I refer to Apple, receive timely software updates, solid data permissions and configurable privacy settings. This doesn’t mean they’re impenetrable as we’ve seen with the recent Stagefright and Trident attacks against both Android and iPhone respectively. With this being said, the infrastructure is still the target. It’s where the malicious actors are looking to conquer and mobile apps are just one way into this battle.

A few years ago everyone was concerned with locking down the perimeter and making it impenetrable. I honestly think we’ve done a decent job of this and attackers have shied away from walking right through the front door. I’m sure this still happens today with misconfigurations and weak firewall rules, but an enormous amount of time and money have been spent to protect the perimeter from attack. It boded so well that attackers started looking into other areas of attack and brought the focus back to the internal infrastructure, in particular the endpoint. The endpoints within your infrastructure are comparable to the battlefield today. Included within this battle are not only mobile devices, but every endpoint that a user is touching. These are the entry points into the network and allow attackers the ability to gain a foothold into your environment.

With the war being focused back to the endpoint we’re seeing an entire new market based off analytics appear to protect the endpoints from attack. This is more than needed since the old method of using signatures has become a reactive approach of catching malicious actors moving through your systems. By being able to have additional visibility into your network from an east-west perspective improves your chances of detecting an attacker before they’ve compromised additional endpoints. The fight being brought down to the endpoint has spawned new technologies that didn’t exist just a few years ago. Just like the rise in technology produced during World War II to protect those against harm ushered civilizations into a new age of advancement after the war. The crisis of malware and attackers infecting endpoints has forced many vendors to generate technology that helps remediate some of the larger issues at hand within their infrastructure.

These technologies are in a direct response to the onslaught of attacks occurring within these networks against their infrastructure and endpoints. Many of these technologies are able to produce agents that allow segmentation for isolation, are signatureless, allow for an understanding of your compliance as hole, etc. Included within these detections are also systems that allow for deception to catch attackers within the infrastructure, use baselining analytics to catch endpoint behavior out of the norm and even allow third party “hunt teams” to search your network for malicious actors and events.

The endpoints within your infrastructure are where the battle is being waged and the technology is catching up once again to assist with giving people the ability to defend themselves. This of course is not a panacea by any means, but it’s an exciting advancement to the call of duty that security practioners require to assist them on the frontlines. Let’s hope that with the advancement of new technology the discouragement of attackers will be pushed back giving defenders just enough time to prepare for the attackers next avenue of attack. The cat and mouse game will continue, it’s just a matter of when and where.


Thursday, January 26, 2017