Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Security Solutions. Show all posts

Cisco: Leadership Awareness Fuels the Booming Identity Market


The latest research conducted by Cisco Investments with venture capital firms reveals that most CISOs believe complexity in tools, number of solutions and technical glossaries are among the many barriers to zero trust. 

It has been observed that around 85% of the IT decision-makers are now setting identity and access management investments as their main priority, rather than any other security solution. This is stated in the CISO Survival Guide published by Cisco Investments, the startup division of Cisco, along with the venture capital firms Forgepoint Capital, NightDragon, and Team8.

Interviews with Cisco customers, chief information security officers, innovators, startup founders, and other experts led to the creation of the 'guide', which examined the cybersecurity market in relation to identity management, data protection, software supply chain integrity, and cloud migration.

From 30,000 feet up: More interoperability, less friction, and data that is genuinely relevant and understandable for decision-makers, according to interviewees, are the most essential requirements.

The main spending priorities of the report were fairly evenly distributed, with user and device identity, cloud identity, governance, and remote access receiving the most mentions from CISOs. 

Cloud security turned out to be the primary concern, with a focus on the newly emerging field of managing cloud infrastructure entitlements.

Demands of CISOs: Ease of Use, Holistic Platforms, CIEMs

The three main areas of identity access management, clouds, and data that CISOs believe are most concerning are:

  • The fragmented world of security silos is because of the lack of unified platforms for IAMs, identity governance and administration, and privileged access control. 
  • Enterprise clients are embracing cloud service providers' offerings for managing cloud infrastructure entitlements.
  • The CISOs were against the use of acronyms since they were bothered by the overuse of acronyms like CIEM.

Moreover, the authors of the Cisco Investment Study note that “This trend imposes cycles for CISOs to vet and unpack these purportedly new categories, only for them to discover they are a rehash of existing solutions.”

Top Motivators Will Look for Management Solutions 

Apparently, some top motivators cited by CISCOs will be investing in identity management solutions for the management of user access privileges, identity compliance, and the swift expansion of companies' threat surfaces.

Here, we are mentioning some of the changes that the IT decision-makers look forward to in the next-generation identity platforms: 

  • Ease of integration (21% of those polled). 
  • Platform-based solution, versus single-point or endpoint offerings (15%). • Ratings from independent analysts (15%). 
  • Price (11%). 
  • Market adoption (11%). 
  • Simplicity of deployment and operations (10%). 
  • Ability to deploy at scale quickly (9%). 
  • Ability to add features easily (8%).     

5 Ways That Can Help Your Business in Remote Work Security While Saving Costs


CISOs can ensure BYOD and remote work without raising safety costs

Remote and hybrid work models are the common trend in the current industry. The sudden shift to this new model of working also has some threats and security risks associated with it.

With the start of 2023 and fears of recession dawning over enterprise planning, security companies should find new ways to secure sensitive data and resources without increasing expenses. 

However, they also have to keep supporting work from home and Bring Your Own Device (BYOD) policy, these two are main drivers for business agility, accessibility, and flexibility to a wider range of human talent. 

Chief Information Security Officers (CISOs) can incorporate these five ways to ensure remote work security while saving operational costs:

1. Replacing virtual desktops

Virtual Desktops (VD) are virtual PCs in the cloud that allow remote access to on-premises physical devices. Once VD software is installed on the remote endpoint device, users can link to their in-office workstations. This solution was made for legacy architectures and was a go-to option if a user needed to leverage his on-premise computer to access on-premises company resources and keep working. 

2. Implement a zero-trust approach

Cloud architectures pushed security organizations to bring new ways of permission provisioning. With global users, the old castle-and-moat approach doesn't work anymore. Hence, identity became the new standard, pushing security firms to control access in a new manner. 

The best identity-based security approach for distributed architecture is "zero-trust," it consists of ongoing user verification and authorization, instead of trusting them on the basis of network origin or IP. As per the recent IBM Cost of a Data Breach Report 2022, the zero-trust method saved companies an average of $1 million in breach damage. 

Any security response should provide a "zero-trust" approach as a part of its solution to stop the attack window from getting access and restrict lateral movements, and also cut down data breach costs. Purchasing any other solution can increase unnecessary costs for your business. 

3. Control access via granular conditions

User verification and access management are laid out from a clear set of policies. These policies decide which actors can access what resources, and the actions they can perform. But keeping high-level policies will offer users extra privileges and can result in a costly data breach. 

Authorization policies should be granular to make sure not too many access privileges are given to users, they should be consistent throughout all SaaS and local applications and implemented on both unmanaged and managed devices. This will help ensure high ROIs (return on investment), and increase security, and productivity. 

4. Provide security awareness training to employees

As per Verizon's 2022 DBIR report, "82% of breaches involved the human element. Whether it is the use of stolen credentials, phishing, misuse, or simply an error, people continue to play a very large role in incidents and breaches alike." Remote work has further increased the use of sophisticated phishing attacks, around 62% of security experts said that phishing campaigns were a major threat during Covid-19, suggests The New Future of Work Report from Microsoft. 

A cybersecurity solution will only work when employees are aware and know how to deal with potential threats like malware, phishing emails, and sites, etc.

5. Use modern alternatives as a replacement for costly network solutions 

Network security solutions such as VPNs, SWGs, Endpoint Detection and Response (EDR), and CASBs are costly and need IT management and maintenance, which increases cost. These are difficult to deploy, affecting user experience, and do not always provide instant solutions to businesses. 

Modern alternatives offer conditional access to resources, and they have the potential to ensure a higher level of security while keeping operational costs low and also managing network traffic. 

What is next for security firms in 2023?

It does not matter if the recession is nearing or not, security teams have to provide security while keeping the operational costs under control. Traditionally, it has been difficult for security teams to work as per the given budget, hence, they will have to modify the approach and planning in dealing with threats. Low-cost and effective security measures will be the key for security solutions firms as we step into the year 2023. 



Interview Spotlight: Israeli Hardware Solutions, Sepio Systems

On 19 November, E-Hacking News conducted an interesting interview with Sepio Systems. The company provides its customers with the highest level of visibility, policy enforcement, and Rogue Device Mitigation capabilities. The guest speaker for the interview was Mr.Bentsi Ben-Atar, CMO, and Co-Founder, Sepio Systems.

Founded in 2016 by veterans from the Israeli Intelligence Community, Sepio HAC-1 is the first platform that provides visibility, control, and mitigation to zero trust, insider threat, BYOD, IT, OT, and IoT security programs. Sepio is a strategic partner of Munich Re, the world’s largest reinsurance company, and Merlin Cyber, a leading cybersecurity federal solution provider.

1.       Can you please introduce yourself to our readers?

Bentsi Ben-Atar: I am one of the co-founders for Sepio Systems, the company was founded by a group of founders that have been working together for almost 30 years now. We have a strong background in cybersecurity and “rogue device management” in general.

2.       Can you please tell us about your company Sepio Systems?

The company deals with a very unique domain within the cybersecurity industry and that’s the issue of managing the hardware within the enterprises. What we have built is a solution that provides all the aspects related to hardware access control, we call it “HAC” and our solution is called “HAC-1.

We see that Enterprises are struggling with three elements of hardware access control. The first one is the fact they have limited visibility to whatever is connected and sometimes a very significant gap between what people think is connected and to what is actually connected. So, there are visibility gaps that need to be addressed and they need to be addressed regardless of the device itself.

Once you have visibility and now you are aware of your assets, then you can move to the policy enforcement features of your enterprises. It means that now you can apply certain policies while you are working from home and a different policy while you are at the office.

And once you have these two pillars in place then you can move into the more interesting part of the solution, and those are the security aspects. You know what devices are connected, you know how to disable or mitigate any risk associated with it. Now you need to provide the Rogue Device Mitigation.

 

3.       Please explain to us about Hardware Access Control.

Hardware Access Control is the term used to describe a solution that manages all aspects of hardware devices. Hardware devices may be network elements possibly controlled by NAC (Network Access Control or a USB peripheral connected to an endpoint (controlled by EPS/EDR). HAC does not distinguish devices by its interface and provides an aggregated holistic approach to hardware asset management.

 

4.       What are Rogue Devices and what is their impact on the enterprises?

Rogue devices are devices that are either hardware manipulated or firmware manipulated devices that are introduced into the enterprises. The main channels for the attack vehicles are either the supply chain which is a significant risk for enterprises as hardware screening is a huge challenge. The other popular attack vehicle is the human factor, in that case, human beings will always be the weakest links because people can be threatened, they could be paid off, they could be extorted. I think that history along the way has shown that any human being has a weak point. If you, as a cybercrime organization can extort a certain bank, gain access to a certain system, in most of the cases you will get away with that.

 

5.       Why do you think that these “Rogue Attacks” are on the rise?

We see a growing number of attacks that are based on hardware tools. From the attacker's perspective, they have the option of either going head to head against existing cybersecurity products, or they can find an alternative path to the enterprises. There are a lot of hardware-based attacks happening all around the world on critical infrastructures like banks, data centres, retail, etc. It doesn’t get to the public eye in most cases due to several reasons.

First, companies in most cases are very reluctant to admit the fact that they have been breached through this domain because it also implies on their level of physical security and no one wants to admit that someone was able to plug in a rogue device. On the other hand there are a lot of attacks that create a signature that may be wrongfully attributed to other types of attacks.

One of the demos that we really love to do is using and demoing the vulnerability of wireless keyboards and mouse, these devices can be easily manipulated and spoofed. For example, let’s say you’re sitting in your home or office, there could be a guy sitting in the next building, it doesn’t have to be next to your endpoint. By using a very simple publicly available payload that runs on a raspberry pi, you can actually spoof the communication between that wireless keyboard and mouse. You can do a remote keylogging, and most importantly, you can point that endpoint to a certain URL that a certain piece of malware is waiting to be downloaded.

At the end, you even have to go over the human factor which is convincing the user that this link is not a suspicious link. So, there are a lot of obstacles that need to be dealt with. Compared with the option of coming with out of bound raspberry pi with a spoofing capability, you open up the browser independently, and forensic wise it would look like this was an act of an employee within the organization.

So sometimes it would be attributed to a phishing attack or wrongful doings of an employee while in real life the story is completely different.

 

6.       How do Sepio Systems counter these Rogue Devices?

Sepio Systems HAC-1 “dives deeper” into the the physical layer, revealing the true entity of a given device, not according by what it “says” it is, but for what it is really is.These capabilities are achieved through a unique algorithm, a combination of physical layer fingerprinting and Machine Learning augmentation.

7.       The Data Security Council of India (DSCI) has also talked about your company. Can you please tell us more about this project and ‘Sepio Prime Rogue Device Mitigation Solution?’

Without referring to any specific name (a customer or not), our solution provides enterprises, especially the ones concerned with their data. These enterprises can be financial institutes, government agencies or other entities extremely concerned with the attack vehicles.

We provide them with solutions that cover two main interfaces. One is the USB interface and the other is the Network interface. Our solution actually monitors and analyses the physical layer information. It means that we don’t look into user traffic, user log files. We read out all the physical layer related information by analyzing it with an algorithm which is a combination of physical layer fingerprinting and machine learning. We can actually detect the existence of such passive devices.

One of the coolest features of our solution is that it doesn’t require a baseline or training period. Obviously in today’s cybersecurity atmosphere, no single solution provides a complete seal for the entire enterprise. Therefore, the capability with integrating other solutions is extremely important, and all these solutions are easily integrated with our solutions so that we can actually extend the visibility of the enterprise into the deeper layer.

8.       Can you explain how this Layer-1 solution works?

Our solution is actually comprised of two main functionalities. The first one deals with Network Security and the second one deals with Peripheral Security/ End Point security. The way Network Security works are that we communicate with the existent networking infrastructure by using read-only commands. The only thing the enterprise needs to do is to provide restricted user credentials for our solutions.

Before our deployment, we actually provide a list of commands that we will be using. Once we get the information, we will compile it using an algorithm that is a combination of physical fingerprinting and machine learning enhanced solution. The fingerprinting is extremely important because when we get a hit, we can actually name the attack tool. The deployment process itself is straight forward, it takes less than 24 hours to have everything up and running.

The output and value of this solution are instantly delivered, you can actually see all the rogue devices and visibility. In a very interesting incident, we found a gaming console connected to a secured network, approved by NAC but never reported.

Now, the second part of this solution deals with the peripheral. It is a bit different because in the endpoint case, the endpoints could be offline, and you want to make sure that the mitigation, once a rogue device has been detected or even just a brief of policy. The mitigation needs to be immediately so that the USB device will be blocked. When the attacker comes in, they can configure their attack tools to present the same façade as a legitimate device.

So, the difference between Network Security and End Point Security (algorithm wise) is the fact that on the peripheral we also fingerprint ‘known to be good’ devices, so that we have a full database of good devices and bad devices. One of the nicest features we also have is the ‘threat intelligence database,’ it means that every installation has a local copy of our threat intelligence database which includes a list of all ‘known to be vulnerable devices.’


9.       Tell us more about the leadership team behind Sepio Systems?

Our leadership is something that we take great pride in. We are a U.S-Israel based company, we are headquartered in Rockville, Maryland. We have a very strong all-women U.S board which we take great pride in, led by the current CISO for HSBC. We have interviews posted on social media which I think are a fascinating array of women that bring tremendous value to our company.

We have a strong backup from various industry leaders and veterans from various government agencies. We perceive to be kind of a task force to deal with this domain which was until now significantly underserved.

10.   During the COVID-19 pandemic, everyone has started working from home, sometimes it can be a kid playing a video game on a pc. How does an organization keep the family’s data separate from the employee’s? How do you make sure that the family’s data is not being taken by your systems?

Enterprises first need to have a clear policy about their equipment. Having a policy without the capability of enforcing it is ineffective. First of all, the employee needs to understand the risks associated with it. And for that, we have a very interesting video series called Captain RDM which actually illustrates very serious cases in a non-technical way.

You can do one or two things. As a CSO, we can issue (this is what a lot of enterprises do) a company-issued device for it. If you are in need of an additional keyboard, we will provide you with that. If this is not the case, we make sure to know that if a ‘known to be vulnerable device’ is connected and block it.

For work from home cases, we have allowed the ‘1 + 1’ option, it means that for every license that our user got they were eligible for another license without any additional costs.

11.   On your website, people talked about how Sepio Systems has efficiently countered Rogue Device Threats and Internet of Threats (IoT)? Before we conclude the interview, do you have anything to say about that?

One thing that we’ve learned is never disrespect your opponent. They will always be innovative and smart. They are able to provide attack tools that are cocooned within legitimate looking device in ways that you can only imagine. When there is enough motivation for the attacking party for a specific side, because its specifically lucrative target, they will find a way to get into it even if it’s a data centre, or a highly secured facility, anything can be achieved.

With IoT, smart nations and smart cities coming up, a lot of hardware getting installed all over, and the Covid pandemic making people work from home, this issue becomes more relevant. It is more relevant today than it was yesterday and it is going to get even more relevant as the days go by.

 

 

 


New Generation Reeja Vajra Cloud for Automated Threat Monitoring

Cyber Security and Privacy Foundation Pte Ltd.(CSPF), Singapore (http://cysecurity.co/), has released the latest version of Reeja Vajra Cloud. Reeja Vajra provides Automated Threat Monitoring via the Cloud. Reeja Vajra has been successfully deployed at several clients in the banking/financial services sectors in India and overseas.

The proprietary Reeja Vajra technology now incorporates machine learning, advanced algorithms, recognition and comparison engines and an advanced shell detector. The essential deliverables of latest version of Reeja Vajra includes Daily Network Vulnerability Identification, Application Vulnerability Identification, Webserver & Frame work level vulnerabilities, Random APT attack vector identification, Defacement monitoring and Reputation service (Including Similar domain Monitoring for phishing). Reeja Vajra Cloud incorporates four modules : APMS – Anti Phishing, Malware, Spamming Module (Anti Fraud Service), WRSS – Web Reputation and Security Scan Module and AVA – Automated Vulnerability Assessment for IP Address and DF 24 – a defacement monitor.

As J Prasanna, founder and CEO of CSPF, says, “despite Organisations & governments around the world deploying latest Web application firewalls, other firewalls, intrusion prevention systems, SIEM and being certified under ISO270001, they continue to get hacked almost at will. Are these technologies really working?”

CSPF in earlier days analysed the main reason for hacks actually taking place as:
    - Lack of security researchers in organisations with intuitive understanding of hacking
    - Insecure Web applications and Mobile apps forming the attack surface area
    - Absence of co-ordination between application and network teams
    - Application teams lack knowledge to fix vulnerabilities identified by VAPT teams
    - VAPT teams from external vendors/consultants who run script tools and don’t actually find vulnerabilities.
- Risk management teams not having a say in IT teams

Reeja Vajra, as a Dedicated SaaS platform, was born of these findings to assist CISOs who want “real safety”, going beyond standard technology deployments.
The benefits of Reeja Vajra include -

    - APMS, non intrusive scan to identify compromises in corporate IT infrastructure
    - AVA IP/AVA WRSS which identifies vulnerabilities on Web/OS/network level
    - DF24 to identify when a website/service is down, or a defacement by hackers
    - AP24/AP24CTL which can identify phishing site/brand abuse very quickly using neural network/machine learning with computer visioning
    - Manual APT testing once a month to enable white hat hackers to identify vulnerabilities missed by automated scans
    - All vulnerabilities found by automated/manual tests are moved to a bug track list for SOC of organisation to fix
    - Daily report and weekly report generation
    - CISO dashboard shows the current Cyber Threat Index and different graphical views of the vulnerabilities of the organisation.
    - CSPF team works with the application team/vendors to train them on application security aspects of programming
    - The entire focus is find vulnerabilities, prioritise them and work with Application team/network team to fix them. This helps to bring down overall vulnerabilities which can be exploited by hackers to zero and maintain this on a consistent basis


Background on CSPF
CSPF is a highly specialised cyber defense boutique that utilises proprietary technology and products to provide strategic consulting, services and protection against potential attacks on critical front end and back end IT infrastructure from organised criminal, mafia, hacker or state backed groups. CSPF provides services in Vulnerability Assessment and Advanced Persistent Threats (APTs) Assessment. CSPF's core focus includes banking & financial services, critical infrastructure and governments.
CSPF is an evolution of a journey in information security that started in 1992. It is part of an eco-system that includes an information security news portal (E-Hacker) and a foundation dedicated to developing cyber security awareness and defense skills. CSPF choose to incorporate in Singapore in order to internationalise the organisation and to optimally harness software talent in India as well as other parts of the world. Cyber threat is global and the counter response also has to be global in nature.