alt =""

Monday, 7 December 2015

Disruptive Technology Weekly Roundup – Dec 1st to Dec 7th

The prevention, detection and response to cyber security in 2016 will view a sea of changes, says a new report from Forrester Research. According to Forrester, the five cybersecurity predictions and resulting actions to be taken in 2016 are as follows: In this disruptive technologies era, were wearables and IoT is expected to be more prevalent, the security and risk professionals should focus and reexamine the existing security functions in through a new angle. They should consider the human factor also while addressing the security threats. The second prediction is on Governments security capabilities. The research firm has given a bleak assessment of the security capabilities of US government, which is short staffed, under-budgeted and lacking internal discipline. The third prediction was about the expected increase of security and risk spending by 5 to 10 % in 2016. Fourth comes the defense contractors’ prospective entry to private industry with claims regarding ‘Military grade’ security. However, Forrester warns private players to thoroughly watch the commercial experience and their commitment before acquiring them. The fifth prediction covers the HR department that they will bring in identity and credit protection and resolution services as an employee benefit, in this era of increasing fraud, identity theft, medical identity theft and damage to personal online reputation. Read More:

As the holiday season is coming up, the cyber security researchers in the US warns about a malware, ModPOS, which is largely undetectable by current antivirus scans. The firm also points that the malware has infected even some of the national retailers. According to the researchers, it is one of the most sophisticated point-of-sale malware with a complex framework which is capable of collecting a lot of detailed information about a company, including payment information and personal log-in credentials of executives. To address the threat, the companies need to use more advanced forms of encryption to protect consumer data. Point-to-point encryption where a consumer’s payment card data is unlocked only after it reaches the payment processor is one such effective method to combat the malware threat. Security experts warn that without such protections, even new credit cards with a chip technology known as EMV could still be compromised by infected point-of-sale systems. Read More:

The information security landscape is continuously evolving, with the proliferation of disruptive technologies like mobile, social, cloud and big data have been increasingly impacting protection strategies. In-depth strategies to monitor, analyse and report security incidents is paramount to deliver an effective enterprise security risk management profile. Happiest Minds with our deep expertise in security arena along with a large pool of experienced security professionals brings in security solutions that address the key challenges faced by enterprises today. Our services aim to improve the agility, flexibility and cost effectiveness of the next generation needs of information security and compliance programs.

How Do You Solve a Problem Like Cyber Security?

Happiest Minds UK discusses the new-age deception technologies UK businesses should adopt to bolster theircyber-security defences
The recent TalkTalk cyber-security breach has brought the issue of security firmly back into the public’s psyche and has put both government and organisations on high alert. It seems that regardless of your vertical market, be it finance, technology or banking, the threat of a cyber breach is pretty much imminent. Only today I read an article which outlined that Britain’s Trident nuclear weapons system may be vulnerable to cyber-attack by a hostile state, according to former defence secretary Des Brown.
So, despite the UK being one of the highest EU spenders on IT security, existing cyber security solutions are simply not good enough to stop malicious hackers and evolving threats. It’s little wonder why Chancellor George Osborne has pledged to spend an additional £1.9 billion on cyber security and has committed to the creation of a ‘National Cyber Centre’ to respond to major attacks on Britain.
So, how do you solve a problem like cyber security? Well, the answer could well be to implement emerging deception technologies such as next-generation honeypots and decoy systems which, according to a new Gartner report entitled ‘Emerging Technology Analysis: Deception Techniques and Technologies Create Security Technology Business Opportunities’, could have a game changing impact on enterprise security strategies.
Deception technologies are effectively tools which deceive attackers and enable the identification and capture of malware at point of entry. They misdirect intruders and disrupt their activities at multiple points along the attack chain by luring them towards fake or non-existent data and away from the organisations critical data.
Let us look at a few of these technologies in greater detail:
Honeypots—or software emulations of an application or server—have been around for a few years now. A honeypot works by offering ‘honey’, something that appears attractive to an attacker, who will then expend his resources and time on gathering the honey. In the meanwhile, the honeypot does an admirable job of drawing his attention away from the actual data it seeks to protect.
Decoys are similar to honeypots and cause the attacker to pursue the wrong (fake) information. Many decoys act together to fill the attacker’s radar in a manner as to render it difficult for him to differentiate between real and fake targets.
However, organisations are now looking for more active defence strategies that not only lure in attackers, but also trap them, confound them and track their activity. One such deception technology offers an emulation engine masquerading as a run-of-the-mill operating system. The ‘operating system’ contains ‘sensitive’ data that could be attractive to attackers, for example data labelled ‘credit card info’. The platform will lure the attacker in by allowing him to ‘hack’ this fake data and in turn start gathering information about his movements and the codes that he seeks to modify. This intelligence can then be shared with other security tools, such as intrusion prevention systems, to defend against the attack.
A number of start-ups are designing various kinds of intrusion deception software that insert fake server files and URLs into applications. These traps are visible only to hackers and not normal users. An example of such a snare could be trapping hackers probing for random files by granting them access to bogus files that are a dead-end and merely keep leading them in circles towards more fake data. Or protecting the system against brute-force authentication by scrambling the attacker’s input so he can never get the password right, even if he does happen to type out the right code.
Other technologies set up fake IP addresses on webservers that, on multiple attempts to hack them, will always present a deception to that user. Other companies set up virtual systems or computers that actually have no data on them, and are indistinguishable from other machines on the network. Repeated intrusion into and unwarranted activity on these systems make it easy to identify hackers. The hackers’ movements and methods can then be analysed, and the data fed back into other threat detection solutions and tools.
Deception technologies therefore create baits or decoys that attract and deceive attackers, making it quicker for an organisation to detect a security breach. They increase the attacker’s workload and exhaust his resources. Certain solutions go beyond merely setting up decoys to also conduct forensic analysis on these attacks so the organisation can effectively defend its network and speedily mitigate security breaches. It may not be a ‘one size fits all’ answer to the cyber security conundrum, but it is certainly one more weapon in the organisation’s armory against hackers.