alt =""
Showing posts with label IT security. Show all posts
Showing posts with label IT security. Show all posts

Monday, 7 December 2015

Disruptive Technology Weekly Roundup – Dec 1st to Dec 7th

The prevention, detection and response to cyber security in 2016 will view a sea of changes, says a new report from Forrester Research. According to Forrester, the five cybersecurity predictions and resulting actions to be taken in 2016 are as follows: In this disruptive technologies era, were wearables and IoT is expected to be more prevalent, the security and risk professionals should focus and reexamine the existing security functions in through a new angle. They should consider the human factor also while addressing the security threats. The second prediction is on Governments security capabilities. The research firm has given a bleak assessment of the security capabilities of US government, which is short staffed, under-budgeted and lacking internal discipline. The third prediction was about the expected increase of security and risk spending by 5 to 10 % in 2016. Fourth comes the defense contractors’ prospective entry to private industry with claims regarding ‘Military grade’ security. However, Forrester warns private players to thoroughly watch the commercial experience and their commitment before acquiring them. The fifth prediction covers the HR department that they will bring in identity and credit protection and resolution services as an employee benefit, in this era of increasing fraud, identity theft, medical identity theft and damage to personal online reputation. Read More:

As the holiday season is coming up, the cyber security researchers in the US warns about a malware, ModPOS, which is largely undetectable by current antivirus scans. The firm also points that the malware has infected even some of the national retailers. According to the researchers, it is one of the most sophisticated point-of-sale malware with a complex framework which is capable of collecting a lot of detailed information about a company, including payment information and personal log-in credentials of executives. To address the threat, the companies need to use more advanced forms of encryption to protect consumer data. Point-to-point encryption where a consumer’s payment card data is unlocked only after it reaches the payment processor is one such effective method to combat the malware threat. Security experts warn that without such protections, even new credit cards with a chip technology known as EMV could still be compromised by infected point-of-sale systems. Read More:

The information security landscape is continuously evolving, with the proliferation of disruptive technologies like mobile, social, cloud and big data have been increasingly impacting protection strategies. In-depth strategies to monitor, analyse and report security incidents is paramount to deliver an effective enterprise security risk management profile. Happiest Minds with our deep expertise in security arena along with a large pool of experienced security professionals brings in security solutions that address the key challenges faced by enterprises today. Our services aim to improve the agility, flexibility and cost effectiveness of the next generation needs of information security and compliance programs.

How Do You Solve a Problem Like Cyber Security?

Happiest Minds UK discusses the new-age deception technologies UK businesses should adopt to bolster theircyber-security defences
The recent TalkTalk cyber-security breach has brought the issue of security firmly back into the public’s psyche and has put both government and organisations on high alert. It seems that regardless of your vertical market, be it finance, technology or banking, the threat of a cyber breach is pretty much imminent. Only today I read an article which outlined that Britain’s Trident nuclear weapons system may be vulnerable to cyber-attack by a hostile state, according to former defence secretary Des Brown.
So, despite the UK being one of the highest EU spenders on IT security, existing cyber security solutions are simply not good enough to stop malicious hackers and evolving threats. It’s little wonder why Chancellor George Osborne has pledged to spend an additional £1.9 billion on cyber security and has committed to the creation of a ‘National Cyber Centre’ to respond to major attacks on Britain.
So, how do you solve a problem like cyber security? Well, the answer could well be to implement emerging deception technologies such as next-generation honeypots and decoy systems which, according to a new Gartner report entitled ‘Emerging Technology Analysis: Deception Techniques and Technologies Create Security Technology Business Opportunities’, could have a game changing impact on enterprise security strategies.
Deception technologies are effectively tools which deceive attackers and enable the identification and capture of malware at point of entry. They misdirect intruders and disrupt their activities at multiple points along the attack chain by luring them towards fake or non-existent data and away from the organisations critical data.
Let us look at a few of these technologies in greater detail:
Honeypots—or software emulations of an application or server—have been around for a few years now. A honeypot works by offering ‘honey’, something that appears attractive to an attacker, who will then expend his resources and time on gathering the honey. In the meanwhile, the honeypot does an admirable job of drawing his attention away from the actual data it seeks to protect.
Decoys are similar to honeypots and cause the attacker to pursue the wrong (fake) information. Many decoys act together to fill the attacker’s radar in a manner as to render it difficult for him to differentiate between real and fake targets.
However, organisations are now looking for more active defence strategies that not only lure in attackers, but also trap them, confound them and track their activity. One such deception technology offers an emulation engine masquerading as a run-of-the-mill operating system. The ‘operating system’ contains ‘sensitive’ data that could be attractive to attackers, for example data labelled ‘credit card info’. The platform will lure the attacker in by allowing him to ‘hack’ this fake data and in turn start gathering information about his movements and the codes that he seeks to modify. This intelligence can then be shared with other security tools, such as intrusion prevention systems, to defend against the attack.
A number of start-ups are designing various kinds of intrusion deception software that insert fake server files and URLs into applications. These traps are visible only to hackers and not normal users. An example of such a snare could be trapping hackers probing for random files by granting them access to bogus files that are a dead-end and merely keep leading them in circles towards more fake data. Or protecting the system against brute-force authentication by scrambling the attacker’s input so he can never get the password right, even if he does happen to type out the right code.
Other technologies set up fake IP addresses on webservers that, on multiple attempts to hack them, will always present a deception to that user. Other companies set up virtual systems or computers that actually have no data on them, and are indistinguishable from other machines on the network. Repeated intrusion into and unwarranted activity on these systems make it easy to identify hackers. The hackers’ movements and methods can then be analysed, and the data fed back into other threat detection solutions and tools.
Deception technologies therefore create baits or decoys that attract and deceive attackers, making it quicker for an organisation to detect a security breach. They increase the attacker’s workload and exhaust his resources. Certain solutions go beyond merely setting up decoys to also conduct forensic analysis on these attacks so the organisation can effectively defend its network and speedily mitigate security breaches. It may not be a ‘one size fits all’ answer to the cyber security conundrum, but it is certainly one more weapon in the organisation’s armory against hackers.

Wednesday, 25 November 2015

5 Ways to Secure the Public Cloud

As cloud computing becomes more sophisticated and mainstream, the shift to the public cloud is gaining tremendous traction. With big-brand clouds (Amazon Web Services, Google Cloud Platform and Microsoft Azure) fast evolving, more and more enterprises are moving away from private clouds. However security is justifiably a top concern when moving applications and data into the public cloud. Some of the questions foremost on everyone’s mind are - How secure is my data? What will happen is there is a breach with the public cloud vendor? How do I ensure that my data is properly protected in this case?

Security is ultimately a shared responsibility between the company and the public cloud vendor.  According to Forrester, cloud success comes from mastering the “uneven handshake”. While cloud vendors are typically responsible for securing the data center, infrastructure and hypervisor, the onus is on you, as a consumer to close this gap with the necessary OS, users, applications, data and of course, security – in tandem with the vendor.

Journeying to the Public Cloud

The key is to find a cloud provider that fits best for your business. This means you need to thoroughly vet potential vendors and conduct a full risk assessment prior to signing any contract. Considering the fact that different cloud service providers provide varying levels of security, it is best to look at their security and compliance activities and choose one with transparent processes. Once this decision has been made, the next step is to take into account the various security risks and chart possible solutions to create a secure cloud environment.

Here are 5 steps to best protect data in the public cloud:

Intelligent Encryption

Encryption is a viral security component of any organization and it is all the more important when transferring and storing sensitive data in the cloud. It ensures data confidentiality thus mitigating the risk of data loss or theft in the case of a breach in the cloud. This focus on the data itself rather than placing full emphasis on the infrastructure for protection goes a long way in ensuring that data stays safe even if the network or perimeter security is compromised.
security and compliance
Strict Identity Management and Access Control

An effective identity management strategy for the cloud can be summed under the three ‘As’ – access, authentication and authorization. Consumers must ensure that only trusted and authorized users can access the public cloud data through a strong identity management system. Additional layers of authentication measures further help in ensuring a controlled cloud environment. An important note here is to find a good balance between security and developer performance.

Smart Security at All End-points

In most cases, physical security is usually covered by the cloud provider through regular audits and certifications from accreditation bodies. In certain industries like healthcare, finance and defense, it is a regulatory mandate that there be security at all points along the data path – be it entering or exiting the corporate network or moving along to the cloud and in the cloud itself. However as a general trend in today’s cloud and BYOD era, it is of utmost importance that the consumer ensures some hardware necessities and best practices for end-point security in addition to the cloud security measures. Mobile devices in particular pose a unique challenge as despite best intentions, users generally do not prioritize securing them. Unfortunately, this results in exposing potential access points to sensitive corporate data. Strong end-point measures typically should encompass mobile/on-device protection, next generation firewalls, network intrusion systems, VPN and up-to-data security architectures.

Real-time Monitoring & Incident Response

As part of the shift to a “prevent and control attack” mindset, real-time monitoring through analytics and forensics enables consumers to identify attacks early in the breach lifecycle. Instant alerts and automatic data collection through analytics enables rapid forensics and insights into behavior from endpoint to the cloud. Armed with these insights, security team can identify potential risks and patterns in real-time, while also determining the path for on immediate remediation. Organizations should also focus on enterprise level visibility for hosted applications in the cloud in conjunction with the cloud provider, thus providing a multi-pronged approach for quick detection and incident response for security issues.

Strong Governance Framework

A governance framework is an essential tool that will enable your IT security team to assess and manage all risks, security and compliance related to the organization’s cloud environment. This crux of this framework is that it needs a synergy between security, IT, business and the organization itself for a secure cloud. A strong framework typically encompasses stringent security policies, audit compliance, identity management, security control tools, a BYOD policy and a contingency plan. But to ensure true compliance with cloud policies, organizations have to work closely with IT security teams to understand the unique challenges of cloud security and ways to protect sensitive data workloads. Additionally, educating and training users to comply with the organization’s cloud policies can go a long way in achieving compliance.

Cloud computing is revolutionizing the way enterprises operate in today’s world with a slew of cost benefits and tremendous economies of scale. As with any other investment, it is your responsibility to ensure that cloud is protected as much as possible. With a robust set of security processes, tools, a clear BYOD-compatible cloud computing strategy and a strong governance framework in place, there is a significant reduction in risk as you embark into the cloud. And the future is yours as long as your organization continuously adapts to stay agile and competitive in a fast evolving cloud technology landscape.

Cyber Threat Intelligence – What is needed?

Cyber Threat Intelligence (CTI) is a term used to address any kind of information that protects your organization’s IT assets from potential security impeachment. CTI can take many forms. It could be internet based IP addresses or geo locations TTP’s (Tools, Tactics and Practices). These work as indicators or early warnings of attacks which can take a toll on an enterprise’s IT infrastructure. There are numerous vendors across the globe whose CTI can be seamlessly made part of security interfaces like GRC tools, SIEM and other correlation engines. That being said, what information can be employed to generate actionable CTI to defend your enterprise security? Let’s look at the same in detail:
Drivers:
Drivers may vary anything from attacks like a ‘zero day’, business related breaking news, or certain announcements that cause vulnerabilities in the enterprise’s activities. Understanding the nature of the drivers can help increase the security vigilance.

Prerequisites:
This accounts for everything an attacker would need to trigger an attack on your IT infrastructure through intranet perimeter, network, endpoints and just about anything that is exposed to internet.
Capabilities:
The script Kidde’s could generate an attack but may not possess the capacity of post-attack activities. Or a professional attacker could have the capabilities of penetrating an attack but its defense mechanism may not be able to stop provide the attacker with intended results. Understanding the capabilities of the attacks and the attackers in absolute length can help defend security to a great extent.
Components:
Another element to considered to better equip security concerns is keeping an account of the attacking component’s tools, tactics and procedures that were used in the past attacks conducted by the attacker. This would help generate indicators to better prepare for the forthcoming attacks.
Measurement:
Measurement is important to determine the impact of the attack, mostly in terms of number and types of security events which are generated during the pre-attack condition. The more ways we can interpret different natures and depths of these measurements, the more the security interface can work on the counter-attack measures and recovery processes.
There are many security dimensions that when considered carefully can help avoid, tackle, monitor and help recovery of a security impeachment. While the aforementioned are a hand few, the list can get a lot longer to include threat vectors, compromise parameters, defense mechanism techniques, business impact analytics, attack patterns from the past, zero day detection, security control bypassing, post compromise information, etc.. The more we include these factors, the better IT security vigilance gets.

Cyber Threat Intelligence – What is needed?

Cyber Threat Intelligence (CTI) is a term used to address any kind of information that protects your organization’s IT assets from potential security impeachment. CTI can take many forms. It could be internet based IP addresses or geo locations TTP’s (Tools, Tactics and Practices). These work as indicators or early warnings of attacks which can take a toll on an enterprise’s IT infrastructure. There are numerous vendors across the globe whose CTI can be seamlessly made part of security interfaces like GRC tools, SIEM and other correlation engines. That being said, what information can be employed to generate actionable CTI to defend your enterprise security? Let’s look at the same in detail:
Drivers:
Drivers may vary anything from attacks like a ‘zero day’, business related breaking news, or certain announcements that cause vulnerabilities in the enterprise’s activities. Understanding the nature of the drivers can help increase the security vigilance.

Prerequisites:
This accounts for everything an attacker would need to trigger an attack on your IT infrastructure through intranet perimeter, network, endpoints and just about anything that is exposed to internet.
Capabilities:
The script Kidde’s could generate an attack but may not possess the capacity of post-attack activities. Or a professional attacker could have the capabilities of penetrating an attack but its defense mechanism may not be able to stop provide the attacker with intended results. Understanding the capabilities of the attacks and the attackers in absolute length can help defend security to a great extent.
Components:
Another element to considered to better equip security concerns is keeping an account of the attacking component’s tools, tactics and procedures that were used in the past attacks conducted by the attacker. This would help generate indicators to better prepare for the forthcoming attacks.
Measurement:
Measurement is important to determine the impact of the attack, mostly in terms of number and types of security events which are generated during the pre-attack condition. The more ways we can interpret different natures and depths of these measurements, the more the security interface can work on the counter-attack measures and recovery processes.
There are many security dimensions that when considered carefully can help avoid, tackle, monitor and help recovery of a security impeachment. While the aforementioned are a hand few, the list can get a lot longer to include threat vectors, compromise parameters, defense mechanism techniques, business impact analytics, attack patterns from the past, zero day detection, security control bypassing, post compromise information, etc.. The more we include these factors, the better IT security vigilance gets.

Wednesday, 4 November 2015

5 Drivers for Securing The Internet of Things

If you have any doubt at all about the impact of the IoT, consider these facts: 75 percent of the world’s population has access to a mobile device. When you compare the number of connected devices in 2009 (0.9 billion) to the number today, it represents a 30-fold increase. It is estimated that over 26 billion devices will be connected to the internet by 2020.

Along with the massive growth of IoT is the growth of corresponding security issues. As connected devices increase, so does the amount of data generated and transferred by these devices. As more data is transferred, the number of pathways and parameters for the cyber criminal to exploit also increases. It all adds up to the need for more protection than ever before.
Internet of Things, IoT, IT security, IT security strategy, CISO,
Vital role of the CISO

As the world of IT security transforms to meet this exponential growth, the role of the CISO becomes vital in terms of defining the IT security strategy.

Before IoT, the IT and Operational Technology (OT) layer were controlled and secured differently; IT security focused on the confidentiality of data and network infiltration, while OT security emphasized physical security, safety and business continuity. Now that more devices are connected to the internet, the OT layer has become increasingly IP enabled, making it more vulnerable. Traditional security models must adapt, and the CISO must create a unified IT security strategy.

Attention to the following key drivers will assist the smart CISO with devising a strategy that truly works in securing the IoT:

1. Layer visibility. The OT layer, the IT layer and any other layers of the network should have visibility and be encompassed by an overall, unified security plan of action. No layer or device should be exempt.

2. Threat visibility. New devices mean new loopholes and threat vectors. A sound strategy should take into account not only existing vulnerability, but potential vulnerability, as soon as a device is connected to the network. A real-time threat assessment and definition that works around the clock is key to preventing new attacks.

3. Platform visibility. The creation of a monitoring apparatus that is agnostic is vital in today’s software platform environment of continuous updates, open source and self-imposed redundancy.

4. Network encryption. Point-to-point and point-to-multipoint encryption should be based on network segments, network protocols and network flows. In other words, internal networks in their entirety must be encrypted to ensure security long term.

5. Automated remediation. The end-goal of IoT security should be an approach that requires no human intervention. Automated, immediate security control utilizing machine-to-machine intelligence is a key to not only a successful, but also cost-effective unified security strategy.
IoT growth poses challenges for the forward-thinking CISO as scale increases, scope broadens and the need for cohesive cooperation increases. Those who consider the above drivers can develop a security strategy that will address these challenges and pave the way for the organization to take advantage of the opportunities the IoT also brings.