Home Tags Public sector

Tag: public sector

MyLife Digital Ltd to present digital transformation insight at Government Computing...

25th April 2017, Bath, UK: MyLife Digital is excited to announce it will be presenting at the Government Computing Show, ‘Digital Transformation for the Public Sector’, at Grange City Hotel, Tower Hill, London, on 27th April 2017.The show offers a critical opportunity to look at the challenges and opportunities in public sector technology, as well as sharing insights into the latest trends impacting the sector from leading industry experts.James Bagan, Sales Director, MyLife Digital, comments,... Source: RealWire

Managed service provider, Genmed, opens information office for journalists & analysts...

April 19, 2017 – The financial pressures facing the NHS again hit the news further to the Chancellor Philip Hammond’s Spring budget. While an additional £425 million is being made available for investment in the NHS[1] - to fund the first set of the best STPs[2] and help cope with demand in A & E this winter - the sad reality is the NHS still lacks the money it needs.

Constrained resources means the health... Source: RealWire

UKCloud launches Disaster Recovery to the Cloud service

London – 11 April 2017 – UKCloud, the easy to adopt, easy to use and easy to leave assured cloud services company, has today announced the launch of Disaster Recovery to the Cloud, a self-service replication and recovery solution, powered by market leading disaster recovery software provider, Zerto.

As UK citizens increasingly expect to be able to access services online, around the clock, it has become even more important for public sector departments to invest... Source: RealWire

IDG Contributor Network: Biometrics can provide better data provenance

Imagine these scenarios:Insiders at a financial institution place transactions using e-execution and then deny involvement when trades lose money. Regulated individuals share secrets and collude to fix pricing via messaging services. Fraud occurs through re-diverted funds within Treasury departments. Funds are embezzled or re-directed for personal gain. Confidential data is accessed for market price fixing, front running or gaining market advantage Executives request staff members to access confidential or highly secure content to create a more simplistic briefing process. Data is accessed and leaked for personal benefit. The common denominator to every one of these scenarios is individuals denying their involvement or abdicating responsibility in a transaction.

These types of acts are happening every day across virtually every industry -- pharma, finance, the public sector -- costing companies incredible amounts of money to investigate and putting operating licenses at risk.To read this article in full or to leave a comment, please click here

UKCloud Discuss Societal Responsibility And Business Growth Plans With Sir Gerald...

London – 17th March 2017 – UKCloud, the easy to adopt, easy to use and easy to leave assured cloud services company, discussed the company’s rapid growth, plans for further investment and recruitment, and its ongoing focus on technical innovation, with local Aldershot MP, Sir Gerald Howarth.During his visit to UKCloud’s headquarters in Farnborough, Sir Gerald learnt about the local business’s commitment to the public sector, and heard how it is actively supporting the digitisation... Source: RealWire

UKCloud Ramps Up Partner Recruitment As It Announces The Launch Of...

London – 7th March 2017 – UKCloud, the easy to adopt, easy to use and easy to leave assured cloud services company, today welcomes the launch of the innovative G-Cloud 9 tender, and is actively recruiting new channel partners to collaborate on new public sector business via the Framework’s latest iteration. UKCloud has offered its range of cloud solutions via G-Cloud since the Framework first went live in 2012.

As the acknowledged leader in Infrastructure-as-a-Service... Source: RealWire

Panasonic Introduces the Toughbook CF-33 12 inch 2-in-1 Fully Rugged Laptop

Providing a decade of backward compatibility, 2-in-1 laptop offers 3:2 aspect ratio for enhanced efficiency in public sector, federal and enterprise applicationsBracknell, UK. 27TH FEBRUARY 2017 Panasonic today announced the world’s first 3:2 aspect ratio, fully rugged 2-in-1 detachable laptop[1] as its latest addition to the Toughbook family of products.

The device is Panasonic’s 7th generation rugged Toughbook laptop and is the culmination of 20 years of innovation in rugged PC design and manufacturing.This larger... Source: RealWire

South Korea targeted by cyberspies (again). Kim, got something to say?

Vulnerabilities in Hangul word processing program exploited The South Korean public sector is once again in the firing line of a sophisticated – and likely government-backed – cyberattack.…

Brazilian government to create national information security policy

The first steps towards developing a common set of security guidelines for the public sector are being taken

96% of Public Sector Office 365 Deployments have no backup solution...

While most Councils and Government Departments have stringent backup procedures in place, the majority (96%) have no method or procedure to backup their Microsoft Office 365 Deployment, according to a recent FOI request from Cloud to Cloud Backup speci...

Trustis to provide Vormetric Data Encryption Service from Thales on G-Cloud

Vormetric data encryption will be available as a service to the public sector on the Government’s new G-Cloud 8 Framework; Delivers a high assurance and agile key management platform for HMGLONDON, England – 31 January 2017 Thales, a leader in critical information systems, cybersecurity and data security, announces that its specialist cryptographic services provider Trustis has been awarded a place on G-Cloud 8, the UK Government’s cloud services procurement framework.

Trustis is making Vormetric data... Source: RealWire

Deceive in order to detect

Interactivity is a security system feature that implies interaction with the attacker and their tools as well as an impact on the attack scenario depending on the attacker’s actions. For example, introducing junk search results to confuse the vulnerability scanners used by cybercriminals is interactive. As well as causing problems for the cybercriminals and their tools, these methods have long been used by researchers to obtain information about the fraudsters and their goals. There is a fairly clear distinction between interactive and “offensive” protection methods. The former imply interaction with attackers in order to detect them inside the protected infrastructure, divert their attention and lead them down the wrong track. The latter may include all the above plus exploitation of vulnerabilities on the attackers’ own resources (so-called “hacking-back”). Hacking-back is not only against the law in many countries (unless the defending side is a state organization carrying out law enforcement activities) it may also endanger third parties, such as users’ computers compromised by cybercriminals. The use of interactive protection methods that don’t break the law and that can be used in an organization’s existing IT security processes make it possible not only to discover if there is an intruder inside the infrastructure but also to create a threat profile. One such approach is Threat Deception – a set of methods, specialized solutions and processes that have long been used by researchers to analyze threats. In our opinion, this approach can also be used to protect valuable data inside the corporate network from targeted attacks. Characteristics of targeted attacks Despite the abundance of technology and specialized solutions to protect corporate networks, information security incidents continue to occur even in large organizations that invest lots of money to secure their information systems. Part of the reason for these incidents is the fact that the architecture of automated security solutions, based on identifying patterns in general traffic flows or monitoring a huge number of endpoints, will sooner or later fail to recognize an unknown threat or a criminal stealing valuable data from the infrastructure. This may occur, for example, if the attacker has studied the specific features of a corporate security system in advance and identified a way of stealing valuable data that will go unnoticed by security solutions and will be lost among the legitimate operations of other users. nother reason is the fact that APT attacks differ from other types of attacks: in terms of target selection and pinpoint execution, they are similar to surgical strikes, rather than the blanket bombing of mass attacks. The organizers of targeted attacks carefully study the targeted infrastructure, identifying gaps in configuration and vulnerabilities that can be exploited during an attack. With the right budget, an attacker can even deploy the products and solutions that are installed in the targeted corporate network on a testbed. Any vulnerabilities or flaws identified in the configuration may be unique to a specific victim. This allows cybercriminals to go undetected on the network and steal valuable data for long periods of time. To protect against an APT, it is necessary not only to combat the attacker’s tools (utilities to analyze security status, malicious code, etc.) but to use specific behavioral traits on the corporate network to promptly detect their presence and prevent any negative consequences that may arise from their actions. Despite the fact that the attacker usually has enough funds to thoroughly examine the victim’s corporate network, the defending side still has the main advantage – full physical access to its network resources. And it can use this to create its own rules on its own territory for hiding valuable data and detecting an intruder. After all, “locks only keep an honest person honest,” but with a motivated cybercriminal a lock alone is not enough – a watchdog is required to notify the owner about a thief before he has time to steal something. Interactive games with an attacker In our opinion, in addition to the obligatory conventional methods and technologies to protect valuable corporate information, the defensive side needs to build interactive security systems in order to get new sources of information about the attacker who, for one reason or another, has been detected inside the protected corporate network. Interactivity in a security system implies a reaction to the attacker’s actions. That reaction, for instance, may be the inclusion of the attacker’s resources to a black list (e.g. the IP address of the workstations from which the attack is carried out) or the isolation of compromised workstations from other network resources. An attacker who is looking for valuable data within a corporate network may be deliberately misled, or the tools used by the attacker, such as vulnerability scanners, could be tricked into leading them in the wrong direction. Let’s assume that the defending side has figured out all the possible scenarios where the corporate network can be compromised and sets traps on the protected resource: a special tool capable of deceiving automated vulnerability scanners and introducing all sorts of “junk” (information about non-existent services or vulnerabilities, etc.) in reports; a web scenario containing a vulnerability that, when exploited, leads the attacker to the next trap (described below); a pre-prepared section of the web resource that imitates the administration panel and contains fake documents. How can these traps help? Below is a simple scenario showing how a resource with no special security measures can be compromised: The attacker uses a vulnerability scanner to find a vulnerability on the server side of the protected infrastructure, for example, the ability to perform an SQL injection in a web application. The attacker successfully exploits this vulnerability on the server side and gains access to the closed zone of the web resource (the administration panel). The attacker uses the gained privileges to study the inventory of available resources, finds documents intended for internal use only and downloads them. Let’s consider the same scenario in the context of a corporate network where the valuable data is protected using an interactive system: The attacker searches for vulnerabilities on the server side of the protected infrastructure using automated means (vulnerability scanner and directory scanner). Because the defending side has pre-deployed a special tool to deceive scanning tools, the attacker has to spend time analyzing the scan results, after which the attacker finds a vulnerability – the trap on the server side of the protected infrastructure. The attacker successfully exploits the detected vulnerability and gains access to the closed zone of the web resource (the administration panel). The attempt to exploit the vulnerability is recorded in the log file, and a notification is sent to the security service team. The attacker uses the gained privileges to study the inventory of available resources, finds the fake documents and downloads them. The downloaded documents contain scripts that call the servers controlled by the defending side. The parameters of the call (source of the request, time, etc.) are recorded in the log file. This information can then be used for attacker attribution (what type of information they are interested in, where the workstations used in the attack are located, the subnets, etc.) and to investigate the incident. Detecting an attack by deceiving the attacker Currently, in order to strengthen protection of corporate networks the so-called Threat Deception approach is used. The term ‘deception’ comes from the military sphere, where it refers to a combination of measures aimed at misleading the enemy about one’s presence, location, actions and intentions. In IT security, the objective of this interactive system of protection is to detect an intruder inside the corporate network, identifying their attributes and ultimately removing them from the protected infrastructure. The threat deception approach involves the implementation of interactive protection systems based on the deployment of traps (honeypots) in the corporate network and exploiting specific features of the attacker’s behavior. In most cases, honeypots are set to divert the attacker’s attention from the truly valuable corporate resources (servers, workstations, databases, files, etc.). The use of traps also makes it possible to get information about any interaction between the attacker and the resource (the time interactions occur; types of data attracting the attacker’s attention, toolset used by the attacker, etc.). However, it’s often the case that a poorly deployed trap inside a corporate network will not only be successfully detected and bypassed by the attackers but can serve as an entry point to genuine workstations and servers containing valuable information. Incorrect implementation of a honeypot in the corporate network can be likened to building a small house next to a larger building containing valuable data. The smaller house is unlikely to divert the attention of the attacker; they will know where the valuable information is and where to look for the “key” to access it. Simply installing and configuring honeypots is not enough to effectively combat cybercriminals; a more nuanced approach to developing scenarios to detect targeted attacks is required. At the very least, it is necessary to carry out an expert evaluation of the attacker’s potential actions, to set honeypots so that the attacker cannot determine which resources (workstations, files on workstations and servers, etc.) are traps and which are not, and to have a plan for dealing with the detected activity. Correct implementation of traps and a rapid response to any events related to them make it possible to build an infrastructure where almost any attacker will lose their way (fail to find the protected information and reveal their presence). Forewarned is forearmed Getting information about a cybercriminal in the corporate network enables the defending side to take measures to protect their valuable data and eliminate the threat: to send the attacker in the wrong direction (e.g., to a dedicated subnet), and thereby concealing valuable resources from their field of view, as well as obtaining additional information about the attacker and their tools, which can be used to investigate the incident further; to identify compromised resources and take all necessary measures to eliminate the threat (e.g., to isolate infected workstations from the rest of the resources on the corporate network); to reconstruct the chronology of actions and movements of the attacker inside the corporate network and to define the entry points so that they can be eliminated. Conclusion The attacker has an advantage over the defender, because they have the ability to thoroughly examine their victim before carrying out an attack. The victim doesn’t know where the attack will come from or what the attacker is interested in, and so has to protect against all possible attack scenarios, which requires a significant amount of time and resources. Implementation of the Threat Deception approach gives the defending side an additional source of information on threats thanks to resource traps. The approach also minimizes the advantage enjoyed by the attacker due to both the early detection of their activity and the information obtained about their profile that enables timely measures to be taken to protect valuable data. It is not necessary to use prohibited “offensive security” methods, which could make the situation worse for the defending side if law enforcement agencies get involved in investigating the incident. Interactive security measures that are based on deceiving the attacker will only gain in popularity as the number of incidents in the corporate and public sector increases. Soon, systems based on the Threat Deception approach will become not just a tool of the researchers but an integral part of a protected infrastructure and yet another source of information about incidents for security services. If you’re interested in implementing the Threat Deception concept described in the post on your corporate network, please complete the form below: