16.5 C
London
Friday, August 18, 2017
Home Tags The Who

Tag: The Who

Drug resistance popping up in many countries, but prevalence, trends unclear.
You must be prepared for foreseeable attacks as well as the ones that sneak up on you. Organizations deal with two types of cyberthreats: hurricanes and earthquakes. Hurricanes are those attacks you can see coming; earthquakes, you can't. Both are inevitable, and you need to plan and take action accordingly. This starts with an understanding of what threat intelligence is and how to make it relevant and actionable. Threat intelligence can help you transition from constantly reacting to being proactive. It allows you to prepare for the hurricanes and respond to the earthquakes with an efficient, integrated approach.   Eliminate Noise Mention threat intelligence and most organizations think about multiple data feeds to which they subscribe — commercial sources, open source, and additional feeds from security vendors — each in a different format and most without any context to allow for prioritization. This global threat data gives some insight into activities happening outside of your enterprise — not only attacks themselves, but how attackers are operating and infiltrating networks. The challenge is that most organizations suffer from data overload. Without the tools and insights to automatically sift through mountains of disparate global data and aggregate it for analysts and action, this threat data becomes noise: you have alerts around attacks that aren't contextualized, relevant, or a priority. To make more effective use of this data, it must be aggregated in one manageable location and translated into a uniform format so that you can automatically get rid of the noise and focus on what's important. Focus on Threats With global threat data organized, you can focus on the hurricanes and earthquakes that threaten your organization. Hurricanes are the threats you know about, can prepare for, protect against, and anticipate based on past trends. For example, based on research, say that we know a file is malware. This intelligence should be operationalized — turned into a policy, a rule, or signature and sent to the appropriate sensor — so that it can prevent bad actors from stealing valuable data, creating a disruption, or causing damage. As security operations become more mature, you can start to get alerts on these known threats in addition to automatically blocking them so you can learn more about the adversary. This allows you to focus on the attacks that really matter. Earthquakes are unknown threats, or threats that you may not have adequate countermeasures against, that have bypassed existing defenses. Once they're inside the network, your job is to detect, respond, and recover. This hinges on the ability to turn global threat data into threat intelligence by enriching that data with internal threat and event data and allowing analysts to collaborate for better decision making. Threat intelligence helps you better scope the campaign once the threat is detected, learn more about the adversary, and understand affected systems and how to best remediate. By correlating events and associated indicators from inside your environment (e.g., SIEM alerts or case management records) with external data on indicators, adversaries, and their methods, you gain the context to understand the who, what, when, where, why, and how of an attack. Going a step further, applying context to your business processes and assets helps you assess relevance. Is anything the organization cares about at risk? If the answer is "no," then what you suspected to be a threat is low priority. If the answer is "yes," then it's a threat. Either way, you have the intelligence you need to quickly take action. Make Intelligence Actionable Intelligence has three attributes that help define "actionable." Accuracy: Is the intelligence reliable and detailed? Relevance: Does the intelligence apply to your business or industry? Timeliness: Is the intelligence being received with enough time to do something? An old industry joke is that you can only have two of the three, so you need to determine what's most important to your business. If you need intelligence as fast as possible to deploy to your sensors, then accuracy may suffer and you might expect some false positives. If the intelligence is accurate and timely, then you may not have been able to conduct thorough analysis to determine if the intelligence is relevant to your business. This could result in expending resources on something that doesn't present a lot of risk. Ultimately, the goal is to make threat intelligence actionable. But actionable is defined by the user. The security operations center typically looks for IP addresses, domain names, and other indicators of compromise — anything that will help to detect and contain a threat and prevent it in the future. For the network team, it's about hardening defenses with information on vulnerabilities, signatures, and rules to update firewalls, and patch and vulnerability management systems. The incident response team needs intelligence about the adversary and the campaigns involved so they can investigate and remediate. And the executive team and board need intelligence about threats in business terms — the financial and operational impact — in order to increase revenue and protect shareholders and the company as a whole. Analysts must work together and across the organization to provide the right intelligence in the right format and with the right frequency so that it can be used by multiple teams. Operationalizing threat intelligence takes time and a plan. Many organizations are already moving from a reactive mode to being more proactive. But to make time to look out at the horizon and see and prepare for hurricanes while also dealing with earthquakes, organizations need to move to an anticipatory model with contextual intelligence, relevance, and visibility into trends in the threat landscape. Related Content: As Senior VP of Strategy of ThreatQuotient, Jonathan Couch utilizes his 20+ years of experience in information security, information warfare, and intelligence collection to focus on the development of people, process, and technology within client organizations to assist in ... View Full Bio More Insights
Black Hat is a gathering of security researchers, hackers, and industry that meets in Las Vegas to do three things: outline the latest threats, show how the good guys and the bad guys can be defeated, and launch attacks on the attendees. This year saw ...
Israeli cybersecurity has been at the forefront of global attention in recent years, but especially in the last few months.

First, the who's who of global cybersec convened in Tel Aviv for Cybertech 2016 and in May Israeli and American cyber experts met for DCOI in Washington, DC. and last week Tel Aviv University hosted its annual Cyberweek. In February, I wrote about the Cybertech conference in Tel Aviv, which attracted thousands of visitors from abroad and featured Prime Minister Benjamin Netanyahu as the keynote speaker. The conference was a climax to 2015 as the year that put Israeli cybertech at the forefront of the fast-growing global cyber scene.
In 2015 alone Israel generated cybersecurity sales worth $4 billion, resulting in a whopping 20 percent of all global private sector investments in the booming industry. DCOI in Washington, DC. brings together Israeli and American cyber experts The two-day event hosted at the George Washington University brought together high profile individuals from the industry, including General David Petraeus, who is the former head of CIA, and Richard A.

Clarke, the former special advisor to President George W.

Bush on Cybersecurity.
IDF's former Head of Intelligence, Amos Yadlin and Gil Shwed, the founder, and CEO of Check Point were some of the notable Israeli guests in attendance. Petraeus had some warm words regarding the relationship between Israel and the US. "There has always been an extraordinarily close relationship between Israeli military and intelligence and various counterparts in the US government.

These have been unbelievable relationships.
I think they just keep getting better and better." Petraeus, who has invested in Windward, a maritime data and analytics company based in Tel Aviv, encouraged Israeli startups to consider the US as a stepping stone to bigger things. Petraeus advised Israeli startups not to sell at an early stage to a US IT firm, but instead, move operations to the US where the company can build and scale. Attending was also Omri Dotan, the CBO of Morphisec, an endpoint security solution based in Beersheba, Israel cyberhub. We had a long chat about Israeli and American cyber landscape and according to Dotan, Israel's experience and excellence stem from Israeli-style individualism coupled with a vibrant ecosystem.  "One key driver for all Israeli innovation is some innate urge to "be your own man," think out of the box and make your dream happen. Obviously, there are additional strong drivers in the cyber security space.
Israel's cybertech industry has grown out of real, not just theoretical, experience with national threats of all types.
It is supported by an entire innovation ecosystem consisting of government agencies, the IDF, with its cyber intelligence unit 8200, the local authorities, the universities, VCs, and international and local companies.

Even early education plays a role – mathematically talented children are identified early and high school exit exams are on par with university level studies elsewhere.

This collaborative space produces top talent, promotes unconventional thinking, stimulates creativity and creates an atmosphere where start-ups and entrepreneurs can validate and refine their ideas very quickly." Cyberweek at Tel Aviv University Global cybersecurity thought-leaders gathered at Tel Aviv University last week for the 6th Annual International Cybersecurity Conference.

The weeklong event brought together policy makers, entrepreneurs, investors and academics to discuss and debate the plethora of cybersecurity threats facing the international community today, and how best to prevent them. As part of the event, Israel and the US signed a cyber defence declaration "calling for real-time operational connectivity through respective Computer Emergency Response Teams (CERTS) of both nations." The declaration was signed by Israel's Head of National Cyber Directorate (NCD), Eviatar Matania and Alejandro Mayorkas, deputy secretary of the US Department for Homeland Security (DHS). "The declaration expresses the criticality of joining forces between countries for the benefit of dealing effectively with common threats in the cyber domain.
In particular, [it expresses] the obligation of the governments of Israel and the US to broaden and deepen bilateral cooperation in the field of cyber defense," a statement released by the Israeli Prime Minister's Office said. This article is published as part of the IDG Contributor Network. Want to Join?
Five lessons learned the hard way by the Tampa International Airport about bringing third parties into a security environment. I love living in the Tampa area for a lot of reasons, among them getting to regularly use one of the best airports in the US – Tampa International Airport (TIA). Unfortunately for the folks who run TIA, they had a spot of trouble that was reported earlier this month by the Tampa Tribune and others. Like a lot of places these days, TIA experienced an IT security breach. Unlike a lot of places—because it's an international airport—TIA has to do a lot of explaining.  Here is what we know from what has been reported -- and it reads like an information security “Don’t Do List.” TIA hired an individual (and apparently his wife) to work on an Oracle project. That person shared their VPN logins and (privileged) accounts and passwords with almost a dozen other people and some others working for a staffing firm, “who logged into the system dozens of times from places like Mumbai and Pradesh, India, United Arab Emirates and Kashmir, India.” This episode brings into clear view the unfortunate collision of insecure VPNs, open vendor access, and lack of best practices in password management. That collision has led to multiple people losing their jobs, including the IT Director, an IT manager, and others. It's also led to TIA being forced to cripple their business processes by taking the drastic, but at this point probably necessary, step of only allowing the airport's computer network to be accessed from equipment issued by the aviation authority, not from personal electronic devices. So as a result of the breach, because TIA didn’t setup access correctly to start, they now have to go back to how we did things 20 years ago. There is a better way. Here are five lessons that any company bringing third parties into their security environment should take into account. 1. Never trust your vendors when it comes to YOUR information security. Properly vet the third parties, contractors, and consultants who are working for you. “Body shops” in IT services are not known for their cutting edge information security. They may have some consultants for hire, but it doesn’t equate to them having a mature security posture of their own. Be sure to understand how they screen the temps they’re giving you and see if they include security awareness training as part of how they handle their stable of workers. 2. When you must allow third-party access into your environment, you don’t have to use a legacy solution such as a VPN and hope that everyone behaves in how they use it. A solution using a brokered connection that allows you to control the Who, What, Where, When, and How of their connection to you gives you real control. As the The Offspring song goes, “You gotta keep ‘em separated!”  And you can -- and still have third parties working on your projects, without giving them an IP-enabled grappling hook into your internal network.  3. Don’t give blanket access. Your vendors should be part of a mature workflow process that tracks everything from their need for access to granting it to revoking it. This gives you attribution and accountability. 4. Monitor the access you are granting them. Have the ability to “peek over their shoulder” whenever you want. Record all the activity. A pretty disturbing note in the TIA hack is the fact that even after security auditors investigated the breach, they were “unable to determine specifically what data may have been transferred.” Recording what is going on when your vendors are accessing your networks and systems makes sure you always know exactly what they did or didn’t do. This is good practice for everything from project tracking and billing to completing an annual security audit to having to respond to a breach such as the one that occurred at TIA. 5.
Secure passwords.

Another element that stands out here is that there seems to have been a complete lack of control over password policy at TIA. This can be remedied quickly and completely by using a password/credential vaulting solution. In this way, you mitigate the risk of weak, shared, and duplicate passwords as well as the dangers posed by embedded system accounts or shared accounts. As with most breaches, this is a very good learning opportunity for others, and in the long run for Tampa Airport as well.  Related content: Joe Schorr is Director of Advanced Security Solutions for Bomgar, a secure access solutions provider. He has over 20 years professional services and industry experience in information technology and information security.

Before joining Bomgar, Joe was a Strategic Solutions ...
View Full Bio More Insights
Potential privacy leak "feature" continues to take some users by surprise.    
Subscribers to MacRumors user forums have been advised to change their passwords because of a suspected data breach after the site was hacked. Editorial director Arnold Kim said in a posting on the site that the attack was still under investigation, but it was best to assume that usernames, email addresses and hashed passwords had been accessed. He said the site had been hacked in a similar manner to the Ubuntu forums in July, with the MacRumors intrusion involving a moderator account being logged into by the hacker. The hacker is then believed to have been able to escalate the account privileges with the goal of stealing the login credentials of the site’s 860,000 users. Like the Ubuntu forums, MacRumors used the MD5 algorithm and a cryptographic salt for each user to convert plain-text passwords into a one-way hash. Security industry experts have been warning for quite some while that privileged user accounts are a top target for hackers and this form of intrusion is becoming increasingly common in targeted attacks. Other security experts have commented that third-party software typically increases the risk of cyber attack. “When you use third party components you expose your network to the threats faced by all those applications, significantly increasing your attack surface,” said Amichai Shulman, chief technology officer of security firm Imperva. “Sometimes you can successfully participate in the who-patches-first race for each and every third-party component you use; but usually you can't and you must rely on virtual patching through a technology like Web Application Firewall,” he said. Shulman believes that deploying such technology is half the way to success. “The other half depends on how good your supplier is in automatically delivering timely virtual patches,” he said. Many password experts also consider the MD5, with or without salt, to be an inadequate means of protecting stored passwords. MacRumors is not yet sure how the original moderator's password was obtained, Kim told Ars Technica. "We are looking into it further to see if there was another exploit, but there hasn't been any evidence of it yet," he said. According to Kim, log files examined so far indicate the intruder tried to access the password database, but there are no indications that the passwords are circulating online in any form. Some MacRumors account holders have reported compromises affecting accounts they have on other sites, but a firm link to the MacRumors security breach has yet to be found. Email Alerts Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox. By submitting you agree to receive email from TechTarget and its partners.

If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy Read More Related content from ComputerWeekly.com