Firewall optimization (also known as firewall analysis) is the process of analyzing and adjusting the configuration and policy set of a firewall to improve performance and security. This process involves reviewing and corelating log data and device configurations, identifying potential vulnerabilities and weaknesses, and providing recommendations for remediation. Performing these processes is complex, which is why tools like firewall analyzers are useful. They offer automation, visualization, and alerting to provide recommendations that can be used to reduce the risk of attack.

What is the business impact of firewall optimization?

Firewall optimization is important because it can help organizations improve their overall security, performance, and compliance, while also reducing costs and improving decision-making. This can ultimately contribute to better overall business performance. Firewall optimization can have a positive impact on a business's overall network security and performance.

Some of the key benefits include:

• Improved security: Analyze configurations and log data to identify potential vulnerabilities and threats in the network and provide recommendations for remediation. This can help to reduce the risk of successful cyber-attacks and data breaches.
• Better performance: Improve overall network performance by identifying and addressing bottlenecks and inefficiencies in the firewall configuration. This can result in faster network speeds, more reliable connectivity, and better overall performance.
• Compliance: Comply with relevant regulations and standards, such as PCI DSS and HIPAA, by providing regular compliance reports and identifying potential compliance issues.
• Cost savings: By identifying and addressing inefficiencies and bottlenecks in the firewall configuration, firewall optimization can also help reduce costs associated with network maintenance and troubleshooting.
• Improved decision-making: Have a better understanding of the network security posture and the capabilities of the firewall. This allows organizations to make more informed decisions about their security strategy, and to better allocate resources for security initiatives.

How is firewall optimization different from firewall management?

Firewall optimization uses software tools like a firewall analyzer to find weaknesses and vulnerabilities in network attached devices. The inspection includes analyzing configurations and log data from security devices, such as firewalls, intrusion detection systems (IDS), and intrusion prevention systems (IPS).

The primary features of a firewall optimization include:

• Log analysis: Review log data to understand utilization trends over time and recommend ways to enhance the performance of the firewall without compromising security.
• Configuration analysis and compliance reporting: Review running configurations of firewall devices regularly and include features for generating reports that show compliance with relevant regulations and standards, such as PCI DSS and HIPAA.
• Security analytics: Analytics capabilities allow users to visualize and analyze data from firewalls. This can help to identify trends and patterns that may indicate potential security threats.
• Alerting: Alerting features that notify users when potential threats or vulnerabilities are detected.
• Integration with other tools: Some firewall analyzers can be integrated with other security tools, such as vulnerability scanners or intrusion detection systems, to provide a more comprehensive view of an organization's security posture.
• Multi-vendor support: Firewall analyzers can support multiple firewall platforms. This can be useful when migrating from one firewall platform to another, to help clean the ruleset of any vulnerabilities and test configurations prior to deployment.

A firewall management platform, on the other hand, is a comprehensive tool that helps organizations to manage, configure, and monitor their firewalls. It includes features like firewall policy management, threat detection and management, asset discovery, and security analytics. The primary features of a firewall management platform include:

• Policy management: Allows users to create and manage firewall policies, which define the rules for allowing or blocking network traffic.
• Asset discovery: Discover and inventory assets on a network, including servers, workstations, and other network attached devices.
• Security analytics: Analytics capabilities that allow users to visualize and analyze data from firewalls. This can help to identify trends and patterns that may indicate potential security threats.
• Monitoring: Monitor network traffic and alerting users when potential threats or vulnerabilities are detected.
• Integration with other tools: In addition to firewall analyzers, some firewall management platforms can be integrated with other security tools, such as a Security Incident and Event Manager (SIEM) to provide a more comprehensive view of an organization's security posture.

One of the main differences between firewall optimization and the firewall management platform is the scope of their capabilities. Firewall optimization is focused on the performance and configuration of the firewall, by analyzing the running configuration and log data from firewalls, even in environments with multiple vendor firewalls.

Another difference is the level of control on a device that the tools provide. A firewall analyzer provides insights, recommendations, application traffic flows, and may even have device configuration and management capabilities. A firewall management platform, on the other hand, provides granular control over firewalls, including the ability to create and manage firewall policies and to monitor network traffic.

How does firewall optimization work?

Firewall optimization uses a firewall analyzer tool to provide visibility into the security posture of a network by identifying potential threats and vulnerabilities, and by providing recommendations for remediation.

The process of firewall analysis typically involves the following steps:

• Data collection: The firewall analyzer collects log data and device configurations from the security devices on the network. This data may include information on network traffic, firewall rules, and security events.
• Data analysis: The firewall analyzer then analyzes the collected data to identify potential vulnerabilities and threats in the network. This may include identifying open ports, misconfigured firewall rules, or unusual network traffic patterns.
• Reporting and visualization: The firewall analyzer generates reports and visualizations that provide a detailed overview of the network's security posture. These reports may include information on compliance with relevant regulations and standards, as well as recommendations for remediation.
• Alerting: The firewall analyzer may also include alerting features that notify security teams when potential threats or vulnerabilities are detected.

Some firewall analyzers can also be integrated with other security tools, such as vulnerability scanners or intrusion detection systems, to provide a more comprehensive view of an organization's security posture.

Firewall optimization best practices

It is not uncommon for organizations to question if both a firewall analyzer and firewall management platform are necessary for improved network security. Firewall analyzers provide a strategic and operational view of the network security environment across multiple vendors. This contrasts with the firewall management platform’s operational and tactical capabilities which are vendor specific.

In addition, firewall analyzers can provide value for non-operational roles in an organization, such as auditors. Auditors can collect the information they need without having to access the firewall management platform directly or involve the operations teams who administer the platform.

Conclusion

Overall, firewall optimization using firewall analyzer tools and firewall management platforms are important for the network’s health and security. While they serve different purposes, they also complement each other with their unique capabilities. Organizations that need visibility into the performance of the network along with recommendations for improving the firewall security should consider a firewall optimization strategy that incorporates both capabilities.

AT&T Cybersecurity Consulting has more than 20 years of experience increasing network security and performance using its firewall optimization programs. Learn more about the benefits and best practices of implementing a firewall optimization strategy that incorporates both firewall analyzer tools and firewall management platforms. Contact us today to get started.

The post What is firewall optimization? appeared first on Cybersecurity Insiders.

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

In a highly connected, internet-powered world, transactions take place online, in person, and even somewhere in between. Given the frequency of digital information exchange on our devices, including smartphones and smart home gadgets, cybersecurity has never been more important for protecting sensitive customer information. In response, the US Federal Trade Commission has rolled out updated measures to ensure that customers’ details are fully protected. 

Due to supply chain issues and qualified employee shortages, however, the FTC has granted a six-month extension on the original deadline, so businesses and financial institutions now have more time to complete the required changes. This article will look at the updated federal data security measures and how they will impact businesses. 

Updated federal data security measures

In November, the United States Federal Trade Commission announced that it would grant a six-month extension for companies that have yet to update their security measures in compliance with updated FTC standards. 

The new deadline for businesses and financial institutions to implement the required changes will be June 9, 2023. By that point, all businesses must have updated their policies and procedures in keeping with the Financial Data Security Rule, also known as the Safeguards Rule.

Initial changes to the Safeguards Rule

Initially, the Federal Trade Commission approved changes to the Safeguards Rule in October 2021. These changes included updated criteria for financial institutions, providing more specific requirements about which safeguards they must include in their information security programs. 

Some of these updates to the Safeguards Rule were implemented 30 days after the rule was published in the Federal Register, while other specific criteria were on track to be implemented on December 9, 2022. 

Why has the deadline been extended?

The deadline has been extended to June 2023 due to reports presenting compelling arguments for postponing the required implementation. The Small Business Administration’s Office of Advocacy, for example, filed a letter addressed to the FTC. The letter stated that several factors would bar companies from effectively implementing these updated security requirements in the allotted time. 

Between supply chain issues that could cause delays in transporting essential equipment for the requisite security system upgrades, and a widespread shortage of qualified information security experts who could implement the changes on time, the letter from the SBA convincingly spelled out why businesses would need more time to complete the security system upgrades in compliance with FTC rules. 

The global COVID-19 pandemic further exacerbated these issues, making it difficult for small-scale businesses and financial institutions to meet the deadlines. The FTC voted unanimously to approve this deadline extension.

Reasons for FTC data security rule updates

The changes to the Financial Data Security Rule are meant to ensure that financial institutions put sufficient security measures in place to keep their customers’ personal information safe from any hacking attempts. Boosting the data security of financial institutions is vital to strengthening the overall cybersecurity of the country’s interconnected financial networks. 

Given the increasing rates of identity theft and financial fraud attempts, this is an essential form of protection. In 2021, for instance, the FTC encountered almost 390,000 reports of credit card fraud alone, making this the most common type of financial fraud in the United States. Since credit card fraud can often be enacted during unsecured store transactions, the FTC is determined to bolster security measures at every level. 

The FTC Safeguards Rule updates apply to in-person businesses, financial institutions, and online platforms, including the more recent cryptocurrency industry. Since 2009, more than 6,600 distinct cryptocurrencies have been released. With such a sustained influx of different cryptocurrencies, regulations have been slow to catch up in comparison to other trading platforms such as forex or options trading. Now the FTC is working to ensure that online and cryptocurrency transactions are sufficiently secure. 

What does this mean for businesses?

Businesses and financial institutions will need to get busy implementing the necessary changes. For example, companies may need to update their software to remain in compliance with the updated FTC rules. 

This process can take time, as companies will need to search for highly capable technical writers to document the software adjustments. According to Shaun Connell, technical writers and documentation creators must be involved in the software update project from the start. So to meet the June deadline, businesses will need to make this security update a top priority. 

Who does it affect?

Banks are not affected by The Safeguards Rule, but any other non-banking financial institutions, including motor vehicle dealers, payday lenders, and mortgage brokers, will need to update their security protocols by the deadline. 

Depending on the specific institution and its pre-existing security setup, businesses may need to create, enact, and upkeep a strong security system that will protect their customers’ sensitive information, such as financial details, home address, personal preferences, and even name, age, and gender. 

Cybercriminals can use any and all of this information to steal customers’ identities, so setting up a comprehensive security protocol will ensure that customers’ details are safe throughout every transaction.

Specific provisions under the extended deadline

Not all the updated criteria of the Safeguards Rule are affected by this six-month-long extended deadline. The specific provisions that businesses and financial institutions must enact by June 9, 2023, are as follows:

• Appoint a highly qualified individual to oversee the new information security program.
• Encrypt all sensitive information that passes through a business’s servers and systems. 
• Appoint and train security personnel who can manage and oversee the updated security systems and enact any security protocols in case of a cybersecurity breach. 
• Craft an incident response plan so that clear protocols are established. 
• Write a comprehensive risk assessment of their current security system. 
• Enact ongoing monitoring of who has access to sensitive customer details within the company.
• Limit who has access to sensitive customer details within the company. 
• Set up multi-factor authentication for any company member who attempts to access customer data. Or, instead of multi-factor authentication, another authentication system that provides equal protection can be implemented. 
• Conduct periodic assessments of the security practices used by their service providers to ensure added layers of security between businesses as well. 

These measures may require significant lead times to be well-established and running effectively by the June deadline. But once they are set up, they should provide significant additional security for all business-to-customer interactions. 

Government policies to prevent cybersecurity threats

At the core of these required security protocol updates is protection for customers. These necessary government policies have individual consumers’ security in mind and rely on multiple layers of cooperation and adjustment to keep sensitive data safe. Businesses and financial institutions will have to cooperate with the widespread Safeguards Rule implementation to fulfill federal trade commission standards designed to prevent cybersecurity threats from taking effect.

The post FTC extends deadline by six months for compliance with some changes to financial data security rules appeared first on Cybersecurity Insiders.

Some of the biggest prevailing challenges in the cybersecurity world over the last year have been those revolving around securing the software supply chain across the enterprise. The software that enterprises build for internal use and external consumption by their customers is increasingly made up of third-party components and code that can put applications at risk if they aren't properly secured.

It's a problem that cuts across every industry, but manufacturers are feeling it especially acutely because they're tasked with securing not only the software supply chain but the physical supply chain as well. It's a very layered risk issue for manufacturers for two big reasons.

First of all, the things that manufacturers produce today are increasingly connected and more software dependent than ever before. They depend on a host of specialized silicon and digital components that are invariably produced by third-party manufactures themselves, creating a nested chain of third-, fourth-, and Nth-party dependencies that are difficult to track, let alone manage risk against.

Secondly, the factory floor itself is a part of the supply chain that is becoming more intricately converged with the IT network and which is highly dependent on third-party equipment, software, and remote connections.

Given these factors, it becomes clear that managing cybersecurity risk across the supply chain will require manufacturers to carefully attend to the risk brought to the table by their third-party suppliers and contractors. And on the flip side, many manufacturers who provide components to clients who are also manufacturers must stay vigilant as security standards rise for what it takes to get their products in the door elsewhere.

“As I've been doing in-depth interviews for our AT&T Cybersecurity Insights Report and also doing customer calls, one of the things I've observed about manufacturers in the supply chain is that even when they're smaller—say, 50- to 100-person shops—they're still saying, 'Security is critical to us,'” says Theresa Lanowitz, security evangelist for AT&T. “They know they need to be doing everything they can to abide by their customers' security guidelines, external rules and regulations, and mitigating the risk required to keep the entire supply chain secure.”

It's an issue that cybersecurity experts at AT&T like Lanowitz and those at Palo Alto Networks have increasingly been collaborating on to help manufacturing customers address across their organizations. The following are some tips they recommend for manufacturers managing third-party cyber risk in the supply chain.

Risk scores and signals matter

Because digital components and hardware are so woven into the products that supply chain providers deliver to their manufacturing clients, risk scores and signals matter more than ever. According to Dharminder Debisarun, worldwide industry security architect for manufacturing, Internet of Things and transport at Palo Alto Networks, it's up to companies determine what their risk appetite is for their providers—depending especially on what they're delivering to the supply chain—and start finding ways to get transparency into that.

“Ask yourself, 'What's our risk appetite for suppliers that we work with?'” he says. “You want to know that before you engage with them. Then there needs to be some kind of framework or certification that says 'Hey, this company is secure enough to do business with’.”

He says some governments have provided that kind of grounding—for example in Germany the automotive industry relies on the TISAX certification to prove out baseline security proficiency. Barring that, the growing world of third-party risk management monitoring is another place to start getting transparency. Ultimately, the goal is to do third-party screening of every bit of coding or connectivity delivered by suppliers into a manufacturer's supply chain or production streams.

Supplier contracts need to account for cyber risk

Even more important, says Debisarun is that manufacturers ensure that their cyber security standards are enforced contractually.

“You can only work this out contractually. You need to have cybersecurity and cyber risk requirements embedded into all the supplier contracts you put in place,” he says. “It's something manufacturers should really consider doing.”

Some of the things that should be enforced include disclosure of big security incidents or material software vulnerabilities, how remote access is established and maintained between supplier and manufacturer, how and when security audits or certifications are provided, and so on.

Managing third-party risk on the factory floor

Meantime, because the actual manufacturing capability of organizations is so intertwined with third parties, managing factory floor vendors securely is crucial. Debisarun explains that the assembly line floor today is almost never managed by the manufacturer itself.

“It's going to be an assembly line floor run by Siemens or Rockwell or ABB. And when these assembly lines are delivered by these giants of the manufacturer ecosystem, they will never allow the customer to do maintenance on that assembly line,” he says, explaining that big vendors contractually require that they handle the maintenance on this equipment.

In most cases, this requires remote access—especially now in this post-COVID world.

“At which point the manufacturer is flying blind,” he says.

This highlights the importance of setting up mitigating controls like secure remote access and Secure Access Service Edge (SASE) architecture that creates a pathway for the manufacturer to at least control the traffic in their network. At the core of SASE is Zero Trust Network Access (ZTNA 2.0) which combines fine-grained, least-privileged access with continuous trust verification and deep, ongoing security inspection to protect all users, devices, apps, and data everywhere – all from a simple unified product. This is an integral and oft-forgotten part of managing third-party risk in the manufacturing world.

Architect and collaborate – with resilience top-of-mind

Finally, organizations should be architecting their supply chain and coordinating their vendor management to keep cyber resilience top-of-mind. According to Lanowitz, the key is remembering the concept of eliminating 'single points of failure.'

“If you are a major car manufacturer, for example, and you're using tiny suppliers to help you build out your cars, you want to make sure that if they go out of business, if there's a fire in their plant, or their operations are interrupted by ransomware, you're not going to need to stop your assembly line waiting for them,” she says.

Debisarun agrees, explaining that every manufacturer should have a plan B and C for when cybersecurity events at suppliers create downstream impact.

“If one supplier breached, how long should you wait to it's resolved?” And that basically comes back to the contracts you are signing—the plan needs to be built into that so you aren't dependent on one supplier's readiness to handle a cyber event or a physical event,” he says.

The post Third party Cybersecurity risks in securing the supply chain appeared first on Cybersecurity Insiders.

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

News broke in early February that the ACN, Italy’s National Cybersecurity Agency, issued a warning regarding a VMware vulnerability discovered two years ago. Many organizations hadn’t yet patched the issue and became the victims of a new ransomware called ZCryptor. The malicious software wreaked havoc on Italian and European businesses by encrypting users’ files and demanding payment for the data to be unencrypted. 

The ACN urges VMware users to ensure their systems are backed up and updated with the most recent security patches available. With ransomware on the rise, it’s crucial that businesses take the necessary steps to protect their data and applications. 

ESXiArgs ransomware attacks

Ransomware is a type of malware or malicious software that enables unauthorized users to restrict access to an organization’s files, systems, and networks. But it doesn’t stop there. In exchange for the keys to the kingdom, attackers will typically require a large sum in the form of cryptocurrency. 

There are many ways that ransomware is executed on a target system. In this case, the attacker infiltrated VMware’s ESXi hypervisor code and held entire servers for ransom. According to reports most victims were required to pay almost $50,000 USD in Bitcoin to restore access to entire business systems. 

The nature of these attacks lead experts to believe that this is not the work of ransomware gangs, and is more likely being executed by a smaller group of threat actors. But that doesn’t mean the damage was any less alarming. 

Exploiting known vulnerabilities

Hackers were able to infect over 2000 machines in only twenty-four hours on a Friday afternoon before the start of the weekend. But how were they able to work so fast?

As soon as software developers and providers publish fixes for specific vulnerabilities, threat actors are already beginning their plan of attack. Fortunately, the ESXiArgs vulnerability was patched two years ago (CVE-2021-21974.) 

Organizations that have not run this patch are at risk of becoming a victim of the latest ransomware. Unfortunately, Florida’s Supreme Court, the Georgia Institute of Technology, Rice University, and many schools across Hungary and Slovakia have also become victims of this newest ransomware attack. 

CISA guidance for affected systems

The US Cybersecurity and Infrastructure Security Agency (CISA) issued recovery guidance for the 3,800 servers around the world affected by the ESXiArgs ransomware attacks: 

• Immediately update all servers to the latest VMware ESXi version. 
• Disable Service Location Protocol (SLP) to harden the hypervisor.
• Make sure the ESXi hypervisor is never exposed to the public internet. 

The CISA also offers a script on its GitHub page to reconstruct virtual machine metadata from unaffected virtual disks. 

What organizations can learn from this attack

It can happen to anyone. Malware and ransomware attacks are a popular way to exploit organizations and no business, big or small, is off-limits. The software development industry is now worth over a trillion dollars due to the ever-increasing demand for new applications to meet the various needs of individuals and organizations. 

The average organization uses 110 applications to keep operations running smoothly. Each application requires routine maintenance to keep systems secure, and running updates plays a major role in protecting systems from ransomware. 

Another key takeaway from this attack is to keep vital systems far away from the public internet. Any file, system, or application that touches it can easily be infiltrated by skilled hackers. And since VMware ESXi is still vulnerable, companies should not expose the interface to the world. 

How to improve patch management and avoid ransomware attacks

There are several issues that contribute to the complexity of patch management, making it difficult for companies to stay on track. For example, as the number of software services increases, so does the number of CVEs. That means more patches to manage, track, and run before attackers discover how to exploit known vulnerabilities. 

In addition to large amounts of software, there is also a large amount of data that companies have to manage. For example, companies generate dark data on an ongoing basis through ordinary business transactions. User behaviors, orchestrations, and other datasets are increasing rapidly as more organizations make data-driven decisions to boost their success. 

This amount of data is very difficult to process and inspect, leaving vulnerabilities in hiding where hackers can exploit them. Without visibility, any patching strategy will be ineffective. Complete visibility enables teams to prioritize assets and software that need to be updated. 

Here is how to overcome these common patch management issues and avoid costly ransomware attacks: 

Test every patch

Patches must be thoroughly tested before being introduced into your systems. Patching is necessary to ensure that applications stay secure and up-to-date, but it can cause issues if something goes wrong. Each patch should be tested to avoid misconfigurations and other problems that can do more harm than good. 

Apply patches ASAP

Time is not on your side when it comes to patch management. After patches have been tested, apply them as soon as possible. The faster, the better. As soon as updates are released, hackers are hard at work to exploit as many users as possible before they have a chance to run the patch. 

Phase out deprecated devices and applications

Sometimes there isn’t anything left to do but retire a program or device. When software is deprecated, there won’t be additional patches released, so there is no way to know of any new vulnerabilities. Plus, security becomes an issue with out-of-date software as it often is phased out due to security concerns. Get rid of any applications and devices that have reached the end of life.

Automate patch management

Utilize automation to streamline patch management. Keeping track of each application’s maintenance schedule and regularly testing and patching software is time-consuming. Patch management automation or partnering with a managed service provider might be the most effective way to keep applications and endpoints up to date. 

Final thoughts

Ransomware attacks are not going away anytime soon. The latest ransomware warning out of Italy is now affecting thousands of systems globally due to unpatched software that should have been updated two years ago. Businesses that might be affected by the ESXiArgs ransomware should follow CISA guidance to prevent damage and recover what data might be lost. 

The best way to prevent ransomware threats is to be proactive with running patches and updates. Test every patch to ensure that it’s safe for your systems, apply changes as soon as possible, replace deprecated software, and automate patch management for optimal efficiency and security.

The post Italian agency warns ransomware targets known VMware vulnerability appeared first on Cybersecurity Insiders.

We’re so excited to announce our 2023 Partner of the Year awards. These annual awards recognize AT&T Cybersecurity partners that demonstrate excellence in growth, innovation, and implementation of customer solutions based on our AT&T USM Anywhere platform.

AT&T Cybersecurity’s 2023 Global Partner of the Year award goes to Cybersafe Solutions! Cybersafe Solutions experienced incredible growth in 2022 and we’re thrilled to be partnering with their team to help customers orchestrate and automate their security.

In addition to Cybersafe Solutions as our Global Partner of the Year, we’re proud to recognize seven other partners who demonstrated excellence in 2022. See below for the full list of winners and their feedback regarding their partnership with AT&T Cybersecurity.

Global Awards:

Global Partner of the Year: Cybersafe Solutions

“I am humbled and honored to accept AT&T's 2023 Global Partner of the Year Award. Throughout our partnership, we have worked together to develop a comprehensive solution that enables Cybersafe to continuously monitor our customers' networks to identify and mitigate threats rapidly. Sincere thanks to the entire AT&T team on contributing to this success.  We are truly excited for what the future holds!”

-Mark Petersen, Vice President of Sales

Growth Partner of the Year: Xerox

New Partner of the Year: Arete Advisors

“Arete is honored to be named AT&T Cybersecurity’s New Partner of the Year. Our complementary partnership combines unique threat intelligence from AT&T’s USM Anywhere SIEM platform with Arete’s XDR platform to provide our clients with faster threat detection and greater clarity. We look forward to a future of continued growth together as we work to transform the way organizations prepare for, respond to, and prevent cybercrime.”

-Joe Mann, CEO

Distributor of the Year: Ingram Micro

“The cybersecurity threat landscape is growing in complexity—calling for greater collaboration across the IT channel ecosystem and between MSPs and their customers to stay secure. Together with AT&T Cybersecurity we are empowering channel partners with the knowledge and solutions needed to better protect their house and their customers from cyber attacks. It is an honor to be recognized three years in a row as AT&T Cybersecurity’s Distributor of the Year.”

-Eric Kohl, Vice President, Security and Networking

Regional Awards

These awards recognize partners that had the highest sales bookings in each of the 4 regions during last year.

North American Partner of the Year: Coretelligent

“We are honored to be recognized as AT&T Cybersecurity’s North American Partner of the Year and look forward to our continued partnership and delivering leading-edge security solutions to our shared clients. Coretelligent and AT&T Cybersecurity are a best-in-class pairing that provides the robust and secure cybersecurity management and monitoring that enterprises need to defend against the extreme threats of today’s cyber landscape.”

-Kevin J. Routhier, Founder and CEO

EMEA Partner of the Year: Softcat

“We are thrilled to be announced as AT&T’s Cybersecurity EMEA Partner of the year for 2023. We’ve thoroughly enjoyed working with AT&T of the course of the past year and we’re so thankful that our dedication has paid off. We’d love to thank everyone at AT&T and Softcat who has worked with us on various projects during this period.”

– Aoibhín Hamill, Cyber Managed Services Advisor

APAC Partner of the Year: Vigilant

“We are thrilled and honored to receive the prestigious AT&T Cybersecurity APAC Partner of the Year award! This recognition is a testament to our team's hard work and commitment to delivering exceptional cybersecurity solutions to our clients. At Vigilant Asia, we strive to be at the forefront of innovation and this award affirms our efforts. Here’s to more partnership success!”

-Victor Cheah, CEO

Latin American Partner of the Year: GMS

“GMS is thrilled to be named Latin American Partner of the Year for 2023. Having previously garnered this distinguished award, our partnership with AT&T Cybersecurity only gets stronger as time goes on. AT&T’s continued innovation is central to our value proposition, and we feel privileged to work so closely with a company that shares our commitment to providing optimal security for our customers throughout the Andean region.”

-Esteban Lubensky, Executive President

The post AT&T Cybersecurity announces 2023 ‘Partner of the Year Award’ winners appeared first on Cybersecurity Insiders.

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

Integrating Cybersecurity in UX design

The digital landscape has ensured a wider range of businesses has access to a truly global marketplace. On one hand, this helps bolster a thriving entrepreneurial ecosystem. However, it also means there is a significant amount of competition. If your company’s website or mobile application doesn’t provide a stellar user experience (UX), consumers are able and willing to go elsewhere.

Yet, in the online environment, UX is not your only consideration. There are various threats your business and consumers face from cyber criminals. Therefore, when developing your online tools, you need to adopt effective protections. Unfortunately, many businesses struggle with implementing strong security that doesn’t also disrupt the UX.

Your best approach here is usually to integrate cybersecurity with UX design. So, let’s explore why and how you can achieve this.

How are UX and Cybersecurity related?

One of the mistakes too many businesses make is assuming that UX and cybersecurity are separate aspects of the digital infrastructure. They can certainly have independent intentions to an extent with different goals and actions to achieve these goals. Yet, understanding how they are closely related is the first step to effective integration.

In some ways one can’t — or, at least, shouldn’t — exist without the other. A good example of this is the application of web design in high-stakes sectors, like telehealth care. There are two core types of telehealth services; asynchronous care and synchronous (live) care. While there is a difference here in how patients interact with the medical professional, both types involve the collection and storage of sensitive data. It’s certainly important from a UX perspective to make both asynchronous and live processes as simple and convenient as possible for patients. Yet, this simplicity shouldn’t sacrifice the security of the data.

Clear and strong security protocols give consumers confidence in the system and the company they’re interacting with. This applies to not just healthcare industries but also eCommerce, education, and supply chain sectors, among others. Similarly, consumers may be more likely to adopt more secure behaviors if they can see how it feeds into the convenience and enjoyment of their experience. This means that the UX development process must involve security considerations from the ground up, rather than as an afterthought.

How can you plan effectively?

As with any project, planning is essential to the successful integration of cybersecurity and UX design. An improvisatory approach that involves tacking security or UX elements onto your site or app doesn’t result in a strong development. Wherever possible, your best route is to bring both the UX departments and cybersecurity professionals together in the planning process from the outset. Each department will have insights into one another’s challenges that benefit the project as a whole.

Another key part of your planning process is researching and analyzing your users’ behavior concerning the types of online tools you’re developing. Work with business analytics professionals to understand in what ways security factors into your target demographic’s preferred online experiences. Review what the common security behavior challenges are with your consumers and what experiential elements prevent them from implementing safe actions. This then enables you to create the most apt UX and security arrangements to meet your consumers’ needs.

Importantly, your team needs to plan with balance in mind. They need to make certain that as far as possible, security doesn’t interfere with UX and vice versa. For instance, you may be able to design multiple layers of encryption that require minimal user interaction to activate. Whatever you approach, you must build thorough testing into the planning process. This shouldn’t just be to review efficacy and strength, but also to establish whether there are imbalances that need to be corrected.

What tools can you use?

You should bear in mind that integrating UX and cybersecurity isn’t just a case of developing a unique site or app. Finding this balance is a challenge that businesses have been seeking to address throughout the rise of our digital landscape. This means that there are some existing tools that you can incorporate into your more tailored approach.

Artificial intelligence (AI) is increasingly popular here. Even small businesses can access AI tools that take care of many elements of a website and mobile application development. These tools not only save companies time in coding, but they can also make more secure sites by mitigating the potential for human error. Indeed, AI-driven security monitoring software can scan networks in real-time, responding to threats quickly and effectively without disturbing the user experience.

Aside from AI, adopting a single sign-in, multi-factor authentication is a common tool to adopt. This approach provides maximum security by requiring users to authenticate using more than one device. However, it's important not to disrupt the user flow by ensuring this is a one-time action that allows them to access various aspects of your online space. You should require further authentication only when they navigate away from the site, utilize a new device, or attempt purchases over a certain threshold.

Conclusion

Integrating UX and cybersecurity is not always easy. It’s important to understand that these elements need to coexist to achieve the most positive outcomes. From here, thorough planning that involves collaboration from both security and UX professionals is key to achieving a good balance. Remember that tools like AI and multi-factor authentication can bolster your ability to create a safe service that users enjoy interacting with.

The post Integrating Cybersecurity in UX design appeared first on Cybersecurity Insiders.

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

Mobile security refers to the technologies and processes that are used to protect mobile devices from malicious attacks, data breaches, and other forms of cybercrime. It also includes measures taken to safeguard personal information stored on these devices, as well as protecting them from physical damage or theft. Mobile security is becoming increasingly important due to the rapid proliferation of smartphones and tablets being used for business purposes around the world.

Businesses need to take steps to ensure their data remains secure when accessing company networks via mobile devices, including implementing a few key measures. Below are ten ways B2B companies can do better mobile security.

1. Use a secure email provider

A secure domain email address is one of the most important ways to ensure that company emails and other sensitive data remain safe. Email providers such as Google, Microsoft, Zoho, and Postale offer secure domain email addresses which encrypt all emails sent and received in transit. This makes it more difficult for hackers to gain access to confidential information or launch attacks on vulnerable systems.

Using a secure email provider is essential for any organization looking to maximize its data protection efforts. By taking advantage of these services, businesses can rest assured knowing their emails are secure and protected from malicious actors.

2. Implement strong authentication

Strong authentication refers to the use of two or more forms of authentication to authenticate a user's identity. This could include using a one-time password for each login, biometric factors such as fingerprints, or utilizing an encrypted token. Strong authentication ensures that only authorized users can access company networks and confidential data.

Having strong authentication measures in place is an essential step in protecting data, as it helps to prevent unauthorized access and keeps sensitive information secure.

3. Install mobile security software

Mobile security software (also known as mobile device management or MDM) can help protect devices from malicious attacks. Mobile security software can be installed on all company-owned devices, providing a layer of protection by scanning for and blocking malicious applications. It can also offer additional layers of protection such as remote wiping capability, encryption, and the ability to remotely lock lost or stolen devices.

4. Enforce use policies

By having clear use policies in place, businesses can ensure their employees understand the importance of mobile security and that they are adhering to the established rules. These policies should include restrictions on downloading or installing unapproved apps, accessing unknown or suspicious websites, or sharing confidential information with unauthorized personnel.

Enforcing use policies is essential for keeping company networks and data secure. By ensuring that all employees abide by the same set of rules, businesses can greatly reduce their risk of a data breach or other malicious attack.

5. Utilize cloud storage

Cloud storage provides an effective way to store business data securely off-site. Data stored in the cloud is encrypted and kept safe from physical damage or theft. It also eliminates the need for large servers and other physical infrastructure, reducing both costs and the potential risk of data breaches. Additionally, cloud storage allows employees to access their data from any device, anytime and anywhere.

Utilizing cloud storage is an efficient way to keep sensitive information secure while still providing easy access for authorized users.

6. Use virtual private networks (VPNs)

A virtual private network (VPN) provides an extra layer of security by encrypting all traffic between two devices. This means that even if an unauthorized user were to intercept the data transmitted over the connection, they would be unable to read it due to the encryption. VPNs are especially useful for businesses that need to securely access company networks when using public Wi-Fi or other shared networks.

Using a VPN is an important step in protecting data from malicious attacks, as it ensures that all traffic is securely encrypted and less susceptible to being accessed by unauthorized parties.

7. Educate employees about the latest cybersecurity threats

Even with good policies and procedures in place, your employees still represent a vulnerable point in your data security. That’s why it’s important to regularly educate them about the latest cybersecurity threats and how they can avoid falling victim to them. This could include information on phishing scams, malware infections, mobile device security, and more.

By providing employees with the knowledge needed to recognize potential threats and take the necessary measures to protect themselves and their organization from attackers, businesses can greatly reduce their risk of suffering a data breach or other malicious attack.

8. Use two-factor authentication

Two-factor authentication (2FA) is an extra layer of security that requires users to provide two pieces of evidence when logging into an account or system. Typically, this consists of something that you know (such as a password), and something that you have (such as a mobile device). By requiring two different pieces of evidence, it makes it much more difficult for unauthorized parties to gain access to confidential data.

By implementing 2FA on all accounts and systems, businesses can greatly reduce their risk of suffering a data breach or other malicious attack. Doing so will ensure that only authorized users are able to access sensitive information, which helps keep confidential data always secure.

9. Monitor user activity

User activity monitoring is an important step in protecting your organization from malicious actors. By tracking user activities such as logins, downloads, file transfers and other system changes, businesses can detect suspicious activity in real-time and respond quickly to mitigate any potential damage.

By monitoring user activity on a regular basis, businesses can greatly reduce their risk of suffering a data breach or other malicious attack. Doing so will help ensure that all systems always remain secure and confidential information remains protected from unauthorized access.

10. Regularly back up your data

Backing up your data on a regular basis is an important step in protecting it from malicious actors. By having multiple copies of your files stored in separate locations, you can recover them quickly in the event of a data loss or system failure. This ensures that sensitive data remains safe and secure even if one copy is compromised by an attacker.

Using an automated backup system is a great way to ensure that your data remains protected and secure. Your IT department can set up an automated backup process that regularly creates backups of all company files on an external drive or in the cloud, ensuring that your data will always be available when needed.

Conclusion

By following these ten tips, B2B companies can greatly reduce their risk of suffering a data breach or other malicious attack. By taking the necessary steps to maximize their data protection efforts, businesses can ensure that confidential information remains secure at all times.

The post 10 Ways B2B companies can improve mobile security appeared first on Cybersecurity Insiders.

In 1999, the United States began to shape its QIS strategy. The first document on file is a Scientific and Technical Report (STR) entitled: “Quantum Information Science. An Emerging Field of Interdisciplinary Research and Education in Science and Engineering.” This is the first report of an assortment of publications that help establish the US QIS strategy. To date, 55 publications contribute to the overall US strategy to advance QIS and quantum applications. These documents consist of Scientific and Technical Reports (STR), Strategy Documents, Event Summaries, and the National Quantum Initiative Supplement to the President’s Budget.

To begin, STRs are fundamental sources of scientific and technical information derived from research projects sponsored by the Department of Energy. On an annual basis, the US has released roughly 3.5 QIS reports (on average) since 1999; consequently, these publications make up 65% of the strategic documents related to QIS. Scientific and Technical Reports describe processes, progress, the results of R&D or other scientific and technological work. Additionally, recommendations or conclusions of research, original hypotheses, approaches used, and findings are also included. Scientific and Technical Reports have proven to be highly beneficial to researchers. STRs regularly include more comprehensive or detailed information than scholarly papers or presentations since STRs include experimental designs and technical diagrams.

Continuing, released in 2009, the National Science and Technology Council (NSTC) released the first QIS Strategy Document entitled “A Federal Vision for Quantum Information Science.” NSTC has the aim of articulating clear goals and a vision for federal service and technology investments, focusing on information technology, and strengthening fundamental research. This interagency document set conditions to coordinate federal efforts in QIS and other related fields. Furthermore, the strategy documents establish clear national goals for service and technology investments in information technologies and health research industries.

Additionally, in 2018, a Summary of the 2018 White House Summit on Advancing American Leadership in Quantum Information Science was published as an Event Summary. Event Summaries are published by the National Quantum Coordination Office (NSQO). Event summaries provide an executive summary of key engagements related to QIS. With six summaries published to date, the current theme revolves around events that promote leadership, education, outreach, and recruitment in the field of QIS. The summaries prove to be very advantageous since they provide a read-out document that can be archived to capture event background, discission topics, key takeaways, agency funding/research award announcements, next steps, and an event conclusion.

Furthermore, the National Quantum Initiative (NQI) Act, which became law in 2018, ensures the annual release of the National Quantum Initiative Supplement to the President’s Budget. This is the final document to reference which contributes to the US QIS strategy. The supplement details the current year’s efforts, progress, and budget for the National Quantum Initiative Program, along with, projecting a budget for the next fiscal year. The supplement also provides an analysis of the progress made toward achieving the goals and priorities of the NSTC Subcommittee on Quantum Information Science (SCQIS).

Since 1999, the US began charting a way to address QIS. Vision, strategy, R&D, agency coordination, funding, and QIS promotion efforts have been consistent. The strategy has also accelerated in the last five years. As advances in Quantum Science materialize, the US continues to make strides in coordinating across the Federal government, academic institutions, and industry. 21 different agencies in addition to Nobel Laureates and international partners are invested in the US strategy to address all aspects of Quantum Science. With certainty, there is a race to clearly understand all aspects of QIS and the impact it can have on our society. The US displays an inclusive, wide reaching, firm, and consistently accelerated strategy due to developments in QIS. US strategy and efforts toward QIS places the US on a path to lead the world in QIS. Simply put, the US strategy encompasses a whole of government approach, along with, collaborating with industry, academic institutions, and allies worldwide to bring to life the remarkable potential in how QIS can change the way citizens live, work, and understand the world.

“As new technologies continue to evolve, we’ll work together with our democratic partners to ensure that new advances in areas from biotechnology to quantum computing, 5G, artificial intelligence, and more are used to lift people up, to solve problems, and advance human freedom.” – President Biden

 

SECDEF Executive Fellowship Homepage

US Army Homepage

Army War College Homepage

Find Your Army Career

The post Guiding publications for US strategy on Quantum Information Science (QIS) appeared first on Cybersecurity Insiders.

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. ​

According to the Open Web Application Security Project (OWASP, 2019), broken object-level authorization (BOLA) is the most significant vulnerability confronting modern application programming interfaces (APIs). It can be exciting to pursue innovations in the API area, but while doing so, programmers must ensure that they are adequately attentive to security concerns and that they develop protocols that can address such concerns. This article will describe the problem of BOLA and its consequences, and then it will present potential actions that can be taken to solve the problem.

The problem

​OWASP (2019) indicates the following regarding BOLA: “Attackers can exploit API endpoints that are vulnerable to broken object-level authorization by manipulating the ID of an object that is sent within the request” (para. 1). For example, a hacker may access information regarding how various shops make requests to an e-commerce platform. The hacker may then observe that a certain pattern exists in the codes for these requests. If the hacker can gain access to the codes and has the authorization to manipulate them, then they could establish a different endpoint in the code and thereby redirect all the data to themselves.

The exploitation of BOLA vulnerabilities is very common because, without the implementation of an authorization protocol, APIs essentially have no protection whatsoever against hackers. To attack this kind of APIs, the hacker only needs the capability to access request code systems and intercept data by manipulating the codes, which can be done rather easily by anyone who has the requisite skills and resources (Viriya & Muliono, 2021). APIs that do not have security measures in place are thus simply hoping that no one will know how to conduct such an attack or have the desire to do so. Once a willing hacker enters the picture, however, the APIs would have no actual protections to stop the hacker from gaining access to the system and all the data contained within it and transmitted across it.

The consequences

​BOLA attacks have significant consequences in terms of data security: “Unauthorized access can result in data disclosure to unauthorized parties, data loss, or data manipulation. Unauthorized access can also lead to full account takeover” (OWASP, 2019, para. 3). In short, BOLA attacks produce data breaches. Stories about data breaches are all too common in the news, with a very recent one involving a healthcare organization in Texas (Marfin, 2022). While not all data breaches are the result of BOLA attacks, many of them are, given that BOLA is a very common vulnerability in APIs. The specific consequences of a successful BOLA attack, as well as the magnitude of those consequences, would depend on the target of the attack.

For example, if the target is a healthcare organization, then the data breach could lead to hackers gaining access to patients' private health insurance. If the target is a bank, then the hackers would likely be able to access customers’ social security numbers. If the target is an e-commerce website, then data regarding customers’ credit card numbers and home addresses would be compromised. In all cases, the central consequence of a BOLA attack is that hackers can gain access to personal information due to a lack of adequate security measures within the APIs in question.

The solution

​The solution to BOLA is for programmers to implement authorization protocols for accessing any data or codes within an API. As OWASP (2019) indicates, prevention of BOLA will require the implementation of “an authorization mechanism to check if the logged-in user has access to perform the requested action on the record in every function that uses input from the client to access a record in the database” (para. 9).

BOLA vulnerability essentially has to do with APIs and assuming that if a user has access to the information required to make a request, then they must automatically be authorized to make that request. This assumption is obviously fallacious since hackers can gain access to the information and then use it to manipulate the API even though they have no actual authorization to do so.

Therefore, preventing BOLA vulnerability requires a system that not only responds to the user’s inputs but is also able to verify whether the user is authorized to perform the desired actions (Blokdyk, 2022). For example, the system may require an external password that a hacker would not be able to find simply by perusing data and information within the API itself.

The solution to BOLA, then, is straightforward one. APIs currently focus on object IDs for authenticating requests, which is altogether inadequate from a data security standpoint. To prevent BOLA, APIs must track the users themselves and focus on ensuring that users are properly authorized to make requests, take actions, and provide inputs within the system. The BOLA vulnerability is based entirely on the fact that programmers often fail to implement such a protocol. Such implementation would eliminate the entirety of the vulnerability insofar as hackers will then not be able to access and manipulate target APIs.

Perhaps BOLA is thus a case study in humility. As programmers explore new frontiers of modern APIs, they must also ensure that they do not neglect the basics. The implementation of user authorization protocols to prevent BOLA vulnerability must be understood as a foundational element for any sound API, and doing so will address a key OWASP priority. 

References

Blokdyk, G. (2022). User authentication and authorization. 5STARCooks.

Marfin, C. (2022, July 12). Tenet Healthcare faces lawsuit after data breach affects 1.2 million ​patients. Dallas Morning News. ​​https://www.dallasnews.com/news/courts/2022/07/12/tenet-healthcare-faces-lawsuit-%E2%80%8Bafter-data-breach-affects-12-million-patients/

Open Web Application Security Project. (2019). API2:2019 broken object level authorization. ​GitHub. https://github.com/OWASP/API-Security/blob/master/2019/en/src/0xa1-broken-​object-level-authorization.md

Viriya, A., & Muliono, Y. (2021). Peeking and testing broken object level authorization ​vulnerability onto e-commerce and e-banking mobile applications. Procedia Computer ​Science, 179, 962-965.

The post Broken Object Level Authorization: API security’s worst enemy appeared first on Cybersecurity Insiders.

Ransomware is a form of malicious software (malware) that restricts access to computer files, systems, or networks until a ransom is paid. In essence, an offender creates or purchases ransomware, then uses it to infect the target system. Ransomware is distributed in several ways including, but not limited to, malicious website links, infected USB drives, and phishing emails. Once infected, the offender encrypts the device and demands payment for the decryption key. Figure 1 provides a simplistic overview of the ransomware timeline.

Figure 1. Ransomware timeline.

The earliest recorded case of ransomware was the AIDS Trojan, which was released in the late 1980s. Now, in 2023, ransomware is considered the greatest cybersecurity threat due to the frequency and severity of attacks. In 2021, the Internet Crimes Complaint Center received over 3,000 ransomware reports totaling $49.2 million in losses. These attacks are especially problematic from a national security perspective since hackers aggressively target critical infrastructure such as the healthcare industry, energy sector, and government institutions.

If ransomware has been around for over 40 years, why is it now increasing in popularity? We argue the increase in ransomware attacks can be attributed to the availability of ransomware sold on darknet markets.

Darknet markets

Darknet markets provide a platform for cyber-criminals to buy, sell, and trade illicit goods and services. In a study funded by the Department of Homeland Security, Howell and Maimon found darknet markets generate millions of dollars in revenue selling stolen data products including the malicious software used to infect devices and steal personal identifying information. The University of South Florida’s (USF) Cybercrime Interdisciplinary Behavioral Research (CIBR) sought to expand upon this research. To do this, we extracted cyber-intelligence from darknet markets to provide a threat assessment of ransomware distribution. This report presents an overview of the key findings and the corresponding implications.

Threat assessment

While drugs remain the hottest commodity on darknet markets, our threat intelligence team observed a rise in ransomware (and other hacking services). 

The study was conducted from November 2022-February 2023. We began by searching Tor for darknet markets advertising illicit products. In total, we identified 50 active markets: this is more than all prior studies. We then searched for vendors advertising ransomware across these markets, identifying 41 vendors actively selling ransomware products. The number of markets and vendors highlight the availability of ransomware and ease of access. Interestingly, we find more markets than vendors. Ransomware vendors advertise their products on multiple illicit markets, which increases vendor revenue and market resiliency. If one market is taken offline (by law enforcement or hackers), customers can shop with the same vendor across multiple store fronts.

The 41 identified vendors advertised 98 unique ransomware products. This too shows the accessibility of various forms of ransomware readily available for purchase. We extracted the product description, price, and transaction information into a structured database file for analysis. In total, we identified 504 successful transactions (within a 4-month period) with prices ranging from $1-$470. On average, ransomware sold on the darknet for $56 with the best-selling product being purchased on 62 different occasions at $14 per sale. A screenshot of the best-selling ransomware advertisement is presented in Figure 2. This product is listed as fully customizable, allowing the customer to choose their target and ransom amount. These findings illustrate that ransomware sold on the darknet is both affordable and user-friendly.

Figure 2. Ransomware advertisement found on a darknet market.

Purchases on the darknet are facilitated using cryptocurrencies that anonymize the transaction and ensure both the buyer and seller's protection. Bitcoin is the favored method of payment, but some vendors also accept DOGE, Bitcoin Cash, Litecoin, and Dash.

Our final goal was to understand which words are associated with ransomware distribution. Using the product description, we created a word cloud (presented in Figure 3) to depict the most common words used when selling ransomware. The most commonly used words include ransomware, encrypt, systems, urgency, decryption, victims, and software. Knowing the words associated with ransomware distribution allows for the development of machine learning algorithms capable of detecting and preventing illicit transactions.

Figure 3. The most used words in a ransomware advertisement.

Implications

The security concerns posed by ransomware and darknet markets have been independently identified by researchers, government agencies, and cybersecurity companies. We expand the discussion by assessing the synergetic threat posed by ransomware distributed via darknet markets. Our findings suggest the uptick in ransomware may result from product availability, affordability, and ease of use. Cyber-criminals no longer need the advanced technical skills required to develop unique forms of ransomware. Instead, they can simply purchase customizable ransomware on the darknet and launch an attack against their victims.

Acknowledgements

            This research would not be possible without the students and faculty associated with CIBR lab. Specifically, we thank Taylor Fisher, Kiley Wong-Li, Mohamed Mostafa Abdelghany Mostafa Dawood, and Sterling Michel for their continued involvement on the cyber-intelligence team. For more cutting-edge cybersecurity research, follow Dr. C. Jordan Howell, Lauren Tremblay, and the CIBR Lab on Twitter: @Dr_Cybercrime, @DarknetLaur, and @CIBRLab.

The post An assessment of ransomware distribution on darknet markets appeared first on Cybersecurity Insiders.