Author: Jane Devry

Learn how Security Service Edge (SSE) is transforming network security and protecting your organization from cyber threats. Discover the benefits of SSE and learn more about how SSE is revolutionizing network security

Security Service Edge is a novel concept in network safety that improves security by putting it closer to the network’s edge. Its implementation offers better performance and scalability than conventional security designs. 

Why Is SSE Important?

SSE is a growing industry trend that solves fundamental challenges organizations encounter regarding remote work, the cloud, secure edge computing, and digital transformation. With organizations increasingly adopting software and infrastructure as a service offerings and other cloud apps that shift their data outside on-premises data centers, organizations’ data is increasingly distributed. As of 2023, the SaaS space is more than $190 billion in value. Over the past 5 years, the SaaS industry has quadrupled in size. Moreover, more and more user populations access mobile and remote applications from anywhere and over any network to their cloud apps and data. In addition, 90% of organizations which utilize the cloud use multi-cloud solutions; data from the poll of 700  companies in 2022 indicated that customers store and handle data in more than one cloud.

Key Components of Security Service Edge

Secure Web Gateway (SWG): It provides secure access to the internet and protects against web-based threats. A SWG allows an organization to enforce security policies that filter the web traffic that passes between the employees on the network and the internet. It stops users from accessing insecure and malicious sites or content. The SWG acts as a defense line between the internet and users, monitoring the traffic in real-time and identifying anything suspicious. SWG adopts the latest security tools, such as URL filtering, malware detection, and data loss prevention. Thus an organization uses SWG to protect its users from malicious sites and have a comfortable browsing environment.

Zero Trust Network Access (ZTNA): It enables secure access to applications and resources irrespective of the network location. It is premised on the zero trust model, under which no user or device is to be taken as trusted by default, even if they are within the network perimeter. Therefore, ZTNA verifies the identity and trustworthiness of the user and the device prior to allowing access to the resources.

Cloud Access Security Broker (CASB): CASB provides visibility and control into cloud applications and data. CASB stands in between the user and the cloud service provider to allow companies to track and evaluate cloud usage, apply security policies, and safeguard company data. 

Firewall as a Service (FWaaS): FWaaS provides network security and control access to network resources. In 2019, 32% of businesses had more than 100 firewalls set up throughout their network. It serves as a blockade between internal and external networks, overseeing and screening network traffic as it enters or leaves according to established policies and security rules. This helps to avoid hacking, privacy infringement, spyware, viruses, and other risks.

Market Size and Growth

The Security Service Edge (SSE) market is moving at a fast pace as enterprises focus on protecting their networks and data. The SSE Market size will be more than USD 15 Billion by the end of 2036 with CAGR of around 26% in the forecast period, 2024-2036. The industry size of the security service edge was nearly USD 2 Billion in 2023. The development can be mainly attributed to higher demand for cloud-based security solution s that deliver security services in a more elastic and flexible manner. Furthermore, organizations will be increasingly interested in managed security services as they outsource security to expert providers.

However, the Security Service Edge (SSE) market faces challenges in terms of adoption due to concerns around data privacy, security, and compliance. Organizations may be hesitant to migrate their security services to the cloud due to these concerns. Additionally, SSE offers the opportunity to enhance security by providing a centralized and scalable security infrastructure. It enables organizations to protect their networks and data from emerging threats and vulnerabilities.

Further, SSE market is rapidly growing, with several key players leading the way in providing innovative solutions. These companies offer a range of services and technologies that help organizations secure their networks and data. For instance, 

  • Cisco Secure SD-WAN integrates security features such as firewall, URL filtering, and intrusion prevention into the SD-WAN infrastructure. 
  • Palo Alto Networks Prisma Access provides secure access to the cloud and internet for remote users, with advanced threat prevention capabilities.
  • Zscaler Cloud Security Platform offers secure access to applications and services, with advanced threat protection and data loss prevention.

Emerging Applications of SSE

Secure Access to Cloud Services 

The security service edge’s primary use case is SSE policy control over user access to the internet, web, and cloud applications. SSE policy control is also essential for risk mitigation; as end-users increasingly access content both on and off the network. The same is the case for enforcing corporate internet and access control policy for compliance among the SAAS, PaaS, and IaaS sub-segments.

Threats Detection 

Finding threats and prohibiting failed attacks over the open internet, website, and cloud service are among the most important reasons to secure the transition to SSE and, to a lesser extent, SASE. Due to users’ ability to link to content from any source or terminal, organizations must establish solid defense -in-depth barriers to malware, fraud, and other threats. 

Connect and Protect Remote Personnel 

The distributed workforce of today requires cloud service and private program access without the VPN’s inherent risks. Providing users with access to applications, data, and content without allowing them access to the network is a vital component of zero trust access because it obviates security throughout the act in the former of IP use.

Discovering and Securing Sensitive Data

It can be accomplished by SSE since SSE allows you to locate and manage sensitive data no matter where it is located. Key data protection tools are combined in an SSE platform to provide more visibility and simplicity across all data channels. Cloud DLP makes it easier to locate secure, classify, and secure sensitive data to assist Payment Card Industry and other compliance-related data policies. In addition, even after data is in the cloud, the DLP task can be much easier to handle since you only need to create a DLP policy once and promote it in-line traffic and data at rest in the cloud using CASBs.

Implementation Considerations

Network Architecture

  • Implementing Security Service Edge requires a rethinking of network architecture to ensure seamless integration and optimal performance.
  • Consider adopting a cloud-native approach to leverage the benefits of scalability, flexibility, and agility.
  • Implementing a software-defined network (SDN) can help simplify network management and improve security.

Integration with Existing Systems

  • Carefully assess the compatibility of Security Service Edge solutions with existing systems and infrastructure.
  • Ensure that the implementation process does not disrupt critical business operations.
  • Consider conducting a thorough analysis of existing systems and identifying potential integration challenges.

Security Policy Management

  • Establish clear security policies and guidelines for the implementation of Security Service Edge.
  • Define access control policies, threat detection and response mechanisms, and data protection protocols.
  • Regularly review and update security policies to adapt to evolving threats and technologies.

Conclusion

Security Service Edge is changing network security, providing a holistic and adaptable method to secure networks and their data. SSE allows organizations to use cloud-native security services that are physically delivered at the network edge, which eliminates the use of conventional security appliances and reduces complexity. Because security capabilities are built in the network infrastructure, threat discovery and response become faster and more efficient for the organizations. Cloud connectivity that can scale with companies’ requirements and changes in security risk is SSE.

Source –  https://www.researchnester.com/reports/security-service-edge-market/5829 

 

 

 

 

 

 

The post How Security Service Edge is Revolutionizing Network Security appeared first on Cybersecurity Insiders.

Password stealing malware is again rising with several attacks making the news cycle in recent months. For instance, a new password-stealing malware named Ov3r_Stealer was discovered on Facebook Ads, spreading by way of fake job opportunities. Further analysis into password-stealing malware has also revealed that one malware, in particular, is responsible for around 170 million passwords stolen in the last six months: Redline malware.  

Research shows that Redline malware obtained 170 million stolen credentials in the past six months, cementing it as a favorite among the hacking community. Still, there were other password-stealing malware variants available on the market for hackers to leverage, with the next three most popular credential-stealing malware being Vidar, Raccoon Stealer and Meta.

The stolen credentials extracted by this type of malware will be sold on the dark web and used to steal information and money from victims, especially if they are using the same passwords for other accounts. Password reuse is a problem that persists in the business world and if employees are reusing work passwords on sites or devices vulnerable to malware, this could lead to compromised passwords being used and eventually exploited by hackers on a large scale. 

Deeper analysis of password-stealing malware

Further insight into the top three password-stealing malware has been conducted to arm security professionals and businesses with the relevant knowledge to stay safe against latest threats against them, their users, and their users’ passwords.

Malware Number 1 – RedLine

The RedLine malware was first identified in March 2020 and surged in notoriety as a highly sought-after information stealer. Its primary objective revolves around the extraction of various personal data, including credentials, cryptocurrency wallets, and financial information. The information is then funneled into the malware’s command and control (C2) infrastructure.  A notable attribute associated with the RedLine malware is that it is often bundled together with cryptocurrency miners whose prime targets are users with powerful GPUs i.e. gamers.

Phishing is the main method for the distribution of RedLine malware with cybercriminals typically exploiting global events like the COVID-19 pandemic to entice victims to click on a malicious link to unknowingly download the malware. Since 2021, YouTube has been a go-to location to disseminate malware by embedding malicious links in the description of videos which are often promoting gaming cheats and cracks.

Malware Number 2 – Vidar

The Vidar malware is an evolution of the infamous Arkei Stealer, which employs sophisticated tactics to target specific regions based on language preferences, whitelisting certain countries for further infection. It initializes key strings and generates a Mutex for operation. Hackers have access to two distinct C2 versions: the paid Vidar Pro and the underground distributed Anti-Vidar associated with cracked versions. 

In 2022, Vidar was identified in phishing campaigns, often disguised within Microsoft Compiled HTML Help (CHM) files. Moreover, distribution expanded through PPI malware service PrivateLoader, the Fallout Exploit Kit, and the Colibri loader. By late 2023, Vidar was also being propagated through the GHOSTPULSE malware loader.

Malware Number 3 – Raccoon Stealer

First located on Russian-language forum Exploit in 2019, the Raccoon Stealer malware operates under a ‘malware-as-a-service’ model, enabling clients to rent it monthly. It’s advertised with the slogan “We steal, You deal!” Raccoon stealer found its niche primarily within Russian-speaking underground forums such as Exploit and WWH-Club. Expanding its reach, the threat actor began offering it on the English-language platform, Hack Forums, towards the end of 2019.

Those selling Raccoon Stealer have even been known to market the malware with “test weeks,” giving hackers the opportunity to sample the product before committing to its use. 

Issue of stolen credentials and password reuse

In the realm of cybercrime, stolen credentials are highly coveted assets. While some threat actors employ them directly for further attacks, many opt to sell them in bulk on the dark web for financial gain. The dark web, accessible only through specialized software like the Tor browser and VPN services, offers the trade of private data. This makes it a perilous space where end users’ credentials may be traded among Initial Access Brokers (IABs), posing a significant risk to organizations.

Due to the clandestine nature of the dark web and the challenges in detecting compromised credentials, organizations often struggle to ascertain if their users’ credentials have been compromised. Password reuse presents a major vulnerability, as even strong passwords can be compromised if reused on unsecure platforms. Without effective threat intelligence or scanning tools, organizations face difficulty in identifying compromised passwords listed for sale online. 

The effectiveness of password-stealing malware such as RedLine cannot be overstated, but many organizations will not have protections in place to defend against these malware threats. The issue boils down to password reuse. Continuous scanning of Active Directory for compromised passwords known to be circulating on the dark web is essential to mitigate such risks, because human behavior, including password reuse proves to be the most pervasive challenge.

All the protections and security protocols in place will unravel if employees are reusing work passwords on insecure endpoints and applications, putting the wider company squarely in the crosshairs of hackers. This analysis has detailed the tools available to steal passwords, which only compounds the overall challenge considering that 91% of users understand the risk of password reuse, yet 61% continue the practice, according to research from LastPass.

Conclusion

Ultimately, organizations need adequate password policies and protections to ensure compromised passwords are not in circulation. This can be achieved by continuously scanning the Active Directory, and there are free password auditing tools available to jumpstart the process.  Combined, threat intelligence and password protection are essential to stay ahead of the latest threats stemming from known breached passwords.

The post Stemming the Tide: Solving the Challenge of Password Reuse and Password-Stealing Malware appeared first on Cybersecurity Insiders.

New capabilities help security teams secure the SaaS AI ecosystem amid increasing adoption of AI tools, functionalities

RSA Conference–Adaptive Shield, the leader in SaaS Security, today announced breakthrough SaaS Security Posture Management (SSPM) detection and response capabilities for AI-driven applications to enable enterprises to mitigate the risks introduced by the growing use of generative AI.

Adaptive Shield will demonstrate its SSPM AI capabilities and award-winning technology during the RSA Conference 2024 in San Francisco at booth #1455, Moscone South Expo. The event takes place from Monday, May 6 through Thursday, May 9, 2024.

The workforce is rapidly adopting SaaS applications with GenAI to increase efficiency, including AI apps such as ChatGPT and Google Gimni, and AI tools within existing SaaS apps such as GitHub Copilot, Salesforce Einstein, and Microsoft 365 Copilot. According to a recent PWC report, more than half of the companies surveyed (54%) have implemented GenAI in some areas of their business.

While increasing automation and improving productivity, the use of GenAI introduces new risks including data leakage, attack surface expansion, new areas of exploitation, and privacy concerns, as well as new challenges to meet compliance and government requirements.

“The GenAI revolution requires new security strategies and organizations recognize the need to make it a priority,” said Maor Bin, CEO and co-founder of Adaptive Shield. “Some organizations are working to ban GenAI because of their unfamiliarity with the risks. Rather than attempting to block this development, they should invest in security, as it’s just a matter of time until the technology becomes ubiquitous.”

Toward that end, Adaptive Shield is announcing a product suite within its SSPM platform to help Chief AI Officers and security teams manage and control GenAI tools, featuring:

  • Security Posture for AI Apps: Delve into the security posture of any AI application within the SaaS stack and prioritize addressing application configuration drifts. Adaptive Shield provides a security score for each application, enabling security teams to pinpoint those with heightened risk levels. This includes:
    • Hygiene/risk score based on the number of security checks passed, weighted by severity.
    • Detailed security checks, filterable by domain, severity, or compliance framework. This entails step-by-step guidance and remediation cycles through any ticketing system or SIEM/SOAR.
    • Risk management pertaining to the relationship between user devices and their access to the SaaS app.
  • AI Configurations: Control AI-related security settings within SaaS applications to prevent data leakage or any exposure. This includes identifying excessive user access and determining which users possess permissions to manage GenAI features.
  • Discovery and Management of AI Shadow Apps: Identify GenAI Shadow apps, including suspected malicious applications, to automatically revoke access based on their risk level.
  • Management of 3rd Party Longtail AI-Sanctioned Apps: Oversee interconnected GenAI applications and the level of risk they pose to the SaaS hubs, including reviewing permission scopes.
  • Secure Homegrown Applications: Shield homegrown GenAI-driven applications, restricting access and configuring them securely.
  • Data Management to Maintain Data Silos: AI potentially accesses sensitive data in a more sophisticated and comprehensive manner than traditional methods. The ability of AI to analyze and correlate information from multiple sources could lead to a more extensive data exposure. With Adaptive Shield you can govern security controls to avoid data leakage.

Adaptive Shield’s industry-leading platform for SSPM and ITDR supports 150+ out-of-the-box SaaS app integrations with leading business applications, as well as any custom app.

More information about Adaptive Shield’s platform and new SSPM AI capabilities online.

To meet with an executive on the team onsite at RSAC or remotely, please reach out here.

About Adaptive Shield

Adaptive Shield, leader in SaaS Security, enables security teams to secure their entire SaaS stack through threat prevention, detection and response. With Adaptive Shield, organizations continuously manage and control all SaaS apps, including 3rd-party connected apps, as well as govern all SaaS users and risks associated with their devices. Founded by Maor Bin and Jony Shlomoff, Adaptive Shield works with many Fortune 500 enterprises and has been named Gartner® Cool Vendor™ 2022.

Contacts

Media

Chloe Amante

Montner Tech PR

camante@montner.com

 

The post Adaptive Shield Launches SaaS Security for AI at RSA Conference 2024 to Mitigate GenAI Revolution Risks appeared first on Cybersecurity Insiders.

Identity and access management (IAM) tools are important for protecting network infrastructure by setting parameters for who can access it and when. If you’re looking for the best identity and access management tools to use this year, here are some to consider.

1. Okta Workforce Identity Cloud

This cloud-based product allows users to extend IAM controls to all on-site workforce members and outside partners. The features provide the appropriate access without workflow-disrupting friction.

Key Features

What are some of the top reasons people choose Okta Workforce Identity Cloud?

  • Simple onboarding and offboarding: People can eliminate manual onboarding and offboarding when employees join or leave organizations with Okta’s one-click and automated solutions. This frees up the time IT team members previously spent setting up or deactivating accounts and access privileges.
  • Robust reporting capabilities: Quickly generate reports detailing when staff gained resource access or had it revoked. Refer to that centralized record to accurately confirm IAM trends within your business.
  • Passwordless authentication: Traditional passwords have numerous shortcomings that could facilitate cybercriminals breaking into networks. You can embrace the passwordless revolution with Okta Workforce Identity Cloud. This sign-in method saves time by offering consistent experiences across browsers, applications and operating systems.
  • Centralized control panel: Whether your brand has 50 workers or 5,000, Okta makes it easy to manage them with its Universal Directory. This feature gives authorized users a single place to create or modify parameters, making this solution one of the best IAM tools for perpetually busy IT teams.

Pricing

This Okta product uses a feature-based pricing model, allowing interested parties to pay set fees for desired capabilities. Examples include:

  • Single Sign-On: $2 per user per month
  • Universal Directory $2 per user per month 
  • API Access Management $2 per user per month
  • Multifactor Authentication: $3 per user per month
  • Device Access $4 per user per month
  • Identity Governance: $9–$11 per user per month

The above prices reflect customers with annual contracts of at least $1,500. Additionally, Okta offers volume discounts for organizations with more than 5,000 users. You can get a 30-day trial by signing up at the company’s website.

2. OneLogin

Learn about OneLogin when looking for the best identity and access management tools to serve employees and shoppers. The enterprise’s numerous solutions provide smooth experiences for everyone, bolstering cybersecurity while minimizing frustration.

Key Features 

OneLogin is a cloud-based and feature-rich platform offering capabilities including:

  • Context-aware adaptive authentication: This feature uses machine learning to create individual user risk scores based on location, device and behavior. You can also tweak how this feature responds to potential abnormalities.
  • Identity life cycle management: Use automated access provisioning tools to save time and reduce errors when granting or removing privileges. Disabling previously provided access to specific applications only takes seconds.
  • Single sign-on capabilities: Users must only enter their credentials once to access all apps. This feature saves time and prevents the hassles often arising when people use dozens of tools in their daily workflows.
  • Human resources synchronization: OneLogin can store people’s personally identifiable information, including the dates they join the organization or leave their roles. Human resources professionals can then apply customized access policies based on individuals’ circumstances.

Pricing

People interested in purchasing OneLogin for their businesses choose their desired features and pay specific monthly rates per person using them. They include:

  • Single Sign-On: $2 
  • Multifactor Authentication: $2 
  • Desktop Access: $4
  • Identity Life Cycle Management $4
  • Adaptive Authentication $5 

Contact a OneLogin sales representative to get specific pricing estimates for the features you want and to discuss the approximate number of users requiring platform access. You can also get a 30-day trial without providing credit card details by entering your corporate email at the OneLogin website.

3. Bravura Identity

Bravura Identity is an IAM tool from Bravura Security. Whether you need to secure on-premise applications or those in the cloud, it has you covered. Consider it one of the best identity management software options for strengthening your cybersecurity while remaining user-friendly to people who need to access resources at work.

Key Features

What capabilities can you benefit from as a Bravura Identity user? Here are some of them:

  • Role-based access provisioning: This feature creates a framework to link a person’s tasks to their privileges. Then, workers can easily access the necessary resources, but nothing more. That approach allows your brand to adopt a cybersecurity approach based on the principle of least privilege.
  • Customized single sign-on options: Bravura Identity has single sign-on capabilities that align with your company’s internal security policies. Then, people enjoy fast and smooth login experiences while cybersecurity remains tight.
  • Cloud-based structure: Since Bravura Identity works in the cloud, it scales with your enterprise, and allows you to remove or add users quickly. Necessary software updates also get automatically delivered upon availability, making maintenance and security patches easy.
  • Powerful reporting capabilities: Gather statistics and connect user accounts with your business’s platforms while identifying access violations or failures. The platform also shows risk management data for the organization and individual users. It allows people to notice problematic trends so they can take steps to reduce them.

Pricing

Bravura Identity offers its products through all-inclusive licensing models with no hidden costs. You can select one of these structures when purchasing it: 

  • Subscription per user: This is paid annually with a minimum three-year commitment. The company bases your total cost on a volume discount linked to people accessing Bravura Identity’s on-premise tools or those provided through software-as-a-service.
  • Perpetual per user: This license provides a permanent right to use the software. You’ll pay a one-time fee based on the number of people using Bravura Identity and enjoy a volume-based discount.

Contact the Bravura Security team today to learn more about pricing estimates based on how you plan to use this product.

4. CyberArk

CyberArk offers a unified identity security platform you can customize as your organization grows. It supports human and machine-based identities, regardless of resource, device or environment.

Key Features

CyberArk’s platform offers numerous capabilities to support modern, cybersecurity-focused organizations. They include: 

  • Adaptive multi-factor authentication: This passwordless option uses artificial intelligence-powered and risk-aware technologies to evaluate various access attempt characteristics in context. It supports dynamic access policies for apps, servers, workstations and more.
  • User behavior analytics: Benefit from a real-time artificial intelligence engine that gathers, analyzes and visualizes behavioral trends. Use the interactive dashboards to understand security events’ root causes and rely on built-in algorithms to show you risk patterns.
  • Workforce password management tools: Secure work-related credentials and notes in a cloud-based or on-premises vault. Then, control how employees can access or share the vault’s contents and specify periods for doing those things.
  • Device-based security options: Configure the platform to secure devices based on their locations, operating systems or browsers. Set specific policies as your organization requires, and then modify them from a single control panel.

Pricing

CyberArk offers three subscriptions to meet customers’ access control requirements. They cater to workforce members, privileged users and external partners. However, CyberArk does not have public-facing pricing, so you’ll need to contact a sales representative to get estimates. You can also use a 30-day trial to become acquainted with the platform before committing further.

5. Zluri

Zluri positions itself as one of the best IAM tools for securing a software-as-a-service stack and ensuring workers can access resources seamlessly. Thanks to the library of more than 800 integrations, you can also connect it to other tools.

Key Features

Here are some of Zluri’s standout access management features:

  • Purpose-built onboarding and offboarding workflows: Use the automation engine to save time and streamline steps as you change workers’ access permissions. The drag-and-drop interface allows you to get these tasks done without programming knowledge. You can even get contextual recommendations about which access permissions to give employees based on their roles.
  • Automated access approvals: Manually handling each person’s access request can be prohibitively time-consuming, especially for large businesses, or those with workers across multiple time zones and office locations. However, Zluri makes access approvals easy with automated options. Use the approval policy engine to create parameters according to organizational rules, boosting productivity without sacrificing security.
  • Automatic provisioning: Zluri also lets you provide people with the appropriate app access, provided they meet specific preset conditions. You can also review the associated access logs to see relevant trends or issues needing further investigation.
  • Built-in slack compatibility: Zluri is even more user-friendly for everyone involved if your brand already communicates through Slack. It’s a Slack-first platform that allows people to send or approve access requests directly from the app without visiting their inboxes.

Pricing

Zluri offers three pricing plans. Although you can see each one’s features, there is no public-facing cost information. Zluri also lets interested parties request live walkthroughs with company representatives at convenient times.

6. JumpCloud

People looking for the best identity and access management tools offered through all-in-one platforms should consider JumpCloud. It allows users to deploy security patches, enforce policies and handle endpoint cybersecurity in a single place, helping them stay organized and productive.

Key Features

The most exciting features of JumpCloud include:

  • Cloud-based directory: Stay informed about your organization’s access requests and policies with a centrally secure place to manage user identities and device specifics. Create, update or revoke privileges from one dashboard.
  • Conditional access: Users’ access requests have various contextual aspects, such as locations, devices and times. JumpCloud’s features can evaluate those aspects, helping users access necessary resources while reinforcing your cybersecurity policies.
  • Multifactor authentication: Use JumpCloud’s native authentication app or one from your provider to strengthen how people use passwords to access apps and other resources. Use push or time-based single-use codes, biometrics, hardware keys, and more to give users the appropriate resource access.
  • Workflow automation: Make the most of your time by setting up automated workflows for routine tasks. Maintain user identity information across your infrastructure and streamline end-to-end life cycle management.

Pricing

JumpCloud offers five subscription packages billed monthly or annually. Depending on the chosen cycle and associated features, they range from $9 to $27 per user. The company also has special pricing for nonprofits or educational institutions, and you can find out more by contacting JumpCloud representatives directly.

7. Microsoft Entra ID

If you’ve heard of Azure Active Directory, Microsoft is the same product with a new name. This cloud platform supports IAM needs associated with your employees, customers and business partners.

Key Features

Microsoft Entra ID has numerous convenient features to support your evolving security needs. Some include:

  • Unified identity management dashboard: Review and monitor all access-related specifics from one place, whether they concern on-premise or cloud-based assets. This feature also suppormulti-cloudoud environments, making it ideal for modern brands.
  • Privileged identity management solutions: These features enable limiting access to key resources, reducing the chances of adversaries disrupting critical operations. You can also review which parties have privileged access and periodically renew it.
  • Self-service portal: Allow users to take more ownership of their access needs and relieve the IT team’s password-reset burdens by exploring this thoughtful feature. Authorized parties can go to a dedicated interface showing their current access privileges and make new requests from there. Users update their security details or monitor for suspicious account activity, helping them participate in your cybersecurity goals.
  • Identity protection capabilities: Use these Microsoft Entra ID features to flag and remediate identity-related risks automatically. Enable the adaptive authentication measures to screen for malicious login attempts. You can also export the platform’s statistics into other Microsoft security products for further analysis.

Pricing

Microsoft offers several plans for those interested in Microsoft Entra ID. Users of selected cloud-based tools — such as Microsoft Azure and Microsoft 365 — can access a free tier through those platforms. Alternatively, monthly paid subscriptions range from $6 to $9 per user, depending on what’s included. Some paid plans offer 30-day trials. Contact the sales team for price estimates based on your company’s size and anticipated use cases.

Methodology

We included products in this roundup by researching vendor websites, tech review platforms and other industry sources, compiling this list based on popularity, user feedback and other factors.

Bottom Line

Finding the best identity management software requires an enterprise-specific approach. Evaluate your budget, immediate and future needs, company size, and current security posture to reach an informed and confident conclusion about ideal tools that align with your requirements. Be patient and thorough when assessing each platform to understand a product’s pros and cons clearly.

If you’re looking for the best IAM tools to replace what you currently use, get feedback from that platform’s most frequent users to learn what they’d like to see in an alternative solution. Finally, take advantage of free trials, guided product tours or other vendor resources to familiarize yourself with products before deciding. Then, you’ll be as informed as possible and ready to maximize your usage soon after choosing a platform.

 

The post The Top 7 IAM Tools in 2024 appeared first on Cybersecurity Insiders.

The general perception of hackers is that they’re Mr. Robot-esque renegades who utilize futuristic technologies in order to single-handedly take down monolithic foes, like multinational corporations or entire governments. The reality is more mundane. Most malicious actors choose the path of least resistance, such as straightforward phishing attempts, in order to acquire credentials that grant them network access. Simple tactics work, so if it ain’t broke, don’t fix it. There is one area, however, where sophisticated hacks are more common: the public sector.

The value of public sector data

Public sector data, from citizen records to national security intelligence, isn’t just sensitive, it’s also mission-critical. This kind of data can give threat actors a lot of leverage to extort large sums of money. Because of the potential value of public sector data, ambitious hackers are willing to hazard incursions into more heavily defended networks. That’s why system intrusion, a relatively complex attack pattern, continues to be a top choice for threat actors in the public sector, according to Verizon Business’s 2024 Data Breach Investigation Report (DBIR), a report that analyzed over 30,000 security incidents and 10,000 confirmed data breaches across 6 continents and 20 industries.

The motivations of public sector hackers

The public sector doesn’t just draw the more entrepreneurially-minded hackers. It also attracts more nation-state hackers, who tend to have access to more funds and resources. Such malicious actors are compelled by espionage in addition to, or sometimes in place of, financial motivations. According to the DBIR, nearly a third (29%) of malicious actors in the public sector are driven by espionage—higher than any other vertical or industry by a wide margin.

The weaker links of the public sector

Public sector data may have more layers of protection than data in other industries—stealing state secrets from the DoD, for instance, would be no simple feat—but not all public sector data is so fiercely guarded. The growing digitalization across industries has ushered in unprecedented capabilities, but data is also more distributed than ever before. In more decentralized industries, such as media and entertainment, for instance, the cybersecurity of big studios is only as strong as the third-party vendors they work with. Some high-profile hacks have taken place when valuable IP was stolen through small post-production companies that typically don’t have the resources to invest in more advanced cybersecurity systems. These vendors end up serving as a de facto backdoor for hackers who otherwise wouldn’t have been able to gain access to such valuable data. The public sector has similar backdoors. 

Institutions of scientific research and higher learning often overlap with the public sector, sometimes conducting research with national security implications, such as nuclear research or satellite technology innovations. Even though these institutions often deal in valuable data, their cybersecurity typically lag behind organizations in the public sector, such as federal agencies and departments. As a result, threat actors will sometimes perceive such institutions as relatively soft targets for high-value data.

Changing the culture around cybersecurity

One reason why academic institutions lag with regard to cybersecurity is culture. Institutions of higher learning promote values such as collaboration and the free exchange of ideas. These values may be conducive to academic rigor, but it can make researchers, academics and students more lax in their digital communications.

Training researchers and academics (and employees and users in most industries) to spot the most common social engineering tactics can go a long way toward protecting such institutions. According to the DBIR, the vast majority of security incidents and 68% of full breaches involve the so-called “human element,” essentially human error—the very factor social engineering preys upon. If users are apprised of typical pretexting, phishing, vishing and other social engineering methods, they’re much less likely to fall victim to one of these attacks. 

Save them from themselves

Cybersecurity education can help, but it isn’t foolproof. These institutions are built upon notions of intellectual collaboration. Eliminating that culture altogether isn’t realistic, but you can remove some of the guesswork with stricter access control. Additionally, incorporating more rigid multi-factor authentication for devices and networks can prevent cyber gaffes, especially in this age of distributed workforces and remote learning. 

Trust no one

The case for a zero trust approach to cybersecurity is especially strong in the public sector, given the sensitivity of its data. Zero trust takes a “never trust, always verify” approach to cybersecurity—a model that acknowledges the reality that security threats can come from anywhere, including from within an organization. A zero-trust approach not only requires strict authentication of users, but it also applies the same rigor to applications and infrastructure, including supply chain, cloud, switches and routers.

The public sector can strengthen its cybersecurity as a whole by shoring up its weak points. Part of that is structural. Part of it is cultural. Much of scientific and academic research hinges on applying healthy doses of skepticism. If they can apply some of that same skepticism to digital communications, the wider public sector will be the better for it. 

The post Defending Against Hackers in the Public Sector Is a Different Beast appeared first on Cybersecurity Insiders.

Today’s digital transformation is rapidly changing the IT and cybersecurity landscape: Remote work and the  increased shift to the cloud has broadened the attack surface, introducing new vulnerabilities as employees  connect from everywhere. This situation is compounded by the rise of sophisticated cyber threats, like  ransomware and phishing, demanding proactive defensive security measures.  

Addressing these challenges, Syxsense Enterprise offers a comprehensive solution engineered to reduce an  organization’s attack surface and risk profile.  

Syxsense Enterprise is the world’s first cloud-based IT management and cybersecurity solution that combines  patch management for operating systems and third-party applications, security vulnerability scanning, and  remediation with a powerful no-code automation engine. This combination delivers a complete, unified  solution that supports patching, security, and compliance needs efficiently. 

What level of visibility do you have into vulnerabilities across your IT environment?

About half of the respondents (49%) have high or complete visibility into vulnerabilities across their IT environment, while the other half (51%) have, at best, only a moderate level of visibility. This is concerning, as lack of visibility can lead to unaddressed vulnerabilities and subsequent breaches

Source: 2023 State of Vulnerability Management Report produced by Cybersecurity Insiders

COMPLETE VISIBILITY AND MANAGEMENT OF IT ASSETS 

According to a 2023 Cybersecurity Insiders vulnerability management survey, 49% of the respondents have  high to complete visibility into vulnerabilities across their IT environment, while the other half (51%) have, at  best, only a moderate level of visibility. Syxsense Enterprise addresses this challenge by providing complete  visibility and management of IT assets regardless of their operating system (Windows, Mac, Linux, iOS and  

Android) or location (roaming, at home, on the network, or in the cloud). This is achieved through a live, two way connection to devices, providing real-time data that enables not just automated remediation but also  more accurate compliance reporting. 

ROBUST ENDPOINT MANAGEMENT  

The platform’s endpoint management capabilities deliver  critical intelligence on operating systems, hardware, software  inventory, and a complete endpoint timeline. This feature ensures that any missing patches, from the operating system  to third-party applications like Adobe, Java, and Chrome, are  immediately visible, presenting a clear picture of device changes over time. This allows security and IT operations teams to scan, track, prioritize, and customize security and patching actions, focusing on the most critical patches relative to exposed risk. 

With additional features such as pre-built security vulnerability remediations, a policy-based, Zero Trust  evaluation engine, and extensive integration capabilities with ITSM tools through its Open API, Syxsense  Enterprise addresses the multifaceted challenges posed by current IT and cybersecurity trends. It not only  ensures the security of systems but also supports robust audit and compliance initiatives, including compliance  proof, ultimately enabling organizations to maintain operational efficiency and security. 

UNIFIED SECURITY VULNERABILITY MANAGEMENT  

Syxsense Enterprise also offers a single console for vulnerability scanning, remediation, and advanced  policy automation. Coupled with endpoint management, this unified approach enables teams to work from  a singular information source that is fully aware of the environment’s health and each endpoint’s state.  Such comprehensive visibility is critical for improving security, making smarter decisions to reduce risk, and  maintaining compliance through actionable insights. 

Furthermore, the integration of endpoint management and remediation workflows alongside a Zero Trust  evaluation engine allows organizations to build trusted profiles for enterprise devices and verify each device is  in a trusted state before granting access, ensuring a seamless blend of security and management capabilities. 

ENHANCED PRODUCTIVITY WITH NO-CODE AUTOMATION AND ORCHESTRATION 

At the core of Syxsense Enterprise is Syxsense Cortex™, a no-code workflow designer that enables operational staff to orchestrate complex IT and security processes without needing specialist scripting skills. Cortex is designed to streamline IT and security operations through automated endpoint and vulnerability management, enabling organizations to concentrate on their core business objectives rather than being bogged down by IT and cybersecurity risks.

KEY CAPABILITIES

Syxsense Enterprise distinguishes itself with an array of innovative features that empower organizations to  streamline processes, enhance security, and ensure comprehensive endpoint management: 

  1. Syxsense Cortex™ Workflow Builder: An intuitive, no-code automation and orchestration builder  that simplifies complex IT and security processes with a drag-and-drop interface. Syxsense Enterprise  includes an extensive library of pre-built Cortex™ playbooks, ready to deploy at the push of a button  for effective management and monitoring of devices. 
  2. Security Policy Enforcement: Easily implement a Zero Trust approach for continuous evaluation  and authentication of both user and device, alongside automatic remediation of noncompliant  endpoints to enforce compliance with security policies. 
  3. Vulnerability Scanning and Remediation: Automatically identifies and resolves vulnerabilities upon  detection through policies triggered by predefined conditions. 
  4. Vulnerability Database: Features over 3,800 common configuration vulnerability fixes and more  than 1,500 security remediation workflows. These are designed to conditionally respond to behavioral and  state changes and are available as standalone tasks or as part of automated policies on local systems.
  5. Unified Secure Endpoint Management with Open API: Cloud-native and OS-agnostic,  Syxsense supports cross-platform management (Windows, Mac, Linux, iOS, and Android), enabling  the administration of desktops, laptops, servers, virtual machines, and mobile devices (MDM) from  a single console. Syxsense Enterprise includes software distribution, feature updates, configuration  management, a network map, and troubleshooting tools like remote control.
  6. Patch Management and Deployment: Detects OS and third-party patch updates and security  configuration issues, prioritizing the management and deployment of updates to devices at critical  risk. It keeps systems up to date on releases, prioritizes critical patches, and targets vulnerable devices  with accurate detection and rapid deployment.  
  7. Customizable Dashboards: Allows customization and sharing of discoveries and actionable  insights with key stakeholders through interactive visualizations of vital security metrics.
  8. Compliance Reporting: Generates proof of compliance reports for audits by regulatory agencies,  covering standards like HIPAA, PCI, and SOX.

KEY BENEFITS

Exploring the benefits of Syxsense Enterprise, we highlight how it enhances security, improves  operational efficiency, and drives cost savings for organizations: 

  • Reduced Risk of Security Breaches: The risk of data breaches and unauthorized access  due to exploitation of unpatched vulnerabilities is markedly reduced with Syxsense Enterprise’s  comprehensive approach to vulnerability scanning and remediation. The capability to quickly  identify and address vulnerabilities is crucial, especially when considering that 44% of  organizations report systems with unintended open access and 24% have reported breaches  caused by unaddressed vulnerabilities.  
  • Improved Security Posture & Uninterrupted Productivity: Syxsense Enterprise offers  real-time visibility into all devices within an organization, identifying those in need of patches or  harboring vulnerabilities. This enables IT teams to prioritize critical tasks effectively, ensuring that  productivity remains uninterrupted, contributing to a remarkable 80% reduction in unplanned  downtime.
  • Improved Productivity & Reporting: With Syxsense, reporting on key IT infrastructure  metrics becomes effortless, from patch status and time-to-patch to compliance with regulatory  requirements. This streamlined reporting contributes to a 30% decrease in IT support cases  related to maintenance. Moreover, the solution facilitates a more than 50% faster resolution of IT  support cases, underlining its efficiency-boosting benefits.
  • Cost Savings Through Automation: The solution offloads tedious tasks, allowing IT  professionals to redirect their focus on more strategic initiatives. Specifically, Syxsense has  been shown to reduce patch management resource needs by up to 90% by automating policy  application and software installation, freeing up significant amounts of time for IT staff.

DEPLOYMENT

As a cloud-native software vendor, Syxsense delivers its solutions via Software as a Service (SaaS), ensuring  a seamless integration into existing IT infrastructures without the need for additional hardware investments.  This cloud-based delivery model not only facilitates rapid deployment and scalability but also offers the  flexibility required to adapt to evolving security needs.

Speed of Deployment  

One of the standout features of Syxsense Enterprise is its quick deployment time. Organizations can have the solution up, configured, and operational within 15 minutes, a stark contrast to the days or even weeks required for deploying traditional IT management solutions. This rapid deployment capability is especially beneficial in scenarios requiring swift action to mitigate existing vulnerabilities or to enhance IT management efficiency without significant downtime.

Subscription Pricing

Syxsense operates on a subscription-based pricing model, which is dependent on the number of endpoints managed. This model allows for a scalable and flexible approach to pricing, ensuring that organizations can tailor their subscriptions according to their specific needs and growth trajectories. Additionally, for Managed Service Providers (MSPs), Syxsense offers specific packaging options, enabling MSPs to utilize the platform both for managing their endpoints and for offering vulnerability management services to their clients.

Free Trial

Prospective clients can explore the benefits of Syxsense through a free trial, available for up to 50 devices and 50 mobile devices for 14 days. This trial offers organizations the opportunity to evaluate the solution’s effectiveness and ease of use in their environment before committing to a subscription. 

CONCLUSION

In summary, Syxsense Enterprise stands out as a unified solution tailored for the modern digital enterprise, tackling the multifaceted challenges of endpoint and vulnerability management with a comprehensive, efficient, and scalable approach. By providing detailed visibility, control over endpoints, and a suite of automated vulnerability management and remediation tools, it enables organizations to safeguard their IT environments against the evolving threat landscape while ensuring compliance and operational efficiency. In essence, Syxsense offers a robust platform that not only fortifies an organization’s cybersecurity framework but also streamlines its IT operations. Its comprehensive approach to managing security, efficiency, and compliance across a variety of use cases makes it an extremely valuable asset in the arsenal of modern IT and cybersecurity teams.

ABOUT SYXSENSE

Syxsense is the world’s first software vendor providing cloud-based, automated endpoint and vulnerability management solutions that streamline IT and security operations. With our advanced platform, businesses gain complete visibility and control over their infrastructure, reducing IT risks and optimizing operational efficiency. Our real-time alerts, risk-based vulnerability prioritization, pre-built remediations, and intuitive automation and orchestration engine enable organizations to focus on their core business goals—confident in the knowledge that their enterprise is secure, compliant, and running smoothly

 

The post PRODUCT REVIEW: SYXSENSE ENTERPRISE appeared first on Cybersecurity Insiders.

The spectre of foreign interference, ranging from corporate espionage to intellectual property theft, poses significant threats to organisations striving for competitive edge.

Against this backdrop, the release of the 2024 Insider Risk Investigations Report by the DTEX i3 team underscores the imperative for robust cybersecurity measures and collaborative defence strategies within the business community.

Cybersecurity expert and J2 Software CEO John Mc Loughlin says this comprehensive report serves a dual purpose – to provide insights into the world of insider threats and to advocate for enhanced cooperation in safeguarding corporate interests.

“With a notable 70% increase in demand for protection against foreign interference since 2022, organisations are increasingly recognising the urgency of fortifying their defences. The report offers invaluable behavioural analyses within the framework of the Insider Threat Kill Chain, aiding organisations in mitigating risks associated with data breaches, system tampering, and inadvertent data leakage,” he explains.

Of particular concern is the revelation that foreign state actors are engaging in sophisticated social engineering tactics to exploit insiders and achieve their clandestine objectives. This includes espionage, intellectual property theft, and infiltration of critical infrastructure, all integral components of broader strategic manoeuvres aimed at undermining organisational integrity.

The proliferation of socially engineered insiders and legitimate talent programs further exacerbates these risks, facilitated in part by advancements in artificial intelligence.

However, the report underscores that bolstering insider risk programs alone is insufficient in the face of evolving threats. Collaboration between public and private sectors is essential, with organisations urged to share insights, refine skills, and cultivate partnerships to enhance their defensive capabilities.

Notable entities such as the US Insider Risk Management Centre of Excellence and the Australian Insider Risk Centre of Excellence exemplify the importance of collaborative initiatives in addressing these challenges.

Moreover, the blurred distinction between internal and external threats necessitates a holistic security approach that transcends traditional boundaries. Understanding human behaviour emerges as a pivotal component in early threat detection and mitigation.

“By fusing technology with psychological insights, organisations can better identify behavioural patterns indicative of malicious intent, thereby strengthening their defensive posture,” he stresses.

Central to this endeavour is the cultivation of bidirectional loyalty within organisations, fostering a workforce characterised by transparency, respect, and mutual trust. Such an environment not only enhances organisational resilience but also serves as a deterrent against external manipulation.

“The 2024 Insider Risk Investigations Report serves as a call to action for businesses to prioritise cybersecurity and adopt collaborative defence strategies. Its actionable insights and recommendations provide a roadmap for fortifying defences against the pervasive threat of foreign interference, underscoring the imperative of unity and collaboration in safeguarding corporate assets,” he concludes.

The post Combatting foreign interference appeared first on Cybersecurity Insiders.

The cybersecurity landscape is undergoing a rapid and alarming transformation. The once impregnable castle-and-moat defenses are proving inadequate in this new hybrid world. This article delves into two potent concepts shaping the future of information security: Zero Trust and Security Service Edge (SSE). We’ll delve into their fundamental principles and demonstrate how they effectively tackle the challenges of the modern digital landscape.

The landscape of cybersecurity has undergone a dramatic transformation. The rise of remote work has shattered the walls of traditional network perimeters.  Meanwhile, cyber threats have grown more sophisticated, employing ever-evolving tactics to bypass static defenses. In this new reality, organizations require adaptable security measures to keep pace with the changing tides. Zero Trust and SSE offer a compelling path forward.

At its essence, Zero Trust disrupts the traditional model of implicit trust within a network. It operates on the premise of constant verification, irrespective of a user’s location or device. This perpetual scrutiny ensures that only authorized users are granted access to the resources they require, thereby minimizing the potential harm from breaches or insider threats. The surge in remote workforces amplifies the relevance of Zero Trust, as it eradicates the false sense of security provided by a physical network perimeter.

Zero Trust isn’t just a response to the remote work revolution but a powerful tool against increasingly sophisticated cyber threats. Traditional security models often rely on perimeter defenses, which determine attackers can breach. Zero Trust, focusing on least privilege access and continuous verification, throws up a more robust shield. This layered approach makes it significantly harder for attackers to gain a foothold within a system.

The growing emphasis on data privacy further strengthens the case for Zero Trust.  Organizations are under increasing pressure to ensure granular control over access to sensitive information. Zero Trust’s principle of granting only the minimum access necessary aligns perfectly with this need. By restricting access, organizations can safeguard sensitive data, reduce the risk of unauthorized exposure, and ensure compliance with data privacy regulations.

While Zero Trust and SSE offer substantial benefits, it’s important to recognize that their implementation is not without challenges. Organizations may grapple with legacy infrastructure that wasn’t designed with Zero Trust principles in mind. Meticulous planning and integration strategies are vital to ensure a seamless transition. Moreover, a transition to Zero Trust often necessitates a cultural shift within the organization.  Employees accustomed to more lenient access controls may resist stricter security measures. Effective communication and education are pivotal in overcoming this resistance and fostering a security-centric mindset among the workforce. Finally, striking a balance between the need for robust security and the agility required for day-to-day operations can be a delicate task. Finding this equilibrium and ensuring scalability are crucial for long-term success.

Fortunately, technology offers a powerful ally in overcoming these challenges. Artificial Intelligence (AI) and Machine Learning (ML) can significantly enhance threat detection by identifying anomalies and suspicious patterns within network traffic. This allows for swifter responses to potential security incidents, minimizing possible damage. Additionally, the rise of cloud-native security solutions dovetails perfectly with the principles of SSE. By leveraging security measures built for cloud environments, organizations can achieve greater agility, scalability, and a dynamic security posture that adapts to the evolving threat landscape. Automation and orchestration can further streamline complex security processes associated with Zero Trust. By automating routine tasks and orchestrating responses to security events, organizations can reduce the risk of human error, improve operational efficiency, and ensure a more consistent and resilient security posture.

Zero Trust and SSE are more than just the latest trends in cybersecurity; they represent a strategic imperative for modern organizations. The ever-evolving threat landscape demands a proactive approach. Zero Trust and SSE offer a solution, providing the flexibility and resilience needed to navigate the complexities of today’s digital world. By embracing these strategies, cybersecurity leaders are empowered to fortify their defenses, safeguard sensitive information, and adapt to the dynamic nature of cyber threats. 

In conclusion, Zero Trust and SSE represent a technological shift and a fundamental change in how organizations approach cybersecurity. This shift empowers them to thrive in an era of continuous digital transformation and emerging threats.

The post Navigating the Future: Zero Trust and SSE in Cybersecurity Leadership Strategies appeared first on Cybersecurity Insiders.

Because of the growing complexities of enterprise IT infrastructure, the concept of “data fabric” has been attracting attention in recent years. As organizations expand and work with more information from growing numbers of sources, they need more efficient ways to access and manage their data in a secure manner.  This reality is reflected by the significant growth of the data fabric solutions market.

Essentially, data fabric is an approach to managing and integrating data, aimed at enabling access to information across the enterprise in a versatile, iterable, and augmented way. It addresses the difficulties encountered by many organizations in gathering, linking, consolidating, and delivering information to users from disjointed sources.

However, data fabric is not just about enabling access. As a concept, it can also serve as a model for enhanced security governance. It can guide the orchestration of security solutions to maximize cyber defenses through improved governance.

The Data Fabric and Cybersecurity Connection

The data fabric concept can translate into an architecture that creates an end-to-end integration of various data pipelines, including data from cloud environments. Thus, a data fabric architecture exists when there is comprehensive consolidation of all data in an organization, which ensures efficient but secure access to data. This usually entails the unification of IT governance, data systems, as well as security and privacy controls. 

Organizations benefit from data fabric architecture because it is designed to be open for a wide range of integration. It supports extensive scalability because it ensures that data from any storage location or operating system can be consolidated frictionlessly. It ensures that team members and services can access the data they need in real-time to support dynamic analysis, financial strategy models, optimization initiatives, marketing campaigns, and any number of other activities.

So how is data fabric related to cybersecurity in the context of data fabric architecture? The relationship is demonstrated by the idea of a data security fabric. Under this concept, cybersecurity and data fabric merge to create a data protection solution that provides comprehensive coverage, capable of protecting all types of data, regardless of the source.

A data security fabric ensures that information is protected in view not only of the changing threat landscape but also with respect to the new realities of IT deployments at present. Enterprises are now using multi-cloud and hybrid environments that entail new challenges in terms of visibility, management, and security. As such, enterprises need a model that can scale with the changes in their infrastructure. They need enhanced controls and monitoring capabilities over their data. Additionally, they need an approach that is in line with regulatory requirements.

Centralized Security Visibility and Scalability

One of the key challenges in modern IT is the expansiveness and complexity of enterprise infrastructure, which make it difficult to proactively manage all data. This is particularly true for organizations that operate in multiple geographical locations. They inevitably employ multiple storage locations, databases, and potentially different policies for data management and security.

Without a sensible approach to security visibility, it will be difficult to keep everything in order. The data fabric model provides a way to harmonize the differences brought about by the multitude of components and policies. It addresses the risks of developing data and application silos, which make security solutions less effective and worsen vulnerabilities and the proneness of attacks.

What makes the data fabric model so potent in this context is that it can be applied to small operating units or subsidiaries first for a more manageable implementation. The different implementations can then be expanded to consolidate all data security controls harmoniously. 

This flexibility and scalability allow organizations to test out the model first, until they can get the hang of it and apply it to the entire enterprise infrastructure.

Improved Protection and Security Policy Enforcement

Data fabric architecture is also a boon to security governance because of the enhanced controls it enables. It provides wide-ranging protection, the integration of different technologies, and security automation.

A focus on data security fabric makes it easier to protect data across different platforms or environments, including hybrid setups and on-premise storage. Governance solutions can seamlessly interoperate with different cloud providers. They can also secure structured, semi-structured, and unstructured data. In a way, they provide a framework for security standardization across different environments while providing the ability to centrally manage data assets.

Integration is a key benefit of the data fabric architecture, and this significantly bolsters security governance by bringing together different data ecosystems to make them easier to manage. By integrating existing security and data ecosystems, organizations can correlate security information to aid the detection of anomalous activities, privilege escalation attempts, data exfiltration attacks, and other security issues. Consolidating security information helps minimize threat detection false positives, reduce security notification noise, and facilitate the prioritization of more critical threats.

Moreover, data fabric security is compatible with security automation. It supports the automated discovery of ungoverned data assets while enabling the continuous monitoring of data-related activities to detect and address anomalies and potentially harmful actions. Data fabric security solutions are designed to ensure uninterrupted threat activity analysis while taking away the need for inefficient and costly manual actions.

Compliance Made Easy 

Data fabric architecture is designed to help enterprises ensure compliance with regulations on data handling and security. Organizations that adopt this architecture will automatically follow a data management approach that emphasizes centralized management, extensive security visibility, security policy enforcement, granular access control, and auditability. 

These attributes conform with the foundational goals of almost all data privacy and security regulations, which require organizations to ensure that they have full oversight over their data, the ability to implement all applicable security policies, and the means for efficient data forensics in cases of data breaches.

While cybersecurity pundits often argue that security regulation compliance does not equate with real security, it makes sense to acknowledge that security laws or regulations provide a good security benchmark. Compliance serves as a good first line of defense, especially for organizations with little experience and proficiency in data security.

Data fabric security does not automatically mean compliance with all data regulations, though. It is an excellent starting point for ensuring compliance. It makes it easier to observe best practices and keep up with updates in regulations.

Conclusion

Data fabric is not just some arbitrary buzzword that is set to fade into oblivion as new trends emerge. Its core concept captures the need to harmoniously bring together new data technologies and security approaches, something that is unlikely to change in the foreseeable future. The data fabric architecture indubitably augments security governance as enterprises deal with ever-increasing data infrastructure components, data ecosystems, and regulations. 

 

The post How Data Fabric Architecture Helps Enhance Security Governance appeared first on Cybersecurity Insiders.

U.S. officials and private security experts have warned that this country’s physical infrastructure is being threatened by growing stealth attacks from sophisticated nation-state adversaries and criminal hacking rings. Hackers linked to a Russian military intelligence unit have taken credit for striking multiple water utilities in Texas already this year. Each time, the Russian attackers have reportedly posted videos on social media to show off their manipulation of software interfaces that are used to control physical equipment inside the water plants. Officials believe that one attack in January caused a tank at a Texas water facility to overflow.

In recent Congressional testimony, FBI Director Christopher Wray openly warned that China’s hackers “are targeting our critical infrastructure—our electrical grid, our oil and natural gas pipelines, our transportation systems—and the risk that poses to every American requires our attention now.”

When the FBI chief feels compelled to issue such a candid statement before Congress, that seems like an apt time for the American public to consider the core structural issues behind this alarming threat. 

The Difference Between IT Cybersecurity and OT Cyber Risk

First off, it is critical to make a clear distinction between cybersecurity and cyber risk management. Cybersecurity involves securing all of an organization’s information technology (IT) and data, which is the domain of CISOs and security operations centers. However, facilities operators are largely responsible for securing the operational technology (OT) that’s used to manage physical plants for power, transportation, and energy systems.

OT components include controls for heating and cooling, telecommunications, and building cameras and security systems. Often, there may be a gap or gray area between the CISO and OT manager regarding who oversees facets of OT security and risk for certain systems and devices. Vulnerabilities can include backdoors that are hidden in equipment to install malware that later compromises related systems and devices. Other threats involve cutting off power sources to damage hardware, or shutting down machines to cause system failures.

Cyber risk management accounts for the probability of these attacks and the estimated severity of various types of incidents. In this way, businesses can model the potential damages that a successful attack would inflict. A cyber risk management approach needs to recognize an organization’s state of cybersecurity at any point in time, but it also must calculate how much the business is targeted based on its industry, size, location, customer base, and other parameters.

CISOs in critical infrastructure industries face the risk of securing their enterprise IT infrastructure and OT environments with equipment that is continually connected to the internet for management and maintenance. This connectivity of applications and infrastructure creates a vector that can expose equipment to cyber incidents and ransomware attacks. When threat actors succeed with a ransomware attack on an OT system, the disruptions can lead to production shutdowns, fulfillment delays, and damage to the brand’s reputation, as well as a maze of safety, legal, and regulatory concerns.

Taking Steps to Analyze and Prevent OT Cyber Risk

Cyber risks are all too abundant at OT facilities, from employees who lack training on how to recognize phishing emails to partners who lack basic cybersecurity programs. The risks can also involve contractors who are improperly onboarded and offboarded, or acquired facilities that never implemented basic cyber hygiene practices such as password management policies.  

To address this multifaceted problem from all sides, CISOs and CFOs need to get a better handle on the many complex scenarios they face, and which security measures should receive top priority based on a cost-benefit analysis. They also need to develop repeatable practices to quantify cyber risk in monetary terms and to evaluate the ROI of mitigation strategies. This approach optimizes cybersecurity investments while also preparing the organization to obtain adequate cyber insurance coverage in compliance with recent SEC regulations on cybersecurity.  

New strategies for OT risk mitigation include cyber risk quantification and management (CRQM) tools that give CISOs and CFOs an advantage by assessing the full range of business damages that could be caused by vulnerabilities. CRQM tools help by thoroughly analyzing the impacts of any potential cyber incidents, and then prioritizing the top sources of risk for mitigation. Cyber risk assessments can also enhance cybersecurity assessments by adding contextual information to the evaluation. In this way, organizations can proactively manage their cyber risk portfolio to prioritize risk mitigation projects and make clearly informed cybersecurity investment decisions. 

With more dangerous foreign attacks escalating on U.S. infrastructure almost every day, it is no longer practical to overlook or disregard the potentially devastating risks that lurk in our mundane operational technology. More comprehensive cybersecurity and cyber risk assessments will be needed to guard against these attacks and their potential harm to critical infrastructure and the American public.

 

The post Don’t Overlook the Cyber Risks for Operational Technology appeared first on Cybersecurity Insiders.