Author: Katrielle Soussana

With results from more than 100 professionals in cybersecurity, Armis released a survey that explored the risks and struggles within the industry as the environment changes. As the landscape of cybersecurity changes rapidly, security intel being reported to companies may be constantly outdated.

According to the results, while top management in companies in the past 6 months have spent more time involved with cybersecurity concerns, almost 23% of the professionals surveyed believed that board members are not involved enough.

Respondents have also reported that many of their companies have started tightening their security protocols within the last 6 months. Still, 75% had not completed a thorough risk assessment in the same period of time. This is a big issue for security.

Andy Norton, European Cyber Risk Officer at Armis, explained, “Given how fast things evolve in most of today’s environments, six months can be an eternity.”  

If risk assessments are performed over six months apart, then security professionals are providing top management with out-of-date information that could be giving threat actors a major head-start.

“Organisations can and should aim higher, particularly as capabilities now exist for performing continuous risk assessments, which can help them achieve the next crucial step towards risk assessment maturity,” he said.

Indeed, the results also pointed out that the top five priorities for cybersecurity include risk assessment as well as asset visibility, security awareness training, compliance, and threat detection and incident response, and some of the risks that companies need to be looking at are employee actions (think: accessing risky websites and applications on company networks), lack or limited asset visibility, and bad patch management practices.

This is especially important these days as 60% of respondents noted an increase in security alerts, and over half were concerned about the UK CNI (Critical National Infrastructure) and how it would hold up against potential Russian attacks.

NATO countries and organisations must reinforce their defences, as vulnerabilities increase, Norton noted. This is especially important due to the lack of timely information. “There is room for improvement when it comes to providing business leaders with real-time information that will help them allocate the right resources and make the best decisions regarding their cybersecurity strategies.” 

Without timely and up-to-date information, companies will struggle to keep up with the rapidly changing landscape in cybersecurity. Threat actors will always be ahead, the Armis survey suggests, unless companies fortify their security practices while targeting and remediating their vulnerabilities.

The post Out of Date Risk Assessment Intel is Damaging Company Security says Armis appeared first on IT Security Guru.

“Identity is the number one security concern.” Tim Nursall, Field Engineer at Illusive spoke at Infosecurity Europe last week on identity risk and the Analysing Identity Risks Report.  

 

So, what is identity risk? With the migration of networks to the cloud and the overall shift towards remote work and off-premises devices, the historically understood network perimeter has changed entirely. Through endpoint vulnerabilities and privileged credentials, attackers can now breach a system through a multitude of doors.  

The Analysing Identity Risks (AIR) report, presented by Tim Nursall of Illusive Networks, elucidates the patterns and security weaknesses of companies as they pertain to identity risks. These are, in fact, more common than one might imagine! 

Nursall explained the danger of identity risk through data collected for this report. It was found that 100% of Illusive audits showed privileged identity risks and that one out of six endpoints and servers have exploitative identity risks. Additionally, the audits determined that 87% of local administrators remained unenrolled in privileged account management solutions and that 55% of exposed privileged identity credentials were stored in browsers. Easily accessible browsers. 

And what about passwords? According to the Illusive audits, 62% of local administrator passwords had remained unchanged for more than one year, 17% for more than five years, and 1% for over ten years. Ten! 

There is also a trend towards the misconfiguration of privileged identity access in companies that AIR has analysed. 40% of shadow administration risks can be exploited in one single step, and 13% of shadow admin still have domain administration privileges. Why, Illusive might ask its clients, does a general employee who, years ago, set up the company website, still have enough privileged access to take down the domain entirely?  

While yes, Nursall said, it is important to scan for risks and vulnerabilities of the network itself, it is just as important (perhaps even more so) to recognise those identity risks in the organisation. Without protecting against identity risks, a vulnerability management program is overall ineffective. This is because all organisations have identity risks, and all organisations must continually focus on discovering and remediating them. And it doesn’t just stop there: Illusive helps its clients create a management program for keeping identity risk away, permanently.  

 

 

The post A Vulnerability Management Program is Nothing Without Identity Risk Protection appeared first on IT Security Guru.

“An attacker only has to be right once, but the defender must be right all the time.” Etay Maor, Sr. Director of Security Strategy of Cato Networks, disagrees. According to him, this is one cybersecurity myth he wishes to dispel.  

 

Cato Networks, a cloud-native service that offers network connectivity and security to its customers, was represented at Infosecurity Europe in London 2022 by Senior Director of Security Strategy, Etay Maor. Having researched into patterns and activities of threat actors, he came armed with memes and alternative perspectives on how the cybersecurity industry ought to move forward as we transition to cloud. 

It is a common idea the attacker must only be right one time for them to infiltrate a secured network and the defender must be right all the time. According to Cato, with one brilliantly effective security system, it is just the opposite. Instead, the attacker must get past every single entry-point and gap in the system. He must be right all the time. There is never only one point of failure in a system, but many. A breach, Maor says, is in fact the failure of an entire system of security, not just one vulnerability. But how is this done? 

The trick to cybersecurity, he explains, is to understand the adversary, and to understand the company network. Attackers are advancing quicker than us alongside the shift from on-premises networking to cloud. This calls for a reassessment of the cybersecurity approach. Maor suggests approaching this defence in a military manner, by asking the following three questions:  

  • What do I know about my adversary? 
  • What does my adversary know about me? 
  • What do I know about myself? 

While a company may have a certain idea of their on-premises or cloud network, the attacker has an entirely different understanding. An understanding that is altogether based around the chokepoints and gaps. So beyond knowing simply what type of attack has occurred, it is even more integral to know where the gaps are at every single point in the system. Ransomware, for example, has major chokepoints at infiltration, networking, and exfiltration. The last of which, he explains, is on the rise. 

Maor’s research presented some other, perhaps surprising results. For example, the origin of most attackers is not Russia or China as one might expect, but the United States of America. Additionally, the most used applications on office networks are ones such as TikTok and YouTube and the newest threat types include those by crypto-miners and RCE’s, which bring about an all-new set of security risks. 

So, how does Cato protect its clients? By understanding the adversaries. By combining visibility with cloud security. By identifying gaps and chokepoints, by testing systems, and converging the three values of actionability, timeliness, and reliability, each of which must be present in a network to fully protect them.  

 

The post A Research of Threat Actor Activity & Myths Busted by Cato Networks appeared first on IT Security Guru.

Vice President of Product Marketing at Cato Networks, Eyal Webber-Zvik, representing the world’s first SASE platform, spoke last week at Infosecurity Europe. Topic of discussion? Cloud-native single pass processing in action. 

 

Following Gartner’s introduction of Secure Access Service Edge (SASE) as a concept in 2019, Cato Networks was able to build the world’s first SASE platform, the convergence of wide area networking (WAN) and network security devices into one single cloud-delivered service. Customers of Cato can now move away from multiprotocol label switching (MPLS) and towards a more secure and connective SASE cloud. But how does it work? 

Cato provides a secure network for its customers, all in the cloud. At over 65 Points of Presence (PoPs) worldwide, there exist multiple nodes each with multiple copies of a Single Pass Cloud Engine (SPACE). Innovated by Cato, SPACE is the Cato core of the SASE architecture introduced by Gartner, allowing for connectivity and resilience on a globally private shared network. 

According to the Vice President of Product Marketing at Cato Networks, Eyal Webber-Zvik, the use of SPACEs in the SASE architecture simplifies existing traffic issues by dynamically orchestrating the network. Each PoP and its SPACEs runs the same for every customer, everywhere in the world. Meaning that each customer, traffic pattern, or task in a specific area uses the same Cato SPACE.  

The software is autonomous, and the policy for the flow of it is extracted from the context of the situation. For example, if there are network issues in one area, then traffic is automatically moved to the next available SPACEs of a PoP, no matter where that is. The policy, he explained, follows the user, as opposed to the other way around. 

The benefit of this, Webber-Zvik was sure to explain, is that Cato’s SPACE dynamics enhances automated load balancing and high availability orchestration to an industry where network connectivity issues are common and complex. Now, those experiencing issues are simply routed to the next available SPACE, usually without even knowing it. 

Overall, the switch to SASE architecture using Cato-innovated SPACEs is a convergence of network capabilities into one silo. Into one single software stack. This is cloud-native single pass processing in action. How much easier it is! 

The post SPACE Dynamic Orchestration in the SASE Cloud with Cato Networks appeared first on IT Security Guru.

Unified identity security company, One Identity, focuses on helping organisations close the cybersecurity exposure gap that exists with newfound identity vulnerabilities and stopping opportunistic bad actors before they can seek to utilise it.  

The identity perimeter is a relatively new phenomenon. Twelve years ago, workers were almost always in an office, using office devices. There used to be a data centre for a particular firm. Now any employee may use their phone, smart watch, or laptop to access work, anytime, anywhere.  

Alan Radford, a Global Field Strategist at One Identity, suggested during his presentation that traditional models operate on the wrong assumption that everything and everyone is trustworthy. But now we are on the cloud, and that is a whole other ball game. 

Today organisations are experiencing identity sprawl like none other, One Identity has found that most companies are ill-equipped to close the cybersecurity exposure gap. 

Think of it as a matter of personas, Radford said. Personas in a workplace may include the general employee, the privileged employee, as well as any applications and robots. These personas can be split into two categories—human and non-human.  

The human identity perimeter was of course born out of human resources. However, Radford is quick to point out, there is now a new persona – artificial intelligence. Businesses that hire out robots, or are entirely comprised of robots, have little or no need for human resources. 

So, he asked, how many bots are there in a human resource system? 

This is where measurements come in. Using measurements based in the contexts from which they are recorded, Radford suggested that firms determine how many applications are being used and how many of each type of persona there is. These applications should then be aggregated together.  

He asked his audience during his talk to raise their hands if they thought 25 systems for managing identity access within one firm was a high number. There was a resounding… no response. He then jokingly asked whether it was a low number. There came the laughter, and nodding. Companies use more than 25 systems just for managing access? Apparently so! 

This sort of sprawl causes lots of gaps and inconsistencies within the identity perimeter of an organisation, which is something One Identity hopes to help with. 

What is the solution, then? 

According to Radford, if there are different teams looking after different security applications within one firm, this creates separate security cultures. There should be only one. If a firm consolidates its data silos into one, there then becomes one culture, and one team. This is beneficial for many reasons. This sort of consolidation is recommended by Gartner, he was sure to note. 

By combining Identity Governance and Administration (IGA), Privileged Access Management (PAM), and Identity and Access Management (IAM), One Identity has produced the industry’s first unified identity management platform. Its formation marks a new era in identity management – all an organisation’s identity needs are handled by one vendor, by the same technology, signalling the advent of true unified identity security. 

The post A Talk About Unified Identity Security & Deploying Resilience appeared first on IT Security Guru.

Javvad Malik is the Lead Security Awareness Advocate of KnowBe4 which provides a security awareness training for the millions of employees of their combined 50,000 organizational customers worldwide.  

“We focus on the human side of security as opposed to the technology side that most other people focus on, because the technology can be brilliant, but if people don’t know how to use it properly, they’re going to make mistakes. And we see that whenever breaches occur, or a company gets hacked… in the majority of cases there’s been an issue where someone has made a mistake, or they’ve been fooled into doing something,” he explained.  

KnowBe4 focuses on training people, informing them on cybersecurity, and helping them to make smart decisions. Malik likened their approach to what it’s like to teach your child to cross the road safely.  

“You don’t have to teach them to cross every single road in the world, but you teach them what the principles are, and then they can apply that wherever they go. That’s primarily what we focus on.” 

Chief Research Officer Kai Roer came on board to KnowBe4 a few years ago through an acquisition. According to Malik, Roer is the foremost expert on how companies can build strong security cultures, something he has been speaking on since long before anyone else clued in. 

“Now everyone is talking about it.” 

KnowBe4 employs a scientific approach to understanding the data, and understanding what an organization’s culture is really like. From determining what is needed to improve the culture, to determining where the culture is failing, the vast amounts of data that KnowBe4 has access to shows how the improvement of culture can lower the security risk. One thing he was certain of was that this was the gain that everyone at Infosecurity was there for. To lower risk. To understand how to lower risk.  

Roer explained further, “One of the really big game changers with what we do, compared to many others on the floor here is that we have data – and by data we mean huge amounts of data. The benefit of having that data set is that we can start looking at correlations between, for example, a kind of training and a certain behaviour.” 

Roer also came representing a newly published book he co-authored alongside Perry Carpenter titled, ‘The Security Culture Playbook: An Executive Guide to Reducing Risk and Developing your Human Defense Layer.’ All about security culture, it has reportedly been well received by the industry, with its fresh approach to cybersecurity. That being the human element. 

“Now,” he explained, “the industry and the people here are getting to a level of maturity, if you like, where we can have informed discussions about this topic, which is a huge benefit for everybody.” 

How does the training work? 

Including a series of training content as well as simulated phishing emails and other risk notifications, KnowBe4 training is targeted and tailored to every individual employee who uses it. For example, if an employee clicks one of the simulated phishing links, they might then be directed to some training, or pointed to the company policy. Additionally, this data might be tracked to build up a risk profile for every employee and more largely, the company. 

What does KnowBe4 think about the cybersecurity industry as a whole? How is it changing? Will it ever be perfect? 

I don’t think this industry is ever going to be perfect. Then again, I don’t think any industry can be perfect. We can strive towards it, but there will always be this gap, however small or large. In our industry currently it’s large, but it’s getting smaller. And that’s the important thing. We must remember where we got from, from 30 years ago, we were combatting computer worms and spam. Today, we are discussing how can we make you and everyone else do the right thing.” Roer said. 

Malik believes that the landscape of the industry has changed incredibly, especially in the last few years. Many people have shifted to remote working and using their own devices instead of on-premises ones, meaning that even if companies do have a good security system, they are not protected from, for example, employees clicking on dangerous links.  

Is the human aspect the next big trend in cybersecurity? 

“I think it’s been recognized as the big trend for a while now. I think the vendors have taken time to catch up. Now you’ll see more vendors providing stuff for the human element… They can have the best technologies in the world, which are still needed, but if they can still get breached or ransomware can hit their organization because someone replied to an email… That’s always going to be a big gap,” Malik said. 

This is where KnowBe4’s enormous amount of data comes in. “We need facts,” Kai said, explaining how the industry can take that step forward to close the gap. “And I believe we should use this data to further the industry and help everybody.” 

The post The Human Side of Cybersecurity – KnowBe4 appeared first on IT Security Guru.