Category: Dig Security

[By Dan Benjamin, CEO and Co-Founder of Dig Security (acquired by Palo Alto Networks)]

Large Language Models (LLMs) and generative AI were undoubtedly the biggest tech story of 2023. While the ever-changing nature of AI makes it difficult to predict the future, we can point to an emerging trend: enterprises are exploring use cases that involve ‘feeding’ the company’s own data to a large language model, rather than relying on the general-purpose chatbots provided by the likes of OpenAI and Google.

As companies begin to move generative AI projects from experimental pilot to production, concerns about data security become paramount. LLMs that are trained on sensitive data can be manipulated to expose that data through prompt injections attacks, and LLMs with access to sensitive data pose compliance, security, and governance risks. The effort around securing LLMs in production will require more organizational focus on data discovery, classification and access governance – in order to create transparency into the data that ‘feeds’ the language model and ensure authorized access to it.

Advancements in AI are just one of many challenges – and opportunities – tech leaders faced in 2023. The continued acceleration of cloud adoption, evolving tactics of bad actors, and increasingly stringent data privacy regulations have contributed to a challenging data security landscape. To address these challenges, security leaders, and the tools and processes they use, must evolve in 2024.

Here are a few other trends I anticipate for 2024.

Consolidation of data security tooling

As organizations moved to the cloud, their infrastructure has become increasingly fragmented. With multi-cloud and containerization becoming de-facto standards, this trend has intensified. Data storage and processing is dispersed, constantly changing, and handled by multiple vendors and dozens of tools.

To secure data, businesses found themselves investing in a broad range of tooling – including DLP for legacy systems; CSP-native solutions; compliance tools; and more. In many cases two separate tools with similar functionality are required due to incompatibility with a specific CSP or data store.

This trend is now reversing. Economic pressures and a growing consensus that licensing and management overhead have become untenable are leading organizations toward renewed consolidation. Businesses are now looking for a single pane of glass to provide unified policy and risk management across multi-cloud, hybrid, and on-premises environments. Security solutions are evolving accordingly – moving from point solutions that protect a specific data store toward more comprehensive platforms that protect the data itself, wherever it’s stored and in transit.

Maturation of compliance programs

Organizations are realizing that compliance needs to be more than an annual box-ticking exercise. With regulators increasingly willing to confront companies over their use and protection of customer data, it’s become clear that compliance needs to be a strategic priority.

Businesses will invest more in programs that enable them to map their existing data assets to compliance requirements, as well as tools that help identify compliance violations in real time – rather than waiting for them to be discovered during an audit (or in the aftermath of a breach).

The post Cloud Data Security in 2024 appeared first on Cybersecurity Insiders.

By Dan Benjamin, CEO and Co-Founder, Dig Security

The holiday sales season is the most important time of year for e-commerce retailers, representing a time of heightened consumer activity and potential revenue growth. Retailers are forced to maintain security while balancing the consumer demand for fast purchases and continually updating content. E-commerce platforms have embraced cloud technologies to handle the high-traffic surges and rapid development necessary to stay competitive and appealing to customers.

Part of that appeal goes beyond just offering a product to assuring consumers that their data is secure when they shop online. Today’s consumer is more aware of how their data is protected than ever, with 62% of people lacking confidence in their data security with retailers. For many consumers, how well a retailer protects their sensitive information directly impacts their willingness to continue business with them. In the US alone, 83% of consumers will stop doing business with a company for several months after a breach. In the competitive holiday market, a failure to adequately protect data can significantly impact sales, pushing customers to competitors.

The Holiday E-Commerce Landscape

The Holiday E-Commerce Landscape is a critical chapter that sheds light on the intricate dynamics of the holiday sales season in online retail. During this festive period, merchants must be at the top of their game to harness the full potential of consumer spending. As Black Friday and other festive occasions approach, there’s a remarkable uptick in online shoppers, with statistics revealing that half of consumers now prefer the convenience of online shopping over traditional brick-and-mortar stores.

Many e-commerce retailers have embraced cloud technologies as their business’s foundation. This has given them many advantages in rapid development and scalability to meet the surge in demand. However, this reliance on cloud technology also introduces additional security risks, particularly as retailers handle and process increasing volumes of sensitive data like personally identifiable information (PII) during the holiday season. Cybercriminals strongly desire this data, which is a prime target for activities such as identity theft and fraud.

Cyber attackers are increasingly sophisticated in their methods, targeting retailers’ digital infrastructures to exploit vulnerabilities. They specifically focus on data that is unprotected and which can be ransomed for a high price. The complexity of cloud environments can often result in critical security controls being overlooked, inadvertently facilitating these cyber attacks. For instance, inadequate access controls can leave customer data vulnerable to unauthorized access, as evidenced by incidents involving storage buckets with sensitive data being inadvertently exposed to the public. In the rush for rapid development, many retailers depend on the default security settings provided by their cloud service, which may not be sufficient against advanced cyber threats. This oversight can lead to risks such as insufficient encryption for data both at rest and in transit, increasing the potential for data interception and breaches.

To mitigate these risks, retailers must modify how they approach cloud security. It is not about a single solution or control but rather about developing a comprehensive security strategy based on best practices and high-value solutions, forming a strong defense to deter cybercriminals.

Understanding the Risk

Retailers storing customer data face inherent risks; a single system vulnerability can lead to massive data breaches. Inadequately encrypted data, storage buckets without proper authentication, or poorly secured databases can quickly become entry points for hackers. Similarly, failing to comply with data privacy regulations like GDPR or CCPA can lead to hefty fines and legal complications. The consequences of such breaches are not just financial; they severely damage consumer trust and brand reputation, often with long-lasting effects. Protecting consumer data extends beyond mere compliance, requiring a proactive and comprehensive approach to cybersecurity and privacy practices.

Following Best Practices

Fortunately, some best practices can be adopted to quickly and efficiently add protection to existing cloud infrastructure.

  • Secure Cloud Configurations: To enhance e-commerce security, adopting hardened baseline images for cloud infrastructure is recommended. These images ensure a consistent and compliant setup across the network, significantly reducing the risk of vulnerabilities resulting from manual configurations or misconfigurations.
  • Robust Access Control and Identity Management: Implementing stringent identity and access management policies, including multi-factor authentication (MFA) and the principle of least privilege (PoLP), ensures that only authorized personnel can access sensitive data. This approach mitigates the risk of unauthorized data access and breaches.
  • Encryption of Sensitive Data: Encrypting data, whether at rest or in transit, is a fundamental practice for safeguarding sensitive information. This encryption makes the data inaccessible and unreadable to unauthorized parties, protecting it from breaches and unauthorized access.
  • Implementing Data Security Posture Management (DSPM) and Data Detection and Response (DDR): DSPM and DDR provide a holistic approach to data security. DSPM plays a crucial role in identifying, classifying, and assessing data risks while ensuring compliance with security policies. DDR enhances this by offering real-time monitoring and threat detection, quickly identifying and responding to potential security incidents.
  • Secure Payment Processing Systems: Implementing secure and Payment Card Industry Data Security Standard (PCI DSS) compliant payment gateways is a pivotal strategy in e-commerce security. This practice not only safeguards customer payment information during transactions but also significantly reduces the retailer’s risk by offloading the storage of sensitive data to a third party.

Holiday Data Assurance

Data is consistently the primary target in cyber attacks, so prioritizing data protection through robust access control measures and maintaining secure baseline images in cloud infrastructure is crucial.

Data Security Posture Management (DSPM) helps validate this baseline by assessing existing infrastructure with comprehensive data discovery tactics. These tactics meticulously examine both structured and unstructured data. By conducting thorough data classification and risk assessment, DSPM establishes a security baseline. This process ensures adherence to pertinent regulatory requirements and verifies the implementation of crucial controls, such as encryption. Such proactive measures by DSPM play a pivotal role in safeguarding data and maintaining regulatory compliance.

While establishing a secure foundation is a critical first step, it’s essential to recognize that it doesn’t guarantee perpetual safety in the cloud environment. The threat landscape in the cloud is dynamic and constantly evolving, making it necessary to regularly review and assess the infrastructure throughout its lifecycle.

Regular security monitoring is integral to maintaining ongoing vigilance in data security. Data Detection and Response (DDR) enhances this practice by utilizing an advanced threat model for immediate identification of potential threats. It effectively detects anomalies in data usage or access patterns, often indicators of impending security breaches. Through these audits, DDR assists in the early identification of emerging vulnerabilities and ensures that the infrastructure remains aligned with the latest security policies and standards. This proactive approach is critical to upholding a strong and adaptive security posture.

By integrating the comprehensive baseline assessments provided by DSPM with DDR’s real-time, adaptive risk detection capabilities, retailers operating in cloud environments are equipped with a powerful defense mechanism. This dual approach preserves the integrity and security of sensitive data while navigating the complexities of a perpetually evolving E-Commerce landscape.

The post E-commerce Security in the Cloud: Safeguarding Data in the Holiday Season appeared first on Cybersecurity Insiders.

Palo Alto Networks, a cybersecurity company based in California, has officially announced its acquisition of the security startup ‘Dig Security,‘ although the exact purchase price remains undisclosed. The announcement comes after weeks of speculation on Reddit, suggesting that Dig initially hesitated to accept the terms and conditions presented by Palo Alto since September this year. However, they eventually reached an agreement, putting an end to the ongoing speculation surrounding the deal.

In today’s data-driven world, where information is spread across various platforms, safeguarding it with multi-layered security measures is imperative. Organizations are actively seeking robust data security posture management solutions, and Palo Alto aims to provide this technology by integrating Dig Security’s expertise into its Prisma Cloud Platform. This integration will enhance security management across multiple cloud domains and mitigate the risks associated with data breaches.

In another notable acquisition, the technology giant Accenture has officially announced its acquisition of Spain-based Innotec Security, a company specializing in providing cybersecurity-as-a-service and assisting businesses in achieving cyber resilience and managing cyber risks. While the financial terms of the deal have not been disclosed, Entelgy Group, the previous owner of Innotec Security, has confirmed the authenticity of the news. They have stated that the formalization of the deal’s terms will be completed by the end of this month, with the entire purchase process anticipated to conclude by February 2024.

Innotec Security was widely recognized as a leader in offering threat detection, simulation, analysis, and incident management services in Spain. Its client base spans various industries, including finance, manufacturing, logistics, healthcare, transportation, and the public sector. Accenture’s strategic move to acquire Innotec Security aims to enhance its regional capabilities and resources, leveraging the technology and customer database from the Spanish firm to solidify its corporate presence across Europe.

The post Palo Alto Networks acquires Dig Security n Accenture purchases Innotec Security appeared first on Cybersecurity Insiders.

By Dan Benjamin, Co-Founder and CEO, Dig Security

Approximately 60% of corporate data now lives in the cloud, a number that has doubled over the last seven years. While the concept of cloud computing dates back decades, it is only in the past few years that organizations have begun to understand its full potential.

Cloud computing has enabled a new generation of products and services, facilitated a lightweight form of outsourced solutions, and improved the efficiency and cost of technology tools, among many other benefits. It has also brought additional security challenges.

In the days of exclusively on-prem computing, businesses could build a strong perimeter defense and know their data was contained. With data continually flowing between on-prem solutions, public clouds, and private clouds, organizations must rethink security – from how they use, house, and share data to the security vendors they work with.

Critical Need for New Solutions

The rapidly changing cloud landscape requires agile data security solutions built with this structure in mind. Traditional solutions and vendors were simply not built to handle the complexity of the cloud – they are either agent based, or network based. Moreover, cloud-native solutions only provide solutions for specific data types and particular clouds, significantly limiting their scope.

According to research, 89% of companies have multi-cloud environments. This underscores the importance of security leaders adopting multi-cloud solutions, as a single cloud solution creates additional siloes.

IT and security leaders must understand how their environment works in concert and know how data should – and perhaps more importantly – how data should not move between sources. For example, data sovereignty rules mandate that data remains within the geography in which it was collected.

While Cloud Security Posture Management (CSPM) solutions take a multi-cloud security approach, they lack the context of the data itself. Insight into the context of data is imperative. For example, is that data sensitive? Are the right controls set when it comes to sensitive data? Is the user allowed to access sensitive data? Is the action allowed in the case of sensitive data?

Technology like Data Security Posture Management (DSPM) is a great start to assess static risks and security posture taking a data centered approach, but it lacks real-time monitoring, detection, and response. Combining both static risk and real time detection and response is what security professionals today need to focus on. They require a single pane of glass covering the entire cloud and data store.

DSPM with real time data detection and response (DDR) offers visibility and classification, which is foundational to understanding the data an organization has and making informed decisions about how it flows across the different clouds. It’s key to leverage technologies that move at the speed of the cloud, enhancing security while reducing the operational burdens that IT and security teams face.

Both DSPM and DDR capabilities are critically important to meet today’s organizations’ needs around multi-cloud data security.

Protecting Data with DDR

DDR works on the data level, allowing organizations to create policies detecting and responding to data misuse and data exfiltration. When a bad actor, an inside threat, or even a well-meaning employee takes action that puts data at risk of exfiltrating the organization, DDR issues alerts to enforce a response to keep the data within proper areas across the company clouds.

A well-built DDR solution leverages extensive threat model of all data assets and can issue alerts based on a database of hundreds of real-life attacks.

An attack on data can be mapped to the different steps in a data kill chain, meaning the actor moves from reconnaissance to first move, and then to attack. Following are examples of such attacks on data:

  • Reconnaissance – attacker scoping out its target running large queries on data to find vulnerability
  • First Move – attacker disabling a specific configuration or other action that allows them to exfiltrate, delete, or manipulate data in production
  • Attack – database deleted, database shared outside of the organization, data stolen, etc.
  • Compliance – customer data flow without masking from production to development
  • Asset at Risk – e.g., sudden increase in attack surface such as severe misconfigurations

Evolving Solutions for New Challenges 

Modern problems call for modern solutions. Technology infrastructures continue to evolve, and security solutions must grow with them. Too many organizations try to patch together disparate solutions that protect each component individually, which is costly, inefficient, and, most importantly, ineffective.

Businesses must approach data security with a data focused approach. They need to protect data no matter where it goes or lives. Data remains an organization’s most important asset and must be protected as such.

As an organization grows, business and IT leaders must consider how security should evolve alongside it. The cloud improves how people work, connect, and operate companies – businesses need security solutions that go beyond previous iterations and meet today’s needs.

The post The Evolution of Data Security Solutions appeared first on Cybersecurity Insiders.