Category: How To

There’s no doubt that the cyber industry is inundated with security buzzwords: SIEM, SOAR, zero trust, MDR, XDR – you name it. Unfortunately, the job of a cybersecurity practitioner is hard as it is without the addition of having to navigate through the waters of the next big, flashy technologies out there.

In fact, security teams are stretched thinner than ever before, especially given the increasing cybersecurity costs and heightened cyber risk. Although organizations are now outsourcing their 24/7 cyber threat detection, investigation, and response capabilities to Managed Detection and Response (MDR) providers, it’s critical to understand that not all MDR providers are created equal.

Although Extended Detection and Response (XDR) may sound like just another cybersecurity buzzword, it shouldn’t be. In its Innovation Insight for XDR report, Gartner defines XDR as “Extended detection and response describes a unified security incident detection and response platform that automatically collects and correlates data from multiple proprietary security components.”

The premise of XDR is simple – it enables highly effective MDR by providing a technological foundation to enhance the operational effectiveness and remediate complex threats at speed. As the security industry moves towards XDR, it’s worth stepping back to understand how we got here, and how to separate fact from marketing in the race to keep up in the XDR space.

An XDR “Platform” Shouldn’t Be Just a SIEM

Before XDR, we had Security Information and Event Management (SIEM) technology, which traditionally sat at the center of threat detection and response. But there are challenges to relying on a SIEM platform; log data is low fidelity for threat detection and most importantly, SIEM doesn’t have any response capabilities.

For any security that continues to rely on SIEMs, this is problematic especially considering how long it takes organizations to detect and contain a cyber threat. According to the 2022 XDR Report conducted by Cybersecurity Insiders and eSentire, 78% of survey respondents take at least 5 days to detect and contain a cyber threat. In today’s threat landscape, this is shockingly slow.

Although SIEM isn’t totally obsolete (in fact, it can feed into an XDR platform), the real differentiator between a SIEM platform and XDR is the response capability. Unlike XDR, SIEMs have no built-in response capabilities and even lack response integrations with other tools that do have these capabilities.

Simply sending logs from underlying technologies to a SIEM and calling it an XDR platform is just putting a new label on an existing tool and quite frankly, the cybersecurity industry has been doing this for years.

True XDR platforms are purpose-built from the ground up with the key characteristics of XDR in mind – multi-signal correlation, enabling finer grain threat detection, and allowing for a central point of enforcement to issue threat response actions.

Measuring the Efficacy of XDR

Traditionally, many organizations focused on prevention and their security strategies reflected that mindset. The focus had always been about preventing threat actors from gaining access into the internal environment. In 2022, this mindset is unrealistic and unsustainable.

Today, security strategies have shifted to the ‘assume breached’ mentality. Regardless of the investments that companies have made for prevention, breaches are inevitable. Therefore, the focus should be on swift detection and response.

As more organizations move to investing in XDR, security leaders must be able to measure the efficacy of the solution to make that business case. When asked which key metrics security leaders should keep top of mind, majority of CISOs will point to two metrics that are the gold standard for threat detection, containment, and response: Mean Time to Detect (MTTD) and Mean Time to Contain (MTTC).

Additional metrics to consider are reduction in false positives, reduction in number of successful breaches, hours that in-house employees are spending wading through alerts, and cost-savings.

What to Look for in an XDR Platform

XDR isn’t a one-size fits all solution – in fact, no security solution is. Therefore, before security leaders jump on the XDR bandwagon, they need to understand what to look for in an XDR platform. Otherwise, it’s too easy to fall into the trap of security vendors claiming they provide XDR, when they don’t.

As you evaluate XDR providers, consider the following:

  • How much visibility are you gaining across your endpoint, network, cloud, identity, user behavior and email data?
  • Will you gain intelligent analytics that will allow your team to eliminate noise and reduce false positives?
  • Will your team benefit from integrated threat intelligence and contextual information to enable threat hunting?
  • Can the provider promise true machine learning driven threat detection and containment?
  • Can you achieve greater data ingestion for better threat investigation and response?

In fact, out of the above list, gaining visibility across the attack surface is the most important feature security leaders expect XDR platforms to have. In the 2022 XDR Report, 78% of survey respondents stated the need for greater visibility. Given how much corporate environments have changed with the rise of hybrid work environments in the past year, this makes sense.

There’s no doubt that XDR is a great technology foundation for a strong threat detection and response operation. It can help Security Operations teams automate their work and provides tangible benefits in the reduction of MTTD and MTTC for complex cyber threats. Additionally, it’s machine learning capabilities can enable teams with new ways to detect attacker TTPs at scale.

However, XDR isn’t a silver bullet. Security leaders will face many challenges if they haven’t invested in staffing and resources necessary to build a threat detection and response operation first. Although, it’s not easy to build a Security Operations Center (SOC) in-house so for many organizations who face this challenge, it’s easier to outsource those capabilities to an MDR provider.

By doing so, not only will you be able to benefit from faster threat detection and containment, but you’ll also gain the advantage of 24/7 threat response to drive better security outcomes.

The post XDR: Separating Truth from “We Do That Too” appeared first on Cybersecurity Insiders.

Many organizations are implementing a zero trust security model with data protection as a top priority. This is largely due to the increase in remote work and unmanaged personal devices playing a growing role in the enterprise.

While corporate-owned devices can be secured using anti-virus software, endpoint scans, and MDM, many users don’t apply the same level of security to their personal endpoints. To deliver a best-in-class employee experience that keeps data secure in any scenario, IT needs tools that balance business continuity planning, BYOD, and zero trust.

Troye technical director Kurt Goodall says App Protection is here for Citrix Virtual Apps and Desktops service. “We’re excited to announce that App Protection is now generally available to our Citrix Virtual Apps and Desktops service customers.”

“This adds a critical layer of defense against social engineering, phishing events, key logging, and screenshot malware for end users accessing corporate resources through any Windows or Mac devices, whether personal, unmanaged, or managed,” he explains.

IT and end users alike have seen the benefits of BYOD programs, which have led to an increase of personal devices in the workplace. Additionally, many companies need gig workers and contractors to use their personal devices to get work done.

While IT takes measures to ensure that corporate-owned and managed devices are secure through policy administration, regular health checks, and web filtering, gig workers and contractors might not take the same measures on their personal devices.

“It’s unlikely that they are monitoring the health of their devices at all, despite the fact that they likely visit social media and other popular sites that are havens for malware. So, while IT invests in security solutions at double-digit growth rates, the risk of a data breach is still high because personal devices infected with malware can enter any corporate network,” he adds.

ATM cash-out attacks are on the rise and can be caused by silent keyloggers sitting on the computer. These attacks are carried out by inserting malware via phishing or social engineering methods into a financial institution or payment processor’s systems. Once infected, the system can transmit users’ personal data back to a third-party attacking system, causing huge financial liability.

Key logging and screen capture malware commonly affect unmanaged endpoints. When present on a device, key logging malware captures each key stroke entered by a user, creating a significant risk for an organization. The malware captures all the information end users type into a device, including user names and passwords.

Screen-capture malware periodically takes a snapshot of the user’s screen, saving it to a hidden folder on the device or directly uploading it to the attacker’s server. This also creates significant risk because the attacker can exfiltrate all the information on the user’s screen.

Even with managed devices, there is still the threat of social engineering. A common attack through social engineering is using screen sharing to steal data, money, and more. In a screen share attack, the attacker will call and pretend they are tech support or IT and convince an unsuspecting target to screen share their device.

At this point, the attacker can infiltrate the device and take financial information, sensitive data, and more. This is even riskier in businesses such as call centers, financial institutions, healthcare, and any business handling sensitive customer and patient data.

Goodall says App Protection defends against accidental screen sharing by turning apps delivered through Citrix Virtual Apps and Desktops into black screens. “App Protection can complement your IT security strategy with a zero trust security approach, assuming all Windows or Mac devices whether they are personal, unmanaged, or managed are compromised and protecting from data exfiltration.”

To defend against key loggers, App Protection scrambles keystrokes entered in the device, sending the attacker undecipherable text. It also prevents screen shot malware by turning all screen shots into a blank picture.

The post Citrix App Protection helps secure remote workers appeared first on Cybersecurity Insiders.

By Lex Boost, CEO, Leaseweb USA

If the headline-grabbing cyberattacks of the past year are any indication, the security threat landscape is rapidly evolving with incidents increasing in both frequency and sophistication. Corporate networks suffered 50% more cyber attack attempts per week in 2021 compared to the previous year, and the number of reported data breaches increased 68% year over year.

With cyberattacks on the rise, security is fast becoming as critical to businesses as sales and finance. Security breaches are not only costly, but sometimes catastrophic for companies. A single incident can disrupt operations, hurt sales and lead to long-term reputational damage.

Companies are recognizing the need to modernize their IT infrastructure to better manage and protect their data. Keeping up with ever-changing threats and the latest technologies requires organizations to bolster their cybersecurity capabilities in house or outsource them to external providers. Many are choosing the latter, turning to infrastructure partners for security support.

Infrastructure as a Services (IaaS) providers invest heavily in security technology and expertise, which delivers valuable downstream benefits to the companies that hire them. Below I explain three ways that IaaS providers help elevate an organization’s security posture.

  1. Improve Cyber Defenses

Cybercriminals like to go after the low-hanging fruit, often targeting unmanaged, unpatched or outdated IT systems. Outsourcing to an IaaS provider can improve a company’s cyber defenses.

IaaS providers make significant investments in their IT security operations to ensure that the infrastructure they manage is safe and secure. They are responsible for the security of their data centers and other hardware, including virtual machines, disks and networks. They typically have strict access guidelines to their physical location, raised floor set-ups and multiple forms of authentication.

Another advantage of the IaaS model is intensive information security measures, such as end-to-end encryption and encryption at rest for sensitive data. This means that a company may be getting a higher level of protection than if it were hosting its infrastructure on premise. Off-premise hosting also makes data less vulnerable to disasters – natural or otherwise.

  1. Increase Security Skillset

It can be challenging to prevent a cyber attack if there isn’t someone, or rather a team, inside the company making it their primary, everyday focus. Cybersecurity is a full-time job in and of itself.

But hiring and maintaining a cybersecurity team in house can be cost prohibitive, particularly for small and medium-sized businesses. Not to mention that responding to threats, training staff and the cost of investigating and patching issues can put a strain on company resources over time.

IaaS providers offer the security expertise and capabilities of a much larger firm, as well as 24/7 monitoring capabilities, without breaking the bank. Having access to highly-skilled security professionals who are dedicated to managing a company’s IT systems is a boon. They can proactively spot issues and ensure patches and updates are applied quickly, allowing the existing in-house IT team to focus on the core business and creating new solutions.

  1. Simplify Security Management

Having one vendor that provides both IT hosting and security can simplify security management by eliminating the need to coordinate and integrate different technologies associated with multiple vendors in an on-premise model.

In addition, the IaaS provider can ensure all required security measures are set in place. When choosing a provider, it is important to ask about their security model and their protocols for protecting data. This can help a company determine whether or not the provider’s security policies meet their own security requirements.

The policies are not only responsible for enforcing security, but also help organizations achieve and maintain compliance with all applicable regulatory requirements, such as HIPAA in the U.S. or similar frameworks across the world.

Security is critical to every component of an organization’s IT environment, especially when it comes to their infrastructure. An infrastructure that is insecure puts their business at risk. And according to a recent KPMG report, 77% of senior executives expect cyber risk to increase over the next 12 months.

Now more than ever, business and IT leaders, as well as corporate boards, are being challenged to take greater action against cyber attacks and mitigate their organization’s risk. IaaS providers play a powerful role, offering best-in-class technologies, highly-skilled talent and simplified management of security controls that can further strengthen a company’s security posture.

The post The Role IaaS Providers Play in Elevating Security Posture appeared first on Cybersecurity Insiders.

By Steve Moore, Chief Security Strategist, Exabeam

When you take a step back and consider these statistics, you will quickly realize the gravity of what is at stake for organizations when it comes to effectively securing their confidential information – and that there is still a lot more to be done to combat this growing trend.

According to cybercrime prosecution statistics, 2022 is expected to see a worldwide annual spend of nearly $134 billion to both prevent and also deal with the aftermath effects of cybercrime – and that figure is estimated to rise even higher.

Nearly 70% of business leaders feel their cybersecurity risks are increasing, and a recent CISA alert has validated these concerns. The alert from the U.S., U.K. and Australian governments is a detailed and well thought out technical and architectural advice document for cybersecurity teams in the face of high-impact ransomware incidents trending upward.

As noted in the alert, “Cybersecurity authorities in the United States, Australia, and the United Kingdom assess that if the ransomware criminal business model continues to yield financial returns for ransomware actors, ransomware incidents will become more frequent. Every time a ransom is paid, it confirms the viability and financial attractiveness of the ransomware criminal business model. Additionally, cybersecurity authorities in the United States, Australia, and the United Kingdom note that the criminal business model often complicates attribution because there are complex networks of developers, affiliates, and freelancers; it is often difficult to identify conclusively which actors are behind a ransomware incident.”

Now more than ever it is critical for cybersecurity managers and their teams to drill the top causes of these incidents into their brains – phishing attacks, stolen credentials, brute force attacks and exploiting existing vulnerabilities.

You may be thinking, ‘these tactics are nothing new,’ but what’s different today is the sophistication of the cybercriminals’ services and networks. On what seems to be a disturbingly regular basis, there are underground criminal networks emerging, dedicated to helping one another with payments, data restoration and technical support – mirroring even the best IT support organizations. Sophisticated criminal groups are even exchanging stolen credentials from breaches and sharing code with one another – putting organizations in multiple groups’ lines of fire.

When building out their security stacks and security operations center (SOC) teams, the tactics of the adversaries and these advanced cybercriminal networks should always be at the forefront of leaders’ minds. The CISA’s alert is an excellent starting point for determining the correct tools needed to combat attack methods. They truly get it. In particular, the importance of limiting adversaries’ ability to move laterally across a network is a strong point they raise.

To minimize the impact when they do strike, security teams need the ability to detect this type of behavior in real time. The CISA ransomware alert also advises readers to ‘Identify, detect, and investigate abnormal activity and potential traversal of the indicated ransomware with a network-monitoring tool.’ In this section, the agency emphasizes endpoint detection and response as the solution, but this is just one piece of the puzzle.

There is room for improvement here. Many organizations do not understand what user behavior is considered normal within their environment – and do not have the proper capabilities to illustrate it. Spotting abnormal activity is essential in the ransomware fight, and legacy tools that have been available for decades need to be supplemented. We would put the emphasis on credential-based security, leveraging data science to build baselines and attack timelines of user behavior as the goal.

The CISA alert reinforces just how critical it is to make cybersecurity prevention, awareness and best practices an integral component of all organizations. Education, preparedness and action will enable your organization to effectively respond to and prevent data loss that can compromise your relationship with your clients and further strain your current operations.

Further, while the CISA alert serves as a valuable checklist, the defender’s capabilities must grow beyond this advice. It’s not a matter of if, but when these preventative suggestions will fail.  If teams are not properly prepared to manage intrusions, they will not be able to fully absolve themselves of risk.

We recommend a follow up ‘playbook’ for security alerts like this from the issuing agency that will actually help SOCs determine how to ingest data properly, make decisions and strategically create analytic capabilities. The technical aspects are important, but the people and the investigation strategy are what will make the most significant impact.

The concept is simple – just like fire drills in schools.  The differentiating key factor is repetitive action.  This cannot be a one and done deal.  For example, you cannot write the ‘playbook’ but then never revisit it or execute on it. Taking the right, practiced action is truly the fundamental and consistent step that will protect your organization from the majority of data breaches.

The post Technology Will Fail: Why Managing Intrusions is Critical in the Fight Against Ransomware appeared first on Cybersecurity Insiders.

By Chester Avey

The Covid-19 pandemic has caused seismic change for business. Not only have markets and industries had to find ways to adapt, but companies of all sizes have faced an unprecedented scenario. It can be easy to understand then, that cybersecurity may not have been a huge priority for businesses 

However, it has now been well established that over the period of the pandemic there has been an enormous rise in cybercrime. Some studies suggest that between 2020 and 2021 there was a 50% increase in overall attacks on corporate networks, and a 40% increase in cyber attacks globally. Cleary, this is a major problem that businesses need to start taking very seriously. 

But what has driven this rise in cybercrime? Certainly a part of the issue is simply the number of businesses that are taking their work online. This relates to both having to start an ecommerce site if they couldn’t sell physically, or put their work on servers and provide access to employees. 

Another major element of the cybersecurity crisis is the fact that so many people are now working from home. It could be the case that the increased level of remote working is something of an unseen problem for businesses, as companies are yet to fully understand the dangers and what they can do about them. 

Lack of office protection 

Many in-office workers are used to doing their job with a degree of simplicity with regards to cybersecurity. The IT infrastructure within offices generally puts a great deal of focus around cybersecurity and keeping workers safe, including by enforcing good cybersecurity practices such as the closing down of machines and the use of strong passwords. 

When these workers then come to do their job remotely, some are not really prepared or perhaps even aware that what they are doing could be detrimental to the overall cybersecurity of the company. 

“With remote working the new norm, it’s easy to slip into bad habits,” says Juliette Hudson, Senior SOC Analyst at cybersecurity specialists Redscan “however, with cybersecurity risks being greater than ever and remote workers lacking office protections, it’s important to maintain a high standard of security awareness”. 

Additionally, there are powerful protections offered by software such as the company firewall and other software. 

Opportunities for business email compromise

Business email compromise (BEC) is a form of attack where a cybercriminal takes control of the email account of a member of your organization. With this account, they make a request such as for an employee’s bank details to be changed, or for a payment to be paid to someone outside of the company. 

These requests can easily be granted as they come from the genuine email address of the colleague. In this sense, they are more of a threat than a standard phishing attack. 

Remote working makes BEC attacks more dangerous because staff become more used to the idea of communicating entirely through devices. So, if a member of staff asks a member of the accounts team to make a payment via email, they may well take it at face value. In that scenario in the office, it is more likely that the accounts team can easily check with the person face-to-face.

The dangers of shadow IT

Another challenge for companies with remote workers is the issue of shadow IT. Shadow IT refers to any kind of application, software or hardware that is used by a member of staff without the knowledge or sign-off from the IT team. 

This is actually a very common issue for businesses; members of staff will find pieces of software or applications that provide them with advantages when working, and so they will simply install it and start using it. 

In theory, that is a benefit as it could allow for a more productive working day – but on the downside, many applications have flaws and vulnerabilities. It is therefore typically a part of the remit of the IT to assess them to ensure that there is nothing that could put the company at risk. 

With remote workers, the danger is actually much greater as they are more likely to make use of their own software and not run it by the IT team. 

Final thoughts

Remote working clearly has a broad range of benefits for companies and workers, but there can be no doubt that it has created challenges for cybersecurity too. It is really worth implementing strong procedures and policies, and providing staff with training to help minimize the risk of cybercrime for your company.

The post Is Increased Remote Working Fueling a Cybersecurity Crisis? appeared first on Cybersecurity Insiders.

By Jessica Day – Senior Director, Marketing Strategy, Dialpad

The world of IT security is complex and changeable. Recently, many companies have adopted, and continue to carry out remote working, increasing internet use, and further technical vulnerabilities for cybercriminals to exploit.

According to the FBI, cyber threats have tripled to 3,000 per day. Small and medium-sized businesses (SMBs) are most vulnerable to attack because they don’t have the resources to purchase advanced security tools.

With a 50% increase in cyberattacks year on year, it’s becoming progressively tasking and expensive for a business to protect their systems from threats like malware, ransomware, phishing, and data theft.

An effective cybersecurity infrastructure is vital to protect networks and data. However,security as a service can offer an affordable and convenient solution that meets your needs.

What is security as a service?

Security as a Service (SECaaS) is cloud-based software that provides the tools and services you need to create a robust, tailored cybersecurity solution.

Outsourcing your IT security to a third-party provider for a monthly subscription removes the need for in-house cybersecurity personnel and infrastructure.

Do not confuse SECaaS with software as a service. SaaS provides cloud-based software solutions, but if you want a complete guide to SaaS content strategy look elsewhere. SECaaS deals exclusively in cybersecurity services.

What are the benefits of SECaaS?

It can be difficult choosing between cloud-based on on-premise solutions. However, several benefits should be considered when planning your IT security. Let’s take a look.

1. Expertise

For IT security to be effective, it needs to be managed by experts. With SECaaS you’ll have access to professionals with the knowledge and experience to handle your cybersecurity requirements without having to put them on the payroll. They’ll also have access to the most up-to-date tools and equipment available and will receive training on all the latest developments and threats.

2. Comprehensive security package

A SECaaS package will provide you with instant access to the latest and most advanced security tools that will be tailored to meet your company’s needs. Many providers allow you to combine different software to create a comprehensive package.

Most SECaaS providers offer varied pricing tiers, so you only pay for what you need.

3. Save resources

Having IT experts on your payroll is expensive. In-house security teams also require regular training, plus continuous investment in hardware and software which will also need to be regularly monitored and updated.

SECaaS offers a long-term, cheaper alternative.

Let’s not forget the time and labor costs involved with running cybersecurity. Using SECaaS frees up IT teams to focus on other tasks such as maintaining endpoint hardware, or answering questions from colleagues about the best voice recorder for meeting minutes.

Plus, there are also the associated costs if things go wrong. On average SMBs $85,000 to cyberattacks. This can be in the form of penalties, operational downtime, and damaged assets.

4. Automation

Cybercriminals don’t take time off, so neither should your cybersecurity solution.

SECaaS offers protection 24/7. You’ll get around-the-clock service that monitors for vulnerabilities and potential threats, provides automatic updates for the best protection, has prompt alert systems, and offers faster responses.

There’s no need to worry about alerts being missed over the weekend, followed by a delayed response which then allows a minor threat to then become a serious problem. SECaaS offers peace of mind that your cybersecurity is always on the job protecting your system from threats like ransomware.

5. Reporting

As well as automated responses, SECaaS provides regular analysis and reporting regarding the status of your security.

Collecting, analyzing, and correlating data from various systems and applications is a time-consuming and complex task for your IT team. SECaaS removes this headache and provides accurate, organized, and actionable security intelligence that can be used to help you make informed decisions regarding strategic planning.

6. Compliance

Increased use of the internet has brought with it additional regulations which can’t be ignored. If that were not difficult enough, regulations can vary across industries and countries.

Ensuring your company is compliant with the relevant standards and regulations can be a minefield, especially when it comes to cybersecurity.

With SECaaS you can be confident you have the correct policies and procedures in place that inform appropriate solutions and are applied and constantly reviewed for any possible risks and breaches.

Image Source

What SECaaS solutions are available?

There are varied and vast solutions available depending on your company’s needs. Let’s look at some of the most popular.

Network security

IT networks are high risk and complex due to multiple users and endpoints.

SECaaS provides tools that constantly monitor incoming and outgoing traffic, searching for risks and assessing threats before they occur. It can also limit access to high-risk websites.

Endpoint protection

Endpoints include laptops, mobile phones, servers, anything staff members are using to log onto your network. They’re a particular risk because they harbor several weak points that cybercriminals can exploit.

Anti-virus software is the most common endpoint protection, but SECaaS offers that and more with endpoint detection and response tools.

Data protection

Data protection is non-negotiable these days.

Data loss can cause significant disruption to operations and lead to considerable fines. SECaaS provides the tools to protect data and prevent loss or theft through constant monitoring and security checks.

Loss of customer data can be devastating to a company’s reputation. If you want to reduce customer acquisition cost, it’s vital that you protect their data from loss or theft and thereby retain customers who have confidence in your ability to keep their data safe.

Access management

Imagine you use a contact center as a service (CCaaS) provider to run your cloud-based contact center. Depending on the size of your business, you may have any number of employees logging in to your network at different times. How do you manage who can see specific areas of your system and avoid unauthorized access?

SECaaS provides cloud security access to agents to enforce your security procedures. It also offers intrusion protection that identifies and recognizes unusual activity and prevents unauthorized access.

You can also choose Single Sign-On tools to allow access to all your company applications and software with one set of credentials. This tool also provides a greater ability to monitor usage.

Email and web security

Poor email and web security can lead to malicious ads, phishing, and spam simply because it involves a lot of incoming and outgoing data. SECaaS solutions will block potentially dangerous emails and attachments before they can be opened and threaten your system.

You can also protect your websites and applications from malware and viruses that can potentially spread to any visitor or user endpoints by continuously checking the security of application program interfaces.

Security assessments

Once your SECaaS solution is up and running it doesn’t end there.

Cybersecurity is ever-changing, so you need to constantly monitor, review and adapt your package to keep up. Just like testing metrics, the package needs to be analyzed so it can be improved.

Most SECaaS packages offer ongoing security analysis that monitors for vulnerabilities, fixes bugs, identifies new threats, and provides real-time information that can help improve response times and reduce risks.

How to choose the right SECaaS provider for you

Outsourcing IT security to a third party requires careful consideration.

Before you start, it’s important to identify your company’s needs, then select the provider that can meet them.

When you’re ready to delve into the selection process you should consider the following points.

Availability

The reason you’ve opted for SECaaS is to provide 24-hour protection for your IT system. You, therefore, need a provider that responds around the clock.

Providers should be able to deliver a guaranteed response time for incidents, queries, and system updates.

Service loan agreement

Always check the service loan agreement meets your needs. It should outline the services provided, the available support, agreed response times, service fees, and any consequences for the provider due to non-compliance.

Varied pricing/scalability

You should not have to pay for services you do not need. Ensure your provider has varied pricing options and the opportunity for scalability. If your company grows you will need your cybersecurity package to grow with it and a flexible provider is essential.

Provider credentials

A little research can go a long way to help you choose your provider with confidence. You may use conversion funnel metrics to help you understand your customer’s journey from consideration to purchase. As you follow this process to choose your provider, check they deliver the service standards you expect from start to finish.

Verify their credentials. Do they have the required certifications? Do their staff have the correct qualifications, knowledge, and experience?

Check them out with other service end-users. Their feedback may provide insight you never considered.

Takeaway

Choosing to transfer your IT security to a cloud-based third party can be daunting, but there are plenty of benefits.

Such a decision depends upon the size of your company and its needs. Choosing SECaaS can make a complex task much simpler in the rapidly changing world of cybersecurity.

If you’re an email service vendor who wants protection from phishing, or a school, you want reliable, convenient, and affordable cyber protection. SECaaS can provide you with a varied and tailored package to meet your needs and reduce the workload of your internal IT team.

Bio:

Jessica Day – Senior Director, Marketing Strategy, Dialpad

Jessica Day is the Senior Director for Marketing Strategy at Dialpad, a modern business communications platform that takes every kind of conversation to the next level—turning conversations into opportunities. Jessica is an expert in collaborating with multifunctional teams to execute and optimize marketing efforts, for both company and client campaigns. She has also written for sites such as VirtualSpeech and Globalization Partners. Here is her LinkedIn.

The post Introducing SECaaS (Security as a Service): A Comprehensive Guide appeared first on Cybersecurity Insiders.

By Murali Palanisamy, Chief Solutions Officer, AppViewX

Since the onset of COVID-19 and a rapid increase in the hybrid working model in Spring 2020, the workforce has adjusted to the work-from-home life. Initially, the primary concern was whether the workforce could work remotely long term, but since then things have changed. Nearly two years later, many still work from home and have plans to maintain this workstyle for the long term. While a majority of workers use Company Owned and Managed Device (COMD), many have been using their own laptop, desktop, and smartphone or opted out of one provided by their employer especially when they don’t need VPN and use SaaS services- this has caused a plethora of concerns for cybersecurity and IT professionals.

Institutions typically install proper security measures on any company-owned device. When it comes to personal devices or BYOD, however, IT teams have less control and even less control when it comes to ensuring an employee complies with the policies. Since it’s a personal device, there are only so many measures that can be taken. It’s imperative that each organization has its own BYOD policy and proactively enforces this policy to avoid any unwanted intruders on its network. The following outlines three considerations IT and security professionals should consider when developing this policy.

In a recent survey with Vanson Bourne, it was discovered that 90% of organizations say MIM is a top priority in their organization now that the concern for cyber breaches has risen since the onset of the pandemic. While these organizations are headed in the right direction with the decision to use MIM as an IT framework for BYOD, there is still work to be done.

Organizations still face numerous challenges as they enhance their Machine Identity Management approach. Some of the concerns at hand as organizations begin to adopt MIM are:

  • The complexity of ensuring that certificates are provisioned across all areas of their IT infrastructure – the complex number of devices being added due to the BYOD/hybrid work model has bottlenecked this.
  • A lack of skill sets within their IT/security team when it comes to MIM – from the IT talent shortage to the skills gap, IT leaders are struggling to find new hires and maintain current employees. According to Gartner, 80% of organizations shared that they are having a hard time finding and hiring security professionals.

The Problem at Hand

What does this mean exactly? When it comes to protecting an organization’s network and data, there is a scale, and each organization can choose how aggressive it wants to be. For example, endpoint security allows bridged devices to stay connected but will still maintain and protect the network when under attack. By securing the endpoints or entry points, it is a much more difficult task for hackers to access the network. But this method is not flawless, and organizations fall victim to attacks through phishing, email attachments, accidental downloads and more. With this vulnerability in mind, cyber professionals have looked at additional ways to protect the network.

Machine Identity Management at Work

One method of security that is often overlooked is Machine Identity Management (MIM). Under every organization’s BYOD policy, MIM should be implemented, and employees should follow its best practices. This means having certificates for users and the machines to uniquely identify the machine – and those that are not identifiable are denied access. Despite the organization not owning the device, IT or the information security team is able to transfer trust to the device the employee owns with a digital identity that the user themself would manage. Having the ability to issue and revoke accessibility for the device is a critical step in managing who accesses the network without taking full control of employees’ individual devices. If at any time, an employee’s computer is lost, stolen, damaged or compromised, the employee himself or the IT will be able to revoke that device certificate and access will be denied.

A few best practices for BYOD that are recommended include:

  • In a BYOD scenario the employee is trusted, and that trust is transferred to the device that he owns, in that scenario he should be able to revoke the device without having to manually interact with another team or person
  • The Global Information Security team or Central team should be able to control the policy and access of any device from a single console especially during an incident
  • A move to a short-lived certificate which is valid for 10/30 or 60 days with automated renewal and reissuance would be best especially when the devices are outside the perimeter.
  • The Global Security team should be able to reissue and revalidate certificates across all devices within a short period of time maybe less than an hour that provides crypto agility.

The Enterprise, The Cloud, and MIM

With the cloud transforming the physical data center, and compute and data moving to cloud steps in which data is stored accessed has greatly changed. The pandemic has changed the retail office space and since the onset of COVID-19, the number of ransomware attacks has greatly increased due to BYOD being adopted by many. The attacks on major infrastructure have required security professionals to reevaluate steps to protect organizations. While these attacks may have not been instituted by BYOD entry, IT professionals have agreed that it is critical to look at every vulnerable access point and address it.

While BYOD has been around for years, the IoT visibility gap has led to difficulty for organizations running in multiple cloud environments. Maintaining security measures across each cloud environment plus the relationships between each environment and every device in the network has become quite the challenge, especially when numerous devices were introduced as part of work-from-home amidst the pandemic. Many organizations are still playing catch up when it comes to distributing and revoking certificates as they work to identify the number of devices added to their network in mid-2020.

To get ahead and quickly make way with MIM efforts in the cloud for BYOD, it is recommended that organizations:

  • Create central visibility of all the issued identities
  • Define a central policy that can be audited, reported and enforced across hybrid environments
  • Have an out-of-band validation option which can audit and report on compliance of identities

The overwhelming stress a ransomware attack puts on an organization including the reputational impact, requires that security teams put an assertive BYOD policy into place to protect the network and greater organization. As we look back on lessons from 2021, the pandemic and remote workforce has made organizations more vulnerable to unwanted invaders. As attacks in sophistication, the steps taken to block them should evolve as well. With MIM implementation – organizations are one step closer to protecting their networks.

Can Murali provide more specific recommendations for BYOD and MIM as a service. A few bullet points would be great.

Can Murali provide more specific recommendations for BYOD and MIM in the cloud? A few bullet points would be great.

The post Machine Identity Management (MIM): Responding to Critical Security Needs in the BYOD Era appeared first on Cybersecurity Insiders.

By: Jason Elmer, CEO, Drawbridge

The cyber landscape has changed dramatically over the last year. As companies increasingly adopted permanent remote and hybrid work policies, cybercriminals attempted to remain one step ahead – and in many cases succeeded. In fact, the global volume of ransomware attacks increased by 151% in just the first six months of 2021, with the average cost of a breach recorded at US $3.6 million per incident.

The types of attacks threat actors execute has rapidly evolved. In a recent attack on Nvidia, threat actors demanded product updates and open sourcing – a stark contrast from traditional monetary demands by ransomware groups. We are also now seeing the proliferation of weaponized cyberattacks in the face of geopolitical events. This new era of attacks demonstrate that the cyber landscape will never be the same.

How are businesses responding? Cyber and information security is at the top of the list of planned investments for CIOs in 2022, with 66% reporting they expect to increase associated investments. But while planned investments look good on paper, they can only help protect your firm if they are adequately designed and deployed.

Now is the time for businesses to immediately evaluate and buttress their cyber defenses. To begin, here are six strategic cyber investments your business should immediately assess to protect yourself for the next six months – and beyond:

  1. Secure Access Service Edge (SASE) – SASE is merging many of the great technologies that are critical in hybrid work environments. Zero Trust access to multiple cloud and SaaS services (similar to SSO) with the addition of layered security normally found on physical end points or offices, such as web-filters, mail-filters, and Data Loss Prevention (DLP) tools.
  2. Single Sign-on (SSO) – The core technology that allows disparate systems all to identify users from a single set of credentials. SSO centralizes access and simplifies management of services and permissions over Clouds and SaaS from a single management point.
  3. Extended Detection and Response (XDR) – XDR combines the power of endpoint detect and response services with other traditional network security controls to provide a better overall picture of abnormal activity from more than one data point. Abnormal network activity can be tracked and blocked on endpoints before it reaches devices. XDR continues a trend in the cybersecurity marketplace where technologies communicate for better security coverage.
  1. Real-time vulnerability management – Real-time vulnerability tracking keeps firms secure even in remote environments by monitoring installed software, network information and more. Real-time cyber risk monitoring enables firms to protect their most sensitive data and safeguard against internal and external threats. Continuous risk mitigation solutions and reporting and cyber programs tested using real-world scenarios provide a clear picture of how the business would defend against and respond to an incident.
  1. Thorough cyber risk assessment – A cyber risk assessment will help your firm make thoughtful cybersecurity procedure decisions. Risk assessments can identify risks to organizational operations and assets resulting from the use of information systems. In the event of a breach or a potential breach, the assessment can reveal the signs early, allowing your business to mitigate the impact of damages, additional risks, or stolen assets and information.
  1. Employee training – Employees are your first line of defense against cyberattacks and should be prioritized as such. Employee training can heighten employee awareness surrounding critical data and dramatically reduce the likelihood of employees falling victim to phishing attacks. Phishing attacks are particularly concerning as they often begin via email or text message and can result in a widespread breach that affects the entire business. Conducting training with simulated cyberattacks can better prepare your employees for what they may encounter.

Selecting the right solutions that meet your needs

Regardless of the size of your business or the industry in which you operate, you must make cybersecurity a top priority or risk falling victim to malicious parties that can compromise your business operations, third-parties and clients.

But where do you begin? Start by assessing your current cybersecurity program. List all components that are working well, and which features require improvement. Then prioritize your needs and direct your investments to best protect the business and your critical data. This type of proactive assessment and investment is key to remaining vigilant and ensuring your business does not fall prey to devastating ransomware attacks, data breaches or reputational damage.

An attack can happen at a moment’s notice. It simply cannot be overstated – the time is now to prioritize your cyber defenses and invest in protecting your business against the growing number of threat actors. And remember: Cybersecurity is not a one-time, all-or-nothing check box exercise. It is an ongoing, continuous journey to ensure your business is protected.

The post Six strategic cyber investments for the next six months – and beyond appeared first on Cybersecurity Insiders.