Most recent blogs, netcasts, papers, etc.

Ten Common IAM Deployment Challenges and Their Solutions (May 11, 2022)

New cloud-based IAM solutions, providing uniform and simplified identity management, are gaining popularity. However, companies typically find it taxing to regulate admin privileges when they embrace cloud technologies. For CIOs and their staff, the difficulty in managing “who can access what” introduces a new set of IAM difficulties. To optimize the existing IAM solution in the best way, companies need to take control of major challenges faced by IAM in the cloud. The top ten are discussed in this article. Let’s explore.

Paper: Network Access Control (NAC) (April 23, 2022)

Video Version

Gaining access to a network should be more than forcing user and device authentication via credentials like user IDs, passwords, biometrics, and certificates. Network access control (NAC) extends access management to processes designed to assess the state of devices attempting access to a network. This assessment ensures that each device complies with a set of defined policies. NAC helps ensure that only devices hardened based on associated risk achieve resource access.

Paper: Use the Cyber Kill Chain for End-user Device Security (April 20, 2022)

Video Version

End-user devices are the greatest threat to network security, with a generally standard attack path depicted in the Lockheed Martin Cyber Kill Chain, as shown in Figure 1. Use of the kill chain helps identify risks against user devices, both mobile and static, by providing the threat actor's perspective. Breaking links in the chain hinders or prevents a threat actor from compromising a user device and using it as an attack pivot point.

Mitigating the Risks Posed by Shadow IT: Can Organizations Achieve the Impossible? (October 2021)

With the right set of security practices and tools, organizations can manage security issues associated with shadow IT. Let’s see how organizations can configure their IT environments to detect and integrate shadow resources quickly to aid business managers needing quick solutions to meet business objectives..

What Is Ailing RDP Security And How to Use It Safely (October 2021)

The Windows Remote Desktop Protocol (RDP) is one of the most popular targets exploited by threat actors for both on-premises and cloud attacks. It is also the foundation for many remote access solutions within Microsoft Windows environments. Although RDP can be a gaping security hole, properly configuring and managing it enables its users to meet business requirements safely.

Five Major Cloud Security Challenges Businesses Should Prepare for in 2022 (October 2021)

Despite the increasing capabilities of cloud computing services in the past few years, organizations still confront major security issues that are further set to aggravate in 2022 if not delineated towards proper safety mechanisms. To cater to these challenges, we have developed a list of cloud computing issues that organizations must consider to prevent, detect, and respond to related attacks.

Mitigating Zero Day Attacks With a Detection, Prevention and Response Strategy (September 2021)

In a zero-day attack scenario, threat actors discover previously unknown vulnerabilities and formulate one or more ways to exploit them. Organizations are, therefore, at risk of suffering surprise attacks at all times. Let’s look at how organizations can create and manage tools, techniques, and procedures (TTP) to mitigate risks posed by zero-day attacks.

What Is Confidential Computing and Why It’s Key To Securing Data in Use? (9/20/21)

For decades, security professionals have focused on protecting data at rest and data in transit. Good tools did not exist for protecting data in use. Data in use resides in volatile memory (RAM), unencrypted and available to compromised applications, firmware, operating systems, and hypervisors. Confidential computing changes this by using hardware to erect walls between application processing environments and the underlying operating system and other applications.

How Enterprises Can Secure Endpoints With Extended and Managed Detection and Response (9/11/2021)

Most organizations focus on endpoint detection and response (EDR) because user devices and servers are the most common attack targets. However, this is not enough today. Quick detection of many attacks requires looking at all activity across all information resources, including the cloud. Doing this 24/7 is the most effective approach, but the volume of resources of most organizations make it impractical for in-house deployment..

Penetration Testing in Action: A Step-by-Step Guide to Get It Right 08/11/2021

We are only human. Our efforts to protect information resources will have gaps that we missed or have arisen due to emerging threats. Penetration tests help organizations identify weaknesses in the controls framework. The test results enable managing associated risk. There are many penetration test methodologies, but they all generally perform the same activities with the same results. This article is based on the Open Source Security Testing Methodology 3 (OSSTM) with additional content from other frameworks.

Is Linux as Secure as We Think? 08/06/2021

Linux is considered more secure than Windows, but it has its fair share of vulnerabilities, such as the Sudo vulnerability and other Linux weaknesses. Amid growing cloud adoption, we look at the steps security teams should take to defend Linux against cyberattacks.

How To Pick the Best Security Framework for Your Organization 07/29/2021

Planning, creating, and managing security architecture is not an easy process, and it is not one to take on without guidance. Fortunately, guidance exists across a plethora of security frameworks. Some of the frameworks are general, while others are directed at specific uses or industries. It is essential to understand the various frameworks and select the proper one or more that meet compliance, industry, and overall risk management needs.

Kaseya Attack Is a Reminder of How Your Supply Chain Partner Can Undermine Your Cybersecurity. 07/19/2021

Supply chain attacks continue with the ransomware attack against Kaseya. Between 1,000 and 1,500 Kaseya direct and indirect customers were exposed to the attack, and the total ransom requested was $70 million. Similarly, the cyberattack on SolarWinds and the cyber breaches caused by vulnerabilities in the Microsoft Exchange server are some of the other recent examples of how far-reaching the impact of a supply chain attack can be. .

Securing Industrial Control Systems From Modern Cyber Threats 07/08/2021

Ransomware and other cyberattacks often target industrial control systems (ICS) to disrupt operations or steal intellectual property. However, many organizations still use ICS technologies that are decades old, are exposed to the internet, and lack built-in security controls. Manufacturing, utility, health care, and other ICS-dependent organizations must protect current and planned ICS infrastructure and related sensitive information. Let’s look at how a critical infrastructure organization can implement robust security controls to keep hackers away.

Mitigating the Impact of Ransomware Attacks With Business Continuity Planning 07/02/2021

Ransomware attacks cause partial or complete shutdowns of business-critical functions. This is the same impact as those caused by business continuity events. Consequently, business continuity planning is one of the best ways to plan for the increasing probability that any organization will eventually become a victim of a ransomware attack.

Ransomware Payments: Is Cyber Insurance With Proper Controls the Best Solution? 06/28/202)

Ransomware attacks have reached epidemic levels. One reason is the ease with which ransomware gangs can make a lot of money because many organizations choose to pay ransom or extortion demands. A movement in Washington wants to ban ransom payments, but this may not be the best approach. Instead, the root causes of ransomware payments need to be identified and treated..

Will Symmetric and Asymmetric Encryption Withstand the Might of Quantum Computing 06/14/2021

The processing power of quantum computers is set to outstrip the capabilities of today’s supercomputers. According to a report, Google’s fledgling quantum computer performed a calculation in three minutes and 20 seconds that it would have taken today’s fastest supercomputer, IBM’s Summit, 10,000 years to complete. Let’s look at the capabilities of quantum computing and what kind of post-quantum public-key encryption and key exchange algorithms will be strong enough to resist the power of quantum computers..

Lessons From the Colonial Hack: Law Enforcement Action Isn’t Enough To Defeat Ransomware 06/07/2021

The world of cellular is changing rapidly with the advent of 5G. 5G brings revolutionary performance and capabilities, but it also comes with new security challenges. In this article, we talk about the major security challenges affecting 5G networks and discuss five ways organizations can address such security challenges and reduce their networks’ attack surface.

5 Ways to Secure and Manage Your 5G Network 05/31/2021

The world of cellular is changing rapidly with the advent of 5G. 5G brings revolutionary performance and capabilities, but it also comes with new security challenges. In this article, we talk about the major security challenges affecting 5G networks and discuss five ways organizations can address such security challenges and reduce their networks’ attack surface.

How To Manage Insider Risk With Continuous Background Checks 05/3/2021

Insider threats are a growing and serious challenge for organizations. Many human resource departments perform one-time background checks before hiring someone. However, employee behavior is not static. Questionable or criminal activities during employment can place users in a position where an attacker might extort them to steal data, corrupt systems, or perform other malicious actions. In addition to user behavior analytics, continuous background analysis is a good tool for protecting sensitive information resources.

Why Adaptive Authentication Should Be a Core Component of Zero Trust Networks 05/24/2021

The internet enables cybercriminals to attack victims anywhere in the world. Transnational crimes are challenging to track, and more often than not, the perpetrators are not apprehended. What is needed is a robust and global effort to identify attackers, preserve evidence, and prosecute the guilty, regardless of where they reside. There has been some movement toward accomplishing this, but it is still not enough.

Why Transnational Cooperation Is Key in the Battle Against Cross-Border Cybercrime 05/24/2021

The internet enables cybercriminals to attack victims anywhere in the world. Transnational crimes are challenging to track, and more often than not, the perpetrators are not apprehended. What is needed is a robust and global effort to identify attackers, preserve evidence, and prosecute the guilty, regardless of where they reside. There has been some movement toward accomplishing this, but it is still not enough.

Supply Chain Attacks: Why Risk Management and Business Continuity Planning are Essential 05/10/2021

Codecov is just the newest in a series of attacks against the software supply chain. Supply chain attacks are an efficient means for advanced persistent attackers to breach hundreds or thousands of systems by modifying popular software code. In this article, we will discuss how the CISA Cyber Supply Chain Risk Management model provides a roadmap for organizations to protect themselves from software supply chain attacks.

How to Fight Cryptojacking Attacks With Machine Learning... 04/20/2021

Cryptojacking is the unauthorized use of personal or enterprise resources for crypto mining where cryptojackers install malware on systems. This article discusses why machine learning is key in preventing these attacks.

Cryptojacking, the unauthorized use of systems to earn money from cryptocurrency operations, is a growing problem. Cryptojacking malware can cause productivity issues via loss of system performance or availability. Like managing many of today’s malware, traditional antimalware solutions are not enough. Machine learning is increasingly a more effective way to detect and deal with advanced persistent threats (APT).

How to Secure Online Identities With Passwordless Authentication. 04/13/2021

Since the advent of computers, passwords have controlled access to devices and data. Even with multi-factor authentication, most organizations continue to rely on passwords to secure their systems. However, passwordless authentication is quickly emerging as a secure replacement for passwords, making older authentication mechanisms obsolete as they are no longer strong enough to guard devices and data from emerging cyber threats.

Media Sanitization Guide (White Paper, November 19, 2019)

Protecting sensitive information requires attending to where the information is located and used throughout its lifetime. This document guides how to manage sensitive information when the media on which it resides is no longer used for that purpose. These management processes are collectively known as media sanitization.

Media comes in several forms: magnetic, paper, solid-state, and optical. I address sanitization across all of these media types, including how to meet associated data erasure challenges. Further, this guide provides steps and considerations needed to implement and manage media sanitization policies and procedures.

DNS Tunneling Identification and Defense (Paper, October 9, 2019)

Video Version

Domain Name Service (DNS) traffic freely travels across network perimeters and internal network segments. Organizations cannot arbitrarily block this UDP port 53 traffic because doing so would break most, if not all, network communication. Malicious actors (MA) know this and have found ways to exploit DNS for their purposes.

One example of how MA exploit DNS is tunneling. DNS tunneling enables command and control (C2) and data exfiltration traffic for which most organizations do not look or are unable adequately to detect.

This paper helps organizations understand the threat and available defense solutions.

Protect Your Organization from Your Managed Service Provider (September 16, 2019)

In July 2019, dental clinic customers of a managed services provider (MSP) fell victims to a ransomware attack. The attack was initially launched against the MSP and then spread to supported customers[...]

If your organization is planning to engage an MSP, or currently uses an MSP, it's essential regularly to check to ensure the MSP is effectively secure: secure in a way that protects your resources. If the MSP systems and networks introduce too much risk to your organization, and the MSP refuses to change, walk away.

Access Control Models For ICS/SCADA Environments (September 12, 2019)

Access control for critical infrastructure requires moving the perimeter to workloads and managing access based on context. This zero-trust approach ensures access based on user/device characteristics, target workloads and associated risk. In this article, I give an example of one of two general approaches to achieving zero-trust ICS networks.

Use the Purdue Model to Protect High-Value Targets (September 12, 2019)

According to the Proofpoint 2019 State of the Phish report, the number of phishing attacks is increasing. Production/operations networks are the most popular targets. These targets include all industrial control and management systems (ICS), including manufacturing and utilities. Another popular target category includes R & D systems.

Protecting these networks requires isolating them from the higher risk user environments in organizations. Use of software-defined perimeters is an approach recommended mainly by today’s security professionals for achieving zero-trust networks. However, it is not always appropriate for legacy production systems. Many of these systems were implemented many years ago with little or no attention to security. In these and other cases, the use of firewalls for microsegmentation is often a better choice.

The Media Needs to do Better with Security Awareness (August 30, 2019)

The CBS news program 60 Minutes recently reported on ransomware attacks. They did an excellent job showing the impact, but they did a terrible job discussing prevention. If I were not a security professional, I would have thought there was nothing I could do but simply pay the ransom.

This was little value in this approach. The approach of not clicking on links, for example, is not enough to protect an organization from ransomware. In one case reported by 60 Minutes, even the backups were affected. Consequently, restoration of backups is not always a good response when an infection has already occurred.

Microsegmentation: One Step Toward a Zero-Trust Network (August 19, 2019)

Zero-trust network security assumes no network segment is safe. It also switches authentication from user/network to user/application. These two requirements result in shrinking the perimeter to the applications themselves. In ZTN parlance, we call applications workloads.

Placing the perimeters as close as possible to the workloads requires microsegmentation. In this article, I take a high-level look at two approaches to microsegmentation: Palo Alto Networks (using NextGen firewalls) and Cisco’s Application Centric Infrastructure (ACI).

ICS/SCADA Access Controls (August 19, 2019)

This article provides an overview of ICS logical access management challenges and ways to meet them, including network segmentation, risk-based access control and context-aware authentication and authorization.

Lateral Phishing is Strong Lure for Password Theft (August 19, 2019)

Known as lateral phishing, a malicious actor gains control of an internal email account in a target organization. The actor then sends email to other target Lure angler fish with long spiky teethorganization employees, usually to gain login credentials.