Browsing category

Access Management

Access Management, Endpoint, Endpoint Protection, IBM X-Force Incident Response and Intelligence Services (IRIS), Legacy Applications, Malware, Patch Management, Point-of-Sale (POS) Systems, Privileged Users, Risk Management, Threat Detection, Windows,

How to Defend Your Organization Against Fileless Malware Attacks

The threat of fileless malware and its potential to harm enterprises is growing.

Fileless malware leverages what threat actors call “living off the land,” meaning the malware uses code that already exists on the average Windows computer. When you think about the modern Windows setup, this is a lot of code: PowerShell, Windows Management Instrumentation (WMI), Visual Basic (VB), Windows Registry keys that have actionable data, the .NET framework, etc. Malware doesn’t have to drop a file to use these programs for bad intentions.

The combination of all of these code sources is generally called process hollowing — a tactic in which malware uses a particular process as a storage container and distribution mechanism for its code. One recent attack discovered by FireEye combined PowerShell, VB scripts and .NET in a single lethal package.

Attacks leveraging PowerShell are particularly on the rise. Last fall, IBM X-Force Incident Response and Intelligence Services (IRIS) demonstrated just how potent PowerShell-based exploits can be, since code is executed directly from a PC’s memory. Plus, PowerShell can be used for remote access attacks and get around application whitelisting protections.

Given this growing threat, what can security teams do to help defend their organizations against fileless malware?

Ensure Strong Companywide Security Hygiene

The general thrust of how to combat fileless malware begins with making sure your Windows computers are patched and up to date. Since one of the first tenets of threat actors is taking advantage of unpatched, older systems, to delay patch management is to introduce a vulnerability into your network. The spread of EternalBlue illustrated this well; the patch was available for more than a month before the exploit was launched.

The next step is to ensure you have a solid security awareness training regimen. This doesn’t mean running annual exercises or sending out the occasional test phishing email. Instead, come up with a program that operates continuously and is always making users aware of the dangers of email attachments and clicking on links willy-nilly. Most fileless campaigns begin their life with a simple phishing email, so it is important to try to nip these entry points quickly.

Third is to understand the behavior of built-in Windows code so you can spot anomalies, such as when encrypted PowerShell scripts are installed to run as a service. The combination of the two — the encryption and the service feature — should be a red flag. Analysts sometimes see compression tools instead of or in addition to encryption as well. Another red flag is finding a PowerShell script hiding in the TEMP directory; while not technically fileless, this code quickly moves to more dangerous parts of the operating system (OS).

Understand Your Access Rights and Privileges

Organizations should understand what happens when fileless malware first detonates. Just because you have a user who clicked on a malicious attachment doesn’t mean the malware will stay on their PC. Instead, a typical behavior is for the malware to move across your network to find a richer target, such as a domain controller or web server. To prevent this, you should segment your network carefully and make sure you understand access rights, especially for third-party applications and users.

A common attack method is escalating privileges as malware moves around the network, which can be done using PowerShell, for example. They don’t call it PowerShell for nothing: An actor can issue commands for reverse Domain Name System (DNS) queries, enumerate access control lists on any network share and find members of a particular domain group. This means one of the more basic controls for any malware is to restrict administrator rights to the minimum number of systems.

Many fileless exploits count on the profligate use of rights that aren’t needed or are attached to users that have since left the company, or outdated rights for users who don’t access the targeted applications anymore. Companies should develop methods to detect when these situations occur and be able to shut them down quickly. Organizations should also disable Windows programs that aren’t needed. Not everyone needs PowerShell running on their computer, or support for the .NET framework. Even more effective is to eliminate support for ancient protocols such as SMBv1, which was what caused all the trouble with WannaCry.

Finally, while PowerShell can get around application whitelisting, it is still a good idea to deploy such controls. The more you know about how your users consume applications, the more likely you will be able to catch a piece of malware doing something that no other legit app has been observed doing. Another way is to disable macros, including Office macros, which are often abused by malware writers, although this isn’t a universal solution because many users do need them to do their jobs.

As a side note, Windows can be used for more than just desktop computers, and threat actors will sometimes target embedded Windows point-of-sale (POS) machines. The attraction here is that these computers have direct access to payment card data, so having extra protection for this population is crucial.

Combat Fileless Malware Threats With Careful Coordination

Microsoft hasn’t been standing still while fileless attacks run rampant. In fact, the company has developed an open interface called Antimalware Scan Interface that some vendors have begun using to make it easier to detect the “tells” of the fileless world, especially when it comes to analyzing scripting behavior.

In addition, anyone who wants to gain a better understanding of fileless attacks should check out the open source project AltFS. This is a complete fileless virtual file system to demonstrate how these techniques work, and it can be deployed on Windows and Mac PCs.

As you can see, fighting fileless malware attacks will take some serious effort and careful coordination among a variety of tools and techniques. With more unpredictable malware threats on the horizon, organizations should take steps today to strengthen their defenses.

The post How to Defend Your Organization Against Fileless Malware Attacks appeared first on Security Intelligence.

This post appeared first on Security Intelligence
Author: David Strom

Access Management, IBM Security, Identity & Access, Identity and Access Management (IAM), Kuppingercole, Security Intelligence & Analytics, Security Products, Security Solutions,

KuppingerCole Report: Leadership Compass of Access Management and Federation

Part of fixing any IT issue is finding the right solution for the problem and ensuring the issue will not happen again. One of the major struggles for the IT industry is finding the right vendors to enlist as protectors.

KuppingerCole’s Leadership Compass report on access management and federation aims to close the gap between the right solution and the right vendor.

Emerging business requirements, such as onboarding business partners, providing customer access to services and adopting new cloud services, require IT to react and find solutions to these communications and collaboration conditions. Access management and federation vendors are closing in to address these needs and enable business agility.

With many vendors in this market segment, the KuppingerCole Leadership Compass provides a view and analysis of the leading vendors and their strengths and weaknesses. The report acts as a guide for the consumer to compare product features and individual product requirements.

Read the KuppingerCole Leadership Compass report

Breaking Down the Leadership Ratings

When evaluating the different vendors and products, KuppingerCole looked into the aspects of overall functionality, size of the company, number of customers, number of developers, partner ecosystems, licensing models and platform support. Specific features, such as federation inbound, federation outbound, backend integration, adaptive authentication, registration, user stories, security models, deployment models, customization and multitenancy, were considered as well.

KuppingerCole created various leadership ratings, including “Product Leadership,” “Innovation Leadership,” and “Market Leadership,” to combine for the “Overall Leadership” rating. With this view, KuppingerCole gives an overall impression of each vendor’s offering in the particular market segment.

Product Leadership is based on analysis of product and services features and capabilities. This view focuses on the functional strength and completeness of each product.

Innovation Leadership focuses on a customer-oriented approach that ensures the product or service has compatibility with earlier versions, as well as supports new features that deliver emerging customer requirements.

Market Leadership is based on market criteria, such as number of customers, the partner ecosystem, the global reach and the nature of responses to factors affecting the market outlook. This view focuses on global reach, sales and service support, and successful execution of marketing strategy.

KuppingerCole Leadership Compass: Access Management and Federation

How IBM Ranks

IBM Security Access Manager (ISAM) is ranked as a leader in the Product, Marketing and Technology Leadership categories. This rating comes from IBM ISAM having one of the largest customer bases of all vendors in the market segment, a strong partner ecosystem, mature access management and strong adaptive authentication. ISAM is among the leading products in the access management and federation market and meets organizations’ growing lists of IT security requirements with broad feature support.

Read the Full Report

Check out the complete report to discover:

  • An overview of the access management and federation market;
  • The right vendor and right solution for your business; and
  • Why IBM ISAM is a leader in Product, Marketing and Technology.

Read the KuppingerCole Leadership Compass report

The post KuppingerCole Report: Leadership Compass of Access Management and Federation appeared first on Security Intelligence.

This post appeared first on Security Intelligence
Author: Kelly Lappin

Access Management, Authentication, Cloud, Cloud Infrastructure, Credentials, customer experience, Hybrid Cloud, Identity & Access, Identity and Access Management (IAM), insider threats, Multifactor Authentication (MFA), Password, password reuse, Single Sign-On (SSO),

Reap the Promise of One and Done Authentication With SSO

Every day, the average business employee inputs credentials to authenticate identity and access apps and sites several times — using one of the 8–12 passwords the average person has, according to the “IBM Future of Identity Report.” If you get your password wrong too many times, you’re locked out and you call the IT help center to reset it, again. Which leads you, the help center and the system administrator all to think there must be a better way. Fortunately, there is single sign-on (SSO).

What is SSO? It’s a user authentication technology that requires only one set of credentials to provide access to everything you need. Once you’re authenticated on a centralized platform in an enterprise, for example, you can use a range of applications — from on-premises programs to cloud resources to software-as-a-service (SaaS) apps such as Salesforce and Office 365 — without logging in and out again.

Eliminate the Problems With Passwords

A typical employee may start with only a few credentials, but after a few weeks or months, that number will quickly increase. Furthermore, according to the “Future of Identity Report,” only 42 percent of millennials use complex passwords (versus 49 percent of people over the age of 55) and 41 percent reuse the same password multiple times (versus 31 percent). Administrators may be sympathetic to password fatigue and interrupted user experiences, but security is an even greater concern. Verizon’s “2018 Data Breach Investigations Report” listed stolen credentials as one of the leading causes of data breaches.

What users are accessing with those passwords is also critical; another key factor behind many breaches is the abuse of access privileges. Many enterprises fail to implement access management solutions that ensure employees have only the privileges they need to do their jobs. This puts the organization at greater risk given that insider threats are at the root of 60 percent of cyberattacks.

If you’re an administrator, you oversee databases that hold passwords, permissions for access to applications and resources, help center troubleshooting and support to change credentials, and training to keep users from falling for phishing scams or other hacks that could result in a breach. That can be a lot, especially for larger companies with hundreds or thousands of employees.

The solution requires taking responsibility for security away from users by eliminating the need to have multiple passwords.

Implement SSO for Seamless User Experiences

Single sign-on changes how authentication and identity and access management work. Normally, when you want to sign up for an application, the server first verifies whether you already have an account. If not, the server securely stores your email and encrypted password in a database. The server then creates a session and sends a token confirming your identity. Your browser stores the token in a cookie that verifies your identity when you’re logged in. Next time you want to log in, the server compares your password to what’s in the database and you’re in or out.

With federated SSO, however, you get another option. You’ve probably been asked if you want to sign up for an app or site using Facebook or Google, for example. Various standards, including Security Assertion Markup Language (SAML), Open Authorization (OAuth) and OpenID Connect (OIDC), let these web giants give third-party apps and sites access to your information.

You choose your provider — say, Google — and the third party verifies that you’re already logged in to Google. If not, you log in and then choose what information you’re willing to share with the third party. Google verifies that both you and the third party are legitimate, then authenticates you based on its own password database and issues a token back to the site. The third-party site can now associate you with the user data you’re willing to share — such as preferences, previous sales and so on — and you can move seamlessly between applications for which you have access without logging in each time.

A Win-Win for Users and Administrators

It’s easy to see why users would love SSO, whether they’re at home or at work. In the enterprise, they can use one set of credentials to access all their apps instead of remembering, looking up and frequently resetting multiple passwords. New users can sign up for accounts easily and securely, using a provider they already trust.

Administrators, on the other hand, can securely provide access to resources and applications, whether they’re on premises, in the cloud or in a hybrid cloud. But to reduce risk, it’s critical to focus on security as well as convenience.

Ensure the Upside Isn’t a Downside

Forrester emphasizes that authentication is mission-critical infrastructure in “Now Tech: Authentication Management Solutions, Q3 2018.” If an SSO provider experiences a security breach or an authenticator goes down, users can’t get online. And if only one set of credentials is needed to access a multitude of apps and resources, the security around those credentials must be ironclad. After single sign-on implementation, compromised credentials give a threat actor entry not just to one resource, but all of them.

More secure authentication should include access without passwords, such as scanning a code with a user’s phone; frictionless biometrics, such as fingerprint, voice or face recognition; and geolocation. For example, IBM Cloud Identity provides seamless and secure authentication for native, web, mobile or cloud applications via biometrics, FIDO2, Universal Second Factor (U2F), FaceID, Touch ID, email/SMS one-time passwords or soft tokens. The solution can also reduce reliance on passwords by providing multifactor authentication (MFA) to any target system, including virtual private network (VPNs), mainframes, Linux or desktop.

An ideal solution will also incorporate risk-based authentication. For example, an employee logging in from her desktop at 2 p.m. on a workday may gain access with just a single password, but a user across the globe logging in on a new device at midnight may require MFA.

Evolving With Your Ecosystem

Perhaps the best feature of SSO is its scalability; you can future-proof access management, as this case study on POST Luxembourg showed. As your enterprise changes and grows, you can continue to provide a convenient sign-on experience to users, customers and partners and a centralized solution that gives them secure and integrated access to resources via almost any device, anytime and anywhere.

IT administrators, line-of-business managers and employees all benefit from an identity and access management solution like single sign-on. It allows registered users to access applications with one set of credentials, provides a centralized place for admins to manage all protected applications and configure access policy settings, and, best of all, the cloud has made single sign-on implementation more affordable and less time-intensive than ever.

Learn how an IAM solution can benefit you

The post Reap the Promise of One and Done Authentication With SSO appeared first on Security Intelligence.

This post appeared first on Security Intelligence
Author: Diana Kightlinger

Access Management, Credentials Theft, Data Security, Encrpyption, IBM Security, Identity and Access Management (IAM), identity theft, Network Protection, patch, Patch Management, Privileged Access, Software & App Vulnerabilities, Vulnerabilities, Vulnerability Management, X-Force,

Stranger Danger: X-Force Red Finds 19 Vulnerabilities in Visitor Management Systems

Automation is pervasive across our modern world and building lobbies are the latest place affected by the changes. The friendly receptionist or security guard is being replaced by kiosks, and it is big business, with sales expected to exceed $1.3 billion by 2025. These systems are officially called visitor management systems and allow businesses to check a guest in, give them a badge and control access to restricted areas of the facility.

Unlike simple pen and paper, they have the ability to authenticate visitors and provision badges for them in an automated way without allowing anyone to see who else has visited. If a visitor management system is working properly, it should be easier to identify which visitors are legitimate and if they should be allowed to move throughout the campus unescorted. If the systems are not working as intended, they can provide a false sense of security to the companies deploying them.

Considering that these systems are intentionally physically exposed to outsiders and have a role in the security of an organization, they should be developed with security in mind throughout the product life cycle and should include physically present attackers in their threat model. However, our team has identified vulnerabilities in a number of visitor management system products that could prevent them from achieving that goal.

Two X-Force Red summer interns (Hannah Robbins and Scott Brink), under the guidance of the X-Force Red research team, took a closer look at the security of five popular visitor management systems and discovered 19 previously undisclosed vulnerabilities across all the vendors. If the vulnerabilities were exploited by attackers, data like visitor logs, contact information and corporate activities could be accessed. They also discovered these systems can be used to establish a foothold to attack corporate networks.

The findings included:

  • Data leakage — information disclosure of personal and corporate data;
  • Keys to the kingdom — several applications had default administrative credentials, which would allow complete control of the application; and
  • Breakout — other identified vulnerabilities could allow an attacker to use Windows hotkeys and standard help or print dialogs to break out of the kiosk environment and interact with Windows, giving an attacker control over the system with the same privileges as the software was given.

What Are the Potential Consequences?

Given control of a visitor management system, an attacker could achieve a number of goals depending on the features of the system in question and the context of how it has been deployed.

Physical access: Attackers who want to perform a physical task like stealing valuable assets or launching physical attacks to compromise computers may be able to acquire a valid badge. Some visitor management systems can even issue and provision radio frequency identification (RFID) badges, giving an attacker a key to open doors. Even if the issued badges are not capable of opening doors, they may still identify an attacker as a trusted outsider. A smile and gentle request for help opening a locked door often goes unchallenged with a valid badge.

Network access: If an attacker’s goal is simply to gain access to the internal network, they may not even need to enter the premises, since the visitor management system itself may have access to the internal network and compromising it could mean gaining a foothold on the network.

Data exfiltration: Even if the visitor management system is not connected to any network and does not issue badges, it still holds data about visitors, which can be a boon to competitors and inside traders. Knowing, for instance, that the CEO of a related company has been visiting every day for the last few weeks could be valuable intelligence to collect. Depending on what data the visitor management system stores, there may be an opportunity for identity theft as well.

Closing the Door to Visitor Management System Vulnerabilities

Details for the vulnerabilities disclosed by our X-Force Red team have been provided to the affected vendors in advance in order to allow time for an official fix to be developed and released in advance of this publication.

Apply the patch: Several of the vendors have updated their software or plan to with appropriate patches of changes to functions. If there is no patch, include these systems in a security testing program to confirm the exploitability and apply appropriate techniques to isolate the system from others.

Harden access: Evaluate the privileges the system has and determine if systems requires administrative privileges to run. If not, revoke the privileges and ensure default passwords are not enabled. If network access is not required for the visitor management system to function, it should not be connected to the network.

Encrypt everything: Full-disk encryption should always be used on any system accessible to the public or at risk of theft, such as laptops and kiosks. Since iOS now employs mandatory full-disk encryption backed by a hardware security module, full-disk encryption is already the norm on iOS devices.

Password integrity: If the password can be guessed, the encryption may be rendered moot, so make sure to set a strong password on the device. iOS has a kiosk mode that can be used to prevent users from accessing the full functionality of the device, and this should be employed to add an additional barrier to exploitation.

Learn more about X-Force Red and X-Force Red’s penetration testing services.

LEARN MORE ABOUT X-FORCE RED

The Vulnerabilities

The post Stranger Danger: X-Force Red Finds 19 Vulnerabilities in Visitor Management Systems appeared first on Security Intelligence.

This post appeared first on Security Intelligence
Author: Daniel Crowley

Access Governance, Access Management, Authentication, Authentication Systems, Data Protection, Fraud Protection, Identity & Access, Identity and Access Management (IAM), Identity Governance, Identity Management, Multifactor Authentication (MFA), Password, Password Management, Password Protection, password reuse, verification systems,

Are Passwords Killing Your Customer Experience? Try Passwordless Authentication

Creating a seamless, secure experience for your legitimate users is a challenge. Most users are good and deserve a frictionless experience, but the less than 0.1 percent of users that are suspected to be rogue actors, according to IBM Trusteer research, spoil the party for everyone. These are the users who commit online fraud, steal data, bypass formal application programming interfaces (APIs) and skew site analytics. The rest of us can thank them for the frustration associated with tedious login rituals.

We’re drowning customers in a sea of passwords and expecting them to stay afloat. Passwords are not only a pain, but incredibly easy to hack. So how is the industry combating these issues related to passwords and the pains of usability? Shockingly, many organizations are still relying only on passwords as a form of authentication, and we know they’re failing. According to a Javelin Strategy & Research survey, 1 in 5 customers fails to authenticate. This could be due to multiple factors, one of which is forgetting their own password.

How Can Companies Go Passwordless?

Let’s take a step back and think about it: As a consumer yourself, how many online accounts do you have, and how many different passwords do you need to create to outsmart fraudsters? All these credentials are nearly impossible to manage.

If we know a large percentage of our users are legitimate, then let’s deliver the seamless but secure experience they expect and, in the end, help drive digital sales. So what does going passwordless really mean, and how is it possible?

The passwordless experience is based on identifying unauthorized access to web and mobile applications and sensitive operations. Organizations can identify these issues by using risk-based authentication and continuous trust validation technologies, which provide services such as behavioral analysis, device identification and authenticity, phone number and email intelligence, identity linkages, and session and network attributes to build this trust. These forces are what make passwordless authentication possible because they identify positive users and question the high risk users.

Examples of a Passwordless Customer Experience

How does this work in practice? Below are some examples of how passwordless authentication can transform and improve your customer experience.

  • A new customer registers on a site or application by confirming his or her email or phone. For subsequent logins, the customer is auto-enrolled as a trusted user.
  • A registered user accesses a site seamlessly after the system detects no threats or compromises on the trusted device.
  • A user accesses a service from a new device by confirming the email or phone number associated with the account and entering his or her credentials. After the device is labeled as trusted, it is auto-enrolled for seamless entry.
  • A user accesses a service seamlessly and browses with continuous authentication in the background until he or she reaches sensitive information. At this point, the user is prompted to enter his or her two-factor authentication (2FA) information before accessing this data.

If you go passwordless, you’re guaranteed to improve your customer experience. A system free of clunky passwords helps streamline customers’ buying journeys and distinguish between legitimate users and fraudsters. Most importantly, it enables your users to enjoy a seamless experience on any digital platform. So what are you waiting for? Now is the time to give your customers the experience they deserve and the security they demand with passwordless authentication.

Register for the Feb. 27 webinar to learn more

The post Are Passwords Killing Your Customer Experience? Try Passwordless Authentication appeared first on Security Intelligence.

This post appeared first on Security Intelligence
Author: Kelly Lappin

Access Governance, Access Management, Advanced Threats, Application Security, Cloud, Cloud Adoption, Cloud Infrastructure, Cloud Security, Cloud Services, Cloud Services Provider, Cloud Strategy, Data Protection, Data Security, Encrpyption, Encryption Keys, Hybrid Cloud, Identity and Access Management (IAM), Identity Management, Public Cloud, Security by Design,

Moving to the Hybrid Cloud? Make Sure It’s Secure by Design

Many organizations have such a positive first experience with cloud computing that they quickly want to move to a hybrid cloud environment with data and workloads shared between private and public clouds. The flexibility and control that a hybrid cloud provides is why it is expected to be the dominant cloud computing model for the foreseeable future.

However, companies often don’t think about security issues until after they are well along in the process of building a hybrid cloud. This can lead to nasty surprises when they realize this environment introduces some unique security considerations that don’t exist in traditional infrastructure. That’s why a hybrid cloud needs to be secure by design.

Cloud Security Is a Shared Responsibility

Public cloud providers offer enterprise-class security, but that doesn’t absolve customers from responsibility for protecting data, enforcing access controls and educating users. Private cloud security is complicated because private clouds can take many forms. They may be hosted entirely on-site, entirely in the public cloud or some combination. Private cloud infrastructure can also be dedicated to a single tenant or shared across multiple zones with isolation providing dedicated resources. Each environment has different security demands.

The scale and dynamism of cloud computing complicates visibility and control. Many customers incorrectly believe that cloud providers take care of security. In fact, security is a shared responsibility. In my experience, most cloud security failures occur because customers don’t live up to their part of the bargain.

No single cloud security mechanism does the entire job. There is also little consensus about what the ideal cloud security environment should look like. As a result, most product offerings in this market are still evolving. Secure by design starts with assessing risk and building a framework for technology.

A New Way of Computing

Moving to the cloud doesn’t mean relinquishing total control, but it does require embracing a new security mindset based on identity, data and workloads rather than underlying platforms. Security professionals who can reorient themselves around business enablement rather than device protection are particularly well-suited to securing public clouds.

Cloud computing is highly distributed and dynamic, with workloads constantly spinning up and down. Visibility is essential for security. According to Gartner, cloud security should address three core topics that have not traditionally been an IT discipline: multitenancy risk, virtualization security and software-as-a-service (SaaS) control.

Multitenancy risk is inherent to cloud architectures because multiple virtual machines (VMs) share the same physical space. Major public cloud providers go to great lengths to mitigate the possibility that one tenant could access data in another VM, but on-premises infrastructure is susceptible if the servers are not configured properly. Changes made to one hybrid cloud environment may also inadvertently affect another.

Virtualization security refers to the unique risks of virtualized environments. While hypervisors and VMs are in many ways more secure than bare-metal environments because the operating system is isolated from the hardware, the use of shared resources like storage and networking also introduces potential vulnerabilities that don’t exist on dedicated servers.

SaaS environments require greater attention to authentication and access control because the user doesn’t own the network. Governance standards need to be put in place to ensure that users take appropriate precautions with data and that all necessary regulatory and compliance guidelines are met.

Without these new competencies, organizations will struggle to gain visibility into their hybrid cloud environments, making it almost impossible to determine which computing and storage tasks are taking place where, using which data and under whose direction. In that situation, provisioning and enforcement of policy can quickly become impractical. But if organizations practice secure-by-design principles using new cloud-native tools, they can get a single-pane-of-glass view into activity that enables policy enforcement.

Three Keys to Secure Hybrid Cloud Deployments

Three areas merit special attention: encryption, endpoint security and access control.

Encryption is the best form of data protection. Data moving to and from the public cloud should be encrypted at all stages, and sensitive data should never be left unencrypted. All cloud providers support encryption, but not necessarily by default. Customers need to choose the type of encryption that is most appropriate and secure encryption keys.

When public cloud services are accessed over the public internet, special attention needs to be paid to endpoint security to prevent the risk of creating access points for attackers or becoming targets of malware. For example, an attacker who compromises a PC and logs on as an administrator for the company’s public cloud effectively has the keys to the kingdom. Hardware firewalls aren’t protection enough.

Secure web gateways (SWGs) utilize URL filtering, advanced threat defense (ATD) and malware detection to protect organizations and enforce internet policy compliance. SWGs are delivered as both physical and virtual on-premises appliances, cloud-based services or hybrid cloud/on-premises solutions. They provide an additional layer of protection against destructive attacks such as ransomware and enable safer and more efficient adoption of cloud-based services.

Finally, cloud-specific access control is a necessity if employees, contractors and vendors are to use both public and private clouds. Single sign-on (SSO) and federated access controls can minimize inconvenience while maintaining control and security monitoring.

Identity and access management-as-a-service (IDaaS) works in both multitenant and dedicated environments. It provides identity governance and administration, access management, and analytics functions that span the organization’s entire cloud environment. IDaaS can also be integrated with existing access management software to manage access to legacy applications.

The Cloud Security Alliance has an extensive library of resources that cover practices for hybrid cloud security. Organizations should familiarize themselves with these guidelines before beginning the migration process. Building security into hybrid infrastructure from the beginning minimizes the pain and delay of backfilling later.

The post Moving to the Hybrid Cloud? Make Sure It’s Secure by Design appeared first on Security Intelligence.

This post appeared first on Security Intelligence
Author: Kaja Narum

Access Governance, Access Management, CISO, Identity, Identity & Access, Identity and Access Governance (IAG), Identity and Access Management (IAM), Identity Governance, Identity Governance and Administration (IGA), Identity Management, Security Leaders, Security Leadership, Security Professionals, Shadow IT, User Education,

Design Your IAM Program With Your Users in Mind

Identity and access management (IAM) should be a seamless part of employees’ day-to-day activities and your organization’s overall security posture. An IAM program controls and administers the access users have to an array of critical systems and data. If your users have difficulty accessing systems and applications with an IAM solution in place, your security posture can suffer. For example, employees may go around established security policies and leverage shadow IT applications to get their jobs done faster.

Many identity programs struggle to gain user acceptance because IAM is a particularly challenging field within security. If you don’t start by following IAM best practices and understanding the business’ goals and users’ needs and requirements, you may find it difficult to gain the levels of user adoption necessary to make an IAM program successful in the long term.

Infuse Empathy Into Your IAM Program Using the Enterprise Design Thinking Framework

Kevin Pratt, senior managing consultant in identity and access management at IBM, has heard countless stories from clients who tried to deploy an IAM tool without first considering users’ needs and their related pain points. I found his advice to be particularly insightful, so I asked him to sit down for an interview to talk about some critical considerations for designing a world-class IAM program.

Question: How would you explain Enterprise Design Thinking to a first-time client?

Pratt: Enterprise Design Thinking is an approach that helps us align IAM projects to the business by focusing on user outcomes. This approach helps us achieve better user experiences, delivers programs at scale and does this in a faster time frame.

With Enterprise Design Thinking for IAM, we first seek to understand what problem we are solving, the different stakeholders that are interacting with and impacted by IAM programs, then identify user needs, pain points and wants. These insights help us to work collaboratively with our clients to identify the right problem to solve, and secondly, correctly design and align user needs to the business. Understanding this convergence of needs across all three dimensions is key to designing a successful IAM program.

Give an example of a time a client used Enterprise Design Thinking to understand what users really want. What was the result, and how did it compare to clients that didn’t focus on IAM best practices?

IAM projects usually fail due to lack of user acceptance. IAM user acceptance can be especially challenging when balancing project and security requirements with the user experience.

So, if you take time, in the beginning, to align IAM work with the needs of your users and the business, you give your users a sense of ownership of the IAM work and build a foundation for a true partnership between the users, the business and IAM practices. As mentioned, these are key to building and executing a successful IAM program.

One client example that comes to mind is a health care organization that was adopting single sign-on (SSO) and wanted to leverage biometrics by using fingerprints. However, many users, like doctors and nurses, have to wear gloves at all times when working with patients and can’t always authenticate their identity with fingerprints.

We quickly identified in a design thinking session that these users needed a different way to authenticate, like a face or iris scan. Rather than deliver an authentication solution that met security requirements but did not meet critical end user requirements, we immediately identified that the end users’ needs did not align. These insights were leveraged to build a set of requirements which would result in seamless user adoption.

Tell me about a time when an organization didn’t obtain stakeholder buy-in.

We hear these stories over and over …

One example in particular comes to mind: A client was building an IAM product that would onboard and offboard users — essentially a robust identity governance and administration solution. A month before the go-live date, a human resources executive went to the C-suite and said that the IAM group forgot to include them at the right level in the conversations around the project requirements. In this situation, HR was particularly concerned about employee transfers, leaves of absence and other temporary leaves because of the access retained by the employees, which puts the business at unacceptable risk. These user requirements weren’t incorporated at the level that HR wanted.

As a result, the project was stopped by the business right before the go-live date, and the project hasn’t moved forward a year later.

Many times, IAM projects do not correctly involve the right stakeholders at the right level. Therefore, it becomes imperative that the right stakeholders are included from the beginning. As an IAM practitioner, it’s your responsibility to walk through the user life cycle process with line-of-business (LOB) executives and other key stakeholders.

All too often, IAM specialists are laser-focused on security requirements and user onboarding. Of course, IAM needs that particular information. However, where you encounter trouble is when IAM experts are not paying attention to what the lines of business are doing with the data.

If you’re only concerned with security, you’re missing an essential component. An Enterprise Design Thinking for IAM session takes you out of the security silo and immerses you, your IAM stakeholders and collaboration teams into the lives and personas of the users that will interact with the new IAM technology. Too many times it is missed during a deployment.

What’s one of your favorite Enterprise Design Thinking exercises? Discuss the approach and why it’s helpful for clients.

One of the most helpful exercises I’ve seen is the empathy map. It enables you and your business to gain a better understanding of the user and their specific needs. It starts with identifying the user that will interact with systems and asks a series of questions.

Ideally, impacted users, or what are referred to as “sponsor users,” are invited to the design thinking sessions, interviewed in advance or the design thinking work is “played back” to them on a regular basis. This results in the user’s voice being present throughout the collaboration process, and the insights which surface as a result of their involvement are continually infused into planning in an iterative manner.

These questions are not just about IAM. The questions get into the user’s life. Sample questions might be:

  • Do employees work remotely?

  • Do employees spend time traveling?

  • Do employees spend time at the office?

  • What is the office environment like?

  • What is your sponsor user thinking, feeling, saying and doing in the context of the problem you’re solving for?

The goal is to develop a robust frame of reference which accurately represents the user.

Then, you put your answers into a grid and identify what your users say, think, feel and do. In the middle of this, we have a picture of this person or user (see image below). The goal is to immerse ourselves into the lives of users.

Empathy Map showcasing what a user thinks, says, does, and feels

Design an IAM program optimized for your business

More often, it’s fairly easy to fill in the “says” section because we know what they said. But we have to take it further and understand what the users are thinking. This requires getting into the mind of the users and including them as a part of the exercise so that the entire team can understand and verbalize what the users are thinking.

Then you move into how they feel. Users often feel frustrated about security solutions, but nobody on the security side usually explores those frustrations. Lastly, what does the user do? If this solution causes a problem, what will the user actually do? This often includes users finding creative ways to bypass our security controls. You need to understand what the negative consequences are for an IAM program failure. You may be able to identify those risks and stop them before they happen.

Once we have these identified, we then start to cluster, remix and group the needs and pains on the empathy map. By grouping like needs and pain points for numerous personas representing users, you begin to see common issues across different users by what they’re saying, thinking, feeling and doing. This exercise allows you to first identify themes in common, then prioritize the problems and determine which ones to solve first. It helps you answer the question that most often comes up: “How do we best address this?”

In summary, an empathy map is a fantastic way to get a deeper understanding of these users that will interact with your IAM processes and technologies.

After you’ve completed this exercise, one thing that can happen is you can have information overload. There may be so many needs and pains that an organization doesn’t know where to start. That’s where the prioritization grid can come into play.

Essentially, you take all the information gathered from the empathy map and put it into a grid that measures the impact on the user. You want to understand the feasibility of each issue. Only having the information from the empathy map isn’t enough — it is only one piece to ensuring user understanding. You need to be able to prioritize the needs and pains, identify what are the real impacts and what the feasibility is for fixing these.

It is important to note that prioritization grids are not limited to use after an empathy map exercise. They can be leveraged as a next step in many other stages of Design Thinking iteration, such as for prioritizing ideas, identifying and managing risk, and developing initial road maps and action plans.

These two exercises are very effective as part of a wider Enterprise Design Thinking approach that drives the engagements from beginning to end. It’s important to realize that Design Thinking isn’t just a workshop and an exercise or two; rather, it’s a completely different way of working with clients.

Why do you think Enterprise Design Thinking helps to build a more successful IAM program?

Enterprise Design Thinking focuses on user outcomes instead of just security outcomes. IAM tools do not exist in a userless vacuum. So, it’s vital for IAM practitioners to include users in their IAM discussions and programs. There’s not a good track record of this happening to date — we can do better for our clients by leveraging the Design Thinking framework and beginning to practice first with our own teams. Try an empathy map in practice to get a start.

At the 2018 Gartner IAM Summit in Las Vegas, we had a workshop where attendees chose a user (CISO, IAM admin, incident response analyst or customer) framed by a design prompt or common problem experienced by those stakeholders to focus on while putting together an empathy map. We had mostly security practitioners in the room.

Unsurprisingly, the user that was chosen by the least number of attendees was the customer. It can be difficult for IAM practitioners to relate to our customers and users. This we are hoping to change by virtue of exposing our IAM practitioners to the framework and how best to leverage it.

With Enterprise Design Thinking, we don’t have to guess what each user wants. We take the time to get to know the users, and this allows us to identify the right problem to solve, correctly align with the users and business, and identify a solution that meets the security requirements, addresses user needs and the needs of the business.

Design an IAM program optimized for your business

The post Design Your IAM Program With Your Users in Mind appeared first on Security Intelligence.

This post appeared first on Security Intelligence
Author: Marc von Mandel

Access Management, Banking & Financial Services, Biometric Security, biometrics, Fraud Protection, Identity & Access, Identity and Access Management (IAM), Identity Management, Multifactor Authentication (MFA), passwords, Retail, Retail Industry, Retail Security, Threat Intelligence, Two-Factor Authentication (2FA), User Behavior Analytics (UBA),

Multifactor Authentication Delivers the Convenience and Security Online Shoppers Demand

Another holiday shopping season has ended, and for exhausted online consumers, this alone is good news. The National Retail Federation (NRF), the world’s largest retail trade association, reported that the number of online transactions surpassed that of in-store purchases during Thanksgiving weekend in the U.S. Online shopping is a growing, global trend that is boosted by big retailers and financial institutions.

However, according to a Javelin Strategy & Research study, many consumers remain skeptical about the security of online shopping and mobile banking systems. While 70 percent of those surveyed said they feel secure purchasing items from a physical store, the confidence level dropped to 56 percent for online purchases and 50 percent for mobile banking. How can retailers increase customer trust toward online transactions?

Security Versus Convenience: The Search for Equilibrium Continues

When we register for online services, we implicitly balance security and convenience. When we’re banking and shopping online, the need for security is greater. We are willing to spend more time to complete a transaction — for example, by entering a one-time password (OTP) received via SMS — in exchange for a safer experience. On the other hand, convenience becomes paramount when logging into social networks, often at the expense of security.

App or account types respondents cared most to protect

(Source: IBM Future of Identity Study 2018)

A growing number of users are finding the right balance between convenience and security in biometric authentication capabilities such as fingerprint scanning and facial recognition. Passwords have done the job so far, but they are destined for an inexorable decline due to the insecurity of traditional authentication systems.

According to the “IBM Future of Identity Study 2018,” a fingerprint scan is perceived as the most secure authentication method, while alphanumeric passwords and digital personal identification numbers (PINs) are decidedly inferior. However, even biometrics have their faults; there is already a number of documented break-ins, data breaches, viable attack schemes and limitations. For instance, how would facial recognition behave in front of twins?

The Future of Identity Verification and Multifactor Authentication

Multifactor authentication (MFA) represents a promising alternative. MFA combines multiple authentication factors so that if one is compromised, the overall system can remain secure. The familiar system already in use for many online services — based on the combination of a password and an SMS code to authorize a login or transaction — is a simple example of two-factor authentication (2FA).

Authentication factors that are not visible, such as device fingerprinting, geolocation, IP reputation, device reputation and mobile network operator (MNO) data, can contribute substantially to identity verification. Some threat intelligence platforms can already provide most of this information to third-party applications and solutions. These elements add context to the user and device used for the online transaction and assist in quantifying the risk level of each operation.

The new available features open the way to context-based access, which conditions access to the dynamic assessment of the risk associated with a single transaction, modulating additional verification actions when the risk level becomes too great.

Existing technologies for context-based access allow security teams to:

  • Register the user’s device, silently or subject to consent, and promptly identify any device substitution or attempt to impersonate the legitimate device;
  • Associate biometric credentials to registered devices, thus binding the legitimate device, user and online application;
  • Spot known users accessing data from unregistered devices and require additional authentication steps;
  • Move to passwordless login, based on scanning a time-based QR code without typing a password;
  • Verify the user presence, limiting the effectiveness of reply attacks and other automated attacks;
  • Use an authenticator app to access online services with 2FA that leverages the biometric device on the smartphone, such as the fingerprint reader, and stores biometric data only on the user’s device;
  • Use advanced authentication mechanisms, such as FIDO2, which standardizes the use of authentication devices for access to online services in mobile and desktop environments; and
  • Calculate the risk value for a transaction based on the user’s behavioral patterns.

Combining all these elements, context-based access solutions conduct a dynamic risk assessment of each transaction. The transaction risk score, compared against predefined policies, can allow or block an operation or request additional authentication elements.

Get Your Customers Excited About Security

The aforementioned “IBM Future of Identity Study 2018” revealed clear demographic, geographic and cultural differences regarding the acceptance of authentication methods. It is therefore necessary to favor the adoption of next-generation authentication mechanisms and other emerging alternatives to traditional passwords.

Imposing a particular method of identity verification in the name of improved security can lead to user frustration, missed opportunities and even loss of customers. Instead, you should present new authentication mechanisms as more practical and convenient — that way, your customers will perceive it as a step toward innovation and progress rather than an impediment. If your authentication method feels “cool,” your users will be more excited to show it to colleagues and friends and less frustrated with a clunky login experience. You may even want to consider offering a wide range of authentication options and letting your users choose which they prefer.

Multifactor authentication is here to stay as traditional passwords lose favor with both security professionals and increasingly privacy-aware customers. If retailers can frame these new techniques in a way that gets users excited about security, the future of identity verification in the industry looks bright.

The post Multifactor Authentication Delivers the Convenience and Security Online Shoppers Demand appeared first on Security Intelligence.

This post appeared first on Security Intelligence
Author: Pier Luigi Rotondo

Access Management, Identity and Access Management (IAM), Incident Response (IR), Security Information and Event Management (SIEM), Security Intelligence & Analytics, Security Operations Center (SOC), Security Solutions, Threat Detection,

Bring Order to Chaos By Building SIEM Use Cases, Standards, Baselining and Naming Conventions

Security operations centers (SOCs) are struggling to create automated detection and response capabilities. While custom security information and event management (SIEM) use cases can allow businesses to improve automation, creating use cases requires clear business logic. Many security organizations lack efficient, accurate methods to distinguish between authorized and unauthorized activity patterns across components of the enterprise network.

Even the most intelligent SIEM can fail to deliver value when it’s not optimized for use cases, or if rules are created according to incorrect parameters. Creating a framework that can accurately detect suspicious activity requires baselines, naming conventions and effective policies.

Defining Parameters for SIEM Use Cases Is a Barrier to SOC Success

Over the past few years, I’ve consulted with many enterprise SOCs to improve threat detection and incident response capabilities. Regardless of SOC maturity, most organizations struggle to accurately define the difference between authorized and suspicious patterns of activity, including users, admins, access patterns and scripts. Countless SOC leaders are stumped when they’re asked to define authorized patterns of activity for mission-critical systems.

SIEM rules can be used to automate detection and response capabilities for common threats such as distributed denial-of-service (DDoS), authentication failures and malware. However, these rules must be built on clear business logic for accurate detection and response capabilities. Baseline business logic is necessary to accurately define risky behavior in SIEM use cases.

Building a Baseline for Cyber Hygiene

Cyber hygiene is defined as the consistent execution of activities necessary to protect the integrity and security of enterprise networks, including users, data assets and endpoints. A hygiene framework should offer clear parameters for threat response and acceptable use based on policies for user governance, network access and admin activities. Without an understanding of what defines typical, secure operations, it’s impossible to create an effective strategy for security maintenance.

A comprehensive framework for cybersecurity hygiene can simplify security operations and create guidelines for SIEM use cases. However, capturing an effective baseline for systems can strengthen security frameworks and create order in chaos. To empower better hygiene and threat detection capabilities based on business logic, established standards such as a naming convention can create clear parameters.

VLAN Network Categories

For the purpose of simplified illustration, imagine that your virtual local area networks (VLANs) are categorized among five criticality groups — named A, B, C, D and E — with the mission-critical VLAN falling into the A category (_A).

A policy may be created to dictate that A-category VLAN systems can communicate directly with any other category without compromising data security. However, communication with the A-category VLAN from B, C, D or E networks is not allowed. Authentication to a jump host can accommodate authorized exceptions to this standard, such as when E-category users need access to an A-category server.

Creating a naming convention and policy for VLAN network categories can help you develop simple SIEM use cases to prevent unauthorized access to A resources and automatically detect suspicious access attempts.

Directory Services and Shared Resources

You can also use naming convention frameworks to create a policy for managing groups of user accounts according to access level in directory services, such as Lightweight Directory Access Protocol (LDAP) or Active Directory (AD). A standardized naming convention for directory services provides a clear framework for acceptable user access to shared folders and resources. AD users categorized within the D category may not have access to A-category folders or _A.

Creating effective SIEM rules based on these use cases is a bit more complex than VLAN business logic since it involves two distinct technologies and potentially complex policies for resource access. However, creating standards that connect user access to resources establishes clear parameters for strict, contextual monitoring. Directory users with A-category access may require stricter change monitoring due to the potential for abuse of admin capabilities. You can create SIEM use cases to detect other configuration mistakes, such as a C-category user who is suddenly escalated to A-category.

Username Creation

Many businesses are already applying some logic to standardize username creation for employees. A policy may dictate that users create a seven-character alias that involves three last-name characters, two first-name characters and two digits. Someone named Janet Doe could have the username DoeJa01, for example. Even relatively simple username conventions can support SIEM use cases for detecting suspicious behavior. When eight or more characters are entered into a username field, an event could be triggered to lock the account until a new password is created.

The potential SIEM use cases increase with more complex approaches to username creation, such as 12-character usernames that combine last- and first-name characters with the employee’s unique HR-issued identification. A user named Jonathan Doerty, for instance, could receive an automatically generated username of doertjo_4682. Complex usernames can create friction for legitimate end users, but some minor friction can be justified if it provides greater safeguards for privileged users and critical systems.

An external threat actor may be able to extrapolate simple usernames from social engineering activities, but they’re unlikely to guess an employee’s internal identification number. SIEM rules can quickly detect suspicious access attempts based on username field entries that lack the required username components. Requiring unique identification numbers from HR systems can also significantly lower the risk of admins creating fake user credentials to conceal malicious activity.

Unauthorized Code and Script Locations

Advanced persistent threats can evade detection by creating backdoor access to deploy a carefully disguised malicious code. Standard naming conventions provide a cost-effective way to create logic to detects malware risks. A simple model for script names could leverage several data components, such as department name, script name and script author, resulting in authorized names like HR_WellnessLogins_DoexxJo. Creating SIEM parameters for acceptable script names can automate the detection of malware.

Creating baseline standards for script locations such as /var/opt/scripts and C:Program Files can improve investigation capabilities when code is detected that doesn’t comply with the naming convention or storage parameters. Even the most sophisticated threat actors are unlikely to perform reconnaissance on enterprise naming convention baselines before creating a backdoor and hiding a script. SIEM rules can trigger a response from the moment a suspiciously named script begins to run or a code file is moved into an unauthorized storage location.

Scaling Security Response With Standards

Meaningful threats to enterprise data security often fly under the radar of even the most sophisticated threat detection solutions when there’s no baseline to define acceptable activity. SOC analysts have more technological capabilities than ever, but many are struggling to optimize detection and response with effective SIEM use cases.

Clear, scalable systems to define policies for acceptable activity create order in chaos. The smartest approach to creating effective SIEM use cases relies on standards, a strong naming convention and sound policy. It’s impossible to accurately understand risks without a clear framework for authorized activities. Standards, baselines and naming conventions can remove barriers to effective threat detection and response.

The post Bring Order to Chaos By Building SIEM Use Cases, Standards, Baselining and Naming Conventions appeared first on Security Intelligence.

This post appeared first on Security Intelligence
Author: Ludek Subrt

Access Management, Artificial Intelligence (AI), Chief Information Officer (CIO), Chief Information Security Officer (CISO), CISO, Data Breaches, Data Protection, Data Security, database security, Hybrid Cloud, Incident Response (IR), Integrated Security, Network Security, Patch Management, Risk Assessment, Risk mitigation, Security Operations Center (SOC), Vulnerability Management,

Your Security Strategy Is Only as Strong as Your Cyber Hygiene

It’s an all-too familiar scenario: An email directive to apply a patch to a web server goes ignored, and no one follows up to be sure the patch has been applied. As a result of this simple lack of cyber hygiene, the organization falls prey to a widespread strain of malware.

The team that should have handled the update was probably busy and might not have been fully staffed. There may not have been enough budget to hire enough of the right kind of talent, or perhaps there were just too many factors to be checked and covered. None of that matters, though; the network was breached, and it was entirely preventable. Failure to cover the basics was the downfall, and it could lead to negative publicity and loss of business.

Learn more about enhancing security hygiene

Your Security Improvements Could Be Missing the Point

The average enterprise security team has more solutions in its arsenal than ever before. As reported by ZDNet, some companies have more than 70 unique security applications and tools in place. While chief information security officers (CISOs) and their teams  may be drowning in technology, the enterprise isn’t becoming more secure. In fact, the chances of facing a data breach have increased exponentially over the last several years, according to research from the Identity Theft Resource Center.

The truth is that the vast majority of data breaches can be prevented with basic actions, such as vulnerability assessments, patching and proper configurations. An Online Trust Alliance study estimated that 93 percent of reported incidents could have been avoided with basic cyber hygiene best practices, a figure that remains largely unchanged in the past decade. While advanced threats are growing in volume and sophistication, organizations are still getting breached due to poor key management, unpatched applications and misconfigured cloud databases.

CISOs aren’t blind to these trends. According to the “2018 Black Hat USA Attendee Survey,” 36 percent of leaders spend the majority of their time on any given day trying to accurately measure their organization’s security posture. Sixteen percent believe their organization’s greatest failure is “a lack of integration in security architecture” and “too many single-purpose solutions.” Security teams are drowning in alerts and grasping for solutions that streamline cyber hygiene activities.

What Does Cybersecurity Hygiene Entail?

Cyber hygiene refers to maintaining the security and health of an enterprise’s network, endpoints and applications through routine efforts to avoid vulnerabilities and other fundamental activities. It means perfecting the basics, including:

  • Deleting redundant user accounts;
  • Enforcing access and passwords with policy;
  • Backing up mission-critical data;
  • Securing physical and cloud databases;
  • Application whitelisting; and
  • Managing configurations.

When put into practice on an enterprise network, security hygiene is a continuous cycle of identifying vulnerabilities, mitigating risks and improving response capabilities. This begins with a vulnerability assessments of your network and data assets. After all, knowledge is the first step toward effective security hygiene.

Why Preventable Data Breaches Continue to Happen

Organizations that fail to perform basic security improvements face near-certain risks. Last year, IBM X-Force reported a twofold increase in injection attacks aimed at vulnerable applications and devices over the previous year. In total, injection attacks comprised 79 percent of all malicious network activity. An unpatched server or misconfigured cloud database can also lead to costly consequences. The loss of consumer trust could be more severe in the event that an organization is forced to admit it didn’t perform the basics.

The reason why organizations are struggling with cyber hygiene goes beyond human negligence. Networks are more complex than ever, and cyber hygiene requires the effective alignment of people, policies, processes and technology. Organizations fall prey to fully preventable attacks due to increased endpoints, cloud adoption, stolen credentials and the immense resources needed to address regulatory shifts.

“Security in a hyperconnected era presents a new set of challenges, but these can be greatly eased by implementing innovative practices and adopting a more integrated, holistic approach,” said Marc van Zadelhoff, former IBM Security General Manager, in a statement. “CISOs that prioritize these factors can help their organizations significantly improve business processes and achieve measurable success.”

Enterprise networks are complex, and fragmented security solutions for vulnerability assessment don’t reveal the full picture. Security operations centers (SOCs) are overwhelmed with alerts and relying on manual threat research. Performing basic security improvements is impossible without the right ecosystem to identify data risks.

5 Steps to Create an Effective Cyber Hygiene Practice

Hygiene is at the core of a security risk mitigation strategy. Security hygiene is a cultural mindset that spans security, IT, leadership and the individual. To adequately address basic risks, CISOs need full buy-in to continually review data management practices, improve response capabilities and enhance employee awareness. Let’s take a closer look at five steps organizations can take to create an effective cyber hygiene practice.

1. Identify Risks

Data is a modern organization’s most valuable asset. Solutions for security hygiene must comprehensively identify the location and sensitivity of business data, extending to risk assessment, remediation and vulnerability assessments of hybrid cloud environments.

Risk needs to translate into action, and CISOs should actively share knowledge of data security with other executives to improve privacy. Solutions for comprehensive, real-time vulnerability assessment can help in the development of a stronger approach to risk and compliance.

2. Prioritize Response

Security hygiene is a continuous effort to address risks in real time and prioritize the protection of the most sensitive data assets. Organizations must develop a response policy based on data sensitivity. Cognitive security solutions can help orchestrate efforts to remediate the highest-risk vulnerabilities and automate activities to enforce policy or regulatory requirements.

3. Improve Risk Awareness

CISOs, risk officers and business leaders should collaborate to improve incident response (IR) capabilities where hygiene is viewed as an imperative. Third-party expertise can increase risk awareness and orchestration capabilities and design thinking can help increase the use of cognitive technologies, artificial intelligence (AI) and risk management automation for streamlined security hygiene.

4. Secure Digital Transformation

Change is inevitable and constant in a contemporary enterprise network environment. Security hygiene involves a forward-thinking attitude that creates policies for secure deployment and management of new technologies. Change management efforts should incorporate discussions on how to actively secure Internet of Things (IoT) deployments and other emerging technologies.

5. Disseminate Responsibility

Leaders should create a culture that encourages compliant behaviors in employees. Silent security can safeguard data privacy across endpoints without sacrificing user productivity. A culture of shared responsibility helps mitigate the risks of shadow IT, especially when coupled with employee awareness initiatives.

Take Preventative Measures Against Meaningful Security Risks

The most crucial improvement to your organization’s security stance may not be acquiring new solutions; it could be a shift to a culture of cyber hygiene. CISOs must collaborate with other leadership to address one of today’s most significant business risks: failure to check off the basics effectively.

The majority of today’s security breaches are caused by inadvertent insider mistakes, such as unpatched systems, misconfigured cloud databases and incomplete risk assessments. Without full network visibility and regular utilization of cyber hygiene best practices, your enterprise could face very real, but entirely preventable, security risks.

Read the e-book: Enhance security hygiene

The post Your Security Strategy Is Only as Strong as Your Cyber Hygiene appeared first on Security Intelligence.

This post appeared first on Security Intelligence
Author: Kami Haynes