Browsing category

Artificial Intelligence (AI)

Artificial Intelligence (AI), Chief Information Security Officer (CISO), CISO, cyber risk, Governance, Internet of Things (IoT), New Collar, Risk, Risk Management,

When It Comes to Cyber Risks, A Confident Board Isn’t Always a Good Thing

In December 2018, the National Association of Corporate Directors (NACD) published its “2018–2019 Public Company Governance Survey” report, a key barometer of economic and governance concerns from the perspective of board directors in which cyber risks feature once again. To compile the report, the NACD surveyed more than 500 board directors from both large and small public companies.

Cybersecurity Threats Rank High Among Top Concerns

If it seems like board directors have been paying more attention to security, the governance survey confirms it: Cybersecurity threats ranked third in the list of top concerns for the next 12 months, coming in just behind change in regulatory climate and the chance of an economic slowdown. Cybersecurity isn’t the only data- or technology-related issue concerning boards, with pace of technological change coming in sixth place.

Board directors are also keenly aware that security and IT don’t happen in a vacuum — and that they need to be able to attract and retain talented individuals to work in those areas, which is represented by the seventh top concern: key talent deficits. Directors know that finding qualified talent to help address the key issues facing their organizations today is a challenge, which has led some companies to think outside the box with a new collar approach.

Directors are also fully aware of the double-edged nature of technological change. Disruption can bring about a competitive edge, but failure to properly secure or handle such disruption can also lead to significant risks. Nearly 47 percent of directors listed artificial intelligence (AI) as the top such disrupter, followed by 30 percent of respondents for the internet of things (IoT). Automation, mobile computing and the cloud rounded up the top five tech-based disruptions, with most of these also seen as enablers if handled properly.

How can chief information security officers (CISOs) leverage these concerns? By paying attention to what their top leadership cares about, and working to frame their resource constraints, be they people, money, technology or processes, in terms of their impact on the business.

Board Directors Are Feeling Increasingly Confident About Cyber Risk Management

While directors have been concerned with cybersecurity for a number of years, we are finally seeing reports that they have also made progress toward improving their understanding of cyber risks and how those risks can impact their organization. Well over half of board directors (58 percent) reported that, collectively, their “board’s understanding of cyber risks is strong enough to provide effective oversight.” Individually, 52 percent of directors also report this level of confidence.

Where does this increased confidence come from? It may stem from the fact that nearly 50 percent of board directors ranked the quality of cyber risk information they receive from management as “much higher” than the information they were receiving two years ago.

For CISOs, this provides an opportunity for improvement, both in terms of the quality of cyber risk information reported to the board and the opportunities to continue educating the board on key cyber issues and trends — not in technical terms, but how those issues might impact the organization’s objectives, affect financial performance or signal the need to realign strategy to a new digital landscape.

But Are They Being Overly Confident ?

Can this progress mask a troublesome trend? Can too much of a good thing be a bad thing? While the NACD survey indicates that board directors are becoming more cyber aware, it also revealed some troubling developments: When board directors were asked about the top 10 areas in need of improvement for the next 12 months, oversight of cybersecurity ranked last with just 54 percent of the votes. Boards already spend very little time engaging on issues such as cyber risks and technological disruption. If they perceive things to be under control or not in need of improvement, they are even less likely to devote any time to those issues, which could lead to potentially disastrous consequences.

Another somewhat troubling indicator is that board directors are now a lot more confident that their company is secured against a cyberattack, with 50 percent in agreement or strong agreement, compared to just 37 percent last year. Unless this confidence is grounded in reality — or at least in frequent assessments, audits, and actual tests of an organization’s ability to detect, respond and recover to cyber incidents — boards might be setting themselves, and their organizations, up for a rude awakening.

The best CISOs work diligently to establish a strong rapport with top leadership and their board, and a key part of that relationship should be to enable honest conversations around the strength of our controls and metrics, and how well we know what we think we know. At organizations with an internal audit (IA) department, CISOs should work with IA to give the board the best available picture of where it stands in terms of cyber risks and resilience. Smaller organizations should consider increasing the value of their next external audit by ensuring that key IT systems are subjected to a rigorous penetration testing regime.

Other Takeaways for CISOs

While the NACD survey is written specifically with board directors in mind, CISOs can benefit from it as well by increasing their understanding of board-level concerns and how boards spend their time. CISOs should be ready to step up and provide regular educational updates to their board. In its guidance to boards, the report encourages directors to “seek opportunities to ensure their knowledge is up to date” and for CISOs to regularly brief them on “the evolving cyber threat landscape, on the organization’s evolving response, and on incidents involving industry peers.” The report also advises boards be ready to tap external cyber risk experts to provide additional perspectives.

Looking at which governance issues boards spend time on each quarter shows that directors are more engaged in risk management and discussing technological disruption during the second and third quarter meetings compared to the rest of the year. CISOs looking to gain additional traction with boards should also understand which issues directors discuss with external stakeholders such as institutional investors. Of possible relevance to cyber risks, 45 percent of boards discussed long-term strategy, and 18 percent discussed oversight issues including external audits, internal audits and financial controls. By aligning the information CISOs provide to boards with the issues boards are already discussing with investors, CISOs are more likely to find a receptive ear.

Overall, the NACD report provides some great insight about the many concerns and issues facing board directors in the coming year. The good news is that cyber risks are on their radar. The bad news is that this issue still gets just a sliver of attention, and directors might be overly confident that their organizations can weather whatever cybersecurity storms come their way.

Subscribe to the SecurityIntelligence Podcast

The post When It Comes to Cyber Risks, A Confident Board Isn’t Always a Good Thing appeared first on Security Intelligence.

This post appeared first on Security Intelligence
Author: Christophe Veltsos

Artificial Intelligence (AI), Automation, Cognitive Security, Data Protection, Incident Response (IR), Security Information and Event Management (SIEM), Security Intelligence & Analytics, Security Operations Center (SOC), threat hunting, Threat Intelligence,

Maturing Your Security Operations Center With the Art and Science of Threat Hunting

Your organization has fallen prey to an advanced persistent threat (APT) after being targeted by a state-sponsored crime collective. Six million records were lost over 18 months of undetected presence on your network. While your security operations center (SOC) is fully staffed with analysts, your threat hunting capabilities failed to detect the subtle signs of threat actors moving laterally through your network and slowly exfiltrating customer data.

How did this happen?

It all started with a highly targeted spear phishing attack on your director of communications. He failed to notice the carefully disguised symbols in an email he thought was sent by the IT department and logged in to a spoofed domain. This credential theft resulted in the spread of zero-day malware and slowly escalated account privileges. While some of the criminals’ behavior triggered alerts in the SOC, your analysts categorized the incidents as benign positives. Your organization is now facing a multimillion-dollar cleanup and a serious loss of customer trust.

Why you need to master threat hunting

Why You Should Hunt Advanced Threats Before They Strike

Situations like the one described above are all too common in our industry. The majority of successful exploits attributed to human error fit a small series of predictable patterns that exploit known vulnerabilities in an organization’s network. As a result, many data breaches can be prevented with effective cyber hygiene tactics.

Advanced threats are a smaller proportion of incidents, but they are typically undetected and cause the most damage. In addition, the rise in state-sponsored crime and criminal activity on the dark web has created an ecosystem that fosters open exchange between the world’s most sophisticated and skilled criminals.

The cost of a serious breach is also trending upward. According to Ponemon, the average cost of a megabreach that results in the loss of more than 1 million customer records is $40 million. And more than 60 percent of data breaches have links to either state actors or advanced, organized crime groups, according to Verizon. APTs that evade detection can result in dwell times that range from three to 24 months, further increasing the total cleanup cost for a data breach.

How can security teams fight these kinds of threats? The majority of enterprise SOCs are now at least three years old, according to a recent study from Exabeam, and are increasing in maturity. While human analysts and manual research methodologies can act as a firewall against many risks, there’s a need to scale SOC intelligence and threat hunting capabilities to safeguard against APTs.

What Is Threat Hunting?

Threat hunting can be defined as “the act of aggressively intercepting, tracking and eliminating cyber adversaries as early as possible in the Cyber Kill Chain.” The practice uses techniques from art, science and military intelligence, with internal and external data sources informing the science of statistical and cognitive analysis. Human intelligence analyzes the results and informs the art of a response. Last year, 91 percent of security leaders reported improved response speed and accuracy as a result of threat detection and investigation, according to the SANS Institute.

Threat hunting is not defined by solutions, although tools and techniques can significantly improve efficiency and outcomes. Instead, it’s defined by a widely accepted framework from Sqrrl. These are the four stages of Sqrrl’s Threat Hunting Loop:

  1. Create a hypothesis.
  2. Investigate via tools and techniques.
  3. Discover new patterns and adversary tactics, techniques and procedures (TTPs).
  4. Inform and enrich automated analytics for the next hunt.

The goal for any security team should be to complete this loop as efficiently as possible. The quicker you can do so, the quicker you can automate new processes that will help find the next threat.

The 4 Characteristics of a Comprehensive Threat Hunting Capability

A mature threat hunting capability is closely associated with SOC maturity. The least mature SOCs have human analysts who act as a firewall. As SOCs approach maturity and adopt security information and event management (SIEM) tools, their capacity to reactively investigate indicators of compromise (IoCs) increases. The most mature SOCs take a proactive approach to investigating IoCs, with researchers, analysts, solutions and a clearly defined methodology to orchestrate both investigation and response. A comprehensive capacity for hunting threats is defined by four key characteristics:

  1. Data handling: The ability to handle a deluge of data across siloed networks, including insight into internal risks, advanced activities from external threat actors and real-time threat intelligence from third-party sources.
  2. Data analysis: The ability to correlate a high volume and velocity of disparate data sources into information and, ultimately, intelligence.
  3. Informed action: Resources to increase threat hunters’ skills and easily feed threat intelligence through training, policy and cognitive capabilities.
  4. Orchestrated action: Defined processes and methodologies to hunt threats in a repeatable and orchestrated way that informs proactive security capabilities throughout the organization.

Organizations that fail to increase SOC maturity and adopt the solutions and processes for hunting threats face a number of risks. Relying on manual research methodologies can lead to costly data breaches and permanent brand damage when APTs evade detection. A lack of solutions and methods for an orchestrated IoC investigation process means less efficient and accurate operations. The absence of SOC orchestration encourages heavily manual processes.

The Diverse Business Benefits of Hunting Threats

Using cognitive intelligence tools to enhance SOC capabilities, Sogeti Luxembourg successfully reduced the average time of root cause determination and threat investigation from three hours to three minutes. In the process, the financial institution sped up their threat investigation process by 50 percent and saw a tenfold increase in actionable threat indicators.

Hunting threats can offer a number of benefits to both the business and the security operations center. The outcomes include greater protection of reputation, a more intelligent SOC and orchestrated security response.

Reputation Protection

Falling prey to an APT can cause lasting damage to a brand. One core benefit of implementing a more sophisticated threat hunting capability is the potential to guard against the most costly data breaches, which typically result in millions of lost records or permanent data deletion.

SOC Maturity

SOC analyst stress and falsely assigned benign positives are at record highs. APTs can easily go unnoticed due to the sheer volume of noise, which creates a culture of alert fatigue.

Achieving mature threat detection capabilities can change how analysts work and allow organizations to implement a cognitive SOC. Security analytics platforms enhance human intelligence and reduce manual research, and correlation tools provide real-time insight from a variety of structured and unstructured third-party data sources.

Orchestrated Security Response

With the technological capabilities to outthink adversaries, organizations can inform a proactive, unified approach to incident response (IR) that begins in the SOC. Internal and external data sources augment the intelligence of human analysts, allowing real-time, informed decision-making. Investigations and response can inform action as soon as anomalous behaviors or patterns are detected. The result is a defined process that allows your organization to mitigate threats earlier in the Cyber Kill Chain.

Intelligent Response to Sophisticated Threats

The majority of threats your organization faces each day will fit predictable patterns. While APTs make up a statistically small percentage of incidents investigated by an SOC, sophisticated threat actors use unique tactics and techniques to evade detection in a noisy SOC. These threats are the most likely to evade detection and result in highly expensive cybercrime.

State-sponsored criminal activity and attacks launched by sophisticated crime collectives are increasing. To guard against these increasingly complex threat vectors, organizations need to proactively prepare their defenses. Implementing cognitive tools in the SOC can enable organizations to adopt proactive threat hunting capabilities that leverage both art and science. By combining repeatable processes for threat investigation with intelligent solutions and skilled analysts, organizations can respond to threats earlier in the kill chain and protect their most critical assets.

Read the e-book: Master threat hunting

The post Maturing Your Security Operations Center With the Art and Science of Threat Hunting appeared first on Security Intelligence.

This post appeared first on Security Intelligence
Author: Rob Patey

Access Management, Artificial Intelligence (AI), Chief Information Officer (CIO), Chief Information Security Officer (CISO), CISO, Data Breaches, Data Protection, Data Security, database security, Hybrid Cloud, Incident Response (IR), Integrated Security, Network Security, Patch Management, Risk Assessment, Risk mitigation, Security Operations Center (SOC), Vulnerability Management,

Your Security Strategy Is Only as Strong as Your Cyber Hygiene

It’s an all-too familiar scenario: An email directive to apply a patch to a web server goes ignored, and no one follows up to be sure the patch has been applied. As a result of this simple lack of cyber hygiene, the organization falls prey to a widespread strain of malware.

The team that should have handled the update was probably busy and might not have been fully staffed. There may not have been enough budget to hire enough of the right kind of talent, or perhaps there were just too many factors to be checked and covered. None of that matters, though; the network was breached, and it was entirely preventable. Failure to cover the basics was the downfall, and it could lead to negative publicity and loss of business.

Learn more about enhancing security hygiene

Your Security Improvements Could Be Missing the Point

The average enterprise security team has more solutions in its arsenal than ever before. As reported by ZDNet, some companies have more than 70 unique security applications and tools in place. While chief information security officers (CISOs) and their teams  may be drowning in technology, the enterprise isn’t becoming more secure. In fact, the chances of facing a data breach have increased exponentially over the last several years, according to research from the Identity Theft Resource Center.

The truth is that the vast majority of data breaches can be prevented with basic actions, such as vulnerability assessments, patching and proper configurations. An Online Trust Alliance study estimated that 93 percent of reported incidents could have been avoided with basic cyber hygiene best practices, a figure that remains largely unchanged in the past decade. While advanced threats are growing in volume and sophistication, organizations are still getting breached due to poor key management, unpatched applications and misconfigured cloud databases.

CISOs aren’t blind to these trends. According to the “2018 Black Hat USA Attendee Survey,” 36 percent of leaders spend the majority of their time on any given day trying to accurately measure their organization’s security posture. Sixteen percent believe their organization’s greatest failure is “a lack of integration in security architecture” and “too many single-purpose solutions.” Security teams are drowning in alerts and grasping for solutions that streamline cyber hygiene activities.

What Does Cybersecurity Hygiene Entail?

Cyber hygiene refers to maintaining the security and health of an enterprise’s network, endpoints and applications through routine efforts to avoid vulnerabilities and other fundamental activities. It means perfecting the basics, including:

  • Deleting redundant user accounts;
  • Enforcing access and passwords with policy;
  • Backing up mission-critical data;
  • Securing physical and cloud databases;
  • Application whitelisting; and
  • Managing configurations.

When put into practice on an enterprise network, security hygiene is a continuous cycle of identifying vulnerabilities, mitigating risks and improving response capabilities. This begins with a vulnerability assessments of your network and data assets. After all, knowledge is the first step toward effective security hygiene.

Why Preventable Data Breaches Continue to Happen

Organizations that fail to perform basic security improvements face near-certain risks. Last year, IBM X-Force reported a twofold increase in injection attacks aimed at vulnerable applications and devices over the previous year. In total, injection attacks comprised 79 percent of all malicious network activity. An unpatched server or misconfigured cloud database can also lead to costly consequences. The loss of consumer trust could be more severe in the event that an organization is forced to admit it didn’t perform the basics.

The reason why organizations are struggling with cyber hygiene goes beyond human negligence. Networks are more complex than ever, and cyber hygiene requires the effective alignment of people, policies, processes and technology. Organizations fall prey to fully preventable attacks due to increased endpoints, cloud adoption, stolen credentials and the immense resources needed to address regulatory shifts.

“Security in a hyperconnected era presents a new set of challenges, but these can be greatly eased by implementing innovative practices and adopting a more integrated, holistic approach,” said Marc van Zadelhoff, former IBM Security General Manager, in a statement. “CISOs that prioritize these factors can help their organizations significantly improve business processes and achieve measurable success.”

Enterprise networks are complex, and fragmented security solutions for vulnerability assessment don’t reveal the full picture. Security operations centers (SOCs) are overwhelmed with alerts and relying on manual threat research. Performing basic security improvements is impossible without the right ecosystem to identify data risks.

5 Steps to Create an Effective Cyber Hygiene Practice

Hygiene is at the core of a security risk mitigation strategy. Security hygiene is a cultural mindset that spans security, IT, leadership and the individual. To adequately address basic risks, CISOs need full buy-in to continually review data management practices, improve response capabilities and enhance employee awareness. Let’s take a closer look at five steps organizations can take to create an effective cyber hygiene practice.

1. Identify Risks

Data is a modern organization’s most valuable asset. Solutions for security hygiene must comprehensively identify the location and sensitivity of business data, extending to risk assessment, remediation and vulnerability assessments of hybrid cloud environments.

Risk needs to translate into action, and CISOs should actively share knowledge of data security with other executives to improve privacy. Solutions for comprehensive, real-time vulnerability assessment can help in the development of a stronger approach to risk and compliance.

2. Prioritize Response

Security hygiene is a continuous effort to address risks in real time and prioritize the protection of the most sensitive data assets. Organizations must develop a response policy based on data sensitivity. Cognitive security solutions can help orchestrate efforts to remediate the highest-risk vulnerabilities and automate activities to enforce policy or regulatory requirements.

3. Improve Risk Awareness

CISOs, risk officers and business leaders should collaborate to improve incident response (IR) capabilities where hygiene is viewed as an imperative. Third-party expertise can increase risk awareness and orchestration capabilities and design thinking can help increase the use of cognitive technologies, artificial intelligence (AI) and risk management automation for streamlined security hygiene.

4. Secure Digital Transformation

Change is inevitable and constant in a contemporary enterprise network environment. Security hygiene involves a forward-thinking attitude that creates policies for secure deployment and management of new technologies. Change management efforts should incorporate discussions on how to actively secure Internet of Things (IoT) deployments and other emerging technologies.

5. Disseminate Responsibility

Leaders should create a culture that encourages compliant behaviors in employees. Silent security can safeguard data privacy across endpoints without sacrificing user productivity. A culture of shared responsibility helps mitigate the risks of shadow IT, especially when coupled with employee awareness initiatives.

Take Preventative Measures Against Meaningful Security Risks

The most crucial improvement to your organization’s security stance may not be acquiring new solutions; it could be a shift to a culture of cyber hygiene. CISOs must collaborate with other leadership to address one of today’s most significant business risks: failure to check off the basics effectively.

The majority of today’s security breaches are caused by inadvertent insider mistakes, such as unpatched systems, misconfigured cloud databases and incomplete risk assessments. Without full network visibility and regular utilization of cyber hygiene best practices, your enterprise could face very real, but entirely preventable, security risks.

Read the e-book: Enhance security hygiene

The post Your Security Strategy Is Only as Strong as Your Cyber Hygiene appeared first on Security Intelligence.

This post appeared first on Security Intelligence
Author: Kami Haynes

Artificial intelligence, Artificial Intelligence (AI), Automation, CISO, Cloud Adoption, Compliance, Cybersecurity, Data Breach, Data Privacy, General Data Protection Regulation (GDPR), Incident Response, Incident Response (IR), Internet of Things (IoT), IoT Security, Machine Learning, privacy regulations, Risk Management, Security Intelligence & Analytics, Security Professionals, Security Trends,

Top 2019 Cybersecurity Predictions From the Resilient Year-End Webinar

2018 was another significant year for the cybersecurity industry, with sweeping changes that will impact security professionals for years to come.

The General Data Protection Regulation (GDPR) finally went into effect, dramatically reshaping the way companies and consumers manage data privacy. Security teams stepped up their battle against technology complexity by increasingly migrating to the cloud and adopting security platforms. And several emerging security technologies — such as incident response automation and orchestration, artificial intelligence (AI), and machine learning — continued to evolve and saw increased adoption as a result.

As security teams continue pushing to get ahead of adversaries, these trends will almost certainly have long-term impacts. But what do they mean for 2019?

Bold Cybersecurity Predictions for 2019

Recently, I was fortunate to host a panel of cybersecurity experts for IBM Resilient’s sixth annual end-of-year and predictions webinar, including Bruce Schneier, chief technology officer (CTO) at IBM Resilient and special advisor to IBM Security; Jon Oltsik, senior principal analyst at Enterprise Strategy Group; Ted Julian, co-founder and vice president of product management at IBM Resilient; and Gant Redmon, program director of cybersecurity and privacy at IBM Resilient.

During the webinar, the team discussed and debated the trends that defined 2018 and offered cybersecurity predictions on what the industry can expect in 2019. In the spirit of keeping our experts honest, below are the four boldest predictions from the panel.

Bruce Schneier: There Will Be a Major IoT Cyberattack … or Not

Last year, Bruce predicted that a major internet of things (IoT) cyberattack would make the news, perhaps targeting automobiles or medical devices. Fortunately, that wasn’t the case in 2018. But could it happen in 2019?

Bruce’s prediction: maybe (yes, he’s hedging his bet). There are certainly many risks and vulnerabilities associated with the rise of IoT devices. Regardless of whether a major attack is imminent, IoT security needs to be a top priority for security teams in 2019. This prediction is in line with Bruce’s latest book, “Click Here to Kill Everybody.”

Ted Julian: Security Automation Will Create Unintended Negative Consequences

Incident response automation and orchestration is an increasingly popular way for security teams to streamline repetitive processes and make analysts more efficient, but automating poorly defined processes could create bigger issues.

Automated processes accidentally taking down systems is a familiar problem in the IT space. In 2019, we will see an example of security automation hurting an organization in unforeseen ways.

To avoid this, organizations need to consider how they employ technology when orchestrating incident response processes. They should focus on aligning people, processes and technology and methodically employ automation to further empower their security employees.

Jon Oltsik: Continuous Risk Management Will Help Organizations Better Understand Risks

Today, risk assessments and vulnerability scans give organizations a point-in-time look at their security posture and threat landscape. But in 2019, that won’t be enough. Security leadership — as well as executives and board members — need real-time information about the risks they face and what needs to be done to improve. Establishing a system of continuous risk management will help security teams enable this reality.

Gant Redmon: New Laws Will Provide Safe Harbor to Compliant Organizations

A pending law in Ohio would provide a first in U.S. data privacy regulations: Providing safe harbor from tort claims to organizations that are in compliance with their security regulations. In other words, if an organization suffers a data breach but is in compliance with its regulatory obligations, it will be protected from lawsuits related to that breach.

While the Ohio law is the first of its kind, we will no doubt start to hear of similar regulations emerging throughout 2019.

What are your cybersecurity predictions for 2019? Tweet to us at @IBMSecurity and let us know!

Watch the complete webinar

The post Top 2019 Cybersecurity Predictions From the Resilient Year-End Webinar appeared first on Security Intelligence.

This post appeared first on Security Intelligence
Author: Maria Battaglia

Artificial Intelligence (AI), Cloud Infrastructure, Cloud Security, Cloud Services, Data Management, Data Privacy, Data Protection, Data Security, database security, Infrastructure-as-a-Service (IaaS), Log Management,

Cloud Security With a Chance of Data Breaches

With the current data explosion and rise of artificial intelligence (AI), machine learning and deep learning, organizations must make sense of the vast amounts of data they collect to better themselves and gain an edge over the competition. Processing and storing all this data is much easier when someone else is doing it for you, which is why many organizations now look to move their data to the cloud.

Cloud Storage Does Not Mean Cloud Security

The cloud is, in theory, that magical place where everything is easy, where you can pay someone to make all your IT problems go away; no more patching, cooling, power backup, data backup and other headaches associated with maintaining a data center. Cloud vendors will ensure that your data is stored 24/7 and, as long as you are in the right pricing tier, you’ll enjoy great performance, elasticity and a guarantee that your data will never be lost. So far, so good — but what about cloud security?

While cloud vendors are held to high standards to ensure that they will not mess with or lose your data, they are not in charge of security and access management for the applications and databases you run in the cloud, even if you consume your database as a service. Just because you’re operating in the cloud doesn’t mean you’re no longer responsible for protecting your critical data.

Not only are you in charge of protecting your data, but all the regulations of the real world also apply to the magical world of the cloud. If threat actors steal your data in the cloud, you are just as liable as you would be if they stole on-premises data — and the compliance penalties, legal fees and reputational damage associated with a breach can be crippling.

Inherent Problems With Database-as-a-Service Solutions

If you run your IT shop in the cloud as infrastructure-as-a-service (IaaS), you can simply apply the same security measures and use the same security tools and applications that you have on-premises, because you still own everything. The problems start when you choose to relieve yourself of the burden of employing database administrators and use a cloud vendor’s database-as-a-service (DBaaS) offering, such as Amazon Relational Database Service (Amazon RDS) or Microsoft Azure SQL Database. While this option transfers database management to the cloud vendor, they will not assume any responsibility for the security or compliance of those databases — a critical detail.

At this point, you might recall that you already own database protection tools and ask the cloud vendor to install them on the DBaaS. But, to your surprise, the vendor informs you that running third-party software on its database would void the warranty. Now what?

One obvious solution is to turn on native logging, which enables you to feed database logs into your existing security solutions. Sometimes, this is the “good enough” option. However, there are a few inherent problems with this approach. Any insights or security alerts will not be in real time, and intruders can copy your native logs. They are also stored in clear text, so any encryption scheme employed on your database or traffic is rendered useless.

Another issue to consider before turning on native logging is performance. When native logging is on, a database must spend more time writing data to files, and you might see a hit on performance as a result. Finally, native logging does not offer separation of duties, so the employees who can turn the capability on or off are the same people who can access your sensitive data.

How to Monitor a Cloud Database for Security and Compliance

So what should a prudent, security-minded organization do in this case? How can a company monitor a DBaaS solution for both compliance and security? The answer is to adopt a creative approach to circumvent restrictions on installing security software on cloud providers’ databases. Look for a cloud security solution that sits in front of the database and can still send traffic to your existing security tools without having to install any software on the database.

Such monitoring tools work in real time and are more secure than native logs because they do not require storing any unencrypted data and can handle encrypted traffic, which is the most prevalent way of sending data in a cloud data center. By approaching cloud database management and protection in this manner, organizations can gain greater control over the security and compliance of cloud-enabled infrastructures as they leverage the broader benefits of the cloud.

Visit our microsite to learn more

The post Cloud Security With a Chance of Data Breaches appeared first on Security Intelligence.

This post appeared first on Security Intelligence
Author: Shay Harel

Application Security, Artificial intelligence, Artificial Intelligence (AI), Machine Learning, Software & App Vulnerabilities, Software Development, software vulnerability, Vulnerabilities, Vulnerability Management,

Machine Learning Will Transform How We Detect Software Vulnerabilities

No one doubts that artificial intelligence (AI) and machine learning will transform cybersecurity. We just don’t know how or when. While the literature generally focuses on the different uses of AI by attackers and defenders — and the resultant arms race between the two — I want to talk about software vulnerabilities.

All software contains bugs. The reason is basically economic: The market doesn’t want to pay for quality software. With a few exceptions, such as the space shuttle, the market prioritizes fast and cheap over good. The result is that any large modern software package contains hundreds or thousands of bugs.

Some percentage of bugs are also vulnerabilities, and a percentage of those are exploitable vulnerabilities, meaning an attacker who knows about them can attack the underlying system in some way. And some percentage of those are discovered and used. This is why your computer and smartphone software is constantly being patched; software vendors are fixing bugs that are also vulnerabilities that have been discovered and are being used.

Everything would be better if software vendors found and fixed all bugs during the design and development process, but, as I said, the market doesn’t reward that kind of delay and expense. AI, and machine learning (ML) in particular, has the potential to forever change this trade-off.

Machine Learning Can Help Nip Vulnerabilities in the Bud

The problem of finding software vulnerabilities seems well-suited for ML systems. Going through code line by line is just the sort of tedious problem that computers excel at, if we can only teach them what a vulnerability looks like. There are challenges with that, of course, but there is already a healthy amount of academic literature on the topic and research is continuing. There’s every reason to expect ML systems to get better at this as time goes on, and some reason to expect them to eventually become very good at it.

Finding vulnerabilities can benefit both attackers and defenders, but it’s not a fair fight. When an attacker’s ML system finds a vulnerability in software, the attacker can use it to compromise systems. When a defender’s ML system finds the same vulnerability, he or she can try to patch the system or program network defenses to watch for and block code that tries to exploit it.

But when the same system is in the hands of a software developer who uses it to find the vulnerability before the software is ever released, the developer fixes it so it can never be used in the first place. The ML system will probably be part of his or her software design tools and will automatically find and fix vulnerabilities while the code is still in development.

What Will the Future of Vulnerability Management Look Like?

Fast-forward a decade or so into the future. We might say to each other, “Remember those years when software vulnerabilities were a thing, before ML vulnerability finders were built into every compiler and fixed them before the software was ever released? Wow, those were crazy years.” Not only is this future possible, but I would bet on it.

Getting from here to there will be a dangerous ride, though. Those vulnerability finders will first be unleashed on existing software, giving attackers hundreds if not thousands of vulnerabilities to exploit in real-world attacks. Sure, defenders can use the same systems, but many of today’s Internet of Things (IoT) systems have no engineering teams to write patches and no ability to download and install patches. The result will be hundreds of vulnerabilities that attackers can find and use.

But if we look far enough into the horizon, we can see a future where software vulnerabilities are a thing of the past. Then we’ll just have to worry about whatever new and more advanced attack techniques those AI systems come up with.

The post Machine Learning Will Transform How We Detect Software Vulnerabilities appeared first on Security Intelligence.

This post appeared first on Security Intelligence
Author: Bruce Schneier

Artificial Intelligence (AI), Endpoint Protection, Enterprise Mobility, Machine Learning, Mobile Applications, Mobile Malware, Mobile Security, Threat Detection, Zero-Day Attack,

Stay on Top of Zero-Day Malware Attacks With Smart Mobile Threat Defense

The mobile threat landscape is a dynamic ecosystem in perpetual motion. Cybercriminals are constantly renewing their attack techniques to access valuable data, challenging the capabilities of traditional mobile security solutions. Mobile threat defense technology was conceived to tackle the onslaught of cyberthreats targeting enterprise mobility that standard security solutions have failed to address. Some security experts even note that emerging mobile threats can only be countered with the help of artificial intelligence (AI) and machine learning, both of which are essential to any reliable protection strategy.

Data Exfiltration Is a Serious Threat

Pradeo’s most recent mobile security report found that 59 percent of Android and 42 percent of iOS applications exfiltrate the data they manipulate. Most mobile applications that leak data are not malicious, as they don’t feature any malware. They operate by silently collecting as much data as they can and sending that data over networks, sometimes to unverified servers. The harmful aspect of these apps resides in the fact that they seem perfectly safe to the security checks of marketplaces such as Google Play and App Store, and as a result, these platforms feature many such apps.

Zero-Day Malware Is Growing at a Fast Pace

There are two main categories of malware: the type that has a recognizable viral signature that is included in virus databases, and the zero-day type that features new, uncategorized behaviors. Researchers at Pradeo observed a 92 percent increase in the amount of zero-day malware detected between January and June 2018 on the mobile devices the company secures, compared to a 1 percent increase in known malware. These figures demonstrate how threat actors are constantly renewing their efforts with new techniques to overcome existing security measures.

Enhance Your Mobile Threat Defense With AI

Mobile threats such as leaky apps and zero-day malware are growing both in number and severity. Antivirus and score-based technologies can no longer detect these threats because they rely on viral databases and risk estimations, respectively, without being able to clearly identify behaviors.

To protect their data, organizations need mobile security solutions that automatically replicate the accuracy of manual analysis on a large scale. To precisely determine the legitimacy of certain behaviors, it’s essential to take into consideration the context and to correlate it with security facts. Nowadays, only AI has the capacity to enable a mobile threat defense solution with this level of precision by putting machine learning and deep learning into practice. With these capabilities, undeniable inferences can be drawn to efficiently counter current and upcoming threats targeting enterprise mobility.

Read the 2018 Mobile Security Report from Pradeo

The post Stay on Top of Zero-Day Malware Attacks With Smart Mobile Threat Defense appeared first on Security Intelligence.

This post appeared first on Security Intelligence
Author: Vivien Raoul

Artificial intelligence, Artificial Intelligence (AI), Chief Information Security Officer (CISO), Cognitive Security, Cybersecurity, Data Protection, Endpoint, Endpoint Protection, Incident Response, Incident Response (IR), insider threats, Internet of Things (IoT), IoT Security, Malware, Risk Management, Security Intelligence & Analytics, Security Operations Center (SOC), Security Strategy, Threat Intelligence,

Fight Evolving Cybersecurity Threats With a One-Two-Three Punch

When I became vice president and general manager for IBM Security North America, the staff gave me an eye-opening look at the malicious hackers who are infiltrating everything from enterprises to government agencies to political parties. The number of new cybersecurity threats is distressing, doubling from four to eight new malware samples per second between the third and fourth quarters of 2017, according to McAfee Labs.

Yet that inside view only increased my desire to help security professionals fulfill their mission of securing organizations against cyberattacks through client and industry partnerships, advanced technologies such as artificial intelligence (AI), and incident response (IR) training on the cyber range.

Cybersecurity Is Shifting From Prevention to Remediation

Today, the volume of threats is so overwhelming that getting ahead is often unrealistic. It’s not a matter of if you’ll have a breach, it’s a matter of when — and how quickly you can detect and resolve it to minimize damage. With chief information security officers (CISOs) facing a shortage of individuals with the necessary skills to design environments and fend off threats, the focus has shifted from prevention to remediation.

To identify the areas of highest risk, just follow the money to financial institutions, retailers and government entities. Developed countries also face greater risks. The U.S. may have advanced cybersecurity technology, for example, but we also have assets that translate into greater payoffs for attackers.

Remediation comes down to visibility into your environment that allows you to notice not only external threats, but internal ones as well. In fact, internal threats create arguably the greatest vulnerabilities. Users on the inside know where the networks, databases and critical information are, and often have access to areas that are seldom monitored.

Bring the Power of Partnerships to Bear

Once you identify a breach, you’ll typically have minutes or even seconds to quarantine it and remediate the damage. You need to be able to leverage the data available and make immediate decisions. Yet frequently, the tools that security professionals use aren’t appropriately implemented, managed, monitored or tuned. In fact, 44 percent of organizations lack an overall information security strategy, according to PwC’s “The Global State of Information Security Survey 2018.”

Organizations are beginning to recognize that they cannot manage cybersecurity threats alone. You need a partner that can aggregate data from multiple clients and make that information accessible to everyone, from customers to competitors, to help prevent breaches. It’s like the railroad industry: Union Pacific, BNSF and CSX may battle for business, but they all have a vested interest in keeping the tracks safe, no matter who is using them.

Harden the Expanding Attack Surface

Along with trying to counteract increasingly sophisticated threats, enterprises must also learn how to manage the data coming from a burgeoning number of Internet of Things (IoT) devices. This data improves our lives, but the devices give attackers even more access points into the corporate environment. That’s where technology that manages a full spectrum of challenges comes into play. IBM provides an immune system for security from threat intelligence to endpoint management, with a host of solutions that harden your organization.

Even with advanced tools, analysts don’t always have enough hours in the day to keep the enterprise secure. One solution is incorporating automation and AI into the security operations center (SOC). We layer IBM Watson on top of our cybersecurity solutions to analyze data and make recommendations. And as beneficial as AI might be on day one, it delivers even more value as it learns from your data. With increasing threats and fewer resources, any automation you can implement in your cybersecurity environment helps get the work done faster and smarter.

Make Incident Response Like Muscle Memory

I mentioned malicious insider threats, but users who don’t know their behavior creates vulnerabilities are equally dangerous — even if they have no ill intent. At IBM, for example, we no longer allow the use of thumb drives since they’re an easy way to compromise an organization. We also train users from myriad organizations on how to react to threats, such as phishing scams or bogus links, so that their automatic reaction is the right reaction.

This is even more critical for incident response. We practice with clients just like you’d practice a golf swing. By developing that muscle memory, it becomes second nature to respond in the appropriate way. If you’ve had a breach in which the personally identifiable information (PII) of 100,000 customers is at risk — and the attackers are demanding payment — what do you say? What do you do? Just like fire drills, you must practice your IR plan.

Additionally, security teams need training to build discipline and processes, react appropriately and avoid making mistakes that could cost the organization millions of dollars. Response is not just a cybersecurity task, but a companywide communications effort. Everyone needs to train regularly to know how to respond.

Check out the IBM X-Force Command Cyber Tactical Operations Center (C-TOC)

Fighting Cybersecurity Threats Alongside You

IBM considers cybersecurity a strategic imperative and, as such, has invested extensive money and time in developing a best-of-breed security portfolio. I’m grateful for the opportunity to put it to work to make the cyber world a safer place. As the leader of the North American security unit, I’m committed to helping you secure your environments and achieve better business outcomes.

The post Fight Evolving Cybersecurity Threats With a One-Two-Three Punch appeared first on Security Intelligence.

This post appeared first on Security Intelligence
Author: Casey George

Artificial Intelligence (AI), CISO, Cybersecurity Training, Internet of Things (IoT), Security Awareness, Security Solutions, User Education,

Insights From European Customers on Cybersecurity and Security Awareness

Also co-authored by Luisa Colucci, Lucia Cozzolino, Silvia Peschiera, Emilia Cozzolino and Vita Santa Barletta.

European Cyber Security Month (ECSM), celebrated every year in October, is a European Union (EU) advocacy campaign designed to promote security awareness among citizens.

ECSM has continued to grow since its inception in 2012. The 2018 agenda featured more than 350 events and activities across all EU member countries. ECSM’s schedule also included a rich series of conferences, training sessions, videos, webinars, demonstrations and more, giving eager participants many opportunities to get involved and learn more about security.

The contributors of this article participated in many events and collected many questions about the cybersecurity industry from other attendees. This article gathers those frequent questions, whose answers initially seemed obvious and straightforward, but were very quickly unveiled to more complicated than we previously thought.

Is Cybersecurity a Challenge or an Opportunity?

For people working in the industry, cybersecurity is an opportunity. This may not be the answer people expect, but being direct is important, and the reality is that cybersecurity drives a multibillion-dollar market. Today, the cybersecurity industry is absorbing a lot of talent, and a lot more will be requested in the future. Let’s start with the challenges.

The first challenge organizations face is the need for growth. Enterprises must adopt new technologies or they will be left behind. It is not just about being more profitable. If healthcare devices that are inserted into the body required a medical inquiry for tuning yesterday, today this can be done without a medical inquiry as the medical device can be controlled with WiFi — but it can also be hacked. Therefore, threats impact growth. Compliance also impacts growth. In fact, if compliance is about the execution of security controls necessary to mitigate the possibility of an attack, if there is a penalty associated with the compliance, the penalty has an impact on the financials of an enterprise.

The second element to consider is that enterprises have invested a lot in different technologies and processes, but have not spent enough integrating them. Processes are actually less integrated than products. For example, security information and event management (SIEM) is rarely integrated with vulnerability management or patch management, and misconfiguration actually continues to be one of the major vectors for data breaches.

Another challenge is the ever-growing mass of operational technology (OT) and Internet of Things (IoT) devices connected to network infrastructure. The adoption of IT practices related to these devices is a good thing, but it is not always as straightforward as one might imagine because processes are totally different and vary from one industry to another. For example, if something goes wrong on a train, the train stops. However, if something goes wrong on a plane, you cannot just stop it midflight. In addition, we are exposed to highly sophisticated malware agencies that can develop phishing campaigns and malware, control devices and recycle cryptocurrencies.

Moving to the opportunities, many tend to think that the cybercriminal population is different than the traditional criminal population, but this is not true. Because of the cyberworld, criminals have just been moved into the cyberspace, leaving the overall entropy unchanged with the difference that in the real world, the perfect crime is possible. In the cyber world, threat actors always leave something behind — a trace. We need technologies that can help us find those traces among billions of unstructured records. Artificial Intelligence (AI) can help with such a task. Finally, criminals also use the cyber world. This is a great opportunity to use the same investigation techniques developed in cybersecurity to stop the more old-fashioned and traditional criminals.

Who Are the Bad Guys?

We cannot always claim that those who work on the defensive side are good, and those who work on the attacking side are bad. This would be like saying that those who carry a gun are inherently bad — it is not as simple as one might think. We actually need to consider two elements. The first is that many increasingly think cybersecurity is something that has an intrinsic value, and that someone else can take care of it. For example, if we develop a camera with a traditional operating system where a password is stored on the firmware, we would tend to think that someone else will secure the password.

The second is the belief that what happens in the cyber world is only real when the benefits are perceived. But when things go wrong, then it is bad. In the real world, if a door is open, we do not enter unless we are either invited or authorized to do so. The same should happen in the cyber world. Instead of trying to work out who is bad or who is good, we should increase security awareness and start thinking that what happens in the cyber world is serious and real, and could lead to dramatic situations with serious consequences.

Does Compliance Help?

Compliance helps if it is a continuous process and if we believe in the security controls we have been forced to implement. If it is just a moment to pass the audit, this does not help. Like most security controls, compliance requires a periodic execution of set controls. Systems and applications are administered by humans, and humans make mistakes. Yet new vulnerabilities are discovered every day. What seems secure today may not be secure tomorrow. The only solution to this ever-changing landscape is the periodic execution of a strong set of controls.

How Much Should We Invest in Cybersecurity?

Usually, investment is based on the value of the business and the assets. Today, IoT adoption is creating a definite shift because the IoT provides threat actors with millions of devices — with no substantial revenue/cost impact — that they can use to launch an attack. Therefore, when we introduce a device into our network architecture, we must protect it and protect ourselves from it during the entire life cycle. This is something we should highly consider while building a secure ecosystem. The cybersecurity has an intrinsic value, but we should all work toward keeping a safe environment and improving security awareness, and we cannot assume that someone else will take care of it.

What Happens When You Are Breached?

Beyond the fines and penalties, the loss of customer trust is arguably the greatest damage that will result from a cyberattack. Customers do not really care about the money enterprises spend on security; all they care about is the fact that a company lost their data. The scariest thing is that today’s cybercriminals are real, advanced and persistent, so once they gain a foothold, they have access to your infrastructure and they will take every possible step to ensure they will continue to have access. Therefore, if you stop an attack, do not assume you are in the clear. You should always assume that attackers are inside your network, even if you have not yet discovered what they are after.

The post Insights From European Customers on Cybersecurity and Security Awareness appeared first on Security Intelligence.

This post appeared first on Security Intelligence
Author: Domenico Raguseo

Artificial Intelligence (AI), Bank Fraud, Bank Security, Banking & Financial Services, Banking Security, Data Protection, Data Security, fraud, Fraud Protection, IBM Security Trusteer, Machine Learning, Social Engineering,

How Daniel Gor Helps Protect the World — and His Grandparents — From Financial Fraud

Daniel Gor might be “just a regular guy” by his own account, but he’s doing important work that shouldn’t be overlooked. As a solution engineer on IBM Trusteer’s fraud analyst team, Daniel spends his days helping to protect our hard-earned cash from fraudsters.

“There’s a nice feeling knowing that you’re with the good guys,” Daniel said as he talked about social engineering and automated hacking from his office in Tel Aviv, Israel. And, as the product of two cultures, Daniel has a more global view of financial fraud than most.

Born in New York and raised in Miami through his early years, Daniel moved to Israel at the age of seven when his parents decided they wanted to be closer to their families. Today Daniel has a family of his own — a wife and seven-month-old daughter — and still lives close to his extended family in Ra’anana, a suburb not far from Tel Aviv.

He said the impact of two very different cultures sometimes comes out in his work style: A combination of American diligence and persistence with a hint of the typical Israeli “chutzpah.” He said his experiences in the army, as part of Unit 8200 in the Israeli Intelligence Corps, and at university gave him “perspective about how to get things done and how to approach tasks.”

Namely, he said, there’s an element of searching for the truth, “even if you don’t go by all the rules.” That comes in handy when writing policies for his fraud analyst colleagues.

Humble Beginnings as a Financial Fraud Analyst

Daniel graduated from university less than two years ago and went straight to work at IBM Trusteer. He started as a fraud analyst, conducting research to determine the rules the team needed to establish to protect financial data for a range of banks. The team writes rules and policies that are applied behind the scenes for the banks’ different applications; these, in turn, help identify behavioral anomalies that may indicate a fraud attempt.

Each analyst is responsible for monitoring the performance of the policies and rules at several banks; this often constitutes hundreds of rules and reams of data. Daniel’s firsthand experience as an analyst informs his current work as a solution engineer to automate processes designed to assist analysts in this monitoring and, in addition, implement machine learning algorithms that can strengthen the policies even more.

But rules and policies are just one part of the equation. Banks also need to build a picture of what each customer’s “digital identity” looks like so they can detect fraud sooner and more efficiently. Without an idea of how Joe from Jacksonville regularly interacts with his accounts, the bank will never know whether Joe’s profile has been compromised. This is an entirely new research field that Daniel is a part of.

Daniel Gor

Automated Behavioral Analysis Is a Game-Changer

In his present role as a solution engineer, Daniel partners with the team to analyze behavior indicators using machine learning models. He trains the models to identify behavioral anomalies and then writes those models as rules in the bank’s policies.

So that phone call you got from the bank asking if you were currently hesitant or suspiciously stalling while committing a transaction? That’s likely because, thanks to Daniel’s work, your bank identified an anomaly in your normal behavior patterns.

Daniel believes automation technology and AI have had a “great impact” on security in the financial sector.

“The machine learning algorithms are so smart now, they can detect anomalies only by mouse movement or the time that the fraudster spends on a page inside the account,” he explained. “The AI allows us to detect those anomalies in the user’s behaviors.”

Standing Up for Good Values

Unfortunately, fraudsters continue to exploit our human innocence and conduct artful sophistry such as social engineering to target vulnerable banking customers and steal their credentials. Daniel said he’s been surprised at the sophistication and methods used by these fraudsters, who can go so far as calling customers posing as bank personnel to supposedly help them recover money.

“In a way, I was surprised at how people can exploit people’s good natures and vulnerabilities,” he said.

In light of this threat, Daniel noted that he works in cybersecurity so his grandparents can live their lives without fear of being deceived every time the phone rings. And to those who are considering following in his footsteps, Daniel encouraged aspiring cybersecurity professionals to “just do it.” While tech careers are becoming more and more coveted, he believes the goal of working in a company “where you feel you’re adding to the world with good values” is worth aspiring to.

“In a way, I can say that I’m working for myself,” he said. “I want my money to be safe in a place only people I trust have access to, and it’s very important for the world to have these kinds of shields from people that are eventually trying to steal our money, to steal credentials. The world needs companies that are here to prevent those kinds of cases.”

Meet Fraud Analyst Shir Levin

The post How Daniel Gor Helps Protect the World — and His Grandparents — From Financial Fraud appeared first on Security Intelligence.

This post appeared first on Security Intelligence
Author: Security Intelligence Staff