1 year ago


total protection answer.

total protection answer. We also have to be realistic and accept that a skilled, well resourced and motivated attacker will find a way to penetrate any system, and no amount of technology will change that. In this doomladen context, what is a security team to do? "I would argue that the risk-based approach is still very much valid, but, on top of that model, you should also plan for failure. By all means, deter attackers, try to protect your infrastructure, and prevent casual and opportunistic attackers from successfully breaching your defences. But also ensure that you can detect and respond to skilled attackers. Knowing how to respond to a successful attack is the real difference between a security breach being a total disaster, or another incident to be resolved. Install detective controls, take advantage of threat intelligence and make sure your incident responders know what to look for. Above all, drill everybody so that they know exactly what do to when an attack happens - even if that's just picking up the phone to a security incident response professional. It will make all the difference when those advanced threat actors come calling. AUTOMATION IS KEY Clearly, protection and prevention are essential, in the same way that no one would build a house without locks or alarms. "However, we still see burglaries and cyber attacks still happen with prevention technologies deployed," points out Andrew Bushby, UK director at Fidelis Cybersecurity. "Thus, we move very quickly to the reality where both are needed: prevention capabilities are deployed to take out the known attacks, and detection and response capabilities actively responding to those attacks that have penetrated the perimeter. What's more, it is critical that this is automated to find and resolve them quickly before they do lasting harm to the organisation and its customers." Companies must urgently take steps to accelerate and automate their actions, reducing the time spent filtering out the extraneous data and false positives, and more time where it matters most, he insists. "By automating detection and response capabilities, enterprises will have broad and deep visibility across networks, endpoints and clouds, in real-time and retrospectively," adds Bushby. "Essentially, security teams will be able to automatically correlate, triangulate and validate whether threats that traversed the network impacted the endpoints, and automatically highlight and prioritise those that did. By giving security analysts all of the information, context and tools they need to investigate, contain and remediate attacks, organisations will no longer stagger under the weight of their own security infrastructures." POST-BREACH APPROACH Applying a post-breach strategy is also critical. "While network security teams are starting to shift their focus from perimeter defence to post-breach detection, traditional detection tools are increasingly becoming unfit for purpose - either generating far too many false-positives or altogether failing to detect attacks in real time. Deception, a security strategy that uses decoys, traps, lures and other mechanisms to trick attackers, is quickly gaining the attention of organisations seeking an efficient post-breach detection strategy." Ultimately, there is no simple answer to how organisations should adapt to the current threat landscape, he concedes. "However, what we do know is that protection and prevention alone is not enough when you consider today's sophisticated cyber attacks. Whatever infrastructure is in place must have the capacity to be re-configured over time, in line with the attacks it is trying to thwart. “Put simply, attackers will penetrate the network sooner or later - and it's those with an effective cyber security strategy in place that not only will keep up, but stay ahead." 16 computing security May/June 2018 @CSMagAndAwards

product review CARDWAVE SAFETOGO HARDWARE ENCRYPTED USBS The long-awaited EU GDPR (General Data Protection Regulation) finally took effect in May this year, so businesses that process personally identifiable information of EU citizens must demonstrate compliance or face punitive fines for security breaches. Encryption is one security measure recommended for GDPR compliance and is essential for protecting data in transit. Cardwave has the ideal solution, as its SafeToGo USB storage devices integrate military-grade 256-bit AES XTS and 2048-bit RSA hardware encryption modules cannot be bypassed. Along with essential 'always on' password protection and fully automated encryption of the device's entire contents, they're designed to be extremely easy to use. SafeToGo devices use a sturdy metal casing and lid, include a high-speed USB 3.0 interface and enforce hardware brute-force protection. The latter uses a password hack attempt counter and, after 10 failed logins, it resets the device and wipes its contents. Two versions of SafeToGo are available, with Solo aimed primarily at SMEs and compatible with all versions of Windows. The standard SafeToGo model is designed for enterprises and adds support for macOS plus Linux, and integrates with the DataLocker SafeConsole global remote management solution, which provides smart features such as geo-fencing and remote kill commands. SafeToGo is great value, with prices for Solo starting at less than £20 for an 8GB module and rising to £56 for a 64GB version. The more advanced SafeToGo doesn't cost a lot more, with 4GB and 64GB modules costing around £25 and £64 respectively. SafeToGo is really easy to use - there are no fiddly little keypads to poke at, as you just run a software app from the device. When we first plugged the Solo and SafeToGo devices into a Windows 10 PC, they presented a new optical drive with the SafeToGo app ready to run. Solo has a slightly different user interface, but, essentially, it has all the same features. In both cases, you enter a new password with a minimum of eight characters and including at least one digit plus upper- and lower-case characters. It creates a unique, randomly generated encryption key and, on completion, we found a new encrypted volume available. They function the same as any other USB flash device and, when removed from a USB port, they are automatically locked. Usefully, they don't require any software permanently loaded as, each time they are inserted, you simply run the SafeToGo app and enter the password, after which the encrypted drive will be made available. Both SafeToGo apps then load handy utilities that provide one-click access to their root folder, a quick lock function and their settings. For the latter, you can change the password and choose an automatic lock inactivity timeout period, ranging from two minutes up to an hour. SafeToGo claims full USB 3 performance with encryption, and we tested sustained read-and-write speeds with a large 2GB test file. Drag-and-drop copies between the Windows 10 PC and SafeToGo storage device returned impressive read-and-write speeds of 150MB/sec and 41MB/sec. Solo was only marginally slower, returning sustained read and write speeds of 145MB/sec and 30MB/sec We tested brute force protection and, after entering 10 incorrect passwords, the devices were locked and had to be reset from the app. This process set the devices back to factory defaults, permanently deleted all data and requested a new password. Businesses that are worried about GDPR compliance for protecting personal data on the move can now rest easy with SafeToGo. Its products team up military grade encryption, extreme ease of use, plus great performance, and deliver them at a price that will appeal to SMEs and enterprises alike. CS Product: SafeToGo Supplier: Cardwave Services Ltd Telephone: +44 (0)1380 738395 Web site: Price: SafeToGo Solo 8GB, £19.40, SafeToGo 8GB, £25.54 (all ex VAT) @CSMagAndAwards May/June 2018 computing security 17