1 year ago


masterclass HOW TO

masterclass HOW TO UNDERPIN SECURITY TRANSFORMATION WITH COMPLETE VISIBILITY OF YOUR ATTACK SURFACE CHARLOTTE GURNEY, MARKETING MANAGER, BROOKCOURT SOLUTIONS, PROVIDES KEY INSIGHTS ON A CRUCIAL ISSUE THAT CHALLENGES SO MANY ENTERPRISES Charlotte Gurney, Marketing Manager, Brookcourt Solutions. There are many reasons why you may be considering or engaged in a security transformation programme tasked with reducing the risk of cyberattacks. For example: You've appointed a new chief information security officer (CISO) who wants to implement a fast track programme delivering immediate improvements You've deployed many different security technologies and are conducting regular audits, but you're struggling to continue to scale your IT security team You've taken a highly tool-centric approach to cybersecurity, but have too much data, not enough people, your processes aren't sufficiently mature or your operational approach simply isn't working You've tried outsourcing your security, but this isn't delivering the anticipated benefits You're struggling to answer questions from senior executives, such as where are we most at risk from an attack, what's being done and what options do we have to prevent this? A familiar thread across all these issues is the search for an improved approach and processes to help you better utilise your existing resources. But if you don't know precisely what you're trying to defend, it's very difficult to plan an effective security strategy to achieve this. And without a central model, and a clear and detailed view of your infrastructure, the likelihood is that the technologies and processes you're trying to deploy are going to be badly instituted or simply not work at all. A common sense structure and approach is needed to understand your attack surface, achieve immediate results early in your security transformation, and create a trusted platform on which to mature and evolve your processes over time. This helps address key security challenges including: Very poor context of the attack surface, on account of its complexity, scale, heterogeneous technology, use of cloud, outsourcers, etc; historical data that is often out of date. The need to demonstrate a quick risk reduction, which means identifying any gaps in compliance and exposure, high risk vulnerabilities, and all ingress/egress points. Improving security and compliance by leveraging existing processes, such as how to turn firewall change mangement into a first line of defence, ensure the patch process is serving your security needs and embed compliance management within normal day-to-day operations. Using security transformation to deliver increased business value, by elevating the security operations team from a blocker to a strategic business enabler that increases ROI. How best to plan and manage the transformation programme, to mature your approach to security and avoid the mistakes made by early adopters who over-invested in technology. Recommended phased maturity approach Resilience Assessment Start by focusing on discovery and high-risk threat mitigation: 1. Build a model of your complete organisational infrastructure, and provide context around all of the ingress/egress points and complexities of your network and assets, to give you a detailed understanding of what you're trying to defend 2. This model should be automatically updated on a daily basis, giving you an ongoing and always current view of your attack surface 3. The model can then be regularly analysed to identify all of the opportunities to quickly reduce risk, increase resilience and deliver immediate results 4. Evolve and improving your existing processes, or instituting new ones in areas including automating compliance and policy management, automating firewall and change management, and improving vulnerability management 5. Moving into more advanced use cases, such as embedding Skybox into a SOC or computer emergency response team (CERT), using it to assist with outsourcing to a managed security service provider (MSSP). Brookcourt and Skybox Security will help you deliver superior results from your security transformation initiatives. Please contact: 30 computing security March/April 2018 @CSMagAndAwards

hacked credentials THE DARK DESTROYERS OVER ONE MILLION LEAKED AND HACKED CREDENTIALS FOUND ON THE DARK WEB hacked credentials. Even where passwords aren't present, each of these exposed email addresses represents a potential attack on a company's network for criminals via phishing or other scams. NO ONE IS SAFE Patrick Martin, cybersecurity analyst at RepKnight, comments: "The truth is that no company in the world is safe from the threat of the dark web. The top 500 law firms RepKnight analysed almost certainly haven't done anything wrong, cybersecurity-wise, but all it takes for a breach to occur nowadays is for a single employee to accidentally fall for a phishing email or send sensitive data via email accidentally to the wrong person. It's almost impossible to prevent. More than a million leaked and hacked credentials from the UK's top law firms have been tracked down to the Dark Web, leaving the firms vulnerable to phishing scams and the possibility of significant data theft. The figures represent an average of 2,000 email addresses per company, with the largest firm having just over 30,000 email addresses on the dark web. The email addresses, including nearly 80,000 from the legal industry's Magic Circle, have been found by cybersecurity specialist RepKnight as part of a campaign to raise awareness of the huge number of leaked and hacked credentials circulating on the dark web. Almost all of the credentials were from third-party breaches, where a corporate email address had been used on a site like LinkedIn or Dropbox and that site was subsequently compromised. Worryingly, 80% of these email addresses featured in breaches which also contained passwords - often in plaintext. Cybercriminals could potentially use these password to gain access to other private data, such as employees' online banking or social media, via 'credential stuffing' or spear phishing attacks, because more than 80% of people tend to re-use their password. Using RepKnight's dark web monitoring tool BreachAlert, RepKnight was able to uncover each of the exposed email domains across dark web, bin, dump and data breach sites, which feature almost five billion stolen, leaked or "The data we found represents the easiest data to find - we just searched on the corporate email domain. A far bigger issue for law firms is data breaches of highly sensitive information about client cases, customer contact information or employee personal info, such as home addresses, medical record and HR files. That's why - in addition to securing their networks - every firm should be deploying a dark web monitoring solution, so they can get alerted to leaks and breaches immediately." The research by RepKnight sheds light on the importance of breach detection, as well as prevention. On average, European organisations take around 450 days to spot a security breach, which means that cybercriminals have a huge amount of time to access a corporate network, steal sensitive data and leave before the organisation even realises that they've been there. @CSMagAndAwards March/April 2018 computing security 31