09.10.2019 Views

Cyber Defense Magazine Global Edition for 2019

Cyber Defense Magazine's Annual Global Edition for 2019: Will Quantum resilient encryption change the future against breaches in our favor? Can deception technology stop the next wave of cybercriminals? This and much more inside this 78 page eMagazine exclusively distributed at www.ipexpoeurope.com each year along with our announcement of the Cyber Defense Global Awards winners for 2019; also found at www.cyberdefenseawards.com.

Cyber Defense Magazine's Annual Global Edition for 2019: Will Quantum resilient encryption change the future against breaches in our favor? Can deception technology stop the next wave of cybercriminals? This and much more inside this 78 page eMagazine exclusively distributed at www.ipexpoeurope.com each year along with our announcement of the Cyber Defense Global Awards winners for 2019; also found at www.cyberdefenseawards.com.

SHOW MORE
SHOW LESS

You also want an ePaper? Increase the reach of your titles

YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.

1


WELCOME ABOARD<br />

In our seventh year since we founded CDM as Editor-in-Chief, I am delighted to welcome our readers to<br />

the <strong>2019</strong> <strong>Global</strong> <strong>Edition</strong> of <strong>Cyber</strong> <strong>Defense</strong> <strong>Magazine</strong> (CDM), which is now exclusively being handed out<br />

at IPEXPO Europe <strong>2019</strong> and then posted online in multiple <strong>for</strong>mats <strong>for</strong> easy download or reading online<br />

on any internet connected device – from your smartphone to your tablet to your laptop or desktop. Every<br />

aspect of IPEXPO Europe touches upon something related to cybersecurity – whether its writing better<br />

code, as developers, to rolling out internet of things (IoT) devices to blockchain or artificial intelligence –<br />

we see the need <strong>for</strong> more cybersecurity professionals who can respond to and plan <strong>for</strong> the next wave of<br />

threats and exploitations by cyber criminals. It’s also now part of a bigger themed event called “Digital<br />

Trans<strong>for</strong>mation Expo Europe” with more in<strong>for</strong>mation found at this url: https://dt-x.io/europe/en/page/dtxeurope<br />

It’s now projected that there will be some 2 million new jobs created in the cyber security industry over<br />

the next 3-5 years. Indeed, some reports even project greater growth than that. In any case, what’s clear<br />

is that the threats of cyber-attacks are not going away; if anything, they will grow in intensity and<br />

pervasiveness as the potential payoffs get richer. Although the three principal reasons <strong>for</strong> cyber criminals<br />

to operate remain the same, their relative growth may become skewed toward financial and political gain.<br />

Only the thrill-seekers with little to gain other than some warped sense of power appear to have leveled<br />

off. Rich targets of financial assets in the billions have come into play with the proliferation of<br />

cryptocurrencies and exchanges. The use of cyber means to penetrate and influence political processes<br />

is only beginning to be fully investigated. The challenges <strong>for</strong> the defenders of cyber integrity continue to<br />

grow.<br />

Nonetheless, the “good guys” are in the hunt, with new and creative technological developments to<br />

counter the spread of cyber-attacks. AI, ML, IAM, and <strong>Cyber</strong> Risk Management as a Service (too new <strong>for</strong><br />

its own acronym) are among the coming techniques of cyber defense. Without attacking the attackers,<br />

there are new deception-based techniques to at least slow them down and try to document their attacks<br />

in more detail. Also, we’re seeing rapid growth in cybersecurity anti-phishing and best practices training<br />

companies, which is foundational and critical. We all need frequent training, especially to avoid spear<br />

phishing, RATs, and social engineering – including new methods called “deep fake.”<br />

There<strong>for</strong>e, only by keeping up to date with the broad array of developments is it possible <strong>for</strong> the cyber<br />

defense professional to operate effectively. That’s the job of <strong>Cyber</strong> <strong>Defense</strong> <strong>Magazine</strong> – to be the<br />

principal repository and distribution channel <strong>for</strong> the vital in<strong>for</strong>mation flow to keep us all in<strong>for</strong>med and ready<br />

to respond to the threats as they emerge. On behalf of our entire team, we thank you <strong>for</strong> being a part of<br />

the CDM community, and <strong>for</strong> supporting our Mission – to help you get one step ahead of the next threat.<br />

Respectfully,<br />

Pierluigi Paganini<br />

Editor-in-Chief<br />

2


Contents<br />

Secure Channels Delivers “XOTIC” Solution to Unprotected Industries ........................... 8<br />

Invisible = Undependable ..................................................................................................... 11<br />

Cali<strong>for</strong>nia’s Upcoming Privacy Law Creates Questions <strong>for</strong> Companies Nationwide ...... 13<br />

Hidden Wasp and the Emergence of Linux-based Threats ................................................ 18<br />

Top Ten Requirements <strong>for</strong> Managed Security Services Providers ................................... 20<br />

Migrating to Office 365 with iboss cloud ............................................................................. 22<br />

9 <strong>Cyber</strong>security Metrics + KPIs to Track ............................................................................. 27<br />

The Instant Gratification Risk ............................................................................................... 30<br />

Improving Work<strong>for</strong>ce Engagement in a Post M&A Environment ...................................... 33<br />

To Catch a Criminal, Set a Trap ............................................................................................ 37<br />

Maximizing Efficiency by Meeting <strong>Cyber</strong>security Pros Where They Are .......................... 41<br />

CSIOS Corporation’s Made–to–Measure <strong>Cyber</strong>security Services: ................................... 46<br />

Fighting Fraud in Online Services with XTN Cognitive Security ....................................... 49<br />

Disrupt the Kill Chain with Continuous Security Validation .............................................. 52<br />

Beyond Signatures and Sandboxes .................................................................................... 56<br />

Welcome to the <strong>Cyber</strong> <strong>Defense</strong> <strong>Global</strong> Awards <strong>for</strong> <strong>2019</strong> ................................................... 60<br />

3


CYBER DEFENSE MAGAZINE<br />

is a <strong>Cyber</strong> <strong>Defense</strong> Media Group (CDMG)<br />

publication distributed electronically via opt-in<br />

GDPR compliance-Mail, HTML, PDF, mobile and<br />

online flipbook <strong>for</strong>wards. All electronic editions are<br />

available <strong>for</strong> free, always. No strings attached.<br />

Annual EDITIONs of CDM are distributed<br />

exclusively at the RSA Conference each year <strong>for</strong><br />

our USA editions and at IP EXPO EUROPE in the<br />

UK <strong>for</strong> our <strong>Global</strong> editions. Key contacts:<br />

PUBLISHER<br />

Gary S. Miliefsky<br />

garym@cyberdefensemagazine.com<br />

PRESIDENT<br />

Stevin V. Miliefsky<br />

stevinv@cyberdefensemagazine.com<br />

VICE PRESIDENT OF BIZ DEV & STRATEGY<br />

Tom Hunter<br />

tom@cyberdefensemediagroup.com<br />

EDITOR-IN-CHIEF<br />

Pierluigi Paganini<br />

Pierluigi.paganini@cyberdefensemagazine.com<br />

MARKETING, ADVERTISING & INQUIRIES<br />

marketing@cyberdefensemagazine.com<br />

Interested in writing <strong>for</strong> us:<br />

marketing@cyberdefensemagazine.com<br />

CONTACT US:<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>Magazine</strong><br />

Toll Free: +1-833-844-9468<br />

International: +1-603-280-4451<br />

New York (USA/HQ): +1-646-586-9545<br />

London (UK/EU): +44-203-695-2952<br />

Hong Kong (Asia): +852-580-89020<br />

Skype: cyber.defense<br />

E-mail: marketing@cyberdefensemagazine.com<br />

Web: www.cyberdefensemagazine.com<br />

TV: www.cyberdefense.tv<br />

Copyright © <strong>2019</strong>, <strong>Cyber</strong> <strong>Defense</strong> <strong>Magazine</strong><br />

(CDM), a <strong>Cyber</strong> <strong>Defense</strong> Media Group<br />

(CDMG) publication of the Steven G. Samuels<br />

LLC Media Corporation.<br />

To Reach Us Via US Mail:<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>Magazine</strong><br />

276 Fifth Avenue, Suite 704<br />

New York, NY 10001<br />

EIN: 454-18-8465<br />

DUNS# 078358935<br />

4


5


6


7


Secure Channels Delivers<br />

“XOTIC” Solution to<br />

Unprotected Industries<br />

Introducing Next Generation<br />

Quantum-resilient<br />

Cryptography by Gary S.<br />

Miliefsky, CISSP®<br />

A few years ago at Black Hat, I bumped into<br />

Richard Blech, CEO of SecureChannels and<br />

some of his brilliant team members working on<br />

the next generation of cryptography. What they<br />

showed me back then and over the past few<br />

years, was and is an incredible ef<strong>for</strong>t to solve the<br />

giant ‘math problems’ required to make next<br />

generation encryption a reality. They have now<br />

produced go-to-market commercially available<br />

quantum resilient encryption that many would<br />

call extremely ‘exotic.’<br />

Physicists apply the term “exotic” to states of<br />

matter not ordinarily encountered, and the Next<br />

Gen Encryption Winner of the <strong>2019</strong> InfoSec<br />

Awards is far from ordinary. Secure Channels<br />

Inc.’s XOTIC is a Scalable One-Time Pad (S-<br />

OTP), cascade cipher cryptosystem that is<br />

mathematically described in a single equation as<br />

cccc = SS(kkkk ⊕ (aaaa + pppp)). This short <strong>for</strong>mula grants<br />

XOTIC streaming-cipher speed with block-cipher<br />

strength. A unique feature of XOTIC that sets it<br />

apart from other symmetric encryption, is that the<br />

security level can be dialed with negligible<br />

impact on per<strong>for</strong>mance or overhead.<br />

In 2016, Secure Channels was approached by<br />

the film industry with a sizeable request: protect<br />

the ability to control the release of creative and<br />

production content. The past several years had<br />

seen an alarming trend in studio infiltrations.<br />

Films were leaked in part or in whole, contract<br />

details and production memos were released to<br />

the public, all to devastating effect at the box<br />

office. An industry with a disproportionally high<br />

mission-critical data volume, a leak of even the<br />

smallest bit of data can ruin careers, alienate<br />

investors and harm revenue by tens of millions<br />

of dollars. Employing hundreds of contractors,<br />

freelancers and transmission devices creates a<br />

8


vast attack surface area. The growing interest in<br />

lone hacker and nation state infiltration of<br />

Hollywood productions pointed to the trend<br />

deepening, which brought the film industry to<br />

Secure Channels. The plan was to encrypt all<br />

transmitted data as far upstream as possible to<br />

eliminate unwanted release of content, but all<br />

existing ciphers on the market had proven too<br />

slow, bloated or clunky to handle the demands<br />

of the film production environment. Enter XOTIC.<br />

Secure Channels developed XOTIC to encrypt<br />

directly at the camera, audio recorder, mixer,<br />

CGI studio, etc., to give producers complete<br />

protective control over their product. XOTIC’s<br />

few lines of code have an ultralightweight<br />

footprint and drive rapid encryption that easily<br />

keeps pace with high-velocity, data-intensive<br />

workflows. The industry now had a solution that<br />

could encrypt every frame of 8K, high-frame-rate<br />

video; each sample of high-resolution, multichannel<br />

audio; emails; videoconferences … any<br />

channel carrying sensitive in<strong>for</strong>mation with the<br />

potential to diminish the size of a paying<br />

audience, destroy careers and upset strategic<br />

partnerships. The cipher’s agility put several<br />

post-quantum strengths in producers’ hands.<br />

They could dial XOTIC to provide a range of<br />

encryption from 512-bit to archive strength<br />

16,384-bit, or choose its Wave Form Encryption<br />

mode of operation to vary key lengths <strong>for</strong><br />

additional protection. Armed with XOTIC,<br />

content owners were better prepared <strong>for</strong> the<br />

cybersecurity onslaught on their industry.<br />

XOTIC’s applications extend far beyond<br />

Hollywood. It was designed to sit lightly in<br />

workflows and per<strong>for</strong>m in environments lacking<br />

encryption due to shortage of processor,<br />

memory, power or space. The IoT realm, <strong>for</strong><br />

example, is an industry slow to adopt encryption<br />

over limitations within the host technology. There<br />

were 11.2 billion IoT devices in use last year, and<br />

that number is expected to nearly double by<br />

2020. When deployed in an environment, IoT<br />

devices freely exchange all manner of user data<br />

with little to no encryption protecting them,<br />

making them ripe <strong>for</strong> man-in-the-middle attacks<br />

and other hacks. Once an unauthorized party<br />

gets into a system, the devices’ shared “trusted<br />

status” furthers the hacker’s reach. There’s<br />

simply no “room” <strong>for</strong> traditional encryption within<br />

many IoT devices. XOTIC’s anomalous nature,<br />

however, lets it slide easily into the environment.<br />

The weightless code fits anywhere in the<br />

workflow. The strength modulation<br />

accommodates bandwidth availability. The<br />

streaming cipher speed preserves device<br />

responsiveness. The strength works toward<br />

manufacturer compliance with data privacy<br />

regulations. XOTIC is IoT’s missing piece.<br />

XOTIC’s strength has been lauded by some of<br />

the keenest cryptanalysts in the field. The team<br />

of Dr. Léo Perrin, junior researcher at Inria and<br />

author of lightweight cryptography, and Dr. Alex<br />

Biryukov, full professor at University of<br />

Luxembourg and the ACRYPT project’s principal<br />

investigator <strong>for</strong> lightweight IoT cryptography,<br />

noted that even on XOTIC’s lowest strength,<br />

brute <strong>for</strong>ce attacks appear to be an impractical<br />

threat. The team of Dr. Lars R. Knudsen,<br />

professor at the Department of Applied<br />

Mathematics and Computer Science at the<br />

Technical University of Denmark and block<br />

cipher designer, and Dr. Bart Preneel, full<br />

professor at the Dept. Electrical Eng.-ESAT of<br />

the KU Leuven and president of Leaders In<br />

Security (LSEC), stated of XOTIC’s high security<br />

margin, “In order to break the XOTIC cipher<br />

attackers would need insurmountable computing<br />

power which nobody will be able to demonstrate<br />

in our lifetime, or come up with new, effective<br />

attacking methods which nobody has<br />

demonstrated to be close to having at this point<br />

of time."<br />

After covering the DPRK attack on Sony Pictures<br />

in much detail, I’m thrilled to see a solution<br />

designed <strong>for</strong> the punishing workload of the film<br />

9


industry, XOTIC’s unique properties deliver<br />

speed and quantum-resilience to myriad<br />

deployments.<br />

In addition, everything from drones to email,<br />

fintech to healthcare is well within its scope. And<br />

industries where encryption has until now been<br />

technologically prohibitive can find their armor in<br />

Secure Channels’ more exotic solution.<br />

About the Author<br />

National In<strong>for</strong>mation Security Group and the<br />

OVAL advisory board of MITRE responsible <strong>for</strong><br />

the CVE Program (http://CVE.mitre.org). He also<br />

assisted the National Infrastructure Advisory<br />

Council (NIAC), which operates within the U.S.<br />

Department of Homeland Security, in their<br />

development of The National Strategy to Secure<br />

<strong>Cyber</strong>space as well as the Center <strong>for</strong> the Study<br />

of Counter-Terrorism and <strong>Cyber</strong> Crime at<br />

Norwich University. Previously, Gary has been<br />

founder and/or inventor <strong>for</strong> technologies and<br />

corporations sold and licensed to Hexis <strong>Cyber</strong>,<br />

Intel/McAfee, IBM, Computer Associates and<br />

BlackBox Corporation. Gary is a member of<br />

ISC2.org and is a CISSP®. Reach Gary at<br />

https://www.cyberdefensemagazine.com<br />

Gary is the CEO of <strong>Cyber</strong> <strong>Defense</strong> Media Group<br />

(CDMG) and Publisher of <strong>Cyber</strong> <strong>Defense</strong><br />

<strong>Magazine</strong>. He is a globally recognized cybersecurity<br />

expert and a frequent invited guest on<br />

national and international media commenting on<br />

mobile privacy, cyber security, cyber crime and<br />

cyber terrorism, also covered in both Forbes and<br />

Fortune <strong>Magazine</strong>s. He has been extremely<br />

active in the INFOSEC arena, most recently as<br />

the Editor of <strong>Cyber</strong> <strong>Defense</strong> <strong>Magazine</strong>. Miliefsky<br />

is a Founding Member of the US Department of<br />

Homeland Security (http://www.DHS.gov), the<br />

10


Invisible = Undependable<br />

Why Visibility Is Key to Lowering Digital Risk<br />

Trying to identify sources of digital risk <strong>for</strong> your<br />

organization can feel like searching <strong>for</strong> a black<br />

cat in a dark room. And even if you have a torch,<br />

you need to be shining it in the right direction to<br />

spot the cat. And of course, it might not be sitting<br />

still….<br />

But imagine you can simply turn on all the lights<br />

in the room – and when you do, you can see<br />

there are several black cats, as well as dozens<br />

of mice, spiders (and who knows what else) that<br />

you had no idea where there.<br />

Taking digital risks out of the shadows<br />

When it comes to your organization’s digital<br />

footprint, consider each of these metaphorical<br />

“creatures” to be a digital risk of some kind – a<br />

phishing website, a chat on the dark web about<br />

targeting one of your executives, and so on. In<br />

this scenario, a cybersecurity “torch” is better<br />

than nothing. But a solution that can turn on all<br />

the lights in the room and help you remove<br />

anything you want to eliminate is a whole lot<br />

better.<br />

The industry experts behind the <strong>2019</strong> <strong>Cyber</strong><br />

Security Risk Report1 from professional<br />

services firm Aon, agree: “In <strong>2019</strong>, the greatest<br />

challenge organizations will face is simply<br />

keeping up with and staying in<strong>for</strong>med about the<br />

evolving cyber-risk landscape.” In other words,<br />

digital risk transparency is everything. Because<br />

what you can’t see, you can’t protect against. So,<br />

how do you go about turning on the lights and<br />

cleaning up in the big, scary room of digital risks?<br />

Step 1 – Turning on the lights<br />

The first step is to use a tool that scan your<br />

organization’s digital footprint comprehensively,<br />

across the surface web (standard, open<br />

websites), deep web (areas of the web that are<br />

gated such as intranets, membership sites, etc.)<br />

11


and dark web (anonymized websites, chatrooms<br />

and marketplaces that are only visible using<br />

special web tools).<br />

Step 2 – Cleaning up the room<br />

Once you have identified what’s there – phishing<br />

websites, legitimate URLs with out of date<br />

security certificates, marketplaces selling<br />

counterfeit goods and the like – you can start<br />

allocating different resources to take the<br />

appropriate action. These tasks will include<br />

updating software, removing abandoned<br />

websites, notifying web hosts about illegal<br />

activity, and so on.<br />

Step 3 – Check and validate<br />

Ensuring that your digital risk protection solution<br />

continues to scan the environment even as you<br />

are eliminating risks ensures you can see which<br />

have been addressed, which have moved, and<br />

which new risks have appeared since the initial<br />

scan. New tasks can be defined as a result.<br />

Step 4 – Mitigate <strong>for</strong> the future<br />

Once you have achieved risk transparency, you<br />

need to maintain it. This means taking the<br />

actions necessary to ensure certain risks cannot<br />

reoccur at all, or can be dealt with easily and<br />

quickly when they do. This could include, <strong>for</strong><br />

example, putting an automated process in place<br />

<strong>for</strong> renewing website security certificates.<br />

Integrating your threat defenses<br />

However, <strong>for</strong> most large organizations, this is not<br />

the whole story. To maximize the return on an<br />

investment in digital risk protection, it’s important<br />

to be able to integrate your capabilities with a<br />

SIEM (Security In<strong>for</strong>mation and Event<br />

Management) solution or IT Service<br />

Management plat<strong>for</strong>m. This integration can add,<br />

<strong>for</strong> example, proactive threat alerts and the<br />

identification of device-based threats. This<br />

combination can further strengthen defenses<br />

against the ever-broadening range of digital risks<br />

that organizations face. Not only does this help<br />

companies avoid the significant costs of a<br />

successful security breach, it can also deliver<br />

business value in other ways, such as<br />

streamlining security processes, improving the<br />

accuracy of decision-making and lowering<br />

overall business risk.<br />

<strong>Cyber</strong>sprint is expert in helping organizations<br />

identify and eliminate digital risks to their data,<br />

operational continuity and revenue, wherever<br />

they originate online.<br />

Are you looking <strong>for</strong> a more complete picture of<br />

your organization’s assets? Our DRP plat<strong>for</strong>m<br />

will discover, assess and remediate online risks<br />

to your brand. Click below to request a free<br />

Quickscan <strong>for</strong> your organization.<br />

About the Author<br />

Alex van der Plaats is<br />

Marketeer & Security<br />

Enthusiast at<br />

<strong>Cyber</strong>sprint. If you<br />

are interested to get<br />

tweets about Digital<br />

Risk Protection!<br />

Follow us on twitter<br />

@cybersprintnl<br />

12


Cali<strong>for</strong>nia’s Upcoming<br />

1Privacy Law Creates<br />

Questions <strong>for</strong> Companies<br />

Nationwide<br />

By Richard Kanadjian, Encrypted USB Business Manager of Kingston Technology<br />

13


Cali<strong>for</strong>nia’s Consumer Privacy Act (CCPA) goes into effect on<br />

January 1, 2020, and will affect not only companies in Cali<strong>for</strong>nia,<br />

but also companies nationwide with serious financial penalties <strong>for</strong><br />

future data breaches. With the expansion of privacy laws abroad<br />

and in the U.S. (HIPPA, CCPA, and GDPR as examples), data<br />

breaches are serious issues <strong>for</strong> any company that holds PII<br />

(Personally Identifiable In<strong>for</strong>mation) of consumers and or any other<br />

sensitive in<strong>for</strong>mation.<br />

How businesses store, transport and manage sensitive consumer<br />

and company in<strong>for</strong>mation has become critical <strong>for</strong> companies of all<br />

sizes.<br />

What businesses will be impacted by the new<br />

CCPA regulations?<br />

While the CCPA is meant to enhance the privacy rights and<br />

consumer protections <strong>for</strong> the residents of Cali<strong>for</strong>nia in the United<br />

States, as with many laws enacted in the state, it will impact most<br />

business across the country and rest of the world. CCPA can apply<br />

to businesses even if they do not have offices or employees in<br />

Cali<strong>for</strong>nia. Any business that has customers who are based in<br />

Cali<strong>for</strong>nia could be affected by this new law starting in 2020. The<br />

criteria to determine if this law will affect your business are (any one<br />

of the three make the law apply to your business):<br />

• Do you have gross revenue over $25 million (USD), or<br />

• Do you possess the personal in<strong>for</strong>mation of 50,000 or more<br />

consumers, households or devices, or<br />

• Do you earn more than half your annual revenue from selling<br />

consumers’ personal in<strong>for</strong>mation?<br />

If the new CCPA applies to your company, the intentions of the law<br />

are to provide Cali<strong>for</strong>nia residents (defined broadly enough to cover<br />

consumers, employees, business contacts and others) with the<br />

ability to know what personal data is collected about them (and<br />

have access to this in<strong>for</strong>mation); how that data is used, sold or<br />

disclosed; the ability to say no to the sale of personal data; request<br />

their data to be deleted, and more. They also have the right not to<br />

be discriminated against <strong>for</strong> exercising their right to privacy.<br />

14


What are the penalties under the<br />

new Cali<strong>for</strong>nia Consumer Privacy<br />

Act?<br />

Companies that do not comply with the CCPA<br />

are subject to both civil class action lawsuits in<br />

the state of Cali<strong>for</strong>nia with damages of $100 to<br />

$750 per Cali<strong>for</strong>nia resident and incident, or<br />

actual damages, whichever is greater.<br />

Companies are<br />

Also subject to fines from the state as they can<br />

be prosecuted by the Cali<strong>for</strong>nia Attorney<br />

General.<br />

How does Bring Your Own Device<br />

(BYOD) hinder any cyber security<br />

plan?<br />

The tremendous portability, and exceptional<br />

ease of USB drives have proven to increase<br />

productivity to millions of businesses and<br />

government agencies. However, since most of<br />

these drives are unencrypted, they can pose a<br />

major security risk to the user storing anything<br />

more valuable than public data.<br />

<strong>Cyber</strong> security experts say that the use of an<br />

encrypted USB flash drive is the best solution <strong>for</strong><br />

keeping confidential in<strong>for</strong>mation what it was<br />

intended to be – confidential.<br />

From a cost perspective, hardware-based<br />

encrypted USBs are not much more expensive<br />

than non-encrypted devices – and they are like<br />

insurance against the unthinkable – the loss and<br />

breach of private data that could be exposed<br />

otherwise. When you consider the costs and<br />

consequences of a data breach, losing a drive,<br />

etc., against the low purchase price of a nonencrypted<br />

drive, the cost of an encrypted drive is<br />

the most cost-efficient way to manage threats<br />

and reduce risks.<br />

With various regulations such as HIPPA, CCPA<br />

and GDPR among others, the use of encrypted<br />

USB drives can also provide legal protection to<br />

many industries and professions. The minimal<br />

investment <strong>for</strong> encrypted USB drives will cost<br />

exponentially less than risking a potential data<br />

breach, exposure, damage to your reputation<br />

and enormous possible fines.<br />

Their extreme portability means they are very<br />

susceptible to being lost, accessed, or<br />

misappropriated. When that happens, there is a<br />

fairly good chance that data stored on the device<br />

will end up in the wrong hands, risking the users<br />

or company’s privacy and security.<br />

Having a company policy of standardizing on the<br />

use of hardware-based encrypted USB drives is<br />

a key factor in a USB drive’s ability to provide the<br />

safest, most trustworthy means to store and<br />

transfer personal, classified, sensitive data.<br />

Is hardware and software<br />

encryption preferable?<br />

Not only is encryption vital in USB drives<br />

securing and protecting data, how that<br />

encryption is per<strong>for</strong>med is likewise important.<br />

Users have two choices: hardware and softwarebased<br />

encryption.<br />

USB drive encryption can be done either through<br />

the device’s hardware or software. A hardwarecentric<br />

/ software-free encryption approach to<br />

15


data security is the best defense against data<br />

loss, as it eliminates the most commonly used<br />

attack routes. This software-free method also<br />

provides comprehensive compatibility with most<br />

OS or embedded equipment possessing a USB<br />

port.<br />

Hardware-based encrypted USB drives are selfcontained,<br />

don’t require a software element on<br />

the host computer, and are the most effective<br />

means in combating ever-evolving cyber threats.<br />

Hardware-encrypted USB drives protect against<br />

the possibility of brute <strong>for</strong>ce, sniffing and memory<br />

hash attacks due to their security being selfcontained<br />

inside the drive.<br />

Software-based encrypted drives are designed<br />

differently. They share a computer’s resources<br />

with other programs. The encryption is not done<br />

on the USB drive at all. Because of this<br />

computer-based encryption process, the USB<br />

drives themselves are vulnerable. In some<br />

cases, there are compatibility issues with older<br />

operating systems that may make the data<br />

unreadable. In addition, re<strong>for</strong>matting a drive<br />

be<strong>for</strong>e storing data can remove all encryption on<br />

the drive, essentially turning a secured drive into<br />

a standard, open drive.<br />

How can I protect my company’s<br />

sensitive data and not hinder<br />

productivity?<br />

Whether you are a local restaurant chain or a<br />

manufacturing company, privacy and security<br />

should always be front and center in how you<br />

manage, transfer or distribute non-Cloud storage<br />

of private / personal data. There should be<br />

standardization <strong>for</strong> best practices <strong>for</strong> what’s<br />

known as data “at-rest” or “in-transit.” While the<br />

most common storage medium is the use of<br />

inexpensive USB drives, the best practice is to<br />

standardize on hardware-based encrypted USB<br />

drives. This practice will provide efficiency and<br />

security to mobile data <strong>for</strong> anyone. Even<br />

accessing Cloud storage can be risky – while<br />

you access the internet at a coffee shop,<br />

someone else may be trying to hack your<br />

system. If you carry your data on a hardwareencrypted<br />

drive, you can work on your data and<br />

keep your internet turned off while in an<br />

untrusted open Wi-Fi area.<br />

So, where to start? As a small or medium<br />

business, you more than likely aren’t going to<br />

need the same level of protection as large<br />

companies and government agencies require.<br />

There is a range of easy-to-use, cost-effective,<br />

encrypted USB flash-drive solutions to choose<br />

from that can go a long way toward mitigating<br />

your privacy and security risks, and, quite<br />

possibly, save you money and stress.<br />

Encrypted USB drive manufacturers provide you<br />

with options, no matter your needs. For example,<br />

Kingston’s IronKey D300S USB Flash drive<br />

features an advanced level of security that builds<br />

upon the features that made IronKey wellrespected,<br />

to safeguard sensitive in<strong>for</strong>mation.<br />

Its FIPS 140-2 Level 3 certified, with 256-bit AES<br />

hardware-based encryption in XTS mode, and<br />

has anti-tampering security built in to protect all<br />

internal components. It is an essential pillar to<br />

setting security standards, corporate policies<br />

and data loss protection (DLP) best practices<br />

and compliance to global regulations such as the<br />

CCPA and GDPR.<br />

16


Customer and other sensitive data need to be<br />

stored on encrypted USB drives whenever you<br />

need to take the data with you to mitigate any<br />

risk of data breach, data loss, and liability. Data<br />

security and consumer privacy should be<br />

concerns <strong>for</strong> businesses of any size so<br />

identifying cost effective ways to mitigate the risk<br />

is paramount as we prepare <strong>for</strong> 2020.<br />

About the Author<br />

Learn more at Kingston.com.<br />

Richard Kanadjian is currently the Business<br />

Manager of Kingston Technology’s Encrypted<br />

USB unit. He joined Kingston in 1994 and has<br />

served the company in a variety of roles <strong>for</strong> both<br />

the Flash and DRAM divisions. Among his many<br />

positions, Mr. Kanadjian was a field applications<br />

engineer in the company’s strategic OEM<br />

division, where he helped build relationships with<br />

leading PC and chipset manufacturers. Prior to<br />

his current role, Mr. Kanadjian was part of the<br />

SSD product engineering department helping<br />

develop and support Kingston’s enterprise SSDs<br />

on both a technical and customer level.<br />

17


Hidden Wasp and the<br />

Emergence of Linux-based<br />

Threats<br />

By Intezer<br />

The Linux threat ecosystem is crowded with IoT<br />

DDoS botnets and crypto-mining malware.<br />

However, with low detection rates in nearly all<br />

leading anti-virus solutions, Linux threats pose<br />

new challenges to the in<strong>for</strong>mation security<br />

community that have not been observed<br />

previously in other operating systems.<br />

The low detection rates in anti-virus solutions<br />

can likely be attributed to the rapid growth of<br />

modern, cloud-based infrastructure in recent<br />

years. However, as the in<strong>for</strong>mation security<br />

community has struggled to find a consistent<br />

solution, malware authors have been quick to<br />

capitalize.<br />

Linux malware authors do not invest much time<br />

or ef<strong>for</strong>t in writing their implants. This is because<br />

in an open-source ecosystem, there is a high<br />

ratio of publicly available code that can be<br />

quickly copied and adapted by adversaries in<br />

order to produce their own malware. In addition,<br />

as anti-virus solutions <strong>for</strong> Linux have proven to<br />

be less resilient in comparison to other plat<strong>for</strong>ms,<br />

adversaries have become less concerned about<br />

implementing excessive evasion techniques<br />

because even when they reuse extensive<br />

amounts of code, threats have relatively<br />

managed to stay under the radar.<br />

Malware with strong evasion techniques,<br />

however, do exist within the Linux plat<strong>for</strong>m.<br />

There is a high ratio of publicly available opensource<br />

malware that utilize strong evasion<br />

techniques and can be easily adapted by<br />

adversaries.<br />

18


Advanced HiddenWasp Malware<br />

Stings Targeted Linux Systems<br />

Researchers at Intezer recently discovered an<br />

undetected malware targeting Linux systems.<br />

The malware—which the researchers<br />

named HiddenWasp—was en<strong>for</strong>cing advanced<br />

evasion techniques with the use of rootkits in<br />

order to avoid detection.<br />

HiddenWasp is a fully developed suite of<br />

malware that includes a trojan, rootkit and an<br />

initial deployment script. The malware is used <strong>for</strong><br />

targeted attacks against victims who have<br />

already been infected. HiddenWasp has the<br />

ability to download and execute code, upload<br />

files and per<strong>for</strong>m a variety of commands, <strong>for</strong> the<br />

sole purpose of gaining remote control over the<br />

infected system. This is different from common<br />

Linux malware, which per<strong>for</strong>m distributed denialof-service<br />

(DDoS) attacks or mine<br />

cryptocurrencies.<br />

In addition, HiddenWasp authors have adopted<br />

large portions of code from various publicly<br />

available open-source malware, such as Mirai<br />

and the Azazel rootkit, and there are similarities<br />

between the malware and other Chinese<br />

malware families.<br />

At the time the research was published,<br />

HiddenWasp had a zero-detection rate in all<br />

major anti-virus systems. Since then, some—but<br />

not all—of the engines in VirusTotal have begun<br />

to flag the malware.<br />

The technical analysis published by Intezer also<br />

includes relevant IOCs (IP addresses to block)<br />

and a YARA rule <strong>for</strong> preventing and responding<br />

to future variants of this threat.<br />

The recent discovery of HiddenWasp further<br />

supports the notion that Linux threats will<br />

become more complex over time, and the<br />

in<strong>for</strong>mation security community needs to<br />

allocate additional resources in order to more<br />

effectively detect and respond to these threats at<br />

a larger scale.<br />

Webinar:<br />

Learn more about the recent history and analysis<br />

of Linux threats, mitigation recommendations,<br />

and the importance of code reuse detection.<br />

Watch the recording to Intezer’s recent webinar<br />

on the Linux Threat Landscape here:<br />

https://www.youtube.com/watch?v=c2IChPlYgH<br />

E&feature=youtu.be<br />

Topics covered include:<br />

Recent history and analysis of Linux<br />

threats, including crypto-miners,<br />

backdoors and botnets<br />

Advanced, targeted Linux threats,<br />

including HiddenWasp and QNAPCrypt<br />

Reasons <strong>for</strong> low Linux detection rates<br />

Mitigation recommendations and the<br />

importance of code reuse detection<br />

19


Top Ten Requirements <strong>for</strong><br />

Managed Security Services<br />

Providers<br />

By John Humphreys, Senior Vice President, Proficio<br />

According to research by the Ponemon<br />

Institute, cybercrime is increasing significantly<br />

and the cost of the average data breach has<br />

risen to a $3.92 million. With security threats<br />

becoming more prevalent and more costly, many<br />

organizations are choosing to partner with a<br />

Managed Security Services Provider (MSSP) as<br />

an extension of their internal security team.<br />

MSSPs provide 24/7 Security Operations<br />

Centers (SOCs), efficient workflows that improve<br />

time to remediation <strong>for</strong> security issues, access to<br />

security expertise, research and threat<br />

intelligence, and significant cost savings and<br />

scalability. While the benefits of partnering with<br />

an MSSP are wide ranging, choosing an MSSP<br />

is a complex decision <strong>for</strong> many organizations.<br />

Following are the top ten requirements you<br />

should look <strong>for</strong> in an MSSP…<br />

Advanced Threat Detection. Industry leading<br />

MSSPs use a combination of people and<br />

technology to accurately detect and prioritize<br />

indicators of attack or compromise. Components<br />

of advanced threat detection include 24/7<br />

investigations by security analysts, customized<br />

SIEM use cases, business context modeling,<br />

threat intelligence profiling and AI-based threat<br />

hunting models.<br />

Managed Detection and Response. Managed<br />

detection and response (MDR) services will<br />

assist your team by leveraging technologies at<br />

the perimeter, core and endpoint to detect and<br />

contain threats both in on-premise and cloudbased<br />

environments. MDRs also offer<br />

vulnerability management and extensive<br />

incident response services.<br />

Security Orchestration and Automated<br />

Response. Automation or semi-automation is<br />

required to quickly contain high-fidelity security<br />

events and allow time <strong>for</strong> incident responders to<br />

investigate and remediate threats be<strong>for</strong>e they<br />

cause damage.<br />

Risk Scoring. MSSPs should provide their clients<br />

with security dashboards and data that show<br />

each client’s risk compared to their peer group.<br />

They can also provide their clients with visibility<br />

into their security posture to help identify blind<br />

spots.<br />

Full Lifecycle Management. Many organizations<br />

lack the resources to manage their security<br />

products and keep them running to vendor<br />

recommended standards. MSSPs with the<br />

20


capability to manage or co-manage these<br />

devices help off-load IT teams to do more<br />

important tasks while maximizing the value of<br />

next generation tools.<br />

Dedicated Client Success Team. In addition to<br />

the support of a 24/7 security team, MSSPs<br />

should assign their clients a client success team<br />

that is focused on account management and<br />

strategic security advisory functions, ultimately<br />

understanding and supporting both the business<br />

and technical needs of the organization<br />

throughout the relationship.<br />

Flexibility and Customization. Every organization<br />

is unique, and an MSSP should be able to<br />

customize their services to the needs of each<br />

organization they work with. Flexibility spans<br />

customizing use cases, reports, dashboards,<br />

escalation rules, incident response actions and<br />

more - all required to meet each organizations’<br />

requirements. Mapping the managed security<br />

service to each organizations’ needs improves<br />

the quality of cyber defense and minimizes<br />

operational disruption.<br />

Powerful Case Management. MSSPs should<br />

provide access to an enterprise-class ITSM tool<br />

<strong>for</strong> case management and workflow automation.<br />

This allows <strong>for</strong> better visibility into the MSSP’s<br />

actions and tighter integration between the client<br />

and MSSP’s security team.<br />

SOC Type 2 Compliance. An MSSP should<br />

complete an annual audit to demonstrate that it<br />

follows strict in<strong>for</strong>mation security policies and<br />

procedures that encompass the security,<br />

availability, and confidentiality of customer data.<br />

There is much to consider when evaluating a<br />

managed security service provider - after all,<br />

you're placing your company's security posture<br />

in the hands of a third-party provider.<br />

Undertaking a thorough review of an MSSP’s<br />

capabilities reduces the chance of surprises and<br />

keeps your peace of mind going <strong>for</strong>ward.<br />

About the Author<br />

John Humphreys is a<br />

Senior Vice President<br />

at Proficio, an awardwinning<br />

Managed<br />

Security Service<br />

Provider (MSSP)<br />

offering Managed<br />

Detection and<br />

Response (MDR).<br />

John has more than<br />

twenty years of<br />

experience defining<br />

and executing breakthrough marketing<br />

strategies <strong>for</strong> IT in<strong>for</strong>mation solution providers.<br />

<strong>Global</strong> SOC Operations. <strong>Global</strong> MSSPs offer<br />

both continuity of operations and unrivaled<br />

visibility into advanced threats. Their 24/7<br />

operations, combined with the volume and<br />

breadth of their client base, allows global MSSPs<br />

to see more advanced threats on a recurring<br />

basis and puts them in a stronger position to<br />

respond quickly.<br />

21


Migrating to Office 365 with<br />

iboss cloud<br />

Migrating to Office 365 increases productivity<br />

and makes an organization more agile by<br />

providing business critical applications and data<br />

to all users from anywhere in the world. The<br />

iboss cloud is designed <strong>for</strong> Office 365 to ensure<br />

a seamless coexistence between business<br />

productivity and security.<br />

Office 365 with iboss cloud<br />

Overview<br />

The volume of data and applications available to<br />

users in the cloud will require more bandwidth<br />

than ever. To ensure users are productive in the<br />

office or on the road, fast connections to Office<br />

365 in the cloud are mandatory. The iboss cloud<br />

eases migrations to Office 365 by providing<br />

Internet security directly in the cloud. This<br />

reduces bandwidth costs dramatically by<br />

eliminating the need to send data through<br />

appliances hosted at company data centers and<br />

increases user productivity by providing fast<br />

connections directly between users and Office<br />

365.<br />

Cloud-based Internet security that follows users<br />

to ensure consistent protection while users work<br />

in the office, on the road or at home<br />

Cloud-based Internet security allows users to<br />

access Office 365 without having to send data<br />

back through central offices or data centers<br />

which host security appliances <strong>for</strong> protection<br />

Eliminating the need to send data through<br />

company owned connections reduces costs<br />

substantially as bandwidth is removed from<br />

company paid connections<br />

Eliminating the need to backhaul data to<br />

centrally hosted appliances increases<br />

connection speeds to Office 365 as data<br />

exchanges directly between users and the cloud<br />

which increases productivity<br />

Automatically synchronized with Microsoft so<br />

that all Microsoft domains, IP Addresses and<br />

Office 365 signatures are automatically updated<br />

to ensure Office 365 is never interrupted<br />

CASB controls <strong>for</strong> Office 365 within iboss cloud<br />

allow <strong>for</strong> the en<strong>for</strong>cement of Office 365 tenant<br />

restrictions <strong>for</strong> compliance<br />

Features within iboss cloud specifically designed<br />

<strong>for</strong> Office 365 ensure Office 365 connections are<br />

never interrupted while user Internet<br />

22


connections are protected <strong>for</strong> compliance,<br />

malware and Data Loss Prevention<br />

The Office 365 suite is included at no additional<br />

cost in all iboss cloud subscriptions<br />

Figure 1 - Gain visibility and control over cloud<br />

application use with iboss and Microsoft<br />

Office 365 Migration Challenges<br />

As your organization moves from on-prem email<br />

and applications to Office 365 which runs in the<br />

cloud, new challenges are presented related to<br />

technology and costs:<br />

• Office 365 runs in the cloud and requires<br />

fast connections and large amounts of<br />

bandwidth. Security proxy appliances<br />

that are in place can quickly become<br />

saturated, reducing network speeds and<br />

impacting user productivity.<br />

• Office 365 can be accessed by users<br />

from anywhere. Backhauling or<br />

hairpinning user.<br />

traffic while they are remote back through the<br />

organization’s network be<strong>for</strong>e going to Office<br />

365 results in a variety of unsustainable<br />

challenges:<br />

• The amount of bandwidth running<br />

through the organization’s network will<br />

quickly increase due to this additional<br />

traffic resulting in substantial bandwidth<br />

costs.<br />

• The number of proxy appliances hosted<br />

at headquarters will drastically need to<br />

increase due to the extra load from<br />

mobile and remote users resulting in<br />

substantial costs.<br />

• The user experience will be poor as data<br />

traverses back to headquarters be<strong>for</strong>e<br />

23


heading to Office 365 causing extra hops<br />

and latency.<br />

• This design principal goes against<br />

Microsoft’s recommendations which<br />

state that data should traverse directly<br />

from users to Office 365 in order <strong>for</strong><br />

Microsoft to optimize connectivity.<br />

• IP login restrictions and Zero Trust<br />

become difficult to en<strong>for</strong>ce if users are<br />

connected directly to Office 365 while<br />

they are remote since their IP address<br />

does not originate from the organization’s<br />

network. This reduces an organization’s<br />

security posture.<br />

Applying Internet security, which includes<br />

compliance, malware defense and data loss,<br />

becomes increasingly difficult as the security<br />

technology may interfere with connections to<br />

Office 365 resulting in end-user frustration and<br />

IT overhead.<br />

The iboss cloud is built <strong>for</strong> Office<br />

365<br />

The iboss cloud is designed <strong>for</strong> Microsoft Office<br />

365 and solves the complex security challenges<br />

of migrating to Office 365 easily. Using in the<br />

cloud security allows users to connect directly<br />

with Office 365 which reduces bandwidth costs<br />

and increases speeds resulting in a great user<br />

experience and higher productivity.<br />

Native iboss cloud CASB support <strong>for</strong> Office 365<br />

tenant restrictions ensures compliance and<br />

security. In addition, the containerized<br />

architecture of iboss cloud allows <strong>for</strong> dedicated<br />

IP addresses that can be used to en<strong>for</strong>ce Zero<br />

Trust and IP login restrictions regardless of user<br />

location.<br />

Eliminate Data Backhaul and<br />

Hairpinning with in the Cloud<br />

Security<br />

Since users are always connected to iboss cloud<br />

regardless of location, consistent security can be<br />

applied to their connections at all times including<br />

compliance, malware defense and data loss<br />

prevention. The iboss cloud follows users and<br />

protects data as it traverses to and from the<br />

cloud, including Office 365, without the need to<br />

send data back through the organization’s<br />

network <strong>for</strong> security. Data will flow directly from<br />

an organization’s users to Office 365 whether<br />

they are in the office, on the road or working from<br />

home. Elasticity and horizontal scaling allows the<br />

iboss cloud to process infinite amounts of data<br />

so that connections are always fast and reliable<br />

to ensure user productivity. Since iboss cloud is<br />

delivered as a SaaS offering, scaling is<br />

automatic and completely abstracted from users<br />

and administrators eliminating the IT overhead<br />

typically involved with securing increasing<br />

amounts of bandwidth.<br />

Eliminate Increasing Bandwidth<br />

Costs Related to an Office 365<br />

Migration<br />

As bandwidth consumption increases with the<br />

use of the vast array of Office 365 capabilities,<br />

including Sharepoint, this bandwidth is offloaded<br />

from the organization’s network and processed<br />

directly by iboss cloud. Users can consume as<br />

much bandwidth as needed without adding<br />

additional strains or costs to the organization’s<br />

budget. This also results in financial predictability<br />

as bandwidth continues to increase over time.<br />

Ensure Internet Security Never<br />

Interferes with Office 365<br />

With so much business already relying on<br />

Microsoft, a move to Office 365 may bring fears<br />

24


of business interruption. The iboss cloud has all<br />

of the features and settings to ensure that Office<br />

365 runs smoothly while Internet security is<br />

being applied to users at all times. Simple<br />

settings take care of properly handling all Office<br />

365 connections so that they are never<br />

interrupted and flow as fast as possible between<br />

users and Microsoft. In addition, all domains, IP<br />

Addresses and signatures are automatically<br />

synchronized between iboss cloud and Microsoft<br />

which eliminates the burden of maintaining and<br />

updating Office 365 domain entries that are<br />

typically required in other solutions.<br />

Gain Financial Predictability by<br />

Eliminating the Need to Purchase<br />

More Security Appliances<br />

As bandwidth exponentially increases with the<br />

use of cloud applications and Office 365, the<br />

number of gateway security proxies will have to<br />

increase as well. This also results in additional<br />

network complexity costs as increasing<br />

bandwidth leads to network load balancers and<br />

IT staff that can manage them. The iboss cloud<br />

runs in the cloud and eliminates costs and<br />

network complexity by automatically scaling in<br />

the cloud as demands increase. The autoscaling<br />

capability of iboss cloud abstracts this<br />

burden from IT administrators and eliminates<br />

infrastructure line items from the budget, repurposing<br />

those dollars in other areas.<br />

Increase User Productivity<br />

As users work in Office 365, the need to access<br />

files in Sharepoint, email and other applications<br />

requires fast connections. Slow connections<br />

result not only in user frustration, but lost<br />

productivity which is a large organizational cost.<br />

The cost is not only financial due to increasing<br />

labor rates, but also puts the organization at a<br />

disadvantage to those organizations who can<br />

compete faster with the Office 365 suite.<br />

En<strong>for</strong>ce Office 365 Tenant<br />

Restrictions<br />

Office 365 tenant restrictions ensure users are<br />

connected to the appropriate Office 365 domain<br />

to prevent inadvertent data loss and other<br />

compliance issues. The iboss cloud natively<br />

includes the ability to en<strong>for</strong>ce Office 365 tenant<br />

restrictions with a few simple clicks. The iboss<br />

cloud will en<strong>for</strong>ce the Office 365 tenant<br />

restrictions at all times, regardless of whether the<br />

user is in the office or on the road.<br />

En<strong>for</strong>ce Zero Trust and IP login<br />

Restrictions<br />

En<strong>for</strong>cing IP login restrictions is easily<br />

accomplished with iboss cloud. This is due to<br />

iboss cloud’s containerized architecture which<br />

natively includes dedicated non-changing IP<br />

Addresses that can be used to restrict access to<br />

Office 365 and Okta login portals. This includes<br />

the ability to en<strong>for</strong>ce IP login restrictions when<br />

users are outside of the office, including while<br />

they work on the road or from home.<br />

How It Works<br />

Taking advantage of the vast Office 365<br />

capabilities within iboss cloud is easy. To get<br />

started:<br />

1. Get an active iboss cloud account<br />

2. Connect users to the iboss cloud using one of<br />

the many cloud connectors. This connects users<br />

to iboss cloud regardless of location.<br />

3. If users are connected to the main office with<br />

a VPN, use VPN split tunneling to send all<br />

Internet bound traffic directly to the cloud via<br />

iboss cloud instead of backhauling this traffic<br />

back through the organization’s network<br />

4. Enable the Office 365 features<br />

25


Feature Highlights<br />

Office 365 Native Integration Features<br />

Simply enable Office 365 support within iboss<br />

cloud, and compatibility with Office 365 is<br />

automatically handled. The iboss cloud<br />

synchronizes with Microsoft Office 365 to ensure<br />

data mappings and signatures are up to date to<br />

optimize the flow of traffic between users and<br />

Microsoft Office 365. There is no administrative<br />

overhead and synchronization is automatic and<br />

transparent to users and IT staff.<br />

Office 365 Tenant Restrictions<br />

En<strong>for</strong>cing Office 365 tenant restrictions is easily<br />

accomplished within iboss cloud. To accomplish<br />

this, enable tenant restrictions within the iboss<br />

cloud single pane of glass admin interface. Then<br />

configure which domains Office 365 should be<br />

restricted to and enter the Microsoft Multi-Tenant<br />

Context code provided by Microsoft. The iboss<br />

cloud will automatically handle en<strong>for</strong>cing the<br />

tenant restrictions <strong>for</strong> the group of users. The<br />

iboss cloud also has the unique ability to en<strong>for</strong>ce<br />

different tenant restrictions to different groups of<br />

users <strong>for</strong> more advanced Office 365<br />

deployments.<br />

Pricing<br />

Office 365 Features and Integration<br />

Microsoft Office 365 features and integration is<br />

included at no additional cost with every iboss<br />

cloud subscription.<br />

About iboss<br />

iboss is a cloud security company that provides<br />

organizations and their employees secure<br />

access to the Internet on any device, from any<br />

location, in the cloud. This eliminates the need<br />

<strong>for</strong> traditional security appliances which are<br />

ineffective at protecting a cloud-first and mobile<br />

world. Leveraging a purpose-built cloud<br />

architecture, iboss is designed to make<br />

transitioning from security appliances to cloud<br />

security a seamless process. iboss is trusted by<br />

more than 4000 organizations worldwide, spans<br />

over 100 points of presence globally and is<br />

backed by over 110 patents. To learn more,<br />

visit https://www.iboss.com<br />

26


9 <strong>Cyber</strong>security Metrics + KPIs to Track<br />

You’ve invested in cyber security, but are you<br />

tracking your ef<strong>for</strong>ts? Are you tracking metrics<br />

and KPIs? If you’re not, you’re not alone.<br />

A report by PwC found that just 22 percent of<br />

chief executives believe that their risk exposure<br />

data is comprehensive enough to in<strong>for</strong>m their<br />

decisions. This statistic has remained<br />

unchanged <strong>for</strong> the past 10 years. Other recent<br />

reports back this up — a report by EY shows that<br />

36 percent of organizations in the financial<br />

services sector are worried about “non-existent<br />

or very immature” metrics and reporting when it<br />

comes to cyber security ef<strong>for</strong>ts.<br />

These are organizations that, in some cases,<br />

have spent millions on cyber security <strong>for</strong> the<br />

sake of compliance. However, they are not<br />

maximizing their infosec investment by<br />

measuring their ef<strong>for</strong>ts.<br />

The importance of cyber security<br />

metrics<br />

You can’t manage what you can’t measure. And<br />

you can’t measure your security if you’re not<br />

tracking specific cyber security KPIs. <strong>Cyber</strong><br />

security benchmarking is an important way of<br />

keeping tabs on your security ef<strong>for</strong>ts. You need<br />

to be tracking cyber security metrics <strong>for</strong> two<br />

important reasons:<br />

Seeing the whole picture when it comes to<br />

infosec: If you’re not tracking key per<strong>for</strong>mance<br />

indicators (KPIs) and key risk indicators (KRIs),<br />

you won’t be able to clearly understand how<br />

effective your cyber security ef<strong>for</strong>ts have been,<br />

or how they’ve improved (or declined) over time.<br />

Without solid historical data to rely on, you won’t<br />

be able to make in<strong>for</strong>med cyber security<br />

decisions going <strong>for</strong>ward. Instead, you’ll just be<br />

making decisions blindly.<br />

Communicating with business<br />

stakeholders: Without good cyber security<br />

metrics, you won’t be able to make a case <strong>for</strong><br />

your infosec ef<strong>for</strong>ts — or budget — when you<br />

talk to your organization’s leadership or board<br />

members.<br />

You need cyber security benchmarking that tells<br />

a story, especially when you’re giving a report to<br />

your non-technical colleagues. The KPIs you<br />

choose should be clear, relevant, and give a full<br />

picture of your organization’s cyber security.<br />

You may also need to choose benchmarks <strong>for</strong><br />

your vendors and other third parties, who have<br />

access to your networks and can expose your<br />

organization to risk.<br />

<strong>Cyber</strong> security KPIs to track<br />

Below are some examples of clear metrics you<br />

can track and easily present to your business<br />

stakeholders.<br />

Level of preparedness: How many devices on<br />

your network are fully patched and up to date?<br />

27


Unidentified devices on the internal<br />

network: Your employees bring their devices to<br />

work, and your organization may be using<br />

Internet of Things (IoT) devices that you’re<br />

unaware of. These are huge risks <strong>for</strong> your<br />

organization as these devices are probably not<br />

secure. How many of these devices are on your<br />

network?<br />

Intrusion attempts: How many times have bad<br />

actors tried to breach your networks?<br />

Mean Time to Detect (MTTD): How long do<br />

security threats fly under the radar at your<br />

organization? MTTD measures how long it takes<br />

<strong>for</strong> your team to become aware of a potential<br />

security incident.<br />

Mean Time to Resolve (MTTR): How long does<br />

it take your team to respond to a threat once your<br />

team is aware of it?<br />

Days to patch: How long does it take your team<br />

to implement security patches? <strong>Cyber</strong>criminals<br />

often exploit lags between patch releases and<br />

implementation.<br />

<strong>Cyber</strong> security awareness training results: Who<br />

has taken (and completed) training? Did they<br />

understand the material?<br />

credentials, and social engineering). Based on<br />

these 10 factors, your then assigned an overall<br />

grade, so you and your colleagues can see at a<br />

glance how secure your company is relative to<br />

the rest of your industry.<br />

Choosing your cyber security<br />

metrics<br />

There is no hard and fast list of the cyber security<br />

KPIs and KRIs all businesses should be tracking.<br />

The metrics you choose will depend, in large<br />

part, on your organization’s needs and its<br />

appetite <strong>for</strong> risk.<br />

That said, you will want to choose metrics that<br />

are clear to anyone who looks at your reporting.<br />

A good rule of thumb is this: your business-side<br />

colleagues should be able to understand them<br />

without having to call you <strong>for</strong> an explanation. So,<br />

you’ll want to avoid squishy KPIs — metrics that<br />

might have a large margin <strong>for</strong> error — or esoteric<br />

metrics that don’t make sense to your businessside<br />

colleagues.<br />

Number of cyber security incidents reported: Are<br />

users reporting cyber security issues to your<br />

team? That’s a good sign, because it means the<br />

employees and other stakeholders recognize<br />

issues. It also means your training is working.<br />

Security ratings: Often the easiest way to<br />

communicate metrics to non-technical<br />

colleagues is through an easy-to-understand<br />

score. SecurityScorecard’s security posture<br />

score gives your company a simple A-F letter<br />

grade on 10 security categories (network<br />

security, DNS health, patching cadence, cubit<br />

score, endpoint security, IP reputation, web<br />

application security, hacker chatter, leaked<br />

You may want to track a combination of different<br />

sorts metrics: technical security metrics,<br />

recovery metrics like backups, and non-technical<br />

metrics, like employee security training.<br />

Lastly, and most importantly, your cyber security<br />

benchmarking should communicate something<br />

important about your organization’s security to<br />

business leaders.<br />

28


About the Author<br />

How Security Scorecard can help<br />

SecurityScorecard’s security ratings allow you<br />

and your organization’s business stakeholders<br />

to enables users to continuously monitor the<br />

most important cyber security KPIs <strong>for</strong> your<br />

company and your third parties. The software<br />

automatically generates a recommended action<br />

plan when any issues are discovered and clearly<br />

shows your historical data.<br />

By monitoring the cyberhealth of your extended<br />

enterprise, you’ll be able to collect data on your<br />

cyber security ef<strong>for</strong>ts and make in<strong>for</strong>med<br />

security decisions in the future.<br />

Michelle Wu is the Senior Director of Product<br />

Marketing at SecurityScorecard and is<br />

responsible <strong>for</strong> all aspects of the go-to-market<br />

strategy. She has 15+ years of experience in<br />

marketing, sales enablement and training.<br />

Prior to joining SecurityScorecard she was the<br />

Product Marketing Director <strong>for</strong> the Intralinks<br />

Banking and Securities vertical. Be<strong>for</strong>e that, she<br />

was an investment banker at HSBC focused on<br />

capital markets origination working across<br />

various product groups in New York, Hong Kong<br />

and Japan.<br />

29


The Instant<br />

Gratification Risk<br />

By Javvad Malik<br />

It feels like a different life when instant messages<br />

were not part of daily life. If one wanted to send<br />

a document or similar, they would resort to<br />

posting it via traditional mail. They would then<br />

Contrast that with today, where people not only<br />

expect a message to be delivered almost<br />

instantly, but they want to be notified as soon as<br />

the recipient has opened and read it.<br />

Is patience a thing of the past? Well, not quite.<br />

Resisting the temptation to fulfil a desire<br />

immediately is deep-rooted in human behaviour.<br />

Although modern technology has made the issue<br />

worse <strong>for</strong> some.<br />

The Marshmallow Experiment<br />

To understand this better, we need to take a trip<br />

down memory lane to the 1960’s at Stan<strong>for</strong>d<br />

University where Professor Walter Mischel<br />

placed a marshmallow in front of young children<br />

<strong>for</strong> 15 minutes.<br />

post it, and wait a couple of days <strong>for</strong> it to be<br />

delivered. Then wait patiently <strong>for</strong> another few<br />

days <strong>for</strong> a response.<br />

The children were not <strong>for</strong>bidden from eating the<br />

marshmallow, but, if they could resist eating it <strong>for</strong><br />

15 minutes, they would receive two.<br />

This experiment was repeated over many years,<br />

and the children followed up with. It appeared<br />

that children who had resisted temptation were<br />

on the whole more balanced in later life. They<br />

displayed higher self-esteem, had better grades,<br />

and were less likely to abuse substances.<br />

It demonstrated that those who are able to delay<br />

gratification make better life choices.<br />

Instant Tech<br />

In many ways, technology hasn’t helped those<br />

struggling to control their biggest desires. We no<br />

longer need to wait <strong>for</strong> photographs to be sent<br />

off to be developed be<strong>for</strong>e we can see the end<br />

result. Neither do we have to wait to<br />

30


communicate with people on the other side of the<br />

world, or be held to the schedule of TV, rather<br />

being able to watch whichever shows we want,<br />

whenever we want. Which has led to the rise of<br />

“binge watching” of shows.<br />

It’s also made attention spans grow shorter.<br />

Congratulations if you’ve made it this far into this<br />

post, many people would have been distracted<br />

by now by an email, or other notification on their<br />

mobile device. In fact, according to Time, 55<br />

percent of people spend fewer than 15 seconds<br />

on a page.<br />

OK, so where's the risk?<br />

Patience is a rare thing to find in the digital world.<br />

People huff and puff, and tweet horrible things if<br />

they are made to wait <strong>for</strong> what they would deem<br />

an unreasonable amount of time.<br />

It's this impatience, or yearning <strong>for</strong> instant<br />

gratification that many scammers, fraudsters,<br />

and online criminals prey on.<br />

Phishing emails use such tactics all the time,<br />

"Click here to see these shocking photos of the<br />

latest Tesla be<strong>for</strong>e it gets pulled" or "Make your<br />

machine run faster".<br />

But it extends further than that. When the latest<br />

Marvel summer blockbuster comes out,<br />

criminals look to put fake malware-ridden movie<br />

downloads online.<br />

Similarly, we see the pre-release of malicious<br />

mobile apps in gaming stores which entice users<br />

to be among the first to get a game.<br />

Humans, unlike machines can get impatient, be<br />

enticed or have a bad day where they are not<br />

paying attention. It is why phishing remains the<br />

most popular tactic of attackers.<br />

Good things come to those who wait, and it’s<br />

important <strong>for</strong> companies to rein<strong>for</strong>ce the fact into<br />

its employees, that no matter how tempting or<br />

urgent something appears, taking a step back<br />

and resisting the urge to immediately click on<br />

that link or download the video can be the<br />

difference between what’s best <strong>for</strong> you, or the<br />

criminals.<br />

Getting the message across<br />

It’s all well and good saying that we should<br />

educate users on the risks and dangers that exist<br />

and get them to think about issues. But one of<br />

the big challenges in this regard is getting the<br />

right content in front of them, and trying to ensure<br />

the content is understood and acted upon.<br />

I wish I could conclude with there being some<br />

kind of <strong>for</strong>mula or one-size-fits-all program or<br />

content strategy <strong>for</strong> that. But un<strong>for</strong>tunately, that<br />

is not the case. However, we should think about<br />

our content strategy and delivery in a way that<br />

takes into consideration the external factors such<br />

as battling against notifications from mobile<br />

devices which take away attention, and pull<br />

people towards instant gratification.<br />

But I will leave with what I believe to be a great<br />

example of how you can hack the system with a<br />

few simple tricks. Stand-up comedian Andrew<br />

Schulz explained in his Tedx Columbus talk that<br />

he was having trouble breaking into the comedy<br />

scene. So, he created what many comedians do,<br />

he recorded a one-hour special.<br />

Un<strong>for</strong>tunately, he didn’t get much interest from<br />

any of the comedy clubs or distributors. So, he<br />

undertook some market research by asking<br />

friends about comedians they watch. Nearly all<br />

of them had the same unanimous reply, “I love x<br />

comedian, but I’ve not seen the entire show yet.”<br />

At this point, Schulz realised his problems<br />

weren’t that his jokes weren’t funny enough, it’s<br />

that he was competing against a much shorter<br />

31


attention span. So, he took his one-hour special<br />

and broke it into very small clips and uploaded<br />

them all online.<br />

About the Author<br />

The result was that he found a massive surge in<br />

interest because people would watch one short<br />

clip, which only asked <strong>for</strong> a few minutes of<br />

attention. And because they enjoyed it, they<br />

would watch another, and another, and end up<br />

binge watching his comedy <strong>for</strong> many hours.<br />

That’s one way of breaking the system to get<br />

through to an audience. Maybe we need to start<br />

looking at challenges in the same way, and start<br />

designing products and education in the same<br />

manner.<br />

Javvad Malik is a Security Awareness Advocate<br />

at KnowBe4, a blogger event speaker and<br />

industry commentator who is possibly best<br />

known as one of the industry’s most prolific video<br />

bloggers with his signature fresh and lighthearted<br />

perspective on security that speak to<br />

both technical and non-technical audiences<br />

alike. Prior to joining KnowBe4, Javvad was<br />

security advocate at AlienVault. Be<strong>for</strong>e then, he<br />

was a Senior Analyst at 451’s Enterprise<br />

Security Practice (ESP), providing in-depth,<br />

timely perspective on the state of enterprise<br />

security and emerging trends in addition to<br />

competitive research, new product and go-tomarket<br />

positioning, investment due diligence<br />

and M&A strategy to technology vendors, private<br />

equity firms, venture capitalists and end<br />

users. Prior to joining 451 Research, he was an<br />

independent security consultant, with a career<br />

spanning 12+ years working <strong>for</strong> some of the<br />

largest companies across the financial and<br />

energy sectors. As well as being an author and<br />

co-author on several books, Javvad was one of<br />

the co-founders of the Security B-Sides London<br />

conference. You can follow him on Twitter as<br />

@J4vv4D Reach KnowBe4 at<br />

http://www.knowbe4.com/<br />

32


Improving Work<strong>for</strong>ce<br />

Engagement in a Post<br />

M&A Environment<br />

By Gaurav Ranjit<br />

In the last decade, there has been an uptick in<br />

the volume of global Mergers & Acquisitions<br />

(M&A) and some of the factors attributed to this<br />

rise are as follows:<br />

• the increasing value of the dollar<br />

• improving economies of scale<br />

• rapidly changing industries and<br />

digitalization<br />

• need <strong>for</strong> expansion and diversification of<br />

the business portfolio<br />

• complement competency and resource<br />

• converging intra and inter-industry<br />

leading to vertical and horizontal M&A<br />

integration<br />

33


Most Mergers & Acquisitions have difficulties<br />

when meeting business goals due to culture<br />

differences. Hence, a change management<br />

strategy must be implemented by upper<br />

management, business executives, and human<br />

resources (HR) to integrate assets, business<br />

processes, products and services, operations,<br />

systems, and technology <strong>for</strong> the merged<br />

businesses.<br />

How can an organization enable and motivate<br />

the work<strong>for</strong>ce while retaining this important<br />

asset?<br />

There are many successful frameworks, best<br />

practices, and methods to help with M&A ef<strong>for</strong>ts,<br />

and a common enabler is the Post-Merger<br />

Integration (PMI) Checklist that covers some of<br />

the important identity access management (IAM)<br />

processes:<br />

• hiring and transfer processes<br />

• onboarding of work<strong>for</strong>ce (employees and<br />

contingent workers) and enrolling in<br />

benefits<br />

• accessing necessary technologies on<br />

day one (1)<br />

• offboarding of redundancies (work<strong>for</strong>ce<br />

access, job functions and roles)<br />

The checklist improves the value of the<br />

integration, but a common M&A challenge lies in<br />

managing, retaining, and engaging an<br />

organization’s work<strong>for</strong>ce (employee and<br />

contingent workers).<br />

Failure to implement an effective strategy on the<br />

part of the business and HR can:<br />

• have an adverse effect on work<strong>for</strong>ce<br />

retention due to uncertainty<br />

• negatively impact on business<br />

per<strong>for</strong>mance and operations, because of<br />

the inability to manage day-one access to<br />

critical systems, services, and products,<br />

and<br />

• allow competitive leverage to<br />

competitors.<br />

As best practice dictates, the strategy to improve<br />

the odds of success is to reduce the variability<br />

within the processes that require work<strong>for</strong>ce<br />

engagement.<br />

Work<strong>for</strong>ce Management:<br />

• access to work<strong>for</strong>ce day one (1) to critical<br />

applications and assets<br />

• connect to the work<strong>for</strong>ce (employee)<br />

employment benefits<br />

• request <strong>for</strong> access, permissions, and<br />

entitlements that are needed during and<br />

post-merger <strong>for</strong> the work<strong>for</strong>ce<br />

34


• provide availability of applications,<br />

in<strong>for</strong>mation, entitlements and<br />

permissions<br />

Identity Orchestrator (IO) can boost the<br />

work<strong>for</strong>ce and customer productivity postmergers<br />

and acquisition by 40%.<br />

Administration and Operations:<br />

• view of “who has access to what” in the<br />

merger or acquired entities<br />

• insight and intelligence into work<strong>for</strong>ce<br />

onboarding, offboarding, and<br />

provisioning activities, visually<br />

• manage delegated administration<br />

Simeio’s identity-as-a-service (IDaaS) solution is<br />

built with all end-users in mind—employees,<br />

business partners, customers, citizens, security<br />

executives, and administrators. By providing an<br />

intuitive and user-friendly interface, Simeio’s<br />

Simeio’s IDaaS sets itself apart from the<br />

competitors with the following attributes:<br />

• Virtual Directory Service, which allows<br />

enterprises to rapidly aggregate<br />

disparate identity stores — removing the<br />

dependency on expensive and timely<br />

directory consolidation projects and<br />

mitigating against the risk of merging<br />

disparate networks too quickly.<br />

• The ability to plug Simeio’s IDaaS into<br />

existing IAM tools and technology via the<br />

35


Simeio Identity Bridge<br />

a choice between existing Simeio’s<br />

IDaaS technology stack or preference of<br />

the merging entity complete cloud<br />

environment that is hosted, secured and<br />

managed by Simeio.<br />

• Comprehensive program management<br />

<strong>for</strong> your IAM solutions so your<br />

organization can focus on In<strong>for</strong>mation<br />

Technology (IT) consolidation and<br />

merger ef<strong>for</strong>ts.<br />

• Enablement <strong>for</strong> Human Resources (HR)<br />

and change management the leverage to<br />

focus ef<strong>for</strong>ts on onboarding, redundancy<br />

elimination, process consolidation ef<strong>for</strong>ts<br />

over time, and track ef<strong>for</strong>t spent on<br />

managing work<strong>for</strong>ce engagement.<br />

Overall, the critical focus <strong>for</strong> entities in a post-<br />

M&A phase is to eliminate operational<br />

variance, improve in<strong>for</strong>mation and resources<br />

to end-users, and manage work<strong>for</strong>ce<br />

engagement proactively.<br />

If you are interested in learning more about<br />

Simeio’s IDaaS solutions <strong>for</strong> Work<strong>for</strong>ce<br />

Engagement post-M&A activities,<br />

please contact us to speak with the advisory<br />

team.<br />

About The Author<br />

Gaurav Ranjit is a<br />

seasoned business<br />

professional with over<br />

10 years of experience<br />

in management<br />

consulting, strategic<br />

advisory, operations<br />

management and<br />

process trans<strong>for</strong>mation in a wide range of<br />

industries, with primary focus in the Financial &<br />

Banking, Health Care and Technology Sectors.<br />

A subject matter expert in the field of Identity &<br />

Access Management (IAM), he has provided<br />

business and consulting services to a number of<br />

global clients. His expertise lies in identifying<br />

business gaps, analyzing current state<br />

processes, and developing tactical (short term)<br />

and strategic (long term) recommendations to<br />

improve operational excellence. Gaurav has<br />

worked in two of the major Big 4 consulting firms<br />

(Deloitte and Ernst & Young) in an advisory<br />

capacity. He has been recognized consistently<br />

<strong>for</strong> exceptional team collaboration, highpressure<br />

per<strong>for</strong>mance, and leadership skills.<br />

36


To Catch a<br />

Criminal, Set a<br />

Trap<br />

<strong>Cyber</strong> Detection Made Deceptively Simple<br />

By Carolyn Crandall, Chief Deception Officer, Attivo Networks<br />

37


Much has quietly evolved with deception<br />

technology over the last few years as it quietly<br />

established its presence within business, OT,<br />

and government networks as a primary innetwork<br />

threat visibility and detection control.<br />

The technology has seen marquis coverage at<br />

Gartner Security Summits, keynotes and panels<br />

at CISO-focused seminars and industry events.<br />

By using deception to set traps and lures<br />

throughout a network, attacker dwell time is<br />

reduced, company-centric threat intelligence<br />

gathered, and incident response automated.<br />

Although customers remain tight-lipped about<br />

their use of the technology, industry surveys<br />

reveal that deception technology is the number 2<br />

priority on CISOs lists of technologies being<br />

research, only slightly behind zero-trust<br />

solutions. Plus, users of deception technology<br />

are reporting an average of 5.5 days dwell time,<br />

a 90%+ improvement over the cited 78+ day<br />

industry average. A high confidence in detecting<br />

threats is recorded along with deception being<br />

listed as their top choice in security controls <strong>for</strong><br />

accurately detecting insider threats, as<br />

compared to 13 other security solutions.<br />

Setting a trap <strong>for</strong> a criminal is a straight<strong>for</strong>ward<br />

concept. However, there are some<br />

misconceptions that around believability,<br />

scalability and ease of operations that<br />

cybercriminals would like you to continue to<br />

believe. Commercial-grade deception<br />

technology addresses the critical requirements<br />

<strong>for</strong> being attractive, believable, and scalable as<br />

well as delivering capabilities that make it a far<br />

cry from merely being a fancy honeypot.<br />

Additionally, deception provides the unique<br />

ability to slow down an attacker by <strong>for</strong>cing them<br />

to decipher real from fake, question the reliability<br />

of their tools, and to impact the economics of<br />

their attack negatively. Let’s break down the<br />

technology changes and how it works.<br />

The primary use case <strong>for</strong> a cyber deception<br />

plat<strong>for</strong>m (CDP) centers on early detection.<br />

Specifically, deception detects attackers be<strong>for</strong>e<br />

they can move laterally off of their first system,<br />

spread throughout the network, or, compromise<br />

Active Directory. Deception starts with a mix of<br />

endpoint and network deceptions t and then add<br />

in additional application, and data deceptions<br />

designed to entice the attacker away from<br />

production assets.<br />

At Endpoints:<br />

Deception plays a valuable role in locking down<br />

the endpoint from lateral movement. It achieves<br />

this by placing deceptive credentials, file shares,<br />

and service redirections designed to lead<br />

attackers into the deception sandbox <strong>for</strong><br />

observation, alerting, and recording.<br />

In Clouds:<br />

Deception adds another layer of detection to<br />

cloud environments, providing visibility and<br />

detection into unauthorized activity and<br />

misconfigurations. The solution alerts on<br />

unauthorized attempts to access storage<br />

buckets, exploit server less functions, steal<br />

sensitive data, or conduct malicious activity.<br />

In the Network:<br />

Organizations create digital landmines within<br />

their networks with decoy assets that appear<br />

identical to the Windows, MAC, Linux, and IoT<br />

devices present or as attractive documents or<br />

applications. Deception management servers<br />

can deploy as appliances on-premises,<br />

virtualized, or (AWS, Azure, GCP, Oracle Cloud,<br />

etc.). Machine-learning automates the<br />

deployment, management, and orchestration of<br />

the deception environment by learning the<br />

network based on the traffic it observes.<br />

Organizations are also using deception as a<br />

primary detection control <strong>for</strong> IoT networks<br />

because it is not reliant on logs, anti-virus<br />

software, or agents. IoT/ICS deception supports<br />

38


a wide range of devices that include medical<br />

devices, printers, surveillance systems, energy<br />

substations, and more.<br />

Active Directory:<br />

In addition to providing Active Directory (AD)<br />

decoys, a modern innovation in deception adds<br />

attack prevention with the ability to intercept<br />

queries to AD, hide real data and system users,<br />

and insert deceptive results without interfering<br />

with production AD. This level of deception is a<br />

new and extremely valuable tool <strong>for</strong> a defender’s<br />

arsenal.<br />

Attack Path Visibility:<br />

Given the ability to learn the network, deception<br />

tools also provide visibility to misconfigurations<br />

and exposed credentials at the endpoints. This<br />

insight, not found in other vulnerability<br />

assessment tools, helps minimize risk by<br />

reducing the available attack surface and<br />

automating remediation of exposures.<br />

Fidelity-Alerts and Company-<br />

Specific Threat-Intelligence:<br />

Deception alerts have exceptional signal-tonoise-ratios<br />

since they activate on attacker<br />

engagement. Plus, the high-interaction<br />

deception environment gathers companyspecific<br />

threat intelligence by recording activities<br />

and policy violations and <strong>for</strong> safely studying the<br />

attack and collecting Tactics, Techniques, and<br />

Procedures (TTPs). Native integrations (firewall,<br />

SIEM, NAC, EDR, and orchestration tools) also<br />

extend existing security solution value and<br />

facilitate automated blocking, isolation, and<br />

threat hunting.<br />

accurate detection that requires minimal<br />

operational overhead. mMature organizations<br />

increase efficiencies in threat detection and<br />

investigation, as well as valuable context <strong>for</strong><br />

triage. Advanced organizations achieve strategic<br />

advantages in building pre-emptive defenses,<br />

automating intelligence gathering and incident<br />

response playbook operations.<br />

Standards are also incorporating deception:<br />

• The National Institute of Standards and<br />

Technology (NIST) draft policy 800-171b<br />

recommending deception <strong>for</strong> High-Value<br />

Assets holding sensitive in<strong>for</strong>mation.<br />

• The US Department of Energy granted<br />

funds to Pacific Northwest National Labs,<br />

in partnership with Attivo Networks to<br />

create a deeper level of deception <strong>for</strong><br />

cyber-physical-systems.<br />

• The <strong>Global</strong> <strong>Cyber</strong> Alliance (GCA) AIDE<br />

Plat<strong>for</strong>m enables IoT Device<br />

manufacturers to test security, identify<br />

and mitigate global attack risks in<br />

conjunction with Attivo Networks.<br />

With the cyber battlefield moving inside the<br />

network, deception and the act of setting traps<br />

<strong>for</strong> one’s adversary has quietly taken its place<br />

within the security stack. It is accurate,<br />

nonintrusive, and reliably detects in areas and<br />

works in ways that other security controls simply<br />

do not. And don’t be deceived; although it is<br />

deceptively simple to operate, it is also<br />

deceptively lethal <strong>for</strong> both human and automated<br />

adversaries.<br />

Organizations of all sizes are benefitting from<br />

deception-based detection. Smaller<br />

organizations gain immediate value with<br />

39


About the Author<br />

Carolyn Crandall is the Chief Deception Officer<br />

and CMO of Attivo Networks<br />

Carolyn has worked in her role at Attivo<br />

Networks since 2015 and has over 30 years of<br />

experience building emerging technology<br />

markets. She has a demonstrated track record of<br />

successfully taking companies from pre-IPO<br />

through to multi-billion-dollar sales and has held<br />

leadership positions at Cisco, Juniper Networks,<br />

Nimble Storage, Riverbed, and Seagate(i365).<br />

As Chief Deception Officer at Attivo Networks,<br />

she regularly speaks on security innovation at<br />

CISO <strong>for</strong>ums and other industry events. Crandall<br />

is recognized as a Top 25 Women in<br />

<strong>Cyber</strong>security, was inducted into the Hall of<br />

Femme by DMN, recognized as a Business<br />

Woman of the Year by CEO Today <strong>for</strong> 2 years in<br />

a row, is a Reboot Leadership Honoree, and a<br />

Power 100 Woman of the Channel by CRN <strong>for</strong> 9<br />

years. She has also been a guest on Fox News,<br />

is co-author of the book Deception-based Threat<br />

Detection - Shifting Power to the Defender, has<br />

presented at several conferences including<br />

CSO50, ISSA International, FS and H-ISAC, and<br />

has hosted multiple technology education<br />

webinars and podcasts.<br />

Crandall joined Attivo Networks based upon the<br />

company’s vision of modernizing cybersecurity<br />

defenses with deception technology. Deception<br />

has been used <strong>for</strong> millennia in military, sports,<br />

and gambling to outsmart adversaries and Attivo<br />

has now successfully brought this concept to<br />

cybersecurity in an ef<strong>for</strong>t to outmaneuver and<br />

derail the attacks of cyber criminals. This<br />

technology is actively being adopted across all<br />

major industries as a high-fidelity threat<br />

detection and visibility control that is designed to<br />

reduce attacker dwell time (time an attacker<br />

remains undetected) and to gather adversary<br />

intelligence that can be critical <strong>for</strong> understanding<br />

the attack, accelerating incident response, and<br />

<strong>for</strong>tifying defenses.<br />

Carolyn can be reached online at<br />

Carolyn@Attivonetworks.com<br />

https://www.linkedin.com/in/cacrandall/<br />

https://twitter.com/AttivoNetworks<br />

and at our company website<br />

https://attivonetworks.com/<br />

40


Maximizing Efficiency by<br />

Meeting <strong>Cyber</strong>security Pros<br />

Where They Are<br />

Regardless of role, the browser remains to common operating environment<br />

By The Recorded Future Team<br />

41


Refining Data into Intelligence<br />

One of the biggest challenges in cybersecurity<br />

today is how to manage and make sense of the<br />

huge volume of data coming into networks of<br />

disparate systems. Security alerts, vulnerability<br />

scan data, lists of malicious file hashes, and<br />

more compete <strong>for</strong> attention every day<br />

(sometimes it feels like every minute), making it<br />

difficult to know what to focus on and what to<br />

ignore. A recent report by the Ponemon Institute<br />

estimated that, on average, analysts spend<br />

about 25% of their time chasing false positives.<br />

Not only is there too much data, but there isn’t<br />

enough in<strong>for</strong>mation to quickly categorize and<br />

prioritize.<br />

It can be easy <strong>for</strong> security teams to be<br />

overwhelmed. Whether it’s SIEM data,<br />

vulnerability scan in<strong>for</strong>mation, alerts, and of<br />

course, the usual emails, security professionals<br />

are constantly weeding through data points,<br />

trying to figure out where to focus first <strong>for</strong><br />

maximum risk reduction. External context from<br />

threat intelligence is one way to understand what<br />

to prioritize first, but this in<strong>for</strong>mation is often<br />

siloed in one part of the organization and not<br />

accessible to all.<br />

The Many Faces of <strong>Cyber</strong>security<br />

The problem of too much data and not enough<br />

context is one shared across all security<br />

functions — whether it’s security operations,<br />

incident response, vulnerability management,<br />

brand monitoring, or even at the executive level,<br />

security professionals are overwhelmed with<br />

data. Worse, threat intelligence, which does<br />

provide context, is often treated as yet another<br />

individual function rather than an essential<br />

component of each. The result is that many of<br />

the people who would benefit the most from<br />

threat intelligence don’t have access to it when<br />

they need it.<br />

There is a sizable and growing body of evidence<br />

to support predictions of a massive cyber skills<br />

shortage. Some estimates put the total number<br />

of positions doomed to go unfilled in the millions.<br />

For those already in the industry, and especially<br />

those responsible <strong>for</strong> security at smaller<br />

organizations, that results in a lot of crosstraining<br />

and dual-hatting. Network administrators<br />

may be required to conduct activities typically<br />

reserved <strong>for</strong> security operations analysts.<br />

Incident responders may have to conduct their<br />

own intelligence analysis. Considering the many<br />

varied functions of cybersecurity, it is no wonder<br />

that getting the entire organization on the same<br />

page can be so difficult.<br />

With so many different positions dealing with so<br />

much data, the industry has increasingly been in<br />

need of a good way to unify and simplify things.<br />

Recorded Future surveyed customers about this<br />

very problem and realized that nearly all of their<br />

solutions had something in common. Whether<br />

SaaS-based or on-prem, nearly all alerts and<br />

threat analysis came through the browser.<br />

Seeing the opportunity, the team got to work<br />

developing a lightweight, browser-based<br />

solution that scans pages looking <strong>for</strong> threat<br />

in<strong>for</strong>mation and ties directly to the robust<br />

Recorded Future® Plat<strong>for</strong>m <strong>for</strong> timely, accurate,<br />

and relevant threat intelligence.<br />

The result was Recorded Future® Express: A<br />

browser extension that provides instant context<br />

on any IP, domain, vulnerability, or file hash<br />

being actively viewed in a web browser.<br />

42


The Browser as a Common<br />

Operating Environment<br />

If the problem is that too few people are doing<br />

too many jobs with too many things to pay<br />

attention to, then the solution is to bring them<br />

together and simplify the task at hand. Express<br />

empowers all members of the security team by<br />

easily layering on top of solutions already in use.<br />

It’s right there in every web-based application —<br />

analysts can use it to access threat intelligence<br />

on top of SIEM data to triage alerts faster, on top<br />

of vulnerability scans to prioritize patching, on<br />

top of incident response systems to get a clearer<br />

picture of how to respond, or even on top of<br />

intelligence sources like US-CERT to pull out the<br />

important bits of in<strong>for</strong>mation fast.<br />

The Express license, with access to the<br />

Recorded Future Browser Extension, provides<br />

real-time intelligence that is just a click away in<br />

any web-based application. With up-to-theminute<br />

risk scores and transparent evidence<br />

behind that score presented directly on the web<br />

page, teams can easily see what indicators need<br />

attention first, helping them prioritize their<br />

already limited time <strong>for</strong> maximum impact.<br />

Recorded Future’s mission has always been to<br />

help security professionals defend their<br />

organizations against threats at the speed and<br />

scale of the internet. The Express browser<br />

extension helps achieve this by reducing barriers<br />

to getting actionable intelligence, no matter the<br />

specific security goal. It makes threat intelligence<br />

available to everyone, rather than the private<br />

domain of a few expert analysts.<br />

Recorded Future Express has been designed<br />

with flexibility and ease of use in mind. Gone are<br />

the walls between siloed security functions.<br />

Express means direct access to threat<br />

intelligence <strong>for</strong> everyone.<br />

Triage Alerts Faster<br />

Because of the number of alerts that security<br />

teams deal with daily, around 44% on average<br />

go completely uninvestigated. There’s just no<br />

time to manually sort through them all. Even<br />

pivoting to a separate threat intelligence solution<br />

adds time; with the browser extension layered<br />

directly over SIEM alerts, security teams can<br />

instantly prioritize alerts by seeing the risk rules<br />

they’ve triggered and the context and sourcing<br />

behind those rules.<br />

Prioritize Patching<br />

Just as with security alerts, there are simply too<br />

many vulnerabilities constantly appearing <strong>for</strong> a<br />

“patch everything, all the time” approach to<br />

security to be realistic, regardless of the<br />

resources available. And nobody really needs to<br />

patch everything — numerous vulnerabilities are<br />

never exploited, and any one organization’s<br />

network probably contains only a small<br />

proportion of the “riskiest” vulnerabilities as<br />

measured by traditional risk metrics. With threat<br />

intelligence layered directly over vulnerability<br />

scans, vulnerability management teams can<br />

quickly see what vulnerabilities are actually<br />

being targeted in the wild and which they can<br />

safely ignore.<br />

Respond to Incidents with<br />

Confidence<br />

Indicators of compromise (IOCs) without context<br />

really don’t indicate a whole lot. They could be<br />

false positives — or a true threat that needs<br />

immediate attention. But initial investigations<br />

often rely on file reputation services that don’t<br />

give all the background context to analyze<br />

unknown files. The browser extension speeds up<br />

43


malware analysis and verdicts by instantly<br />

gaining access to intelligence on associated<br />

IOCs.<br />

Speed Read<br />

Researching threats manually is timeconsuming<br />

and often inconclusive. Whether it’s<br />

one researcher or a whole team, nobody can<br />

keep up with the glut of in<strong>for</strong>mation that’s<br />

constantly published about threats and other<br />

security news. The browser extension layers on<br />

top of any security text to instantly identify and<br />

organize in<strong>for</strong>mation around categories like<br />

hashes, IP addresses, domains, or<br />

vulnerabilities. This can cut down the time it<br />

takes to find relevant in<strong>for</strong>mation in a long report<br />

from US-CERT, <strong>for</strong> example, from minutes to<br />

moments.<br />

Recorded Future Express Extends<br />

Total Reach<br />

Every problem ultimately emerges from two<br />

fundamental shortcomings: a lack of time, or a<br />

lack of in<strong>for</strong>mation (or both). In the age of big<br />

data, the in<strong>for</strong>mation is out there — the<br />

challenge is getting to it and applying it in time.<br />

Threat intelligence is only really intelligence<br />

when it is actionable, and intelligence is only<br />

actionable when it gets to the people who can<br />

take action with enough time to actually do<br />

something.<br />

Recorded Future Express makes threat<br />

intelligence actionable <strong>for</strong> everyone. It provides<br />

access to real-time risk scores, triggered risk<br />

rules <strong>for</strong> alerts, and evidence behind those rules,<br />

all in the browser extension. It also features<br />

access to Recorded Future University, an online<br />

training academy <strong>for</strong> mastering threat<br />

intelligence.<br />

Respond Faster with Confidence<br />

By making threat intelligence accessible from<br />

existing security solutions, the browser<br />

extension enables teams to more quickly and<br />

confidently identify which indicators present a<br />

real threat to their organizations. Real-time risk<br />

scores and access to the evidence behind the<br />

rules allows teams to understand why something<br />

might be risky so they can respond quickly and<br />

effectively.<br />

Reduce Risk with Better<br />

Prioritization<br />

With the added layer of threat intelligence over<br />

SIEM data, vulnerability data, incident response<br />

systems, and more, teams can more easily see<br />

which indicators pose the biggest risks to their<br />

organization and prioritize how they respond to<br />

minimize potential damage.<br />

Increase Efficiency of Security<br />

Processes<br />

The convenience of Recorded Future Express<br />

means more members of security teams have<br />

access to threat intelligence. This<br />

standardization and widespread access to threat<br />

intelligence drives better collaboration,<br />

consistent decision-making, and overall more<br />

efficient security processes.<br />

Now Available From Recorded<br />

Future and on AWS Marketplace<br />

Recorded Future® Express is now available on<br />

Amazon Web Services (AWS) Marketplace.<br />

For more in<strong>for</strong>mation, visit:<br />

www.recordedfuture.com<br />

44


About the Author<br />

Karen Levy, VP of Product and Client Marketing<br />

at Recorded Future.Karen Levy is the Vice<br />

President of Product and Client Marketing<br />

at Recorded Future with responsibility <strong>for</strong> go-tomarket<br />

strategy, product positioning, and client<br />

programs. Her more than fifteen years in<br />

marketing at cybersecurity technology<br />

companies includes leadership roles at RSA,<br />

<strong>Cyber</strong>Ark, and Recorded Future. Karen holds a<br />

Bachelors in Chemistry from the University of<br />

Pennsylvania and an MBA from Boston<br />

University.<br />

45


CSIOS Corporation’s Made–to–Measure<br />

<strong>Cyber</strong>security Services:<br />

A Blueprint <strong>for</strong> Next Generation <strong>Cyber</strong>security Service Providers<br />

By Cesar Pie, President and CEO of CSIOS Corporation<br />

Introduction<br />

The size of U.S. Government networks has<br />

made it a relatively easier target <strong>for</strong> a growing<br />

number of cyber–attacks and exploitation<br />

activities which are becoming more frequent,<br />

sophisticated, aggressive and dynamic. Over the<br />

years, U.S. cyber defenders have struggled to<br />

protect an attack–surface that continues to grow<br />

rapidly and significantly. Running on what<br />

appears to be an endless hamster wheel, we are<br />

now, as a cyber nation, are coming to the<br />

realization that we are simply unable to defend<br />

every in<strong>for</strong>mation system and network against<br />

every intrusion as our portion of the cyberspace<br />

domain has simply become too large and vast to<br />

close vulnerabilities that surface daily.<br />

In that context, CSIOS’ blueprint <strong>for</strong> next<br />

generation cybersecurity services integrates a<br />

<strong>for</strong>ward–looking cyber work<strong>for</strong>ce, DCO<br />

Framework, and cyber technologies in custom–<br />

made–to–measure solutions. These solutions<br />

are designed to not only protect and defend an<br />

organization’s most important networks,<br />

systems, data and in<strong>for</strong>mation so that they can<br />

carry out our missions effectively and efficiently,<br />

even in a degraded state, but also to maintain<br />

high level objectives of protection, monitoring,<br />

detection, analysis, diagnosis, and response–<br />

shifting in accordance with the differing attack–<br />

surfaces, operational threat environments, and<br />

classification levels they support.<br />

The Next Generation Blueprint<br />

The Work<strong>for</strong>ce<br />

Without question, our most important cyber<br />

resource is our work<strong>for</strong>ce; moreover, as we look<br />

to build a world–class cyber work<strong>for</strong>ce of the<br />

future, maintaining the quality of our cyber<br />

work<strong>for</strong>ce is becoming not only our highest<br />

priority but also our greatest challenge. To<br />

achieve and maintain cyberspace superiority in<br />

today’s operational threat environment, CSIOS<br />

has developed a new kind of cyber defender who<br />

is educated and trained to understand the<br />

importance of command, control, computers,<br />

communications, and cyber (C5); intelligence;<br />

46


and operations collaboration. Over the past<br />

decade and across the nation, standard DCO<br />

operator training has been focused primarily on<br />

a structurally strong C5 but fragile intelligence<br />

and operations foundation. Given the size and<br />

complexity of our U.S. Government in<strong>for</strong>mation<br />

systems and networks combined with disparate<br />

operational, mission and organizational priorities<br />

and functions, achieving effective and efficient<br />

DCO of U.S. networks depends on farming a<br />

new generation of DCO operators trained to<br />

understand the value of C5, intelligence, and<br />

operations collaboration and decision making<br />

integration.<br />

The Framework<br />

At CSIOS, we maximize the full range of<br />

implemented DCO active cyberspace defense<br />

capabilities and investments available to the<br />

organization and ensure cybersecurity practices<br />

are adopted or reinstated from the outset. Our<br />

DCO Framework works with, supports, and<br />

improves other methodologies, standards, or<br />

models such as Capability Maturity Model<br />

Integration (CMMI), International Organization<br />

<strong>for</strong> Standardization (ISO), In<strong>for</strong>mation<br />

Technology Infrastructure Library (ITIL), Control<br />

Objectives <strong>for</strong> In<strong>for</strong>mation Technology (COBIT),<br />

Agile, DevOps, and DevSecOps; it also<br />

integrates IT industry and U.S. Government<br />

specific risk management strategies and best<br />

practices such as National Institute of Standards<br />

and Technology (NIST) and Risk management<br />

Framework (RMF).<br />

In essence, we fuse the abovementioned<br />

methods with proven cybersecurity approaches<br />

and principles (e.g., defense–in–depth, layered<br />

defenses, mission relevant cyber terrain<br />

prioritization, attack surface target reduction,<br />

domain separation, process isolation,<br />

abstraction, resource encapsulation, least<br />

privilege, data hiding, modularity, simplicity,<br />

adaptation and operational resiliency) and apply<br />

our own proven signature <strong>for</strong> operationalization<br />

(i.e., know–what–how–where–why) to achieve<br />

the ideal made–to–measure solution recipe and<br />

service size <strong>for</strong> each customer. What’s important<br />

to emphasize at this juncture is that larger (at<br />

scale), faster, and cheaper is not always better.<br />

As an art, cybersecurity quality (over quantity)<br />

through the balanced integration of people,<br />

technology, and operations is always an<br />

unbeaten blend.<br />

For example, due to the criticality and sensitivity<br />

of the organizational missions we support,<br />

CSIOS saw the need to <strong>for</strong>malize a process to<br />

continuously assess and improve the<br />

cybersecurity services we provision. We are<br />

doing this by leveraging our quadruple ISO<br />

certification standards <strong>for</strong> ISO 9001:2015<br />

(Quality Management System), ISO/IEC 20000–<br />

1: 2011 (In<strong>for</strong>mation Technology Service<br />

Management System), ISO 22301: 2012<br />

(Business Continuity Management System) and<br />

ISO/IEC 27001: 2013 (In<strong>for</strong>mation Security<br />

Management System). Integrating ISO<br />

standards has added clear and concise<br />

requirements, specifications, and guidelines to<br />

consistently and accurately ensure our clients’<br />

cybersecurity services are perfectly aligned to<br />

meet their customers’ mission and operational<br />

priorities. By implementing a “plan, do, check,<br />

act” best practice approach, we have established<br />

a proven and globally recognized integrated<br />

management system framework <strong>for</strong> continual<br />

assessment and improvement process to ensure<br />

and sustain the availability, integrity,<br />

authentication, confidentiality, and non–<br />

repudiation of the in<strong>for</strong>mation, in<strong>for</strong>mation<br />

systems, and networks of the U.S. Government<br />

customers it supports. Through this unique<br />

construct, CSIOS has been able to identify more<br />

efficient, effective, and time–saving<br />

management processes; improve incident<br />

response times; and minimize disruptions to<br />

cyberspace operations, all while reducing<br />

47


operating costs and continuing to maintain<br />

compliance with the customers’ legislative and<br />

regulatory requirements.<br />

We also leverage CMMI–DEV and CMMI–SVC<br />

Maturity Level 3 processes to deliver best–in–<br />

class Agile, DevOps, and DevSecOps<br />

development methods <strong>for</strong> our clients. We use<br />

CMMI–DEV to improve engineering and<br />

development processes in all products we<br />

develop and CMMI–SVC to improve<br />

management and service delivery processes to<br />

develop, manage, and deliver services.<br />

Additionally, we utilize Agile, DevOps, and<br />

DevSecOps methods selectively and<br />

methodically (not universally). For instance, we<br />

use Agile methods to improve the process of<br />

delivery; encouraging changes in the functions<br />

and practices of the mission/business and<br />

development teams to better produce the project<br />

and product envisioned by the end–user, or<br />

customer. We employ DevOps methods to<br />

improve the integration of software development<br />

and software operations, along with the tools and<br />

culture that support rapid prototyping and<br />

deployment, early engagement with the end<br />

user, automation and monitoring of software,<br />

and psychological safety (e.g., blameless<br />

reviews). We also leverage DevSecOps<br />

methods to improve the lead–time and frequency<br />

of delivery outcomes through enhanced<br />

engineering practices; promoting a more<br />

cohesive collaboration between development,<br />

security and operations teams as they work<br />

towards continuous integration and delivery.<br />

To further satisfy our U.S. Government<br />

customers, we have complemented our DCO<br />

Framework with another award winning plug and<br />

play component: CSIOS’ In<strong>for</strong>mation<br />

Technology Service Management (ITSM)<br />

system. CSIOS ITSM uses the ITIL framework<br />

as its foundation and complements it with other<br />

standards, frameworks, and concepts<br />

contributing to the overall ITSM discipline such<br />

as CMMI, ISO, and PMI. When applicable,<br />

based on the ITSM services provisioned, we also<br />

integrate complementing and handpicked<br />

principles and practices from ISO/IEC 15288 <strong>for</strong><br />

System Lifecycle Processes and ISO/IEC 12207<br />

<strong>for</strong> Software Lifecycle Processes to maximize<br />

the standardization of our services.<br />

The Technologies<br />

To build a safer future in the cyberspace domain,<br />

CSIOS management has committed to ongoing<br />

research and development, adoption of<br />

innovation, and evolution through<br />

modernization. Our immediate future requires<br />

harnessing technologies that integrate<br />

meaningful and relevant intelligence, operations,<br />

and C5 through machine learning, artificial<br />

intelligence, and data science. Equally<br />

important, we strategically, operationally, and<br />

tactically overlay the abovementioned<br />

ingredients on two very important elements.<br />

First, the organizational mission essential<br />

functions, including the implications of the<br />

unclassified and classified environments (e.g.,<br />

cloud environment, weapon systems, space<br />

systems, Industrial Control Systems, IoT) they<br />

support, as well as the operational threat<br />

environment they confront. Second, the differing<br />

and unique high volume, variety, veracity, and<br />

velocity (4Vs) data environments they operate.<br />

These 4V's of big data are of no relevance if<br />

unable to be trans<strong>for</strong>med into meaningful data<br />

visualization and data value (2vs). The 2vs ought<br />

to focus on a joint common operational picture<br />

and shared situational awareness environment<br />

<strong>for</strong> command decision support.<br />

48


Fighting Fraud in Online Services with<br />

XTN Cognitive Security<br />

XTN’s goal is to fight fraud in online services through our Advanced Behavior-based Security<br />

solutions we develop since 2014. Through the award-winning and multi-layered Cognitive<br />

Security Plat<strong>for</strong>m®, we protect the services of several kinds of environments, such as Banks,<br />

Fintech, e-commerce, and Automotive.<br />

Fraud in online services<br />

Online services suffer from a wide variety of frauds. One of the more common patterns is related to<br />

account or sensitive in<strong>for</strong>mation takeover. Takeovers range from the control of the bank account of the<br />

victim up to stealing their credit card in<strong>for</strong>mation. The result is most of the time an undesired transfer to<br />

a temporary account managed by the fraudster. There are more technologically advanced frauds where<br />

the attacker takes control of the application used to per<strong>for</strong>m fraudulent transactions directly. With the<br />

rising of online onboarding procedures in next-generation payment services, there is also a rising trend<br />

49


elated to rogue identities and BOT driven account creation. In the end, the fraudster goal is to monetize<br />

the attack as quickly as possible, finding an easy to scale and maintain fraud flow.<br />

XTN vision is to correlate different layers of analysis to obtain a holistic approach to detect fraudulent<br />

events. The Plat<strong>for</strong>m considers the posture of the endpoint used to access a critical service, the digital<br />

identity of the user and the risk profiling related to business content of events. Our unique technology<br />

relies on cutting edge artificial intelligence to provide excellent accuracy and minimal false positives.<br />

XTN technology conciliates different needs that are mandatory in the fraud analysis space: behavioral<br />

perspective, the intelligibility of the risk causes, flexibility and real-time response.<br />

We solve the challenge of providing visibility about fraud attempts coming from consumer-facing or<br />

internal critical services. The banking sector is one of our reference markets and is pretty evident the<br />

urgency of limit payment related frauds. But also other markets need this kind of protection. That's why<br />

we are also working in the automotive environment to protect connected-vehicles services.<br />

Mobile and web application security<br />

We see, globally, very high pressure on mobile online services. Security awareness is increasing, and<br />

users demand secure services, both considering privacy and money. On the other side, service providers<br />

are struggling with growing security while keeping easy and enjoyable user experience in their apps. The<br />

result is that a new generation of service providers is starting pointing on great functionalities designed<br />

to include security and easiness of use by default. These new generations of services are finding spaces<br />

to compete in these fields. Our aim <strong>for</strong> the future is to face advanced threats while maintaining small or<br />

no impact on the user experience. At XTN, we are ready to embrace this challenge. Our goal is to provide<br />

the smoothest user experience possible while keeping the highest security level. To do that we consider<br />

the endpoint, and in particular mobile devices, as the central actor in identity proofing.<br />

Smart Authentication<br />

Authentication <strong>for</strong> us is much more of a password or second factor of authentication. In the XTN Cognitive<br />

Security Plat<strong>for</strong>m®, digital identity validation relies on different layers: behavioral biometrics features,<br />

endpoint trust and cryptographic quantities. These layers let us modulate the authentication factors<br />

considering the endpoint trust or risk and including continuous behavioral analysis to recognize<br />

anomalies.<br />

In-App protection next level<br />

At XTN, we believe that protecting the app goes beyond the app assets in the end-point. We think that<br />

modern protection requires implementing a probe-evaluate-react pattern, including the app's<br />

technological threats detection together with behavioral and identity-related features. Our technology is<br />

taking all relevant in<strong>for</strong>mation from the app to our clients, without any user experience impact, building<br />

risk-driven reaction flows that originate at server-side, where the trust should be.<br />

50


XTN goes global<br />

Nowadays, we are approaching the global market, knowing that our technology offers unique features<br />

and differentiators. Moreover, having a stable presence in Italy could be a value <strong>for</strong> clients worldwide.<br />

You probably don't know that, but Italy is a virulent country from a fraud perspective, and this came out<br />

to be an excellent training ground <strong>for</strong> our technology.<br />

XTN is based in London, Boston, Milan and Rovereto (TN).<br />

ABOUT<br />

XTN Cognitive Security® develops Advanced Behavior-based Security solutions since 2014.<br />

Thanks to founders' experience in cybercrime, XTN designs a new generation of Anti-Fraud solutions<br />

which allows companies and institutions to protect their business and their customer’s sensitive data.<br />

XTN non-invasive and frictionless solutions are made unique by breakthrough Behavioral Biometrics<br />

technology. Through the award-winning and multi-layered Cognitive Security Plat<strong>for</strong>m®, XTN protects<br />

the services of several kinds of environments, such as Banks, Fintech, e-commerce, and Automotive.<br />

Since its inception, the company has significantly invested in activities, thus improving and earning<br />

competencies in developing Artificial Intelligence and Machine Learning based solutions.<br />

XTN is based in London, Boston, Milan and Rovereto (TN).<br />

About the Author<br />

Guido Ronchetti is the CTO of XTN Cognitive Security.<br />

In his career, he has been involved in designing several security<br />

products.<br />

In XTN one of its primary aims has been to apply machine learning<br />

models to behavioral related security problems.<br />

Watch some interesting interviews with him at<br />

www.cyberdefensetv.com or visit him online at https://xtn-lab.com/<br />

51


Disrupt the Kill Chain<br />

with Continuous<br />

Security Validation<br />

<strong>Cyber</strong>-attacks are growing,<br />

breaches are becoming more<br />

devastating<br />

Despite the fact that global spend on<br />

cyber security keeps increasing over<br />

10% annually, we’re seeing an uptick in<br />

the number of reported breaches and<br />

affected records. It seems like breaches<br />

happen more frequently and with more<br />

devastating effects although there are<br />

more resources available <strong>for</strong> cyber<br />

defenses. This is partially due to<br />

increased transparency, as recent<br />

regulations such as GDPR require<br />

organizations to report data breaches. So<br />

the public gets to hear more about the<br />

breaches and security incidents. But a<br />

simple data comparison of affected<br />

records per year by breaches indicate<br />

that data breaches are indeed getting<br />

more impactful. Today, increased risk of<br />

cyber attacks and breaches are<br />

acknowledged within the top 5 business<br />

risks by organizations globally.<br />

Throwing money at the problem<br />

doesn’t work well <strong>for</strong> cyber<br />

<strong>Cyber</strong> security is a unique domain within<br />

in<strong>for</strong>mation technologies that requires<br />

awareness, technology, people and<br />

52


processes to get right. Unlike purely<br />

operational aspects of in<strong>for</strong>mation<br />

technologies, throwing money at the<br />

problem doesn’t work well <strong>for</strong> cyber.<br />

Instead, investment decisions require a<br />

complete understanding of the threat<br />

landscape, security context with<br />

imminent threats and business goals <strong>for</strong><br />

the organization. Organizations who<br />

spend huge budgets annually and have<br />

big security teams can suffer from the<br />

simplest of attacks whereas other<br />

organizations who spend less money in a<br />

smart way can attain better levels of<br />

security. So success has little to do with<br />

the annual security budget and a lot to do<br />

with smart coverage, continuous<br />

situational awareness and security<br />

effectiveness. Consequently, spending<br />

more money on cyber security ends up<br />

soothing the symptoms but rarely solves<br />

the root cause of the problem.<br />

The missing ingredient is not the<br />

what, it’s the how<br />

In the face of cyber adversaries and<br />

higher risk of being breached, we all<br />

agree as an industry on what we should<br />

do: Focus on prevention, detection and<br />

response capabilities with limited<br />

resources. We also agree on new trends<br />

and concepts such as zero trust, security<br />

automation, AI and machine learning,<br />

privacy regulations and how these new<br />

initiatives can help improve overall<br />

security.<br />

The missing ingredient <strong>for</strong> success in<br />

cyber security isn’t what we should do,<br />

though. It’s how we need to do these<br />

activities to increase to improve security<br />

levels. The average security practitioner<br />

today is still haunted by simple questions<br />

about the effectiveness of the solutions in<br />

place such as: “Are we protected against<br />

advanced email attacks?” or “What’s the<br />

biggest risk <strong>for</strong> our ERP systems today?”.<br />

In similar fashion, security leaders lose<br />

sleep over simple questions such as<br />

“How have the latest investments in tools<br />

improved our security stance?” or “What<br />

are our current security gaps? How can<br />

we prioritize remediation?”. It feels like<br />

we know the defenses in place and how<br />

much CAPEX or OPEX we’re spending,<br />

but we’re not so sure when it comes to<br />

the level of protection we’re getting in<br />

return. This makes it extremely difficult to<br />

demonstrate the value of recent<br />

investments or getting management<br />

signoff <strong>for</strong> upcoming investments.<br />

Organizations need continuous,<br />

consistent and metrics-based validation<br />

of their cyber defenses.<br />

Breach and Attack Simulation<br />

offers a new way to improve<br />

effectiveness<br />

Breach and Attack Simulation is a new<br />

concept that helps organizations<br />

evaluate their security posture in a<br />

continuous, automated and repeatable<br />

way. This approach allows organizations<br />

to identify imminent threats, take action<br />

and obtain valuable metrics about their<br />

cyber risk levels. Continuous security<br />

validation is a fast growing segment and<br />

it provides significant advantages over<br />

traditional security evaluation methods<br />

53


including penetration testing and<br />

vulnerability assessment.<br />

Breach and Attack Simulation solutions<br />

help organizations:<br />

1. Leverage current security<br />

investments and reduce cyber<br />

risk.<br />

2. Gain comprehensive visibility,<br />

align cyber security with business<br />

strategy and risk appetite.<br />

3. Improve security posture by<br />

identifying and prioritizing<br />

imminent threats.<br />

4. Supercharge security teams with<br />

actionable and prescriptive<br />

mitigation guidance.<br />

5. Know themselves, understand<br />

cyber risks to make the right<br />

decisions.<br />

Picus offers a complete solution to<br />

disrupt the kill chain<br />

Picus continues to be the pioneer in<br />

Breach and Attack Simulation market<br />

and still drives innovation in this space<br />

with: The most complete continuous<br />

security validation vision and actionable<br />

mitigation guidance. Understanding how<br />

cyber adversaries operate and how cyber<br />

defenses measure up against threats<br />

serve as the essentials to disrupt the kill<br />

chain, there<strong>for</strong>e the attackers.<br />

The Largest Attack Coverage:<br />

Continuous attack simulation &<br />

mitigation plat<strong>for</strong>m with the broadest<br />

attack coverage: 8,100+ real threats<br />

including endpoint, email, and network<br />

assessment scenarios.<br />

The Broadest & Actionable<br />

Mitigation Coverage:<br />

Picus customers get immediate results<br />

on how defenses stack up against<br />

adversaries and take action using<br />

34,000+ prescriptive mitigation guidance.<br />

Rapid Deployment, Results in Hours:<br />

Picus customers start validating<br />

defenses and getting results in hours.<br />

Trusted, Risk-Free & False-<br />

Positive Free Approach:<br />

Picus was founded in 2014 and is trusted<br />

by 100+ customers. Picus operates with<br />

proven zero risk <strong>for</strong> production<br />

environments and zero false-positives <strong>for</strong><br />

validated attack actions. Picus also<br />

supports MITRE ATT&CK mapped<br />

endpoint attacks.<br />

Please visit www.picussecurity.com to<br />

find out how we can help you disrupt the<br />

cyber kill chain.<br />

Picus continuously validates your<br />

security operations to harden your<br />

defenses. We empower organizations to<br />

identify imminent threats, take the most<br />

viable defense actions and help business<br />

understand cyber risks to make the right<br />

decisions.<br />

Picus offers:<br />

54


About the Author<br />

Volkan Erturk, CEO & Co-founder at<br />

Picus Security<br />

Volkan has 10+ years of business and<br />

technical leadership in IT security. He<br />

consulted several mid and large size<br />

enterprises and government agencies on<br />

security audits, policy and process<br />

development, and architecture topics. He<br />

also worked as cyber defense specialist<br />

and instructor at the NATO Science <strong>for</strong><br />

Peace and Security program.<br />

Volkan holds a Bachelor’s in Math and<br />

M.S. in In<strong>for</strong>mation Systems; thesis on<br />

continuous security monitoring. He is a<br />

Ph.D. candidate in In<strong>for</strong>mation Security.<br />

The certificates he holds are ISO 27001<br />

Lead Auditor, CISA (Certified In<strong>for</strong>mation<br />

Systems Auditor), and CISM (Certified<br />

In<strong>for</strong>mation Systems Manager).<br />

55


Beyond Signatures and Sandboxes:<br />

CDR Is The Future Of Document Security<br />

By Aviv, Grafi, CEO Votiro, Inc.<br />

The predictions <strong>for</strong> global ransomware damage<br />

continue to be gruesome: by one industry<br />

estimate, over $7 billion in damages <strong>for</strong> 2018<br />

from ransomware and other document-borne<br />

attacks, with <strong>2019</strong> expected to exceed that<br />

amount. According to the Cisco's Annual<br />

<strong>Cyber</strong>security Report, ransomware is growing at<br />

a yearly rate of 350%. If more than 90% of<br />

successful hacks and data breaches stem from<br />

virus and malware attacks that originate in<br />

weaponized documents, then there simply hasn't<br />

yet been a completely successful way of<br />

disarming the weaponized document.<br />

Until now<br />

could scan a document <strong>for</strong> known threats,<br />

threats whose signatures could be identified<br />

from known patterns, or quarantined in<br />

sandboxes <strong>for</strong> further inspection. The problem<br />

with these techniques is twofold: firstly, the virus<br />

or malware has to have a signature that is known<br />

and can be identified. That means that new,<br />

"Zero Day" attacks are often successful simply<br />

because the signature of the malware was<br />

previously unknown. Another problem was<br />

productivity: sandbox technology could<br />

quarantine a document <strong>for</strong> further inspection, but<br />

this put a heavy cost on productivity, especially<br />

<strong>for</strong> document-intensive industries like finance,<br />

insurance, healthcare, and others. By slowing<br />

Until now, finding the malware in a document<br />

was an inexact science that required a slow<br />

process based on yesterday's patterns: next<br />

generation anti-virus and sandbox technologies<br />

56


down a document's processing in order to<br />

inspect it, one was in effect, slowing down the<br />

workflow of the company or organization.<br />

That's all changed now.<br />

With the creation of a new technique in<br />

disarming weaponized documents, identified by<br />

Gartner as "Content Disarm and<br />

Reconstruction(CDR)" , documents are being<br />

sanitized and processed at lightning speed, and<br />

with near perfect accuracy compared to the old<br />

signature and sandbox techniques.<br />

That's because CDR does not scan documents:<br />

it simply deconstructs and reconstructs them.<br />

And by doing that, it simply leaves out any<br />

malware, virsuses, or other malicious elements<br />

that were not part of the original document. And,<br />

because this can be done in a fraction of a<br />

second, productivity is boosted while the level of<br />

protection is nearly flawless.<br />

My company, Votiro, is the leader in this new<br />

category of document protection. As the founder<br />

and inventor of our patented Disarmer(r)<br />

technology, I was able to patent these disarmand-reconstruct<br />

techniques based in part in what<br />

I learned as a soldier in the elite 8200 <strong>Cyber</strong> Unit<br />

of the Israeli <strong>Defense</strong> Forces. It was there that<br />

the notion that I could slip documents past the<br />

existing next-gen AV deployments by<br />

manipulating elements in the documents<br />

themselves. That idea led me to do the opposite:<br />

what if I could deconstruct the document and<br />

make a perfect replica? Wouldn't' that leave out<br />

all the bad stuff?<br />

It took some time <strong>for</strong> me to create a way to<br />

identify legitimate elements of the document, so<br />

that it could be properly reassembled. There was<br />

also the pesky problem of macros: how do you<br />

handle those? What about zip files and other<br />

complex file structures? Over time, we were able<br />

to create a layered approach to CDR:<br />

deconstructing and reconstructing at element<br />

levels, which proved in the end to be the way to<br />

handle those complex problems. Today, our<br />

Votiro Disarmer can handle over 170 known file<br />

types in our processing.<br />

Another challenge we wanted to solve <strong>for</strong> was<br />

the many ways in which a document enters the<br />

client's domain: most are via email, so that was<br />

a given. But there are client-facing portals <strong>for</strong><br />

document uploads, as well as mobile media like<br />

USB's. We solved <strong>for</strong> those as well, and have<br />

now "surrounded" the ways a document enters<br />

the domain with a Votiro Disarmer solution.<br />

After launch of Disarmer(r), we were surprised at<br />

where we got our first significant traction: in the<br />

governments of both Japan and Singapore,<br />

where our technology has been mandated by<br />

some agencies <strong>for</strong> use. Both countries are wellknown<br />

<strong>for</strong> their strict and detailed requirements<br />

<strong>for</strong> security, and the rapid adoption of Disarmer<br />

in those countries taught us a valuable lesson:<br />

the more strict an organization or country's<br />

security requirements, the more valuable our<br />

Disarmer products become.<br />

Today, I am proud to say that we have hundreds<br />

of deployments around the world, not just in<br />

governments, but also in finance and other<br />

vertical markets as well.<br />

The future <strong>for</strong> CDR is bright: when you have a<br />

technology that is easily understood by even<br />

non-technical people, then it's been my<br />

experience that you're on to something. CDR<br />

makes document security safer than it was in the<br />

past, and a big productivity jump makes it<br />

inevitable as the future of document security. We<br />

at Votiro are proud to do our part.<br />

57


About the Author<br />

Aviv Grafi is the CEO & Co-Founder of Votiro, an<br />

award-winning cybersecurity company<br />

specialized in neutralizing files containing zeroday<br />

and undisclosed attacks.<br />

He has been the principal software architect <strong>for</strong><br />

the company’s enterprise solution - File<br />

Disarmer, which is based on a unique patented<br />

Content Disarm and Reconstruction (CDR)<br />

technology <strong>for</strong> protection against cyber<br />

threats. Aviv is a recognized cyber security<br />

thought leader and public speaker, with<br />

significant experience in network security, IDS /<br />

IPS / firewall internals, defensive programming,<br />

enterprise security penetration testing,<br />

vulnerability research, and virtualization. Aviv<br />

graduate of the Israeli Army’s elite 8200<br />

intelligence unit, I hold a B.sc in computer<br />

science, a BA in economics, and an MBA from<br />

Tel Aviv University. www.votiro.com<br />

58


59


Welcome to the<br />

<strong>Cyber</strong> <strong>Defense</strong><br />

<strong>Global</strong> Awards <strong>for</strong><br />

<strong>2019</strong><br />

<strong>Cyber</strong> <strong>Defense</strong> Awards in<br />

conjunction with <strong>Cyber</strong> <strong>Defense</strong> <strong>Magazine</strong> is pleased to announce the<br />

Winners of our annual <strong>Global</strong> Awards <strong>for</strong> <strong>2019</strong>. There are 3,000<br />

cybersecurity companies in the world. Of these 3,000 we only accept<br />

nominations from a mix of companies that are in various countries,<br />

around the globe, in balance. This was narrowed down to only 300<br />

companies and our judges like to choose no more than 100-150 winners,<br />

although some companies deserve and receive multiple awards in<br />

various categories.<br />

I’ve interviewed some of these winners in<br />

his www.cyberdefensetv.com hot seat program – where they had to<br />

answer difficult and challenging questions – completely unprepared and<br />

unscripted. I hope to interview more winners during upcoming <strong>Cyber</strong><br />

<strong>Defense</strong> TV opportunities.<br />

In addition, our search focused us on startups and early stage players to<br />

find those who could have the potential to stop breaches in a new and<br />

innovative way. It, there<strong>for</strong>e, gives us great pleasure to recognize and<br />

celebrate the accomplishments of winners, who have unique people,<br />

software, hardware, services and even cloud-based solutions that might<br />

just help you get one step ahead of the next cybersecurity threat.<br />

Congratulations to all our winners!<br />

Gary S. Miliefsky, CEO<br />

<strong>Cyber</strong> <strong>Defense</strong> Media Group<br />

Publisher, <strong>Cyber</strong> <strong>Defense</strong> <strong>Magazine</strong><br />

60


Anti-Malware<br />

PC Matic Inc. Leader Anti-Malware<br />

XTN Cognitive Security Best Product Anti-Malware<br />

Anti-Phishing<br />

IRONSCALES Next Gen Anti-Phishing<br />

Security Mentor Next Gen Anti-phishing<br />

Application Security<br />

AppViewX Editor's Choice Application Security<br />

Contrast Security Hot Company Application Security<br />

Signal Sciences Next Gen Application Security<br />

Virsec Systems Next Gen Application Security<br />

XTN Cognitive Security Best Product Application Security<br />

Artificial Intelligence and Machine Learning<br />

Vectra AI Cutting Edge Artificial Intelligence and Machine Learning<br />

61


Authentication<br />

Jumio Leader Authentication<br />

Hideez Publisher's Choice Authentication (Multi, Single or Two-Factor)<br />

WatchGuard Technologies Best Product Authentication (Multi, Single or Two-Factor)<br />

Biometrics<br />

Jumio Most Innovative Biometrics<br />

Nuance Cutting Edge Biometrics<br />

Breach & Attack Simulation<br />

Picus Security Next Gen Breach & Attack Simulation<br />

AttackIQ Cutting Edge Breach & Attack Simulation<br />

Cymulate Editor's Choice Breach & Attack Simulation<br />

XM <strong>Cyber</strong> Best Product Breach & Attack Simulation<br />

Bring Your Own Drive (BYOD)<br />

Kingston Cutting Edge Bring Your Own Drive (BYOD)<br />

Chief Executive Officer of the Year<br />

WatchGuard Technologies Prakash Panjwani Chief Executive Officer of the Year<br />

62


Chief Technology Officer of the Year<br />

WatchGuard Technologies Corey Nachreiner Chief Technology Officer of the Year<br />

CISO of the Year<br />

TTEC Kip James CISO of the Year<br />

Cloud Security<br />

Attivo Networks Best Product Cloud Security<br />

DivvyCloud Hot Company Cloud Security<br />

Guardicore Most Innovative Cloud Security<br />

iboss Leader Cloud Security<br />

Sysdig Editor's Choice Cloud Security<br />

Compliance<br />

Stash.<strong>Global</strong> Editor's Choice Compliance<br />

SaltStack Most Innovative Compliance<br />

<strong>Cyber</strong>security Service Provider<br />

CSIOS Corporation Best <strong>Cyber</strong>security Service Provider<br />

63


<strong>Cyber</strong> Range Training Program<br />

Aries Security Editor’s Choice <strong>Cyber</strong> Range Training Program<br />

Content Disarm and Reconstruction (CDR)<br />

Votiro Next Gen Content Disarm and Reconstruction (CDR)<br />

<strong>Cyber</strong>security Analytics<br />

Awake Security Cutting Edge <strong>Cyber</strong>security Analytics<br />

<strong>Cyber</strong>security Internet of Things (IoT)<br />

Armis Most Innovative <strong>Cyber</strong>security Internet of Things (IoT)<br />

<strong>Cyber</strong>security Training<br />

<strong>Global</strong> Learning Systems Publisher's Choice <strong>Cyber</strong>security Training<br />

Inspired eLearning Leader <strong>Cyber</strong>security Training<br />

KnowBe4 Most Innovative <strong>Cyber</strong>security Training<br />

Security Mentor Editor's Choice <strong>Cyber</strong>security Training<br />

Consent & Preference Management<br />

OneTrust Next Gen Consent & Preference Management<br />

64


<strong>Cyber</strong>space Operations Service Provider<br />

CSIOS Corporation Best Defensive <strong>Cyber</strong>space Operations Service Provider<br />

Data Loss Prevention (DLP)<br />

Altaro Editor's Choice Data Loss Prevention (DLP)<br />

Kingston Hot Company Data Loss Prevention (DLP)<br />

Deception Based Security<br />

Attivo Networks Next Gen Deception Based Security<br />

SmokeScreen Technologies Most Innovative Deception Based Security<br />

Device Visibility and Control<br />

Forescout Most Innovative Device Visibility and Control<br />

Digital Footprint Security<br />

<strong>Cyber</strong>sprint Cutting Edge Digital Footprint Security<br />

Encrypted Storage<br />

Kingston Best Product Encrypted Storage<br />

65


Encryption<br />

Secure Channels Leader Encryption<br />

Endpoint Security<br />

Attivo Networks Hot Company Endpoint Security<br />

Nyotron Editor's Choice Endpoint Security<br />

SparkCognition Best Product Endpoint security<br />

Enterprise Security<br />

Nucleon Next Gen Enterprise Security<br />

Stash.<strong>Global</strong> Hot Company Enterprise Security<br />

ERP Security<br />

Onapsis Best Product ERP Security<br />

Firewall<br />

WatchGuard Technologies Leader Firewall<br />

66


Email Security and Management<br />

Trustifi Editor's Choice Email Security and Management<br />

Forensics<br />

Endace Publisher's Choice Forensics<br />

Fraud Prevention<br />

<strong>Cyber</strong>TeamSix Editor's Choice Fraud Prevention<br />

Terbium Labs Cutting Edge Fraud Prevention<br />

XTN Cognitive Security Best Product Fraud Prevention<br />

Identity & Access Management<br />

ForgeRock Cutting Edge Identity & Access Management<br />

Herjavec Group Best Service Identity & Access Management<br />

LogMeIn Leader Identity & Access Management<br />

Ping Identity Cutting Edge Identity & Access Management<br />

Simeio Solutions Hot Company Identity & Access Management<br />

Incident Response<br />

Endace Next Gen Incident Response<br />

67


Intezer Leader Incident Response<br />

Infosec Startup of the Year<br />

Picus Security Most Innovative Infosec Startup of the Year<br />

SaltStack Editor’s Choice Infosec Startup of the Year<br />

Insider Threat Detection<br />

Attivo Networks Editor's Choice Insider Threat Detection<br />

Internet of Things (IoT) Security<br />

Attivo Networks Cutting Edge Internet of Things (IoT) Security<br />

Intrusion Detection System (IDS)<br />

Perch Security Next Gen Intrusion Detection System (IDS)<br />

IT Vendor Risk Management (ITVRM)<br />

ProcessUnity Publisher's Choice IT Vendor Risk Management (ITVRM)<br />

Identity Remediation<br />

<strong>Cyber</strong>TeamSix Hot Company Identity Remediation<br />

68


Malware Analysis<br />

Intezer Most Innovative Malware Analysis<br />

Managed Detection and Response (MDR)<br />

<strong>Cyber</strong>Proof Cutting Edge Managed Detection and Response (MDR)<br />

Proficio Best Service Managed Detection and Response (MDR)<br />

Perch Security Editor's Choice Managed Detection and Response (MDR)<br />

ThreatBook Leader Managed Detection and Response (MDR)<br />

Managed Security Service Provider (MSSP)<br />

Proficio Editor's Choice Managed Security Service Provider (MSSP)<br />

Managed Security Services<br />

Herjavec Group Market Leader Managed Security Services<br />

Messaging Security<br />

Hotshot Technologies Next Gen Messaging Security<br />

69


Network Security and Management<br />

Aria <strong>Cyber</strong> Security Best Solution Network Security and Management<br />

iboss Leader Network Security and Management<br />

Plixer Best Product Network Security and Management<br />

Tigera Editor's Choice Network Security and Management<br />

Open Source Security<br />

WhiteSource Cutting Edge Open Source Security<br />

<strong>Cyber</strong>space Operations Service Provider<br />

CSIOS Corporation Best Defensive <strong>Cyber</strong>space Operations Service Provider<br />

Privacy Management Software<br />

OneTrust Leader Privacy Management Software<br />

Privileged Account Security<br />

Thycotic Leader Privileged Account Security<br />

Patch and Configuration Management<br />

SaltStack Most Innovative Patch and Configuration Management<br />

70


Risk Management<br />

SecurityScorecard Best Product Risk Management<br />

<strong>Cyber</strong>TeamSix Cutting Edge Risk Management<br />

Risk Ratings Plat<strong>for</strong>m<br />

SecurityScorecard Most Innovative Risk Ratings Plat<strong>for</strong>m<br />

SaaS/ Cloud Security<br />

Securonix Best Product SaaS/ Cloud Security<br />

Coronet Editor's Choice SaaS/Cloud Security<br />

iboss Hot Company SaaS/Cloud Security<br />

ManagedMethods Publisher's Choice SaaS/Cloud Security<br />

Stash.<strong>Global</strong> Next Gen SaaS/Cloud Security<br />

ThreatBook Leader SaaS/Cloud Security<br />

Perimeter 81 Most Innovative SaaS/Cloud Security<br />

Security<br />

ThreatQuotient Cutting Edge Security<br />

Security Company of the Year<br />

DivvyCloud Editor's Choice Security Company of the Year<br />

Herjavec Group Most Innovative Security Company of the Year<br />

71


Security Company of the Year (cont’)<br />

iboss Market Leader Security Company of the Year<br />

Recorded Future Next Gen Security Company of the Year<br />

SecurityScorecard Hot Company Security Company of the Year<br />

Security Expert of the Year<br />

TrendMicro Rik Ferguson Security Research Team Leader of the Year<br />

WatchGuard Technologies Marc Laliberte Security Expert of the Year<br />

Security Software or Hardware<br />

LogicHub Best Security Software<br />

Endace Publisher's Choice Security Hardware<br />

Kingston Most Innovative Security Hardware<br />

Security Investigation Plat<strong>for</strong>m<br />

Endace Cutting Edge Security Investigation Plat<strong>for</strong>m<br />

ThreatQuotient Most Innovative Security Investigations Plat<strong>for</strong>m<br />

Secure DNS Service<br />

ThreatBook Most Innovative Secure DNS Service<br />

Security Project of the Year<br />

Stash.<strong>Global</strong> Most Innovative Security Project of the Year<br />

72


Telecoms Fraud Protection<br />

Trustonic Next Gen Telecoms Fraud Protection<br />

Third Party Risk Management (TPRM)<br />

OneTrust Vendorpedia Publisher's Choice Third Party Risk Management (TPRM)<br />

ProcessUnity Editor's Choice Third Party Risk Management (TPRM)<br />

SecurityScorecard Leader Third Party Risk Management (TPRM)<br />

LinkShadow Most Innovative Threat Hunting<br />

Threat Intelligence<br />

Anomali Cutting Edge Threat Intelligence<br />

Nucleon Best Product Threat Intelligence<br />

Plixer Leader Threat Intelligence<br />

Recorded Future Best Product Threat Intelligence<br />

ThreatQuotient Hot Company Threat Intelligence<br />

ThreatBook Publisher's Choice Threat Intelligence<br />

Threat Hunting<br />

LinkShadow Most Innovative Threat Hunting<br />

Threat Modeling<br />

<strong>Cyber</strong>TeamSix Most Innovative Threat Modeling<br />

Picus Security Hot Company Threat Modelling<br />

73


Unified Endpoint Management<br />

ManageEngine Next Gen Unified Endpoint Management<br />

Unified Threat Management (UTM)<br />

WatchGuard Technologies Best Product Unified Threat Management (UTM)<br />

Vulnerability Management<br />

Kenna Security Cutting Edge Vulnerability Management<br />

NopSec Most Innovative Vulnerability Management<br />

Vulnerability Assessment, Remediation and Management<br />

SaltStack Most Innovative Vulnerability Assessment, Remediation and Management<br />

Women in <strong>Cyber</strong>security<br />

Nyotron Sagit Manor Women in <strong>Cyber</strong>security<br />

Secure Channels Sindhu Aithal Women in <strong>Cyber</strong>security<br />

Arkose Labs Hedda Peters Women in <strong>Cyber</strong>security<br />

Arkose Labs Vanita Pandey Women in <strong>Cyber</strong>security<br />

Guardicore Ophir Harpaz Women in <strong>Cyber</strong>security<br />

Jumio Ervinna Lim Women in <strong>Cyber</strong>security<br />

NTT Security Edith Santos Women in <strong>Cyber</strong>security<br />

74


75


76


77


78

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!