03.01.2020 Views

Cyber Defense eMagazine January 2020 Edition

Cyber Defense eMagazine January Edition for 2020 #CDM #CYBERDEFENSEMAG @CyberDefenseMag by @Miliefsky a world-renowned cyber security expert and the Publisher of Cyber Defense Magazine as part of the Cyber Defense Media Group as well as Yan Ross, US Editor-in-Chief, Pieruligi Paganini, Co-founder & International Editor-in-Chief, Stevin Miliefsky, President and many more writers, partners and supporters who make this an awesome publication! Thank you all and to our readers! OSINT ROCKS! #CDM #CDMG #OSINT #CYBERSECURITY #INFOSEC #BEST #PRACTICES #TIPS #TECHNIQUES

Cyber Defense eMagazine January Edition for 2020 #CDM #CYBERDEFENSEMAG @CyberDefenseMag by @Miliefsky a world-renowned cyber security expert and the Publisher of Cyber Defense Magazine as part of the Cyber Defense Media Group as well as Yan Ross, US Editor-in-Chief, Pieruligi Paganini, Co-founder & International Editor-in-Chief, Stevin Miliefsky, President and many more writers, partners and supporters who make this an awesome publication! Thank you all and to our readers! OSINT ROCKS! #CDM #CDMG #OSINT #CYBERSECURITY #INFOSEC #BEST #PRACTICES #TIPS #TECHNIQUES

SHOW MORE
SHOW LESS

You also want an ePaper? Increase the reach of your titles

YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.

1

Best Practices for Building A

Comprehensive Cyber Risk

Management Program

The Dark Truth of Insider Threat

What’s the Security Misconfiguration

Antidote? Automation.

The Ultimate Guide to SSL/TLS

Decryption

Getting PKI Right

How to build a career in Cyber Security

…and much more…

1


2

2


3

CONTENTS

Welcome to This Very Special January 2020 Edition ........................................................................................ 6

Best Practices for Building A Comprehensive Cyber Risk Management Program ............................................ 20

The Dark Truth of Insider Threat ................................................................................................................... 24

What’s the Security Misconfiguration Antidote? Automation. ....................................................................... 27

How To Mitigate The Risks Of Remote Desktop Protocol ............................................................................... 30

How to Know If Someone Is Watching You on Your Camera .......................................................................... 33

8 Common Types of Small Business Cyber Attacks ........................................................................................ 36

The Ultimate Guide to SSL/TLS Decryption ...................................................................................................... 40

Encryption Is Key to Guarantee Data Is Anonymous ...................................................................................... 46

Europe Cybersecurity Market Size to Steer At 13% CAGR To 2025 ................................................................. 49

Iot Security and Privacy ................................................................................................................................ 53

Getting PKI Right .......................................................................................................................................... 56

Seven Security Predictions For 2020 ............................................................................................................. 59

How To Build A Career In Cyber Security ....................................................................................................... 64

Fraud: A Look Back At 2019 And What to Expect in The New Year ................................................................. 67

Anomaly Detection Is the Next Cybersecurity Paradigm ................................................................................ 70

More Spending Won’t Solve Your Hardest IT Challenges In 2020 And Beyond. Here’s What Will. ................... 74

The Decade Ahead for Cybersecurity ............................................................................................................ 77

Moving Network Security to The Cloud ......................................................................................................... 80

3


4

@MILIEFSKY

From the

Publisher…

New CyberDefenseMagazine.com website, plus updates at CyberDefenseTV.com & CyberDefenseRadio.com

Dear Friends,

It’s now 2020. Do you have 2020 vision on the threats, vulnerabilities and assets on

your network as we ring in a new year? Do you know what an OODA Loop is? Have

you been to FairInstitute.org? Are you turning up your human firewall using

companies like www.knowbe4.com one of our black unicorn award winners among

nine other amazing players, found here:

https://cyberdefensemagazine.tradepub.com/free/w_cyba53/? Are you

leveraging time-based security and new deception technologies like those from

www.attivonetworks.com to slow down the breach or totally mitigate it, leaving

the bad guys in a sweet or salty trap? If not, now is the time. It’s also nearly the time where more than a dozen of our team

members head to the biggest infosec show on earth coming to us in late February – it’s the RSA Conference 2020, held once

again in San Francisco, CA, USA and found online at https://www.rsaconference.com.

Our 8 th annual InfoSec Awards for 2020 are closing in less than a month and a few days and we hope to find more winners

this year who are market leaders, innovators and those offering some of the best solutions for cyber security in the global

marketplace. For those women who did not make our Top 25 Women in Cybersecurity for last year or missed out on the

deadline, we have added Women in Cybersecurity as a new category this year and you can even ask our judges if they will

create a new category for your unique product or service. If you’re an infosec innovator, please consider applying at:

https://www.cyberdefenseawards.com/ We offer our own statistics that you are free to reuse anytime, from this page:

http://www.cyberdefensemagazine.com/quotables/. We have many new interviews going live on

https://www.cyberdefensetv.com and https://www.cyberdefenseradio.com this month, so please check them out and share

links to them with your friends and co-workers.

With over 5m views on Cyber Defense Magazine just for the month of December, we expect big improvements and changes

to how we handle growth, respond to customer and partner needs as we all work together to continue to learn new and

better ways to get one step ahead of the next threat!

Warmest regards,

Gary S. Miliefsky

Gary S.Miliefsky, CISSP®, fmDHS

CEO, Cyber Defense Media Group

Publisher, Cyber Defense Magazine

P.S. When you share a story or an article or information about CDM, please use #CDM and @CyberDefenseMag

and @Miliefsky – it helps spread the word about our free resources even more quickly.

4


@CYBERDEFENSEMAG

CYBER DEFENSE eMAGAZINE

Published monthly by the team at Cyber Defense Media Group and

distributed electronically via opt-in Email, HTML, PDF and Online

Flipbook formats.

5

InfoSec Knowledge is Power. We will

always strive to provide the latest, most

up to date FREE InfoSec information.

From the International

Editor-in-Chief…

It’s 2020 and the threat matrix continues to evolve. We’re

finding the US and global media outlets are enjoying Deep

Fake as much as they enjoy emoji keyboard software for their

mobile phones, downloaded with keylogger technology

planted within.

If you don’t have your glasses on, you might believe this is Tom

Cruise running for President of the USA in 2020, for a small

example: https://www.youtube.com/watch?v=5Btb8gLy3-E

was this a mix of real ‘look alike’ and some innovative facial

morphing of Deep Fake?

When it comes to dealing with threats, expect these to scale

this year:

• Nation State Cyberespionage and Cyberwarfare

• Supply Chain Management Exploitation

• Cloud-based Identity Attacks

• New Deep Fake Spear Phishing Attacks

• Mobile Devices Become the Ultimate Backdoor

• IoT Devices Become New Critical Targets

• Ransomware will continue to escalate

….from Italy with Love, America and Cyber Defense Media

Group – you complete me. Show me 2020!

To our faithful readers, we thank you,

Pierluigi Paganini

Editor-in-Chief

PRESIDENT & CO-FOUNDER

Stevin Miliefsky

stevinv@cyberdefensemagazine.com

INTERNATIONAL EDITOR-IN-CHIEF & CO-FOUNDER

Pierluigi Paganini, CEH

Pierluigi.paganini@cyberdefensemagazine.com

US EDITOR-IN-CHIEF

Yan Ross, JD

Yan.Ross@cyberdefensemediagroup.com

ADVERTISING

Marketing Team

marketing@cyberdefensemagazine.com

CONTACT US:

Cyber Defense Magazine

Toll Free: 1-833-844-9468

International: +1-603-280-4451

SKYPE: cyber.defense

http://www.cyberdefensemagazine.com

Copyright © 2019, Cyber Defense Magazine, a division of

CYBER DEFENSE MEDIA GROUP (a Steven G. Samuels LLC d/b/a)

276 Fifth Avenue, Suite 704, New York, NY 10001

EIN: 454-18-8465, DUNS# 078358935.

All rights reserved worldwide.

PUBLISHER

Gary S. Miliefsky, CISSP®

Learn more about our founder & publisher at:

http://www.cyberdefensemagazine.com/about-our-founder/

WE’RE TURNING A CORNER INTO

8 YEARS OF EXCELLENCE!

Providing free information, best practices, tips and

techniques on cybersecurity since 2012, Cyber Defense

magazine is your go-to-source for Information Security.

We’re a proud division of Cyber Defense Media Group:

CYBERDEFENSEMEDIAGROUP.COM

MAGAZINE TV RADIO AWARDS

5


6

Welcome to This Very Special January 2020 Edition

In my capacity as US Editor-in-Chief, I’m pleased to welcome readers of Cyber Defense Magazine to the

January 2020 issue. Based on our current experience, some 5 Million individual online inquiries will land

on our pages this month.

We find ourselves at the beginning of a new decade. It’s a good time to recall how recently it seems we

were entering the new century. And what was the most pressing concern at the end of 1999?

Y2K! Almost no one thinks of that much anymore, but at the time, it was feared that the entire digital

system on which so many functions depended might come to a crashing halt. 50 years ago, when

programming dates were being assigned to many operating systems and program features, it seemed

that a 2-digit year format would suffice. As we approached the time when “xx99” would turn into “xx00,”

dire predictions emerged – fortunately few of which ever came to pass.

If we consider for a moment the increasing speed at which cyber developments occur, and place that in

the perspective of 20-year increments, we must be prepared to deal with new and growing challenges to

cybersecurity.

Foremost among them will likely be based on Artificial Intelligence, Machine Learning, the 5G network,

and no doubt more we have not yet seen or imagined.

That is the value proposition of Cyber Defense Magazine: keeping our audience informed and ahead of

the curve of these very developments.

Wishing you all success in your cyber security endeavors,

Yan Ross

US Editor-in-Chief

Cyber Defense Magazine

About the US Editor-in-Chief

Yan Ross, J.D., is a Cybersecurity Journalist & US Editor-in-Chief for Cyber

Defense Magazine. He is an accredited author and educator and has provided

editorial services for award-winning best-selling books on a variety of topics.

He also serves as ICFE's Director of Special Projects, and the author of the

Certified Identity Theft Risk Management Specialist ® XV CITRMS® course.

As an accredited educator for over 20 years, Yan addresses risk management

in the areas of identity theft, privacy, and cyber security for consumers and

organizations holding sensitive personal information. You can reach him via

his e-mail address at yan.ross@cyberdefensemediagroup.com

6


7

7


8

8


9

9


10

10


11

11


12

12


13

Your website could be vulnerable to outside attacks. Wouldn’t you like to know where those

vulnerabilities lie? Sign up today for your free trial of WhiteHat Sentinel Dynamic and gain a deep

understanding of your web application vulnerabilities, how to prioritize them, and what to do about

them. With this trial you will get:

An evaluation of the security of one of your organization’s websites

Application security guidance from security engineers in WhiteHat’s Threat Research Center

Full access to Sentinel’s web-based interface, offering the ability to review and generate reports as well

as share findings with internal developers and security management

A customized review and complimentary final executive and technical report

Click here to sign up at this URL: https://www.whitehatsec.com/info/security-check/

PLEASE NOTE: Trial participation is subject to qualification.

13


14

14


15

15


16

16


17

17


18

18


19

19


20

Best Practices for Building A Comprehensive Cyber Risk

Management Program

By Haythem Hammour, Product Marketing Manager, Brinqa

A primary goal for most information security organizations today is the identification, prioritization and

remediation of cyber risk. Businesses struggle with risk management for a variety of reasons, including

disconnected teams and stakeholders, limited resources, data overload and lack of consistency.

The enterprise IT infrastructure is evolving at a rapid pace. SaaS, IaaS, and cloud-native technologies

have enabled businesses to embrace digital transformation, but they have also made enterprise IT

environments more diverse and complex, and difficult to manage and secure. Software applications also

represent an important attack surface. Most organizations’ software infrastructure comprises very diverse

entities – internally developed applications, externally sourced software, desktop applications, web

applications, mobile applications, open source components, SaaS, APIs and web services.

The cybersecurity infrastructure to secure these elements is equally diverse. Different products may be

used for testing for vulnerabilities in network, cloud, and container infrastructure. Separate, dedicated

security products may be used for static application testing, dynamic or web application testing, and

software composition analysis. Securing software infrastructure also requires DevSecOps, mobile

security, penetration testing, and more. And, in most cases, these components and the corresponding

security infrastructure are owned and managed by different teams, with little communication and

collaboration.

20


21

A further challenge arises from the use of the cybersecurity tools themselves. They provide valuable and

useful insights, but this data can easily get lost in a deluge of irrelevant information. Threat intelligence

is a prime example of the need to identify and utilize relevant information while ignoring the noise. Making

things more difficult is the reality that information about a particular entity may be distributed across

multiple tools and locations.

Organizations need to be able to connect, model and analyze relevant security, context and threat data.

That’s the best way to deliver knowledge-driven insights for cyber risk prioritization, reporting and

remediation. Companies need to implement a cyber risk management program that can:

• Intelligently connect vulnerability, asset and threat data from all sources for complete visibility and

understanding of cyber risk.

• Prioritize remediation to address the most impactful, exploitable, and prevalent risks.

• Eliminate the noise of false positives and irrelevant information.

• Automate closed-loop remediation of risks at scale through creation, tracking and escalation of

tickets.

• Narrow communication gaps across teams with a common data model, nomenclature, and

language.

• Communicate real-time program metrics and risk indicators to all key stakeholders.

Information security organizations looking to build out their own cyber risk management programs should

have the following best practice recommendations at the top of their minds:

Develop a comprehensive, extensible cybersecurity data ontology – Security teams must implement a

cyber risk management process that is built on a comprehensive, standardized, and dynamic data

ontology. Such an ontology will clearly define, delineate, and represent the common IT, security, and

business components that comprise the enterprise technology infrastructure, and the relationships

between them. To deliver risk insights that are relevant to a business, security teams must ensure that

any unique organizational factors that have an impact on risk analysis are reflected in the cyber risk data

ontology. The ontology must also be able to evolve with changes in the IT and cybersecurity landscape,

without adversely impacting the risk management processes.

Expand the scope of cyber risk management to include network, applications, cloud, and emerging

technologies – Organizations need comprehensive coverage of risk analysis and management across

the entire enterprise technology infrastructure. InfoSec organizations must implement a consistent cyber

risk management strategy across critical infrastructure components using dedicated, purpose-built

processes for vulnerability management, network security, application security, cloud security, and

emerging technologies such as IoT.

Adjust risk prioritization models as necessary – Another critical factor for success comes from being able

to leverage information from disparate cybersecurity tools and stakeholders to develop and present new

21


22

knowledge and insights in the form of risk scores, ratings, alerts and notifications. To do so, security

teams need to have complete visibility and control over the risk methodology—resulting in accurate and

relevant results and a better understanding of the factors driving risk prioritization and remediation.

Automate remediation management – Instead of ad hoc decisions, security teams should formulate and

implement policies for risk remediation through automated ticket creation, tracking, and validation.

Strong, comprehensive capabilities around consolidation, dynamic ownership and SLA assignment can

significantly improve the effectiveness of the remediation process.

Leverage cybersecurity process automation where possible – Cyber Risk Management involves

processing and analyzing massive volumes of IT, security, and business data. This can be very time and

resource intensive, and automation should be used where possible to alleviate these needs. Automated

processes for risk analysis, prioritization and reporting not only make the program more efficient, but also

lead to more consistent and accurate results.

Develop and communicate integrated analytics – For a cyber risk management program to function

effectively, it must intuitively engage and inform all the varied stakeholders across IT, security, and

business at the appropriate instant in the risk lifecycle. The ability to visually communicate key risk and

performance indicators through powerful metrics and reports are crucial to program success.

Organizations must empower and encourage stakeholders to develop and communicate the metrics and

reports that matter to them.

The pace of change in enterprise IT is not letting up and cyber risk management programs must evolve

and grow to keep pace. Best practices are taking shape as businesses and the public sector come to

terms with the scale of the challenge. These include establishing and maintaining an extensible

cybersecurity data ontology as well as process automation, integrated analytics, use of the open risk

prioritization model and more. With such practices in place, the challenge of protecting complex

enterprise software infrastructure becomes more manageable and dynamic.

22


23

About the Author

Haythem Hammour Product Marketing Manager. Haythem brings

education, experience, and serious credibility to his role as Product

Marketing Manager at Brinqa. A customer-focused Information

Security professional and Cyber Security evangelist, Haythem uses his

engineering background and diverse experience to inform his work and

to successfully collaborate with engineers and creative teams. He is a

Cyber Security scholar, and is an official member of both the Product

Marketing Alliance and the Forbes Communication Council.

haythem.hammour@brinqa.com I ☎ (512) 372-1004

8310 N Capital of Texas Hwy, Suite 155, Austin, TX 78731

www.brinqa.com |Twitter | LinkedIn | Free! Webinars

https://twitter.com/hammour_haythem

23


24

The Dark Truth

of Insider Threat

By Richard Menear, CEO, Burning Tree

In any business, we inherently want to

trust the people we work with. By and

large, we can. However, the reality is

that insiders remain one of the main

threats to your organisation’s

information and cyber security, and if

you think your company can’t be

breached — think again!

Although it can sometimes be difficult to separate incidents caused by insiders from general data

breaches, Verizon’s 2019 Data Breach Investigations Report found that 34% of all breaches in 2018

happened as a result of insider work. The same report also found that 68% of data compromise is internal.

Internal incidents can be especially tricky to detect because actors know exactly where sensitive data is

stored and have a good understanding of your cyber security processes and the solutions you have

implemented. As such, some breaches may go undetected for months — or even years.

But with the cost of an insider attack remaining high (the average cost rose 15% from 2018 to 2019), it

has never been more crucial for organisations to be aware of insider threats.

Defining “insiders”

We might think of “insiders” as disgruntled or malicious employees waiting to steal your corporate data

and sell it on the dark web. Malicious intent from a disgruntled employee can be the worst type of insider

threat — with fraudulent activity often going undetected and eroding company profitability. However, more

often than not, a data leak is simply due to a mistake or unintentional misuse.

According to reports, privileged IT users or admins are the most dangerous insiders. It is normal for IT

operational staff to have direct administrative access to all systems. The information on these systems

can be highly confidential or valuable and is often subject to strict compliance requirements such as

GDPR. Plus, even if personal information is locked down at the application, IT administrators can access,

copy, change or delete data — which could result in a GDPR compliance issue.

24


25

Focus on detection

Although prevention, mitigation and response are crucial parts of security policies, when it comes to

insider threats, it is essential to shift the focus to detection. This means investing in and deploying suitable

solutions.

The different approaches used to detect and eliminate insider threats depends on infrastructure and

applications.

Privileged Access Management

Weak authentication or shared credentials can further extend the risk of a highly privileged account being

compromised, so application access control and password rotation are vital for improved adaptive

authentication.

At the simplest level, insider threat detection solutions will ‘vault’ administrative passwords to protect and

safeguard passwords, only releasing them as and when required.

Solutions could include AD Bridging to onboard Unix servers, policy enforcement, management of

workstations, password rotation and command auditing.

For example, One Identity’s Privileged Access Management solutions and Quest’s audit and reporting

solutions enable you to provide the full credential when necessary or limit access with granular delegation

for least privileged access. Security can also be enhanced by requiring a second factor of authentication

for user, administrative or superuser access.

Privileged Session Management

To proactively detect and limit insider threats, Privileged Session Management is also crucial. By

monitoring activity, software can help to identify and alert security officers to any broken rules — allowing

them to inspect and respond to suspicious activity as it happens.

One Identity and Quest’s software records and logs all privileged activity — down to the keystroke, mouse

movement and windows viewed — in real-time. Privileged access is then granted based on established

policies with appropriate approvals. This eliminates shared credentials and assigns individual

accountability, resulting in enhanced security and easier compliance.

Process control is key

Without adequate security controls around Privileged Account Management in place, the resulting

damage and fraud from an insider attack could be disastrous. Changing user behaviour and vetting

privileged users is arguably as important as implementing the right software.

25


26

As such, process control is also key to managing privileged users. Over the years, Burning Tree has

helped many companies address required change within their security practices. This involves

implementing a combination of appropriate software and enhanced processes to provide a complete

Privileged Account Management solution that helps to detect and prevent insider attacks.

To find out how we can help tackle insider threats within your organisation, contact us today. If you would

like to learn more about corporate cyber security issues, please follow us on LinkedIn to stay up to date

with our latest articles.

About the Author

Richard is responsible for the overall management and day to day

running of Burning Tree. He supports the Directors in the delivery of

their assignments and on the development of the consulting practice

in the field of Information Risk Management. Richard specialises in

Operational Risk Management and has held senior positions in a

number of Global Financial Institutions.

With a successful track record of over 26 years in Financial Services

and 13 years in Risk Management, Richard has a wealth of

experience. He was Head of Operational Risk for a Global service

unit of HSBC Bank and worked at a number of UK based banks

helping them achieve AMA status under the Basel II accord.

https://burningtree.co.uk/

26


27

What’s the Security Misconfiguration Antidote? Automation.

By Joshua Williams, Senior Cloud and Automations Solutions Engineer, FireMon

The collective security community is spending too time much worrying about vulnerabilities. They need

to shift some of those resources and take a good hard look at misconfigurations, especially in the cloud.

According to Gartner, through the year 2023, 99 percent of all firewall breaches will be caused by

misconfigurations, not flaws.

What’s more, data sources such as the Identity Theft Resource Center suggest that there were

approximately 1,244 reported data breaches in 2018 in the United States and more than 30 percent (377

total) were directly attributed to unauthorized access.

Misconfigurations Continue to Result from Human Error

Misconfigurations, aka human error, almost always occur during the change process, when new rules

are added, modified or deleted. This often happens manually, and the misconfigurations leave an

organization’s network vulnerable to a data breach. In fact, many data breaches today are the result of

this user error. This typically occurs when a system operator has misconfigured a platform or server.

When this happens, a malicious actor can gain unauthorized access and an organization is now at risk.

Firewall and cloud misconfigurations come in all shapes and sizes and no business is immune to their

threats. Misconfigurations can include overly permissive access, incorrect access, open ports to known

vulnerable hosts, rules that bypass the proxy, and access that violates internal or regulatory compliance

standards.

Bottom line, a simple misconfiguration can open your server up to remote access by anyone with an

internet connection, or allow data to be accessed, stolen and used for nefarious purposes.

Misconfigurations can also significantly violate compliance rules and cause devastating service outages.

27


28

Just a few months ago, Imperva announced that a misconfiguration of an Amazon Web Services cloud

enabled hackers to access customer information using its Web Application Firewall product. In

November, Texas Health Resources was breached from a misconfiguration error in its billing system,

which impacted 82,000 patients.

Why is This Happening

Misconfigurations are happening for a number of reasons. FireMon’s sixth annual “State of the Firewall”

report found that there are several key reasons for the increase. First, the pace of business and digital

transformation is simply happening faster than the ability to protect it. The Internet of Things and our

quest to connect every aspect of our business to the internet to move data at lightning speed is outpacing

the level of security needed to protect all the new access points.

Further, we are facing a widening gap in finding the right security talent. The lack of experienced and

properly trained security professionals are driving increases in misconfigurations and the overall number

of breaches annually.

Of course, we are also seeing more firewalls deployed on premise and in the cloud and the number of

rules associated with these firewalls also increase simultaneously. The legacy process of manually

changing policies within a growing firewall environment is a recipe for further disaster and needs a

process change.

The Right Level of Automation Can Remove Human Error and Protect Businesses

The automation of network rules, policies and configurations on premise and off can greatly remove

human error and protect businesses of all sizes from data breaches. It eliminates

guesswork and manual input, especially when rolling out error-prone, late-night changes across multiple

vendors, platforms and data centers. When businesses automate their firewall policy change

management processes, they can move valuable resources to higher priority security needs.

Overall, automation can increase operational efficiency, reduce security cost and increase compliance.

However, it’s important to note that automation isn’t something that you simply turn on.

Businesses need a solution that aligns security automation to meet them where they are in their digital

transformation initiative. By mapping to the current workflow and processes, automation can give

customers the flexibility to automate at their own pace and confidence level.

Organizations should also implement automation that doesn’t add any new complexities or make their

security operations more complex. The best automation allows customers to keep their hands on the

wheel, and ultimately free up the resources of an already short-staffed team to enable speed, lower

compliance risk and close the innovation gap.

28


29

As more and more businesses begin to automate their network security management processes, we will

begin to see a decrease in misconfigurations and ultimately breaches caused by incorrect access and

open ports.

About the Author

Joshua Williams is a Senior Cloud and Automations

Solutions Engineer at FireMon. In this role, Josh helps

enterprises navigate unique network security challenges and

map requirements to meet their needs. Previously, Josh

worked on the FireMon development team to integrate cloud

platforms and on-premise devices into its award-winning

platform. Before joining FireMon, Josh was an engineer for

a major stock exchange and a government agency where he

led the implementation of automation practices across

security and network devices. Josh also teaches as an

adjunct professor of Computer Science at a community

college in Kansas City. He can be reached on LinkedIn and

the company website: www.firemon.com.

29


30

How To Mitigate The Risks Of Remote Desktop Protocol

By Chris Morales, head of security analytics at Vectra

Remote Desktop Protocol (RDP) is an invaluable tool for any business wanting to save money and create

efficiencies through centrally controlling all its computer assets no matter how far away or isolated.

However, such a capability is also a tempting prospect for cybercriminals looking to exploit the system

for their own gains, with Vectra research highlighting that malicious RDP behaviours are experienced by

nine out of ten organisations.

The research also reveals which industries and size of organisations have the most RDP detections,

along with examples of how cybercriminals and state-sponsored actors are using RDP.

Why is RDP so attractive?

Traditionally, a business that wanted to fix issues on its computers that were situated away from its central

offices had two choices; either send out engineers to resolve the issue or have them permanently

stationed locally. Neither option is ideal with a call out costing in the region of US$2,200, while having an

engineer based on a remote site is unlikely to be cost effective. Further, as more than 60 percent of

machine issues can be fixed remotely, it is no wonder more and more companies are turning to RDP.

Using the protocol, one engineer can do the work of a whole team without the need to leave a central

control room through being able to potentially access and control every computer on the network.

However, it is this very capability that makes infiltrating an organisation’s RDP so attractive for threat

actors, enabling them to cause chaos without being detected. No wonder the FBI has warned that such

activity has been on the rise since mid-late 2016.

30


31

Industries under threat

According to our research, manufacturing was the most targeted sector for malicious RDP behaviours,

accounting for 20 percent of incidents monitored across nine industries, followed by finance and retail.

Manufacturing also accounted for the highest number of RDP Recon and Suspicious Remote Desktop

activities observed.

An RDP Recon incident is when several failed attempts to establish an RDP connection are detected,

potentially indicating that a threat actor is trying to access a system using different login combinations or

is looking to identify active accounts. Conversely, Suspicious Remote Desktop is activated when unusual

characteristics are detected following a successful RDP connection, such as an RDP server that is usually

logged into using English keyboard inputs, is accessed by someone using a German keyboard.

In relation to the size of an organisation experiencing RDP attacks, medium manufacturing firms topped

the list with large manufacturing businesses also making the top ten. Medium retailers and medium

financial institutions also witnessed high levels of malicious RDP behaviour. As a whole, medium

organisations experienced the most RDP detections with 6.9 per 10,000 workloads or devices, small

organisations had 6.5, while large businesses had 4.5.

There are two factors worth considering when looking at these numbers. First is that the size of the

company in relation to the number of employees is not indicative of number of devices. For example,

manufacturing has significantly more connected devices than workers. The second is that larger

organisations are likely to have greater resources focused on countering cyber threats.

Using RDP to attack

RDP has been used in many cyberattacks recently, the most notable of which is SamSam. This hacking

and extortion scheme affected more than 200 organisations, enabling the perpetrators to amass US$6

million in ransom payments and inflict US$30 million of damage. Through RDP the threat actors were

able to carry out privilege escalation, malware infection and execute files without user authorisation or

action.

State-sponsored actors are also using RDP to commit espionage and sabotage. Take APT40, a threat

actor cell identified by FireEye as supporting China’s naval ambitions for modernisation. The group uses

RDP to move laterally through the networks of organisations involved in the development and production

of naval technologies to steal data, carry out reconnaissance and execute malware.

FireEye research also points to a threat actor group using RDP to carrying out clandestine operations on

behalf of Iran, called APT39. The group leverages RDP against targets in the Middle East, Europe and

the United States to facilitate movement and long-term access to a network to gather information and

cause sabotage.

Mitigating the risk of RDP attacks

While there are significant risks of threat actors maliciously using RDP to gain access to a network,

businesses around the world find it invaluable for their day-to-day operations, seeing the benefits far

outstripping any danger.

Therefore, those continuing to use RDP must look to mitigate these risks. This can be achieved through

limiting RDP access to only those that need to use it and employing strong credential and authentication

31


32

policies. This includes stipulating that employees must use their own unique username and password

when accessing the RDP. Such a move should ensure that unauthorised people do not get their hands

on RDP credentials and help to identify the source of any cyberattack.

To further protect their networks, businesses need to be able to quickly detect and deal with those

cyberattacks that target RDP. This can be achieved by putting in place solutions that can monitor remote

access behaviours to determine whether or not the network has been infiltrated and then enable a

response if necessary.

In this way business can be sure that their useful RDP tool continues to benefit them instead of being

used as an attack vector by cyber criminals.

About the Author

Chris Morales, head of security analytics at Vectra. Christopher Morales is

Head of Security Analytics at Vectra, where he advises and designs incident

response and threat management programs for Fortune 500 enterprise clients.

He has nearly two decades of information security experience in an array of

cybersecurity consulting, sales, and research roles. Christopher is a widely

respected expert on cybersecurity issues and technologies and has

researched, written and presented numerous information security architecture

programs and processes.

Chris can be reached online at https://www.linkedin.com/in/cmatx/ and at our

company website https://www.vectra.ai/

32


33

How to Know If Someone Is Watching You on Your Camera

In this era of video chatting and social media live streaming, your computer’s webcam can never be

more relevant.

By Anda Warner, Marketing Specialist , SEOforX

In this era of video chatting and social media live streaming, your computer’s webcam can never be

more relevant. But just like any other tech devices, webcams are prone to hacking, which can lead to a

serious, unprecedented privacy breach. Think of a case where authorized person access and illegally

takes control of your webcam, without your knowledge. Such a person will effortlessly spy on you and

the people around you and, depending on the value and quantity of data he steals, there can be dire

repercussions on your part.

And because it hasn’t happened to you yet shouldn’t be a reason for you to imagine that you are safe.

The art of criminals recording video footage and then extorting money from people through isn’t an idle

Hollywood cliché. It happens to real people. That is why you should be extra careful whenever you see

any suspicious changes to your camera.

33


34

How do hackers pull this off?

Well, a webcam hacker doesn’t need much to take control of your webcam. All the hacker needs to do is

get a malware program that hijacks a webcam and remotely install it into your computer. Then without

your knowledge, he starts to take videos and images of you from his remote location. And if he is

interested in your personal information such as files stored in the computer and your regular browsing

history, the malware will help him accomplish that, too.

That being said, you don’t need to panic as there are ways of knowing if a hacker is watching you on

camera. Besides, it isn’t easy for anyone to control your webcam remotely without you noticing that

something is amiss. Once you realize your vulnerability, you can always use a VPN to keep the hackers

at bay.

Now that we are all on the same page, let’s look at 4 signs that you can use to check if your webcam is

being used by hackers to spy on you.

1.Does the camera misbehave, e.g. change position without your command?

If your webcam is modern enough, then it has the ability to rotate and move in different directions in order

to capture the best video/image at the most convenient angle. That is a cool feature when you are using

it, but it increases your vulnerability when a hacker takes charge. Always be keen to check if the camera

is moving or rotating without your command. If you realize any unusual movement, that is an indication

that someone is spying on you.

And because webcams work synonymously with built-in microphones and speakers whenever you videochat,

a misbehaving camera will most likely affect the mic and speakers as well. Be aware of any changes

in them as well.

2.Strange storage files

After a hacker records footage via your webcam, that footage - be it video or audio - will be saved among

your existing storage files. That is to mean that if a file pops up from nowhere, then that would be a red

alert. “Always check out for files you did not create, most particularly in your webcam recordings folder.

You cannot also rule out the chances of the hacker having relocated some of his and some of your files

to new folders or to a location where you aren’t likely to check on a regular basis,” suggest Diceus, an

outsourcing Java development company. For that, always comb every corner of your storage locations

and confirm that your webcam settings are in accordance your specifications at all times.

3.Is the indicator light misbehaving?

Does your webcam indicator blink abnormally or go on without you prompting it? If yes, someone could

be controlling it without your consent. Sometimes other computer programs or browser extension that

34


35

you are running in the background could be using your webcam thus causing the abnormal blinking. On

other occasions, the indicator will malfunction because of a technical problem with your computer. But

you shouldn’t leave anything to chance when it gets to your cybersecurity. Be on top of things at all times.

4.Check for background apps

Sometimes malware will be sneaked into your computer as a normal application. This is especially the

case when you are fond of downloading apps from unsecured websites, so a malware app finds an easy

way to your operating system. Always be on the lookout for software/apps that are running on your

computer without you having installed them.

About the Author

Anda Warner is an experienced marketing specialist with a demonstrated

history of working in the marketing and advertising industry. Anda

possesses a strong entrepreneurial mindset and has devoted her career to

enhancing the sphere of marketing and event production.

warnderanda@gmail.com

website www.seoforx.com

35


36

8 Common Types of Small Business Cyber Attacks

By Jonathan Krause, Owner, Forensic Control

Whilst large scale cyber-attacks are well documented, there is also an increasing number of e-commerce

small businesses at threat from targeted attacks. A report released by Verizon showed that approximately

43% of cyber-attacks targeted small and medium enterprises (SMEs). Out of these, only 14% are

prepared to defend themselves against cyber threats.

A further study conducted by the Ponemon Institute revealed that there is a rise in the number of attacks.

67% of SMEs experienced a cyber-attack in the form of either phishing, ransom-ware, or advanced

malware, with another 58% also having experienced a data breach.

About half of these victims (47%) confirmed that they did not understand how to protect their

organisations against digital attacks. That needs to change.

It’s vital that small businesses owners educate themselves on the basics of cyber security. They need to

learn about the different types of attacks that can be launched against them.

Organised criminal gangs conducted 39% of the attacks. The methods used varies as well. Hacking

accounted for 52%; Malware for 28%; and unauthorised users for 15% of the attacks.

Small businesses currently seem to lack the resources and knowledge to fight them, with many spending

less than £500 annually on Cybersecurity products. This low spend could be linked to the fact that 54%

of small enterprises believe that their companies are 'too small' to be targeted by cyber criminals.

According to Hiscox it costs on average $200,000 to deal with a cyber security incident.

That's a big cost for a small business. It's also reported that 60% of the affected companies close down

within six months after the incident.

36


37

These stats make it clear why small businesses are almost the perfect target. They don't have the

knowledge and they don't spend enough to protect themselves properly, because they don't think they

will be targeted.

The Most Common Types Of Cyber Attacks Small Businesses Face

There are many different cyber-attack types, but these are the most common that small business owners

will face:

· Malware – Also known as malicious software. It's one of the most prominent digital threats to small

and medium-sized enterprises. It is designed to damage and gain access to a specific network and the

digital devices connected to it. In most cases, security is breached when a user clicks on a bad link and

downloads infected files into their devices. These links are placed on the internet by cyber criminals who

have harmful intentions.

· DDoS – Distributed denial of service happens when a group of infected computers attacks a server,

website, or any other network device by sending a high volume of messages and connection requests.

This group of infected computers is known as Bot Network or simply Botnet. The attacked device slows

down or “crashes”, which makes it unavailable to the users.

· Phishing – This is a common scam whereby cyber criminals trick people into clicking a link within a

fake email or website. They do this so that they can gain access to a network or digital device. Phishing

allows criminals to have access to private passwords, financial records, credit card information, and other

data.

Cyber criminals understand that it is easy for employees in an organization to click on interesting links

over a particular website or email. This gives them ready access to the organization's network and

computers.

· Inside attacks – There has been an incredible increase in cases of insider attacks. They mostly come

from trusted outsiders, employees and contractors who have authorized access to a particular network.

The following may lead to an inside cyber-attack:

1. Components of a system are affected by an unintentional mistake

2. Intentional attempts to harm or destruct an organization – this is often done by a former or current

dissatisfied employee

3. An attempt to find specific data that is not accessible by the user

4. Checking for weaknesses on the network

· Email initiated attacks – These occur when an individual clicks on a link or attachment in an email,

either by mistake or thinking that the link or attachment is legitimate. The emails are nicely formatted,

and the links in these emails are attractive and enticing. However, once you click on the link, it may collect

personal data, download a virus to the computer, or open up a file back at the command server asking

for further instructions. The majority of small businesses do not have measures to prevent all that from

happening. This enhances the spread of malware.

37


38

· Password attacks - In this situation, an automated system is used to generate various password

combinations in an attempt to try and access a particular network. Consistently changing the users’

passwords, accounts and admin credentials is one way of fighting this crime. The credentials can be

changed in period intervals preferable to the business. It's easy enough to do this quarterly or even

monthly.

· Ransom-ware– This type of attack encrypts a device on a network and locks it down, rendering the

device unavailable to the user until there is a payment. Some hackers may remove the encryption and

unlock the device after payment. In some extreme cases, the hackers do not remove the encryption,

forcing the business to incur more expenses in recovering the device.

· Website hijacking – In this scenario, hackers set up a legitimate website to download viruses and

malware to any device that accesses the site. Legitimate sites are often not on the blacklist. Therefore,

website hijacking can go unnoticed for quite some time, and this makes it a dangerous cyber-attack

Ways of Preventing Cyber Attacks for Small Businesses

Hackers and other cyber criminals are discovering new ideas every day to access small businesses'

computers, networks and information.

If you’re in the UK you can benefit from Cyber Essentials. Cyber Essentials helps you to guard against

the most common cyber threats and demonstrate your commitment to cyber security.

It's hard to prevent cyber-attacks completely, but small business owners should always strive to educate

themselves so they don't fall victim to one.

Below are some ways of minimizing such attacks:

· Use of anti-virus and firewalls. This is one of the most common methods of dealing with malware.

However, the anti-virus and firewall should be regularly updated to counteract any viruses, programs,

and network or DDoS attacks. Encryption tools should also be used to scan files and links for malware.

· Minimize the use of removable media, such as USB drives, on the business’s computers.

Additionally, it is advisable to routinely monitor and scan every device connected to your network or

computer system.

· Make daily back up and duplicates of all files and data. This way, it will be easy to restore your

data in the event of a digital attack which compromises the system or network.

· Limit the employees' access to files, folders and programs required for critical routine tasks.

· Always remind the employees to stay away from unsolicited links and attachments in emails.

· Carry out regular vulnerability tests and risk assessments on computer systems and networks.

This helps to identify and rectify possible entry points into the net.

38


39

· Provide staff especially those in the IT department, with training on the current online threats and

trends in digital attacks.

· Using multifactor authentication. This is adds a layer of security, so there are more hurdles for an

attacker to bypass before they get access to sensitive information.

· Invest in Cybersecurity insurance. Cyber criminals are becoming more and more sophisticated,

meaning they can strike even the most security-conscious companies. Most of the insurance policies

today will cover the cost of any lost data, as well as partly pay for the process of recovering any lost

information.

· Protect your hardware that contains essential data such as hard- drives, USB drives, and laptops.

Losing such equipment could have severe implications on the security of the company if it landed in

criminals’ hands.

Conclusion

Loss of data has been one of the significant challenges that organizations face and fall victim to. Cyberattacks

are on the rise today, with 43% of the attacks targeting small and medium businesses.

Cyber criminals are getting wiser and more cunning by the day. They are continually designing new ways

of infecting businesses' computers with malware with the aim of stealing sensitive data and disrupting

the core activities of an organisation. Business cyber security needs to be a priority, with the whole

organisation providing a united front.

The options highlighted above can be used to minimize and negate the occurrence of cyber-attacks in

small businesses. Regular backups, duplicating files and data, installing updated anti-viruses, and limiting

the use of removable media on the business’s computers are some of the best ways to minimize cyberattacks

and improve security. Companies must also train all their staff on cyber-security and establish a

robust security strategy.

About the Author

Jonathan Krause, Owner of Forensic Control. He is a leading cyber security

and digital forensic specialist based in London, UK. After working as a

computer forensic specialist in the Hi-Tech Crime Unit for the Metropolitan

Police at New Scotland Yard, Jonathan founded Forensic Control in 2008.

Since then, Jonathan and his team have advised on hundreds of data

breaches for corporate clients of all sizes. Jonathan can be reached online

at jonathan@forensiccontrol.com and at our company website

https://www.forensiccontrol.com/

39


40

The Ultimate Guide to SSL/TLS Decryption

Six Features to Consider When Evaluating SSL/TLS Inspection Solutions

By Babur Khan, Technical Marketing Engineer, A10 Networks

Encrypted traffic accounts for a large and growing percentage of all internet traffic. While the adoption of

Secure Sockets Layer (SSL), and its successor, Transport Layer Security (TLS), should be cause for

celebration – as encryption improves confidentiality and message integrity – these protocols also put your

organization at risk as they create encrypted blind spots that hackers can use to conceal their exploits

from security devices that are unable to inspect SSL/TLS traffic.

The threat of SSL/TLS blind spots is a serious one. According to a Ponemon survey, legacy security

infrastructure is not built to take care of these evolved, hidden attacks, and almost two out of three

organizations are not able to decrypt and inspect their SSL/TLS traffic.

To stop cyberattacks, you need to gain insight into encrypted data; to gain insight into encrypted data,

you need a dedicated security platform that can decrypt SSL/TLS traffic and send it to the security stack

for inspection in clear text. This paper describes six features to consider when evaluating an SSL/TLS

inspection platform. With this information, you will be able to easily define evaluation criteria and avoid

common deployment pitfalls.

40


41

The current state of insecurity

Worldwide spending on information security will exceed a staggering $124 billion in 2019 as organizations

stack up security products around their network perimeters. Unfortunately, as SSL traffic increases, our

collective $124+ billion investment in security is falling far short of protecting all our digital assets.

Attackers are wising up and taking advantage of this gap in corporate defenses. In fact, as much as 70%

of cyberattacks will use encryption as part of their delivery mechanisms by 2019. As a result, companies

that do not inspect SSL communications are providing an open door for attackers to infiltrate defenses

and steal data.

Cybercriminals can use encryption to hide the delivery of malware as well as the extraction of data, which

leaves legacy security devices blind to data breaches. Such breaches can have a disastrous impact on

your company’s reputation and brand, and you could be subject to disciplinary action and fines. For

instance, over 200,000 computers worldwide were affected by last year’s WannaCry ransomware attack

most notably, Britain’s National Health Service (NHS), causing serious disruptions in the delivery of health

services across that nation. To prevent cyberattacks, enterprises need to inspect all traffic and encrypted

traffic in particular, for advanced threats such as WannaCry.

Existing security solutions can’t hack it

While some security solutions can decrypt SSL/TLS traffic, many are collapsing under growing SSL/TLS

bandwidth demands and SSL key lengths. Today, the use of 2048-bit SSL keys has become common,

and the impact is startling.

NSS Labs looked at how decryption impacts performance in its 2018 SSL/TLS Performance Tests. They

measured product performance with a Next Generation Firewall (NGFW) with decryption turned on

versus turned off and found significant performance degradation and increased latency in the tested

products.

• A 92% drop in the average connection rate. Connection degradation ranged from 84% to 99%.5

• An increase in latency in the average application response time of 672%. Latency ranged from

99% to 2,910%.

• A 60% drop in the average throughput. Throughput degradation ranged from 13% to 95%.

The importance of being earnest…when evaluating ssl/tls inspection platforms

To eliminate the SSL/TLS blind spot in corporate defenses, you should provision a solution that can

decrypt SSL/TLS traffic and enable all security products that analyze network traffic to inspect the

encrypted data. You must carefully evaluate all the features and performance of your SSL/TLS inspection

platform before selecting a solution. If you deploy an SSL/TLS inspection platform in haste, you might be

blindsided later by escalating SSL bandwidth requirements, deployment demands or regulatory

implications.

41


42

SSL traffic is growing, and it will continue to increase in the foreseeable future due to concerns about

privacy and government snooping. Many leading websites today, including Google, Facebook, Twitter

and LinkedIn encrypt application traffic. With SSL traffic accounting for a growing percentage of all

internet traffic, you should factor in performance needs and future bandwidth usage when evaluating an

SSL inspection solution. However, you should also make sure that your proposed architecture will comply

with regulatory requirements such as the European Union’s (EU’s) General Data Protection Regulation

(GDPR) or healthcare’s Health Insurance Portability and Accountability Act (HIPAA).

Six features to consider when selecting an ssl/tls inspection platform

Because SSL/TLS inspection potentially touches so many different security products from firewalls and

intrusion prevent systems (IPS) to data loss prevention (DLP), forensics, advanced threat prevention

(ATP), and more, you should develop a list of criteria and evaluate SSL/TLS inspection platforms against

these criteria before selecting a solution. An SSL/TLS inspection platform should:

1. Meet current and future ssl/tls performance demands

Performance is one of the most important evaluation criteria for an SSL/TLS inspection platform. You

need to assess current internet bandwidth requirements and ensure the inspection platform can also

handle future SSL throughput requirements.

2. Satisfy compliance requirements

Privacy and regulatory concerns have emerged as one of the top hurdles preventing some organizations

from inspecting SSL traffic. While your security team may have deployed a wide array of products to

detect attacks, data leaks, and malware, and rightfully, so you have to walk a thin line between protecting

your company’s intellectual property without violating employees’ privacy rights.

Companies that don’t comply with these regulatory rules can be subject to hefty fines and lawsuits. In a

study by the Ponemon Institute, 36% of surveyed companies said compliance/regulatory failure was a

major factor in justifying funding of their organizations’ IT security budget. Forrester Research also

recently reported that as many as “80% of companies will fail to comply with GDPR”

To address regulatory requirements like GDPR, HIPAA, Federal Information Security Management Act

(FISMA), Payment Card Industry Data Security Standard (PCI DSS), and Sarbanes-Oxley (SOX), an

SSL/TLS inspection platform should be able to bypass sensitive traffic, such as traffic to banking and

healthcare sites. Once sensitive traffic is bypassed, you can rest easy knowing that confidential banking

or healthcare records will not be sent to security devices or stored in log management systems.

42


43

3. Support heterogeneous networks with diverse deployment and security requirements

You have to contend with a wide array of security threats from external actors as well as potential

malicious insiders. Therefore, to safeguard digital assets, you need to deploy an ever-increasing number

of security products to stop intrusions, attacks, data loss, malware, and more.

Some of these security products are deployed inline, while others are deployed non-inline as passive

network monitors. Some analyze all network traffic, while others focus on specific applications, like web

or email.

However, virtually all of these products need to examine traffic in cleartext in order to pinpoint illicit activity.

Recently, though, the rise in SaaS adoption has caused many applications to move to the cloud.

Productivity and storage applications like Office 365, Box, Dropbox, G Suite, etc., are commonly used by

many companies. However, many of these applications have their own security stacks in the cloud and,

in the interest of a better user experience, SaaS vendors generally recommend bypassing on-premise

security stacks.

You will need the flexibility to deploy best-of-breed security products from multiple vendors to prevent

getting locked into a single vendor solution. The security landscape constantly evolves to combat

emerging threats, and in one or two years, your company may want to provision new security products;

your SSL/TLS inspection platform needs to be able to interoperate with these new products. An

inspection platform that supports flexible deployment, traffic steering and granular traffic controls will be

able to provision a wide range of security solutions into the future.

4. Maximize the uptime and the overall capacity of your security infrastructure

A security infrastructure blocks cyberattacks and prevents data exfiltration. If your security infrastructure

fails, threats may go undetected and your company may be unable to perform business-critical tasks,

resulting in loss of revenue and brand damage.

Most firewalls today can granularly control access to applications and detect intrusions and malware.

Unfortunately, analyzing network traffic for threats is a resource-intensive task. While firewalls have

increased their capacity over time, they often cannot keep up with network demand, especially when

multiple security features like IPS, URL filtering, and virus inspection are enabled. Therefore, your

SSL/TLS inspection platform should not just offload SSL processing from security devices, but should

maximize uptime and performance of these devices.

When evaluating an SSL/TLS inspection platform, look for a platform that can:

• Scale security deployments with load balancing.

• Avoid network downtime by detecting and routing around failed security devices.

• Support advanced health monitoring to rapidly identify network or application errors.

• Provide better value by supporting N+1 redundancy rather than just 1+1 redundancy.

43


44

Your SSL/TLS inspection platform should not be another point product and should not introduce risk to

your network. Instead, it should lower risk by maximizing the availability and the overall capacity of your

security infrastructure. Only then can the full potential of your SSL/TLS inspection platform be unlocked.

5. Securely manage ssl certificates and keys

When providing visibility to SSL traffic, your SSL/TLS inspection solution must securely manage SSL

certificates and keys. SSL certificates and keys form the basis of trust for encrypted communications. If

they are compromised, attackers can use them for snooping on encrypted traffic and stealing data.

To ensure certificates are stored and administered securely, look for an SSL/TLS inspection platform

that:

• Provides device-level controls to protect SSL keys and certificates.

• Integrates with third-party SSL certificate management solutions to discover, catalog, track and

centrally control certificates.

• Supports FIPS 140-2 Level 2 and Level 3 certified equipment and Hardware Security Modules

(HSMs) that can detect physical tampering and safeguard cryptographic keys.

6. Simply and easily deploy and manage your enterprise security solution

When investing in either a firewall or a decryption solution, two of the biggest problems are the complexity

and the lack of rich usable analytics. A solution that can be easily deployed allows your organization to

become operational and prevent hidden threats as soon as possible. Unfortunately, most decryption

solutions are too complex to be deployed easily. If your solution is deployed quickly, usually after paying

hefty professional services fees, more problems can emerge; are the analytics provided with the solution

humanly consumable and useful? Is the solution providing any usable insights?

When managing encrypted traffic, rich analytics with data delivered in an easy-to-consume format is

critical in order to free up valuable human analysts to make effective and informed decisions. Real-time

analysis provides deep insights into anomalies and threats in encrypted traffic, so adaptive controls and

policy updates can be set through behavior analysis. Products from partners like Splunk may be deployed

in your security network to capture insights into the traffic flowing through network devices.

Furthermore, as your organization grows and spreads to multiple, geographically-distributed

deployments, a ‘single pane of glass’ solution becomes necessary to provide management and analytics

available at a single centralized location. Simplicity becomes a must.

When choosing an SSL/TLS inspection solution, look for a platform that:

• Is easy to use and can be deployed in minutes.

• Ensures the application of security best practices, reducing human errors introduced during

deployment.

• Provides detailed real-time analytics that will help in advanced troubleshooting.

44


45

• Enables troubleshooting of issues that you might have with the platform itself, with ease.

• Provides customizable dashboards that deliver tailored statistics widgets.

• Provides a centralized management option to support your organization as it grows, allowing all

your geographically distributed deployments to be managed and analyzed from a central location.

Conclusion

As privacy concerns are propelling SSL/TLS usage, you face increased pressure to encrypt application

traffic and keep data safe from hackers and foreign governments. In addition, because search engines

such as Google rank HTTPS websites higher than standard websites, application owners are clamoring

to encrypt traffic. At the same time, you face threats like cyberattacks and malware that can use

encryption to bypass corporate defenses.

With SSL accounting for nearly 85% of enterprise traffic in North America and more applications

supporting bigger keys and complex ciphers like ECC for PFS, you can no longer avoid the cryptographic

elephant in the room. If you wish to prevent devastating data breaches, you must gain insight into your

SSL/TLS traffic. Since legacy firewalls are inefficient at decrypting and inspecting traffic simultaneously,

creating bottlenecks in your network, a dedicated SSL/TLS inspection platform that will support your

existing security infrastructure is necessary.

Before provisioning an SSL/TLS inspection solution, consider criteria like performance, flexibility,

analytics, ease-of-use, and secure key management, which are critical to your organization’s success.

Armed with this information, you can make a well-informed decision and avoid the deployment pitfalls

that SSL/TLS inspection can potentially expose.

About the Author

Babur Nawaz Khan is a technical marketing engineer at A10 Networks. He

primarily focuses on the company’s enterprise security solutions, including

Thunder® SSL Insight for TLS inspection and Cloud Access Proxy, which is a

SaaS access security and optimization solution. Prior to his current role, he was

a member of A10 Networks’ corporate systems engineering team, working on

application delivery controllers. Khan holds a master’s degree in computer

science from the University of Maryland, Baltimore County. Babur can be

reached online at our company website http://www.a10networks.com

45


46

Encryption Is Key to Guarantee Data Is Anonymous

By Julian Weinberger, CISSP, Director of Systems Engineering at NCP engineering

Regulatory initiatives such as the EU General Data Protection Regulation (GDPR) have granted

consumers powerful rights to determine how organizations collect and use personally identifiable

information. Companies that hold on to personal data without consent, or who fail to employ adequate

measures to protect it, may face stringent penalties.

Yet, there is one important exception. Anonymized data – information held without key details to prevent

identification – is exempt from the rules.

Data in anonymized form is meant to reduce the chance of a breach or damage from its loss because it

cannot be used to identify specific individuals. Received wisdom holds that with no threat to personal

privacy there is no risk of punitive fines.

Anonymized data is ideal for medical trials and market research. Healthcare organizations, for example,

can take patient names, addresses, and dates of birth out of digitally stored medical records to use

information for research purposes without the risk of disclosing individual identities.

46


47

It’s not just medical research that benefits from anonymized data. Transport for London recently mined

anonymized mobile phone data of passengers to gather information that enabled it to create more

accurate travel times and arrival estimates.

While anonymized data undoubtedly has its uses, it is far from perfect.

Deciphering the Datasets

On its own, anonymized data is impossible to decipher – until, that is, someone starts to cross-reference

it against publicly available data sets such as an electoral roll or a national census.

Belgium’s Université Catholique de Louvain (UCLouvain) and Imperial College London discovered this

can be achieved with alarming accuracy. The study found that an anonymized dataset containing 15

demographic attributes could be used to identify individuals in the state of Massachusetts with 99.98

percent accuracy. Considering the state population is close to seven million people, the findings are

remarkable.

In another prominent example, researchers found that publicly available anonymous data about routes

taken by New York City cab drivers could be used to reveal their home addresses. The de-anonymizing

process seems to be more accurate with smaller datasets – especially when cross-referenced against

the right database.

Data Encryption

European regulators have shown they are ready to issue stiff penalties to organizations that do not take

proper precautions with anonymized data. Most recently, Denmark’s data protection agency fined a taxi

company approximately $180,000 for failing to anonymize data properly.

Clearly, organizations cannot expect anonymized database data alone to protect sensitive customer

information. Firms must be proactive and implement the proper security measures and technology to

ensure customer privacy is safeguarded.

Encryption is one of the most reliable strategies for protecting the privacy of digital assets, especially if

the organization needs to send or share them over the public Internet. Encrypted data is encoded and

can only be accessed with the correct key, usually using symmetric- or public-key encryption. Data

treated this way is impossible to decipher, effectively rendering it unintelligible to outside observers.

Encryption is essential to protect database data in storage but also on the move. A professional,

enterprise-quality virtual private network (VPN) is an extremely effective way to secure digital

communications.

In summary, database anonymization is useful for storing personal information that is collected in the

course of research. However, researchers cannot trust anonymization alone to keep personal data

47


48

protected from third-parties. Implementing a robust, enterprise-standard VPN is the best way to

guarantee customers’ personal information remains fully protected at all times.

About the Author

Julian Weinberger, CISSP, is Director of Systems

Engineering for NCP engineering. He has over 10 years of

experience in the networking and security industry, as well

as expertise in SSL ‐ VPN, IPsec, PKI, and firewalls. Based

in Mountain View, CA, Julian is responsible for developing IT

network security solutions and business strategies for

NCP.

NCP can be emailed at info@ncp-e.com, reached on Twitter

at @NCP_engineering, and on our company website at

https://www.ncp-e.com/en/.

48


49

Europe Cybersecurity Market Size to Steer At 13% CAGR To

2025

Europe Cybersecurity Market is estimated to be over USD 25 billion in 2018 and is expected to register

a lucrative growth between 2019 and 2025 with a CAGR of over 13%

By Shashie Pawar , PR & Media Communicator (Graphical Research)

According to the Graphical Research new growth forecast report titled “Europe Cybersecurity

Market By Industry (Banking, Government, Manufacturing, Transportation, IT & Telecom, Insurance,

Securities), Industry Analysis Report,, Industry Analysis Report, Regional Outlook (Germany, UK,

France, Spain, Netherlands, Norway, Italy, Ireland, Sweden), Growth Potential, Competitive Market

Share & Forecast, By Product Type (Identity, Authentication and Access Management (IAAM) [Access

Management, Identify Access Management], Infrastructure Protection [Endpoint Protection, Email/Web

Gateway, Security Information and Event Management (SIEM), Vulnerability Management, Cloud

Security, Data Loss Prevention (DLP)], Network Security [Internet Service Provider Equipment, Virtual

Private Network (VPN), Unified Threat Management (UTM), Firewall], Security Services [Implementation,

Managed Security Services, Consultancy & Training, Hardware Support]), By Organization (SME,

Government, Large Enterprises)”, Determined to exceed USD 65 billion by 2025.

49


50

The Europe cybersecurity market growth is attributed to strong government initiatives to promote data

safety and hefty investments in cybersecurity solutions. The increasing cases of data breaches and

malicious cyber-attacks on critical business infrastructure have driven several business enterprises

toward partnering with government agencies for enhanced cybersecurity. For instance, in July 2016, the

EU Commission announced a Public-Private partnership program on cybersecurity with USD 2 billion

investments by 2020. The private sector is estimated to contribute USD 1,498 million, with the remaining

USD 502 million contributed by various governments across the region. This is expected to spur the

growth of cybersecurity solutions in the region.

The network security segment is expected to register an accelerated growth over the forecast period with

a CAGR of over 15%. These solutions protect data integrity and usability of critical business networks,

safeguarding enterprises against intrusions and virus attacks on their IT networks. The proliferation of

new devices, applications, and complex networking architectures has increasingly made network

management difficult for enterprises, driving them toward adopting network security solutions for

efficiently managing modern complex networks. The rapidly changing network has pressured enterprises

to deploy network monitoring tools, accentuating the growth of network security solutions.

The large enterprises segment is projected to exhibit a lucrative growth of over 10% in the Europe

cybersecurity market. Large enterprises are severely affected by cyber-attacks due to the involvement of

substantial financial assets. Malicious attacks can also hamper an enterprise’s market image and cause

investor dissatisfaction; hence, large enterprises are proactively adopting cybersecurity solutions for

mitigating such risks. Increasing budget allocations and the growing awareness regarding cybersecurity

are further expected to accentuate the adoption of cybersecurity solutions by large enterprises.

The banking sector is anticipated to exhibit an accelerated growth between 2019 and 2025, growing at a

CAGR of over 15%. The rapid adoption of digital banking platforms and stringent government regulations

for financial institutions have driven banks toward adopting cybersecurity solutions to prevent financial

abuse and mitigate losses. For instance, in June 2017, the Financial Conduct Authority (FCA), a leading

bank regulator in the UK made it mandatory for all banks in the UK to adopt cybersecurity measures.

50


51

Some of the key vendors in the Europe cybersecurity market include Check Point Software, Sophos

Group plc, BAE Systems, Cisco Systems, Inc., Symantec Corporation, CyberArk Software Ltd., F-Secure

Corporation, Proofpoint Inc. , McAfee LLC , F5networks, Inc., Microsoft Corporation, FireEye, Inc.,

Fortinet, Inc., Hewlett-Packard, Ltd., IBM Corporation, Intel Corporation, Oracle Corporation, Palo Alto

Networks, Inc., Rapid7, RSA Security, LLC., Splunk, Inc, and Trend Micro, Inc.

The Europe cybersecurity market research report includes in-depth coverage of the industry, with

estimates & forecast in terms of revenue in USD million from 2019 to 2025, for the following segments:

Europe Cybersecurity Market Share, By Product Type

• Identity, Authentication and Access Management (IAAM)

• Access Management

• Identity Access Management

• Infrastructure Protection

• End Point Protection

• Email/Web Gateway

• Security Information and Event Management (SIEM)

• Vulnerability Assessment

• Cloud Security

• Data Loss Prevention (DLP)

• Others

• Network Security

• Internet Service Providers (ISPs)

• Virtual Private Network (VPN)

• Unified Threat Management

• Firewall

• Security Services

• Implementation

• Managed Security Services

• Consulting & Training

• Hardware Support

• Others

Europe Cybersecurity Market Size, By Organization Type

• SME

• Government

• Large Enterprise

Europe Cybersecurity Market Forecast, By Industry

• Banking

• Government

• Manufacturing

• Transportation

51


52

• IT & Telecom

• Insurance

• Securities

• Others

Source:https://www.graphicalresearch.com/industry-insights/1246/europe-cybersecurity-market

About the Author

Preeti Wadhwani leads the next-generation technology team at

Graphical Research. She has more than 4 years of market research

and consulting experience in niche and emerging technologies

including SMAC (Social, Mobile, Analytics and Cloud), IoT,

virtualization, and containers.

52


53

Iot Security and

Privacy

Security and Privacy in the IoT age

By Lokesh Yamasani, Director – IT

Security (Security Officer), Satellite

Healthcare

We are living in a digital age, let alone so-called “Age of IoT”. What makes it an “Age of IoT”? The answer

is simple. It is the ability to be able to connect and manage everything from fish tanks, baby monitors to

industrial devices, home monitoring devices via internet to accomplish our objectives. Such convenience

has led to increased attack vector through which these devices/things could be easily compromised. The

scary part is that someone with barely any technical skillset could easily compromise these

devices/things. (i.e., someone could easily learn on the internet on how to compromise these things and

simulate the same a.k.a “Annoying Script Kiddies”), let alone nation state actors, hacking groups, and

other known/unknown threat actors/groups.

With that being said, privacy has become a major concern in the IoT age along with security. (Funny

Story: Most recently, I attended a work meeting where someone I was talking to had their smartwatch

turned on. Towards the end of our conversation, that person’s smartwatch started responding to what we

were talking about). Now that we got security and privacy icebreakers out of our way. Come on in, feel

comfortable. Let’s dissect the security and privacy aspects of Internet of Things. Shall we?

Chapter 1: Security

Before talking about the “security” of IoT architecture. Let’s get to the basics of IoT architecture. The IoT

architecture consists of: 1. Things (Things that are equipped with sensors) 2. Gateways (Data from things

goes to the cloud/infrastructure through these gateways) 3. Data gathering and processing Infrastructure

(Data is gathered, processed here and decision is made based on the data received and Artificial

Intelligence techniques) 4. Control Apps (The apps that send the actual commands to perform an

operation on that smart device). To put in the real world context:

Me: Hey google, I am bored!

Google Assistant: Yes, here are the options. Do you want Mickey Mouse adventures? Car adventures?

Do you want to listen to music?

Me: I want to listen to music.

Google Assistant: Music playing….

53


54

There is quite an amount of technology or rather amalgamation of multiple technologies and related

architectures involved behind that simple transaction. Wherever there is an amalgamation of multiple

technologies and related architectures, there are IoT protocols that run the IoT universe. (Did I say I

wanted to be a Geologist?). As a sample, let’s look at two IoT network protocols:

a) Bluetooth

Bluetooth protocol is mostly used in smart wearables, smartphones, and other mobile devices,

where small fragments of data can be exchanged without high power and memory. Bluetooth

protocol is effective for short-range communication. However, as we all know the threats related

to Bluetooth are becoming more prevalent these days: Blueborne, Bluebugging, Bluejacking, and

Bluesnarfing. With consumers keeping these smart devices that operate on Bluetooth protocol

powered on all the time, the likelihood of such Bluetooth attacks is “High”.

b) ZigBee

ZigBee is an IoT protocol that allows things that are retrofitted with “sensors” to work together.

ZigBee is used with apps that support low-rate data transfer between short distances. ZigBee was

created by ZigBee alliance. When it was designed, security related tradeoffs were made to keep

the devices low-cost, low-energy and highly compatible. Some parts of ZigBee’s security controls

are poorly implemented (what are those poorly implemented controls?). As an example, Killerbee

is a Python-based framework used to exploit the security of the devices implemented with Zigbee

standard. Killerbee provides facilities for sniffing the keys, injecting network traffic, decoding the

packets captured, and packet manipulation that takes advantage of “Trust Center Link Key”. If a

cyber-attacker has to take advantage of that “Trust Center Link Key” within the Zigbee protocol.

Cyber-attacker must capture Zigbee network traffic at the same time the device joins the IoT

network.

As noted above, these security risks are just the tip of the iceberg. On top of these security risks,

since the backend IoT infrastructure is virtualized and in cloud, it is prone to the same security

risks as any cloud and virtualized infrastructure. Hence, it is highly vulnerable and exploitable.

Bottom-Line: As I’m writing this as a security officer for a healthcare company, what does it all

mean to me? What’s the answer to reduce the likelihood of threat and exploitation of vulnerability?

One simple solution from securing the backend IoT infrastructure perspective is to implement zero

trust access model. On the consumer side, deprecate all the less secure protocols. Design and

regulate the mandatory use of relatively more secure protocols (IEEE – Help us please!). In the

future, patient care is delivered at Home and we can already imagine a situation where sensors

that capture patient data are compromised and used as bots to join a network of bots to perform

malicious activity thereby compromising patient care. That could be a wide spread reality and we

are almost seeing that wide spread reality these days.

Chapter 2: Privacy

Next on, Privacy! I’m going to take on it from a healthcare perspective. Imagine, a home care dialysis

patient using one of these IoT sensors that captures the needed data such as: blood pressure level, fluid

levels, heartbeat rate, Total body water percentage etc. Instead, it has also captured patients’ other

54


55

information such as DNA information, Patient’s private conversations etc. that was never needed within

the context of that particular diagnosis.

By default, most sensors do not give patients the ability to influence where they want their data to be

stored, seen by whom etc. within the context of their diagnostics. This leads to patient data gathering

misuse, patient data storage and processing misuse. Privacy issues like this are some of the privacy

risks at the tip of the privacy iceberg (Yeah, let’s create stringent privacy regulations). Creating privacy

regulations is not the challenge, enforcing them is.

One of the solutions could be to give the control/ability back to patients, consumers as to what these

sensors can or cannot collect, or by design make these sensors in terms of what they can collect and

transmit. In short, giving more power back to consumers! (Consumer power)

Bottom-Line: If you are looking to manage security and privacy risks in the IoT age, use frameworks like

NISTIR 8228 - Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks and

customize the framework based on your needs. You gotta start somewhere!

About the Author

Lokesh Yamasani works as Director – IT Security (Security Officer) at

Satellite Healthcare/WellBound. He is an experienced and diligent security

expert with about 15 years of overall IT experience and over 14 years of

experience in all information security domains with a record of

accomplishment of successful security leadership with emphasis on metrics

based performance. Lokesh Yamasani can be reached online at

(yamasanil@satellitehealth.com, @LYamasani)

55


56

Getting PKI Right

Program Failures and How to Avoid Them

By Chris Hickman, chief security officer, Keyfactor

Public Key Infrastructure (PKI) has survived the test of time. Today, IT leaders and managers view PKI

as a vital layer within the security framework, helping to authenticate and encrypt sensitive endpoints,

software and applications. Historically, managing PKI has been a manual, on-premises process. Despite

its critical role within the cybersecurity framework, PKI has struggled to find a clear owner within the

organization. Add to that, results from a recent survey where just 36% of respondents said their

organizations have enough IT security staff members dedicated to PKI deployment.

With the industry’s skill shortage, shifting compliance requirements and competing budget priorities, how

can you sidestep deployment landmines and manage a program that’s right for your enterprise and its

budget?

CISOs tackling their organization’s PKI program have two options: build or buy. Deploying DIY PKI onpremises

requires significant investment while keeping the program running takes a dedicated team.

Without appropriate resourcing and continuous care and feeding, PKI can degrade, leading to vulnerable

keys, certificates, system outages or worse – a significant breach event. In addition to the added costs

of network downtime, PKI events can create preventable network vulnerabilities.

56


57

Lessons Learned

Unlike newer processes, PKI and its long history gives us countless real-life case studies of what has

worked and what hasn’t. One recent case study followed a financial institution as they opted to build an

application to manage its PKI and growing number of certificates. While the company was able to

leverage an existing data center and physical security, implementation alone took the company four

months, requiring the dedication of multiple team members across development, engineering and IT. In

addition to resourcing, the project racked up significant hardware, licensing and integration costs.

On the other hand, like other security functions, a growing number of leaders see the advantages of

outsourced or managed PKI and are opting to ‘buy’ PKI via cloud deployment. Here are 5 reasons why:

1. Robust Security: If the root key or private keys within the network are compromised, it can result

in significant disruption and downtime to PKI-dependent applications. In addition to specific tools

used to protect keys, the facility housing critical PKI functions must be secure. PKI-as-a-Service

(PKIaaS) vendors and their security policies and practices have been tested over time and at

scale. If your enterprise falls under attack, you also have one less critical system to restore, as

PKI is hosted safely in an isolated, off-premises cloud location.

2. Reduced Cost & Complexity: Moving PKI to the cloud can alleviate multiple security controls,

maintenance tasks and infrastructure costs. Frankly, the capital expenditure and expertise

needed to properly manage a solid internally run PKI is considerable, forcing many organizations

to make critical PKI operations a secondary task. Adopting the right PKIaaS platform leads to

greater productivity as IT and security teams can focus on core projects. Costs also become much

more predictable, since the many hidden and traditional expenses of PKI are replaced with a flat

rate billing model.

3. Scalability & Availability: A PKI that supports mission-critical applications must run 24/7 and

have the ability to scale as the enterprise grows and adds new devices and identities. High

availability and scalability built into cloud-delivered PKI models support growth demands, while

24/7 service monitoring ensures that critical components are always running. Most importantly,

service level agreements (SLAs) guarantee response times and ensure that there is only “one

throat to choke” should an incident occur.

4. Business Continuity: Finding and retaining IT and security staff capable of running PKI is no

simple task. Shifts in PKI ownership inevitably increase the risk of security gaps as inexperienced

hands fall on mission-critical infrastructure. Lapses in regular maintenance tasks, such as signing

and publishing certificate revocation lists (CRLs) and renewing CAs, can cause significant

outages that take days or even weeks to remediate. Deploying cloud-based PKI ensures that

regardless of personnel changes, the infrastructure can continue to operate at full capacity.

57


58

5. Lifecycle Automation: Certificate-related issues are almost synonymous with PKI oversights.

Manual scripts and spreadsheets simply cannot keep up with the thousands, or hundreds of

thousands, of certificates in use within the average enterprise. Just one expired certificate can

cause a serious network or application outage. Choosing the right PKIaaS provider can help

manage and automate the lifecycle of keys and digital certificates issued from both cloud-hosted

private PKI and any number of third-party public CAs, such as DigiCert, Entrust, Sectigo and

others.

Ultimately, teams must shift their perception of what PKI can help them and their enterprise achieve.

Whether the choice is to build or buy, next generation PKI is key in establishing a new approach to identity

management that’s sustainable, scalable and secure.

About the Author

Chris Hickman is the chief security officer at Keyfactor, a leading

provider of secure digital identity management solutions. As a

member of the senior management team, Chris is responsible for

establishing and maintaining Keyfactor's leadership position as a

world-class, technical organization with deep security industry

expertise. He leads client success initiatives and helps integrate

the voice of the customer directly into Keyfactor's platform and

capability set. For more information visit: www.keyfactor.com or

follow @Keyfactor on Twitter and LinkedIn.

58


59

Seven Security Predictions For 2020

By Corey Nachreiner, CTO of WatchGuard Technologies

Each year, the WatchGuard Threat Lab research team examines the top emerging threats and trends

across the information security landscape to develop predictions for the coming year. Even though the

threats coming at you won’t be any less intense, complicated, or difficult to manage moving forward, 2020

will be the year of simplified security. This year, we believe there are seven key security trends to watch,

and have provided actionable tips for simplifying your approach to handling each of them:

1) Ransomware Targets the Cloud

Ransomware is now a billion-dollar industry for hackers, and over the last decade we’ve seen extremely

virulent strains of this malware wreak havoc across every industry. As with any big-money industry,

ransomware will continue to evolve in order to maximize profits. In 2020, we believe ransomware will

focus on the cloud.

Recently, untargeted “shotgun blast” ransomware has plateaued with attackers showing preference for

targeted attacks against industries whose businesses cannot function with any downtime. These include

healthcare, state and local governments, and industrial control systems.

Despite its far-reaching damages and soaring revenues, ransomware has largely left the cloud

untouched. As businesses of every size move both their servers and data to the cloud, it has become a

one-stop shop for all of our most important data. In 2020, we expect to see this safe haven crumble as

59


60

ransomware begins targeting cloud-based assets including file stores, S3 buckets, and virtual

environments.

Do you have cloud security? Virtual or cloud UTM? Asking these questions is where to start. Use

advanced malware protection to detect evasive malware. More importantly, consider new security

paradigms that allow you to implement security controls, like advanced malware protection, in cloud use

cases. Finally, the cloud can be secured, but it requires work. Make sure you’ve hardened your cloud

workloads. For instance, investigate resources for properly securing S3 buckets.

2) GDPR Comes to the United States

Two years ago, the General Data Protection Regulation (GDPR) came into force, protecting the data and

privacy rights of European Union citizens. As of yet, few places outside the EU have similar laws in place,

but we expect to see the United States (U.S.) come closer to matching it in 2020.

GDPR boils down to placing restrictions on how organizations can process personal data, and what rights

individuals have in limiting who may access that data, and it has already shown teeth. To date, companies

have been fined millions of euros for GDPR violations, including massive €50 million and £99 million

judgements in 2019 against Google and Marriott respectively. While the burden placed on companies

can be intense, the protections provided to individuals are massively popular.

Meanwhile, the U.S. has suffered a social media privacy plague the last few years, with no real GDPR

equivalent to protect local consumers. As organizations like Facebook leak more and more of our

personal data, which bad actors have used in everything from targeted election manipulation to unethical

bounty hunting, U.S. citizens are starting to clamor for privacy protections like those enjoyed by our

European brothers and sisters. So far, only one state, California, has responded by passing their

California Consumer Privacy Act (CCPA), which goes in effect in early 2020.

Though the same senator who introduced CCPA in California has proposed a Federal Consumer Data

Privacy Act (CDPA) bill, we don’t think it will gain enough support to pass nationwide in 2020. However,

we do expect more and more states to jump onto California’s bandwagon, and pass state-level consumer

privacy acts of their own. In 2020, we anticipate that 10 or more states will enact similar laws to

California’s CCPA.

There isn’t a specific security tip for this prediction, but you can still take action. Contact your local

congressperson to share your opinion on regulations to protect your privacy. Meanwhile, consider the

lack of regulation here when sharing your private information online and with social networks.

3) Voter Registration Systems Targeted During the 2020 Elections

Election hacking has been a hot topic ever since the 2016 U.S. elections. Over the last four years, news

cycles have covered everything from misinformation spread across social media to alleged breaches of

state voter systems. During the 2020 U.S. presidential elections, we predict that external threat actors

60


61

will target state and local voter databases with a goal of creating voting havoc and triggering voter fraudalerts

during the 2020 elections.

Security experts have already shown that many of the systems we rely on for voter registration and

election day voting suffer from significant digital vulnerabilities. In fact, attackers even probed some of

these weaknesses during the 2016 election, stealing voter registration data from various states. While

these state-sponsored attackers seemed to draw the line by avoiding altering voting results, we suspect

their previous success will embolden them during the 2020 election, and they will target and manipulate

our voter registration systems to make it harder for legitimate voters to submit their votes, and to call into

question the validity of vote counts.

While there isn’t a specific cyber security tip for this prediction, we do have some voter preparedness tips

in the event this prediction comes true. First, double-check the status of your voter registration a few days

before the election. Also, monitor the news for any updates about voter registration database hacks, and

be sure to contact your local state voter authority if you are concerned. Be sure to print out the result of

a successful voter registration, and bring you ID on election day, even if technically unnecessary.

4) 25% of All Breaches Will Happen Outside the Perimeter

Mobile device usage and remote employees have been on the rise for several years now. A recent survey

by WatchGuard and CITE Research found 90% of mid-market businesses have employees working half

their week outside the office. While remote working can increase productivity and reduce burnout, it

comes with its own set of security risks. Mobile employees often work without any network perimeter

security, missing out on an important part of a layered security defense. Additionally, mobile devices can

often mask telltale signs of phishing attacks and other security threats. We predict that in 2020, one

quarter of all data breaches will involve telecommuters, mobile devices, and off-premises assets.

Make sure you’re as diligent implementing off-network protection for your employees as you are

perimeter protection. Any laptop or device that leaves the office needs a full suite of security services,

including a local firewall, advanced malware protection, DNS filtering, disk encryption, and multi-factor

authentication, among other protections.

5) The Cyber Security Skills Gap Widens

Cyber security, or the lack of it, has gone mainstream. A day doesn’t seem to go by where the general

public doesn’t hear of some new data breach, ransomware attack, company network compromise, or

state-sponsored cyber attack. Meanwhile, consumers have also become intimately aware of how their

own personal data privacy contributes to their own security (thanks, Facebook). As a result, it’s no

surprise that the demand for cyber security expertise is at an all-time high.

The problem is, we don’t have the skilled professionals to fill this demand. According to the latest studies,

almost three million cyber security jobs remained unfilled during 2018. Universities and cyber security

61


62

trade organizations are not graduating qualified candidates fast enough to fill the demand for new

information security employees. Three-fourths of companies claim this shortage in cyber security skills

has affected them and lessened their security.

Unfortunately, we don’t see this cyber security skills gap lessening in 2020. Demand for skilled cyber

security professionals keeps growing, yet we haven’t seen any recruiting and educational changes that

will increase the supply. Whether it be from a lack of proper formal education courses on cyber security

or an aversion to the often-thankless job of working on the frontlines, we predict the cyber security skills

gap to increase an additional 15% next year. Let’s hope this scarcity of expertise doesn’t result in an

increase in successful attacks.

While the available cyber security workforce won’t appear immediately, you do have options to help

create and manage a strong cyber defense. Taking a long-term view, you can work with your local

educational institutes to identify future cyber security professionals so that you might fill your open roles

first. In the short term, focus on solutions that provide layered security in one solution, or work with a

managed services provider (MSP) or managed security services provider (MSSP) to whom you can

outsource your security needs.

6) Multi-Factor Authentication (MFA) Becomes Standard for Midsized Companies

We predict that multi-factor authentication (MFA) will become a standard security control for mid-market

companies in 2020. Whether it’s due to billions of emails and passwords having leaked onto the dark

web, or the many database and password compromises online businesses suffer each year, or the fact

that users still use silly and insecure passwords, the industry has finally realized that we are terrible at

validating online identities.

Previously, MFA solutions were too cumbersome for midmarket organizations, but recently three things

have paved the way for pervasive MFA, both SMS one-time password (OTP) and app-based models,

among even SMBs. First, MFA solutions have become much simpler with cloud-only options. Second,

mobile phones have removed the expensive requirement of hardware tokens, which were cost-prohibitive

for mid-market companies. And finally, the deluge of password problems has proven the absolute

requirement for a better authentication solution. While SMS OTP is now falling out of favor for legitimate

security concerns, app-based MFA is here to stay.

The ease of use both for the end user and the IT administrator managing these MFA tools will finally

enable organizations of all sizes to recognize the security benefits of additional authentication factors.

That’s why we believe enterprise-wide MFA will become a de-facto standard among all midsized

companies next year.

This tip is simple – implement MFA throughout your organization. Everything from logging in to your

laptop each day to accessing corporate cloud resources should have some sort of multi-factor

authentication tied to it. Products like AuthPoint can do this for your company.

62


63

7) Attackers Will Find New Vulnerabilities in the 5G/Wi-Fi Handover to Access the Voice and/or

Data of 5G Mobile Phones

The newest cellular standard, 5G, is rolling out across the world and promises big improvements in speed

and reliability. Unknown to most people, in large public areas like hotels, shopping centers, and airports,

your voice and data information of your cellular-enabled device is communicated to both cell towers and

to Wi-Fi access points located throughout these public areas. Large mobile carriers do this to save

network bandwidth in high-density areas. Your devices have intelligence built into them to automatically

and silently switch between cellular and Wi-Fi. Security researches have exposed some flaws in this

cellular-to-Wi-Fi handover process and it’s very likely that we will see a large 5G-to-Wi-Fi security

vulnerability be exposed in 2020 that could allow attackers to access the voice and/or data of 5G mobile

phones.

Most mobile devices don’t allow the users to disable cellular to Wi-Fi handover (also known as Hotspot

2.0). Windows 10 currently does, however. If unsure, individuals should utilize a VPN on their cellular

devices so that attackers who are eavesdropping on cellular to Wi-Fi connections won’t be able to access

your data. For businesses looking to enable Hotspot 2.0, make sure your Wi-Fi access points (APs) have

been tested independently to stop the six known Wi-Fi threat categories detailed

at http://trustedwirelessenvironment.com. If the APs block these threats, attackers cannot eavesdrop on

the cellular to Wi-Fi handoff.

About the Author

Corey Nachreiner, CTO of WatchGuard Technologies

Recognized as a thought leader in IT security, Nachreiner

spearheads WatchGuard's technology vision and direction.

Previously, he was the director of strategy and research at

WatchGuard. Nachreiner has operated at the frontline of cyber

security for 16 years, and for nearly a decade has been evaluating

and making accurate predictions about information security

trends.

As an authority on network security and internationally quoted

commentator, Nachreiner's expertise and ability to dissect

complex security topics make him a sought-after speaker at

forums such as Gartner, Infosec and RSA. He is also regularly

contributes to leading industry publications and delivers

WatchGuard's "Daily Security Byte" video Secplicity.

63


64

How To Build A Career In Cyber Security

By Pedro Tavares

Nowadays, cybersecurity is seen as an attractive landscape for ambitious people and a truly great

opportunity to fight cybercrime. During the past few months, many cyberattacks have targeted companies

around the world. The reason being, there’s a significant shortage of specialized people working in this

field to resolve the problem.

This suggests that the demand for professionals working in cybersecurity has increased in all industry

sectors due to the rising number of cyberattacks happening every day.

If you want a career in cybersecurity, this is the right time to start. Although you do not need to be a young

or old person, or even to need any specialist approval, certification or academic degree, I believe that

some of them, such as online certification programs, can help you to reach your goals at the best time.

Enrolling in a University degree such as a four-year program in Computer Science or Computer

Information Systems or Information Technology can be an excellent start for those who want to get a job

in this area. The know-how and analytical mindset can be developed by studying several subjects, such

as mathematics, programming, networking, and others. If this is a possibility for you, academic research

could be a good start as well.

However, there is another way to get experience and developing your skills quickly and with great

accuracy. Of course, I'm speaking about certifications.

64


65

Certification Programs

There are some interesting certifications programs you need to consider to improve your knowledge on

specific topics., for example:

CISSP - Certified Information Systems Security Professional

ISACA: CISM - Certified Information Security Manager

CompTIA Security+

CEH (v10) - Certified Ethical Hacking Course

These certifications aren’t equivalent and each of them focuses on different topics. Focusing on the

CEH(v10) course, for instance, it will train you on the advanced step-by-step methodologies that hackers

actually use, such as writing virus codes and reverse engineering, so you can better protect corporate

infrastructure from data breaches. These ethical hacking certifications will help you master advanced

network packet analysis and advanced system penetration testing techniques to build your network

security skill-set and beat hackers at their own game.

The CEH ethical hacking course can help you:

• Grasp the step-by-step methodology and tactics that hackers use to penetrate network systems.

• Understand the finer nuances of trojans, backdoors, and countermeasures.

• Get a better understanding of IDS, firewalls, honeypots, and wireless hacking.

• Master advanced hacking concepts, including mobile device, and smartphone hacking, writing

virus codes, exploit writing & reverse engineering and corporate espionage.

• Gain expertise on advanced concepts such as advanced network packet analysis, securing IIS &

Apache web servers, Windows system administration using Powershell, and hacking SQL and

Oracle databases.

• Cover the latest developments in mobile and web technologies including Android, iOS,

BlackBerry, Windows Phone, and HTML 5.

• Learn advanced log management for information assurance and allow you to manage information

security with more clarity.

As a final note, and one of the most import things within this field is the great set of inputs for news,

articles, tools, and others.

For instance, taking as an example Twitter. Here, it’s available a huge volume of fresh news and

resources based on the type of security person you are. Twitter is real-time, which gives it an advantage

over traditional sources; you can create or join as a subscriber.

As an active security professional within the cybersecurity landscape, you can check my Twitter updates

here.

Don’t wait for the perfect moment in your life, start your next professional journey right now.

65


66

About the Author

Pedro Tavares is a cybersecurity professional and a

founding member and Pentester of CSIRT.UBI and the

founder of seguranca-informatica.pt.

In recent years he has invested in the field of

information security, exploring and analyzing a wide

range of topics, such as pentesting (Kali Linux),

malware, hacking, cybersecurity, IoT and security in

computer networks. He is also a Freelance Writer.

Segurança Informática blog: www.segurancainformatica.pt

LinkedIn: https://www.linkedin.com/in/sirpedrotavares

Contact me: ptavares@seguranca-informatica.pt

66


67

Fraud: A Look Back At 2019 And What to Expect in The New

Year

By Christina Luttrell, IDology

The approach of the new year is a good time to reflect on the fraud landscape and its impact on

businesses and consumers. Fraudsters continue to push the envelope, exploring new tactics and

expanding the tried and true. At the same time, businesses have deployed more identity verification and

anti-fraud technologies, more companies are sharing fraud data in consortiums, and Americans are doing

more to protect themselves.

However, it’s still important to understand the advances in fraud schemes and tactics, their potential

impact, the best methods for protecting against them, and how to successfully manage customer

expectations in their wake.

Recent IDology research captures the fraud trends that dominated in 2019 and offers a glimpse into fraud

in 2020.

Card-funded fraud, phishing, and account takeover. Credit, debit, and prepaid card

fraud remains the most predominant form of fraud. This is closely followed by phishing,

which includes business email compromise (BEC) and account takeover. In addition, the

emergence of real-time ACH payment initiatives and higher adoption rates of person-toperson

(P2P) payments are driving increases in ACH/wire fraud.

67


68

Mobile fraud vulnerabilities. While mobile devices provide an effective means of

delivering authentication and biometric capabilities, they also create points of vulnerability.

The level of mobile fraud stayed the same this year for 50% and increased for 28% of

respondents to the IDology report. As more consumers utilize one-time mobile passcodes

for multi-factor authentication, circumventing and intercepting them becomes more

lucrative for fraudsters, especially with orchestrated multi-channel attacks.

Elusive small-dollar fraud. Criminals are always on the hunt for new ways to commit

fraud at scale, but they also don’t want to get caught. Over the last 12 months, the average

transactional dollar value of attempted fraud attacks in the under $500 range increased

by 31%. These low dollar amounts are likely to be missed by consumers as they scan

their card statements; when these schemes are carried out on a large scale, they add up

to a lot of money for fraudsters who aren’t afraid to nurture a fraud scheme over time in

order to get the biggest benefit.

Challenging synthetic identity fraud. Synthetic identity fraud (SIF) ranks as the top

fraud type that executives believe will be most severe in the next three years. Why? By

nature, SIF is difficult to detect, stop, and report. There are no real people from whom to

recoup losses. Businesses simply don’t know how many cases of seemingly real accounts

are synthetic identities incubating until a “bust out” occurs. And because businesses are

unable to accurately determine and report synthetic fraud, regulators are asking how well

they can apply Know Your Customer (KYC) regulations.

Declining consumer trust. Businesses are still working to understand the implications of

large-scale chronic breaches and related fines and settlements. IDology found that

companies see the biggest casualty of large-scale breaches and settlements as the loss

of customer trust. Protecting against fraud doesn’t always equate to an “easy” customer

experience, and deploying a safe and easy process can prove elusive. Maintaining the

delicate balance between strong fraud prevention and a seamless user experience is the

number one challenge fraud executives and professionals say they face.

Balancing it all in 2020

While their defenses may be improving, businesses are bracing for more attacks. SIF, mobile attacks,

card-funded fraud, phishing, new account fraud, account takeover, and faster ACH fraud are looming

threats.

Fraudsters continue to push the envelope and expand mobile tactics, such as SMS text interception,

while fighting anti-fraud machine learning with their own machine learning and credential-stuffing

68


69

technologies. They’re also collaborating and sharing best practices on the dark web while they continue

to avoid detection by lowering transaction amounts and opting for larger-scale attacks.

While it’s logical that a higher number of hurdles for users to clear corresponds to greater fraud

deterrence, there’s also a higher likelihood of frustration and abandonment, leading consumers to move

to a competitor. In this balancing act, most businesses lean toward frictionless experiences at the risk of

more fraud. While the decision to capture revenue over stopping fraud is not surprising, it could result in

greater material risks down the road.

Basic identity proofing and data matching are no longer sufficient methods for verifying identities.

Leveraging multiple layers of data, including mobile network data, device information and geolocation,

as well as the integration of machine learning and artificial intelligence to improve the processing of that

data, is the key to balancing fraud and customer experience. By utilizing smart layers of identity attributes

and analyzing disparate identity characteristics behind the scenes, businesses escalate to additional

authentication methods only when necessary and can quickly greenlight legitimate customers.

About the Author

Christina Luttrell is the chief operating officer for IDology, a GBG

company and leader in multi-layered identity verification and fraud

prevention. In her 10 years at IDology, Luttrell has significantly advanced the

company’s technology, forged close relationships with IDology customers

and driven the development of technology innovations that help

organizations stay ahead of constantly shifting fraud tactics without

impacting the customer experience. Luttrell has been recognized as one of

the Top 100 influencers in identity by One World Identity.

69


70

Anomaly Detection Is the Next Cybersecurity Paradigm

It’s time to move beyond static lists of things forbidden and things allowed.

By Aron Hsiao, Director of Marketing and Insights, Plurilock

Static lists have long been at the heart of cybersecurity.

Today, virtually every cybersecurity practice currently depends on lists of some kind. In network security,

lists of addresses, ports, peers, and keys. In malware and environment security, lists of suspicious code

and process "signatures." In access management and authentication, lists of user credentials.

It’s rapidly becoming clear that these lists are no longer adequate. Their management, maintenance, and

distribution drives countless billions in GDP, yet cybersecurity is as far from a solved problem as it’s ever

been. Both breach rates and breach concerns amongst regulators and the public continue to grow

exponentially.

Why Cybersecurity is Still Hard

At the end of the day, the problem is that these lists all fall short in the same way. We think of them as

lists of exclusions and protections, but each such list is also secretly a direct avenue for attack, precisely

through what it allows—or at least doesn’t forbid.

70


71

• A list of valid credentials is also by nature a list of methods to compromise protected data,

accounts, and privileges.

• A configured firewall is also by nature a set of ports, addresses, and subnetworks that will remain

vulnerable.

• A set of malware signatures is also by nature a description of the patterns that malware can avoid

exhibiting in order to escape detection.

• A PKI is inherently a set of doors that can always be opened with the right data—no matter how

narrow or obscure we try to ensure that these doors remain.

• And so on.

For years, security professionals have bemoaned "security through obscurity" even as so much of

cybersecurity is fundamentally still about obscurity—ensuring that these lists remain either obscure or

difficult to understand or decode. At the end of the day, it’s all security through obscurity. Once these

things are no longer obscure, the doors are open.

If the last several decades have taught us anything, they’ve taught us that malicious actors are amazingly

adept at finding ways to get ahold of or exploit these lists—these avenues for attack. Crooks pursue this

strategy precisely because these lists are, unavoidably, avenues for attack.

No matter how sure we've been of each new (and often newly complex) protection method, each has

always become, in the end, the latest door through which malicious actors enter.

New Authentication Practices: Behavioral Biometrics

Governments and security-critical organizations, faced over the last decade with millions or billions of

new users, growing cloud profiles, and ballooning data and systems footprints—not to mention expanding

attack and risk surfaces—have increasingly looked for new approaches.

In user authentication and PAM circles, behavioral-biometric authentication methods are now the leading

solution to this problem. While usernames, passwords, tokens, fingerprints, and mobile SIMs are all

attack vectors that bad actors can use to impersonate real users and gain illicit access, behavioralbiometric

systems are fundamentally different.

In behavioral-biometric systems, which are driven by machine learning and observation over time, there

is no particular credential that can be stolen and reused in order to gain entry. There are also no

biographical or other credentials used or kept on file to act as objects of theft in order to access still other

systems.

Instead, behavioral-biometric technologies recognize people based on tiny, machine-observable patterns

in input or sensor data that they generate as they go about their business. In other words, on behavioralbiometric

systems users must be “recognizable" in wholly organic, multifaceted, and embodied ways—

71


72

ways that are difficult if not impossible to simulate. Authentication happens inadvertently, as users simply

act like—and are—themselves.

Generalizing Behavioral Biometrics to Anomaly Detection

At Plurilock we’ve long considered behavioral biometrics to be our core competency, yet recently we’ve

been increasingly engaged in research and development on machine-to-machine security models for the

Internet of Things and in new ways to detect and stop malware.

It’s rapidly becoming clear that all of these are cases in which stronger, more efficient, and more costeffective

security can be achieved using a group of very similar anomaly detection technologies.

The claim that "identity is the new perimeter" has been making the rounds over the last year or two, and

we don't disagree with it for human users. But this claim is actually a specialized instance of a more

general claim that will shape cybersecurity in the decades to come. After all, identity is exactly the

problem—and more and more, anomaly detection methods are the best way to establish it. So it’s not

identity that is the new perimeter—it's anomaly.

Securing User Accounts, Things, and Environments

But how does anomaly detection address the other problems I just mentioned?

Recall that behavioral biometrics enables us to recognize real users. It does this not with lists of static

facts like credentials or fingerprints—that are in fact themselves vulnerabilities—but through the ability to

recognize, without biographical data or physical markers, whether someone is “being themselves” or not.

It’s fundamentally about detecting user anomalies.

Because users are human beings, we’ve long called this a biometric technology. But the same

approach—using machine learning for anomaly detection—is now proving to be effective in other areas

of cybersecurity as well. Devices are more and more like individuals in our era of highly complex things—

individual in timings, characteristics, and tendencies. This is especially true as machine learning and

automation—and the unique ways in which these affect memory, process, and latency characteristics—

take hold across more and more devices.

In the realm of malware, too, the Spy vs. Spy game of signature library updates versus new threat

"strains" in the wild will soon be supplantable by anomaly detection through machine learning. Computing

environments, process tables, and schedulers are now deep and nuanced enough to offer—once again—

rich signal environments that enable the recognition of both normal and anomalous states. The result is

software security without signature scanning.

Rather than relying on static policies—which credentials grant access, which don’t, which MAC

addresses and keys are in, which are out, which code fragments are allowed, and which aren’t—it's time

for the cybersecurity industry to begin to think in terms of recognition and anomaly detection, just as

behavioral-biometric solutions now do with human users.

72


73

Making the Transition

The shift from list-based and credential-based forms of cybersecurity isn't one that can or will happen

overnight, but it's one that needs urgently to happen nonetheless—and one that will happen simply

because the traditional paradigm can’t be sustained much longer. It’s just too expensive, complex, and

ineffective at this point.

The old, static methods for securing data, accounts, and cyber-systems haven't kept pace with the threat

landscape—and the gap is now growing exponentially. For corporate officers and security professionals

tasked with protecting users, systems, and data, it's time to reorient thinking toward anomaly detection

technologies as tomorrow’s keys to cybersecurity.

It’s time to stop thinking about how to keep our many lists obscure—and to start considering technologies

that make list-based cybersecurity (and its vulnerabilities) obsolete.

About the Author

Aron Hsiao is the Director of Marketing and Insights at Plurilock

Security Solutions, Inc. One of a number of PhDs on Plurilock’s

senior team, Aron’s research background is in the analysis of

human-computer interaction systems. Aron previously worked at big

data startup Terapeak, at e-commerce giant eBay, Inc., and as an

instructor at NYU, CUNY, and The New School for Social Research.

In addition to his academic work and work at Plurilock, Aron is also

the author of a number of books on Linux, cybersecurity, and open

source technologies.

Aron can be reached online at aron.hsiao@plurilock.com and at

http://www.plurilock.com/.

73


74

More Spending Won’t Solve Your Hardest IT Challenges In

2020 And Beyond. Here’s What Will.

By Chris Hallenbeck, CISO of the Americas at Tanium

U.S. state and local governments have been observing the proposed State and Local Cybersecurity

Government Act of 2019, especially since it was endorsed by the National Association of State Chief

Information Officers (NASCIO) in July. The federal legislation contains the promise of more funding for

cybersecurity efforts and improved collaboration and resource-sharing among federal state and local

governments.

Overall, it is intended to provide an advantage to governments in the battle over cyberattacks. But, like

so many other examples of an ongoing technology challenge that is met with the promise of resources,

the additional funding that this legislation will provide could inadvertently steer things in the wrong

direction.

Learning from the enterprise

More funding can actually lead to weaker defenses, not stronger ones. When IT gets a windfall, decisionmakers

tend to buy more tools to tackle their security issues and IT operations challenges—attempting

to address each new threat or operational issue with a promising new product. But rather than providing

teams with more control, these point tools add more complexity to the environment. It becomes harder

74


75

to get a view on the entire IT estate, how much of it is patched and up-to-date, and where vulnerabilities

lie across endpoints, both on-premises and cloud.

That’s not to say that budget relief is without merit—of course it can help. But many large enterprises and

government agencies already have 20 or more tools for security and IT operations—usually from more

than 10 different vendors—already in their arsenals. For large enterprises, the number is often higher

than 40.

In a rush to solve every issue with a so-called “tailored” solution, IT teams ultimately end up with a cluster

of fixes that don’t work well together, and they could cause more problems cumulatively than they solve

individually. It’s why these environments aren't seeing improved IT hygiene. As a result, forward-thinking

organizations are embracing a platform approach—specifically a unified platform for endpoint

management and security—to simplify their environments, provide that visibility and control, and make

themselves ultimately more resilient to disruption.

Bringing vigilance into 2020

Today, data flows throughout organizations in a variety of ways, including the cloud and on mobile

devices. Serious visibility gaps arise when we implement architectures that were designed for a time

when IT was the custodian of technology and held a tight set of reins on how it was used within the

enterprise. That is, in part, why organizations underestimate their asset inventory by as much as 20%.

At the scale of hundreds of thousands of endpoints, this poses a significant risk to the organization.

Obtaining data in real-time is as important as identifying where that data sits. Even organizations that

have visibility into each of their endpoints might need to stitch together asynchronous data from a range

of sources, such as EDR telemetry or PCI systems. If one asset is scanned for vulnerabilities every five

minutes, but the other is only scanned once a month, then it is impossible to glean any actionable insight

on the IT environment as a whole. The best you can do is take an educated guess.

Any government organization that wants to enter 2020 with a more robust security posture must prioritize

real-time, actionable data that is drawn from all assets connected to the network.

Creating your own roadmap

So how do IT leaders begin to think holistically and make better investments? It’s useful to start with an

audit. While it can be cumbersome, cataloging the capabilities that each tool provides will help to identify

redundancies and provide teams with a plan of action. If any overlap exists between them, that’s an

opportunity to consolidate. Doing so will improve both efficiency and the bottom line, but that’s not the

only benefit. It could also help increase just how much teams can see in their IT environment.

Think of all the types of tools currently deployed, from asset discovery solutions to SIEMs an CMBDs.

On an individual basis, these tools may very well provide a relatively complete, contextual or timely

solution that serves its purpose. Collectively, however, they are much less effective. Visibility gaps start

to develop, creating another unnecessary problem that will only get worse with time.

75


76

Resolving to plan in the new year

State and local governments are sorely in need of the funds that the proposed legislation would inject.

Hackers targeted municipalities more often in 2019 than they did a year ago, and critical systems in

particular have been held ransom. But without a holistic strategy this blessing could quickly become a

curse for any organization, with too many tools and low-quality data making organizations more

vulnerable to attack. To gain resilience in the long-term, organizations should prioritize a unified endpoint

management and security platform that allows for true visibility and control.

About the Author

Chris Hallenbeck is a security professional

with years of experience as a technical lead

and cybersecurity expert. In his current role as

CISO for the Americas at Tanium, he focuses

largely on helping Tanium’s customers ensure

that the technology powering their business

can adapt to disruption. Before joining Tanium

in 2016, Hallenbeck worked for six years on

the U.S. Department of Homeland Security’s

Computer Emergency Readiness Team,

where he gained a strong background in

computer-related investigative work.

76


77

The Decade Ahead for Cybersecurity

By Matthew Gyde, CEO, Security, NTT Ltd.

The Dawn of a New Era

As 2020 dawns, we stand at the threshold of a new decade that’s certain to reveal challenges to the

security landscape we could scarcely have imagined in 2010. But if the past has taught this industry

anything, it’s that a forward-thinking and progressive approach is the best way to mitigate the risk of

threats and intrusion.

In this brave new era before us, our industry must adapt to how security is acquired. While cloud-based

security, machine learning and the move from zero trust to digital trust were trending topics last year,

we’ve witnessed a fundamental shift in how security is being acquired. Automation and orchestration will

be the watchwords for 2020. Things are about to change—and drastically. Security orchestration,

automation and response (SOAR) will be the hottest area in cybersecurity in the year to come. Accepting

and embracing this approach will allow managed security service providers (MSSPs) to build trust equally

across both infrastructure and applications.

What are the driving factors behind this shift in strategy? Simply put, the threats and cyberattacks

themselves are no longer conducted at human speed. Rather, they’ve evolved to occur at machine

speed. And as the old adage goes, you must fight fire with fire. This will be accomplished by embedding

security intelligence into both infrastructure and applications.

77


78

Predictive Over Proactive

Machines, under the supervision of data scientists, will use the power of algorithms to elevate threat

detection capabilities. These algorithms will help machines recognize patterns across applications and

infrastructure. They’ll identify anomalies that point to potential attacks and orchestrate security controls

automatically—and instantaneously—without a human touch. As machines are fed more data to learn

from, they’ll become better at recognizing and identifying threat patterns and anomalies. In turn, they’ll

use this learned knowledge and adapt to apply the right controls for each situation. In summary,

cybersecurity best practices must evolve from a proactive to predictive approach.

Security in the Cloud

In the coming decade, as legacy business models and aging infrastructure wanes, we’ll witness a majority

of applications and workloads hosted in cloud environments. The threats and hackers are sure to follow

suit, targeting this influx into cloud-based ecosystems. For organizations using hosting centers or

hyperscalers, a one-size-fits-all software-based security control is difficult to apply across the whole

infrastructure. To truly mitigate cloud-based threat risks, it will take a separate application of security

assigned to the application or workload itself. Companies will then be able to monitor threats precisely

where they appear, rather than oversight of the entire infrastructure.

MVP – Most Vulnerable Player

Threats constantly probe for the most vulnerable entry point. And the bad actors have declared a clear

winner. Apps remain the most vulnerable gateway, falling prey to hostile attacks now also occurring at

machine, rather than human, speed. According to our latest Global Threat Intelligence Report,

application-specific and web-application attacks now account for a third of hostile traffic—making them

the single most common targets of hostile activity.

The Next 10 Years

Addressing cybersecurity through the next decade will require a new mindset, advanced levels of

monitoring capabilities and a growing reliance on machine-based learning and application. But I do

believe that cybersecurity organizations will rise to meet these and other challenges yet unseen, primarily

because they’re left with no choice but to improvise, adapt and overcome threats. This level of vigilance

is best served by taking an intelligent-based approach to security. Only by implementing an intelligencebased

strategy can businesses achieve a predictive, agile and automated security posture, wholly aligned

to their individual level of risk tolerance. Let’s hope the next 10 years will be remembered for the

achievements, milestones and solutions put into practice to eradicate the scourge of unseen threats.

78


79

About the Author

Matthew Gyde is the CEO, Security Division, of NTT Ltd., a leading

global technology services company. Gyde is responsible for

executing the security, services, and go-to-market strategies with

the goal of building the world’s most recognized security business

supported by a team of highly talented professionals.

His career in IT security spans more than 20 years, providing him

with a deep understanding of how security platforms should be

implemented and managed to ensure clients’ business outcomes

are achieved, while simultaneously ensuring their risk is minimized.

Matthew has completed the International Executive Program

from INSEAD Business School, Asia, and holds an Advanced

Diploma in Business Management from Randwick College,

New South Wales, Australia.

79


80

Moving Network Security to The Cloud

What Is Secure Access Service Edge (Sase) And Why It Matters

By Paul Martini, CEO, iboss

The world of technology that exists today is substantially different from that of only a few years ago. The

cloud has changed everything. Mobile phones and devices have allowed users to work from virtually

anywhere. Applications which were once hosted within datacenters have moved to the cloud. The

combination of mobility combined with business applications available in the cloud, from any location,

has allowed companies to become more agile and productive. Bandwidth is through the roof and secure

encrypted network connections are mandatory. While the revolution driven by SaaS applications provides

new possibilities, the challenges they bring to the world of network security are substantial.

Network security is an area responsible for inspecting content as it moves between devices and the

cloud. Fundamentally, network security technology stacks require access to the data in motion to prevent

malware, detect breaches and prevent data loss. Traditionally, access to this data was very straight

forward. Users were constrained to physical network perimeters, such as an office building. As devices

interacted with public cloud services, the data could be forced through on-prem firewall and proxy network

security appliances. The data was forced to flow through chokepoints before heading to and from the

internet. With mobility, users are no longer constrained to any physical location. The data leaving their

devices run on public networks and organizations do not have the luxury of forcing that traffic through

company owned firewalls and proxies. The data could be hair-pinned back through centralized

80


81

datacenters before heading out to the internet but increasing bandwidth and the need for speed quickly

makes this approach unsustainable and cost prohibitive.

Mobility changes the perspective of what the perimeter is defined by and completely inverts the traditional

network topology model. Instead of using a physical building to define a network perimeter, the device

itself becomes the perimeter. A user working on the road is a network of one. A group of three users

working from a conference is a network of three, essentially forming a remote branch office. The same

could be said for branch offices or headquarters. The device and the user is where the network is defined

and where trust should begin and end. Firewall and proxy appliances inherently do not fit this model

because they are physical infrastructure designed to protect physical locations by inspecting all of the

data leaving that location. In the new model, where should the firewall or proxy be installed? If a user is

working from home, should a company owned firewall appliance be installed at user’s home office? How

will this help when the user decides to take their laptop and work from the road, immediately leaving the

home network perimeter?

The network security functions are still required for both security and compliance. Intrusion prevention

and inspection of network content for malware and data loss are fundamental techniques that are still

required and essential. However, sending network data to appliances hosted at any specific location does

not make sense when the connectivity is not originating from any specific location. This is where the shift

of network security from on-prem network security appliances to network security delivered in the cloud

is essential. Instead of sending device and user data to the network security appliance hosted at the

datacenter, network security delivered in the cloud allows cybersecurity functions to move to where the

user is located automatically. Since users are connected to cloud applications and cloud-based network

security lives in the cloud as well, network security running in the cloud can move to the location from

which those connections are originating. The network security functions in essence live where the

applications live, in the cloud, allowing all data to be secured from anywhere.

81


82

To make things worse for an appliance-based approach to network security, the shear increases of

bandwidth and encrypted data has been explosive. Network security appliances have theoretical

throughput limits, governing the amount of data they can process and secure before becoming completely

saturated and slowing down connections. Slow connections are just as bad as down connections

because they drastically affect user productivity due to the inability to access business cloud applications

efficiently. Network security delivered in the cloud is free from these restrictions as the compute and

processing power available is not limited by any physical constraint and can scale on demand as needed.

Cloud-based network security can decrypt any volume of content and inspect it for malicious or harmful

transfers with ease. Containerized approaches to cloud network security also allow for low latency and

fast connections with the ability to take advantage of horizontal scaling to process any volume of traffic.

Moving network security to the cloud is a requirement with the new reality of an inverted network

perimeter that exists today. When evaluating cloud-based network security platforms, it’s critical that the

platform is able to deliver the same functionality found in network firewalls and proxies leaving only the

appliances behind. Containerized architectures, like that found in platforms like iboss, allow both streambased

security functions found in firewalls and file-based security functions found in proxies to be

delivered via a SaaS solution in the cloud. Containerization allows for raw packet processing capabilities

which are required for firewall functionality, such as Intrusion Prevention protection. Ensuring that the

cloud-based platform also has the policy engine capable of transitioning the network security functions

mired in appliances to the cloud-based solution should also be considered.

In the Gartner paper titled “The Future of Network Security is in the Cloud” which introduced the SASE

(“sassy”) model which describes this new phenomenon which must be addressed for a sustainable path

to the future. Cloud SaaS network security platforms, such as iboss, allow organizations to easily migrate

from traditional on-prem appliances to a sustainable cloud-based solution.

82


83

About the Author

Paul Martini is the CEO, co-founder and chief architect of iboss,

where he pioneered the award-winning iboss platform. Prior to

founding iboss, Paul developed a wide-variety of complex security

and technology solutions for clients such as Phogenix, the U.S.

Navy, and Hewlett Packard. He was also a key contributor at

Copper Mountain Networks working on designing and implementing

FPGAs and broadband network infrastructure used by Telcos to

build the cloud. His work at Science Applications International

Corporation (SAIC) involved building distributed real-time systems

for companies such as Rolls Royce. Copper Mountain and SAIC

both launched successful IPOs. Paul has been recognized for his

leadership and innovation, receiving the Ernst & Young

Entrepreneur of The Year award and being named one of Goldman Sachs’ 100 Most Intriguing

Entrepreneurs. Paul holds over 100 issued patents in cybersecurity, networking and technology and has

had his work published in many scientific journals, including the Journal of Foundations in Computer

Science and the Journal of Analytical Biochemistry. He holds a Computer Science Degree from the

University of California.

Paul can be reached online via LinkedIn at https://www.linkedin.com/in/martinipaul. For more information,

visit the iboss company website at https://www.iboss.com.

83


84

84


85

85


86

86


87

87


88

88


89

89


90

90


91

91


92

92


93

93


94

94


95

95


96

96


97

97


98

98


99

99


100

100


101

101


102

Meet Our Publisher: Gary S. Miliefsky, CISSP, fmDHS

“Amazing Keynote”

“Best Speaker on the Hacking Stage”

“Most Entertaining and Engaging”

Gary has been keynoting cyber security events throughout the year. He’s also been a

moderator, a panelist and has numerous upcoming events throughout the year.

If you are looking for a cybersecurity expert who can make the difference from a nice event to

a stellar conference, look no further email marketing@cyberdefensemagazine.com

102


103

You asked, and it’s finally here…we’ve launched CyberDefense.TV

At least a dozen exceptional interviews rolling out each month starting this summer…

Market leaders, innovators, CEO hot seat interviews and much more.

A new division of Cyber Defense Media Group and sister to Cyber Defense Magazine.

103


104

Free Monthly Cyber Defense eMagazine Via Email

Enjoy our monthly electronic editions of our Magazines for FREE.

This magazine is by and for ethical information security professionals with a twist on innovative consumer

products and privacy issues on top of best practices for IT security and Regulatory Compliance. Our

mission is to share cutting edge knowledge, real world stories and independent lab reviews on the best

ideas, products and services in the information technology industry. Our monthly Cyber Defense e-

Magazines will also keep you up to speed on what’s happening in the cyber-crime and cyber warfare

arena plus we’ll inform you as next generation and innovative technology vendors have news worthy of

sharing with you – so enjoy. You get all of this for FREE, always, for our electronic editions. Click here

to sign up today and within moments, you’ll receive your first email from us with an archive of our

newsletters along with this month’s newsletter.

By signing up, you’ll always be in the loop with CDM.

Copyright (C) 2020, Cyber Defense Magazine, a division of CYBER DEFENSE MEDIA GROUP (STEVEN G.

SAMUELS LLC. d/b/a) 276 Fifth Avenue, Suite 704, New York, NY 10001, Toll Free (USA): 1-833-844-9468 d/b/a

CyberDefenseAwards.com, CyberDefenseMagazine.com, CyberDefenseNewswire.com,

CyberDefenseProfessionals.com, CyberDefenseRadio.com and CyberDefenseTV.com, is a Limited Liability

Corporation (LLC) originally incorporated in the United States of America. Our Tax ID (EIN) is: 45-4188465,

Cyber Defense Magazine® is a registered trademark of Cyber Defense Media Group. EIN: 454-18-8465, DUNS#

078358935. All rights reserved worldwide. marketing@cyberdefensemagazine.com

All rights reserved worldwide. Copyright © 2020, Cyber Defense Magazine. All rights reserved. No part of this

newsletter may be used or reproduced by any means, graphic, electronic, or mechanical, including photocopying,

recording, taping or by any information storage retrieval system without the written permission of the publisher

except in the case of brief quotations embodied in critical articles and reviews. Because of the dynamic nature of

the Internet, any Web addresses or links contained in this newsletter may have changed since publication and may

no longer be valid. The views expressed in this work are solely those of the author and do not necessarily reflect

the views of the publisher, and the publisher hereby disclaims any responsibility for them. Send us great content

and we’ll post it in the magazine for free, subject to editorial approval and layout. Email us at

marketing@cyberdefensemagazine.com

Cyber Defense Magazine

276 Fifth Avenue, Suite 704, New York, NY 1000

EIN: 454-18-8465, DUNS# 078358935.

All rights reserved worldwide.

marketing@cyberdefensemagazine.com

www.cyberdefensemagazine.com

NEW YORK (US HQ), LONDON (UK/EU), HONG KONG (ASIA)

Cyber Defense Magazine - Cyber Defense eMagazine rev. date: 01/03/2020

104


105

TRILLIONS ARE AT STAKE

No 1 INTERNATIONAL BESTSELLER IN FOUR CATEGORIES

Released:

https://www.amazon.com/Cryptoconomy-Bitcoins-Blockchains-Bad-Guys-ebook/dp/B07KPNS9NH

In Development:

105


106

106


107

107


108

Nearly 8 Years in The Making…

Thank You to our Loyal Subscribers!

We've Completely Rebuilt CyberDefenseMagazine.com - Please Let Us Know

What You Think. It's mobile and tablet friendly and superfast. We hope you

like it. In addition, we're shooting for 7x24x365 uptime as we continue to

scale with improved Web App Firewalls, Content Deliver Networks (CDNs)

around the Globe, Faster and More Secure DNS

and CyberDefenseMagazineBackup.com up and running as an array of live

mirror sites.

5m+ DNS queries monthly, 2m+ annual readers and new platforms coming…

108


109

109


110

110


111

111


112

112

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!