Tag Archives: cybersecurity

CyberX launches partner program in IoT security market

CyberX, a Boston-based company that focuses on IoT and industrial control system cybersecurity, has unveiled a channel partner program.

The company’s Xcelerate program includes technical support, online training, deal registration, not-for-resale software, marketing development funds and a partner portal. The program’s scope encompasses managed service providers (MSPs), systems integrators, consulting firms, distributors, value-added resellers and technology alliance partners.

Service provider partners include Dimension Data, DXC Technology, NTT Security, Tata Consultancy Services and Wipro. Technology partners include IBM, ServiceNow and Splunk. CyberX also partners with industrial automation vendors such as Schneider Electric and Siemens.

CyberX provides a network security and monitoring system that covers IT and operational technology (OT) devices. The company has customers in the energy utilities, chemical and pharmaceutical markets. Vendors such as Cisco have advised channel partners to sell IoT services to OT and line-of-business executives, who direct much of the buying in that market.

The global IoT security market is forecast to grow from $18.82 billion in 2019 to $51.42 billion by 2024, according to BIS Research Inc., a market research company based in Fremont, Calif. The market will grow at a compound annual growth rate of 22.26% during that period, the company said.

The worldwide industrial control systems security market, meanwhile, is projected to grow at a 6.5% compound annual growth rate through 2023, when the market is expected to reach $18.05 billion, according to MarketsandMarkets.

Chart of IoT data breaches and cyberattacks.
IoT security is gaining visibility as threats against IoT devices and applications grow.

Berkshire bid boosts Tech Data deal to $6B

Berkshire Hathaway Inc. launched a competitive bid to acquire Tech Data Corp., compelling suitor Apollo Global Management to sweeten the deal.

Berkshire’s offer surfaced in a Tech Data filing with the Securities and Exchange Commission. When Apollo’s $130/share, $5.4 billion agreement to acquire Tech Data was revealed in November, the deal included a “go shop” provision that allowed the Clearwater, Fla., distributor to entertain alternative proposals until December 9. Hathaway presented a $140/share offer during that period. Apollo responded with a $145/share offer, which has cleared the path for the acquisition to proceed. Apollo’s new offer will boost the acquisition’s value to $6 billion.

Vendors launch cybersecurity integrations

Cybersecurity vendors this week revealed new integrations between their technology and MSP management tools. 

Bitdefender integrated its GravityZone MSP security suite with Datto’s remote monitoring and management (RMM) software. Bitdefender said the integration enables Datto RMM users to automate deployments of Bitdefender antivirus, antimalware and advanced endpoint layers via an OS-agnostic kit.

Meanwhile, Netsurion linked up its EventTracker security operations center service with IT Glue’s documentation platform. The combination lets Netsurion MSPs access reports designed to demonstrate security and compliance posture to clients, Netsurion said.

Barracuda Networks integrated two of its own products: Barracuda Content Shield and the Managed Workplace RMM platform. Barracuda’s RMM users can now tap Content Shield’s cloud-based web filtering and malware protection. 

Other news

  • Atos, an IT services and consulting firm based in Bezos, France, said it signed a distributor deal with Ingram Micro, headquartered in Irvine, Calif. Under the agreement, Atos will provide its cybersecurity offerings, including Atos Evidian identity and access management products, to Ingram Micro’s U.S. channel partners.
  • D&H Distributing, a distributor based in Harrisburg, Pa., has identified five main areas of opportunity for 2020: cloud, commercial audio/visual and collaboration, esports, infrastructure/security and build-to-order compute and storage offerings.
  • KORE, an IoT solutions provider based in Alpharetta, Ga., has acquired Integron, an IoT-oriented MSP. Integron has offices in Rochester, N.Y. and Ulestraten, Netherlands.
  • SolarWinds said its remote monitoring platforms now include cryptographic algorithms for managing Windows systems that meet Federal Information Processing Standard 140-2. SolarWinds RMM and SolarWinds N-central adhere to the federal encryption standard.
  • Veeam Software enhanced its Veeam Accredited Services Partner (VASP) program. New VASP benefits include access to additional dedicated internal resources at Veeam, the company said.
  • Nuspire, a managed security services provider, has hired Lewie Dunsworth as its CEO. Saylor Frase vacated the CEO slot to become chairman of the board. Dunsworth was previously CISO and executive vice president of global security services at Herjavec Group.
  • Managed services automation company BitTitan named James Clifford as its new EMEA sales director.

Market Share is a news roundup published every Friday.

Go to Original Article
Author:

McAfee launches security tool Mvision Cloud for Containers

Cybersecurity company McAfee on Tuesday announced McAfee Mvision Cloud for Containers, a product intended to help organizations ensure security and compliance of their cloud container workloads.

Mvision Cloud for Containers integrates container security with McAfee’s cloud access security broker (CASB) and cloud security posture management (CSPM) tools, according to the company.

“Data could … move between SaaS offerings, IaaS custom apps in various CPSs, containers and hybrid clouds. We want security to be consistent and predictable across the places data live and workloads are processed. Integrating CASB and CSPM allows McAfee to provide consistent configuration policies and DLP/malware scanning that does not restrict the flexibility of the cloud,” said John Dodds, a director of product management at McAfee.

According to Andras Cser, vice president and principal analyst for security and risk management at Forrester, when it comes to evaluating a product like Mvision, it’s worth looking at factors such as “price, cost of integration, level of integration between acquired components and coverage of the client’s applications.”

Mvision Cloud uses the zero-trust model application visibility and control capabilities by container security startup NanoSec for container-based deployments in the cloud. McAfee acquired NanoSec in September in a move to expand its container cloud security offerings.

Mvision Cloud for Containers builds on the existing McAfee Mvision Cloud platform, integrating cloud security posture management and vulnerability scanning for container workloads so that security policies can be implemented across different forms of cloud IaaS workloads, according to the company.

Other features of McAfee Mvision Cloud for Containers include:

  • Cloud security posture management: Ensures the container platforms run in accordance with Center for Internet Security and other compliance standards by integrating configuration audit checks to container workloads.
  • Container images vulnerability scanning: Identifies weak or exploitable elements in container images to reduce the application’s risk profile.
  • DevOps integration: Ensures compliance and secures container workloads; executes security audits and vulnerability scanning to identify risk and send security incidents and feedback to developers within the build process; and monitors and prevents configuration drift on production deployments of the container workloads.

Go to Original Article
Author:

Pentagon CMMC program to vet contractor cybersecurity

The U.S. Department of Defense is aiming to secure its supply chain with the cybersecurity maturity model certification, or CMMC program, which will vet potential third-party contractors.

Ellen Lord, the undersecretary of defense for acquisition and sustainment, said at a news conference at the Pentagon that the CMCC program “will measure technical capabilities and process maturity” for organizations in the running for new defense contracts.

Although the full details of the CMMC program won’t be made public until January, Lord described it as a five-tier framework in which each level of certification is specifically designed based on how critical the work of the contractor would be. The CMMC program is scheduled to be fully implemented by June 2020.

Dan Fallon, senior director of public sector systems engineers at Nutanix, said programs like CMMC “create or enhance standard practices and responsibilities around cybersecurity are essential to improving security posture.”

“It is great to see the DOD engaged in a strategic, comprehensive, and measured approach to ensuring the security of the products and vendors with whom they work,” Fallon told SearchSecurity. “Furthermore, the Department’s concerted effort in sourcing input from the private sector in developing these standards is a strong indication of its understanding that even with additional cybersecurity policy, overall security will always remain a shared responsibility between vendors and government agencies. After all, there is no one silver bullet to make an agency invulnerable to attack.”

Theresa Payton, president and CEO of Fortalice Solutions and former White House CIO, said the CMMC program “is a good next step to improve supply chain security for the DOD through its contractors and sub-contractors.” 

“In the wake of data breaches where the weakest link was a contractor, these are important next steps,” Payton told SearchSecurity via email. She added that if she “were to prioritize security elements for every contractor and subcontractor to meet it would be: 1. ensure that all data in rest and in transit and at points of consumption are encrypted; 2. have a regular review process of user access controls and authorizations to include third party applications and system to system interactions that are tested; 3. create kill switches that can be flipped if there is a suspected intrusion; 4. ongoing training and awareness.”

The full details of the CMMC program requirements won’t be known until next month, but Lord did promise the expectations, measurements and metrics used will be “crystal clear,” and audits of potential contractors will be done by a third party that should be chosen by next month as well.

Additionally, Lord said at the Ronald Reagan National Defense Forum in Simi Valley, Calif. earlier this week that the DOD expects the weakest links in the supply chain to be the lower tier, smaller companies who may not be able to afford to meet the requirements. As such, the DoD is planning ways to ensure smaller contactors can meet a basic level of cybersecurity via “broader certifications” that will be detailed more in the next three months.

Payton said she was “encouraged to see that the DOD specifically noted that it will help smaller contractors to meet requirements.”

“This will encourage many to embark on this endeavor,” Payton said. “A rising tide lifts all boats so if the DOD would extend free software, tools, and tips and techniques to their supply chain they will naturally lift the security of the DOD ecosystem.”

Government contractor risks

The history of cybersecurity risks and third-party contractors can be traced back years. The most famous example was whistleblower Edward Snowden, a contractor for Booz Allen, who stole and leaked information about NSA phone metadata tracking practices in 2013.

In 2015, a breach of the Office of Personnel Management affected millions and the ensuing investigation found that the threat actors gained access to systems in part by using credentials stolen from government contractors.

The DOD had two issues in 2017 linked to contractors. In August, an AWS S3 bucket containing unclassified data from the DOD was discovered to be publicly accessible due to misconfiguration by Booz Allen Hamilton. In November, another S3 bucket containing DOD data, this one built by contractor VendorX, was discovered to be exposed.

Payton said there’s a simple reason why these past issues didn’t lead to faster action by the government.

“There is a fundamental disconnect between the rate at which technology evolves and the rate at which bureaucracy reacts. What we’re dealing with here is a failure of systems,” Payton said. “It’s never too late to learn from past mistakes, but ultimately, we need real-time solutions not just to today’s obstacles and threats but to tomorrow’s as well.” 

Go to Original Article
Author:

Google to unveil post-Chronicle cloud cybersecurity plans

Google is set to reveal how cloud cybersecurity technologies developed by Chronicle have been worked into its portfolio for large enterprise customers.

In June, Google Cloud announced it had acquired Chronicle, a startup launched within parent company Alphabet in 2015. Integration work has proceeded since then, and details will be shared at the Cloud Next ’19 UK conference, which begins in London on Nov. 20.

A recent report on Chronicle from Vice’s Motherboard publication painted a bleak picture of the company post-Google acquisition, with key executives including its founder and CEO departing, and dismal morale in the product-development trenches.

“People keep quitting. Sales doesn’t know what to do, since there’s no real product roadmap anymore. Engineering is depressed for the same reason,” an unnamed Chronicle employee told the site.

Asked for comment, a Google spokeswoman pointed to the company’s blog post on the upcoming announcements at Cloud Next UK, and did not address the claims of unrest at Chronicle.

Google plans to announce “multiple new native capabilities” for security, as well as planned new features for Backstory, Chronicle’s main cloud cybersecurity product, according to the blog.

Backstory can ingest massive amounts of security telemetry data and process it for insights. It is geared toward companies that have a wealth of this information but lack the staff or resources to analyze it in-house.

Customers upload their telemetry data to a private repository on Google Cloud infrastructure, where it is indexed and analyzed by Chronicle’s software engine. The engine compares the customer’s data against threat intelligence signals mined from many sources and looks for problematic correlations.

Backstory will compete with both on-premises security information and event management platforms and cloud cybersecurity systems, such as Sumo Logic and Splunk. Rival cloud providers have responded as well, with one prominent case being Azure Sentinel, which Microsoft launched this year.

Beyond performance and results, pricing may be a key factor for Backstory. Chronicle has made much of the fact that it won’t be priced according to data volume, but the exact nature of the business model still isn’t clear. Microsoft uses a tiered, fixed-fee pricing scheme for Azure Sentinel based on daily data capacity.

Backstory’s biggest opportunity may be outside Google Cloud

Jon OltsikJon Oltsik

While Chronicle’s staff would have enjoyed more freedom if kept independent from Google Cloud, there’s no evidence to suggest it’s being held back at this point, according to Jon Oltsik, senior principal analyst for cybersecurity at Enterprise Strategy Group.

The Google Cloud management team needs to give Chronicle the latitude to innovate and compete.
Jon OltsikSenior principal analyst, cybersecurity, Enterprise Strategy Group

“The Google Cloud management team needs to give Chronicle the latitude to innovate and compete against a strong and dynamic market,” he said. “This should be the model moving forward and I’ll be monitoring how it proceeds.”

There is an emerging market for specific security analytics and operations tools for monitoring the security of cloud-based workloads, which aligns well with Google Cloud, Oltsik added. But the bigger opportunity lies with customers who aren’t necessarily Google Cloud users, he added.

Go to Original Article
Author:

Managed security services, professional services to top $35B

Escalating cybersecurity threats and a shortage of in-house talent are driving double-digit growth rates in the managed security services and professional security services market.

Market research firm Frost & Sullivan expects the global market to expand from $21 billion in 2018 to $35.6 billion in 2023, growing at a 11.1% compound annual growth rate. The top five providers are already experiencing even higher growth. Accenture, Deloitte, EY, IBM and PwC — a group which accounts for 42% of the global market — grew 27.6% year-over-year in 2018, according to Frost & Sullivan.

The market researcher’s report cited an “overdue need for a new chapter in security practices” along with rising risk levels and staffing limitations as the main factors propelling the demand for managed and professional security services. Digital transformation and customers’ heightened recognition of cyberthreats also contribute to increasing demand.

High growth services

Detection and response are the fastest growing offerings in the managed security services market, followed by DDoS protection and threat intelligence, research, detection and mitigation (TIRDM), noted Jarad Carleton, global program leader of cybersecurity information and communication technologies at Frost & Sullivan.

“We are noticing a strong demand across several areas in the managed security services space from our clients globally,” said Harpreet Sidhu, managing director and managed security services lead at Accenture. “One of those areas is definitely for detection and response as companies seek to add next-generation solutions to their security capabilities.”

Cybersecurity skills shortage chart
The cybersecurity skills shortage has helped fuel demand for managed security services.

Sidhu said managed detection and response (MDR) capabilities include security automation and orchestration and come with predefined playbooks. MDR, which uses technology to scale, “can help drive significantly faster analysis and improved responses,” he noted.

Chris Gerritz, chief product officer at Infocyte, a cybersecurity incident response platform provider in Austin, Texas, said detection and incident response is becoming more important for managed security services providers (MSSPs), which traditionally have focused on network monitoring.

“Generally, they are starting to add on endpoint capabilities and starting to add on response capabilities,” he said.

Gerritz said customers are telling MSSPs “I don’t want just 100 notifications that I have been attacked. I want you to actually do something about that.”

Infocyte this week launched its Response Ready program for its certified incident response partners. The program aims to help those partners scale up their incident response businesses and boost recurring revenue.

Assessment and advisory offerings, meanwhile, stand out in the professional security services market segment, according to the Frost & Sullivan report. Professional security services represent the biggest slice of the security services market, overall, with a 61% share.

Sidhu said Accenture is seeing consulting and professional services demand across several areas such as identity, cloud, cyber defense and application security, along with strong demand for assessment of those capabilities.

Breaking into the market

The market’s five largest players are generating considerable revenue growth, which Frost & Sullivan attributes to “their massive size, global reach, consultative strength, industry expertise, and established relationships with large enterprises and government agencies.”

Yet, smaller service providers also have the potential to grow — with a few caveats. Managed service providers are looking to add security services as more customers expect them to provide protection from cyberattacks.

The key for MSPs trying to break into the MSSP market is providing right-sized security services for small- and medium- sized enterprises.
Jarad CarletonGlobal program leader, cybersecurity information and communication technologies, Frost & Sullivan

“The key for MSPs trying to break into the MSSP market is providing right-sized security services for small- and medium- sized enterprises,” Carleton said.

Regional MSSPs, as well as MSPs offering security services, will find demand for security services among regionally-focused SMBs, he noted.

MSPs, however, must take care to properly scope their services and keep their own security house in order.

“What we have seen is that far too many MSPs are promising more than they can actually deliver in terms of managed security services, and that is damaging to the industry,” Carleton said. “What is even more damaging to MSPs trying to break into the MSSP market is that MSPs themselves have become targets of cybercriminals. If you cannot manage your own security, frankly you have no business selling managed security services to a customer.”

HCL unveils Google Cloud unit

HCL Technologies, a global technology company based in Noida, India, has launched a Google Cloud business unit, which will eventually house more than 5,000 Google Cloud specialists.

HCL currently has more than 1,300 Google Cloud platform professionals. The company’s Google initiative targets a range of fields, from containerization to machine learning. The HCL business unit will also build Google Cloud-specific Cloud Native Labs in Dallas, London and in India’s national capital region.

Google and HCL said joint investments to support customers’ digital transformation projects will cover several areas:

  • SAP workload and application migration to Google Cloud Platform. In August, Google launched a partnership with DXC Technology that also focuses on enterprise migration of SAP applications to public cloud.
  • Hybrid and multi-cloud deployments using Google Cloud’s Anthos. Google partners cited Anthos as a business opportunity and one of the key developments during Google’s Next ’19 conference.
  • Adoption of Google Cloud data, AI and machine learning offerings in areas such as e-commerce, supply chain and marketing.
  • Application and data center modernization.
  • Workplace transformation and collaboration via G Suite.
  • DevSecOps and service orchestration.

Tech Data buys government channel partner DLT Solutions

Tech Data has agreed to purchase DLT Solutions, a Herndon, Va., company that aggregates technology for public sector clients and channel partners.

The deal, expected to close by Jan. 31, would make DLT a wholly owned subsidiary of Tech Data, a distributor based in Clearwater, Fla. DLT’s government contract vehicles include the General Services Administration Schedule 70, the Defense Department’s Enterprise Software Initiative, The National Institutes of Health’s Chief Information Officers — Commodities and Solutions and NASA’s Solutions for Enterprise-Wide Procurement V.

DLT had been a Millstein & Co. portfolio company. The private equity firm acquired DLT in 2015. TZP Group owned DLT prior to that deal, having acquired the company in 2009.

The DLT transaction will expand Tech Data’s value proposition, “especially in government solutions,” according to a bulletin from Martinwolf, a merger and acquisition advisory firm based in Scottsdale, Ariz. Martinwolf advised DLT on the TZP deal and then advised TZP on the Millstein acquisition.

Evercore, an M&A advisory firm based in New York, is representing DLT on the Tech Data deal.

Axcient launches X360 backup platform

Data protection company Axcient unveiled Axcient X360, a converged backup platform for MSPs.

The Axcient X360 platform offers single sign-on and centralized management of Office 365 backup, sync and share, and business continuity and disaster recovery. The platform also provides unlimited storage and retention and supporting services such as billing, training and certification, co-branded collateral and market development funds, the company said.

David Bennett, CEO of Axcient, speaking with SearchITChannel at MSP software vendor ConnectWise’s IT Nation conference, said the platform is designed to ease the backup burdens of MSPs. “Anything that puts a burden on an MSP’s business in terms of people and time is costly,” he said.

Bennett said Axcient X360 aims to be easy to learn, to the extent an MSP’s tier-1 technician could quickly train and operate the platform.

The X360 platform also documents backups for customers in regulated industries such as healthcare and financial services, Bennett added.

Axcient currently works with about 3,000 MSPs and integrates with ConnectWise.

Other news

  • Cloud distributor Pax8 inked a deal with Nerdio, an Azure solution provider for MSPs. Under the agreement, Pax8 will offer Nerdio for Azure in three packages: Core, Professional and Enterprise.
  • Intermedia, a cloud communications provider, joined ConnectWise’s Invent partner program for integrating with the ConnectWise MSP platform.
  • Webroot said ConnectWise partners can buy licenses for its security awareness training offering at 50% off from Oct. 30 to Nov. 30. The offer is available only through ConnectWise and to partners that are not currently purchasing Webroot’s security awareness training.
  • MSP360, formerly CloudBerry Lab, said MSP interest in its multi-cloud data backup and recovery portfolio helped boost Q3 revenue 60% over the same period last year.
  • Synechron Inc., a digital consulting firm based in New York, launched Digital Ecosystem Accelerators for the financial sector. The company described the accelerators as “solution prototypes” targeting such fields as retail banking, wealth management, corporate banking and capital markets.

Market Share is a news roundup published every Friday.

Go to Original Article
Author:

Diversity and cybercrime: Solving puzzles and stopping bad guys – Asia News Center

Diana Kelley bristles at suggestions that cybersecurity is a dry or dull career choice – after all, she’s dedicated most of her working life to protecting data and blocking digital wrongdoers.

“I think it is the most interesting part of IT. It can be a fascinating puzzle to solve. It can be like a murder mystery on that show, ‘Law & Order,’ except that when they find a dead body, we find a network breach,” she says.

“As we investigate, we go back through all these twists and turns. And, sometimes we discover that the real culprit isn’t the one we had suspected at the beginning.”

As Microsoft’s global Cybersecurity Field Chief Technology Officer, she wants to erase misconceptions that might be stopping people from more walks of life from entering her profession – which, she argues,  needs new ways of thinking and innovating.

Successful companies know that by building diversity and inclusion within their ranks, they can better understand and serve their many and varied customers. Cybersecurity teams need to read from the same playbook so they can better anticipate and block attacks launched by all kinds of people from all sorts of places.

“Cybercriminals come from different backgrounds and geo-locations and have different mindsets,” Kelley says. “They collaborate and use very diverse attack techniques to come after individuals, companies, and countries. So, it helps us also to have a very diverse set of protection and controls to stop them.”

Knowing how attackers might think and act can be difficult for any cybersecurity team, particularly if it is made up of people from similar backgrounds with similar viewpoints. It is the kind of conformity that can even lead to a sort of “groupthink,” which results in blind spots and unintended bias.

The power of different viewpoints

“If people think in the same ways again and again, they are going to come up with the same answers. This only stops when different viewpoints are raised, and different questions are heard.”

Kelley says attackers come from, and operate in, many different environments, and cybersecurity teams need to match this diversity as much as they can. However, the make-up of today’s international cybersecurity community remains surprisingly homogenous.

“About 90 percent are men and, depending on where you are in the world, they are often white men,” she says. “In Asia, it tends to be a little worse. Only about nine percent are women.”

The need for change comes amid unprecedented demand for cybersecurity and a chronic shortage of skilled specialists across the world. Kelley sees this an opportunity.

“We’ve got this big gap in hiring, so why not create a more diverse and inclusive community of people working on the problem?” she said in an interview on her recent visit to Singapore, one of many global cities vying for talent in the sector.

One major concern is gender imbalance. Even though many well-paying jobs are up for grabs, relatively few women are taking up, and staying in, cybersecurity roles.

Fixing the gender imbalance

“When I got into the field almost 30 years ago, women had very low representation in computer science in general,” Kelley says. “Back then, I just assumed it would change over time. But it hasn’t.”

Studies show that girls often drop out of STEM (science, technology, engineering, and math) subjects in middle or high school. Some women university graduates do enter the profession. But a lot end up leaving – many for cultural reasons in the workplace.

“There is a high attrition rate. We need to promote the value of studying STEM. And, we also need to work for the people who are in the field now by creating inclusive work environments.”

Kelley joined Microsoft about two years ago. Since then, she has been struck by its strong culture of respecting diverse viewpoints and encouraging inclusion – things she hasn’t seen stressed in some other companies.

“Not every idea is a great idea. But that doesn’t mean it should be mocked or dismissed. It should be respected as an idea. I have spoken to some women elsewhere who say because they didn’t feel heard or respected, they didn’t want to stay in IT.”

Bringing in all sorts of people

Kelley says more can be done to build up diversity and inclusion beyond fixing the gender mix. Again, she is impressed by Microsoft’s efforts. “Yes, we need to engage more women. But we also need to bring in all sorts of people from different social and career backgrounds.

“For instance, our team – the Cybersecurity Solution Group at Microsoft – is looking for people who may not have worked in cybersecurity in the past, but have a great interest (in technology) as well as other talents. So we are creating diversity that way too.”

Kelley recounts her own sideways entry into the field. She fell in love with computers and software during her teens when she discovered for herself how vulnerable networks at the time could be.

Later she graduated from university with a very non-techie qualification: a degree in English. Her first few jobs were editorial roles, but being tech-savvy soon meant she became the “go-to IT guy” in her office.

“Finally someone said to me, ‘Hey, you know what? IT is your calling, and we are hiring.’ So, what had been a hobby for me then became a career.”

She eventually moved into cybersecurity after an intruder broke into a network she had just built. “I pivoted from being a network and software person to someone very much focused on creating secure and resilient architectures and networks to thwart the bad guys.”

We need diverse thinkers

Looking to the future, she wants a broader pool of job seekers to consider careers in cybersecurity, even if they did not like STEM at school.

“We need diverse thinkers … people who understand psychology, for example, who can help understand the mindsets behind these attacks. We need great legal minds to help with ethics and privacy. And, political minds who understand lobbying.”

The cybersecurity world needs individuals who are altruistic and have a little more. “We go into this field because we want to do the right thing and protect people and protect data. That is a critical part. And, it also really helps to have a sort of a ‘tinkering mindset.’”

She explains that when cybersecurity professionals create systems, they also have to produce threat models. To do that, they need to think about, ‘What if I was a bad guy? What if I was trying to take this apart? How could it be taken apart?’ That is the point where they can start to work out how to make their system more attack resistant.

Meanwhile, she is eager to debunk a few myths swirling around the subject of cybercrime.

For starters, the days of the smart lone wolf kid in a hoodie hacking for fun from his bedroom are more or less over. Nowadays, only a tiny minority of perpetrators cause digital mischief and embarrassment just for the bragging rights or are “hacktivists” who want to advance social or environmental causes.

Ominously, there are sophisticated state-sponsored actors targeting the vulnerabilities of rival powers. Governments around the world are rightly worried about their citizens’ data. But they also fear for the security of vital infrastructure, like power grids and transport systems. Accordingly, military strategists now rate cyber as a field of warfare alongside land, sea, and air.

That said, most of the bad guys are simply in it for the money and do not deserve the glory and headlines they sometimes get.

“They are not glamorous. Many are in big criminal syndicates that just want to grab our data – hurting us and hurting our loved ones.”

Go to Original Article
Author: Microsoft News Center

Building the security operations center of tomorrow—harnessing the law of data gravity

This post was coauthored by Diana Kelley, Cybersecurity Field CTO, and , EMEA Chief Security Advisor, Cybersecurity Solutions Group.

You’ve got a big dinner planned and your dishwasher goes on the fritz. You call the repair company and are lucky enough to get an appointment for that afternoon. The repairperson shows up and says, “Yes, it’s broken, but to figure out why I will need to run some tests.” They start to remove your dishwasher from the outlet. “What are you doing?” you ask. “I’m taking it back to our repair shop for analysis and then repair,” they reply. At this point, you’re annoyed. You have a big party in three hours, and taking the dishwasher all the way back to the shop for analysis means someone will be washing dishes by hand after your party—why not test it right here and right now so it can be fixed on the spot?

Now, imagine the dishwasher is critical business data located throughout your organization. Sending all that data to a centralized location for analysis will give you insights, eventually, but not when you really need it, which is now. In cases where the data is extremely large, you may not be able to move it at all. Instead it makes more sense to bring services and applications to your data. This at the heart of a concept called “data gravity,” described by Dave McCrory back in 2010. Much like a planet, your data has mass, and the bigger that mass, the greater its gravitational pull, or gravity well, and the more likely that apps and services are drawn to it. Gravitational movement is accelerated when bandwidth and latency are at a premium, because the closer you are to something the faster you can process and act on it. This is the big driver of the intelligent cloud/intelligent edge. We bring analytics and compute to connected devices to make use of all the data they collect in near real-time.

But what might not be so obvious is what, if anything, does data gravity have to do with cybersecurity and the security operations center (SOC) of tomorrow. To have that discussion, let’s step back and look at the traditional SOCs, built on security information and event management (SIEM) solutions developed at the turn of the century. The very first SIEM solutions were predominantly focused on log aggregation. Log information from core security tools like firewalls, intrusion detection systems, and anti-virus/malware tools were collected from all over a company and moved to a single repository for processing.

That may not sound super exciting from our current vantage point of 2018, but back in 2000 it was groundbreaking. Admins were struggling with an increasing number of security tools, and the ever-expanding logs from those tools. Early SIEM solutions gave them a way to collect all that data and apply security intelligence and analytics to it. The hope was that if we could gather all relevant security log and reporting data into one place, we could apply rules and quickly gather insights about threats to our systems and security situational awareness. In a way this was antidata gravity, where data moved to the applications and services rather than vice versa.

After the initial “hype” for SIEM solutions, SOC managers realized a few of their limitations. Trying to write rules for security analytics proved to be quite hard. A minor error in a rule led to high false positives that ate into analyst investigative time. Many companies were unable to get all the critical log data into the SIEM, leading to false negatives and expensive blind spots. And one of the biggest concerns with traditional SIEM was the latency. SIEM solutions were marketed as “real-time” analytics, but once an action was written to a log, collected, sent to the SIEM, and then parsed through the SIEM analytics engine, quite a bit of latency was introduced. When it comes to responding to fast moving cyberthreats, latency is a distinct disadvantage.

Now think about these challenges and add the explosive amounts of data generated today by the cloud and millions of connected devices. In this environment it’s not uncommon that threat campaigns go unnoticed by an overloaded SIEM analytics engine. And many of the signals that do get through are not investigated because the security analysts are overworked. Which brings us back to data gravity.

What was one of the forcing factors for data gravity? Low tolerance for latency. What was the other? Building applications by applying insights and machine learning to data. So how can we build the SOC of tomorrow? By respecting the law of data gravity. If we can perform security analytics close to where the data already is, we can increase the speed of response. This doesn’t mean the end of aggregation. Tomorrow’s SOC will employ a hybrid approach by performing analytics as close to the data mass as possible, and then rolling up insights, as needed, to a larger central SOC repository for additional analysis and insight across different gravity wells.

Does this sound like an intriguing idea? We think so. Being practitioners, though, we most appreciate when great theories can be turned into real-world implementations. Please stay tuned for part 2 of this blog series, where we take the concept of tomorrow’s SOC and data gravity into practice for today.

Senator wants government to stop Adobe Flash use

Sen. Ron Wyden (D-Ore.) is once again advocating in favor of better cybersecurity for the U.S. government in a new letter asking that all government domains stop Adobe Flash use.

Adobe Flash has long been under fire from the infosec community for security risks, and major web browsers have been moving away from the platform in favor of HTML5, leading Adobe to announce that the end-of-life date for Flash will come in 2020.

Sen. Wyden addressed the letter to Kirstjen Nielsen, secretary of the Department of Homeland Security (DHS); Walter Copan, undersecretary of Commerce and director of the NIST; and Paul Nakasone, director of the NSA and commander of U.S. Cyber Command, advocating that the government stop Adobe Flash use.

Wyden asked that these three agencies collaborate to stop Adobe Flash use in government “in light of its inherent security vulnerabilities and impending end-of-life.”

“The federal government has too often failed to promptly transition away from software that has been decommissioned. In just one example, agencies were forced to pay millions of dollars for premium Microsoft support after they missed the deadline to transition away from Windows XP at its end-of-life in 2014, even though the technology’s last major update had been six years prior,” Wyden wrote in the letter. “The U.S. government should begin transitioning away from Flash immediately, before it is abandoned in 2020.”

Chris Olson, CEO and founder of The Media Trust, a digital media risk management company based in Maclean, Va., noted that the reason government agencies tend to fail at these transitions is due to budgets.

“Government budgets are strapped. As a result, they tend to retain legacy systems, software, and machines that take time to patch and update. The budget issue is worse for state, municipal, and other local government entities,” Olson wrote in an email. “The situation won’t change anytime soon, so agencies should continuously scan their websites and mobile apps in real-time for any unauthorized actors and activities.”

Wyden noted that DHS, NIST and the NSA “provide the majority of cybersecurity guidance to government agencies,” but none have issued public guidance calling for agencies to stop Adobe Flash use.

Wyden suggested a three-step plan to stop the deployment of new Flash-based content within 60 days, remove Flash from some agency computers by March 2019, and then require the removal of all Flash content from websites by August 2019.

Olson applauded the multistaged approach to having government agencies stop Adobe Flash use.

“Flash is just the tip of the iceberg. There are a growing number of other attack vectors, including HTML5, a variety of content management systems, browsers, etc. Any organization will need to keep up with the various developments that are being nurtured in the underground economy of cybercrime,” Olson wrote. “Agencies and any organization with digital assets will need to work closely with their third parties to enforce security policies, police what code is being executed in their digital ecosystems with the help of continuous, real-time scanning, and root out unauthorized actors and code.”

Federal cybersecurity report says nearly 75% of agencies at risk

The latest federal cybersecurity report holds little good news regarding the security posture of government agencies, and experts are not surprised by the findings.

The Office of Management and Budget (OMB) and the Department of Homeland Security (DHS) developed the report in accordance with President Donald Trump’s cybersecurity executive order issued last year. The report acknowledged the difficulties agencies face in terms of budgeting, maintaining legacy systems and hiring in the face of the cybersecurity skills gap, and it identified 71 of 96 agencies as being either “at risk or high risk.”

“OMB and DHS also found that federal agencies are not equipped to determine how threat actors seek to gain access to their information. The risk assessments show that the lack of threat information results in ineffective allocations of agencies’ limited cyber resources,” OMB and DHS wrote in the report. “This situation creates enterprise-wide gaps in network visibility, IT tool and capability standardization, and common operating procedures, all of which negatively impact federal cybersecurity.”

The federal cybersecurity report tested the agencies involved under 76 metrics and identified four major areas of improvement: increasing threat awareness, standardizing IT capabilities, consolidating security operations centers (SOCs), and improving leadership and accountability.

Greg Touhill, president of Cyxtera Federal Group, based in Coral Gables, Fla., and former CISO for the United States, said the report was an “accurate characterization of the current state of cyber risk and a reflection of the improvements made over the last five years in treating cybersecurity as a risk management issue, rather than just a technology problem.”

“I am concerned that the deletions of and vacancies in key senior cyber leadership positions [are] sending the wrong message about how important cybersecurity is to the government workforce, commercial and international partners, and potential cyber adversaries,” Touhill wrote via email. “As national prosperity and national security are dependent on a strong cybersecurity program that delivers results that are effective, efficient and secure, I believe cybersecurity ought to be at the top of the agenda, and we need experienced cyber leaders sitting at the table to help guide the right decisions.”

Agencies at risk

The federal cybersecurity report said many agencies lack situational awareness and noted this has been a long-standing issue in the U.S. government.

I am concerned that the deletions of and vacancies in key senior cyber leadership positions [are] sending the wrong message about how important cybersecurity is to the government workforce, commercial and international partners, and potential cyber adversaries.
Greg Touhillpresident of Cyxtera Federal Group and former CISO for the United States

“For the better part of the past decade, OMB, the Government Accountability Office, and agency [inspectors general] have found that agencies’ enterprise risk management programs do not effectively identify, assess, and prioritize actions to mitigate cybersecurity risks in the context of other enterprise risks,” OMB wrote. “In fact, situational awareness is so limited that federal agencies could not identify the method of attack, or attack vector, in 11,802 of the 30,899 cyber incidents (38%) that led to the compromise of information or system functionality in [fiscal year] 2016.”

Sherban Naum, senior vice president of corporate strategy and technology at Bromium, based in Cupertino, Calif., said improving information sharing might not “address the protection component.”

“Sharing information in real time of an active and fully identified attack is critical. However, more information alone won’t help if there is no contextual basis to understand what was attacked, what vulnerability was leveraged, the attacker’s intent and impact to the enterprise,” Naum said. “I wonder what systems are in place or are needed to process the real-time threat data to then automatically protect the rest of the federal space.”

Not all of the news was bad. OMB noted that 93% of users in the agencies studied use multifactor authentication in the form of personal identity verification cards. However, the report said this was only the beginning, as “agencies have not matured their access management capabilities” for modern mobile use.

“One of the most significant security concerns that results from the current decentralized and fragmented IT landscape is ineffective identity, credential, and access management processes,” OMB wrote. “Fundamentally, any organization must have a clear understanding of the people, assets, and data on its networks.”

The federal cybersecurity report acknowledged the number of high-profile data leaks and breaches across government systems in recent years and said the situation there is not improving.

“Federal agencies do not have the visibility into their networks to effectively detect data exfiltration attempts and respond to cybersecurity incidents. The risk assessment process revealed that 73 percent of agency programs are either at risk or high risk in this critical area,” OMB wrote. “Specific metrics related to data loss prevention and exfiltration demonstrate even greater problems, with only 40 percent of agencies reporting the ability to detect the encrypted exfiltration of information at government-wide target levels. Only 27 percent of agencies report that they have the ability to detect and investigate attempts to access large volumes of data, and even fewer agencies report testing these capabilities annually.”

Additionally, only 16% of agencies have properly implemented encryption on data at rest.

Suggested improvements

The federal cybersecurity report had suggestions for improving many of the poor security findings, including consolidating email systems, creating standard software configurations and a shared marketplace for software, and improving threat intelligence sharing across SOCs. However, many of the suggestions related directly to following National Institute of Standards and Technology (NIST) Cybersecurity Framework guidelines, the Cyber Threat Framework developed by the Office of the Director of National Intelligence, or DHS’ Continuous Diagnostics and Mitigation (CDM) program.

Katherine Gronberg, vice president of government affairs at ForeScout Technologies, based in San Jose, Calif., said the focus of CDM is on real-time visibility.

“For example, knowing you have 238 deployed surveillance cameras found to have a particular vulnerability is a good example of visibility. Knowing that one or more of those cameras is communicating with high-value IT assets outside of its segment is further visibility, and then seeing that a camera is communicating externally with a known, malicious command-and-control IP address is the type of visibility that helps decision-making,” Gronberg wrote via email. “CDM intends to give agencies this level of real-time domain awareness in addition to securing data. It’s worth noting that many agencies are now moving to Phase 3 of CDM, which is about taking action on the problems that are discovered.”

Katie Lewin, federal director for the Cloud Security Alliance, said “standardization is an effective tool to get the best value from resources,” especially given that many risks faced by government agencies are due to the continued use of legacy systems.

“Standardized, professionally managed cloud systems will significantly help reduce risks and eliminate several threat vectors,” Lewis wrote via email. “If agencies adopt DHS’s Continuous Diagnostics and Mitigation process, they will not have to develop and reinvent custom programs. However, as with all standards, there needs to be some flexibility. Agencies should be able to modify a standard approach within defined limits. Failure to involve agencies in developing a common approach and in defining the boundaries of flexibility will result in limited acceptance and adoption of the common approach.”

Gary McGraw, vice president of security technology at Synopsys Inc., based in Mountain View, Calif., said focusing on standards may not hold much improvement.

“The NIST Framework has lots of very basic advice and is very useful. It would be a step in the right direction. However, it is important to keep in mind that standards generally reflect the bare minimum,” McGraw said. “Organizations that view security solely as a compliance requirement generally fall short, compared to others that treat it as a core or enabling component of their operations.”

Michael Magrath, director of global regulations and standards at OneSpan, said, “Improving resource allocations is a crucial to improving our federal cyberdefenses.” 

“With $5.7 billion in projected spending across federal civilian agencies, some agencies may cry poor. The report notes that email consolidation can save millions of dollars each year, and unless agencies have improved efficiencies like email consolidation, have implemented electronic signatures and migrated to the cloud, there remains an opportunity to reallocate funds to better protect their systems,” Magrath said. “The report also notes that agencies are operating multiple versions of the same software. This adds unnecessary expense, and as more and more agencies migrate to the cloud, efficiencies and cost reductions should follow enabling agencies to reallocate budget and IT resources to other areas.”

Federal HR wants to modernize cybersecurity recruiting, pay

The U.S. Dept. of Homeland Security wants dramatic changes in hiring and management of cybersecurity professionals. It seeks 21st Century HR practices and technologies, with a goal of making the federal HR program as competitive as the private sector.

This effort will streamline hiring and improve cybersecurity recruiting. DHS wants a pay system for cybersecurity professionals based on “individual’s skills and capabilities.” New HR technologies are sought as well.

The proposed federal HR improvements are in a request for information to vendors. In this knowledge gathering effort vendors are asked to estimate the cost, and outline the expertise and technologies needed to achieve this reform. It doesn’t obligate the government but sets the stage for contract proposals. Its goals are sweeping.

DHS, for instance, said it wanted to end 20th Century federal HR practices, such as annual reviews. Instead, it wants 21st Century methods, such as continuous performance management.

The goal is modernizing federal HR technologies and processes, but with a focus on improving cybersecurity recruiting and retention.

Analysts see DHS moving in the right direction

HR analysts contacted about the planned federal cybersecurity recruiting reform seemed impressed.

“The scope of this is really big and it’s very ambitious,” said Kyle Lagunas, research manager in IDC’s talent acquisition and staffing research practice. “I’m really encouraged to see this. It really captures, I think, where the industry is going.”

It’s all in the right direction.
Josh Bersinfounder and principal, Bersin by Deloitte Consulting

“This sounds like good stuff to me,” said Josh Bersin, founder and principal of Bersin by Deloitte Consulting. “It’s all in the right direction,” he said.

Both analysts said that if DHS achieves its goals it will rank with leading businesses in HR best practices.

DHS employs some 11,000 cybersecurity professionals and leads government efforts to secure public and private critical infrastructure systems.

The U.S. said in 2016 that there weren’t enough cybersecurity professionals to meet federal HR needs. President Barack Obama’s administration called for a “government-wide” federal HR cybersecurity recruitment strategy. President Donald Trump’s administration is reaching out to vendors for specifics.

DHS published its request for information for reforming federal HR in early May, asking for cost estimates and ideas for modernizing cybersecurity hiring and management. It sought specific capabilities such as the ability to process as many as 75,000 applicants per year. It wants, as well, applicant assessment technologies. This can include virtual environments, for testing “real-world application of technical cybersecurity competencies.”

Feds boldly make a case for reform of cybersecurity recruiting

But what distinguished this particular federal HR request, from so many other government requests for information, was its dramatic framing of the goal.

The 20th Century way of recruiting involves posting a job and “hoping the right candidates apply,” said DHS in its request to vendors. The new 21st Century method — is to “strategically recruit from a variety of sources on an ongoing basis, and use up-to-date, cybersecurity-focused standards and validated tools to screen, assess and select talent.”

DHS also wants to adopt “market-sensitive pay” to more readily compete for people, a smart move, according to Lagunas. “If they want to bring in top cybersecurity talent they are going to have to make sure they are very competitive in their pay and practices.”

In what may be a nod to the growing contingent workforce, DHS wants a federal HR plan for “dynamic careers.” This involves “streamlined movement” from the private sector to government and back again.

The deadline for vendor responses to the government’s request for information is May 25.