Tag Archives: Security

Sophos adds mobile threat defense app to Intercept X line

Security vendor Sophos this month expanded its endpoint protection lineup with Intercept X for Mobile. The new mobile security application extends the company’s Intercept security software to devices including phones, tablets and laptops.

The new offering is meant to bolster mobile threat defense for devices running on Android, iOS and Chrome. Features include:

  • Authenticator: Helps to manage multi-factor authentication passwords for sites like Google, Amazon and Facebook.
  • Secure QR code scanner: Scans target URLs for malicious content.
  • Privacy protection: Detects when personal data is accessed or if there are hidden costs associated with downloaded apps.

“The biggest unique point of the Intercept X model is that we are a security model, and we do security for different platforms and can be configured in one place,” said Petter Nordwall, director of product management at Sophos. “Intercept X, as a whole, can now protect Windows, Mac iOS, Chromebooks and servers. Regardless of what platform they use, they can use Intercept X.”

Sophos introduced Intercept X in 2016 as a cloud-based tool designed to enhance endpoint security already running in an environment. Intercept X for Server was introduced in December 2018; an update launched in May 2019 added endpoint protection and response features.

Mobile threats on the rise

In “Advance and Improve Your Mobile Security Strategy,” a recent report from Gartner, senior analyst Patrick Hevesi found that “mobile security products are becoming increasingly important as a rate of mobile attacks continues to grow.” Hevesi recommended tech professionals track new threats, build a mobile threat defense strategy and set minimum iOS and hardware versions.

He added that organizations should focus on training users on what threats actually look like, rather than letting the systems do all the work.

“Everyone is doing antiphishing training, but think about the application,” Hevesi said. “The user doesn’t think about mobile in the same way; they see a highly rated app and don’t think about why the app needs permission to my contact data.”

Pricing for Intercept X for Mobile ranges from $24.50 to $63 per 100 seats depending on the addition of Sophos’ mobile, a unified endpoint management system. Intercept X for Mobile is available free for download for individual use, from Google Play and the Apple App Store.

Go to Original Article
Author:

AWS security faces challenges after a decade of dominance

Amazon Web Services has a stranglehold on the public cloud market, but the company’s dominance in cloud security is facing new challenges.

The world’s largest cloud provider earned a reputation over the last 10 years as an influential leader in IaaS security, thanks to introducing products such as AWS Identity & Access Management and Key Management Service in the earlier part of the decade to more recent developments in event-driven security. AWS security features helped the cloud service provider establish its powerful market position; according to Gartner, AWS in 2018 earned an estimated $15.5 billion in revenue for nearly 48% of the worldwide public IaaS market.

But at the re:Invent 2019 conference last month, many of the new security tools and features announced were designed to fix existing issues, such as misconfigurations and data exposures, rather than push AWS security to new heights. “There wasn’t much at re:Invent that I’d call security,” said Colin Percival, founder of open source backup service Tarsnap and an AWS Community Hero, via email. “Most of what people are talking about as security improvements address what I’d call misconfiguration risk.”

Meanwhile, Microsoft has not only increased its cloud market share but also invested heavily in new Azure security features that some believe rival AWS’ offerings. Rich Mogull, president and analyst at Securosis, said there are two sides to AWS security — the inherent security of the platform’s architecture, and the additional tools and products AWS provides to customers.

“In terms of the inherent security of the platform, I still think Amazon is very far ahead,” he said, citing AWS’ strengths such as availability zones, segregation, and granular identity and access management. “Microsoft has done a lot with Azure, but Amazon still has a multi-year lead. But when it comes to security products, it’s more of a mixed bag.”

Most of what people are talking about as [AWS] security improvements address what I’d call misconfiguration risk.
Colin PercivalFounder, Tarsnap

Microsoft has been able to close the gap in recent years with the introduction of its own set of products and tools that compete with AWS security offerings, he said. “Azure Security Center and AWS Security Hub are pretty comparable, and both have strengths and weaknesses,” Mogull said. “Azure Sentinel is quite interesting and seems more complete than AWS Detective.”

New tools, old problems

Arguably the biggest AWS security development at re:Invent was a new tool designed to fix a persistent problem for the cloud provider: accidental S3 bucket exposures. The IAM Access Analyzer, which is part of AWS’ Identity and Access Management (IAM) console, alerts users when an S3 bucket is possibly misconfigured to allow public access via the internet and lets them block such access with one click.

AWS had previously made smaller moves, including changes to S3 security settings and interfaces, to curb the spate of high-profile and embarrassing S3 exposures in recent years. IAM Access Analyzer is arguably the strongest move yet to resolve the ongoing problem.

“They created the S3 exposure issue, but they also fixed it,” said Jerry Gamblin, principal security engineer at vulnerability management vendor Kenna Security, which is an AWS customer. “I think they’ve really stepped up in that regard.”

Still, some AWS experts feel the tool doesn’t fully resolve the problem. “Tools like IAM Access Analyzer will definitely help some people,” Percival said, “but there’s a big difference between warning people that they screwed up and allowing people to make systems more secure than they could previously.”

Scott Piper, an AWS security consultant and founder of Summit Route in Salt Lake City, said “It’s yet another tool in the toolbelt and it’s free, but it’s not enabled by default.”

There are other issues with IAM Access Analyzer. “With this additional information, you have to get that to the customer in some way,” Piper said. “And doing that can be awkward and difficult with this service and others in AWS like GuardDuty, because it doesn’t make cross-region communication very easy.”

For example, EC2 regions are isolated to ensure the highest possible fault tolerance and stability for customers. But Piper said the isolation presents challenges for customers using multiple regions because it’s difficult to aggregate GuardDuty alerts to a single source, which requires security teams to analyze “multiple panes of glass instead of one.”

Metadata headaches

AWS recently addressed another security issue that became a high-profile concern for enterprises following the Capital One breach last summer. The attacker in that exploited an SSRF vulnerability to access the AWS metadata service for company’s EC2 instances, which allowed them to obtain credentials contained in the service.

The Capital One breach led to criticism from security experts as well as lawmakers such as Sen. Ron Wyden (D-Ore.), who questioned why AWS hadn’t addressed SSRF vulnerabilities for its metadata service. The lack of security around the metadata service has concerned some AWS experts for years; in 2016, Percival penned a blog post titled “EC2’s most dangerous feature.”

“I think the biggest problem Amazon has had in recent years — judging by the customers affected — is the lack of security around their instance metadata service,” Percival told SearchSecurity.

In November, AWS made several updates to the metadata service to prevent unauthorized access, including the option to turn off access to the service altogether. Mogull said the metadata service update was crucial because it improved security around AWS account credentials.

But like other AWS security features, the metadata service changes are not enabled by default. Percival said enabling the update by default would’ve caused issues for enterprise applications and services that rely on the existing version of the service. “Amazon was absolutely right in making their changes opt-in since if they had done otherwise, they would have broken all of the existing code that uses the service,” he said. “I imagine that once more or less everyone’s code has been updated, they’ll switch this from opt-in to opt-out — but it will take years before we get to that point.”

Percival also said the update is “incomplete” because it addresses common misconfigurations but not software bugs. (Percival is working on an open source tool that he says will provide “a far more comprehensive fix to this problem,” which he hopes to release later this month.)

Still, Piper said the metadata service update is an important step for AWS security because it showed the cloud provider was willing to acknowledge there was a problem with the existing service. That willingness and responsiveness hasn’t always been there in the past, he said.

“AWS has historically had the philosophy of providing tools to customers, and it’s kind of up to customers to use them and if they shoot themselves in the foot, then it’s the customers’ fault,” Piper said. “I think AWS is starting to improve and change that philosophy to help customers more.”

AWS security’s road ahead

While the metadata service update and IAM Access Analyzer addressed lingering security issues, experts highlighted other new developments that could strengthen AWS’ position in cloud security.

AWS Nitro Enclaves, for example, is a new EC2 capability introduced at re:Invent 2019 that allows customers to create isolated instances for sensitive data. The Nitro Enclaves, which will be available in preview this year, are virtual machines attached to EC2 instances but have CPU and memory isolation from the instances and can be accessed only through secure local connections.

“Nitro Enclaves will have a big impact for customers because of its isolation and compartmentalization capabilities” which will give enterprises’ sensitive data an additional layer of protection against potential breaches, Mogull said.

Percival agreed that Nitro Enclaves could possibly “raise the ceiling,” for AWS Security, though he cautioned against using them. “Enclaves are famously difficult for people to use correctly, so it’s hard to predict whether they will make a big difference or end up being another of the many ‘Amazon also has this feature, which nobody ever uses’ footnotes.”

Experts also said AWS’ move to strengthen its ARM-based processor business could have major security implications. The cloud provider announced at re:Invent 2019 that it will be launching EC2 instances that run on its new, customized ARM chips, dubbed Graviton2.

Gamblin said the Graviton2 processors are a security play in part because of recent microprocessor vulnerabilities and side channel attacks like Meltdown and Spectre. While some ARM chips were affected by both Meltdown and Spectre, subsequent side channel attacks and Spectre variants have largely affected x86 processors.

“Amazon doesn’t want to rely on other chips that may be vulnerable to side channel attacks and may have to be taken offline and rebooted or suffer performance issues because of mitigations,” Gamblin said.

Percival said he was excited by the possibility of the cloud provider participating in ARM’s work on the “Digital Security by Design” initiative, a private-sector partnership with the UK that is focused in part on fundamentally restructuring — and improving — processor security. The results of that project will be years down the road, Percival said, but it would show a commitment from AWS to once again raising the bar for security.

“If it works out — and it’s a decade-long project, which is inherently experimental in nature — it could be the biggest step forward for computer security in a generation.”

Go to Original Article
Author:

Aruba SD-Branch gets intrusion detection, prevention software

Wireless LAN vendor Aruba has strengthened security in its software-defined branch product by adding intrusion detection and prevention software. The vendor is aiming the latest technology at retailers, hotels and healthcare organizations with hundreds of locations.

Aruba, a Hewlett Packard Enterprise company, also introduced this week an Aruba SD-Branch gateway appliance with a built-in Long Term Evolution (LTE) interface. Companies often use LTE cellular as a backup when other links are temporarily unavailable.

The latest iteration of Aruba’s SD-Branch has an intrusion detection system (IDS)  that performs deep packet inspection in monitoring network traffic for malware and suspicious activity. When either is detected, the IDS alerts network managers, while the new intrusion prevention system (IPS) takes immediate action to block threats from spreading to networked devices. The IPS software takes action based on policies set in Aruba’s ClearPass access control system.

Previously, Aruba security was mostly focused on letting customers set security policies that restricted network access of groups of users, devices and applications. The company also provided customers with a firewall.

“But this IDS and IPS capability takes it a step further and allows enterprises that have deployed Aruba to quickly detect and prevent unwanted traffic from entering and exiting their networks,” said Brandon Butler, an analyst at IDC.

The latest features bring Aruba in line with other vendors, Butler said. In general, security is part of a “holistic” approach vendors are taking toward SD-branch.

Other features vendors are adding include WAN optimization, direct access to specific SaaS and IaaS providers, and a management console for the wired and wireless LAN. Software-defined WAN (SD-WAN) technology for traffic routing is a staple within all SD-branch offerings.

Aruba LTE gateway

The new gateway appliance is a key component of Aruba’s SD-Branch architecture. The multifunction hardware includes a firewall and an SD-WAN.

The device integrates with Aruba’s ClearPass and its cloud-based Central management console. The latter oversees the SD-WAN, as well as Aruba access points, switches and routers.

The new SD-Branch gateway with an LTE interface is the latest addition to the 9000 series Aruba launched in the fourth quarter of last year. The hardware is Aruba’s highest performing gateway with four 1 Gb ports and an LTE interface that delivers 600 Mbps downstream and 150 Mbps upstream.

Certification of the device by all major carriers will start this quarter, Aruba said.

Other network and security vendors providing SD-branch products include Cisco, Cradlepoint, Fortinet, Riverbed and Versa Networks. All the vendors combine internally developed technology with that of partners to deliver a comprehensive SD-Branch. Aruba, for example, has security partnerships with Zscaler, Palo Alto Networks and Check Point.

The vendors are competing for sales in a fast-growing market. Revenue from SD-branch will increase from $300 million in 2019 to $2.6 billion by 2023, according to Doyle Research.

Go to Original Article
Author:

Experts weigh in on risk of Iranian cyberattacks against U.S.

The Department of Homeland Security warned of potential of Iranian cyberattacks against the U.S., and security experts weighed in on the risks facing enterprises.

In the bulletin, released Saturday as part of the National Terrorism Advisory System, DHS said there was no indication that attacks from Iran were imminent, but noted the country and its allies “have demonstrated the intent and capability to conduct operations in the United States.” The bulletin was issued in the wake of escalating military conflict with Iran.

“Iran maintains a robust cyber program and can execute cyberattacks against the United States. Iran is capable, at a minimum, of carrying out attacks with temporary disruptive effects against critical infrastructure in the United States,” DHS wrote in the bulletin. “Be prepared for cyber disruptions, suspicious emails, and network delays. Implement basic cyber hygiene practices such as effecting data backups and employing multi-factor authentication [MFA].”

In general, experts agreed there is a legitimate threat of Iranian cyberattacks against U.S. entities and many added that while Iran has offensive cyber capabilities, they are not known to have capabilities on the level of the U.S., China or Russia.

Rick Holland, CISO and vice president of strategy at Digital Shadows in San Francisco, said Iran has proven the ability to cause damage with cyberattacks.

“Iranian offensive cyber capabilities have grown significantly since the days of Stuxnet, which was a catalyst for the Iranian regime to mature their capabilities,” Holland told SearchSecurity. “While Iran isn’t as mature as the United States, Russia or China, they are capable of causing damage. Destructive or wiper malware like Iran used against Saudi Aramco could cause significant damage to their targets.”

Robert M. Lee, CEO and founder of Dragos, said Iran has “consistently been growing their capabilities and are aggressive and willing to be as destructive as they can be.”

“We’re unlikely to see widespread issues or scenarios such as disrupting electric power but it’s entirely possible we will see opportunistic responses to whatever damage they think they can inflict,” Lee told SearchSecurity. “Iran has shown previously to be opportunistic in its targeting of infrastructure with denial of service attacks against banks as well as trying to get access to industrial control systems in electric and water companies. While it is important to think where strategic targets would be for them, it’s just as relevant that they might search for those who are more insecure to be able to have an effect instead of a larger effect on a harder target.”

High disruption value

While DHS was unclear what organizations Iran might target with cyberoperations, some experts tended to agree with Lee that infrastructure and financial targets would be most likely.

Jake Williams, founder and president of Rendition Infosec in Augusta, Ga., classified Iran as having “moderately sophisticated capabilities.”

“They aren’t on par with Russia or China, but they aren’t script kiddies either. Iran will most likely target defense industrial base and financial institutions — basically, targets that have a high disruption value,” Williams told SearchSecurity. “For an enterprise, the things to keep in mind are DDoS and early indicators of compromise for defense industrial base organizations. Of course, Iran could target other verticals, but we assess these to be the most likely initial targets.”

Levi Gundert, vice president of intelligence and risk at Recorded Future, noted that “Iranian sponsored groups are constantly probing potential targets for weaknesses toward intelligence gathering.”

“When provoked, these groups have also successfully demonstrated retaliatory cyberattacks. Based on historical precedent, Iran retaliates with destructive attacks against perceived threatening organizations (e.g. Sands Corporation), or they attack businesses toward achieving economic impact — large American financial service companies (Operation Ababil) and Saudi Aramco are two good examples,” Gundert told SearchSecurity via email. “We believe the most likely targets of cyberattacks remain the United States government, contractors, and partner businesses involved in U.S. regional interests.”

However, Chris Morales, head of security analytics at threat detection vendor Vectra in San Jose, Calif., said “everyone could be at risk” of an Iranian cyberattack.

“While certain industries were targeted in the past for disruption or for data theft, there is no limitation to who could be targeted in an asymmetric attack that involves disruption, misdirection and confusion,” Morales told SearchSecurity. “Earlier state-sponsored Iranian actors stole only basic information, but over the past few years they have been building long-term espionage campaigns. The risk here being in many cases Iranian actors already persist inside networks and it becomes a case of identifying their presence and removing them.”

Holland said the risk of being targeted by Iran would be low for most organizations, but enterprises should perform threat modeling by asking:

  • How do Iranian interests intersect your business?
  • How has historic Iranian targeting/victimology related to your company?
  • How does the Iranian threat stack up against your supply chain?

Protecting your organization

Experts agreed that taking care of the basics is probably the best approach to defend against possible Iranian cyberattacks.

Dr. Chase Cunningham, principal analyst serving security and risk professionals for Forrester Research, suggested enterprises “fix the easy stuff: deploy MFA everywhere; bolster DDoS defense and make sure email security is in place. Other than that, brace for impact and maintain situational awareness.”

Holland said enterprises “shouldn’t have to take any extraordinary measures.”

“Patch operating systems and applications. Disable Microsoft Office macros. Implement application whitelisting. Restrict admin privileges. Disable external-facing Remote Desktop Protocol,” Holland said. “Enable multi-factor authentication for external-facing applications and privileged users. Monitor for malicious domains registrations related to your organization.”

Gundert suggested organizations “take the time to understand Iranian sponsored groups’ historical tools, tactics, and techniques.”

“These groups typically achieve initial unauthorized access through password re-use, phishing, and/or web shells,” Gundert said. “Now is a great time to review and improve security controls for each threat category, as well as visibility into post-compromise activity like the usage of native Windows tools.”

Lee said the best approach is for cybersecurity professionals to “be in a heightened sense of awareness and put the investments they’ve made into people, process, and technology to use.”

“For companies that have yet to make proper investments into the cybersecurity of their business, there is not much that can be done quickly in situations like this,” Lee said. “Companies need to prepare ahead of these moments and these moments and any angst felt should serve as an opportunity to look internally to determine what your plans would be especially for incident response and disaster recovery.”

Go to Original Article
Author:

Virtualization-Based Security: Enabled by Default

Virtualization-based Security (VBS) uses hardware virtualization features to create and isolate a secure region of memory from the normal operating system. Windows can use this “virtual secure mode” (VSM) to host a number of security solutions, providing them with greatly increased protection from vulnerabilities in the operating system, and preventing the use of malicious exploits which attempt to defeat operating systems protections.

The Microsoft hypervisor creates VSM and enforces restrictions which protect vital operating system resources, provides an isolated execution environment for privileged software and can protect secrets such as authenticated user credentials. With the increased protections offered by VBS, even if malware compromises the operating system kernel, the possible exploits can be greatly limited and contained because the hypervisor can prevent the malware from executing code or accessing secrets.

The Microsoft hypervisor has supported VSM since the earliest versions of Windows 10. However, until recently, Virtualization-based Security has been an optional feature that is most commonly enabled by enterprises. This was great, but the hypervisor development team was not satisfied. We believed that all devices running Windows should have Microsoft’s most advanced and most effective security features enabled by default. In addition to bringing significant security benefits to Windows, achieving default enablement status for the Microsoft hypervisor enables seamless integration of numerous other scenarios leveraging virtualization. Examples include WSL2, Windows Defender Application Guard, Windows Sandbox, Windows Hypervisor Platform support for 3rd party virtualization software, and much more.

With that goal in mind, we have been hard at work over the past several Windows releases optimizing every aspect of VSM. We knew that getting to the point where VBS could be enabled by default would require reducing the performance and power impact of running the Microsoft hypervisor on typical consumer-grade hardware like tablets, laptops and desktop PCs. We had to make the incremental cost of running the hypervisor as close to zero as possible and this was going to require close partnership with the Windows kernel team and our closest silicon partners – Intel, AMD, and ARM (Qualcomm).

Through software innovations like HyperClear and by making significant hypervisor and Windows kernel changes to avoid fragmenting large pages in the second-level address translation table, we were able to dramatically reduce the runtime performance and power impact of hypervisor memory management. We also heavily optimized hot hypervisor codepaths responsible for things like interrupt virtualization – taking advantage of hardware virtualization assists where we found that it was helpful to do so. Last but not least, we further reduced the performance and power impact of a key VSM feature called Hypervisor-Enforced Code Integrity (HVCI) by working with silicon partners to design completely new hardware features including Intel’s Mode-based execute control for EPT (MBEC), AMD’s Guest-mode execute trap for NPT (GMET), and ARM’s Translation table stage 2 Unprivileged Execute-never (TTS2UXN).

I’m proud to say that as of Windows 10 version 1903 9D, we have succeeded in enabling Virtualization-based Security by default on some capable hardware!

The Samsung Galaxy Book2 is officially the first Windows PC to have VBS enabled by default. This PC is built around the Qualcomm Snapdragon 850 processor, a 64-bit ARM processor. This is particularly exciting for the Microsoft hypervisor development team because it also marks the first time that enabling our hypervisor is officially supported on any ARM-based device.

Keep an eye on this blog for announcements regarding the default-enablement of VBS on additional hardware and in future versions of Windows 10.

Go to Original Article
Author: brucesherwin

Siemplify looks to streamline security operations for enterprises

With the vast number of security products on the market and the growing amount of security data generated, enterprises face an uphill battle.

Siemplify, a startup based in New York, is aiming to make that hill easier to climb with its security operations platform, which the company hopes will be a Salesforce-like hub for security professionals. Siemplify’s platform is designed to tie various third-party products together and streamline the data for enterprises.

Nimmy Reichenberg, chief strategy officer at Siemplify, explained the company’s mission to provide an all-in-one spot for SOC teams to get their work done, as well as the relationship between SOAR and SIEM and why security product integration is becoming harder to accomplish.

Editor’s note: This interview has been edited for length and clarity.

Tell me the story of how Siemplify was founded.

Nimmy Reichenberg: Siemplify was started by three people: Amos Stern, Alon Cohen and Garry Fatakhov. Basically, all of them have security operations experience from the Israeli Defense Force. All three of them went to work for a government defense contractor, and what they did is train SOCs all over the world, so they trained dozens and dozens of both civilian and security operations teams on how to better deal with cyberthreats. Through this work, it became very clear to them that the way that security operations teams work is highly flawed. There are so many things that can be improved about how these teams work, and they had this idea: why don’t we build this product and start a company that will solve what we’re seeing from training security operations teams around the world? And they founded Siemplify.

What does Siemplify do?

Reichenberg: What we essentially provide is security operations platform. The easiest way to describe our vision is that just like how Salesforce is a platform that sales professionals work on or Workday is what human resources professionals use to get their work done, Siemplify is the platform where security operations teams log on in the morning and get their work done. We provide a security operations platform. A big component of what we provide goes by SOAR, security orchestration automation and response, and that functionality basically has to do with building repeatable processes and integrating the various tools security teams use to investigate threats and remediate threats using as much automation as possible. We know that there’s a huge shortage in security professionals these days so obviously there’s a lot of appetite in automating anything that can be done.

Do you think SOAR is making SIEM tech obsolete or is SIEM tech being integrated into SOAR?

Reichenberg: SOAR is definitely a complementary solution to SIEM. SIEMs definitely have a place when it comes to storing all your logs, doing that initial analysis and correlation and firing off an alert to an analyst. That’s kind of what SIEMs do and that’s not going away. We could talk about next-gen SIEMs or there’s all these newer technologies but essentially that is what they do. SOAR tools take that alert and apply a process to it — encase it into case management, decide a playbook that walks the analyst through the steps of what actually needs to be done once that alert is fired, automate that, and provide machine learning.

Do you think it’s easier to integrate with other vendors’ security products today than it was five years ago?

Reichenberg: I would say the answer to that is no. One of the things that SOAR solutions do is act as a security fabric that connects all your tools, but the reason why it’s harder to integrate tools is that there’s just so many of them out there. The number of security tools out there is only growing. Nothing is going away, and everyone is still using the antivirus tools from 50 years ago only now there’s 50 products on top of that. Ten years ago, the average company maybe used a dozen or two dozen security tools. Now it’s pretty common to find companies that use 50, 60 or 90 different security tools throughout the company. So integrating tools is harder [today], and the reason is if I’m a new company and I built this new security tool and it’s great, do I really now want to invest the time and effort to make it agree with 500 other security tools? And the answer is I’m probably not going to do that. Our approach is we don’t detect anything bad; that’s a type of tool we integrate into our platform. Our job is to be that connecting tissue between all the different tools. We have over 200 integrations of tools already built into our platform, so we have well-connecting tissue, if you will, and apply a process of how all these tools actually work and apply a playbook that addresses each specific scenario in cybersecurity.

What do the next 12 months look like for the company?

Reichenberg: The category is exploding rapidly. The key thing for the next 12 months is scale. We have to scale everything about the company. Scale our processes, scale our go-to-market, et cetera. From a product perspective, what we’re working on is making the product easier to use in the market, and that’s kind of our differentiator — make it easy to address a wide variety of use cases.

How do you plan on utilizing your $30 million Series C?

Reichenberg: We’re going to do a pretty horizontal use of the money because we need to scale everything. Maybe a little more towards go-to-market — sales, marketing, customer success — because we’re adding a lot of customers, and the rest to R&D so it’s pretty horizontal.

Go to Original Article
Author:

Clumio eyes security, BaaS expansion with VC funding

Merging storage and security together effectively has been an elusive goal for many technology vendors over the years, but Clumio believes it has a winning formula — and one that can effectively mitigate ransomware threats.

Clumio, a backup-as-a-service provider based in Santa Clara, Calif., recently celebrated $135 million in Series C funding. The startup was founded in 2017 with the goal of leveraging cloud-native services to build a scalable and agile BaaS offering that could also meet enterprises’ needs for data protection and analytics needs.

In this Q&A, Clumio CTO Chad Kinney and CSO Glenn Mulvaney discuss the origin story of the company, how they plan to utilize their recent funding round, and how Clumio addresses ransomware threats.

Editor’s note: This interview has been edited for length and clarity.

Tell me how the company was founded.

Chad Kinney: The company was founded about two years ago. And the core concept behind it was to fundamentally remove the complexity of traditional data protection to start with, and do so by delivering a service offering that was delivered via the public cloud.

A few things we realized early on were, as customers were journeying to the public cloud, SaaS-based offerings, and path-based offerings, they needed a way to be able to protect their data set along the way. And we realized that people were running into roadblocks and moving data to the public cloud because data protection was not able to deliver the same type of functions and features that they delivered on premises, and there was a big barrier there that we were breaking through to help customers be able to journey along the public cloud.

The second part was, as we got to the public cloud, security became a big key focus. Our ability to be able to secure this information through both encryption and encryption-in-flight as well as various other ones Glen will go through on the core platform itself was something that customers were very much hyper-focused on as they moved data more and more into the public cloud.

So far we’ve raised about $186 million in a series of A, B and C. Most recently we just closed a series C of $135 million.

How do you plan to use that $135 million to grow the company?

Kinney: A lot of the key focus right now is expediting the introduction of new data sources for the platform itself. Today we back up VMware on premises, VMware running in AWS, as well as elastic block storage for AWS. And so, continuing to expand the data sources is a key thing we’re moving forward with as part of this investment — to get customers access to new data sources faster.

Give me a rundown of what the platform is all about.

Kinney: Fundamentally, we’ve built this platform for the public cloud, on top of AWS. We’ve built in a bunch of great efficiencies in the way the data is ingested. With anything that runs on the public cloud, if you compare that with something that runs on premises, typically you do duplication and security is retrofitted to the data center itself. And the world has shifted dramatically where people are looking to utilize the public cloud heavily and remove the things completely out of the data center. We were able to provide what we call a cloud connector that gets deployed in a customer’s environment — it’s a virtual appliance so there’s no hardware or anything like that. We do duplication and compression and encryption before the data is sent over the wire. We leverage the capabilities of S3 within Amazon, and we use their scale as data gets ingested over the platform itself. Then we use various stateless functions within the platform to churn through the data, as well as DynamoDB for a lot of the metadata functions and various other structures in AWS, and the agility and scale of that core platform to allow us to still be able to ingest data incredibly quickly and be able to provide services on top of that platform.

Glenn Mulvaney: From the security side, leveraging a lot of those public cloud controls we have in Amazon, we’ve implemented a model where data encryption is always on in the platform. It’s not an option to turn it off and data is always encrypted and compressed. And the way it starts, which I think is a critical feature of the platform, is that the data is encrypted before it leaves the customer environment; it’s encrypted in the customer environment, it’s transmitted over a secure channel and then it’s stored securely in S3. And there’s different encryption keys used in each of those steps.

In terms of security in a more general fashion, we think of it in a couple of different ways. Fundamentally, we think of it as technology, people and processes, so we’ve talked about the technology a little bit in terms of how we handle encryption, but for the people and the processes, what we have implemented is the ISO 27001 framework, and we just completed our stage 2 audit last week. The ISO 27001 framework gives us a solid foundation for principles and controls for internal processes, and it also guided how we trained our employees about security awareness. We really used that as a guideline to integrate a lot of security into our software development lifecycle and into our QA lifecycle and broadly across all of the employees at the company, including sales and marketing and customer success.

Do you see yourself as more of a security vendor or a backup vendor or both?

Kinney: I’d say a little bit of both. I’d say we’re a security-first company where we really spent a lot of time thinking about what we’re doing as a core platform setting ourselves up for success. If you had to put a name on it, I’d say we’re more of a data platform company than anything.

What effects have ransomware attacks had on the backup and data protection market in general?

Mulvaney: I think with the prevalence of ransomware attacks happening at all levels of organizations of all sizes, people are thinking a lot more seriously about their data protection and about their ability to recover from some sort of ransomware attack. I think there’s certainly a lot of opportunity for Clumio to help a lot of organizations like that and to be able to give them a truly secure ability to recover from something like a ransomware attack. Certainly the prevalence of these [attacks] is increasing at a rate we hadn’t anticipated, and I think that’s helping in the market for data protection to actually drive people to think much more seriously about what their backup compliance policies look like.

How does Clumio address ransomware threats in a way that’s different from other backup providers?

Kinney: Let me give you the most recent example, which is an interesting one. We recently announced the capability to be able to back up elastic block storage from AWS and when you look at the solutions that are out there today, most people protect data with snapshots and the snapshots live in the same account as the production data. Most people rely on these snapshots for quick recovery but they’re also relying on them for the backup. And when malware hits or a bad actor hits on that particular account, they functionally get access to both the production data as well as the backup of that data in the same account and so it’s opened up possibilities for people to run into data loss issues.

With our solution what we’re fundamentally doing is we’re copying the data and creating an air gap solution between the customer’s environment and Clumio, which enables people to protect their data outside of their account and protect them from malware and ransomware attacks. We store all data in S3, which is unbeatable so no data, once backed up, can even change itself in any factor, so it gives customers the ability with our recovery mechanism to restore data into another AWS account, alleviating any sort of malware issues that may occur within one of their other AWS accounts.  

What do the next 12 months look like for the company?

Kinney: The motivation for us is to continue to expand more and more into the public cloud. Today we solve the key focus around private cloud, which is VMware. As people are moving to the public cloud some are choosing to use VMware running in AWS which is using a button to quickly move assets into the public cloud. They’re also going and re-architecting applications into the public cloud, like using elastic block storage and other platform and service-based offerings. We are going to continue to expand in both SaaS-based offerings the usual suspects in that as well as more and more cloud-native capabilities so we can follow customers along that journey.

Beyond the additional data sources, we’re adding additional functions on top of those datasets; we’re investing in things like anomaly detection and reporting over the next 12 months and we are slowly bringing those into the platform as they come to bear.

Mulvaney: From the compliance side in 2020, obviously we’re thinking about looking closely at CCPA [California Privacy Protection Act] and I think with that going into effect on January 1 we’re going to see that there’s probably going to be more emerging new standards for certifications for protections and personal information handling already the ISO 27001 was revised in 2019 and previously was only revised in 2014 so I think protection of personal data is going to be a paramount part of our roadmap and in 2020 we’re looking very closely at doing high-trust certification and beginning implementation for Fedramp.

Go to Original Article
Author:

RSA teams up with Yubico for passwordless authentication

The world might be one step closer to the passwordless future that security enthusiasts dream of.

On Dec. 10, RSA Security announced a strategic partnership with Yubico, the company known for its USB authentication keys, to drive passwordless authentication in the enterprise. The partnership combines Yubico’s YubiKey technology with RSA’s FIDO-powered SecurID authentication to eliminate passwords for enterprise employees, particularly those in use cases where mobile phones may not be appropriate or permitted for authentication. The combined offering, YubiKey for RSA SecurID Access, will launch in March.

Jim DucharmeJim Ducharme

In this Q&A, Jim Ducharme, vice president of identity and fraud and risk intelligence products at RSA, discusses the new Yubico partnership, FIDO as a standard and how close we are to the so-called “death of passwords.”

Editor’s note: This interview has been edited for length and clarity.

Tell me how the Yubico partnership came to be.

Jim Ducharme: I was talking to a customer and they mentioned how customers are struggling with the various use cases out there for people to prove to be who they say they are. A few years ago, I think that everybody thought that the world was just going to be taken over by mobile phone authentication and that’s all they’d ever need and they’d never need anything else. But they’re quickly realizing that they need multiple options to support the various use cases. Mobile authentication is certainly a new modern method that is convenient, given that everybody is walking around with a mobile phone, but there are a number of use cases, like call centers, remote workers and even folks who, believe it or not, don’t have a smartphone, that they still need to care for and make sure that they are who they say they are.

At RSA, we’ve had our SecurID tokens for quite a while now, but there are other use cases that we’ve found. FIDO-compliant devices were looked at as something that customers wanted to deploy. Particularly hardware-based ones like a Yubico security key. And RSA was the founding member of the FIDO subcommittee on enterprise application, but largely the uptick has been on the consumer identity side of it. We wanted to figure out how we can help the enterprise with their employee use cases, leveraging FIDO and these standards, coupled with these other use cases like call centers or areas where there is a particular device that a user needs to use and they need to prove they are who they say they are.

This customer sent me on this sort of tour of asking my customers what they thought about these use cases and I was amazed at how many customers were already looking at this solution yet finding themselves having to purchase Yubico keys from Yubico and purchase RSA from us for the FIDO backend. It’s only natural for us to bring these two strong brands together to give customers what they need sort of all-in-one box, virtually if you will. Now what we offer is more choice in how users authenticate themselves, allowing them to transform as maybe they get more comfortable with adopting mobile authentication. A lot of users don’t want to use their mobile phone for corporate authentication, but that’s slowly increasing. We wanted to make sure we were providing a platform that can allow users that flexibility of choice, but as the same time, allow our customers and the identity teams to have a single structure to support those different use cases and allow that transformation to happen over time, whether it be from hardware devices, hardware tokens, to mobile authenticators to desktop authenticators to new biometrics, et cetera.

How does this partnership with Yubico fit into RSA’s overall strategy?

Ducharme: Obviously things like a Yubico device is just another form of a passwordless authenticator. But there are plenty of passwordless authenticators out there right now — most people have them in their hands now with [Apple] Face ID and Touch ID, but that’s only part of the solution. Our focus is an identity ecosystem that surrounds the end user and their authenticator where passwords still exist. Despite these new passwordless authenticators, we still haven’t managed to get rid of the password. The help desk is still dealing with password resets, and the support costs associated with passwords are actually going up instead of down. If we’re implementing more and more passwordless authentication, why is the burden on the help desk actually going up? The reality is, most of these passwordless authentication methods are actually not passwordless at all. These biometric methods are nothing more than digital facades on top of a password, so the underlying password is still there. They’re allowing a much more passwordless experience, which is great for the end user, but the password is still there. We’re actually finding that in many cases, the help desk calls are going up because you’re not using that password as frequently as you used to, and now once a month or once a week when people have to use it, they are more apt to forget it than the password they use every single day. We’re actually seeing an increase in forgotten passwords because the more we’re taking passwords out of users’ hands, the more they’re actually forgetting it. We really have to go that last mile to truly get rid of the passwords.

Strategically, our goal is not only to have a spectrum of passwordless authentication and experiences for end users, but we also have to look at all of these other places where the password hides and eliminate those [uses]. Until we do, the burden on the help desk, the costs on the IT help desk are not going to go down, and that’s one of the important goals of moving towards the passwordless world, and that’s where our focus is.

Do you think companies are worried about lost keys and having that negatively impact availability?

Ducharme: Yes. As a matter of fact, we had a customer dinner last night and that is probably one of the number one [concerns], the notion of lost keys. The thing that’s nice about the YubiKey devices is that they sit resident within the device so the odds of losing it are less such. But it absolutely is still an issue. Whenever you have anything that you have to have, you could potentially lose it.

We need to make sure they’re easily replaceable, not just easy but cost-wise as well, and couple that with credential enrollment recovery. When they lose those devices, make sure that they still have accessibility to the systems they still need access to. Even if you don’t lose it permanently, you forget it on your desk at home and when you arrive to work, well, you can’t be out of business for the day because you left your key at home. That’s what we’re working on — what do you do when the user doesn’t have their key? We still need to be able to provide them access very securely and while not reverting back to a password. What we’re trying to do is surround these physical devices and mobile phones with these recovery mechanisms when the user doesn’t have access to their authenticator, whatever form it is. 

How much progress do you think FIDO has made in the last couple years?

Ducharme: FIDO has gotten a lot of good brand recognition. We’re seeing some uptick in it, but we think with this announcement we’re hoping to really increase the pace of adoption. The great news is we’re seeing the support in things like the browsers. It was a huge milestone when Microsoft announced its support with Windows Hello. We’re starting to get the plumbing in all the right places so we’re very optimistic about it. But the actual application, it’s still a vast minority of a lot of customers in the enterprise use case, and a lot of that has to do with the technology refresh cycles. Are they getting the browsers on the end users’ laptops? Are they using Hello for business? But honestly, these upgrade cycles to Windows Hello are happening faster than the previous Windows cycles, so I’m optimistic about it. But what we’re encouraged by is the adoption of the technology like FIDO, like Web OPM, within the browsers and the operating systems; the end user adoption, by which I mean the companies deploying these technologies to their end users, isn’t quite there yet. This is what we’re hoping to bring out.

Do you think we’re going to see the death of passwords sometime in the next several years?

Ducharme: I’ve been in the identity space now for about 20 years. During a lot of that, I would say to myself the password will never die. But I actually think we’re on the cusp of really being able to get rid of the password. I’ve seen the market understand what it’s truly going to take to get rid of the password from all facets. We have the technology now that it’s accessible with people every day with their mobile phones, wrist-based technologies and all of that. We have the ability to do so. It’s within reach. The question will be, how do we make this technology successful, and how do we make it a priority? So I really am optimistic. What we’ll have to do is push through people using passwordless experiences to help people understand that we really have to get rid of the underlying passwords. The industry’s going to have to do the work to flush out the password for the last mile. I believe the technologies and the standards exist to do so, but until we start looking at the security implications and the costs associated with those passwords and really take it seriously, we won’t do it. But I do believe we have the best opportunity to do it now.

Go to Original Article
Author:

Cisco cries foul over security flaw in Zoom Connector

Cisco slammed rival Zoom for a security lapse that left the management portals of many video devices exposed to the public internet. It’s an unusually public spat between two of the industry’s leading video conferencing providers.

The dispute revolves around Zoom Connector, a gateway that connects standards-based video devices to the Zoom cloud. In addition to providing a management portal for the hardware, the service makes it possible to join Zoom meetings with one click.

The Zoom Connector previously allowed anyone with the correct URL to access the admin portal for Cisco, Poly and Lifesize devices from the public internet without login credentials, according to Cisco. That would have let a hacker commandeer a company’s video systems, potentially allowing them to eavesdrop on conference rooms.

Zoom released a patch last week that password-protected access to the control hub via those URLs. But in a blog post this week, Cisco said the quick fix did not go far enough, alerting customers that Zoom’s connector service did not meet Cisco’s security standards.

To create the connector, Zoom built a link between the Zoom cloud and a Cisco web server running within a corporate network, said Sri Srinivasan, general manager of Cisco’s team collaboration group. The configuration provides a point of access to the endpoints that lies outside the network firewall. 

“You don’t want to have firewall settings open for a management interface of this sort, even [when] password-protected,” Srinivasan said.

Similarly, in a statement Tuesday, Lifesize said it considered Zoom Connector an unauthorized integration “built in an inherently insecure way.” However, the company concluded that the security flaw spotlighted by Cisco did not put customers in immediate risk.

In a statement Tuesday, Zoom said it considered the issue fully resolved. While insisting customers were safe, Zoom said it did advise companies to check device logs for unusual activity or unauthorized access.

Zoom added that it was not aware of any instances of hackers exploiting the vulnerability. The URLs necessary to access a device’s management portal are long and complicated, similar to a link to a Google Doc or an unlisted YouTube video. Most likely, a hacker would have needed to first gain access to an admin’s browser history to exploit the flaw.

Zoom has come under fire before for security shortfalls. Experts criticized the vendor in July for quietly installing a web server on Mac computers. The software left users vulnerable to being forcibly joined to a meeting with their video cameras turned on.

Cisco has raised issues with Zoom about the connector in the past, but only became aware of the URL vulnerability on Oct. 31, Srinivasan said. A customer who wished to remain anonymous reported the problem to Cisco and Zoom around the same time, he said. Zoom patched the issue on Nov. 19, one day after Cisco said it contacted the company about the problem. 

Adding fuel to the fire, Zoom has been using the Cisco logo on its connector’s admin portal. Cisco said this likely led customers to believe they were accessing a website supported by Cisco.

“This has been going on for a long, long time,” Srinivasan said. “Now, we know better to make sure we check everything Zoom does.”

But it seems unlikely Zoom will heed Cisco’s directive to obtain certification of the service. The vendor has a financial stake in the matter, as it charges customers $499 per year, per port for Zoom Connector.

Zoom has emerged in recent years as perhaps Cisco’s biggest competitor in the video conferencing market. Eric Yuan resigned as Cisco’s vice president of engineering to start Zoom in 2011. Yuan was one of the chief architects of the Webex video conferencing software that Cisco acquired in 2007.

In the coming months, Cisco is planning to release a SIP-based integration for Zoom and other leading video conferencing providers. The technology would let users join third-party meetings with one click from a Cisco device.

Cisco already supports SIP-based interoperability. But taking advantage of it requires businesses to build an integration themselves or pay for a third-party service. Srinivasan said the forthcoming SIP integration would eliminate the need for a service like Zoom Connector.

Go to Original Article
Author:

Rethinking cyber learning—consider gamification

As promised, I’m back with a follow-up to my recent post, Rethinking how we learn security, on how we need modernize the learning experience for cybersecurity professionals by gamifying training to make learning fun. Some of you may have attended the recent Microsoft Ignite events in Orlando and Paris. I missed the conferences (ironically, due to attending a cybersecurity certification boot camp) but heard great things about the Microsoft/Circadence joint Into the Breach capture the flag exercise.

If you missed Ignite, we’re planning several additional Microsoft Ignite The Tour events around the world, where you’ll be able to try your hand at this capture the flag experience. Look for me at the Washington, DC event in early February.

In the meantime, due to the great feedback I received from my previous blog—which I do really appreciate, especially if you have ideas for how we should tackle the shortage of cyber professionals—I’ll be digging deeper into the mechanics of learning to understand what it really takes to learn cyber in today’s evolving landscape.

Today, I want to address the important questions of how a new employee could actually ramp up their learning, and how employers can prepare employees for success and track the efficacy of the learning curriculum. Once again, I’m pleased to share this post with Keenan Skelly, chief evangelist at Boulder, Colorado-based Circadence.

Here are some of some of her recommendations from our Q&A:

Q: Keenan, in our last blog, you discussed Circadence’s “Project Ares” cyber learning platform. How do new cyber practitioners get started on Project Ares?

A: The way that Project Ares is set up allows for a user to acquire a variety of different skill levels when launched. It’s important to understand what kind of work roles you’re looking to learn about as a user as well as what kinds of tools you’re looking to understand better before you get started on Project Ares. For example, if I were to take some of my Girls Who Code or Cyber Patriot students and put them into the platform, I would probably have them start in the Battle School. This is where they’re going to learn about basic cybersecurity fundamentals such as ports and protocols, regular expressions, and the cyber kill chain. Then they can transition into Battle Rooms, where they’ll start to learn about very specific tools, tactics, and procedures or TTPs, for a variety of different work roles. If you’re a much more skilled cyber ninja, however, you can probably go ahead and get right into Missions, but we do recommend that everyone who comes into Project Ares does some work in the Battle Rooms first, specifically if they are trying to learn a tool or a skill for their work role.

Project Ares also has a couple of different routes that an expert or an enterprising cybersecurity professional can come into that’s really focused more on their role. For example, we have an assessments area based entirely on the work role. This aligns to the NIST framework and the NICE cybersecurity work roles. For example, if you’re a network defender, you can come into that assessment pathway and have steps laid out before you to identify your skill level in that role as you see below:

Assessment pathway.

Q: What areas within Project Ares do you recommend for enterprise cyber professionals to train against role-based job functions and prepare for cyber certifications?

A: You might start with something simple like understanding very basic things about your work role through a questionnaire in the Battle School arena as seen in the illustrations below. You may then move into a couple of Battle Rooms that tease out very detailed skills in tools that you would be using for that role. And then eventually you’ll get to go into a mission by yourself, and potentially a mission with your entire team to really certify that you are capable in that work role. All this practice helps prepare professionals to take official cyber certifications and exams.

Battle School questionnaire.

Battle School mission.

Q: Describe some of the gamification elements in Project Ares and share how it enhances cyber learning.

A: One of the best things about Project Ares is gamification. Everyone loves to play games, whether it’s on your phone playing Angry Birds, or on your computer or gaming console. So we really tried to put a lot of gaming elements inside Project Ares. Since everything is scored within Project Ares, everything you do from learning about ports and protocols, to battle rooms and missions, gives you experience points. Experience points add up to skill badges. All these things make learning more fun for the user. For example, if you’re a defender, you might have skill badges in infrastructure, network design, network defense, etc. And the way Project Ares is set up, once you have a certain combination of those skill badges you can earn a work role achievement certificate within Project Ares.

This kind of thing is taken very much from Call of Duty and other types of games where you can really build up your skills by doing a very specific skill-based activity and earn points towards badges. One of the other things that is great about Project Ares is it’s quite immersive. For example, Missions allows a user to come into a specific cyber situation or cyber response situation (e.g., water treatment plant cyberattack) and have multimedia effects that demonstrate what is going—very much reflective of that cool guy video look. Being able to talk through challenges in the exercises with our in-game advisor, Athena, adds another element to the learning experience as shown in the illustration below.

Athena was inspired by the trends of personal assistants like Cortana and other such AI-bots, which have been integrated into games. So things like chat bots, narrative storylines, and skill badges are super important for really immersing the individual in the process. It’s so much more fun, and easier to learn things in this way, as opposed to sitting through a static presentation or watching someone on a video and trying to learn the skill passively.

Athena—the in-game advisor.

Q: What kinds of insights and reporting capability can Project Ares deliver to cyber team supervisors and C-Suite leaders to help them assessing cyber readiness?

A: Project Ares offers a couple great features that are good for managers, all the way up to the C-Suite, who are trying to understand how their cybersecurity team is doing. The first one is called Project Ares Trainer View. This is where a supervisor or manager can jump into the Project Ares environment, with the students or with the enterprise team members, and observe in a couple of different ways.

The instructor or the manager can jump into the environment as Athena, so the user doesn’t know that they are there. They can then provide additional insight or help that is needed to a student. A supervisor or leader can also jump in as the opponent, which gives them the ability to see someone who is just breezing by everything and maybe make it a little more challenging. Or they can just observe and leave comments for the individuals. This piece is really helpful when we’re talking about managers who are looking to understand their team’s skill level in much more detail.

The other piece of this is a product we have coming out soon called Dendrite—an analytics tool that looks at everything that happens at Project Ares. We record all the key strokes and chats a user had with Athena or any with other team members while in a mission or battle room. Cyber team leads can then see what’s going on. Users can see what they’re doing well, and not doing well. This feedback can be provided up to the manager level, the senior manager level, and even to the C-Suite level to demonstrate exactly where that individual is in their particular skill path. It helps the cyber team leads understand what tools are being used appropriately and which tools are not being used appropriately.

For example, if you’re a financial institution and you paid quite a bit of money for Tanium, but upon viewing tool use in Dendrite, you find that no one is using it. It might prompt you to rethink your strategy on how to use tools in your organization or look at how you train your folks to use those tools. These types of insights are absolutely critical if you want to understand the best way to grow the individual in cybersecurity and make sure they’re really on top of their game.

The Dendrite assessment and analysis solution.

Q: How can non-technical employees improve their cyber readiness?

A: At Circadence, we don’t just provide learning capabilities for advanced cyber warriors. For mid-range people just coming into the technical side of cybersecurity, we have an entire learning path that starts with a product called inCyt. Now, inCyt is a very fun browser-based game of strategy where players have some hackable devices they must protect—like operating systems and phones. Meanwhile, your opponent has the same objective: protect their devices from attacks. Players continually hack each other by gathering intel on their opponent and then launching different cyberattacks. While they’re doing this, players get a fundamental understanding of the cyber kill chain. They learn things like what reconnaissance means to a hacker, what weaponizing means to a hacker, what deploying that weapon means to a hacker, so they can start to recognize that behavior in their everyday interactions online.

Some people ask why this is important and I always say, “I used to be a bomb technician, and there is no possible way I could defuse an IED or nuclear weapon without understanding how those things are put together.” It’s the same kind of concept.

It’s impossible to assume that someone is going to learn cyber awareness by answering some questions or watching a five-minute phishing tutorial after they have already clicked a link in a suspicious email. Those are very reactive ways of learning cyber. inCyt is very proactive. And we want to teach you in-depth understanding of what to look for, not just for phishing but for all the attacks we’re susceptible to. inCyt is also being used by some of our customers as a preliminary gate track for those who are interested in cybersecurity. So if you demonstrate a very high aptitude within inCyt, we would send you over to our CyberBridge portal where you can start learning some of the basics of cybersecurity to see if it might be the right field for you. Within our CyberBridge access management portal, you can then go into Project Ares Academy, which is just a lighter version of Project Ares.

Professional and Enterprise licenses in Project Ares pave more intricate learning pathways for people to advance in learning, from novice to expert cyber defender. You’ll be able to track all metrics of where you started, how far you came, what kind of skill path you’re on, and what kind of skill path you want to be on. Very crucial items for your own work role pathway.

How to close the cybersecurity talent gap

Keenan’s perspective and the solution offered by Project Ares really helps to understand how to train security professionals and give them the hands-on experience they require and want. We’re in interesting times, right? With innovations in machine learning and artificial intelligence (AI), we’re increasingly able to pivot from reactive cyber defense to get more predictive. Still, right now we’re facing a cybersecurity talent gap of up to 4 million people, depending on which analyst group you follow. The only way that we’re going to get folks interested in cybersecurity is to make it exactly what we have been talking about: a career-long opportunity to learn.

Make it something that they can attain, they can grow in, and see themselves going from a novice to a leader in an organization. This is tough right now because there are relatively few cybersecurity operators compared to demand, and the operators on the front lines are subject to burnout. With uncertain and undefined career paths beyond tactical SecOps, what is there to look forward to?

We need to get better as a community in cybersecurity, not only protect the cybersecurity defenders that we have already, but also help to bring in new cybersecurity defenders and offenders who are really going to push the boundaries of where we’re at today. This is where we have an excellent and transformational opportunity to introduce more immersive and gamified learning to improve the learning experience and put our people in a position to succeed.

Learn more

To learn more about how to close the cybersecurity talent gap, read the e-book: CISO essentials: How to optimize recruiting while strengthening cybersecurity. For more information on Microsoft intelligence security solutions, see Achieve an optimal state of Zero Trust.

You can also watch my full interview with Keenan.

Bookmark the Security blog to keep up with our expert coverage on security matters and follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

Go to Original Article
Author: Microsoft News Center