Malware P.I. – Odds Are You’re Infected

February 19, 2018 | Leave a Comment

By Jacob Serpa, Product Marketing Manager, Bitglass

In Bitglass’ latest report, Malware P.I., the Next-Gen CASB company uncovered startling information about the rate of malware infection amongst organizations. Additionally, experiments with a new piece of zero-day malware yielded shocking results. Here is a glimpse at some of the outcomes.

Nearly half of organizations have malware in one of their cloud apps
While the cloud endows organizations with great flexibility, efficiency, and collaboration, cloud apps and personal devices accessing corporate data can inadvertantly house and spread malware. However, this does not mean that operating in the cloud is inherently more dangerous than the traditional way of doing things. In the cloud, threats merely adopt new forms and require novel methods of defense. For organizations that fail to adopt cloud-first security solutions like cloud access security brokers (CASBs) that are complete with advanced threat protection (ATP), the consequences can be severe. A single piece of malware is enough to inflict massive damage to any enterprise.

Zero-day malware “ShurL0ckr” deteced by Cylance and not Microsoft or Google
In addition to uncovering the above information, Bitglass’ Threat Research Team also discovered a new variety of ransomware. Dubbed “ShurL0ckr,” the threat encrypts users’ data and demands a ransom in exchange for decryption. Armed with this zero-day malware, tests were performed with a variety of antivirus engines. Cylance, a Bitglass technology partner that uses machine learning to detect unknown threats, was able to detect the ransomware. However, few other engines proved capable of doing so.

Somewhat alarmingly, native ATP tools within Microsoft SharePoint and Google Drive were unable to detect ShurL0ckr. This highlights the growing dangers of relying solely upon cloud applications’ native security features. When adopting cloud apps, it is imperative that organizations also adopt advanced, specialized security solutions. In this way, they can ensure that their data is completely secured.

To learn more about malware’s assault on the enterprise, download Malware P.I.

Agentless Mobile Security: No More Tradeoffs

February 15, 2018 | Leave a Comment

By Kevin Lee, Systems QA Engineer, Bitglass

Have you ever seen a “Pick two out of three” diagram? They present three concepts and force individuals to select the one that they see as the least important. The tradeoffs between convenience, privacy, and security serve as a perfect example of a “Pick two” situation for many mobile security solutions. 

Industries have seen massive growth in the number of personal devices that touch sensitive information, resulting in a need to secure data as it is accessed by these endpoints. Various solutions have been adopted by many companies, but all tend to fall into the classic “Pick two” scenario. When evaluating these inadequte solutions, companies normally select security as one of their two priorities, leaving them to choose from only the two scenarios below.

Security and Convenience

Mobile device management (MDM) is a fairly popular solution for securing data on personal mobile devices. Using MDM is often seen as a good strategy because, in theory, it permits employees to use their personal devices and allows employers to monitor and control data as they see fit. However, the major downside to MDM is the need for agents to be installed on personal devices. These agents give employers visibility into employees’ personal traffic. Obviously, this raises questions about employee privacy. 

Security and Personal Privacy
For individuals who wish to keep their personal information private, using one or more work-only devices is an option. Whether these devices are mobile phones with MDM or managed computers on-premises, the strategy allows employers to monitor corporate data without touching employees’ personal data. The large disadvantage with this approach is the lack of convenience for employees. They are required either to carry multiple devices at all times or to access work-related information from few, select locations.  

The Solution
As seen above, there always seems to be a tradeoff when choosing a mobile security strategy. However, does it have to be that way? What if there were a security tool that could ensure data security, provide convenience for employees, and respect the right to privacy all at the same time? It only seems far-fetched when one assumes that agents are necessary to secure data.

To learn about cloud access security brokers and agentless mobile security, download the solution brief.

Saturday Security Spotlight: Military, Apps, and Threats

February 12, 2018 | Leave a Comment

By Jacob Serpa, Marketing Manager, Bitglass

Here are the top cybersecurity stories of recent weeks:

—Fitness app exposes military bases
—Soldiers’ names revealed by app
—Google Play filled with fake apps
—Medical devices easily hacked
—The internet of things creates risk for the enterprise

Fitness app exposes military bases
Strava, the creators of a fitness tracking app, released heatmaps of its users’ movements. Unfortunately, this revealed the inner workings of military bases abroad by highlighting the movements of soldiers who use said app within their bases. Naturally, making this information publicly available raises questions of privacy and national security.

Soldiers’ names revealed by app
After learning of the above heatmaps and how they expose military bases and personnel, a Norwegian researcher decided to test other aspects of Strava’s security. In so doing, he succeeded in tricking the app to reveal the names and identities of military personnel who use Strava.

Google Play filled with fake apps
Despite efforts to clean up Google PlayGoogle’s app marketplace still contains many fake applications. While some are fairly innocuous, others can spread malware or steal information from users’ mobile devices. In light of BYOD (bring your own device), this should be a concern for the enterprise.

Medical devices easily hacked
Researchers in cybersecurity have determined that medical devices like MRI machines face a high risk of cyberattack. As healthcare technology evolves and connects to the internet more and more, the risk will only increase. Researchers warn that these devices must be designed in ways that ensure more security.

The internet of things creates risk for the enterprise
As enterprises adopt IoT devices for the efficiency that they provide, they are also increasing the number of attack surfaces that can be exploited by malicious parties. These devices serve as entry points for malware and can enable access to corporate networks.

The cybersecurity landscape is constantly shifting. Organizations must stay ahead of threats with advanced security solutions. To learn about cloud access security brokers, download the Definitive Guide to CASBs.

Why Next-Gen Firewalls Can’t Replace CASBs

February 7, 2018 | Leave a Comment

By Joe Green, Vice President,/WW Solutions Engineering, Bitglass

A security solution is only as good as the data it protects. Some solutions focus on data protection on the corporate network, others focus entirely on cloud data, and a select few enable security at access from any network.

Next-gen firewalls (NGFWs) are the traditional solution for many organizations looking to secure their corporate networks. They are effective at what they do, securing corporate network traffic by routing everything through on-premises appliances. As corporate data begins moving outside the corporate network, as it does with cloud and mobile, the NGFW can no longer provide protection. Major gaps include access from managed devices that don’t use VPN while outside the corporate network, access from unmanaged devices like employees’ personal mobile devices, and cloud data-at-rest.

Why are cloud and mobile such a big gap? With the flexibility and mobility provided by cloud apps, employees often work outside premises-based security infrastructure. Additionally, unmanaged devices with unmitigated access to corporate apps (whether in the cloud or on premises), can be lost, stolen, or abused by malicious insiders. IT needs to secure data in these situations, yet a perimeter-focused security tool like an NGFW has no way to secure this traffic.

Providing security beyond the firewall typically requires a data-centric approach rather than a control-oriented approach. After all, with cloud and BYOD, the organization neither controls the applications nor the underlying infrastructure on which those applications reside. As a result, organizations must move from network- and application-based allow/block controls to robust, data-centric tools like data loss prevention (DLP) and encryption. Other key requirements of a data-centric approach are remediation (such as DRM, redaction, and more), identity integration and strong authentication, and data-at-rest scanning. All of these capabilities must be delivered via an architecture that can intermediate users’ connections to an app, like Office 365, even when they use a personal device or public network – no small task, and definitely not one an NGFW can handle!

Recognizing these gaps, and the future impact on the firewall market, some NGFW vendors have acquired or built basic API-based cloud access security broker (CASB) offerings. Unfortunately, these offerings don’t provide real-time data & threat protection, and have proven unable to keep up with the rapidly evolving CASB use cases in the enterprise. As a result, the last couple of years have seen CASBs rise from an unknown acronym to the de facto standard for data & threat protection in the cloud and mobile enterprise, complete with their own Magic Quadrant from Gartner.

Apps have evolved and moved to the cloud – shouldn’t you?

Only a CASB built from the ground up to protect data in a cloud- and mobile-first environment can secure cloud apps and BYOD. Instead of opting for a tool that simply augments existing firewall capabilities, adopt a solution that provides visibility and control over all corporate data wherever it goes.

Download the Top CASB Use Cases.

EMV Chip Cards Are Working – That’s Good and Bad

February 2, 2018 | Leave a Comment

By Rich Campagna, CEO, Bitglass

For many years, credit card companies and retailers ruled the news headlines as victims of breaches. Why? Hackers’ profit motives lead them to credit card numbers as the quickest path to monetization. Appropriate data in hand and a working counterfeit card could be cranked out in seconds and used to purchase a laptop or TV at the local Walmart — easy to fence in the local black market.

Sick of being the target, the payment card industry got smart about fraud detection, created a set of regulatory compliance requirements (PCI-DSS) and perhaps even more importantly, rolled out EMV “chip-and-pin” technologies, which are meant to reduce counterfeit card fraud by presenting a unique cryptographic code for each transaction — much more difficult to duplicate than the static information embedded in the magnetic stripe of older cards. The results have been astounding — according to Visa, “for merchants who have completed the chip upgrade, counterfeit fraud dollars have dropped 66%!” That’s great news, but bad news at the same time.

The bad news comes in that hackers, still seeking profit motive, will continue to seek out the fastest and most lucrative path to monetization. Since credit card information has essentially become valueless, data that can be used to apply for new cards (or other monetary instruments or services) is now the target. This is why we saw a massive increase in healthcare-related breaches over the past few years. As healthcare gets their act together, hackers will move on to the next most viable target, whatever industry that may be.

Not only does this impact information security professionals in enterprises, but it also impacts consumers in a big way. For consumers, credit cards have always had limited liability, meaning outside of a few calls to the credit card company, fraudulent card use didn’t make much impact. Unfortunately, you can’t “cancel” your social security number, date of birth, and mother’s maiden name — those are permanent. And once someone gets their hands on that data, they own them permanently as well.

So, kudos to credit card issuers and retailers for making tremedous progress. Hopefully peers in other industries will continue to follow suit.

BTW, it’s entirely likely that your organization’s shift to cloud and mobile includes some of the aforementioned data to be protected. Might be time to check out a cloud access security broker (CASB).