Dealing with Dropbox: Unmasking Hackers with User Behavior Analytics

September 7, 2016 | Leave a Comment

By Ganesh Kirti, Founder and CTO, Palerra

DropboxBlogDropbox was in the news a few months ago due to false reports of a data breach. Unfortunately, they’ve made headlines again. Vice reported that hackers stole over 60 million account details for the cloud storage service. This time, the breach is real, and a senior Dropbox employee confirmed the legitimacy of a sub-set of stolen passwords.

Many people keep sensitive documents in cloud storage services like Dropbox, Box, GoogleDrive, and OneDrive, and the latest breach shows that hackers are focusing on online storage cloud services more frequently. This opens the door to huge vulnerabilities if employees are storing sensitive enterprise information in the cloud. From a preventative perspective, security personnel should review their security measures for the following:

  1. Require multi-factor authentication to access the application
  2. Enforce password strength and complexity requirements
  3. Require and enforce frequent password resets for employees

But manual processes and policies are not enough. At minimum, enterprises should look at automating the enforcement of these policies. For example, you may require multi-factor authentication, but how do you ensure that it’s required at all times? A cloud access security broker (CASB) continuously monitors configurations to alert security personnel when changes are made, and automatically creates incident tickets to revert security configurations back to the default setting.

How can enterprises prevent further damage if their employees’ credentials were compromised in this hack? We recommend utilizing user behavior analytics (UBA) to look for anomalous activity in an account. UBA uses advanced machine learning techniques to create a baseline for normal behavior for each user. If a hacker is accessing an employee’s account using stolen credentials, UBA will flag a number of indicators that this access deviates from the normal behavior of a legitimate user.

Palerra LORIC is a cloud access security broker (CASB) that supports cloud storage services that are similar to Dropbox, including Box, GoogleDrive, and OneDrive. Here’s a few indicators LORIC can use to unmask a potential hacker with stolen credentials in Box:

  1. Flag a login from an unusual IP address or geographic location
  2. Detect a spike in number of file downloads compared to normal user activity
  3. Detect logins outside of normal access hours for the user
  4. Detect anomalous file sharing or file previewing activities

The ability to gauge legitimate access and activities becomes even more important when you consider that many people use the same password for multiple applications. This is highly useful for the recent Dropbox breach. Instead of just protecting Dropbox, UBA helps the enterprise protect any cloud environment that could be accessed using the stolen Dropbox passwords.

If you’re concerned that hackers may access your cloud storage environment using stolen employee credentials, you must take preventative and remedial action. Adding a cloud security automation tool prevents a breach by enforcing password best practices, and prevents additional damage after a breach by unmasking hackers posing as legitimate users by flagging anomalous activity.


Five IT Security Projects That Will Accelerate Your Career

September 7, 2016 | Leave a Comment

By Cameron Coles, Director of Product Marketing, Skyhigh Networks


The skills required to be successful in IT security are changing. In a recent survey (download a free copy here) 30.7% IT leaders reported that a lack of skilled IT professionals is the greatest barrier to preventing data loss. Respondents also listed incident response management, expertise analyzing large datasets, communication with non-IT executives and departments, and security certifications as skills they expect to be more important in the next five years. But it’s not enough to invest in your skills, you also need visible projects to demonstrate your value within the organization. This article covers five such projects.

But before we dive into the list of projects, let’s first frame what’s important – for executives that means what delivers the most value to the business. Today, there is greater visibility for IT security with non-IT executives and the board of directors. The reason is simple: security breaches cost the company money and can result in the CEO losing his job. Executives and the board are understandably concerned about what appears to be an increasing number of high-profile breaches, which can ignite a wave of class action lawsuits from consumers and shareholders. These breaches also attract unwanted attention from government regulators.

According to IT leaders, IT security is a now an executive-level and board-level concern at 61% of companies. As boards take a more hands-on approach in overseeing security, they are primarily interested in understanding the company’s security strategy, policy, and budget; security leadership; incident response plan; ongoing performance metrics; and employee education program. By leading projects that executives and the board are interested in, you’ll gain greater exposure for yourself. When you can execute well, it reflects positively on the entire IT security department from you all the way up to the CISO.

Once you execute a project well and deliver measurable results, you’ll be able to socialize the project internally. You can also identify opportunities to educate other IT professionals about how you approached the project at conferences and perhaps even in the news media.

Here are five IT projects to accelerate your career:

1. Use Real-Time Coaching to Improve Security Awareness
When CIA Director Michael Brennan’s email account was hacked, it wasn’t the result of a sophisticated cyber attack using multiple zero days. It was closer to “advanced, persistent asking nicely what his password is.” According to Verizon’s 2015 Data Breach Investigations Report, phishing accounts for 95% of attacks attributed to state-sponsored actors. The report also found that 23% of recipients open phishing emails and 11% click on attachments. Clearly, traditional security awareness training programs have not reached all employees.

While companies can do more to prevent phishing by using email payload inspection, a DNS sinkhole for new domains for 48 hours, and enforcing inbound filtering, making users more aware of cyber threats is still one of the most effective ways to prevent these incidents. In addition to traditional security awareness training, conducting simulated phishing attacks and coaching users who clicked on links in mock phishing emails has been shown to double retention of security-related concepts with end users and reduce vulnerability to phishing.


2. Proactively Enable (Not Block) Cloud Usage
IT security has a reputation within many organizations as the department of “no”. As users discover that there are thousands of free or low-cost apps that can help them do their jobs better, IT security has recognized that not all of these applications are fit for enterprise data. In response, they have attempted to block as many cloud services as possible. But with over 20,000 cloud services, they often end up blocking well known apps, which forces users to find lesser known and much riskier apps in the same category.

Mike Bartholomy, senior manager for information security at Western Union, has taken a different approach. Under his leadership, Western Union’s IT security team monitors cloud usage and uses a rating process similar to a credit score to assess the security controls of each cloud service. Simultaneously, the company is proactively enabling cloud services within cloud service categories that are growing in popularity – such as Box for file sharing and collaboration. By proactively enabling cloud services and securing their use, IT security has become an enabler of the tools that drive innovation and growth in the business.


3. Complete Your Incident Response Plan
By the time a data breach occurs, it’s too late to formulate an effective incident response. While 82.2% of companies have an incident response plan, fewer than half of these companies have a complete plan that covers security remediation, legal, public relations, and customer support. Companies are even less likely to have cyber insurance, which can recover a significant portion of the costs of a breach. For example, following a credit card breach in 2013, Target’s insurance covered $90 million of the $264 million cost of the breach.

In addition to implementing a plan to respond to a breach, IT security can also deploy a process to proactively detect breaches. In the case of Target, if the company has been able to effectively detect and stop the breach on the day it began, the impact of the breach would have been much smaller. In the end, it took Target almost two weeks to identify and stop the breach, allowing attackers time to pilfer 40 million customer card numbers. Incident detection software such as SIEM, IDS/IPS, and user and entity behavior analytics (UEBA) can help identify incidents in their earlier stages so IT security teams can respond.


4. Create a Cross-Functional Governance Committee
Today, 21% of companies have a cross-functional committee responsible for setting and enforcing governance policies. These committees generally include representatives from IT and IT security, but they also tend to include legal, compliance/risk, audit, and the line of business. It’s especially important to include the line of business since end users are the primary consumers of technology within the organization. When end users don’t feel their needs are being met, they often go around IT and find their own solutions, resulting in shadow IT.

As part of running a governance committee, you’ll likely find yourself doing something you may not have done very often before: presenting to your organization’s executives and board of directors. They are interested in the policies in place, as well as metrics that track adherence to these policies. It is important to track key metrics before, during, and after taking action to enforce new corporate policies in order to demonstrate the impact of your work organizing a governance committee and enforcing policies.


5. Drive a Data-Centric Security Initiative
In an earlier era, IT security was focused on securing the network perimeter. Now that an increasing volume of corporate data is stored in the cloud, security needs to adjust to a world that no longer has a defined perimeter. There are a number of technologies designed to protect data in this new world including cloud access security brokers (CASB) and information rights management (IRM). What they have in common is that they secure applications and data in the cloud and on unmanaged mobile devices, rather than focusing on the network edge.

In Gartner’s 2016 list of the Top 10 Technologies for Information Security, the analyst firm ranked CASB as the number one technology of the year. CASB takes many existing security capabilities – including encryption, data loss prevention, access control, threat detection – and applies them to corporate data in cloud services. Like endpoint security and network security before it, cloud security is poised to grow into a strategically important function for every organization as they experience greater cloud adoption.


Improving your skills and getting additional certifications are important steps in improving your value to your organization (and your career prospects). Once you have these in place, pursuing high-visibility projects – ones that get the attention not only of IT security peers but also non-IT executives – and executing on them well can help you accelerate your career within your company. They also provide ways to build your brand because you now have something meaningful to speak on to a group of attendees at a conference or even to a reporter.


CASBs in Healthcare

September 6, 2016 | Leave a Comment

By Rich Campagna, Vice President/Products & Marketing, Bitglass

casb_healthcare_imageInitially a laggard in cloud adoption, the healthcare industry is now adopting public cloud applications en masse, with adoption of cloud based productivity apps like Office 365 and Google Apps. Adoption is up from 8% in 2014 to over 36% in 2015, with no signs of slowing down! This rapid change hasn’t come without plenty of healthcare CISOs losing sleep – not only does Protected Health Information (PHI), an ever more attractive target for hackers, need to be protected, but the accessibility of the public cloud makes even inadvertent data leakage as easy as clicking the “share” button. Pair all of this with the fact that over 90% of healthcare professionals use BYOD and you have a serious disease without a cure.

Or is there? Increasingly, healthcare organizations are turning to Cloud Access Security Brokers (CASBs) to get a handle on public cloud security & compliance challenges. The four CASB functions employed most often are (1) unmanaged device access control, (2) external sharing controls, (3) visibility and (4) identity controls.

  1. Unmanaged device access control – with premises applications, it’s relatively easy to contain access only to managed devices. Since the public cloud is available from anywhere, the ability to restrict access to only certain devices becomes much more difficult. That aside, most organizations realize that they no longer have a choice but to support BYOD, the question is on what terms? It’s difficult to manage employee devices with tools like MDM, and on the healthcare provider side, with 30-40% not employees but independent clinicians, it may not be possible at all.
    A CASB can help solve this problem by providing controlled access from unmanaged devices. This Fortune 50 healthcare organization uses Bitglass to provide full access from managed devices and restricted access from unmanaged devices. When a user attempts to access a protected application, Bitglass Device Profiler determines whether the device is managed or unmanaged. For unmanaged devices, the policy configured allows for restricted web and activesync access, but this organization has chosen to block access from file sharing clients like OneDrive.
    The rationale is that they don’t want large quantities of PHI and other sensitive data synchronized to unmanaged devices, but they are okay with web and Activesync with DLP applied to control the flow of PHI to the device. For example, they scan files being downloaded with Citadel DLP and any file with a large number of instances of PHI will either be blocked or encrypted on download.
  2. External sharing controls – File share and sync apps can be a great productivity boon, and if you’re a Google Apps or Microsoft Office 365 customer, chances are you have tons of “free” storage “included” in your enterprise license. That said, fear of the share button holds many back from using these applications. A CASB can allow you to scan data-at-rest in these applications, looking for sensitive data like PHI. From there, a number of response actions are possible including quarantine for investigation, share removal and encryption. This gives you the ability to allow your employees to share data, but without the risk of data leakage.
  3. Identity – Leading CASBs have integrated identity and access management functionality directly into the platform. In addition to saving you the hassle and expense of dealing with yet another vendor, integrated identity can provide for value-added functionality such as step-up authentication when suspicious activity is detected. Since phishing and credential compromise was the main attack vector in high profile breaches like Premera and Anthem, the ability to thwart this activity can be worth millions.
    For example, let’s say that a user logs into Office 365 from the East Coast of the United States. Five minutes later, someone logs into Salesforce with that user’s credentials from somewhere in Eastern Europe, or from an IP that is known as a ToR endpoint. A CASB can not only detect this suspicious activity across these disparate cloud apps, but it can take action – forcing, for example, multifactor authentication on both devices mid-session.
  4. Visibility – With HIPAA compliance requirements, detailed, audit-level logging is a must have for healthcare organizations. CASBs provide this, but a much larger set of visibility functions that can provide great value to the organization. From activity dashboards to alerts and user behavior analytics, a CASB is your one-stop shop for suspicious activity detection, compliance verification, and more.
    For example, if a user’s personal mobile device is lost or stolen, it’s a couple of clicks in the CASB dashboard to identify exactly which files (and whether or not those files contain PHI) are resident on the device in question. As a bonus, if you’ve been smart enough to choose Bitglass as your CASB, you can selectively wipe that data off of the stolen device, even if you’ve never installed any agents or software to manage the device.

These functions and more are enabling leading healthcare providers to rapidly adopt the public cloud. Learn more about Bitglass’ solutions for healthcare organizations here. Or better yet, reach out to us for a free demo of the Bitglass solution

Déjà Vu: Moving to the Cloud Means Losing Visibility and Control All Over Again

September 2, 2016 | Leave a Comment

By Todd Beebe, Guest Writer, Intel Security 

dejavuIf you have been in IT security as long as I have, when it comes to moving to cloud, you are feeling a certain sense of déjà vu. We have been here before, this place of uncertainty, where we lack visibility into and control over our sensitive data.

Think back to the first wave of the digital revolution in the early to mid-‘90s, when our organizations were just connecting to the Internet and every user in the company now had Internet access. At first, we had little or no visibility into what was coming into or out of our network. We put in basic firewalls to give us granular access control and activity logging, and we now had a secure perimeter that allowed us to see and control that new traffic. Of course, every few years a new set of holes was created in that perimeter – our first websites, business-to-business email, dial-up, wireless access, etc. In each case we had to deploy new security solutions to re-secure our network perimeter.

Today’s move to the cloud feels so similar to how I felt back then. This time the organization wants cloud-based applications, delivered as a service, and the lines of business are connecting their systems to the cloud without us knowing. All that visibility and control we had established just flew out the window. We know with this newest wave in IT innovation that our teams need to approach it with the same goal as before – visibility and control. This time, however, the perimeter isn’t around our network, it’s around our sensitive data – no matter where it resides.

I’ve found it helps to remember that the main tenets of cybersecurity haven’t changed. It’s all about critical data, the credentials that have privilege to access that data, and the applications and processes that run on the systems – wherever those credentials are used or wherever that sensitive data resides. Treat your sensitive data in the cloud just like you would when storing your valuables at a bank. When in the bank, your valuables are secured in their own safety deposit box, just like encryption at rest. While transported to and from the bank, your valuables ride in an armored vehicle, just like encryption in motion. And when they are being accessed, you need your photo ID and your key, just like multifactor authentication. At each step, access is being recorded by cameras and sign-in sheets, just like activity logs.

So the main tenets that haven’t changed are:

  1. Critical data – What sensitive data is monetizable? What is valuable intelligence that can be used by a competitor or nation state, and what would an attacker target for sabotage? Think like an attacker. Now, where is the data and what controls does the business require for it – encryption at rest, encryption in motion, or multifactor authentication?
  2. Credentials – Who should have access to your critical data and when are those credentials being used to access, modify, delete, or copy that sensitive data? Have those credentials been compromised?
  3. Processes – Know which applications and processes are authorized to run on the systems containing your sensitive data.

What has changed, however, is now you need to partner with your cloud service provider (CSP) and your security vendors to ensure visibility into and control over your sensitive data in the cloud. Be sure to ask these questions:

  1. Ask your CSP about its data practices to ensure your data isn’t being sent or stored outside of your control. Ensure your cloud provider offers encryption for data at rest, including backups and data in motion. Remember, disk-based encryption is not the same as file-based encryption. Inquire about how the CSP will support your corporate data retention policies. Most important, validate that adequate logging of all access to sensitive data occurs. And with any cloud service, make sure your data isn’t shared with other entities.
  2. Ensure that your CSP offers two-factor authentication to access its services and your sensitive data. Hackers are going to go after your servers first and then your credentials. Any compromise to your cloud service credentials can be devastating to your data security program. Inquire about what level of detailed logging for credential use is available. This is extremely important.
  3. Secure your cloud services with solutions that provide both visibility and protection over cloud applications such as Intel Security Public Cloud Security Suite. You should know and be able to control which applications and processes are running on the systems that store, process, or access your sensitive data. Security for the cloud should come from the cloud and work natively in Azure and AWS.
  4. Ideally the CSP you select fully supports giving your security team both visibility (access to the logs of sensitive data, privileged account access, and application/process activity along with control) and the ability to terminate the access of compromised accounts or rogue processes.

While it may feel frustrating, it’s a challenging time to be in IT security. The cloud provides us with a fresh platform to once again architect our security systems for visibility and control of our sensitive data. Déjà vu gives us the opportunity to do it better the second time around. Bring it on!

Todd Beebe is the Information Security Officer for Freeport LNG and co-chair of CSA’s Houston Chapter.

Learning from Delta: The High Cost of Outdated Backup Systems

August 30, 2016 | Leave a Comment

By Susan Richardson, Manager/Content Strategy, Code42

paperairplaneChances are you know someone whose travel plans were snafued by the Delta system outage that cancelled 1,800 flights and delayed thousands more in August. IT experts are now pointing to Delta’s outdated disaster recovery technology as the culprit.

But here’s the thing: Delta thought they were ready. Delta’s CEO said the company spent “hundreds of millions of dollars” on backup systems in the past several years to protect against exactly such an incident.

Delta thought their backup was modern. Is yours?

The lesson: Disaster readiness is never done. If you’re not constantly evaluating your backup solutions, you’re putting your organization at risk—not to mention missing added value that modern solutions deliver.

Five signs you don’t have modern endpoint backup
To help you steer clear of disaster, here are five easy signs your backup system isn’t the latest technology:

1. You still get Help Desk calls to retrieve lost data.
The latest backup systems feature intuitive, self-service file restore so employees can do it themselves. Not surprisingly, enterprises with a modern endpoint backup system cited fewer file recovery-related support tickets as a top benefit in a recent survey. More importantly, IT pros were able to use the reduced support time to justify the cost of a more advanced system.

2. Your backup system doesn’t support multiple platforms.
Today, 96 percent of companies support Macs. The enterprise has gone heterogeneous and your backup system should, too. A modern endpoint backup system doesn’t discriminate between Windows, Linux or OS X and doesn’t require a cumbersome VPN connection.

3. You have no visibility into what’s on employee devices.
The latest backup systems give IT a comprehensive, single point of visibility and control across every computer and laptop in the enterprise. You gain the insight to pinpoint leaks and prevent insider threat because you know:

  • Which employees are uploading which files to third-party clouds
  • Which employees have transferred which files to removable media
  • Which employees have uploaded which files via web browsers, including web-based email attachments
  • Unusual file restores that may signal compromised credentials
  • The content of files and folders
  • The location of sensitive, classified and “protected” data

4. You can’t pinpoint where a breach occurred.
With legacy backup, you have to conduct lots of inquiries that take lots of time. With a modern endpoint system, you have visibility into every endpoint (see #3), so you can quickly identify where a breach occurred and reduce your Mean Time to Contain (MTTC). You also eliminate unnecessary reporting because, with 100 percent data attribution, you can be certain if a breach occurred and how many records were breached.

5. You have to confiscate a device to enact a legal hold.
Really? Are you still putting up with that significant productivity drain? With a modern endpoint backup system, your legal team can conduct in-place legal holds and file collection without confiscating user devices—and without having to rely on IT staff.

Need better backup? Start here.
If two or more of these statements apply to your organization, it’s time to go shopping for modern endpoint backup.

Download The Guide to Modern Endpoint Backup and Data Visibility to learn more about selecting a modern endpoint backup solution in a dangerous world.

100 Best Practices in Big Data Security and Privacy

August 26, 2016 | Leave a Comment

By Ryan Bergsma, Research Intern, CSA

BigDataHandbook-LI‘Big data’ refers to the massive amounts of digital information companies and governments collect about human beings and our environment. Experts anticipate that the amount of data generated will double every two years, from 2500 exabytes in 2012 to 40,000 exabytes in 2020.  Security and privacy issues are magnified by the volume, variety, and velocity of big data.  As big data expands through streaming cloud technology, traditional security mechanisms tailored to secure small-scale, static data on firewalled and semi-isolated networks offer inadequate protection.

Recently our Big Data Working Group led by Sreeranga Rajan and Daisuke Mashim released the “Big Data Security and Privacy Handbook: 100 Best Practices in Big Data Security and Privacy,” outlining the 100 best practices that should be followed by any big data service provider to fortify their infrastructure. The handbook presents 10 compelling solutions for each of the top 10 challenges in big data security and privacy, which the working group previously identified in the 2012 CSA document titled “Top Ten Big Data Security and Privacy Challenges.”

New Security Challenges
It is not merely the existence of large amounts of data that creates new security challenges. In reality, big data has been collected and utilized for several decades. The current uses of big data are novel because organizations of all sizes now have access to the information and the means to collect it. In the past, big data was limited to very large users such as governments and big enterprises that could afford to create and own the infrastructure necessary for hosting and mining large amounts of data. These infrastructures were typically proprietary and isolated from general networks. Today, big data is cheaply and easily accessible to organizations of all sizes through public cloud infrastructure.

Software infrastructure developers can easily leverage thousands of computing nodes to perform data-parallel computing. Combined with the ability to buy computing power on-demand from public cloud providers, the adoption of big data mining methodologies is greatly accelerated. Large-scale cloud infrastructures, diversity of data sources and formats, the streaming nature of data acquisition and high-volume, inter-cloud migration all play a role in the creation of unique security vulnerabilities.

Big Data Best Practices
Now that we have enormous amounts of data and know the security and privacy risks it presents, what can enterprises do to secure their information? This CSA handbook provides a roster of 100 best practices, ranging from typical cybersecurity measures, such as authentication and access control, to state-of-the-art cryptographic technologies. In each section, CSA presents 10 solutions for each of the top 10 major challenges in big data security and privacy. Each section addresses what is the best practice, why these security measures are needed and should be followed and how they can be implemented.

Read the entire “Big Data Security and Privacy Handbook: 100 Best Practices in Big Data Security and Privacy” handbook. Learn more about CSA.

Information Security Promises Are Made To Be Broken

August 25, 2016 | Leave a Comment

By Mark Wojtasiak, Director of Product Marketing, Code42

fingerMorality insists that people will abide by the law and do the right thing; those promises have and will always be broken.

Code42, along with almost every other major player in the information security space attended Black Hat 2016 in Las Vegas. Like every other Vegas trade show, Black Hat’s expo hall featured video screens, beer, popcorn and soaring banners over circus-sized booths. Nearly every booth offered sweet swag and some, a chance to win cash if you listened to their well-rehearsed threat warnings and the promise that their indispensable technology would identify, stop, detect, prevent, extract, decode, crack, and protect the enterprise against an army of intruders or individual bad actors.

Taking it all in, I came to one realization: security marketing is flawed. Booth to booth, banner to banner, sign to sign, even pitch to pitch, security decision makers are fed “information security promises” that we all know we just cannot keep. It’s not due to a lack of honesty, but a lack of velocity. We all know the bad guys are more nimble and collaborative, and they move faster to exploit vulnerabilities in software. We know it will be days, weeks, even months before we can detect and respond. It’s at the core of why the security industry exists in the first place. This is why we have BlackHat, RSA, DEF CON, InfoSecurity World, Gartner Security Summits, Cyber Security Summits, and dozens of other events.

How do we start to fix the flaw?

  1. Extend a hand: Dan Kaminsky in his keynote at BlackHat, evangelized a message that flies in the face of the competitive tradeshow landscape. He suggested—in lieu of competition—that information sharing about the endless supply of cyber threats would work faster to counter them. Our need to make things secure and functional and effective has just exploded…the need to cooperate, share code and fixes in the name of better security is now.
  2. Empower the user: Kaminsky went on to say, “people think that it’s a zero sum game, that if you’re going to get security everyone else has to suffer. Well, if we want to get security, let’s make life better for everybody else. Let’s go ahead and give people environments that are easy to work with…think in terms of the lines that you’re impacting, the time that you’re taking…”
  3. Enable the experts: Deloitte Cyber Risk Services researcher Keith Brogan told Infosecurity Magazine, “Sometimes products don’t work. But more often, they’re not being used correctly…organizations don’t always focus on how to use the products to enable business…people need to take threat intelligence, give it to the right people, and use it in informed, considered ways.”
  4. Embrace the reality: Dan Raywood, wrote in Infosecurity Magazine about Arun Vishwanath, associate professor at the State University of New York in Buffalo, who says people are the problem, that “the bad guys are really good at the social side and people are easier to compromise and once compromised, those attackers have got the keys to kingdom and that is the reality we grapple with.”

Modern endpoint backup is a good first step to making good on information security promises. Heck, that’s one of the main reasons Code42 exhibits at the likes of RSA, BlackHat and Gartner events. With visibility and control of data on the endpoints, organizations can protect and monitor data movement and restore data following any data incident. Modern endpoint backup is continuous, automatic, silent and simple. The user is empowered to not only protect data they store on their laptops, but restore when things go bad.

Securing end-user data makes the organization more secure and functional and effective—immediately—and closes gaps between IT, Security, Legal and HR teams to expose insider threats. By implementing this fundamental security layer, organizations embrace the reality that data loss is inevitable and that end users are both the target and the culprit of data theft, loss and breach.

Download The Guide to Modern Endpoint Backup and Data Visibility to learn more about selecting a modern endpoint backup solution in a dangerous world.

Which Approach Is Better When Choosing a CASB? API or Proxy? How About Both?

August 22, 2016 | Leave a Comment

By Bob Gilbert, Vice President/Product Marketing, Netskope

Black Plastic SporkThere have been recent articles and blog posts arguing that the API approach is better than the proxy approach when it comes to selecting a cloud access security broker (CASB). The argument doesn’t really make sense at all. Both surely have their advantages and disadvantages, but each covers unique use cases and while you could certainly select a CASB that supports one versus the other, why not choose a CASB that offers both so you have the option to combine the two and address expanded use cases?

Pitting one against the other is like comparing a spoon vs. a fork. A spoon was designed to hold softer food in addition to liquid so you can place it in your mouth and eat a meal. Spoons come in various sizes depending on the application. In a similar fashion, an API deployment method is primarily focused on a set of specific use cases that includes being able to inspect content in sanctioned cloud apps and support for out-of-band policies such as restrict access, revoke shares, quarantine, and encrypt.

A fork on the other hand, was designed primarily to grab and hold solid foods for eating. That is a job that the spoon cannot do.  In a similar fashion, a proxy deployment method is primarily focused on a specific set of use cases around providing real-time visibility and control over cloud traffic and depending on the type of proxy, you can cover both sanctioned and unsanctioned cloud apps in real-time.  Real-time and covering unsanctioned cloud apps is not possible with an API deployment method.  In addition to use cases, there is the comparison of effort to deploy and use. You can argue that a fork requires a bit more care versus a spoon. You might not give that fork to a toddler for example, but a spoon would be less risky with trade-off of course that they might have a hard time eating their vegetables with that spoon. Similarly, a proxy requires and inline deployment and a forward-proxy specifically requires extra configuration and care.  The effort can be worth it given the use cases.

Let’s get back to my original argument that why choose one versus the other?  Choose a CASB that covers both an API method of deployment and multiple proxy methods of deployment.  You can choose only one or combine them to expand your use case coverage.  Should we start calling API + Proxy a spork?

Here is a table that compares use case coverage for API vs Proxy to help you make the decision which one to choose or perhaps choose both.


Five Scenarios Where Data Visibility Matters—A Lot

August 19, 2016 | Leave a Comment

By Charles Green, Systems Engineer, Code42

unnamedIn case you were off enjoying a well-deserved summer holiday and are, like I am, a firm believer in disconnecting from the world while on holiday, you might have missed the recent hacker document dump of the U.S. Democratic National Committee (DNC) emails. Personal note: if you did find a place remote enough to not hear about this, please send me the coordinates as I want to visit there ASAP.

Information security professionals have long operated under the mantra ‘prevention is ideal, but detection is a must.’ Many professionals have extended that mantra to include the concept of ‘response’ to detection. Usually response is considered in terms of technical tools to speed remediation and improve prevention of future attacks. The DNC hack, like many other hacks before it, highlights the financial value of knowing what was in the data that was exposed.

When it comes to evaluating the monetary value of knowing what data is exposed, ransomware is the ultimate capitalistic exercise. Hackers attempt to determine the right balance of 1) The organization’s tolerance to data loss, including the safeguards the organization may have in place; 2) The value the organization places on the data; and 3) The value they place on public knowledge of a data loss incident. The ransomer’s goal is simple, set a price point that the organization is most likely to pay.

While ransomware is foremost in many of my conversations with C-level executives, the danger of an insider threat is also a recurring topic of conversation. In the past six months I’ve been asked for help with the following:

  • “Our top designer went to work for our biggest competitor, what data did they take with them?”
  • “We had a friendly merger with another firm but their top 6 engineers left shortly after the merger, did they take any data with them?”
  • “One of our senior execs laptops was stolen; do we have any government mandated reporting requirements?”

All of these are questions ultimately seek to assign a dollar value to knowing what data was exposed and what information was in that data.

A well-designed modern endpoint backup solution can help you know the value of your data and remediate those threats by:

  1. Performing point-in-time restores to before ransomware hits.
  2. Showing you what data was copied to USB devices or personal cloud accounts before an employee leaves your organization.
  3. Helping you determine what data was on a stolen device and the extent of your exposure.
  4. Making it easy for employees to restore their data after a viral ransomware incident.
  5. Never paying a ransom.

For years, those of us in the backup space have defined our value proposition as: Knowing what data was on a device that crashed/was lost/was stolen. Modern endpoint backup extends visibility to the data on a device that was compromised by an insider or a hacker.

Download The Guide to Modern Endpoint Backup and Data Visibility to learn more about selecting a modern endpoint backup solution in a dangerous world.

CISOs: Do You Have the Five Critical Skills of a DRO?

August 11, 2016 | Leave a Comment

By Mark Wojtasiak, Director of Product Marketing, Code42

600x450 (2)CISOs exploring career advancement opportunities have a new consideration, according to Gartner VP and Distinguished Analyst Paul Proctor. At a Gartner Security & Risk Management Summit presentation in June, Proctor talked about the evolution of a new enterprise role, which is a logical next step for some CISOs: Digital Risk Officer (DRO).

While few organizations have formally created the role, Gartner predicts that by 2020, 30 percent of large enterprises will have a DRO in place. Why? Because the increasing integration of digital technologies into business operations and products—the Internet of Things (IoT)—requires someone who can assess technology risk throughout the digital enterprise and provide executives with decisions that impact business processes. An example is assessing the physical system that gathers personally identifiable information from wearable technology. The DRO would look at how the data is used in marketing and sales operations, identify privacy issues, and look at the legality of monetizing the data as a source of revenue.

Proctor reports while CISOs may not have the title, many have gradually taken on some of the tasks associated with a DRO, such as:

  • Reviewing contract clauses for technology risk and security requirements
  • Developing policies to address the growing use of technology not controlled by IT
  • Addressing the privacy and security of data gathered by IoT devices
  • Providing security expertise to Mode 2 projects
  • Dotted-line reporting to operational risk groups

For CISOs interested in making the transition, here are the skills needed, according to several experts:

  1. Fully comprehend how the business is run, recognize desired strategic outcomes and speak the language of executives in order to fully articulate digital risk factors in operational and financial terms.
  2. Understand IT, IoT and operational technology (OT), and the overlap of technology and the physical world.
  3. Have the ability to work in a bimodal organization, supporting Mode 2 projects.
  4. Understand global privacy and e-commerce regulations.
  5. Have a people-centric style to work across the organization in collaboration with businesses, legal, compliance, operations, and digital marketing and sales.

Essentially, the DRO’s role is to bridge the cultural divide between business and technology, says Nick Sanna, president of the Digital Risk Management (DRM) Institute. To do that requires building the organizational processes and best practices necessary to measure and manage digital business risk—including mapping important business processes, assessing exposure to threats and prioritizing risk mitigation initiatives. Sanna admits that building a DRM program will be a complex challenge for DROs, but also a great personal stretch opportunity.

Download The Guide to Modern Endpoint Backup and Data Visibility to learn more about selecting a modern endpoint backup solution in a dangerous world.