Cybersecurity: “Change or Die”

September 9, 2016 | Leave a Comment

By Paul B. Kurtz, CEO TruSTAR Technology and Member of Board of Directors, Cloud Security Alliance

“Change or die” is an old phrase computer programmers use to highlight the speed of change in a world of innovation. Its implications go beyond programming and underscore the precarious situation we find ourselves in today. The Washington Post’s Sept. 5 article on U.S. intelligence agencies’ investigation of a “broad covert Russian operation in the United States to sow public distrust in the upcoming presidential election and in U.S. political institutions” through cyber attacks is disturbing but should not be surprising. Russia, China, Iran, North Korea and non-state adversaries understand our dependence on cyber systems as an Achilles Heel of our economic and national security. What is more disturbing is the Federal government’s inability to help. The private sector must now rapidly expand its capabilities to work together to secure cyberspace. The Cloud Security Alliance is taking the lead.

Joshua Cooper Ramo in his book “The Seventh Sense” helps us better understand our traditional national security structure and how our levers of power and current strategy are of limited value in the networked world. Ramo states, “And while we know that effective foreign policy or politics or economics can’t be improvised, the speed of networks now outstrips the velocity of our decisions…” In cyberspace this means sanctions and indictments are necessary, but they take too long to apply to prevent the propagation of attacks. A military response to attacks leaves us waiting and wondering what, if anything will happen. Even if force is used, we can expect a very high threshold before action is initiated.

Russia’s alleged activities are particularly worrisome as they involve corruption of manipulation of systems and information. Typically we think of breaches, disruption, theft, but we do not think about how information can be surreptitiously corrupted or manipulated. Yes the Cold War brought us disinformation but not at Internet speed. Ramo states,

“Even though the connected age lets people around the world see crises and measure problems with unprecedented precision, our leaders can do almost nothing about them.”

The connected age brings good but also allows for mischief that traditional democratic institutions are ill suited to handle. Recall the New York Times Magazine’s June 2015 report on “The Agency,” which operates inside a nondescript building in St. Petersburg, Russia, with “an army of well-paid trolls” focused on causing havoc, including in the United States. Ramo continues,

“Many new challenges exhibit a worrying nonlinearity. Small forces produce massive effects. One radical teenager, a single misplaced commodity order, or a few bad lines of computer code can paralyze an entire system. The scale of whiplashing grows every day, because as the network itself grows it turns pin-drop noises into global avalanches.”

As government flails, companies continue to independently defend themselves spending more money on software, hardware and personnel. Adversaries remain steps ahead developing and sharing tools to defeat firewalls, anti-virus systems, authentication, and behavior-based detection systems. The costs of defending against attacks are going up, while at the same time the costs of conducting attacks are going down according to a recent reporting (See Graphic A).


Graphic A

With the ongoing investigation of Russia, we must assume that their intent extends beyond seeking to influence or unsettle our democratic institutions. We must also assume they are not the only adversary recognizing our acute vulnerabilities. There are other ways corruption or manipulation of data could cause uncertainty and panic. For example, witness the recent press in Bloomberg Businessweek over MedSec’s partnership with Muddy Waters to short sell St Jude Medical’s stock over a possible pacemaker vulnerability. It is unclear whether there really is an exploitable vulnerability but yet the stock has traded down.

All of these signs seem to be screaming, “we must change.” Change must be driven by the private sector as the traditional levers for government to protect us are limited and do not work in the networked age. The first step is beginning to work together — rather than independently — to defend ourselves. This is not a call for the private sector to take up cyber arms and attack others. Such a strategy is fraught with legal and technical challenges. Rather, this is a call for connective defense. A recent study showed that 39 percent of attacks could be thwarted through collaboration between companies. (See Graphic B.) The challenge for companies to date has been balancing market and reputation risks with a return on investment in exchanging incident data. The Cybersecurity Act of 2015 addressed legal challenges, but security and ROI on collaboration have remained elusive.


Graphic B

We can use the power of networking and technology to turn the tables and begin to stabilize cyberspace. The technology exists to exchange incident data securely between vetted parties. Anonymity and redaction allow vetted companies to exchange incident data without market risk or exposing personally identifiable information. This data is correlated providing immediate insight to users. Attack trends and exploits are tracked, and users can securely collaborate with each other. Indicators of compromise and supportive context can be downloaded from the platform by vetted members to help defend systems before an attack. In the wake of an attack, a company can enrich what they know about an incident and quickly understand whether others have experienced similar events and if mitigative measures are available. Incident exchange and collaboration are affordable and scalable.

Several companies have quietly started exchanging data already, including members of the Cloud Security Alliance that are using TruSTAR as the technology backbone of their exchange. As the private sector begins to collaborate, new avenues of protecting ourselves from adversaries will become clear, and the costs to adversaries will increase as risks of contagion are reduced. We can turn the tables, but we have to accept real change.


WSJ Warns of Ransomware—Misses the Obvious Solution

September 9, 2016 | Leave a Comment

By Susan Richardson, Manager/Content Strategy, Code42

envelopeRead through the recent Wall Street Journal ransomware article and you’ll find some great stats on the growing threat and cost. One thing you won’t find: the word “backup.” We’re happy to see ransomware finally getting the attention it deserves, but why discuss the problem and leave out the obvious, simple antidote? It’s like an article on a bike theft epidemic that fails to mention that none of the bikes were locked up.

Focusing on payment: a dangerous way to frame the issue
The WSJ article backs up stats on the increasing threat with stories of both people and businesses victimized by ransomware. But these case studies use quotes like “he had no choice” and “this is a worthwhile bet” to frame paying the ransom as the unfortunate, inevitable, and ultimately, most responsible option, which couldn’t be further from the truth. When payment results in the return of stolen data, the WSJ concludes the “investment paid off”—confirming that extortion promises dividends.

Paying the ransom is the fool’s bet
The problem with paying the anonymous extortionist? Look at the major ransomware attack on Hollywood Presbyterian Medical Center in Los Angeles earlier this year. The hospital paid the ransomers’ initial demand of $9,000, but they didn’t get their data back. Instead, the perp demanded an additional $8,000 the very next day.

Why would you bet on criminals staying true to their word? It’s foolish to expect honor and decency among thieves.

Stockpiling bitcoin = playing into the ransomer hand
The closest the article comes to the idea of “being prepared” is highlighting the alarming trend of businesses stockpiling bitcoin so they can quickly pay when ransomware inevitably strikes. A recent U.K. survey found that one in three companies have bitcoin reserves in case of ransomware. But more telling, half of these companies don’t even have daily data backup.

Again, it’s like hanging a sign on your bike that says, “REWARD for bike’s return,” instead of just getting a bike lock.

Endpoint backup is the only bet worth taking
Ransomware can make for a sensational narrative, but the real story is actually much simpler. Unlike most other infosecurity threats, ransomware has an easy antidote: endpoint backup. With the automatic, continuous and near-real-time backup of all endpoint data, your headline is “We Laugh at Ransomware.” You start clean, stream all your data back, minimize the downtime, and get back to work with no bitcoin drama.

So, in case the WSJ is listening, here’s how the story should have gone: Ransomware is increasing. The costs can be huge. The only investment that pays off—the only bet worth taking—is modern endpoint backup. Back up your data. Never pay the ransom. The end.

Dealing with Dropbox: Unmasking Hackers with User Behavior Analytics

September 7, 2016 | Leave a Comment

By Ganesh Kirti, Founder and CTO, Palerra

DropboxBlogDropbox was in the news a few months ago due to false reports of a data breach. Unfortunately, they’ve made headlines again. Vice reported that hackers stole over 60 million account details for the cloud storage service. This time, the breach is real, and a senior Dropbox employee confirmed the legitimacy of a sub-set of stolen passwords.

Many people keep sensitive documents in cloud storage services like Dropbox, Box, GoogleDrive, and OneDrive, and the latest breach shows that hackers are focusing on online storage cloud services more frequently. This opens the door to huge vulnerabilities if employees are storing sensitive enterprise information in the cloud. From a preventative perspective, security personnel should review their security measures for the following:

  1. Require multi-factor authentication to access the application
  2. Enforce password strength and complexity requirements
  3. Require and enforce frequent password resets for employees

But manual processes and policies are not enough. At minimum, enterprises should look at automating the enforcement of these policies. For example, you may require multi-factor authentication, but how do you ensure that it’s required at all times? A cloud access security broker (CASB) continuously monitors configurations to alert security personnel when changes are made, and automatically creates incident tickets to revert security configurations back to the default setting.

How can enterprises prevent further damage if their employees’ credentials were compromised in this hack? We recommend utilizing user behavior analytics (UBA) to look for anomalous activity in an account. UBA uses advanced machine learning techniques to create a baseline for normal behavior for each user. If a hacker is accessing an employee’s account using stolen credentials, UBA will flag a number of indicators that this access deviates from the normal behavior of a legitimate user.

Palerra LORIC is a cloud access security broker (CASB) that supports cloud storage services that are similar to Dropbox, including Box, GoogleDrive, and OneDrive. Here’s a few indicators LORIC can use to unmask a potential hacker with stolen credentials in Box:

  1. Flag a login from an unusual IP address or geographic location
  2. Detect a spike in number of file downloads compared to normal user activity
  3. Detect logins outside of normal access hours for the user
  4. Detect anomalous file sharing or file previewing activities

The ability to gauge legitimate access and activities becomes even more important when you consider that many people use the same password for multiple applications. This is highly useful for the recent Dropbox breach. Instead of just protecting Dropbox, UBA helps the enterprise protect any cloud environment that could be accessed using the stolen Dropbox passwords.

If you’re concerned that hackers may access your cloud storage environment using stolen employee credentials, you must take preventative and remedial action. Adding a cloud security automation tool prevents a breach by enforcing password best practices, and prevents additional damage after a breach by unmasking hackers posing as legitimate users by flagging anomalous activity.


Five IT Security Projects That Will Accelerate Your Career

September 7, 2016 | Leave a Comment

By Cameron Coles, Director of Product Marketing, Skyhigh Networks


The skills required to be successful in IT security are changing. In a recent survey (download a free copy here) 30.7% IT leaders reported that a lack of skilled IT professionals is the greatest barrier to preventing data loss. Respondents also listed incident response management, expertise analyzing large datasets, communication with non-IT executives and departments, and security certifications as skills they expect to be more important in the next five years. But it’s not enough to invest in your skills, you also need visible projects to demonstrate your value within the organization. This article covers five such projects.

But before we dive into the list of projects, let’s first frame what’s important – for executives that means what delivers the most value to the business. Today, there is greater visibility for IT security with non-IT executives and the board of directors. The reason is simple: security breaches cost the company money and can result in the CEO losing his job. Executives and the board are understandably concerned about what appears to be an increasing number of high-profile breaches, which can ignite a wave of class action lawsuits from consumers and shareholders. These breaches also attract unwanted attention from government regulators.

According to IT leaders, IT security is a now an executive-level and board-level concern at 61% of companies. As boards take a more hands-on approach in overseeing security, they are primarily interested in understanding the company’s security strategy, policy, and budget; security leadership; incident response plan; ongoing performance metrics; and employee education program. By leading projects that executives and the board are interested in, you’ll gain greater exposure for yourself. When you can execute well, it reflects positively on the entire IT security department from you all the way up to the CISO.

Once you execute a project well and deliver measurable results, you’ll be able to socialize the project internally. You can also identify opportunities to educate other IT professionals about how you approached the project at conferences and perhaps even in the news media.

Here are five IT projects to accelerate your career:

1. Use Real-Time Coaching to Improve Security Awareness
When CIA Director Michael Brennan’s email account was hacked, it wasn’t the result of a sophisticated cyber attack using multiple zero days. It was closer to “advanced, persistent asking nicely what his password is.” According to Verizon’s 2015 Data Breach Investigations Report, phishing accounts for 95% of attacks attributed to state-sponsored actors. The report also found that 23% of recipients open phishing emails and 11% click on attachments. Clearly, traditional security awareness training programs have not reached all employees.

While companies can do more to prevent phishing by using email payload inspection, a DNS sinkhole for new domains for 48 hours, and enforcing inbound filtering, making users more aware of cyber threats is still one of the most effective ways to prevent these incidents. In addition to traditional security awareness training, conducting simulated phishing attacks and coaching users who clicked on links in mock phishing emails has been shown to double retention of security-related concepts with end users and reduce vulnerability to phishing.


2. Proactively Enable (Not Block) Cloud Usage
IT security has a reputation within many organizations as the department of “no”. As users discover that there are thousands of free or low-cost apps that can help them do their jobs better, IT security has recognized that not all of these applications are fit for enterprise data. In response, they have attempted to block as many cloud services as possible. But with over 20,000 cloud services, they often end up blocking well known apps, which forces users to find lesser known and much riskier apps in the same category.

Mike Bartholomy, senior manager for information security at Western Union, has taken a different approach. Under his leadership, Western Union’s IT security team monitors cloud usage and uses a rating process similar to a credit score to assess the security controls of each cloud service. Simultaneously, the company is proactively enabling cloud services within cloud service categories that are growing in popularity – such as Box for file sharing and collaboration. By proactively enabling cloud services and securing their use, IT security has become an enabler of the tools that drive innovation and growth in the business.


3. Complete Your Incident Response Plan
By the time a data breach occurs, it’s too late to formulate an effective incident response. While 82.2% of companies have an incident response plan, fewer than half of these companies have a complete plan that covers security remediation, legal, public relations, and customer support. Companies are even less likely to have cyber insurance, which can recover a significant portion of the costs of a breach. For example, following a credit card breach in 2013, Target’s insurance covered $90 million of the $264 million cost of the breach.

In addition to implementing a plan to respond to a breach, IT security can also deploy a process to proactively detect breaches. In the case of Target, if the company has been able to effectively detect and stop the breach on the day it began, the impact of the breach would have been much smaller. In the end, it took Target almost two weeks to identify and stop the breach, allowing attackers time to pilfer 40 million customer card numbers. Incident detection software such as SIEM, IDS/IPS, and user and entity behavior analytics (UEBA) can help identify incidents in their earlier stages so IT security teams can respond.


4. Create a Cross-Functional Governance Committee
Today, 21% of companies have a cross-functional committee responsible for setting and enforcing governance policies. These committees generally include representatives from IT and IT security, but they also tend to include legal, compliance/risk, audit, and the line of business. It’s especially important to include the line of business since end users are the primary consumers of technology within the organization. When end users don’t feel their needs are being met, they often go around IT and find their own solutions, resulting in shadow IT.

As part of running a governance committee, you’ll likely find yourself doing something you may not have done very often before: presenting to your organization’s executives and board of directors. They are interested in the policies in place, as well as metrics that track adherence to these policies. It is important to track key metrics before, during, and after taking action to enforce new corporate policies in order to demonstrate the impact of your work organizing a governance committee and enforcing policies.


5. Drive a Data-Centric Security Initiative
In an earlier era, IT security was focused on securing the network perimeter. Now that an increasing volume of corporate data is stored in the cloud, security needs to adjust to a world that no longer has a defined perimeter. There are a number of technologies designed to protect data in this new world including cloud access security brokers (CASB) and information rights management (IRM). What they have in common is that they secure applications and data in the cloud and on unmanaged mobile devices, rather than focusing on the network edge.

In Gartner’s 2016 list of the Top 10 Technologies for Information Security, the analyst firm ranked CASB as the number one technology of the year. CASB takes many existing security capabilities – including encryption, data loss prevention, access control, threat detection – and applies them to corporate data in cloud services. Like endpoint security and network security before it, cloud security is poised to grow into a strategically important function for every organization as they experience greater cloud adoption.


Improving your skills and getting additional certifications are important steps in improving your value to your organization (and your career prospects). Once you have these in place, pursuing high-visibility projects – ones that get the attention not only of IT security peers but also non-IT executives – and executing on them well can help you accelerate your career within your company. They also provide ways to build your brand because you now have something meaningful to speak on to a group of attendees at a conference or even to a reporter.


CASBs in Healthcare

September 6, 2016 | Leave a Comment

By Rich Campagna, Vice President/Products & Marketing, Bitglass

casb_healthcare_imageInitially a laggard in cloud adoption, the healthcare industry is now adopting public cloud applications en masse, with adoption of cloud based productivity apps like Office 365 and Google Apps. Adoption is up from 8% in 2014 to over 36% in 2015, with no signs of slowing down! This rapid change hasn’t come without plenty of healthcare CISOs losing sleep – not only does Protected Health Information (PHI), an ever more attractive target for hackers, need to be protected, but the accessibility of the public cloud makes even inadvertent data leakage as easy as clicking the “share” button. Pair all of this with the fact that over 90% of healthcare professionals use BYOD and you have a serious disease without a cure.

Or is there? Increasingly, healthcare organizations are turning to Cloud Access Security Brokers (CASBs) to get a handle on public cloud security & compliance challenges. The four CASB functions employed most often are (1) unmanaged device access control, (2) external sharing controls, (3) visibility and (4) identity controls.

  1. Unmanaged device access control – with premises applications, it’s relatively easy to contain access only to managed devices. Since the public cloud is available from anywhere, the ability to restrict access to only certain devices becomes much more difficult. That aside, most organizations realize that they no longer have a choice but to support BYOD, the question is on what terms? It’s difficult to manage employee devices with tools like MDM, and on the healthcare provider side, with 30-40% not employees but independent clinicians, it may not be possible at all.
    A CASB can help solve this problem by providing controlled access from unmanaged devices. This Fortune 50 healthcare organization uses Bitglass to provide full access from managed devices and restricted access from unmanaged devices. When a user attempts to access a protected application, Bitglass Device Profiler determines whether the device is managed or unmanaged. For unmanaged devices, the policy configured allows for restricted web and activesync access, but this organization has chosen to block access from file sharing clients like OneDrive.
    The rationale is that they don’t want large quantities of PHI and other sensitive data synchronized to unmanaged devices, but they are okay with web and Activesync with DLP applied to control the flow of PHI to the device. For example, they scan files being downloaded with Citadel DLP and any file with a large number of instances of PHI will either be blocked or encrypted on download.
  2. External sharing controls – File share and sync apps can be a great productivity boon, and if you’re a Google Apps or Microsoft Office 365 customer, chances are you have tons of “free” storage “included” in your enterprise license. That said, fear of the share button holds many back from using these applications. A CASB can allow you to scan data-at-rest in these applications, looking for sensitive data like PHI. From there, a number of response actions are possible including quarantine for investigation, share removal and encryption. This gives you the ability to allow your employees to share data, but without the risk of data leakage.
  3. Identity – Leading CASBs have integrated identity and access management functionality directly into the platform. In addition to saving you the hassle and expense of dealing with yet another vendor, integrated identity can provide for value-added functionality such as step-up authentication when suspicious activity is detected. Since phishing and credential compromise was the main attack vector in high profile breaches like Premera and Anthem, the ability to thwart this activity can be worth millions.
    For example, let’s say that a user logs into Office 365 from the East Coast of the United States. Five minutes later, someone logs into Salesforce with that user’s credentials from somewhere in Eastern Europe, or from an IP that is known as a ToR endpoint. A CASB can not only detect this suspicious activity across these disparate cloud apps, but it can take action – forcing, for example, multifactor authentication on both devices mid-session.
  4. Visibility – With HIPAA compliance requirements, detailed, audit-level logging is a must have for healthcare organizations. CASBs provide this, but a much larger set of visibility functions that can provide great value to the organization. From activity dashboards to alerts and user behavior analytics, a CASB is your one-stop shop for suspicious activity detection, compliance verification, and more.
    For example, if a user’s personal mobile device is lost or stolen, it’s a couple of clicks in the CASB dashboard to identify exactly which files (and whether or not those files contain PHI) are resident on the device in question. As a bonus, if you’ve been smart enough to choose Bitglass as your CASB, you can selectively wipe that data off of the stolen device, even if you’ve never installed any agents or software to manage the device.

These functions and more are enabling leading healthcare providers to rapidly adopt the public cloud. Learn more about Bitglass’ solutions for healthcare organizations here. Or better yet, reach out to us for a free demo of the Bitglass solution

Déjà Vu: Moving to the Cloud Means Losing Visibility and Control All Over Again

September 2, 2016 | Leave a Comment

By Todd Beebe, Guest Writer, Intel Security 

dejavuIf you have been in IT security as long as I have, when it comes to moving to cloud, you are feeling a certain sense of déjà vu. We have been here before, this place of uncertainty, where we lack visibility into and control over our sensitive data.

Think back to the first wave of the digital revolution in the early to mid-‘90s, when our organizations were just connecting to the Internet and every user in the company now had Internet access. At first, we had little or no visibility into what was coming into or out of our network. We put in basic firewalls to give us granular access control and activity logging, and we now had a secure perimeter that allowed us to see and control that new traffic. Of course, every few years a new set of holes was created in that perimeter – our first websites, business-to-business email, dial-up, wireless access, etc. In each case we had to deploy new security solutions to re-secure our network perimeter.

Today’s move to the cloud feels so similar to how I felt back then. This time the organization wants cloud-based applications, delivered as a service, and the lines of business are connecting their systems to the cloud without us knowing. All that visibility and control we had established just flew out the window. We know with this newest wave in IT innovation that our teams need to approach it with the same goal as before – visibility and control. This time, however, the perimeter isn’t around our network, it’s around our sensitive data – no matter where it resides.

I’ve found it helps to remember that the main tenets of cybersecurity haven’t changed. It’s all about critical data, the credentials that have privilege to access that data, and the applications and processes that run on the systems – wherever those credentials are used or wherever that sensitive data resides. Treat your sensitive data in the cloud just like you would when storing your valuables at a bank. When in the bank, your valuables are secured in their own safety deposit box, just like encryption at rest. While transported to and from the bank, your valuables ride in an armored vehicle, just like encryption in motion. And when they are being accessed, you need your photo ID and your key, just like multifactor authentication. At each step, access is being recorded by cameras and sign-in sheets, just like activity logs.

So the main tenets that haven’t changed are:

  1. Critical data – What sensitive data is monetizable? What is valuable intelligence that can be used by a competitor or nation state, and what would an attacker target for sabotage? Think like an attacker. Now, where is the data and what controls does the business require for it – encryption at rest, encryption in motion, or multifactor authentication?
  2. Credentials – Who should have access to your critical data and when are those credentials being used to access, modify, delete, or copy that sensitive data? Have those credentials been compromised?
  3. Processes – Know which applications and processes are authorized to run on the systems containing your sensitive data.

What has changed, however, is now you need to partner with your cloud service provider (CSP) and your security vendors to ensure visibility into and control over your sensitive data in the cloud. Be sure to ask these questions:

  1. Ask your CSP about its data practices to ensure your data isn’t being sent or stored outside of your control. Ensure your cloud provider offers encryption for data at rest, including backups and data in motion. Remember, disk-based encryption is not the same as file-based encryption. Inquire about how the CSP will support your corporate data retention policies. Most important, validate that adequate logging of all access to sensitive data occurs. And with any cloud service, make sure your data isn’t shared with other entities.
  2. Ensure that your CSP offers two-factor authentication to access its services and your sensitive data. Hackers are going to go after your servers first and then your credentials. Any compromise to your cloud service credentials can be devastating to your data security program. Inquire about what level of detailed logging for credential use is available. This is extremely important.
  3. Secure your cloud services with solutions that provide both visibility and protection over cloud applications such as Intel Security Public Cloud Security Suite. You should know and be able to control which applications and processes are running on the systems that store, process, or access your sensitive data. Security for the cloud should come from the cloud and work natively in Azure and AWS.
  4. Ideally the CSP you select fully supports giving your security team both visibility (access to the logs of sensitive data, privileged account access, and application/process activity along with control) and the ability to terminate the access of compromised accounts or rogue processes.

While it may feel frustrating, it’s a challenging time to be in IT security. The cloud provides us with a fresh platform to once again architect our security systems for visibility and control of our sensitive data. Déjà vu gives us the opportunity to do it better the second time around. Bring it on!

Todd Beebe is the Information Security Officer for Freeport LNG and co-chair of CSA’s Houston Chapter.

Learning from Delta: The High Cost of Outdated Backup Systems

August 30, 2016 | Leave a Comment

By Susan Richardson, Manager/Content Strategy, Code42

paperairplaneChances are you know someone whose travel plans were snafued by the Delta system outage that cancelled 1,800 flights and delayed thousands more in August. IT experts are now pointing to Delta’s outdated disaster recovery technology as the culprit.

But here’s the thing: Delta thought they were ready. Delta’s CEO said the company spent “hundreds of millions of dollars” on backup systems in the past several years to protect against exactly such an incident.

Delta thought their backup was modern. Is yours?

The lesson: Disaster readiness is never done. If you’re not constantly evaluating your backup solutions, you’re putting your organization at risk—not to mention missing added value that modern solutions deliver.

Five signs you don’t have modern endpoint backup
To help you steer clear of disaster, here are five easy signs your backup system isn’t the latest technology:

1. You still get Help Desk calls to retrieve lost data.
The latest backup systems feature intuitive, self-service file restore so employees can do it themselves. Not surprisingly, enterprises with a modern endpoint backup system cited fewer file recovery-related support tickets as a top benefit in a recent survey. More importantly, IT pros were able to use the reduced support time to justify the cost of a more advanced system.

2. Your backup system doesn’t support multiple platforms.
Today, 96 percent of companies support Macs. The enterprise has gone heterogeneous and your backup system should, too. A modern endpoint backup system doesn’t discriminate between Windows, Linux or OS X and doesn’t require a cumbersome VPN connection.

3. You have no visibility into what’s on employee devices.
The latest backup systems give IT a comprehensive, single point of visibility and control across every computer and laptop in the enterprise. You gain the insight to pinpoint leaks and prevent insider threat because you know:

  • Which employees are uploading which files to third-party clouds
  • Which employees have transferred which files to removable media
  • Which employees have uploaded which files via web browsers, including web-based email attachments
  • Unusual file restores that may signal compromised credentials
  • The content of files and folders
  • The location of sensitive, classified and “protected” data

4. You can’t pinpoint where a breach occurred.
With legacy backup, you have to conduct lots of inquiries that take lots of time. With a modern endpoint system, you have visibility into every endpoint (see #3), so you can quickly identify where a breach occurred and reduce your Mean Time to Contain (MTTC). You also eliminate unnecessary reporting because, with 100 percent data attribution, you can be certain if a breach occurred and how many records were breached.

5. You have to confiscate a device to enact a legal hold.
Really? Are you still putting up with that significant productivity drain? With a modern endpoint backup system, your legal team can conduct in-place legal holds and file collection without confiscating user devices—and without having to rely on IT staff.

Need better backup? Start here.
If two or more of these statements apply to your organization, it’s time to go shopping for modern endpoint backup.

Download The Guide to Modern Endpoint Backup and Data Visibility to learn more about selecting a modern endpoint backup solution in a dangerous world.

100 Best Practices in Big Data Security and Privacy

August 26, 2016 | Leave a Comment

By Ryan Bergsma, Research Intern, CSA

BigDataHandbook-LI‘Big data’ refers to the massive amounts of digital information companies and governments collect about human beings and our environment. Experts anticipate that the amount of data generated will double every two years, from 2500 exabytes in 2012 to 40,000 exabytes in 2020.  Security and privacy issues are magnified by the volume, variety, and velocity of big data.  As big data expands through streaming cloud technology, traditional security mechanisms tailored to secure small-scale, static data on firewalled and semi-isolated networks offer inadequate protection.

Recently our Big Data Working Group led by Sreeranga Rajan and Daisuke Mashim released the “Big Data Security and Privacy Handbook: 100 Best Practices in Big Data Security and Privacy,” outlining the 100 best practices that should be followed by any big data service provider to fortify their infrastructure. The handbook presents 10 compelling solutions for each of the top 10 challenges in big data security and privacy, which the working group previously identified in the 2012 CSA document titled “Top Ten Big Data Security and Privacy Challenges.”

New Security Challenges
It is not merely the existence of large amounts of data that creates new security challenges. In reality, big data has been collected and utilized for several decades. The current uses of big data are novel because organizations of all sizes now have access to the information and the means to collect it. In the past, big data was limited to very large users such as governments and big enterprises that could afford to create and own the infrastructure necessary for hosting and mining large amounts of data. These infrastructures were typically proprietary and isolated from general networks. Today, big data is cheaply and easily accessible to organizations of all sizes through public cloud infrastructure.

Software infrastructure developers can easily leverage thousands of computing nodes to perform data-parallel computing. Combined with the ability to buy computing power on-demand from public cloud providers, the adoption of big data mining methodologies is greatly accelerated. Large-scale cloud infrastructures, diversity of data sources and formats, the streaming nature of data acquisition and high-volume, inter-cloud migration all play a role in the creation of unique security vulnerabilities.

Big Data Best Practices
Now that we have enormous amounts of data and know the security and privacy risks it presents, what can enterprises do to secure their information? This CSA handbook provides a roster of 100 best practices, ranging from typical cybersecurity measures, such as authentication and access control, to state-of-the-art cryptographic technologies. In each section, CSA presents 10 solutions for each of the top 10 major challenges in big data security and privacy. Each section addresses what is the best practice, why these security measures are needed and should be followed and how they can be implemented.

Read the entire “Big Data Security and Privacy Handbook: 100 Best Practices in Big Data Security and Privacy” handbook. Learn more about CSA.

Information Security Promises Are Made To Be Broken

August 25, 2016 | Leave a Comment

By Mark Wojtasiak, Director of Product Marketing, Code42

fingerMorality insists that people will abide by the law and do the right thing; those promises have and will always be broken.

Code42, along with almost every other major player in the information security space attended Black Hat 2016 in Las Vegas. Like every other Vegas trade show, Black Hat’s expo hall featured video screens, beer, popcorn and soaring banners over circus-sized booths. Nearly every booth offered sweet swag and some, a chance to win cash if you listened to their well-rehearsed threat warnings and the promise that their indispensable technology would identify, stop, detect, prevent, extract, decode, crack, and protect the enterprise against an army of intruders or individual bad actors.

Taking it all in, I came to one realization: security marketing is flawed. Booth to booth, banner to banner, sign to sign, even pitch to pitch, security decision makers are fed “information security promises” that we all know we just cannot keep. It’s not due to a lack of honesty, but a lack of velocity. We all know the bad guys are more nimble and collaborative, and they move faster to exploit vulnerabilities in software. We know it will be days, weeks, even months before we can detect and respond. It’s at the core of why the security industry exists in the first place. This is why we have BlackHat, RSA, DEF CON, InfoSecurity World, Gartner Security Summits, Cyber Security Summits, and dozens of other events.

How do we start to fix the flaw?

  1. Extend a hand: Dan Kaminsky in his keynote at BlackHat, evangelized a message that flies in the face of the competitive tradeshow landscape. He suggested—in lieu of competition—that information sharing about the endless supply of cyber threats would work faster to counter them. Our need to make things secure and functional and effective has just exploded…the need to cooperate, share code and fixes in the name of better security is now.
  2. Empower the user: Kaminsky went on to say, “people think that it’s a zero sum game, that if you’re going to get security everyone else has to suffer. Well, if we want to get security, let’s make life better for everybody else. Let’s go ahead and give people environments that are easy to work with…think in terms of the lines that you’re impacting, the time that you’re taking…”
  3. Enable the experts: Deloitte Cyber Risk Services researcher Keith Brogan told Infosecurity Magazine, “Sometimes products don’t work. But more often, they’re not being used correctly…organizations don’t always focus on how to use the products to enable business…people need to take threat intelligence, give it to the right people, and use it in informed, considered ways.”
  4. Embrace the reality: Dan Raywood, wrote in Infosecurity Magazine about Arun Vishwanath, associate professor at the State University of New York in Buffalo, who says people are the problem, that “the bad guys are really good at the social side and people are easier to compromise and once compromised, those attackers have got the keys to kingdom and that is the reality we grapple with.”

Modern endpoint backup is a good first step to making good on information security promises. Heck, that’s one of the main reasons Code42 exhibits at the likes of RSA, BlackHat and Gartner events. With visibility and control of data on the endpoints, organizations can protect and monitor data movement and restore data following any data incident. Modern endpoint backup is continuous, automatic, silent and simple. The user is empowered to not only protect data they store on their laptops, but restore when things go bad.

Securing end-user data makes the organization more secure and functional and effective—immediately—and closes gaps between IT, Security, Legal and HR teams to expose insider threats. By implementing this fundamental security layer, organizations embrace the reality that data loss is inevitable and that end users are both the target and the culprit of data theft, loss and breach.

Download The Guide to Modern Endpoint Backup and Data Visibility to learn more about selecting a modern endpoint backup solution in a dangerous world.

Which Approach Is Better When Choosing a CASB? API or Proxy? How About Both?

August 22, 2016 | Leave a Comment

By Bob Gilbert, Vice President/Product Marketing, Netskope

Black Plastic SporkThere have been recent articles and blog posts arguing that the API approach is better than the proxy approach when it comes to selecting a cloud access security broker (CASB). The argument doesn’t really make sense at all. Both surely have their advantages and disadvantages, but each covers unique use cases and while you could certainly select a CASB that supports one versus the other, why not choose a CASB that offers both so you have the option to combine the two and address expanded use cases?

Pitting one against the other is like comparing a spoon vs. a fork. A spoon was designed to hold softer food in addition to liquid so you can place it in your mouth and eat a meal. Spoons come in various sizes depending on the application. In a similar fashion, an API deployment method is primarily focused on a set of specific use cases that includes being able to inspect content in sanctioned cloud apps and support for out-of-band policies such as restrict access, revoke shares, quarantine, and encrypt.

A fork on the other hand, was designed primarily to grab and hold solid foods for eating. That is a job that the spoon cannot do.  In a similar fashion, a proxy deployment method is primarily focused on a specific set of use cases around providing real-time visibility and control over cloud traffic and depending on the type of proxy, you can cover both sanctioned and unsanctioned cloud apps in real-time.  Real-time and covering unsanctioned cloud apps is not possible with an API deployment method.  In addition to use cases, there is the comparison of effort to deploy and use. You can argue that a fork requires a bit more care versus a spoon. You might not give that fork to a toddler for example, but a spoon would be less risky with trade-off of course that they might have a hard time eating their vegetables with that spoon. Similarly, a proxy requires and inline deployment and a forward-proxy specifically requires extra configuration and care.  The effort can be worth it given the use cases.

Let’s get back to my original argument that why choose one versus the other?  Choose a CASB that covers both an API method of deployment and multiple proxy methods of deployment.  You can choose only one or combine them to expand your use case coverage.  Should we start calling API + Proxy a spork?

Here is a table that compares use case coverage for API vs Proxy to help you make the decision which one to choose or perhaps choose both.