18 minute read
HOW TO UNLOCK THE TRUE VALUE OF SECURITY
HOW TO UNLOCK THE TRUE VALUE OF SECURITY
EFFECTIVE VULNERABILITY MANAGEMENT NEEDS A NEW, MORE INCLUSIVE APPROACH TO SECURITY, SAYS MARCO ROTTIGNI, CHIEF TECHNICAL SECURITY OFFICER, EMEA, QUALYS
Advertisement
Over the past decade, countries across the Middle East have locked themselves into nationwide economic initiatives where smart governments will one day watch over smart societies powered by smart grids; nextgeneration healthcare will ensure a thriving population where classrooms of the future groom astute innovators in sustainable cycles of prosperity.
As early as 2016, Deloitte, PwC and other industry observers, saw the Middle East as poised for harnessing Industry 4.0 to foment globally competitive economies. Around the same time, McKinsey noted a 150-fold surge in crossborder data flow between the region and the rest of the world, and speculated about a future that would include a Digital Middle East. And in February, IDC told the UAE’s National newspaper that one third of the Middle East and Africa’s US$90- billion IT spend for this year would be dedicated to digitisation.
But digital transformation, while a catalyst for many boons, comes with some caveats. The breadth and depth of change to infrastructure can throw the unwary security team off balance. It takes a firm hand and shrewd planning to address the challenges of a rapidly digitising world.
Global spread, global threats
First, we should not forget that most industries have seen competition skyrocket, often because of the ready availability of digital platforms. Where previously, entrepreneurs only needed to out-manoeuvre players in their local sandbox, now threats can come from anywhere in the world. Scaling up is child’s play, because of the cloud, so digitisation begets digitisation because of the globalisation of business.
The new global state of play has led to businesses that are continually growing and spreading to other geographies. IT follows suit — expanding, changing shape and adopting technologies
such as the cloud and software containerisation.
Ad hoc adaptation to such rapidly changing architecture is neither practical nor optimal. Security teams can no longer afford to support the castle after it has been built. They need to be intimately involved in design and implementation to ensure an environment that is as free of vulnerabilities as possible. After all, security teams are expected to be risk managers — and risk management is inherently predictive. So, security teams need to be allowed to assert themselves and embed their best practices at source, throughout the software-development lifecycle. Developers, testers and operations teams can all benefit from this approach and end up becoming more mindful of vulnerabilities as a result.
Know your assets
Providing a list of vulnerabilities is exceedingly difficult without first compiling a comprehensive asset list. Of course, in the dynamic environments that security teams must now protect, these lists must also be dynamic. Once the asset roster is no longer a nebulous unknown, vulnerabilities can be identified and flagged for investigation.
But even as teams reach this stage, they will discover that globally spread businesses will be plagued by too many issues to address with limited resources. Effective prioritisation then becomes vital. Patching every flaw in every asset is impractical, so organisations have to address those issues that carry the greatest risk and are most widespread. The harder a vulnerability is to exploit, the lower its place in the priority queue. It is worth noting that zero-days are not necessarily the weakest links in an ecosystem. Cybercriminals notoriously set their sights on low-hanging fruit. So, an old flaw that is easily exploited and rarely patched is perfect fodder. This kind of issue will be high on security teams’ priority lists.
Between a comprehensive digitalasset register and a strategic priority list, enterprises can build the precise risk profiles and action plans that make sense for their operations. They can incorporate their individual business goals into their priority lists to craft workflows that govern security-team activity and information flow. This means the right people are informed of the right threats at the right time, enabling prompt and effective action. In addition, the data gathered can present senior managers with real-time risk-snapshots of the entire organisation, regardless of its geographical spread. Such information is invaluable to decision makers who are responsible for routing resources to their optimal destination.
Brace for culture change
And finally, after all the asset monitoring, vulnerability prioritisation and activity modelling, organisations will be in a position to automate future workflows and fine-tune the vulnerability detection and mitigation processes. It should be obvious that such an approach benefits businesses that are geographically scattered. Consider that growing businesses may not have any IT staff, let alone security specialists, in place at some of their newer offices. It will be important to gather data at these sites so that it may be assessed centrally and acted upon with minimal input from the non-technical staff on site.
To make this approach work, however, requires another kind of change — one of authority and process. Security teams have traditionally been a part of IT departments and yet retained a separate, add-on identity. However, given the all-pervading nature of the digital realm, security needs to become part of an organisation’s corporate DNA, from the boardroom to the server room. Best practices should be embedded within all business processes as de facto standards, within software engineering and beyond.
Security teams need to be present in all levels of operation, and their tools deployed wherever relevant. Once they are embedded in all aspects of the business, they can guide technical and non-technical teams towards the safest practices. They can then better inform the right employees of the right vulnerabilities more quickly, ensuring that all staff members are properly mobilised in the fight against cyberthreats.
Greater insights, more robust results
Software architects and developers can then take ownership of any bugs or configuration issues that could lead to vulnerabilities, because they have discovered them, eliminating the crossteam finger-pointing that results from siloed approaches. With security teams empowering others to discover their own issues, confidence in the workflow can be established across the organisation. This will make it easier to implement yet more best practices, such as the Centre for Internet Security (CIS) Benchmarks.
Transformation can be difficult, whether digital or operational. By embedding security knowhow into software production, we acknowledge that approaches to interaction and collaboration will undergo overhauls. But early involvement leads to greater insight and more robust results. The new ways of working will ensure a human-digital ecosystem that can cope with change more easily while ensuring a secure technology stack. Vulnerabilities will be identified, tracked, and addressed with agility.
The time has come for security leaders to be business leaders. Protection from the hungry digital hoards can only come through a complete integration of such teams into every element of the softwaredevelopment lifecycle.
A CLOSER LOOK AT CYBERSECURITY AND LANS
ARAFAT YOUSEF, MANAGING DIRECTOR – MIDDLE EAST & AFRICA, NEXANS CABLING SOLUTIONS, WRITES WHY BANDWIDTH SHOULDN’T BE THE ONLY CONSIDERATION AS VULNERABILITIES CONTINUE TO SURGE IN NUMBER AND SEVERITY.
As businesses and economies become more dependent on connectivity, they also become more vulnerable to cybercrime. Cybercrime damages will cost the world $6 trillion annually by 2021, up from $3 trillion in 2015, according to a recent report from Cybersecurity Ventures. Global cybersecurity spending will exceed $1 trillion cumulatively for the period from 2017-2021. TÜV Rheinland’s latest annual report on Cybersecurity - a collaboration between global cybersecurity experts - lists key cybersecurity trends for 2020. According to the report, uncontrolled access to personal data carries the risk of destabilising the digital society and smart devices are spreading faster than they can be secured. Attacks are currently focusing on supply chains and transport. Vulnerabilities in internet-connected personal medical devices such as insulin pumps, heart and glucose monitors, defibrillators and pacemakers are another cause for concern. In addition, cloud, IoT and mobile devices are all giving security experts cause for concern.
The ‘S’ in IoT stands for ‘Security’…
As we connect more and more people and devices across locations to our networks, we open up more potential security vulnerabilities. Guests or employees using a wireless access point or connecting from home directly or via a VPN can introduce potential issues that may be very hard to detect and resolve. Wireless Access Points have also introduced new challenges. If unsecured, or poorly secured, anyone can join a WAP. Abuse can result in anything from Denial of Service to identity theft when someone has identified the MAC address of a computer with network privileges by eavesdropping on network traffic.
One comforting thought is the fact that fibre carrying data to and from buildings is as safe as possible. Hacking into a fibre cable is practically impossible. You would need direct access to the fibre and the opportunity to remove its protective covering - carefully. Actually, getting access to the data stream would require highly specific hardware and software tools, power levels and alignment. In the extremely unlikely event this could be successfully overcome, you’d need to capture, demodulate, restructure and decrypt information. So, although bending a cable beyond its prescribed radius might allow some light to escape, the chances of anyone abusing the escaped signal in any meaningful way are negligible.
When we look at LANs inside buildings, the architecture itself and proven safety measures usually provide a relatively high level of protection. Best practices include using WPA2 and data encryption, creating guest networks, and deactivating unused ports. Using a support router with an activated firewall and physically securing network hardware is also wise. In addition to these measures, an office, campus or hospital environment can put many other security measures in place. These range from physical access and security cameras to password logs. Using physical locks to project cable joints and connection points and regularly updating device and system passwords and encryption are also vital to enhancing protection.
Human behaviour
Of course, the solution isn’t only about technology and protocols. The human factor is equally important – if not even more so! The European Agency for Network and Information Security point out that “the starting point for any organisation is to gain understanding of its current cybersecurity status, and the ways in which human factors might support or detract from that defensive stance.” After all, most cyberattacks start with nothing more than an email. Carefully analysing people’s behaviour and engaging in discussion with users are key to improving the culture of safety, but also exposing flaws and security demands that are impractical or impossible to comply with.
Integrated security
A Fibre to the Office (FTTO) solution offers a high level of built-in protection. Fibre is laid vertically from a central building distributor to different floors. From there, cable runs horizontally to an FTTO switch installed at the workstation or service consolidation point, near WAPs or other devices. Switches ensure intelligent conversion from fibre to copper and vice versa, feed terminal devices with data and power and make it easy to set up ring topologies for redundancy at user level. Advanced redundancy and security concepts make planning and extending the network to accommodate future needs easy.
Intelligent system features help increase network security. The Nexans switches used in this concept provide the ideal basis for secure Gigabyte Ethernet networks in any environment. Intelligent Management Features help further increase the security of the network and minimise service costs. Nexans switches support all relevant security and encryption mechanisms such as IEEE 802.1x, SNMPv3, HTTPs, SSH and SCP. Hardened firmware of switches provides high level protection against attacks. Because floor distributors or signal repeaters are not required between the central switch and FTTO workstation switches, there are fewer places where security breaches may occur.
TACKLING SUPPLY CHAIN DISRUPTIONS ANAS A. ABDUL-HAIY, DIRECTOR AND DEPUTY CEO OF PROVEN CONSULT, ON HOW TO PROTECT SUPPLY CHAINS DURING COVID-19
As the world is battling against COVID-19, the pandemic has an uneven effect on the supply chain industry. Industries such as auto, travel, consumer goods, electronics, and retail have been profoundly impacted. The supply chain economy has a large and distinct impact on economies of the world that is driven by industrial activities and innovation.
Data leading the way
Having a data-centric approach towards supply chain management is making suppliers more agile in their operations. Using predictive modeling and data simulations, businesses can predict the impact of a sudden decline in demand in one country that can impact the entire supply chain. Live tracking the sales, shipments, and orders with minimum latency will help businesses to identify surge or decline in demand and these data can guide the decisions regarding the production levels.
End-to-end digitising
Having a cloud-based or web-based ordering system, allows businesses to act on shifts in demand proactively. Creating an end-to-end digital IT ecosystem is key to drive and minimise the latencies. However, to track actual production, inventory levels, and shipments, businesses must leverage various Internet of Things technologies together to bridge data between various processes. Starting from placing the order or query to the actual production and distribution, these various processes in the value chain funnel need to be digitised to enable faster decision making.
Automation for agile supply chain
While the manufacturers are looking for alternate vendors for their critical components, the reduced labour force and increased demand have led to increased lead time. Accelerating production and reducing manual interventions in the business processes are critical to solving these problems. Suppliers must develop greater automation capabilities to accelerate production and minimise manual interventions in the business process. Using IoT and robotics, businesses can fast track assembly lines, inventory management, and data analytics.
Embracing the digital Workforce:
For manufacturers, labour shortage and replenishment serve as focal points for operations to manage ramp-up in production after temporary shutdowns. Therefore, businesses are embracing the digital work environment and communication channels to continue their operations remotely. Departments such as marketing, finance, and HR has moved to virtual desks. While these techniques act as a solution to cope with the supply chain crisis, it is the principles that are leading the decision making.
New principles for sustainable supply chain
Diversifying the supply chain will not only make supply chain reliable also help businesses to optimise cost. Businesses can source components for new products from low-cost sources and can launch new products at a lower price to boost their sales. This crisis has key lessons for businesses about reliable and efficient supply chain management. In the immediate term, organisations need to take steps to stabilise supply chain operations by conducting risk assessments and implementing business continuity plans using crisis-management teams.
Crisis Management for Short Term Impact:
To address the volatile nature of current supply chain operations, organisations should mobilise a crisis-management team or a war-room setup that has the power to make quick, analysis-based supply chain decisions. Analysts should examine supplier delivery performance, deviations from plans, canceled orders, fulfillment rates more frequently to identify any potential supply chain issues.
Optimising HR Strategies
While protecting supply chain businesses is paramount for economies; at the heart of this crisis, people are most affected. Protecting the people working in the supply chain ecosystem must be a priority for businesses amidst the pandemic.
At an unprecedented time of pandemic threats, businesses must make quick decisions led by talented executives to implement new policies and standards to the ground level. As businesses shift towards automation and digitalisation, the focus has to be on finding new executive talent for implementing strategical and analytical functions of supply chain management.
WINNING
THE CYBER WAR WAEL JABER, VP, TECHNOLOGY & SERVICES AT CYBERKNIGHT, ON WHY THREAT INTELLIGENCE IS CRUCIAL IN THE FIGHT AGAINST CYBERCRIME.
Can you please explain what your Unified Threat Intelligence concept is?
CyberKnight’s United Threat Intelligence (UTI) concept has been created to help customers build an effective cyber threat intelligence practice based on methodologies, taken from industry best practices, in addition to the latest technology and services that operate in that space. Adopting the CyberKnight’s UTI solution offering would help our strategic customers to save on efforts, time, and resources to build a very efficient and cost-effective CTI program. The UTI concept caters to many of the threat intelligence requirements within different industry verticals. The solutions we are offering in this UTI bundle consist of EcleticIQ (Threat Intelligence Platform), RiskIQ (Open and Surface Web Intelligence), FlashPoint (Deep and Dark Web Intelligence), CrowdStrike (Adversaries Intelligence), Attivo (Local Intelligence)
What can companies do to make threat intelligence more effective and actionable?
Effective Threat Intelligence is about clearly understanding the business risk an organisation is exposed to, and about reducing the uncertainty when dealing with such risk. Cyber threat intelligence should be selected, collected, and produced very thoughtfully to ensure the quality and efficiency, so that an organisation would benefit from it and make it actionable. Actionable and effective
threat intelligence should be relevant to and aligned with the corporate business requirements, the strategy of its stakeholders, and the threat profile of the organisation. The threat profile involves knowing the threat landscape and the potential threat actors that are potentially after the organisation. Once a CTI strategy for the corporate is set in place, and the company’s threat profile is defined, the selection and collection of the right type of intelligence feed would be much easier, and the consumption and production are more actionable and efficient.
Too many threat intel feeds can contribute to security information overload. What should users keep in mind while evaluating feeds?
Collecting threat intelligence feeds randomly for the sake of collecting will not do any CTI programme any good. On the contrary, it would aggravate the whole situation and cause additional alert fatigue to TI and SOC Analysts. During the selection process of intelligence feeds, users should carefully study and understand what their business risk is in the first place, and what strategic intelligence they need to collect, that can provide the necessary information and insights to their business leaders and stakeholders, that would help them make better strategic decisions. Next, they need to understand the real threat landscape and trends that target their business, industry, and geographic region and choose the intelligence feed provider that can provide the right operational intelligence, which can help them implement the right security controls to deter such threats. The last thing to consider, is to identify the potential types of threat actors that might target their organisation, their origins, their motives, and their techniques, based on which they can select the intelligence provider that focus on the adversaries that are matching their requirements.
What is the role of automation in threat intelligence?
Automation is a crucial part of any threat intelligence practice, especially in a modern threat landscape, where Security Operation Centers (SOCs) are overloaded with thousands of alerts every day. At the moment, without automation, it’s simply not possible to minimise false alerts and not miss out on anything important. Automation could be beneficial in assisting the TI analyst in focusing on specific threats or topics and helping reduce the time spent during
HAVING THE ANALYST AVAILABLE WHEN AN AI MODEL “ASKS FOR HELP” IS CRUCIAL AS CYBER THREATS CHANGE, ESPECIALLY WHEN THEY CHANGE WITH THE INTENT TO FOOL THE MODEL. DEVELOPING A FEEDBACK MECHANISM THAT PROVIDES YOUR MODEL WITH THE ABILITY TO IDENTIFY AND SURFACE QUESTIONABLE ITEMS IS CRITICAL TO THE SUCCESS OF YOUR MODEL.
investigations, and to add context to alarms and incidents an organisation might face. However, automation should not be fully and solely depended on during the discovery, triage, investigation, and production processes of threat intelligence, because a Human hacker can easily fool it. Automation is a powerful tool, but it is not a remedy for modern security postures. Smart attackers need to be met by smart human defenders aided by automation.
Are companies adopting AI/ML for threat intelligence?
Machine learning is being used in many ways within the threat intelligence space. It could range from using ML/AI to help in acquiring the knowledge and intelligence at internet scale similar as to how RiskIQ are using it to crawl the wild web and mimic internet browsing users, or as how Flashpoint are using it, to extract intelligence out of illicit groups in the deep and dark web which are very tricky to navigate and interact with. ML/AI are also being used in the triaging, curation, and vetting of collected intelligence and this is used by many threat intelligence providers to ensure the relevancy and quality of collected intelligence. For instance, EclecticIQ leverages ML capabilities of its product to help the threat analyst discover, investigate, and produce relevant intelligence. ML/AI are also used, for example, in deceiving threat attackers, by luring them into deceptive decoys that resemble real production environments, after which real-time local intelligence about the active threat actor could be collected is how Attivo Networks use ML/AL. Not to forget the importance of ML and AI in the defense against zero-day and unknown malware types and the importance of gathering intelligence about the techniques used and its attribution to threat actor groups, similarly as to how Crowdstrike uses ML/AI for. It’s important to note that adversaries are using AI/ML against security defenses, and they use ML/AI to defeat the effectiveness of the ML/AI used at the other side of the spectrum. ML/ AI alone is not enough and have to be supervised and trained by an analyst, because now ML/AI does not have the human common sense to reason. Having the analyst available when an AI model “asks for help” is crucial as cyber threats change, especially when they change with the intent to fool the model. Developing a feedback mechanism that provides your model with the ability to identify and surface questionable items is critical to the success of your model.
