Archive

Posts Tagged ‘cybersecurity’

IT Security as a “Gated Community”

August 9, 2016 Comments off

Why workers are a threat organizations can no longer ignore

shadow-3By Stacy Leidwinger, VP of Products at RES

When one thinks about keeping the home and family secure, the first thought is to take up residence in a secure location – ideally, a guarded and gated community. The second is to carefully secure the perimeter of the house itself: the doors and windows – the points of ingress. Sensors are wired to each opening, cameras and motion detectors are aimed at carefully selected places, and monitoring is switched on. When it’s all plugged in and working, we are confident that our homes are safe. But we also need to keep track of the residents of the home and ensure their cooperation with security measures. Who has a key? Or a garage door opener? Do they routinely close and lock the windows? Because even the finest perimeter defenses are readily breached by the actions, intentional or not, of residents. What can happen when someone leaves a key under the doormat for an expected visitor? Or a garage door is mistakenly left open as the owner drives off to work?

In our gated community example, our traditional defense is focused on securing entry and exit points, and assuming that residents will make no action to breach security. And in the vast majority of cases that will prove just fine. But we in our houses are not continually subject to attackers seeking to trick or cajole us into one simple mistake; a mistake that, once taken, will crack the most airtight security, exposing our homes to the depredations of criminals.

When cybersecurity measures are focused entirely on the perimeter, the organization does nothing to mitigate its greatest risk: the workers whose actions can breach the most secure perimeter defense with a single, careless mouse click.

Secure perimeters require secure workers

An organization’s workers are its chief assets – the means by which value is delivered. But they’re also a massive liability in terms of cybersecurity. And new trends within the technology-enabled workforce are making things far worse.

Today’s IT organizations are expected to equip their workforces with the devices that make the most sense for the organization, while also satisfying the ever more demanding individual worker. Whether it’s supporting preferences between Mac and PC, providing immediate access to apps and services, or allowing workers to use their own mobile devices for work, the workspace has truly become digitized – and therefore more vulnerable, compared to the days when each worker had his or her own locked-down desktop PC, and worked exclusively from the office. But as IT continues to support mobile work-style requirements, a whole slew of security-related IT issues are being raised; and the most serious threats to today’s security are stemming from the inside.

In a time of “do more with less,” IT departments are struggling to provide basic protections against malware, ransomware and spyware, and to secure firewalls to prevent outsider attacks. But is enough attention being paid to those they trust the most – their own workers?

This insider threat is no secret. A recent global study by Kensington entitled “Voice of IT” revealed that IT executives pegged the following as their biggest pain points when it comes to IT: human error, lack of process and workers not following established processes.

What can companies to do streamline IT processes and find solutions to insider threats? After all, within the “gated community” of organizational security, the user is the last line of defense.

A Gap too Big to Span?

One of the biggest debates in recent years when it comes to the digital workspace is bridging the gap between worker enablement and security. It’s an old conundrum in IT: new technologies are constantly being layered into the infrastructure, but hardly anything is ever thrown away. The result is a hodgepodge of hybrid technologies seeking to solve the same problems. And this is far from invisible to workers, who are often required to shift from app to app, from physical to virtual, in an awkward sequence of steps that has them longing for the relative simplicity of the consumer technologies they enjoy at home.

And IT security is perhaps the greatest culprit in the disruption of worker productivity. Is your organization overwhelming your workers with too many checkpoints to cross and too many updates to install? Are your existing security systems working together? And if so, are they working together seamlessly?

Organizations must create a safety net around their workers – the risks of cyberattack are too great to do otherwise – but they must do it in a way that doesn’t inhibit individual productivity, allowing workers to work when and where they choose, on the devices that are most productive for them. And all this must be accomplished with safety controls in place to prevent them from being the source – witting or otherwise – of security threats.

Yes, there are Solutions

IT must be continually on the defensive, protecting workers and the infrastructure from easy-to-make, yet potentially tragic mistakes. And, good news: there are several decisive steps an organization can make that will secure the organizational community without undue hampering of workers.

  • Deploy automated, context-aware access controls

Automate the many processes and workflows that govern the access each worker has to apps, databases and services within his or her digital workspace. Technology is available now that will:

  • Govern what resources can be accessed for each person, based on their immediate working contexts (including the devices being used, physical locations and time of day)
  • Automatically provision and de-provision those resources as needed based on that working context
  • Track that access gathering data necessary for guaranteed, easy audits.
  • Low-maintenance whitelisting with automation

Human behavior is your greatest security risk. And today’s cybercrooks are becoming increasingly creative in their attempts to exploit human inattention. Context aware whitelisting and blacklisting can ensure that only permitted apps can be executed; and the list of permitted apps can be governed by IT based on what the business chooses to allow, and each individual worker’s context at the moment access is attempted. Whitelisting adds a thick layer of protection by only allowing approved executables to be opened.

Although many organizations have some form of whitelisting in place, maintenance burdens can be high for traditional solutions. A new approach can not only use automation to better maintain the whitelist, but can add user safeguards by automatically verifying unique file signatures. This ensures that the files being executed are authentic and that workers aren’t being tricked into opening different infected files.

  • Automate the onboarding and offboarding of workers

More than 13% of workers can still access a previous employer’s systems using their old credentials. And there’s much more. In a study on rogue access, Intermedia found that 89% of ex-workers retain access to at least one app from a former employer. 49% actually logged into an account they were supposed to no longer have access to. 45% retained access to confidential data.

When employees leave the organization, that is the moment they pose perhaps the greatest risk to the organization. IT must tightly integrate de-provisioning processes into existing human resource apps, project management systems and other enterprise identity stores. Doing so allows worker access qualifications to be automatically managed and altered each time a worker’s identity status is changed in those systems. With a more holistic approach to identity lifecycle management, organizations can significantly improve productivity, compliance and security – and prevent former employees from exposing the organization’s data and systems to extremely high risk.

  • Stamp Out “Shadow IT”

Today’s crop of workers are productive like never before, thanks to the incredible technology available through modern digital workspaces. But this productivity also breeds an “I need it right now” attitude towards new technologies. And if IT can’t provide it “right now”? Often the worker’s solution is just a log in or credit card away, with ubiquitous cloud-based solutions studding the skies overhead.

The risks are great. IT must prevent employees from taking matters into their own hands to solve IT issues. But is shadow IT best prevented by hiring an army of alert IT professionals, available 24/7? Or is there an easier (and cheaper) solution? Yes! Through automation, IT can provide on-demand self-service access to the apps and services workers need, and prevent workers from circumventing access rules. This can include password management, access to a new data drive, or a request for a particular workspace app. The best way to prevent workers from going around procedures is to give them an instantaneous, trackable and reliable way to get what they need from IT. No hassles. No tickets. No violations.

Security should come naturally to an organization, but it will likely never become second nature to many of your workers. When we’re at home, we’re surrounded by a sense of security – no matter how real or illusory it truly is. Many of us don’t truly think about security unless our perimeter is breached. But IT can build a powerful security shroud around its systems, its data and its workers, by using automation and self service to simplify security processes, empowering workers to focus on their responsibilities without disruption, and keeping the enterprise safe from intrusion.

To be sure, no security solution is perfect. But we owe it to our organizations and our fellow workers to do our very best.

Advertisements

Damage Control: Making what’s visible in Citrix/Terminal Servers invisible

July 22, 2015 Comments off

Kurt Mueffelmann, CEO and President, CryptzoneArticle contributed by Kurt Mueffelmann, President and CEO, Cryptzone

The Citrix XenDesktop™ and XenApp™ solutions, and Windows Terminal Servers, are commonly used to provide remote access to network resources. They are typically located between the internet and the internal network, providing an entry point into internal servers—something that makes them an attractive target for hackers.

Citrix/Terminal Servers provide highly valuable functionality for session-based access from the server to the network, which must be very open to allow for all the differing user profiles and use cases. The challenge is that all traffic from every user using a Citrix/Terminal Server is seen on the network as coming from a single IP address, which might represent dozens of different user types, all with various levels of clearance.

For a traditional firewall, this means that an access rule is necessary to allow the server to access every resource that any user on that server could need. In practice, these access rules often become a permit all for the Citrix/Terminal Server. This open door to the network represents a significant security risk.

What cyber criminals can’t see, they can’t compromise.

Taking the recent Anthem breach and many other notable breaches that were the result of stolen credentials into account, it’s safe to say that nothing is out of reach. Accepting that Citrix/Terminal Server access will be compromised is the most proactive cybersecurity strategy you could take. Here’s why: hackers are, simply, the best at what they do. Research supports his theory: incident response provider Mandiant recently reported that 97 percent of organizations have been breached at least once.

Citrix/Terminal Server access rules allow users sharing an IP address to access every resource on a network segment. Once inside the network a cyber criminal who possess stolen credentials, can “see” applications and services, whether authorized or not. Enterprises need to move away from IP-centric architectures to a role-based security model, dynamically provisioning access depending on the user’s role and contextual attributes.

Once past denial, and on to acceptance, an organization can fully embrace a practical Citrix/Terminal Server security plan by focusing on minimizing risk. While the majority of cybersecurity spending historically has gone toward building up a perimeter, limiting the amount of damage intruders can do after they’re in is a powerful paradigm shift in a CXO’s strategy.

It’s time to flip cybersecurity strategies on their head.

The focus now becomes about user access and entitlements, including tight user-based controls around network access from virtual desktops. Enterprises must move away from IP-centric architectures to a role-based security model that maintains the distinction between individual users connecting through a Citrix or Windows Terminal, then dynamically provisions access on the network and application level depending on the user’s role and contextual attributes.

Dynamic access control considers factors such as, “Is the user on a laptop at home, or on an unrecognized tablet on an unsecure Wi-Fi network?” “Should access be granted in the latter case to sensitive data?”

Disruptive solutions allow organizations to limit the damage that can be done by cyber attacks (via privileged account and third-party users) by using identity and context to dynamically secure access to individual resources—essentially making the rest of an enterprise’s infrastructure invisible. They prevent the exposure of sensitive and confidential information to only allow an individual to access what they are authorized to access. This not only prevents someone from authenticating into a network if something seems amiss, but can also limit any damage a bad actor can take if they get in with stolen credentials.

This concept is taking hold at places like Coca-Cola, Google and others. It’s IT’s job to ensure that every enterprise, regardless of their size or resources, can reap the same benefits. In order to truly protect corporate data and resources, tighter user-based controls around network access from virtual desktops is critical.

Got Security?

April 1, 2015 Comments off

SecuritySecurity is a topic that’s on everyone’s minds these days. And there’s a good reasons for it: Security is important. Now, that might sound like a tremendous understatement, but it’s the truth. In fact, the truth is that security is the top concern for most of the world’s businesses. It should be. Every day you read about another significant breach of a major retail chain, of a bank, or even of a government site. Prominent companies are under constant attack from so-called “black hat” or criminal hackers whose sole purpose is to compromise data, steal valuable data, and to expose vulnerabilities in your security.

If you think that you’re safe, for whatever reason that you’ve told yourself, you aren’t. If you’ve ever had a fraud alert from a credit card company or your bank, then you realize how vulnerable you really are.

Unfortunately, as a customer of a restaurant, of a clothing store, of an online vendor, or of your corner market, you’re vulnerable to credit card and, ultimately, identity theft. While the point of this post is to inform you, rather than to scare you, please note that the threats are real and that you should take more care and practice vigilance in the use of your identity, including your credit cards, debit cards, and online accounts.

If you own a business, you owe it to yourself and to your customers to make every effort to prevent breaches of your company information, your personal information, and your customer’s information. It’s not easy to do by yourself. There’s all kinds of advice, good and bad, on the Internet about how to protect yourself, how to recover from identity theft, and how to go on the security offensive for you, your business, and your family.

Bad information is worse than no information at all. You can put yourself at greater risk by listening to alleged experts than you can by playing it smart and hiring a security consultant who can find out exactly what the bad guys can find out about you and your business.

It works something like this: If you want to find out how vulnerable your house is to break-ins, who would you hire–a clean-shaven, upstanding, taxpaying citizen who’s never been arrested for breaking and entering or would you be smarter to hire a reformed bad guy to tell you how it’s really done? If you’re smart, you’ll hire the person with a criminal background who’s gone straight to figure out where you’re vulnerabilities are.

On the same hand, if you want to test your company’s or your personal security, you should hire someone who’s hacked for a living–in the criminal sense.

That’s the service I’m offering you. I have a select group of former black hat hackers as my associates who’ll put your security through its paces. Further, we’ll help you mitigate the flaws we find* and tell you how to fix the problems.

Here is a partial listing of our services:

  • Identity fraud checking/fixing
  • Employee Social Engineering checking/fixing
  • Website Penetration/Vulnerability analysis
  • Company penetration/information grabbing
  • Training and prevention

If you’re not 100 percent sure of how vulnerable you might be, here are some examples:

About four years ago, I bought a cake from a local bakery and used my debit card for the purchase. One of the workers there used my card to buy pizza and some other things that he’d had delivered to his girlfriend’s house. Once I found the fraudulent charges, I tracked him down, via his girlfriend and confronted him. I won’t go into detail, but I did make an impression. The bank investigated and made good on the losses to my account.
That scenario is common, except for the part where you get to confront the perpetrator. Typically, the guilty party is so far away that you’ll never find him. Bad for you, but great for him.

My wife paid my son’s technical school tuition with a credit card only to find later that we’d been charged an additional $1,800 for services that we’d never heard of, much less purchased. We contacted the vendor and explained the situation and they promptly removed the charges.

I receive calls from unknown numbers on a weekly basis, trying to have me answer so that my phone can be charged bogus fees or to verify my number for fraudulent charges. I Google the numbers to verify their legitimacy. So far, all of them have been sources of fraud.

Yes, these things actually happened to me/us. These are only three examples and we’re only one family in 750 million that’s had our accounts or cards compromised. Think about the repercussions of poor security on you, your family, and your business. Your integrity and reputation, not to mention your credit score, are at risk. It’s made us all a lot smarter about how we transact business these days.

So that you realize that we’re trying to help you, I’m going to offer you a free list of 10 things you can do to make yourself more secure today.

  • Google yourself – Contact all of the “public information” carriers/resellers and have them remove your information from their databases.
  • Do Not Call lists – Go to https://www.donotcall.gov/ and register to have your phone numbers removed.
  • Mall survey cards – Never fill out one of those mall survey cards or enter any contest at a mall or other retail establishment.
  • Unrecognized phone numbers – Never answer calls to your cell phone when you don’t recognize the phone number.
  • Use cash – Carry cash with you and avoid using credit/debit cards as much as possible.
  • Email attachments – Don’t open email attachments that don’t make sense and don’t respond to those emails.
  • Nigerian Princes – Never respond to any email from a Nigerian Prince who wants you to deposit money in a bank account for him.
  • Ignore “You’re a Winner!” emails – If you didn’t enter it, you didn’t win it.
  • Passwords/SSNs – Never give your passwords or Social Security Numbers to anyone over the phone.
  • Account-oriented emails – No online service will ever request your password or a login via email.

If you’d like to discuss your security or your security concerns, you may contact me via email at ken@kenhess.com. I’ll be glad to setup a time to call you and discuss your concerns and how we can help you get a handle on your personal or business security. Don’t be a victim. Don’t be a statistic. Learn to fight back by finding out what the bad guys know about you and how to fix it.

*Ask about our 50 percent rebate plan.

False Pretense Films

Film Noir with a Modern Twist

I'm Just Trying to Help

Helpful Hints, Tips, Tricks, and Info

5K a Day 2017

Our 2017 fitness goal

The securityNOW Podcast Show

Cybersecurity News and Interviews

LoneStarFreedomPress

Phoenix Republic - The Lone Star Gambit / Sovereign's Journey

%d bloggers like this: