STE WILLIAMS

As security operations centers (SOCs) continue to evolve, enterprises are challenged with enhancing their ability to detect cyberthreats and keep themselves from harm, according to a recent report about building successful SOCs from the Information Security Forum (ISF).

The reality is, SOC teams are struggling from limited resources compounded by a skills shortage. In fact, some organizations don’t even know whether they have a SOC, according to Michael Coates, CEO and co-founder of Altitude Networks.

“For a lot of organizations, the SOC consists of a person, but having a dedicated security person you call a SOC is not a SOC,” he says. “A SOC is people, but it’s also process and technology.”

Because organizations are having a hard time recruiting and retaining talent, they often rely more on technology than people. And because these businesses vary in size and hail from different industry sectors, it also is difficult to definitively say how a SOC should be constructed and run.

But fear not. as businesses look to the future and invest in next-generation tools, here are some considerations for more effective planning.

If They Build It, Visibility Will Come
The question of, “What’s the right way to do it?” is a natural inquiry when building pretty much anything. When it comes specifically to a SOC, focusing on the elements that can drive a program’s maturity should be the foundation from which a security team starts, says Amos Stern, CEO and co-founder at Siemplify.

“Security operations is basically an operation, and the maturity of your SOC is basically a derivative of the investment in your people,” Stern says. “How well is the process of running the SOC understood? Rather than relying on individual heroics of different analysts or engineers, an organization needs to have a very well-defined process of how to respond to different types of threats and how to do vulnerability management and work with threat intelligence.”

Organizations are all too familiar with the risk of financial loss, customer attrition, and reputational damage that comes from a data breach, which is why they can no longer afford to rely solely on reactive measures, says Steve Durbin, managing director of the Information Security Forum.

The security operations priority must be to identify threats, resolve security issues, and prevent adversaries from disabling or degrading business operations. “Without a SOC, organizations lack real-time visibility of threats, impeding their ability to protect business critical assets and effectively manage information risks,” Durbin says.

A number of practical considerations, including understanding the capabilities that can be provided by a SOC and whether a business case to initiate a SOC implementation exists, should frame an organization’s approach to investing in its operations center. The challenge, however, is that each new system then requires expertise to configure and use it.

“A significant issue for today’s as well as next-gen SOC teams is dealing with alert fatigue stemming from wading through large volumes of incidents with inconclusive threat scores and false positives,” says Atif Mushtaq, CEO at SlashNext.

Accuracy of Detection
As solutions continue to evolve, SOC teams will demand better, more accurate performance from their systems so they can focus on preventing and dealing with real threats, Mushtaq says. “One area that is seeing marked improvement is with anti-phishing controls,” he says. “Improved email security plus accurate, real-time phishing threat intelligence are being employed.”

Key technologies currently in use in the modern SOC include intrusion detection/prevention systems, security information and event management systems, data loss prevention software, and threat intelligence and vulnerability management platforms. Looking forward, the next-gen SOC will be heavily integrated with artificial intelligence and machine-learning systems, says Larry Johnson, CEO of CyberSponse.

Still, technology should not replace people. Instead, it should be used to enable experienced security staff so they can be faster, more efficient, and less error-prone.

“This will be transformative technology, but it won’t be effective without experienced staff to operate it,” Johnson says. “The SOC of the future will do three things far better than today: efficiency, standardization, and visibility, particularly for non-technical leadership so that they better understand the nature of the threats facing their organization and how their security staff is responding.”

On, In, or Out?
Part of building a SOC also requires organizations to decide whether it will be an internal, external, or hybrid. Each has its pros and cons. The upsides to an internal SOC include the assurance that comes with it being staffed by employees who are familiar with the organization’s infrastructure and understand its security posture. That said, making an internal SOC successful comes at a cost. 

A more cost-friendly route could be contracting an external party to deliver SOC services, according to Durbin.

“An external SOC has the advantage of minimal initial outlay costs and reduced running costs due to the economies of scale associated with outsourcing,” he says. “However, it is also important for organizations to recognize that they retain responsibility for the SOC and therefore need to keep SOC governance in-house.”

Members of ISF have expressed to Durbin that a hybrid SOC offers “the best of both worlds” by addressing some of the limitations that can encumber the performance of an internal or external SOC, he says.

“A hybrid approach combines the benefits of an in-house SOC, including greater control and specific business domain knowledge, with the technical expertise and operational experience of an external provider,” Durbin says.

Square Peg, Round Hole
While organizations should be aware of industry best practices (NIST, MITRE), Johnson warns that companies should avoid the “best practices trap.”

“Organizations often screw up by only pegging their programs to those broader standards and practices,” he says. “Every company is unique in size, industry, and scope, and you have to cater your SOC to your own specific needs and risks. There is no one-size-fits-all plan for this.”

Related Content:

• A Realistic Path Forward for Security Orchestration and Automation
• Back to Basics with Log Management, SIEMs MSSPs
• Why Every Organization Needs an Incident Response Plan
• 7 Stats That Show What It Takes to Run a Modern SOC

Image Source: Ico Maker via Adobe Stock 

Kacy Zurkus is a cybersecurity and InfoSec freelance writer as well as a content producer for Reed Exhibition’s security portfolio. Zurkus is a regular contributor to Security Boulevard and IBM’s Security Intelligence. She has also contributed to several publications, … View Full Bio

Article source: https://www.darkreading.com/edge/theedge/modern-day-socs-people-process-and-technology/b/d-id/1335434?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

As security operations centers (SOCs) continue to evolve, enterprises are challenged with enhancing their ability to detect cyberthreats and keep themselves from harm, according to a recent report about building successful SOCs from the Information Security Forum (ISF).

The reality is, SOC teams are struggling from limited resources compounded by a skills shortage. In fact, some organizations don’t even know whether they have a SOC, according to Michael Coates, CEO and co-founder of Altitude Networks.

“For a lot of organizations, the SOC consists of a person, but having a dedicated security person you call a SOC is not a SOC,” he says. “A SOC is people, but it’s also process and technology.”

Because organizations are having a hard time recruiting and retaining talent, they often rely more on technology than people. And because these businesses vary in size and hail from different industry sectors, it also is difficult to definitively say how a SOC should be constructed and run.

But fear not. as businesses look to the future and invest in next-generation tools, here are some considerations for more effective planning.

If They Build It, Visibility Will Come
The question of, “What’s the right way to do it?” is a natural inquiry when building pretty much anything. When it comes specifically to a SOC, focusing on the elements that can drive a program’s maturity should be the foundation from which a security team starts, says Amos Stern, CEO and co-founder at Siemplify.

“Security operations is basically an operation, and the maturity of your SOC is basically a derivative of the investment in your people,” Stern says. “How well is the process of running the SOC understood? Rather than relying on individual heroics of different analysts or engineers, an organization needs to have a very well-defined process of how to respond to different types of threats and how to do vulnerability management and work with threat intelligence.”

Organizations are all too familiar with the risk of financial loss, customer attrition, and reputational damage that comes from a data breach, which is why they can no longer afford to rely solely on reactive measures, says Steve Durbin, managing director of the Information Security Forum.

The security operations priority must be to identify threats, resolve security issues, and prevent adversaries from disabling or degrading business operations. “Without a SOC, organizations lack real-time visibility of threats, impeding their ability to protect business critical assets and effectively manage information risks,” Durbin says.

A number of practical considerations, including understanding the capabilities that can be provided by a SOC and whether a business case to initiate a SOC implementation exists, should frame an organization’s approach to investing in its operations center. The challenge, however, is that each new system then requires expertise to configure and use it.

“A significant issue for today’s as well as next-gen SOC teams is dealing with alert fatigue stemming from wading through large volumes of incidents with inconclusive threat scores and false positives,” says Atif Mushtaq, CEO at SlashNext.

Accuracy of Detection
As solutions continue to evolve, SOC teams will demand better, more accurate performance from their systems so they can focus on preventing and dealing with real threats, Mushtaq says. “One area that is seeing marked improvement is with anti-phishing controls,” he says. “Improved email security plus accurate, real-time phishing threat intelligence are being employed.”

Key technologies currently in use in the modern SOC include intrusion detection/prevention systems, security information and event management systems, data loss prevention software, and threat intelligence and vulnerability management platforms. Looking forward, the next-gen SOC will be heavily integrated with artificial intelligence and machine-learning systems, says Larry Johnson, CEO of CyberSponse.

Still, technology should not replace people. Instead, it should be used to enable experienced security staff so they can be faster, more efficient, and less error-prone.

“This will be transformative technology, but it won’t be effective without experienced staff to operate it,” Johnson says. “The SOC of the future will do three things far better than today: efficiency, standardization, and visibility, particularly for non-technical leadership so that they better understand the nature of the threats facing their organization and how their security staff is responding.”

On, In, or Out?
Part of building a SOC also requires organizations to decide whether it will be an internal, external, or hybrid. Each has its pros and cons. The upsides to an internal SOC include the assurance that comes with it being staffed by employees who are familiar with the organization’s infrastructure and understand its security posture. That said, making an internal SOC successful comes at a cost. 

A more cost-friendly route could be contracting an external party to deliver SOC services, according to Durbin.

“An external SOC has the advantage of minimal initial outlay costs and reduced running costs due to the economies of scale associated with outsourcing,” he says. “However, it is also important for organizations to recognize that they retain responsibility for the SOC and therefore need to keep SOC governance in-house.”

Members of ISF have expressed to Durbin that a hybrid SOC offers “the best of both worlds” by addressing some of the limitations that can encumber the performance of an internal or external SOC, he says.

“A hybrid approach combines the benefits of an in-house SOC, including greater control and specific business domain knowledge, with the technical expertise and operational experience of an external provider,” Durbin says.

Square Peg, Round Hole
While organizations should be aware of industry best practices (NIST, MITRE), Johnson warns that companies should avoid the “best practices trap.”

“Organizations often screw up by only pegging their programs to those broader standards and practices,” he says. “Every company is unique in size, industry, and scope, and you have to cater your SOC to your own specific needs and risks. There is no one-size-fits-all plan for this.”

Related Content:

• A Realistic Path Forward for Security Orchestration and Automation
• Back to Basics with Log Management, SIEMs MSSPs
• Why Every Organization Needs an Incident Response Plan
• 7 Stats That Show What It Takes to Run a Modern SOC

Image Source: Ico Maker via Adobe Stock 

Kacy Zurkus is a cybersecurity and InfoSec freelance writer as well as a content producer for Reed Exhibition’s security portfolio. Zurkus is a regular contributor to Security Boulevard and IBM’s Security Intelligence. She has also contributed to several publications, … View Full Bio

Article source: https://www.darkreading.com/edge/theedge/modern-day-socs-people-process-and-technology/b/d-id/1335434?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

As security operations centers (SOCs) continue to evolve, enterprises are challenged with enhancing their ability to detect cyberthreats and keep themselves from harm, according to a recent report about building successful SOCs from the Information Security Forum (ISF).

The reality is, SOC teams are struggling from limited resources compounded by a skills shortage. In fact, some organizations don’t even know whether they have a SOC, according to Michael Coates, CEO and co-founder of Altitude Networks.

“For a lot of organizations, the SOC consists of a person, but having a dedicated security person you call a SOC is not a SOC,” he says. “A SOC is people, but it’s also process and technology.”

Because organizations are having a hard time recruiting and retaining talent, they often rely more on technology than people. And because these businesses vary in size and hail from different industry sectors, it also is difficult to definitively say how a SOC should be constructed and run.

But fear not. as businesses look to the future and invest in next-generation tools, here are some considerations for more effective planning.

If They Build It, Visibility Will Come
The question of, “What’s the right way to do it?” is a natural inquiry when building pretty much anything. When it comes specifically to a SOC, focusing on the elements that can drive a program’s maturity should be the foundation from which a security team starts, says Amos Stern, CEO and co-founder at Siemplify.

“Security operations is basically an operation, and the maturity of your SOC is basically a derivative of the investment in your people,” Stern says. “How well is the process of running the SOC understood? Rather than relying on individual heroics of different analysts or engineers, an organization needs to have a very well-defined process of how to respond to different types of threats and how to do vulnerability management and work with threat intelligence.”

Organizations are all too familiar with the risk of financial loss, customer attrition, and reputational damage that comes from a data breach, which is why they can no longer afford to rely solely on reactive measures, says Steve Durbin, managing director of the Information Security Forum.

The security operations priority must be to identify threats, resolve security issues, and prevent adversaries from disabling or degrading business operations. “Without a SOC, organizations lack real-time visibility of threats, impeding their ability to protect business critical assets and effectively manage information risks,” Durbin says.

A number of practical considerations, including understanding the capabilities that can be provided by a SOC and whether a business case to initiate a SOC implementation exists, should frame an organization’s approach to investing in its operations center. The challenge, however, is that each new system then requires expertise to configure and use it.

“A significant issue for today’s as well as next-gen SOC teams is dealing with alert fatigue stemming from wading through large volumes of incidents with inconclusive threat scores and false positives,” says Atif Mushtaq, CEO at SlashNext.

Accuracy of Detection
As solutions continue to evolve, SOC teams will demand better, more accurate performance from their systems so they can focus on preventing and dealing with real threats, Mushtaq says. “One area that is seeing marked improvement is with anti-phishing controls,” he says. “Improved email security plus accurate, real-time phishing threat intelligence are being employed.”

Key technologies currently in use in the modern SOC include intrusion detection/prevention systems, security information and event management systems, data loss prevention software, and threat intelligence and vulnerability management platforms. Looking forward, the next-gen SOC will be heavily integrated with artificial intelligence and machine-learning systems, says Larry Johnson, CEO of CyberSponse.

Still, technology should not replace people. Instead, it should be used to enable experienced security staff so they can be faster, more efficient, and less error-prone.

“This will be transformative technology, but it won’t be effective without experienced staff to operate it,” Johnson says. “The SOC of the future will do three things far better than today: efficiency, standardization, and visibility, particularly for non-technical leadership so that they better understand the nature of the threats facing their organization and how their security staff is responding.”

On, In, or Out?
Part of building a SOC also requires organizations to decide whether it will be an internal, external, or hybrid. Each has its pros and cons. The upsides to an internal SOC include the assurance that comes with it being staffed by employees who are familiar with the organization’s infrastructure and understand its security posture. That said, making an internal SOC successful comes at a cost. 

A more cost-friendly route could be contracting an external party to deliver SOC services, according to Durbin.

“An external SOC has the advantage of minimal initial outlay costs and reduced running costs due to the economies of scale associated with outsourcing,” he says. “However, it is also important for organizations to recognize that they retain responsibility for the SOC and therefore need to keep SOC governance in-house.”

Members of ISF have expressed to Durbin that a hybrid SOC offers “the best of both worlds” by addressing some of the limitations that can encumber the performance of an internal or external SOC, he says.

“A hybrid approach combines the benefits of an in-house SOC, including greater control and specific business domain knowledge, with the technical expertise and operational experience of an external provider,” Durbin says.

Square Peg, Round Hole
While organizations should be aware of industry best practices (NIST, MITRE), Johnson warns that companies should avoid the “best practices trap.”

“Organizations often screw up by only pegging their programs to those broader standards and practices,” he says. “Every company is unique in size, industry, and scope, and you have to cater your SOC to your own specific needs and risks. There is no one-size-fits-all plan for this.”

Related Content:

• A Realistic Path Forward for Security Orchestration and Automation
• Back to Basics with Log Management, SIEMs MSSPs
• Why Every Organization Needs an Incident Response Plan
• 7 Stats That Show What It Takes to Run a Modern SOC

Image Source: Ico Maker via Adobe Stock 

Kacy Zurkus is a cybersecurity and InfoSec freelance writer as well as a content producer for Reed Exhibition’s security portfolio. Zurkus is a regular contributor to Security Boulevard and IBM’s Security Intelligence. She has also contributed to several publications, … View Full Bio

Article source: https://www.darkreading.com/edge/theedge/modern-day-socs-people-process-and-technology/b/d-id/1335434?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

The Web Application Attacks visualization provides a heat map of the week-over-week top source countries for attacks, such as SQL injection (SQLi), remote file inclusion (RFI), and cross-site scripting (XSS) attacks, which can degrade performance and result in lost revenue and damage to your brand.

The Enterprise Threat Monitor visualization provides a daily and weekly view of network attacks on critical IT infrastructure, such as malware, phishing, and command and control, which can lead to costly and harmful data breaches. 

These Threat Monitoring visualizations provided by Akamai show the weekly trends in Web application and network security threats. They are based on Akamai’s daily interactions with 130 terabytes of data, 1 billion devices, and 100-plus million IP addresses tracked on the Akamai Intelligent Edge Platform.

Article source: https://www.darkreading.com/edge/theedge/this-week-in-web-application-attacks-and-enterprise-threats/b/d-id/1335147?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

The Web Application Attacks visualization provides a heat map of the week-over-week top source countries for attacks, such as SQL injection (SQLi), remote file inclusion (RFI), and cross-site scripting (XSS) attacks, which can degrade performance and result in lost revenue and damage to your brand.

The Enterprise Threat Monitor visualization provides a daily and weekly view of network attacks on critical IT infrastructure, such as malware, phishing, and command and control, which can lead to costly and harmful data breaches. 

These Threat Monitoring visualizations provided by Akamai show the weekly trends in Web application and network security threats. They are based on Akamai’s daily interactions with 130 terabytes of data, 1 billion devices, and 100-plus million IP addresses tracked on the Akamai Intelligent Edge Platform.

Article source: https://www.darkreading.com/edge/theedge/this-week-in-web-application-attacks-and-enterprise-threats/b/d-id/1335147?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

The Web Application Attacks visualization provides a heat map of the week-over-week top source countries for attacks, such as SQL injection (SQLi), remote file inclusion (RFI), and cross-site scripting (XSS) attacks, which can degrade performance and result in lost revenue and damage to your brand.

The Enterprise Threat Monitor visualization provides a daily and weekly view of network attacks on critical IT infrastructure, such as malware, phishing, and command and control, which can lead to costly and harmful data breaches. 

These Threat Monitoring visualizations provided by Akamai show the weekly trends in Web application and network security threats. They are based on Akamai’s daily interactions with 130 terabytes of data, 1 billion devices, and 100-plus million IP addresses tracked on the Akamai Intelligent Edge Platform.

Article source: https://www.darkreading.com/edge/theedge/this-week-in-web-application-attacks-and-enterprise-threats/b/d-id/1335147?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Question: What threats to developers and development environments should I know about, and how do I defend against them?

Brad Causey, CEO at Zero Day Consulting: Developers should be on the lookout for several threats. First, be wary of what libraries and thirty-party code you integrate into your applications. Aside from the obvious older and vulnerable versions out there, many companies are seeing supply chain attacks. This is where the attacker compromises an application or library in use by the organization but hosted and provided by a vendor. Recently, for example, a Chinese hacker group, Wicked Panda, has been compromising system admin tools and vendor update repositories in order to gain footholds into their consumer networks. The takeaway? Make sure anything you bundle into your software is vetted and safe. Also, take a close look at your integrated development environment (IDE) and other development tools.

Development environments pose a few unique risks to the organization. First, the security of these environments is generally lacking. Often, they will have weak permissions or poor/reused credentials. Additionally, they often have production data used for testing. This combination can often lead to production data being exposed to an attacker who homes in on the weaker security of a development environment.

Another common mistake is to use production credentials and configurations in both development and production environments. For example, if the username and password for a system administrator is the same for both production and development databases, attackers can pivot from one to the other more easily. Always segment out and protect your production environment from any attacks on dev.

What do you advise? Let us know in the Comments section, below.

Do you have questions you’d like answered? Send them to [email protected].

Brad Causey is an active member of the security and forensics community worldwide. Brad tends to focus his time on Web Application security as it applies to global and enterprise arenas. He is a member of the OWASP Global Projects Committee and the President of the … View Full Bio

Article source: https://www.darkreading.com/edge/theedge/is-my-development-environment-at-risk/b/d-id/1335494?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Question: What threats to developers and development environments should I know about, and how do I defend against them?

Brad Causey, CEO at Zero Day Consulting: Developers should be on the lookout for several threats. First, be wary of what libraries and thirty-party code you integrate into your applications. Aside from the obvious older and vulnerable versions out there, many companies are seeing supply chain attacks. This is where the attacker compromises an application or library in use by the organization but hosted and provided by a vendor. Recently, for example, a Chinese hacker group, Wicked Panda, has been compromising system admin tools and vendor update repositories in order to gain footholds into their consumer networks. The takeaway? Make sure anything you bundle into your software is vetted and safe. Also, take a close look at your integrated development environment (IDE) and other development tools.

Development environments pose a few unique risks to the organization. First, the security of these environments is generally lacking. Often, they will have weak permissions or poor/reused credentials. Additionally, they often have production data used for testing. This combination can often lead to production data being exposed to an attacker who homes in on the weaker security of a development environment.

Another common mistake is to use production credentials and configurations in both development and production environments. For example, if the username and password for a system administrator is the same for both production and development databases, attackers can pivot from one to the other more easily. Always segment out and protect your production environment from any attacks on dev.

What do you advise? Let us know in the Comments section, below.

Do you have questions you’d like answered? Send them to [email protected].

Brad Causey is an active member of the security and forensics community worldwide. Brad tends to focus his time on Web Application security as it applies to global and enterprise arenas. He is a member of the OWASP Global Projects Committee and the President of the … View Full Bio

Article source: https://www.darkreading.com/edge/theedge/is-my-development-environment-at-risk/b/d-id/1335494?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Question: What threats to developers and development environments should I know about, and how do I defend against them?

Brad Causey, CEO at Zero Day Consulting: Developers should be on the lookout for several threats. First, be wary of what libraries and thirty-party code you integrate into your applications. Aside from the obvious older and vulnerable versions out there, many companies are seeing supply chain attacks. This is where the attacker compromises an application or library in use by the organization but hosted and provided by a vendor. Recently, for example, a Chinese hacker group, Wicked Panda, has been compromising system admin tools and vendor update repositories in order to gain footholds into their consumer networks. The takeaway? Make sure anything you bundle into your software is vetted and safe. Also, take a close look at your integrated development environment (IDE) and other development tools.

Development environments pose a few unique risks to the organization. First, the security of these environments is generally lacking. Often, they will have weak permissions or poor/reused credentials. Additionally, they often have production data used for testing. This combination can often lead to production data being exposed to an attacker who homes in on the weaker security of a development environment.

Another common mistake is to use production credentials and configurations in both development and production environments. For example, if the username and password for a system administrator is the same for both production and development databases, attackers can pivot from one to the other more easily. Always segment out and protect your production environment from any attacks on dev.

What do you advise? Let us know in the Comments section, below.

Do you have questions you’d like answered? Send them to [email protected].

Brad Causey is an active member of the security and forensics community worldwide. Brad tends to focus his time on Web Application security as it applies to global and enterprise arenas. He is a member of the OWASP Global Projects Committee and the President of the … View Full Bio

Article source: https://www.darkreading.com/edge/theedge/is-my-development-environment-at-risk/b/d-id/1335494?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

The year 2020 is fast approaching, and studies estimate that more than 10 billion Internet of Things (IoT) devices will be connected by then. As the number of devices continues to grow, we’re putting ourselves at greater security risk. But despite the vulnerabilities, the general public keeps using and purchasing new devices and has come to have blind trust in them.

According to SAM Seamless Networks, security cameras make up nearly half of the most vulnerable devices, followed by smart home devices Google Home and Amazon Alexa. And vulnerabilities are not just in our homes — the enterprise is at risk also.

The Mirai botnet attacks are still being used to damage corporate networks. Recently, a new IoT bricking worm, malware dubbed Silex, has been hitting Linux-based devices, and it’s designed to permanently disable the hardware it infects, effectively rendering the devices useless.

What Makes IoT So Vulnerable?
The sheer increase in the volume of consumer IoT fostered by retail and tech giants has created a massive attack surface. Consumers may have dozens of IoT devices in their homes. And with all of their variations in software, suppliers, and connection points, the possibilities for things to go wrong seem endless.

For instance, the simple task of turning on your home security system (an IoT device that communicates with a server), driving your car (your phone or car could also be an IoT device), and using a streaming camera at home seems innocuous on their own, but the data may be tracked by various parties, and combining them causes alarming possibilities of potential malicious activity.

To better ensure safety and security, education is needed across the entire IoT ecosystem — from consumers to device manufacturers, service providers, third parties, and developers. Findings show the top reasons for IoT security vulnerabilities include weak passwords, insecure web APIs, cloud and mobile interfaces, insecure third parties, network services, and data transfer to name a few.

What Can Be Done?
Security is only as strong as your weakest link, and we all need to be a bit paranoid in order to get better and for changes to take place. Below are a few considerations to build stronger IoT security:

1. Team mindset: For security to become a priority, it helps to have an entire team that is invested in security. This includes everyone from the CEO and website manager to the developer. When teams and priorities are aligned, budgets and actions are built into short- and long-term goals.

2. Standardization: IoT industry standardization is needed across the board — much like the standards for browsers and websites in the early days of the Internet. Web browsers and websites have evolved a lot over the years, and we are very much in the early stages of IoT.

3. Secure the supply chain: We must hold vendors accountable, but it’s not just about the device itself — supply chain partners are numerous. As we saw with Google Home Nest cameras, third-party service providers were part of the problem that allowed old owners of cameras to spy on new owners.

4. Consumer education: If more people are educated on what could go wrong, they will be more security conscious. If they’re aware of vulnerabilities and issues, they can help prevent attacks. For example, as we saw with the Nest vulnerability, they can make sure their devices are set to factory settings and check for updates to systems on a frequent basis. Educating kids at an early age can also go a long way, just like they’re told to not open the door to strangers. In our modern age, “safety” is still the issue, but the risks have changed. The simple task of installing an application off the Web itself can become the weakest link.

5. Secure applications that support IoT devices: We must ensure that the code and software we build for IoT is continually tested for vulnerabilities. For instance, we can pre-emptively change default passwords of devices, and also manage the patch level of the kernel software on devices to prevent exploitation of new vulnerabilities.

6. Multilayered network security: Many things can be done at the enterprise network level. Segmentation of networks can ensure that hacked IoT devices can’t affect other areas of networks. Perimeter security can help ensure hackers can’t see networks in the first place. Companies should also limit the ability of IoT devices to initiate network connections.

IoT is certainly the Wild West in technology right now, but if we recognize IoT is not going away, and acknowledge its vulnerabilities do create real life safety issues for us, we can raise the awareness, work together across the different layers, and take steps to secure them.

Related Content:

• The State of IT Operations and Cybersecurity Operations
• 7 Malware Families Ready to Ruin Your IoT’s Day
• Why the Network Is Central to IoT Security
• Mirai Groups Target Business IoT Devices

Black Hat USA returns to Las Vegas with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the conference and to register.

Prabhu Mohan is a software development leader and innovator with over 20 years of product development and execution expertise covering a wide range of technologies and industry verticals spanning from application security and embedded mobile applications used on millions of … View Full Bio

Article source: https://www.darkreading.com/endpoint/6-security-considerations-for-wrangling-iot/a/d-id/1335411?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple