STE WILLIAMS

RSA CONFERENCE 2019 – San Francisco – Many security firms have focused on multifactor authentication (MFA), but startup Armor Scientific hopes that its recipe of location-based authentication paired with biometrics along with a blockchain ledger for key management will help companies improve security and do away with usernames and passwords.

The company, which emerged from stealth on March 4 at the RSA Conference, said it plans to focus initially on first responders and critical jobs that require high security, such as healthcare and financial institutions. Many of those jobs deal with sensitive data, but the workers often do not have time to log in with multiple factors of authentication. The combination exposes high-value data to compromise.

“Law enforcement, first responder — there is automated log-in everywhere in a law enforcement environment,” said Scott Mohr, chief security officer at Armor Scientific. “They have to log in, tap in, touch in, or leverage some multiple set of keys, and when an officer leaves the dashcam of his car behind, they don’t know where that officer is.”

By marrying location information — provided by the GPS-based technology — and biometric information, the company’s system will allow first responders and others to access necessary data securely. As an added benefit for first responders, the technology will provide location data on officers and workers, Mohr says.

“What we are able to do is provide the red dot on the map for first responders,” he said.

MFA Resistance Fierce
Increasingly, companies are moving to two-factor (2FA) authentication or MFA to allow authorized users and workers access to their systems and services. However, nearly two-thirds of companies have reported facing stiff resistance from workers to adopt two-factor authentication, according to an August 2018 study.

2FA can be slow, so many services providers have adopted a more flexible approach, known as adaptive authentication — allowing additional factors to be requested only during suspicious attempts to access a system or service. While those adaptive solutions are appropriate, often they involve poorly integrated authentication systems, increasing the vulnerability surface area, Mohr said.

“What is happening in today’s world, the multifactor solutions that are coming to the table, really all they do is stack multiple technologies on top of one another and create additional layers that ultimately allow hackers more access,” he said. “We believe it is compounding the problem and not making us more secure. In addition, you see that the frustration level is going through the roof.”

Using Blockchain for Authenticating Devices
Armor Scientific designed its system from the ground up to integrate all the components and reduce the potential attack surface area, says Nick Buchanan, CTO of Armor Scientific. The company’s blockchain approach is not based on code from an open source solution but is created to the specifications required by Armor Scientific’s clients, he said.

By using a consensus approach, the blockchain’s distributed nature prevents new devices from accessing the network unless three — or more — nodes have verified its authenticity.

“If someone tries to enter the network surreptitiously, none of the nodes respond — it needs to have a signature,” Buchanan said. “There is no such thing as anonymous communication on our network. You are either identified or you are not.”

While the 2FA market is crowded, Armor Scientific’s Mohr and Buchanan said that the focus on specific markets, such as first responders and high-security networks, will help the company stand out.

Related Content:

• Survey Points to Slight Rise in Adaptive Authentication over 2FA
• Less Than One Third of People Use Two Factor Authentication
• Companies Fall Short on 2FA
• Password Reuse Abounds, New Survey Shows

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry’s most knowledgeable IT security experts. Check out the Interop agenda here.

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT’s Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline … View Full Bio

Article source: https://www.darkreading.com/operations/identity-and-access-management/startup-armor-scientific-launches-multifactor-identity-system/d/d-id/1334047?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

RSA CONFERENCE 2019 – San Francisco – Detecting and responding to malware and threats on workstations and laptop computers has been a regular part of enterprise IT security for years. A service launching this week aims to bring those same capabilities to the smartphones that have become part of the enterprise application landscape.

CrowdStrike Falcon for Mobile is an endpoint detection and response (EDR) suite based on CrowdStrike’s Falcon product for the more traditional workstations found in the enterprise. “What we’ve seen in 2018 is a much wider attack surface and instances of attacks against mobile devices,” said Amol Kulkarni, chief product and engineering officer at CrowdStrike. “The field being shared equally, across desktops, laptops, and mobile, it was inevitable that the attack surface is going to be leveraged by attackers.”

Kulkarni said that the most critical need for protecting mobile devices is visibility. “Some of the attacks are known, but a lot of the attacks that we suspect are happening are unknown. And that’s because there isn’t really a good solution which provides visibility and which has taken the EDR approach to mobile,” he said.

The second major feature set Falcon for Mobile provides is proactive threat hunting and aid to red team members. This feature set includes capabilities such as mobile network activity tracking, highlighting clipboard actions, and monitoring peripherals and attached devices.

With the new capabilities, though, Kulkarni said that privacy remains a key concern. “Privacy is crucial in the mixed, ‘bring your own device’ world that we have,” he said, because, “we will only monitor corporate applications, designated by corporate admins, and clearly visible to the end user.” Kulkarni added, “And we would not monitor personal applications or personal data on the device.”

Designing the Falcon for Mobile device agent was a challenge because performance requirements dictated that the app be as small as possible. “These are battery-powered devices so the performance impact has to be super, super minimal,” Kulkarni said.

Related content:

• Cyber and Physical Convergence Is Creating New Attack Opportunities for Cybercriminals
• 8 Cybersecurity Myths Debunked
• RF Hacking Research Exposes Danger to Construction Sites
• 773 Million Email Addresses, 21 Million Passwords for Sale on Hacker Forum
• More Than Half of Companies See Rise in Mobile Security Threats: Bitglass 2018 BYOD Report

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry’s most knowledgeable IT security experts. Check out the Interop agenda here.

Curtis Franklin Jr. is Senior Editor at Dark Reading. In this role he focuses on product and technology coverage for the publication. In addition he works on audio and video programming for Dark Reading and contributes to activities at Interop ITX, Black Hat, INsecurity, and … View Full Bio

Article source: https://www.darkreading.com/mobile/crowdstrike-debuts-mobile-threat-detection-system-at-rsa-conference/d/d-id/1334044?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

The cyber security industry is well known for studies and reports that would, in the words of a line from the musical “1776,” “…depress a hyena.” That’s why the good news contained in a recent survey of more than 3,200 CISOs is newsworthy.

In a blog post announcing the results of the 2019 Cisco CISO Benchmark Study, Steve Martino, senior vice president and chief information security officer at Cisco, wrote, “There was a strong correlation between those who were extremely collaborative and the total cost of their most impactful breach, which was below $100,000―the lowest category of a breach cost.”

According to John Maynard, Cisco’s global security sales chief, that data agrees with conversations he’s had throughout the industry. Fragmentation, both of technology and responsibility, is harmful to security because it makes it more difficult to get a full picture of the threat landscape and, Maynard says, “you can’t see, and you can’t remediate what you can’t get your arms around.”

In some cases, Maynard says, companies are still struggling to bring order to a constellation of security point solutions. “We see customers with 60 to 80 vendors in security, and it’s impossible to consolidate all the alerts coming in from those points,” he says. On the other hand, the number of companies that are consolidating and reducing the size of their security product fleet is growing. “In 2017, we had 54% who cited 10 or fewer vendors, and that’s up to 63% in this survey,” Maynard explains.

The other area where consolidation and cooperation are critical is in work between traditional operational silos. “Collaboration between the networking teams, net ops teams, and security teams is important and companies that were able to do that saw a marked drop in the costs of their response,” Maynard says, and drives the point home, explaining, “the companies that cited the closest collaboration between networking and security saw the lower remediation costs.”

In his blog post, Martino wrote that this suggests a very easy way for companies to reap tangible benefits: create a culture and set of processes where teams align on a single set of outcomes to break down silos between groups. And the metric for determining the success of those benefits is also straightforward, Martino wrote. “Measuring outcomes against investments is the best data-driven approach to budgeting.”

The study is not one of unending sunshine and congratulations: There are areas for improvement, including increasing the extent to which outcomes are used as a metric, improving alert management, and building a culture in which employees are a dramatically smaller piece of the threat landscape. 

In the conclusion and recommendations sections of the report, Maynard says that there are two points that tie directly back to these metrics. “Security budgeting should be linked to defined outcomes, and cyber insurance should be linked to funding,” he says.

Related content:

• To Mitigate Advanced Threats, Put People Ahead of Tech
• Why Cybersecurity Burnout Is Real (and What to Do About It)
• High Stress Levels Impacting CISOs Physically, Mentally
• 7 Tips for Communicating with the Board
• The 5 Stages of CISO Success, Past Future 

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry’s most knowledgeable IT security experts. Check out the Interop agenda here.

Curtis Franklin Jr. is Senior Editor at Dark Reading. In this role he focuses on product and technology coverage for the publication. In addition he works on audio and video programming for Dark Reading and contributes to activities at Interop ITX, Black Hat, INsecurity, and … View Full Bio

Article source: https://www.darkreading.com/operations/fixing-fragmentation-can-yield-tangible-benefits/d/d-id/1334051?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Security researchers from around the world last year reported over 100,000 valid vulnerabilities in software and systems belonging to organizations signed up with the HackerOne crowdsourced vulnerability disclosure platform.

Together the researchers earned more than $19 million in bounties in 2018 — or nearly the same amount as the combined total paid out to hackers over the past six years under the HackerOne program.

A survey-based report that HackerOne released Friday shows the number of white-hat hackers registered under the program doubled year over year to 300,000. Hackers from the US and India alone accounted for some 30% of the total and were once again among the top earners in the HackerOne community as in previous years.

However, the number of ethical hackers signing up from other countries, most notably from Africa, grew dramatically last year as well. In total, at the end of 2018, HackerOne had security researchers from as many as 150 countries registered for the program.

“One of the most striking takeaways from this year’s survey is the international growth in the number of bug-bounty hackers,” says Luke Tucker senior director of community and content at HackerOne. “India and the US remain the top hacker locations year over year, but their majority is decreasing as hackers across the globe sign up for bug-bounty programs.”  

The data is the latest to highlight the growing influence of crowdsourced bug-bounty programs in vulnerability discovery and remediation. HackerOne, like other bug-bounty platforms such as Bugcrowd and Synack, uses crowdsourced ethical hackers from around the world to help clients discover security vulnerabilities in their systems.

In recent years, thousands of private- and public-sector organizations have signed up with such platforms in a bid to uncover security vulnerabilities they might have missed otherwise. Last year, bug-bounty programs accounted for some 8% of all publicly disclosed vulnerabilities — up substantially from 5.8% in 2017, according to a recent report from Risk Based Security. In fact, the SECURE Technology Act (HR 7327), which President Trump signed into law last December, even authorizes the US Department of Homeland Security to establish a program that will let ethical hackers report bugs in federal government systems.

HackerOne’s data shows that American and Canadian organizations are the most active users of such programs, at least based on share of bounties paid so far. They are followed by entities in the UK, Germany, Russia, and Singapore.

US government organizations have been especially enthusiastic users of the program, Tucker says. “In the realm of hacker-powered security, governments and government agencies are decidedly progressive on their use and promotion of this proven approach to cybersecurity,” he says.

Tucker points to US Department of Defense programs, such as Hack the Pentagon and Hack the Army, which are conducted in partnership with HackerOne, as examples of the types of initiatives government organizations are taking with the crowdsourced vulnerability model.

It’s not just enterprise organizations that are benefiting from the programs. Bug-bounty platforms are proving to be a very effective way for countless independent ethical hackers around the world to monetize their enthusiasm for bug hunting, as well.

Some top hackers in HackerOne’s programs are making 40 times the median annual wage for security engineers in their home countries, according to the company. In the US, top earners last year made over six times the median annual salary of a software engineer based on salary estimates derived from PayScale.

A few researchers in the HackerOne program earned as much as $100,000 for disclosing a single critical bug. One hacker became the first under the program to top $1 million in bug bounties. Dozens of HackerOne clients also have hired security researchers they met through the program.

“We found that bug-bounty hackers are not in it just for the money, but we know those that are can make an impressive living,” Tucker says.

Bug-bounty programs offer competitive rewards but are not focused on competing with other markets on price alone, he says. Bug discoverers can sometimes make substantially more money sharing their information with so-called gray market buyers, which can include intelligence agencies and government.

“[But] the hackers that report vulnerabilities to bug-bounty programs are in it for the resume they can build, the relationships, the challenge, and the recognition,” Tucker says. “You lose all of this and gain a lot of uncertainty with other markets.”

Related Content:

• More Than 22,000 Vulns Were Disclosed in 2018, 27% Without Fixes
• Bug Bounty Programs are Growing Up Fast and Paying More
• 75% of Vulns Shared Online Before NVD Publication
• Profiles Of The Top 7 Bug Hunters From Around the Globe

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry’s most knowledgeable IT security experts. Check out the Interop agenda here.

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year … View Full Bio

Article source: https://www.darkreading.com/vulnerabilities---threats/bounty-hunters-find-100k+-bugs-under-hackerone-program-in-2018/d/d-id/1334048?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

RSA CONFERENCE 2019 – San Francisco – Chronicle, the division that spun out of Alphabet’s X, rocked the cybersecurity industry today with a new security data platform that ultimately could whittle down the number of security tools organizations run today to monitor and manage incidents.

The new Backstory cloud-based service works with Chronicle’s VirusTotal malware intelligence platform, and lets organizations view previous security data over time and more quickly spot and pinpoint details on malicious activity. “It gives security teams insight into what’s happening in the enterprise right now, with the same level of visibility into what happened yesterday, a month ago, even a year ago,” for example, Stephen Gillett, Chronicle CEO and co-founder said today in a media event for the rollout. 

What makes Backstory unique from other security offerings, not surprisingly, is its Google-esque approach to drilling down into activity on the network and devices and its ability to store, index, and search mass amounts of data. Most enterprises are constrained by the amount of data they can store and manage over a long period of time.

Backstory, however, could prompt some housecleaning for security teams and security operations centers that for years have been amassing multiple, and sometimes redundant security tools and threat intelligence feeds. The platform is Chronicle’s first commercially developed product.

Rick Caccia, chief marketing officer at Chronicle, told Dark Reading that among the tools that Backstory ultimately could replace or streamline are network monitoring, network traffic analysis, log monitoring, security information event management (SIEM) tools, and even threat intelligence feeds. Tool overload has become a chronic problem for organizations: the average company runs dozens of security tools and often doesn’t have the people power to properly employ or even stay on top of the tools and the data they generate.

Several companies already are using Backstory, including manufacturing firm Paccar, Quanta Services, and Oscar Health, and several security vendors today announced partnerships to integrate with Backstory — Carbon Black, Avast, CriticalSTART, and others.

Chuck Markarian, CISO at Paccar, which builds trucks, said his company expects Backstory to replace anywhere from three- to six of its existing security tools in the next year.

“In general, managing our costs is huge, [and] managing our spend in security, and figuring out how we can use less feeds,” he said during a customer panel during the media event. Managing multiple security tools is challenging, he said, so whittling down the number of tools is key. 

“I can’t find the people to manage it and I keep going back to our board and saying ‘I need another tool, I need another tool,'” Markarian said. “I want to get that number [of tools] dramatically down.”

Backstory initially provides a tool for threat hunting and security investigations, said Jon Oltsik, senior principle analyst for Enterprise Security Group. “In its current iteration, I think Chronicle [Backstory] assumes a role for threat hunting and security investigations. Its pricing, data capacity, and query speed are built for this,” he said.

Oltsik also predicts Backstory will streamline and also eliminate the need for some point security tools.

“In the future, I could see Chronicle becoming an aggregation hub for other security analytics tools [such as endpoint detection response, network traffic analysis, and threat intelligence, for example] and then subsuming some of these standalone technologies over time,” depending on Chronicle’s roadmap for the platform, he told Dark Reading.

Many large companies already have multiple security products for the same function, Chronicle’s Caccia said. “They have three network monitoring tools and multiple SIEMs,” for example, he said. Chronicle is pricing Backstory by customer, he said, hoping to target the pricing below its potential competitors. Some companies already spend a half-million dollars per year on tools, including subscribing to cloud-based capacity for storage and computing power for cloud services like that of Amazon, he said.

‘Operation Aurora’ Roots

Backstory grew out of the Google’s firsthand experience in 2009 when the company was hacked by Chinese nation-state actors, during the so-called Operation Aurora. Former Google security engineers who used big data analytics to build internal security tools for the search engine giant in the wake of the attacks. That work influenced Chronicle’s development of Backstory, led by former Google engineers and Chronicle co-founders Gillett and Mike Wiaceck, CSO at Chronicle.

During a demonstration of Backstory at the media event today, Wiaceck said the more data you add to Backstory, the more detailed a picture and story it provides of a threat or attack. “Attackers can’t hide” in Backstory, he said.

Meanwhile, ICS/SCADA vendor Siemens, plans to offer Backstory as part of its managed security service for ICS customers, according to Leo Simonovich, global head of industrial cyber and digital security at Siemens, which partnered with Chronicle on Backstory.

“For us, it’s providing our customers the understanding of what’s happening in their enviornment,” Simonovich said in an interview. “We’re hoping one day it [Backstory] will become the backgone of [our] managed security service.”

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise … View Full Bio

Article source: https://www.darkreading.com/analytics/chronicle-releases-chapter-one-backstory-/d/d-id/1334054?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Most security operations centers (SOCs), regardless of industry or maturity level, are challenged by a dearth of qualified experts and unmanageable numbers of security alerts that lack context or actionable value. Year after year, overcoming these obstacles continues to be at the top of the SOC wish list.

Combining the power of automation with advanced network and security capabilities could very well be the solution.

However, the very mention of the word “automation” often creates some anxiety. At one large managed security services provider (MSSP) where I worked as a SOC engineer, we were asked to report which job functions took up most of our time and suggest how they could be automated. Even though members of our group would at times struggle to manage all of their responsibilities, there still was concern over how automation would impact our jobs, rather than how it could improve our roles. 

Nevertheless, our SOC team developed a list of job functions that would benefit from automation, along with how it could be implemented. As changes were rolled out, we immediately began to notice some benefits. For example, building more automation processes into the SOC’s correlation engine enabled us to complete more tuning tasks on a daily basis and reduce overall event generation. This, in turn, allowed us to spend more quality time with clients, gain greater insights into their security programs, and collaborate on future projects.

Automation provided another important benefit: The MSSP’s senior analysts and SOC engineers were able to devote more time to documentation for the team’s junior analysts. This robust library of knowledge enabled less experienced team members to better identify exploit techniques and recognize common patterns, thereby gaining valuable knowledge and on-the-job training from their more experienced colleagues. This process translated into fewer escalations to senior staff, overall empowerment of junior analysts, and also accelerated their professional development.

Senior management soon began to recognize automation’s benefits. The SOC team was able to supply better, more relevant business metrics to drive organizational change. Better reporting provided data points we needed to hire additional analysts, invest in the development and adoption of new technologies, and assess the overall performance and productivity of current staff.

From an operational standpoint, automation helped produce measurable improvements across key customer service metrics, including time to detection and remediation, vulnerability management progress, and network disruption times, just to name a few.

In one instance, automation enabled the SOC to quickly resolve a widespread outage experienced by multiple clients, caused by the incorrect classification of common websites due to a networking equipment software glitch. Automated rulesets in place generated an abnormally large amount of denied traffic events across these multiple companies. Simultaneously, the affected organizations were notified of the activity via their ticketing systems. This immediate notification allowed the SOC to identify and quickly respond to an extremely unique event.  

As this real example illustrates, automating both network and security processes can help security teams evolve from reactionary fire-fighting to a more proactive response posture. Despite the apprehension often associated with the automation of SOC functions, it is an ally, not an adversary. 

Related Content:

• Security Analysts Are Only Human
• 2018: The Year Machine Intelligence Arrived in Cybersecurity
• AI in Security Carries as Many Questions as Answers
• The Coolest Hacks of 2018

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry’s most knowledgeable IT security experts. Check out the Interop agenda here.

Heather Hixon is a senior solutions architect for security orchestration, automation and response vendor DFLabs. She has been a SOC team leader, SOC analyst and SIEM engineer with NTT Security, and served in IT management roles with several other organizations. Heather is … View Full Bio

Article source: https://www.darkreading.com/threat-intelligence/heres-what-happened-when-a-soc-embraced-automation/a/d-id/1333985?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple