STE WILLIAMS

Executives taking part in a new study admit that remote working opportunities increase productivity, inclusivity, and diversity among a company’s workforce. Still, roughly 20% say that their company has no remote working policy. And among those, roughly half say that security is a major reason for their lack of a policy.

Lack of a policy doesn’t mean that remote work isn’t happening: 14% of survey respondents without a remote working policy say that at least some employees are working away from the office anyway.

According to a report on the study — conducted by technology research firm Vanson Bourne, on behalf of RealVNC — more than half of those who have no remote working policy say that there is either a policy in place restricting remote work or that their company lacks the technology to make remote work secure. 

These impediments are in spite of 65% of US respondents saying that implementing remote work would increase the number of staff they attract with disabilities, while a further 63% believe it would help employ more 18- to 35-year-olds, and 53% believe it would boost employment of women.

Dark Reading’s Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Article source: https://www.darkreading.com/mobile/security-concerns-limit-remote-work-opportunities/d/d-id/1333617?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Kaspersky Lab reportedly helped the National Security Agency catch a contractor who allegedly stole terabytes of classified data from the US government even as the security vendor itself was under mounting suspicion of spying for the Russians.

That’s according to Politico, which this week published a report on what it described as Moscow-based Kaspersky Lab’s unsung and unknown role in the August 2016 arrest of former NSA contractor Harold Martin. The report is based on input from unidentified sources and paints a picture of Kaspersky Lab that is somewhat at odds with the US government’s own dour assessment of the vendor as a potential threat to national security.

“It’s irony piled on irony that people who worked at Kaspersky, who were already in the sights of the US intelligence community, disclosed to them that they had this problem,” Politico quoted former NSA general counsel Stewart Baker as saying.

In a brief statement, Kaspersky Lab said it had no comment to offer at this time on the contents of the Politico report.

Martin was arrested just days after a then unknown group calling itself Shadow Brokers began leaking highly classified NSA cyberattack tools and exploits in summer 2016. Shadow Brokers did not reveal the source of the classified NSA documents, but announced it had a whole larger tranche of NSA data that it was willing to auction off to the highest bidder.

A search of Martin’s home near Baltimore showed him to be in possession of nearly 50 terabytes of misappropriated government data, including a large number of documents marked “Secret” and “Top Secret.”  

Court documents released last month in connection with Martin’s case—also first reported on by Politico—show that Martin was arrested shortly after he posted some Twitter messages hinting at his knowledge of the stolen NSA hacking tools. Two of the tweets were sent out literally minutes before the Shadow Brokers began dumping the NSA hacking tools, and led law enforcement to believe Martin was directly involved in the theft.

Last month’s court documents do not make clear if the NSA hacking tools were part of the 50 terabytes of data that Martin is said to have misappropriated. Neither does it say whether he has been specifically charged in connection with the theft of the NSA hacking tools. 

Martin currently faces 20 counts of willfully retaining information of importance to national security. His trial is set to begin in June. He faces decades in jail if convicted on all counts.

According to Politico’s sources, Martin’s arrest did not result from the NSA’s own investigations. Rather it was information from Kaspersky Lab that first pointed federal investigators in Martin’s direction.

For reasons that are still unclear, Martin sent a total of five private Twitter messages to two security researchers at Kaspersky Lab shortly before the Shadow Brokers leaks began. The messages, all of which were obtained by Politico, were sent from an anonymous Twitter account with the handle ‘HAL999999999’. 

Two of the messages suggested that Martin had valuable information on hand and wanted to meet with Kaspersky Lab’s founder Eugene Kaspersky. The remaining three messages, sent a couple of days later to a second researcher, were more cryptic with allusions to a new Jason Bourne movie and a link to a YouTube video showing the final moments of the movie “Inception,” Politico said.

When the researchers attempted to respond to Martin’s messages he blocked them. However, by doing some basic online sleuthing the researchers were relatively easily able to tie the tweets back to Martin and discover he worked for the NSA.

Once Kaspersky Lab had the details, a company employee contacted an NSA employee and suggested the agency might want to investigate Martin. That tip and Kaspersky’s evidence later led to Martin’s arrest, Politico said.

The US government so far has not acknowledged Kaspersky Lab’s reported role in Martin’s arrest. Neither has the government softened its stance against the company.

Lingering Suspicions

In fact, since Martin’s arrest, things have actually gotten worse for Kaspersky Lab as far as its relations with the US government are concerned. US federal agencies are currently banned from using Kaspersky Lab products and are under instructions to jettison any products of the company that they might have purchased previously.

The ban stems from suspicions that Kaspersky Lab is allowing Russian intelligence to spy on and scoop up data from computers running the company’s anti-malware tools. Kaspersky Lab has vehemently denied the allegations against it and has said the ban has seriously hurt its reputation and its ability to sell to US customers. The company has even taken the extreme step of offering up its source code for inspection by third-parties to support its claims.

Some have suggested Kaspersky Lab is the unfortunate victim of the current geopolitical climate between the US and Russia.

John Pescatore, a former NSA analyst and currently director of emerging security trends at the SANS Institute ,says the new news does little one way or the other to clear Kaspersky Lab’s reputation.

On the one hand, the US government has never released any actual evidence of wrongdoing by Kaspersky. And the company’s rumored ties with Russia’s intelligence agencies is probably no different from the involvement that many major US technology companies have with American intelligence agencies, Pescatore says.

“Pure speculation on my part but my guess is that Harold Martin believed that Kaspersky Lab could get him in touch with Russia,” he notes.  

Instead of going to the press like Edward Snowden did, and eventually ending up in Russia anyway, Martin probably tried this route as a way of avoiding any surveillance on direct communication paths to Russian agencies, he says.  Kaspersky Lab did the right thing at that point in turning him in, Pescatore notes.

“However, that act of turning him in does not change the uncertainty about Kaspersky one way or the other,” he says.

Kaspersky Lab had nothing to lose by turning Martin in; and some, in fact, could view the whole sequence of events as a clever play by Russian intelligence to take suspicion off the company, he says. “So, we are still where we were—no evidence Kaspersky Lab takes orders from Russian intelligence, but no real way to prove they don’t.”

Related Content:

• Ex-NSA Contractor Was a Suspect In Shadow Brokers Leak
• NSA Contractor Over 20 Years Stole More Than 50 Terabytes Of Gov’t Data
• Kaspersky Lab Files Lawsuit Over DHS Ban of its Products
• Kaspersky Lab Offers Up its Source Code for Inspection
• 2019 Attacker Playbook

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year … View Full Bio

Article source: https://www.darkreading.com/vulnerabilities---threats/kaspersky-lab-helped-us-nab-nsa-data-thief-report/d/d-id/1333619?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Companies are rushing to deploy containers in their application infrastructure — and in that rush, they’re deploying containers that they know are insecure. That’s one of the conclusions reached in a new report that looks at the state of container security.

The Tripwire State of Container Security Report was conducted in partnership with Dimensional Research. The study finds that companies are unsure about container security, and they’re paying a price for that insecurity.

That price is paid in security incidents: 60% of those surveyed say that their organization suffered a container security breach in the last year. Tim Erlin, vice president of product management and strategy at Tripwire, says that he was surprised by that number because there are relatively few reports of container breaches in the news media.

And the security issues don’t mean that companies aren’t concerned with security. Ninety-four percent of respondents to the survey say that security is one of their significant container concerns. “The first thing they want is how to detect bad things happening; the second is how to prevent those bad things,” says Erlin.

Not surprisingly, the level of concern tends to rise with the number of deployed containers. Thirty-four percent of those with fewer than 10 containers describe themselves as “very concerned” about security, while 54% of those with more than 100 containers deployed describe themselves with the same language.

The solution for the container security problem lies in the development cycle, Erlin says. “The way to address container security is to build security controls into the DevOps process. If you’re looking for vulnerabilities or mis-compliance, you want to find them in the build ahead of deployment, and you want to make sure the process will allow them to be fixed before deploying,” he explains.

Too many companies are using traditional security scanning processes, in which they scan for vulnerabilities when the application is deployed, and then try to fix issues in a DevOps process — and they’re finding that it doesn’t work, Erlin says. The problem isn’t primarily with the tools they’re using.

“I don’t think this is a technology challenge as much as an adoption challenge. There are tools available today in a variety of quality from a variety of companies, but we haven’t seen DevOps organizations adopting them as part of the build process,” Erlin says. Looking ahead, though, he sees promise in the form of new employees being hired to work with containers.

“I was talking to an analyst this morning, and he said that companies are seeing new hires bring the container technology with them from their time in colleges and universities,” he says. Still, the new hires are no quick fix: 71% of those in the survey say that they expect to see more container security incidents in the coming year.

Related Content:

• Security at the Speed of DevOps: Maturity, Orchestration, and Detection
• Cybersecurity in 2019: From IoT Struts to Gray Hats Honeypots
• 7 Non-Computer Hacks That Should Never Happen
• Qualys Snaps Up Container Firm
• ‘Simplify Everything’: Google Talks Container Security in 2019

Curtis Franklin Jr. is Senior Editor at Dark Reading. In this role he focuses on product and technology coverage for the publication. In addition he works on audio and video programming for Dark Reading and contributes to activities at Interop ITX, Black Hat, INsecurity, and … View Full Bio

Article source: https://www.darkreading.com/vulnerabilities-and-threats/container-deployments-bring-security-woes-at-devops-speed/d/d-id/1333622?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

The total number of vulnerabilities in Web applications reported by researchers jumped to 17,142 in 2018, climbing more than 21% compared to the previous year and driven in part by the large number of flaws found in Web applications and application programming interfaces. 

Popular content management system (CMS) WordPress had the most reported vulnerabilities, with 542. WordPress has a large ecosystem that includes more than 54,000 plug-ins: those same third-party plugins accounted for almost all—98%—of the Web security issues found by researchers last year, according to Web security firm Imperva, which published its findings in a report this week.  

That popularity and extensibility makes WordPress popular with Web developers but also with online attackers, says Nadav Avital, research manager for threat analytics at Imperva.

“These make WordPress a lucrative asset that many hackers set their eyes upon—any security hole they may be able to find and exploit can lead to a mass infection,” he says.

On the Rise

According to the National Vulnerability Database, the number of publicly disclosed overall vulnerabilities (not just in Web apps) jumped significantly in 2017, jumping more than 127% to 14,649 disclosed issues, after more than a decade of varying between 5,000 and 8,000 annual reports. Increases in the development of online applications, the use of open-source components, and more rigorous security testing are all likely contributing factors for the increase.

“It is somewhat expected that the overall number of vulnerabilities rises year after year,” Imperva’s Avital says. “Each year there are more products—new and legacy—to check and more sophisticated tools to check them with.”

According to the NVD, the number of overall reported vulnerabilities continued to climb in 2018, increasing nearly 13% to more than 16,500. Other organizations tracking more specific classes of security flaws have seen similar increases: the number of vulnerabilities in open-source components, for example, has increased 51% to more than 3,200 documented issues, according to software-security firm WhiteSource Software.

“We definitely see a lot of growth in terms of the number of vulnerabilities associated with modern applications,” said David Habusha, vice president of products at WhiteSource. “The attackers are focused on front-end facing Web servers, content management platforms, and Internet of Things.”

While WordPress accounted for more than 500 vulnerabilities, another content management system, Drupal, had two of the most attacked vulnerabilities, Imperva found. 

In terms of vulnerability classes, however, issues that allow commands to be run via another application—often referred to as injection attacks—accounted for 3,294 flaws, according to the report. Remote command execution accounted for the largest portion of vulnerabilities, with 1,980. 

IoT Vulns Dropped

While Web applications appear to be increasingly targeted, another major focus of vulnerability research—the Internet of Things—appeared to fare pretty well in 2018, according to the Imperva report. The number of vulnerabilities found in IoT devices and software fell to its lowest level in three years. 

The increasing interest in in developing security standards and best practices has likely prompted vendors to invest more in security, Imperva’s Avital says.

“While fewer vulnerabilities were found in IoT products, it does not mean that IoT is safe from cyberattackers,” he says. “While new IoT products may be more secure, many IoT vendors still don’t push security updates and if they did, it isn’t clear how to update or if they can even be deployed as some devices cannot be taken offline.”

Companies need to automate both their scanning for vulnerabilities and use agile develop methodologies to fix security issues as early in the software-development cycle as possible, says Dan Cornell, chief technology officer for the Denim Group, a software-security firm.

“I think we are still at the saturation point, where organizations have a much greater focus on the detection of vulnerabilities over the remediation od vulnerabilities,” Cornell says. “People are still doing a lot of testing, but they still are not fixing enough.” 

To fix vulnerabilities and reduce the number of issues that actually make it in production, code-checking software can help developers take a greater role in securing the software as it is written.

Related Content:

• Forget Shifting Security Left; It’s Time to Race Left
• Not Every Security Flaw Is Created Equal
• Your Life Is the Attack Surface: The Risks of IoT
• Bug Bounty Awards Climb as Software Security Improves

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT’s Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline … View Full Bio

Article source: https://www.darkreading.com/vulnerabilities---threats/web-vulnerabilities-up-iot-flaws-down/d/d-id/1333625?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

A 20-year old student living with his parents in the German state of Hesse has admitted to illegally accessing and publicly leaking personal data belonging to nearly 1,000 politicians, journalists, and other public figures in Germany.

A statement from the country’s Federal Criminal Police Office (BKA) did not identify the individual by name but said he had been provisionally arrested on charges related to spying and unauthorized disclosure of personal data. He was later released because there was no legal basis for detaining him. 

Germany’s Bild newspaper quoted local officials as saying the provisional arrest was lifted based on the hacker’s confession and the assessment that he possessed no flight risk. The hacker’s young age also contributed to the decision by German authorities to not detain him. The individual is expected to be tried as a juvenile and could end up with a relatively light sentence.

Police have recovered a computer and a storage device from the individual’s home and are currently analyzing them for evidence.

According to the BKA, the hacker claimed he had acted alone and had been motivated by a sense of anger over public statements by politicians and others. “The investigations have so far revealed no evidence of third party participation,” the statement noted.

The 20-year old, who used the online handles “G0d” and “0rbit,” began leaking the information via two Twitter accounts in early December. But the leaks weren’t noticed until last week.

One of the Twitter accounts he used was hijacked and belonged to an unidentified YouTube artist. The student used a VPN service to access the Twitter accounts in a bid to anonymize his connection, the BKS said. At least some of the leaked information – which included phone numbers, credit card data, addresses, photos and email communications – appears to have been obtained from public sources.

It remains unclear how he obtained the rest of the data. In comments to various media outlets last week, Germany’s Interior Minister Horst Seehofer said there was no evidence that any German government IT system or network had been compromised. Instead, the data appears to have been accessed by someone using stolen login credentials for email accounts, cloud services, and social media accounts containing victim data, Seehofer had noted.

The information leaks have garnered considerable attention both for its scope and for the fact that victims have included members of parliament and politicians from every major German party except the right wing Alternative for Germany (AfD).

Some had taken that as an indication that the leaks were politically and ideologically motivated. The data compromise had also evoked some comparisons to the cyber attacks on the Democratic Party and the subsequent data leaks in the run up to the 2016 U.S. Presidential Elections.

“It’s unsettling to think a single person pulled this off,” says Tom Goodman, director of international cyber business at Raytheon Intelligence, information and services. But it is not entirely unsurprising either, he says.

“Just like small bands of insurgents commit acts of asymmetric warfare and lone wolves can carry out devastating terror attacks, single cyberattackers can cause significant damage with an Internet connection and a little persistence,” Goodman says.

Security experts last week had theorized that the hacker would have had to break into multiple types of accounts to gather all of the information that was leaked.  It is currently not clear if that is indeed how the 20-year old obtained the data.

German authorities have merely noted they know how the theft was accomplished and have described the method used as “sophisticated.” But they are unwilling to disclose it in order to avoid imitators, Bild said. A German official speaking with the paper described the hacker as a “nerd” with no former computer training but being very savvy and technically capable all the same.

The data compromise—and the fact that it wasn’t discovered for several weeks—is prompting change. According to Bild, Seehofer has announced planned improvements to the German government’s cyber defense capabilities. One planned improvement is the addition of a 24/7 crew with an early warning system for quickly detecting and mitigating attacks, using the country’s anti-terrorist center as a model, Bild said.

Related Content:

• Data on Hundreds of German Politicians Published Online in Massive Compromise
• Russian Hackers Behind DNC Breach Wage Post-US Election Attacks
• Hackers Use Public Cloud Features to Breach, Persist In Business Networks
• 7 Ways Hackers Target Your Employees

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year … View Full Bio

Article source: https://www.darkreading.com/attacks-breaches/20-year-old-student-admits-to-massive-data-leak-in-germany/d/d-id/1333610?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Containerized environments, central to digital transformation, have become mainstream with notable speed. Cloud-native architecture and microservices-based applications are critical to enabling companies to move fast. To move quickly with safety, companies must accelerate the maturity of their container security strategies and implementations.

As production deployments pick up speed, security gaps become evident, presenting immediate risk to businesses. We already know that traditional security tooling and products don’t work to secure containers and microservices. As a result, most companies with container deployments are concerned about insufficient security strategies and investments and are looking to new companies for purpose-built solutions.

Along with deploying new container security platforms, companies realize they must also leverage the security capabilities and architectures inherent to cloud-native, containerized ecosystems. Container and microservices technologies, like Kubernetes, create an extraordinary opportunity to build infrastructure and applications that are secure by design. The best security platform for these technologies will tap into the power of the full ecosystem rather than add on a range of security functions separate from the infrastructure.

New Challenges and Strategic Shifts
Containerized environments are inherently more secure when built and used properly. But it takes experience with these systems to configure and run them securely. Often, the security team is not experienced with containers or Kubernetes. Many companies are rethinking their security roles and responsibilities in light of container adoption.

Strengthening Kubernetes security is one of the most fundamental things an organization can to do to protect containerized applications. Kubernetes has become the orchestrator of choice for most container deployments. Part of what makes it a powerful solution is the degree to which you can exert control with it, but with many “knobs” to tune comes the potential for mistakes. If you don’t set it up right, with the dashboard protected and role-based access control implemented, you can introduce business risk through unnecessary exposure. Also, Kubernetes is becoming a target because it’s widely adopted.

We recommend time spent on protection and hardening — Kubernetes includes a lot of moving parts, and given its role in application development, the question arises as to which team should secure it.

DevOps Gets Closer to Security
With the rise of cloud services and cloud-native architectures, the CIO’s team has shifted from providing and running infrastructure to enabling applications. And now, with containerization, the security team is making a similar shift, enabling rather than operating security functions. That’s because as security necessarily moves closer to the application, it enters DevOps’ domain. Because of their expertise and central role in building, testing and deploying applications, DevOps team members must take responsibility for protecting those applications and their infrastructure. Security teams likely will still define policies and put guardrails in place, but DevOps increasingly will operate the security tools closest to containerized applications.

DevOps also has the know-how to build security into the infrastructure earlier in the software development life cycle. Resilience and agility can be improved through the granularity of container technology. In cloud-native environments, the control layer and data plane are interwoven; you can write in a layer of logic to create continuous, instantaneous enforcement.

Containers and microservices give you the ability to make changes — including security fixes — on a nearly continuous basis. To fix an issue, simply replace a bad image with a good one, kill the affected containers, and when those containers rebuild, they’ll automatically use updated images. This way, you can address security gaps without breaking the entire application.

By weaving security solutions into the infrastructure and closer to the application, DevOps can give hackers quite a headache. If they succeed at infiltrating, bad actors typically are limited to seeing what’s in just a single container — broadening the attack means they have to replicate their intrusive maneuvers multiple times.

Given the inherent security constructs of containers, security and DevOps teams can work together to protect the infrastructure. Security team members don’t have to fully understand all the development tools — they can focus on sharing the security principles and policies to apply to the new dev tools. DevOps and security can better learn how to work together in new ways and speak each other’s language if they implement a container security platform that integrates native DevOps tooling, such as using Kubernetes for network policy enforcement.

Work Smarter
Intelligent, actionable, built-in visibility and control should be an integral part of any responsible security model. That’s already a tall order. With container technology, we add a portability requirement. For businesses trying to operationalize and secure containers across hybrid and multicloud deployments, the security model has to be at once holistic, highly portable, and deeply integrated. Hygiene, vulnerability management, and prevention are hallmarks of today’s security efforts.

As more vital infrastructure is built using containerized and cloud-native models, we need to shift our focus to detection. 

Vulnerability scanning and hardening are still important, but to do anything about runtime attacks, you need detection capabilities. And you can’t remediate manually — systems designed to scale up and out rapidly and iterate frequently, as containers do, require automation and machine learning. Kubernetes and containers provide the capability to automate the execution of a specific response to everything that is detected. The most effective security solutions will be those that make actionable detection possible — and eliminate counterproductive streams of alerts.

There’s much more to come. We’re at an exciting intersection of possibilities thanks to the convergence of containers, orchestrators, microservices, and DevOps capabilities. If we harness the momentum, we can advance standards, cultivate the portability and integration of security, encourage collaboration, and make the strategic investment to build holistic, sustainable systems that protect our digitally transformed world.

Related Content:

• 6 Ways DevOps Can Supercharge Security
• Kubernetes Vulnerability Hits Top of Severity Scale
• Kubernetes Deployments Around the World Show Vulnerabilities
• 49% of Cloud Databases Left Unencrypted

Kamal Shah brings more than 20 years of experience identifying new markets, creating category-defining products that delight customers, and building large businesses to his role as CEO of StackRox. Previously, Kamal was SVP of products and marketing at Skyhigh Networks, a … View Full Bio

Article source: https://www.darkreading.com/vulnerabilities---threats/security-at-the-speed-of-devops-maturity-orchestration-and-detection/a/d-id/1333583?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

OXO International, a US-based manufacturer of kitchen utensils and home goods, reported a data breach spanning two years that experts say appears to be a Magecart attack.

The company is notifying customers of a data security incident “involving sophisticated criminal activity” that may have compromised their personal data. It believes unauthorized code may have granted adversaries access to names, billing and shipping addresses, and credit card info.

In December 2018, OXO worked with forensic investigators to confirm the security of personal data entered on its website may have been exposed. It claims the windows of compromise include June 9, 2017, through November 28, 2017; June 8-9, 2018; and July 20, 2018, through October 16, 2018. Upon discovering the intruders’ code, OXO worked with security consultants to investigate the incident and determine the next steps to prevent similar types of attacks in the future, officials report in a letter.

Additional evidence and further analysis identified past website vulnerabilities. OXO investigated the malicious code, removed it, conducted system scans, and reissued access credentials. It is also providing identity monitoring to customers for one year via Kroll. Qualifying members are being sent an ID by OXO they can use to access the free service.

A closer look at the breach by BleepingComputer shows this is likely a Magecart attack. Magecart, an umbrella term for at least seven cybercriminal groups, has been gaining notoriety for stealing financial data by installing digital credit card skimmers onto e-commerce sites. Attackers implement code into a target site’s checkout page to lift data that customers enter. As the report explains, at least one of the OXO breaches was a Magecart attack to steal information.

Magecart’s victims have expanded from consumers to globally known brands, including Ticketmaster, British Airways, and Newegg.

Read more details here.

Dark Reading’s Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Article source: https://www.darkreading.com/attacks-breaches/magecart-mayhem-continues-in-oxo-breach/d/d-id/1333614?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

When looking at the artificial intelligence (AI) and machine learning (ML) components of information security products, it’s easy to get overwhelmed by the glut of marketing buzzwords. As a decision maker, how do you cut through the jargon to fully understand what you’re purchasing?

The key is in asking the right questions before purchasing a product. Here is my short list of key issues to address:

Issue 1: Technical Components
Sometimes vendors make big AI/ML claims but their products only use simple classification algorithms on a single type of data. Buyers need to ask which algorithms and frameworks are being used and whether these are existing algorithms or custom solutions developed by the vendor.

When vendors talk about how they implement AI/ML, buyers can get a better sense of whether they’re buying a point solution or a more comprehensive one. Note there is no right or wrong answer here unless a vendor point blank refuses to disclose what goes into its AI/ML. What you’re really looking for is transparency and a conversation on how its product will use AI/ML to protect your assets.

Issue 2: Flexibility
It’s important to understand whether AI/ML models are flexible and can be altered by the consumer. Vendors may claim their proprietary AI/ML security solution will solve “all your problems.” However, this should be a warning sign to any buyer. The truth is that algorithms are only a small component of how data flows through an enterprise security solution. By understanding how flexible a model is, and whether it can be customized after purchase, you’ll be able to make a more-informed purchase. Organizations have different needs. There is no one-size-fits-all solution here, especially when it comes to security.

Issue 3: Applications
Before you buy, you need to ask whether a security solution can handle the wide range of data that is only growing in complexity and type. No longer is looking at only log data enough when it comes to modern security practices. Call center audio recordings, video feeds, and other transactional data are the norm. You need to know whether your solution can handle these data sets or whether it’s a siloed solution. If your organization’s data stretches across silos and the AI/ML only works on certain silos, something may be missing.

Before you buy, ask whether AL/ML models can be applied to different types of data sets. You don’t want to find out after the fact that the AI/ML application is limited in scope and doesn’t meet your security needs. In addition, ask the vendor to show you examples of the breadth of AI/ML model applications in the product. This is a great way to get to the core of the vendor offering.

Issue 4: AI/ML Updates
AI/ML security solutions must be able to evolve and update as security threats do. To meet the constant onslaught of new threats, vendors must have the ability to update their algorithms. How does the vendor manage these changes in the threat landscape within their product? It’s a good idea to ask about how past AI/ML updates have been handled in terms of development, testing, implementation, and licensing.

Licensing is particularly important. You need to know if your organization’s data will essentially be held hostage until you’ve paid to apply a new algorithm. What if you want to apply a different algorithm? Will that also cost you? There isn’t one answer here that is the correct answer; however, knowing how this process unfolds in the future will help you prepare for the evolution on the solution that needs to occur.

Issue 5: Security Team Knowledge and Skills
Purchasing a security platform that supports the latest AI/ML toolkits can help build your team’s knowledge and skills. Before buying, you need to know whether the solution will build your security team’s understanding of your organization’s data or whether you will be relying on the expertise of the vendor and its proprietary solution. Ideally, any purchase will help your security team learn how data works internally and increase its understanding of data engineering and data science. It’s important to understand the balance between working with vendors and growing your own internal talent pool before you buy.

Another thing to think about: To recruit smart, data-driven security analysts, organizations need to use products and tools that encourage employees’ growth and knowledge. Considering how limited the pool of data scientists currently is, using cutting-edge technology is essential for recruiting new talent.

Asking the right questions will help you become a more-informed consumer. Being more informed and purchasing the right security solution means your implementation is more likely to be more successful too. Ask the tough questions before you buy — the security of your enterprise depends on it.

Related Content:

• 2019 Attacker Playbook
• AI in Security Carries as Many Questions as Answers
• Teach Your AI Well: A Potential New Bottleneck for Cybersecurity

John Omernik is a recognized expert in detecting security threats and preventing fraud using data analytics. Prior to joining MapR, John was senior vice president, security innovations, at Bank of America where his responsibilities included architecting a next generation … View Full Bio

Article source: https://www.darkreading.com/vulnerabilities---threats/cutting-through-the-jargon-of-ai-and-ml-5-key-issues/a/d-id/1333595?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

The US Office of the Director of National Intelligence (ODNI) National Counterintelligence and Security Center (NCSC) has launched a new free program to help private sector companies understand and defend against attacks by nation-state cyberattackers.

NCSC now offers a series of videos, brochures, and posters to raise awareness of the threat of foreign-sponsored cyberattack campaigns, and how to best protect against them.

“We made a determination to launch this campaign after a series of interactions with private sector representatives around the country,” says Dean Boyd, the NCSC’s chief communications executive. “While many corporate officials were well-aware of the threats to their businesses from foreign intelligence entities, many others were not and requested information and assistance. A key part of our mission at NCSC is to provide counterintelligence outreach to US private sector entities at risk of foreign intelligence penetration.”

Security expert say it’s not typical of the normally secretive NCSC – which reports to the Office of the Director of National Intelligence – to make such a public splash. 

“In many ways it’s long overdue to a degree,” says Drew Lydecker, president and co-founder of Avant Communications. “It’s a reiteration of how huge a deal this is and how large an issue security has become. It’s good they are talking about foreign travel and Wi-Fi [in the materials], especially for small and midsized businesses: they don’t always take the threat as seriously as they should.”

Jessica Ortega, a website security research analyst for SiteLock, notes that it’s important that a federal intelligence agency has taken the lead.

“Small businesses especially have to understand that they are a valuable target for hackers,” Ortega says. “Keep in mind that the average website gets 50 attacks a day … so small businesses owners shouldn’t think they are too small not to get attacked.”

NCSC’s Boyd underscored that while all businesses can benefit from these new materials, SMBs are an important focus of the NCSC’s effort. Many of these firms don’t always have adequate resources for cybersecurity or even knowledge of the threats to their businesses posed by foreign intelligence organizations, he notes.

Some of these materials previously had been disseminated to the federal workforce to heighten awareness, he says, but after recent interactions with the private sector and the many recent cases involving nation-states targeting US  businesses, the agency believed it was important to get these materials to the private sector as well.

The goal with this program up front is to provide companies both with basic information on the threats and simple steps they can take to mitigate risks.

Here are four areas the NCSC identified in its new program materials: 

Corporate supply chains. Third parties have been an area of risk focus since the Target hack several years ago. NCSC says companies should know their suppliers, the equipment and services they provide, and their service providers. Start by asking the right questions before procuring their products or services. Get acquisition and procurement people involved with the company’s risk management and security program.

Spearphishing emails. In October 2018, two Chinese intelligence officers and eight others were indicted for hacking US and European aerospace companies over five years to steal trade secrets on commercial aircraft engines. They allegedly used spearphishing to penetrate these corporate networks. Small manufacturers or banks in the Midwest or South think they are not at risk, but they are prime targets. Start by never clicking on suspicious links or attachments, particularly from unverified or unknown sources, the NCSC says.

Social media deception. China’s intelligence services regularly use social media platforms to spot, assess, and target Americans with access to business or government secrets. Be sure to maximize your social media privacy settings and double-check the source before friending strangers, the agency recommends.

Foreign travel. NCSC says when traveling abroad, businesspeople should not expect electronic privacy. Wi-Fi networks overseas are regularly monitored by security services and others who can insert malicious software into your device through any connection they control. NCSC says it’s best to leave electronic devices at home, but if you have to bring them, have them with you at all times.

Related Content:

• Half of Small Businesses Believe They Are Not Cybercrime Targets
• 9 SMB Security Trends
• 20 Tactical Questions SMB Security Teams Should Ask Themselves
• 5 Ways Small Security Teams Can Defend Like Fortune 500 Companies 

Steve Zurier has more than 30 years of journalism and publishing experience, most of the last 24 of which were spent covering networking and security technology. Steve is based in Columbia, Md. View Full Bio

Article source: https://www.darkreading.com/vulnerabilities---threats/ncsc-launches-nation-state-cyber-threat-protection-program-for-businesses/d/d-id/1333615?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple