2018: The Year of Advanced Threat Prevention

A few years ago, the cybersecurity industry adopted a new mindset that went something like this: Cybersecurity controls are not very effective. Therefore, sophisticated cyber-adversaries can easily circumvent them, compromise networks, and execute data breaches. Hence, trying to prevent attacks is essentially a fool’s errand, so organizations should concentrate on incident detection and response. This line of reasoning was supported by an overly simplistic axiom that spread like wildfire in the industry: “There are two types of organizations. Those that have been breached and those that have been breached and don’t know it.” Now, I admit there was and still is some truth to these assumptions. Lots of security technology staples were porous in the past as they were designed to address known rather than zero-day threats. Furthermore, networks tended to be relatively flat and wide open for attack. With these shortcomings, many organizations shifted spending and focus to new technologies designed for threat detection like malware sandboxes, UEBA, EDR, network security analytics, etc.  So, what happened? Firms were soon overwhelmed by disconnected technologies, mountains of new security data, and a cacophony of security alerts. Alas, many organizations realized then that they had neither the staff nor the skills to fully utilize this threat detection technology. Oh, and the pervasive cybersecurity skills shortage probably means that this situation won’t change anytime soon. To read the complete article, CLICK...

Read More

Enterprises Must Address Internet of Identities Challenges

As November ends, everyone and their brother/sister will be writing about their IT and security predictions for 2018. Here’s a no-brainer from me: We’ll see massive proliferation of IoT devices on the network next year. Some of these will be general purpose like IP cameras, smart thermostats, smart electric meters, etc., but many others will be industry-specific sensors, actuators, and data collectors. Managing the deployment, operations, and security of all these devices will be quite challenging. Someone must figure out network access controls, connectivity, segmentation, baseline behavior, network performance implications, etc. This is where identity comes into play. Each device should have its own identity and attributes that govern connectivity, policy, and trust. My sagacious colleague, Mark Bowker, calls this trend the Internet of Identities (IoI). With Mark’s help, I introduced the concept of IoI in this blog, and further elaborated on the massive changes the Internet of Identities will bring in this one. So, IoI is coming fast, but ESG research indicates that many organizations are not prepared for the onslaught because: To read the complete article, CLICK...

Read More

The Case Against AWS – And It’s Not AWS’ Fault

Recently the NSA, a highly secure US government entity, left an unprotected disk image loaded with classified information right out in public on AWS. The NSA left it there on an “unlisted” server, but it didn’t have a password. Thus, if you stumbled across it, or someone went looking for it (a cybersecurity person at UpGuard did just that), it was yours for the taking. I will bypass all the ironic commentary/jokes that could/should be made and get to the point: It isn’t Amazon’s fault. If you are dumb enough to put this out there unprotected, you get what you deserve. Don’t blame the highway commission because you drove into a tree at 200MPH. What it does highlight, beyond human stupidity, is the ease of doing damage because no one is there to protect you from yourself. If this were any reasonable enterprise storing these records themselves, SOMEONE would be watching or protecting things like this from occurring. A security officer would have created policy that was pushed down to IT admins who would set up specific volumes that could be used for sensitive data with permissions to access that data enforced all over the place. Someone would be an adult. It’s not AWS’ job to be your babysitter. It’s their job to give you what you pay for—in this case, a virtual machine with a virtual disk. To read the complete article, CLICK...

Read More

AWS Is Not Slowing Down at re:Invent

AWS, as an established public cloud leader, can afford to rest on its laurels, but with competitors sprinting behind it, it is not slowing down in any way. During the Global Partner Summit at the re:Invent trade show, there were numerous announcements, including the Networking Competency for AWS Partners and the availability of PrivateLink for customer and partner network services. Are there any patterns I see? The most obvious item is that AWS is relentless in releasing new capabilities. The term “re:Invent” references themselves as well as the directive posed to their customers. A more pragmatic view is that AWS continues to fill in some holes in its offerings as the ecosystem evolves. AWS has a history of releasing many services per year, and it is not slowing down. To read the complete article, CLICK...

Read More

Cybersecurity, Mobility, and the Expanding Perimeter

As businesses lose control of devices and rapidly adopt cloud consumption models, identity and data have become the new perimeter for IT operations and information security teams to secure and protect. My colleague Jon Oltsik and I sit down together to highlight how mobility, identity, and security are creating technology challenges, organizational barriers, and business risks as the security perimeter expands at a faster pace than business can keep up with. The discussion sparks attention towards the IT vendors that are attempting to enhance security postures from within a silo as opposed to the new purview business are dealing with today. To read the complete article, CLICK...

Read More