The adoption of hybrid cloud environments driving business operations has become an ever-increasing trend for organizations. The hybrid cloud combines the best of both worlds, offering the flexibility of public cloud services and the security of private on-premises infrastructure. We also see an explosion of SaaS platforms and applications, such as Salesforce or Slack, where users input data, send and download files and access data stored with cloud providers.

However, with this fusion of cloud resources, the risk of data breaches and security vulnerabilities has also intensified. The 2023 Cost of a Data Breach Report found that 82% of data breaches involved data stored in cloud environments, with 39% spanning multiple types of environments. Cyber criminals know organizations’ most prized data is stored in the cloud, making this third-party infrastructure a perfect target.

Cloud environments are not static. It’s easy for us to spin up new cloud environments, whether that’s AWS, Azure, Google Cloud Platform or IBM Cloud. When data is stored across so many different environments and traversing across various networks, keeping track of where data resides, who has access to what and if sensitive information is exposed becomes challenging. In the wake of growing cyber threats as well as increasingly stringent regulatory mandates, it has become imperative for organizations to fortify their defenses with a robust security strategy, especially with the dependence on cloud infrastructure.

Hybrid cloud environments exacerbate key data security challenges for organizations, whereby the following questions may arise:

• Lack of control and visibility
  • Where is my data?
  • Is it regulated or sensitive data?
  • What resides in this data?
• Data flow and entitlement
  • How is data being accessed?
  • How can it potentially flow?
  • Is it properly entitled?
• Data vulnerabilities
  • Are my data controls sufficient?
  • Is data being exposed due to posture issues?

Three data security best practices

In order to maintain a robust security posture while data is stored across multiple different types of environments, there are three key tips to keep in mind:

1. Gain visibility and control over data in hybrid cloud environments, making it a top priority.
2. Choose the right approach to monitoring data activity.
3. Leverage AI and automation to increase speed and accuracy, enforce controls and detect suspicious behavior in real-time.

Taking action to understand and leverage these three tips will help you safeguard data in a hybrid cloud environment. Let’s delve deeper.

1. Gain visibility and control over data, no matter where it resides

In a hybrid cloud environment, data is spread across diverse platforms and locations, making ensuring comprehensive visibility and control challenging. Using SaaS applications brings the emergence of shadow data as it expands across the cloud rapidly. To combat this challenge, organizations must have a deep context of the data — what data is important to protect and why is it important to protect throughout the lifecycle?

To do so, they must be able to scan data sources and compile a master inventory of sensitive enterprise data that exists and then incorporate business metadata for context. This will then help fuel data security products with sensitive data intelligence. This capability should be extended to SaaS applications and data lake services. People are putting data in mass on applications — everyday employees are sending confidential business information and attachments over Slack or sharing passwords. How do we keep track of this data making its way into apps? The same applies to code repositories and storage repositories such as OneDrive or Office 365.

We need to expand beyond just finding data in the cloud-native services for the hyper scalers and examine inside containers residing on those cloud properties and within SaaS applications and data lake services. It is also critical to understand how data moves from region to region within the cloud or if an application has access to data that it shouldn’t – mapping potential and actual data flows will allow security teams to see what policies and configurations are in place and what is occurring.

By prioritizing data discovery and classification and fueling other tools with sensitive data intelligence, organizations can be better equipped to put the right protections in place.

2. Choose the right approach to data activity monitoring

Understanding how data is accessed and utilized is essential for maintaining data integrity and preventing unauthorized access or insider threats. In a hybrid cloud environment, data access is likely to occur from various endpoints, making it critical to deploy multi-layered monitoring mechanisms.

Understanding data movement is key for compliance, and organizations must be able to track data flows to and from cloud and on-premises repositories. This is especially important for organizations handling large amounts of personal data or personally identifiable information (PII). Organizations must comply with GDPR and keep data within geographies for data residency requirements. They must understand where the flows of data are to and from those repositories, look at both potential and real flows of data, and uncover misconfigurations or issues that might present a compliance issue.

Organizations must prioritize gaining real-time visibility into their data assets. Visibility provides actionable insights into data usage patterns, potential threats and compliance adherence. One key recommendation is to implement advanced data protection solutions that offer central management capabilities across multiple cloud platforms. This unified approach allows organizations to consistently monitor data movements, access patterns and anomalous activities and implement robust authentication protocols. Data encryption, data masking and tokenization techniques are also crucial in safeguarding sensitive data, ensuring that even if a breach occurs, the data remains unreadable and unusable to unauthorized individuals.

Organizations should implement strict access controls and role-based permissions to ensure that only authorized personnel can access sensitive on-premises or cloud data. There needs to be vulnerability management at the server — data created, going into the application — living in the data source. We should have an inventory of everyone who has access to data and what is the potential for data movement and incorrect access. Regular audits of user permissions can help identify any unauthorized access attempts promptly.

With USD 750,000 higher breach costs when breached data was stored across multiple environments versus on-premises only, continuous monitoring of data access and activity is paramount. This involves analyzing user behavior, detecting abnormal patterns and correlating activities across cloud and on-premises resources. Seek data security solutions that work across platforms to protect data as it moves between databases, applications and services. You need to monitor data at a lower, transactional level such as looking at access to data stores, databases and the actual transactions and SQL statements. Extending this visibility across hybrid cloud environments can significantly enhance threat detection capabilities by identifying suspicious user behaviors that may indicate a potential breach.

By prioritizing visibility and control, businesses can proactively detect potential security gaps, mitigate risks and respond swiftly to potential threats.

3. Leveraging AI and automation technologies

Manual security efforts may fall short in the battle against sophisticated cyber threats. Organizations should integrate artificial intelligence (AI) and automation technologies into their security strategy to bolster data detection and response. The 2023 Cost of a Data Breach Report found that it takes 291 days in breach response time when data was stored across multiple environments, 14 days longer than the overall average for containing a breach.

To close this gap, AI-powered security tools can quickly process vast amounts of data, identify anomalies and recognize previously unseen patterns that human operators might overlook. The average time to identify and contain a breach is reduced in correlation with the increased use of AI and automation technologies. Such capabilities enable proactive threat hunting and swift incident response.

Furthermore, automation streamlines incident response by enabling immediate actions when a threat is detected. Rapid response times reduce the “dwell time” of attackers within the network, mitigating potential damages and limiting the scope of a data breach.

A modern data security and compliance approach to protect data across the hybrid cloud

IBM Security Guardium offers a multi-layer data security strategy, no matter where it resides. With IBM Security Guardium, you can:

1. Apply policies from a single location and monitor and understand how users access data.
2. Access advanced analytics, surface threats ​and anomalies and context-based risk scoring to help automate investigation ​and remediation.
3. Leverage containerized orchestration to support elastic scalability and reduce maintenance costs, with flexible deployment options.
4. Utilize compliance tagging, pre-built policies, easy-to-use workflows ​and long-term data retention to help speed compliance and data security.

Take action to secure your organization’s data

Organizations are evolving how they store, access and utilize the data that is the foundation of business operations. The hybrid cloud offers unparalleled flexibility and scalability, but it comes with the responsibility of securing sensitive data from cyberattacks, ransomware, malware, human error or accidental loss. A robust cybersecurity strategy that emphasizes gaining visibility and control over data, monitoring data access and activity and leveraging AI and automation technologies is essential to defend against security risks evolving from a hybrid cloud environment. By implementing these recommendations and staying vigilant against emerging threats, organizations can safeguard their valuable data and uphold their commitment to data security in an increasingly cloud-driven world.

To learn more about these three recommendations in depth, join our webinar on August 30 at 11 a.m. where EMA analyst, Chris Steffen, and IBM Security expert, Eric Maass, will discuss how to best protect data across the hybrid cloud.

The post What you need to know about protecting your data across the hybrid cloud appeared first on Security Intelligence.

Organizations must grapple with challenges from various market forces. Digital transformation, cloud adoption, hybrid work environments and geopolitical and economic challenges all have a part to play. These forces have especially manifested in more significant security threats to expanding IT attack surfaces.

Breach containment is essential, and zero trust security principles can be applied to curtail attacks across IT environments, minimizing business disruption proactively. Microsegmentation has emerged as a viable solution through its continuous visualization of workload and device communications and policy creation to define what communications are permitted. In effect, microsegmentation restricts lateral movement, isolates breaches and thwarts attacks.

Given the spotlight on breaches and their impact across industries and geographies, how can segmentation address the changing security landscape and client challenges? IBM and its partners can help in this space.

Breach landscape and impact of ransomware

Historically, security solutions have focused on the data center, but new attack targets have emerged with enterprises moving to the cloud and introducing technologies like containerization and serverless computing. Not only are breaches occurring and attack surfaces expanding, but also it has become easier for breaches to spread. Traditional prevention and detection tools provided surface-level visibility into traffic flow that connected applications, systems and devices communicating across the network.  However, they were not intended to contain and stop the spread of breaches.

Ransomware is particularly challenging, as it presents a significant threat to cyber resilience and financial stability. A successful attack can take a company’s network down for days or longer and lead to the loss of valuable data to nefarious actors. The Cost of a Data Breach 2022 report, conducted by the Ponemon Institute and sponsored by IBM Security, cites $4.54 million as the average ransomware attack cost, not including the ransom itself.

In addition, a recent IDC study highlights that ransomware attacks are evolving in sophistication and value. Sensitive data is being exfiltrated at a higher rate as attackers go after the most valuable targets for their time and money. Ultimately, the cost of a ransomware attack can be significant, leading to reputational damage, loss of productivity and regulatory compliance implications.

Organizations want visibility, control and consistency

With a focus on breach containment and prevention, hybrid cloud infrastructure and application security, security teams are expressing their concerns. Three objectives have emerged as vital for them.

First, organizations want visibility. Gaining visibility empowers teams to understand their applications and data flows regardless of the underlying network and compute architecture.

Second, organizations want consistency. Fragmented and inconsistent segmentation approaches create complexity, risk and cost. Consistent policy creation and strategy help align teams across heterogeneous environments and facilitate the move to the cloud with minimal re-writing of security policy.

Finally, organizations want control. Solutions that help teams target and protect their most critical assets deliver the greatest return. Organizations want to control communications through selectively enforced policies that can expand and improve as their security posture matures towards zero trust security.

Microsegmentation restricts lateral movement to mitigate threats

Microsegmentation (or simply segmentation) combines practices, enforced policies and software that provide user access where required and deny access everywhere else. Segmentation contains the spread of breaches across the hybrid attack surface by continually visualizing how workloads and devices communicate. In this way, it creates granular policies that only allow necessary communication and isolate breaches by proactively restricting lateral movement during an attack.

The National Institute of Standards and Technology (NIST) highlights microsegmentation as one of three key technologies needed to build a zero trust architecture, a framework for an evolving set of cybersecurity paradigms that move defense from static, network-based perimeters to users, assets and resources.

Suppose existing detection solutions fail and security teams lack granular segmentation. In that case, malicious software can enter their environment, move laterally, reach high-value applications and exfiltrate critical data, leading to catastrophic outcomes.

Ultimately, segmentation helps clients respond by applying zero trust principles like ‘assume a breach,’ helping them prepare in the wake of the inevitable.

IBM launches segmentation security services

In response to growing interest in segmentation solutions, IBM has expanded its security services portfolio with IBM Security Application Visibility and Segmentation Services (AVS). AVS is an end-to-end solution combining software with IBM consulting and managed services to meet organizations’ segmentation needs. Regardless of where applications, data and users reside across the enterprise, AVS is designed to give clients visibility into their application network and the ability to contain ransomware and protect their high-value assets.

AVS will walk you through a guided experience to align your stakeholders on strategy and objectives, define the schema to visualize desired workloads and devices and build the segmentation policies to govern network communications and ring-fence critical applications from unauthorized access. Once the segmentation policies are defined and solutions deployed, clients can consume steady-state services for ongoing management of their environment’s workloads and applications. This includes health and maintenance, policy and configuration management, service governance and vendor management.

IBM has partnered with Illumio, an industry leader in zero trust segmentation, to deliver this solution.  Illumio’s software platform provides attack surface visibility, enabling you to see all communication and traffic between workloads and devices across the entire hybrid attack surface. In addition, it allows security teams to set automated, granular and flexible segmentation policies that control communications between workloads and devices, only allowing what is necessary to traverse the network. Ultimately, this helps organizations to quickly isolate compromised systems and high-value assets, stopping the spread of an active attack.

With AVS, clients can harden compute nodes across their data center, cloud and edge environments and protect their critical enterprise assets.

Start your segmentation journey

IBM Security Services can help you plan and execute a segmentation strategy to meet your objectives. To learn more, register for the on-demand webinar now.

The post Contain breaches and gain visibility with microsegmentation appeared first on Security Intelligence.

Many large businesses run SAP to manage their business operations and their customer relations. Security has become an increasingly critical priority due to the ongoing digitalization of society and the new opportunities that attackers exploit to achieve a system breach. Recent attacks related to corrupt data, stealing personal information and escalating privileges for remote code execution all highlight the new and varied entry points threat actors have taken advantage of. Attackers with the appropriate skills could be able to exploit specific SAP vulnerabilities to take full control of the SAP system and expose the critical information and processes of the company.

Among new SAP users and non-technical experts, there are multiple myths when it comes to SAP, like “SAP is a commercial product that delivers security by default.” The reality is that even after implementing the standard functionalities of an SAP solution, it is not secured by default.

Traditionally, companies were predominantly focused on the roles and profiles assigned to different users in the SAP system as the main control to improve the security in the SAP systems. However, this focus has been expanded beyond merely access control, and there are plenty of elements that need security factored in:

• Access management: In the SAP solutions, there are multiple ways to provide high privileges to users and to perform critical actions on the business processes, such as changing already created invoices, modifying existing purchase orders or trying to change the system configuration
• Custom code: According to best practices, it is better to build security in your code during the design process than waiting to have a breach.
• Configuration: An SAP system has hundreds of different parameters that influence the configuration of the system and therefore its security. As such, most customers have included security as a key part in their SAP implementation projects.
• Interface/integration with other systems: Interconnecting systems can be a dangerous activity if the security of both systems is not adequate and the connector is not configured properly.

IBM Security has defined a security framework featuring 13 layers that focus on the critical elements of the SAP stack. This framework uses a top-down approach, going from regulatory and compliance to the most technical details related to cybersecurity.

Figure 1: The 13 layers of SAP Security

Some years ago, the main activities on an SAP security project were focused on defining the appropriate roles and authorizations according to the Segregation of Duties matrix established by the customer or the best practices. However, those activities have been expanded to include the security of the DevOps and in the interfaces, consideration of encryption (at rest or in motion), performance vulnerability assessments, penetration testing and more.

A good starting point is to identify all the security aspects that could impact the SAP systems that are either running in a cloud environment or will be moved to a cloud environment. This activity evaluates the security considering the aforementioned 13 layers framework and combining the utilization of different assets to speed up the analysis.

These are some examples of the questions that will be answered during this analysis:

• Are the integrations between the SAP ERP system and other internal and external systems secure?
• Is the company monitoring the vulnerabilities in the SAP landscape? If so, is the company appropriately managing the vulnerabilities identified?
• Is the company correctly assigning the users’ roles in the SAP landscape?
• Is the configuration of the application layers of those SAP systems secure enough?

The final deliverable should be a detailed report including the security weaknesses and an action plan to mitigate the found risks.

This type of project is used to justify the security value behind the transformation program defined by the company and is utilized as a first step to start the security transformation in the SAP environment. After this activity, IBM offers different solutions to accelerate the security transformation and to manage the applications in a secure manner.

The key difference that sets IBM apart is that we analyze the client security posture from two different perspectives; we consider compliance and cybersecurity with the main objective of identifying all the weak flanks that could compromise the customer’s business.

Is your IT strategy considering the security of its SAP solutions? Is your company performing frequent reviews to assure that the SAP solutions have not been attacked or suffered a breach? How is your company managing the vulnerabilities identified in the internal or external audits? Learn how to best secure your SAP environments and get in touch with an expert to help you through your SAP security transformation today by accessing here.

The post Securing your SAP environments: Going beyond access control appeared first on Security Intelligence.

The protection of the SAP systems, as mission-critical applications, is becoming the priority for the most relevant organizations all over the world. The security hardening of SAP systems is key in these uncertain times, where threat actors start seeing SAP as the main door to perform successful attacks.

There are multiple surveys in the cybersecurity industry and the conclusions are significant: more than 90 percent of the CIOs and CISOs interviewed considered that a SAP breach would be a serious, very serious or catastrophic event in their companies. Moreover, two out of three respondents confirmed that their SAP environments were breached in the last 24 months, and the average cost of having the SAP systems off is $4.5 million. The interviewers considered that one of the more critical aspects in relation to the training of the employees is the lack of internal education associated with the SAP new technologies, such as SAP Cloud, HANA, Fiori or IoT.

The SAP systems are the core of the most relevant business processes and they need to be secure. The SAP systems usually store large amounts of data, part of it including confidential information that needs to be specially protected. Considering that SAP products are secure by default is a myth and it is needed to apply several features and correctly using different functionalities to achieve that security. That security is a critical aspect to avoid attacks in the IT environment.

In the market, there are different solutions with functionalities for identifying, analyzing and neutralizing cyberattacks in the SAP applications when they occur and before they cause catastrophic damage to the customer’s IT environment.

Some of the most general functionalities linked to the evaluation of the cyberattacks are:

• Improve security by monitoring the main critical events defined in the SAP systems. This helps to maintain the system’s security in a continuously changing environment.
• Acquire information about the suspicious activities. The most important assets in a company must be protected and with this solution it is possible to detect threats that could affect those assets. This could imply minimizing the financial loss and also the reputational and legal damage.
• Neutralize threats and attacks. As the threats can be identified in real time, this permits security teams to perform a quick mitigation action. This fact provides transparency and quick identification of security gaps.
• Protect the business operations. In general, the main capabilities of the threat management solutions, are useful to protect the data of the business operations and to facilitate the continuity of the business in case of any threat.

The best-in-class security experts have developed a specific methodology based on vast experience working with different customers in multiple industries with the purpose of identifying the best approach considering the initial customer scenario and implementing the solution in the most efficient way. From this perspective, there are 3 different approaches to take advantage of the different security solutions when looking to protect your SAP environments: 

1. Implementation of the threat management solution

This includes the technical implementation of the solution, the configuration according to the experience and the connection with the source systems. This approach also includes the installation and configuration of the different components related to the system.

b) Tuning of standard delivered patterns

Most of the commercial solutions for managing IT threats provide pre-delivered threat patterns. Those patterns, in most of the cases, generate false positives and it is necessary to have a team of experts with wide experience tuning those delivered patterns to assure that the alerts generated are precise and the customer effort should focus on their analysis.

c) Use cases definition

It is necessary to involve a best-in-class player that has experience in the automation industry and specifically for creating patterns for different threat management solutions. This approach can help the customer to define their own patterns, based on the critical assets, the critical categories or their most relevant weaknesses in the IT environment.

There are teams in the market composed of experts in different solutions and with wide experience working in security. Specifically, those experts have in-depth experience implementing several third-party solutions and there are some KPIs that are really noteworthy, like for example reducing the alerts generated by the threat management solution in 70 percent, and decreasing the effort to investigate alerts in 72 percent, obtaining a more efficient security monitoring platform.

Is your IT strategy defining the solutions to identify the potential attacks in your IT landscape? Are you already using a specific threat management solution and want to extract more value from the pre-delivered content? Do you have a very mature risk framework and want to define your own patterns and implemented them in your threat management system?

IBM Security is empowering organizations across the planet to better protect their SAP systems. Contact IBM Security’s experts to get more information and learn how you can bolster the security of your SAP environment.

The post How to secure your SAP environment appeared first on Security Intelligence.

Does the world need another acronym? Probably not. But it seems like one is born every day in the cybersecurity market. As a tradeoff for the brain power to recall their cryptic meanings, we should at least expect progress on the technology front.

We have seen this before. With all that’s happened in the last decade, point products for network security became next-generation firewall appliances, creating an ease-of-use and centralized management interface. In the world of cloud security, we are now witnessing a consolidation of workload protection, vulnerability management, container security, and posture management — all designed to protect cloud native applications.

Enter CNAPP… But will it help?

Cloud Native Application Protection Platform (CNAPP) is a category defined by Gartner as “an integrated set of security and compliance capabilities designed to help secure and protect cloud-native applications across development and production.” With the move to shift left, customers are challenged to protect workloads throughout lifecycles, and they will use every tool to accomplish that goal.

This leads us to the best practices for workload protection and how an integrated platform could streamline the process.

To avoid application vulnerabilities finding their way into production environments, IT teams are best suited to scan during all stages of development. No matter where the application may reside, whether in a hybrid and multi-cloud environment, the workload protections must be extended. For Kubernetes environments, such as Red Hat OpenShift, container protection must also be in place to cover all the bases.

Given that misconfigurations are the leading cause of cloud data breaches, it is important to implement a cloud security posture management (CSPM) solution to ensure there are no open ports or access. Ultimately the likes of cloud workload protection, in whatever form, will play a critical part in a zero trust architecture — where security policy follows the user, regardless of where the data may reside.

Each security capability mentioned above requires a stand-alone product, as well as a trained resource to implement and manage the solution. Challenges will remain to bridge the visibility across these disparate solutions, and it opens the door for an integrated solution like CNAPP to drive efficiencies and consolidate cloud security into a single management platform.

What are the benefits of CNAPP?

CNAPP promises to ease the pain for customers with a single pane of glass for cloud native applications during development and ultimately manage the workload, all while maintaining compliance standards. The integration of several cloud security features into one platform makes a lot of sense for customers to ease the burden of managing a complex environment and risk. Finding the skills to implement and manage CNAPP may be the ultimate challenge, and will require the broad expertise from a seasoned global systems integrator that can handle the entirety of the cloud native lifecycle — including DevSecOps, workload protection, posture compliance, and ongoing vulnerability management.

Here are some of the high-level benefits of CNAPP:

• Unified management console and visibility: Consolidate several cloud security capabilities under one platform
• Cost reduction: Move from stand-alone products to one integrated platform that requires less dedicated resources
• Comprehensive security: Gain an end-to-end approach for ongoing application security from development through production
• Security automation: Embed controls inside the entire DevOps landscape, driving a shift-left culture

Security for cloud native applications is a complex world, but with the right “utility knife” there is a collection of capabilities available within one platform that collectively addresses several security and compliance challenges.

Looking for more guidance on CNAPP?

The best course of action would be to speak with an experienced systems integrator that has consulting and managed services accreditation across the clouds your organization relies on. With their expertise, you can gain a better understanding of how CNAPP can protect your cloud native applications across development and production.

The post Cloud native application protection platform: A utility knife for cloud security services appeared first on Security Intelligence.

While you may have never heard of “Electron applications,” you most likely use them. Electron technology is in many of today’s most popular applications, from streaming music to messaging to video conferencing applications. Under the hood, Electron is essentially a Google Chrome window, which developers can modify to look however they prefer. Since Chrome is available on mostly all platforms — Windows, Linux, and Mac OS — once developers create applications, they will work just about everywhere.

Because of their widespread use in the consumer and business worlds, Electron applications can be a top target of attackers. And they may not require a vulnerability to exploit. As we have seen in the headlines, compromising Electron applications may simply require an inexpensive cookie purchase coupled with a phishing message to an unsuspecting employee.

The impact of an Electron application compromise can be devastating, which is why X-Force Red hacker Ruben Boonen (@FuzzySec) researched them a bit more.

A Q&A with X-Force Red hacker Ruben Boonen

Abby: Thank you for speaking with me today, Ruben. You mentioned you had wanted to research Electron applications because of their widespread use. What also made you want to dig into them further, especially considering you perform red team engagements for companies worldwide?

Ruben: I find Electron applications interesting, Abby, because of their widespread use, but also because of their less stringent login requirements. After the first-time logging into one these applications, it may not ask you to enter in your login credentials for another month (or longer). The application automatically logs you in, which means your computer can access any information, conversation, etc. that is on the platform. The application knows how to authenticate already without the user’s intervention. I wanted to see how that worked, mainly because I could use the findings for our adversary simulation engagements.

Abby: Where did you start your research process?

Ruben: Since the Electron platform is built on Google Chrome, public research exists already about how sessions are managed in the browser. Electron technology doesn’t operate exactly like the Chrome web browser. It operates differently. I dug into the known research about how it works, and that gave me the knowledge to figure out how Electron applications were automatically logging in users without requiring credentials. Using that knowledge, I built a tool aimed to attack a common messaging platform. We are incorporating the tool into our adversary simulation engagements to help companies find and fix gaps in their incident response processes.

Abby: From an attacker’s point of view, you wouldn’t need a vulnerability to exploit to compromise an Electron application, right?

Ruben: That’s correct. These are not vulnerabilities in the applications. It’s just the way Chrome session storage work. If I were an attacker and had access to your computer, I could pretend to be you on the application. I could extract your authentication information and pretend to be you, sitting at your desk. I could write to one of your peers, “Hey, I have a problem. Can you help me reset my password?” On red team engagements, we don’t have visual access to machines; we only have command line interface access. So, we phish people to gain access to their machines, and then use our custom-built tools to perform attacks against their applications, including Electron applications.

Abby: I understand you only use these techniques to help companies fortify their defenses, but if you were an attacker, what could you do after leveraging an Electron application’s automated login capabilities?

Ruben: If attackers can impersonate you, then they can access any data that is in the application. They can, for example, read your messages, send messages, download files that were shared on the platform, and conduct more attacks that would enable them to pivot onto the company’s network.

Abby: So, what can companies do to prevent these kinds of attacks? Since it’s not a vulnerability problem, I assume it’s more of a settings fix?

Ruben: This isn’t a problem with the Electron platform. It works as intended. I recommend companies limit the time applications don’t ask for users’ passwords. Some of these platforms ask you to enter in your credentials every few days. The more you can require users to enter their login information, without it burdening their every-day workload, the better. Companies should also collect logs. Most people log into these platforms from the same place, around the same time of day. So, if a log shows unusual behavior, such as logging in from another country at an hour that’s outside the user’s norm, it’s a red flag that a compromise may have happened. I will present more details about what companies can do during my talk at the Wild West Hackin’ Fest conference.

Abby: Yes, please share more details about the conference!

Ruben: I will be presenting a talk at the Wild West Hackin’ Fest conference from May 4-6. It will go more in-depth about my research into Electron applications and provide details about how companies can prevent these kinds of attacks. Our X-Force Red Adversary Simulation team is presenting six talks at the conference. You can view the full agenda here.

Abby: Thank you, Ruben! To our readers, if you are interested in learning more about X-Force Red’s Adversary Simulation Services, visit our site here.

The post Electron application attacks: No vulnerability required appeared first on Security Intelligence.

Necessity may be the mother of invention, and it also drives change. To remain competitive in 2021, companies had to transform rapidly. Today, many of us work from home. Remote and hybrid work models have become the new normal. But what about security?

In one recent survey, 70% of office workers admitted to using their work devices for personal tasks, while 69% used personal laptops or printers for work. Also, 30% of remote workers let someone else use their work device. Plus, cyber attack rates have gone through the roof. The average person may not think much about security, but they expect it. It all sounds like a busy security officer’s nightmare.

How can you possibly secure your perimeter when so many employees and users engage in risky behavior outside your firewall? The answer is to make identity the new perimeter. And thanks to identity and access management (IAM), this new, fluid perimeter can be secured.

The rush to secure identity

The IAM market is projected to grow from $13.41 billion in 2021 to $34.52 billion in 2028 at a CAGR of 14.5%. Why so much interest?

According to the 2021 IBM Cost of a Data Breach report, compromised credentials continue to be the most common initial attack vector. So, we need better credentials protection. Also, regulatory and organizational pressures continue to mount in a call to secure corporate assets. IAM solutions satisfy both these needs. There are other powerful incentives driving the rush to adopt identity and access strategies, too.

IAM secures the perimeter-less architecture

Protecting apps and digital assets in the remote context requires strict data access management. As device and connection types grow in number, security gets more complex and cumbersome. However, people can still enforce rules according to the who, what, where and when surrounding access to sensitive data.

Zero trust models, which include least privilege access, verify each and every connection and endpoint. This means the system grants every request for access the least amount of privilege. Zero trust ensures that resources are restricted by default, even for connections inside the perimeter.

IAM has become a centerpiece of this new vision. To meet current threats, security teams need to set a perimeter against each and every request for access, no matter where they come from. This is key for distributed teams who work worldwide with employees, partners and freelancers. And as team members change roles, access privileges must be granted or removed.

IAM software relies on machine learning and artificial intelligence to analyze key parameters, such as user, device, browser type and behavior. This enables them to rapidly spot something odd. You can also define adjustable risk scores to match the evolving access terrain. The result is a real-time, accurate and contextual authentication process across your entire ecosystem.

More benefits of IAM

Savvy business and IT leaders rapidly see other benefits that IAM models bring to a company’s performance. For starters, instead of badgering users (and wasting time) about non-authorized device use, people can access networks regardless of location, time or device.

For more complex environments, with multiple applications, you can grant access via single sign-on and multifactor authentication capability. This simplifies web and mobile experiences, increases productivity and drives down the drain on IT resources. From there, automated access management can streamline on- and off-boarding processes critical for remote teams.

Consider the boutique asset management firm that built a cloud-based wealth management platform for its employees, associates and clients. Accessible through a wide range of devices, an IAM-based portal gave the firm’s stakeholders access to a full suite of apps and tools that connect through an API gateway. The company’s website, Salesforce CRM, portfolio analysis software, custom-built in-house solutions and third-party offerings (such as Zoom) were all united to conserve resources, improve user experience and streamline performance.

Can you simplify compliance, too?

In 2020, governments passed over 280 bills or resolutions dealing with cybersecurity. Meanwhile, the General Data Protection Regulation’s Privacy by Design policy insists on data protection by design. Here, IAM fits the bill perfectly. After all, it builds in strong identity and access security into the system.

Keeping up with constant updates to regulations can be painstaking. So it’s comforting to know that a major compliance concern is secure access. Who has access to what data is a top worry as well. IAM goes a long way to satisfy both internal and external compliance mandates.

Let the right ones in

Human beings aren’t the only ones requesting network access. The digital space has exploded with the number of apps, APIs and internet of things devices that come knocking on your network door. IAM includes these connections as well with their own set of permissions and protocols.

An ideal IAM solution caters to all clients, partners, employees and contractors. It also responds to the ever-growing requests of non-human connections. IAM is not just a defense, but a better way to manage the workplace.

Consider the customer journey. From lead to prospect to customer, each interaction must be cultivated to account for user preferences and privacy while providing a great experience. Here, IAM tools can work double-shift to provide access authentication and assemble user profiles that enhance security and user experience.

Whether it’s an employee, partner or customer, every person has one identity no matter the device or platform. This can include access from apps, social media, websites and any other endpoint. This not only makes for a more holistic user experience, but it can also help thwart social engineering-type attacks.

Be perimeter-less, be secure.

While it might be tempting to fall back on rigid, complex authentication processes, this approach does more harm than good in the long run. One might argue that a static solution saves money, but does it really? It cannot address the myriad of attacks that continue to surface. If you consider the business and compliance benefits, a non-IAM solution may lock you out of other ways to improve outcomes.

Today’s digital landscape was thrust upon us before its time. To meet new challenges and seize opportunities, you must clearly define, and skillfully manage, identity.

The post IAM secures the new, perimeter-less reality appeared first on Security Intelligence.

How much do you know about the metaverse?

Everyone started talking about the metaverse in the summer of 2021. Facebook CEO Mark Zuckerberg kicked it off with his plan to focus his company on building what he imagined would be the future of social, business, leisure and culture: the metaverse. He even changed the name of his company from Facebook to Meta.

Since then, the chatter about the coming changes has been loud. Silicon Valley, the global tech industry, the media — everyone is talking about it. But what is the metaverse, exactly?

What is the metaverse?

Experts disagree on a clear definition. But the fuzzy outline is this: in the future, people will interact with each other in simulated environments in virtual reality (VR). Avatars will represent real people in the virtual spaces. Some of the things we do now in the real world will take place in the virtual world — meetings, school, art, concerts and more.

Most definitions include augmented reality (AR) as well. For example, if you buy or create a virtual dog in VR, you’ll also see your virtual dog running around in the real world when you’re wearing AR glasses. Some people include so-called Web 3.0 ideas in the idea of the metaverse — blockchain, cryptocurrencies and nonfungible tokens (NFTs).

Science fiction roots

Some assert or assume that there will be one metaverse — a single virtual world shared by all. The word ‘metaverse’ was coined in 1992 by author Neal Stephenson in the novel “Snow Crash”. In the novel, there was a single metaverse. That’s also true of other science fiction stories like “The Matrix” and “Ready Player One”.

Science fiction has mostly focused on the idea of a single digital world for everybody. The most likely outcome, however, will be many metaverses. Companies will create proprietary, incompatible virtual worlds they own and control. Zuckerberg mainstreamed the term, but nearly all tech giants and thousands of smaller companies are gearing up to be involved. “Second Life”, a 2003 role-playing game and attempt at a parallel digital world that failed to make a big impact on business, is even back in the running.

Either way, as more human activity takes place in virtual spaces, the challenges around security will become more important. The shift from today’s VR to tomorrow’s metaverse is mainly about shifting from video games to actual living in virtual spaces. Today, we tend to think about VR as strictly for entertainment. Changing it to a parallel universe where we spend much of our day raises the stakes for cybersecurity.

The Metaworst case scenarios

Fast forward 10 years into the future. Imagine business leaders have replaced Zoom calls and video meetings with meetings that take place in virtual reality— in the metaverse. Each meeting participant has an avatar that looks like a cartoonish version of the real person. When I look at someone’s avatar and they look at mine, we’re making avatar eye contact. I can see who’s talking and use real-world gestures and facial expressions which my avatar will convey on my behalf.

But how can we be sure that each person is actually who they say they are? An attacker might impersonate an authorized participant for a malicious purpose. Imagine if normal business meetings suddenly had a spy from a competitor in the room. Or, what if an imposter replaced the boss?

One widely embraced idea among companies working on future VR and AR applications (including Apple) is the building of biometrics into the hardware. For example, future products might include iris recognition in headsets or fingerprint readers on the sides. We can’t yet know if users will accept biometrics like this in the future. Future malicious actors might figure out how to spoof or defeat metaverse biometrics.

Anyone able to gain access to credentials or otherwise gain access to a metaverse account effectively becomes that person. It’s the ultimate opportunity for identity theft, spying and social engineering.

Man-in-the-room metaverse attacks

Another concern is invisible-avatar eavesdropping, or ‘man in the room’ attacks. Future malicious actors may figure out how to make their presences undetectable. From there, they could invisibly join meetings and listen in on business conversations. State actors and spy agencies, as well as industrial espionage actors, may devote enormous resources to figuring this out.

Commerce and even banking are expected to take place in the metaverse. Advocates talk about buying virtual real estate, purchasing virtual versions of clothing and valuables and paying for it all with cryptocurrencies. Attackers could steal any of this, leaving victims without property or recourse.

Today, social media is plagued with fake accounts, AstroTurf campaigns and automated bots pretending to be legitimate users. There’s no reason to believe that the metaverse will fare any better than social media platforms.

New world, new security solutions

Today’s threats may still exist in the metaverse era. However, the virtual worlds of the future will almost certainly involve novel threats that don’t really exist today.

For example, imagine an attacker being able to manipulate the environment and avatar to make the physical user injure themselves by falling down stairs or walking outdoors. Some experts have pointed out that because metaverse interfaces plug directly into our senses, our brains become part of the attack surface.

What we can imagine more clearly is the scale of the potential threat. The future of VR and AR spaces will involve a huge increase in new devices connecting to each other. It will include new apps and mountains of data moving around. If nothing else, the metaverse represents a gigantic increase in the attack surface.

We can’t know exactly how good or bad the security implications of metaverse platforms will be. But we can expect a whole universe of metaverse security challenges and solutions ahead.

The post Will the metaverse usher in a universe of security challenges? appeared first on Security Intelligence.

Data breaches come at such a fast pace that the public doesn’t seem to pay attention to the latest incidents, or they’re practically forgotten in a week — just in time for the next breach to make headlines. Instead of cries for better personal data protection, however, consumers seem less concerned even as more companies send them alerts saying their name, phone number or social security number was taken in yet another database attack. This dangerous attitude does nothing to protect the people whose data was exposed — or the businesses who employ them.

T-Mobile was in the spotlight in August after attackers stole personal details such as names, driver’s license numbers and social security numbers for more than 54 million customers. Before that, ParkMobile was targeted in an attack where 21 million personal records were taken, ClearVoiceResearch was hit for 15.7 million records, and 3.3 million records were taken in an attack on Volkswagen. Those, and many others, are already distant memories for most consumers. Even the 533 million personal records stolen from Facebook — an attack the social media company says was actually data scraping — seems forgotten.

These pervasive data breaches could be desensitizing consumers and creating a “why should I care” attitude. Since their personal information is already in the wild, they might reason, there isn’t any point in worrying about who has it. What they should be paying attention to are the targeted scams, phishing schemes and fraud that follows personal data theft. Complacency from breach fatigue makes them easier targets, and that poses a big data security risk for companies.

The Importance of Data Security Education

The Ponemon Institute and IBM annual Cost of a Data Breach Report for 2021 pins compromised user credentials as the most common attack vector for data breaches. The study found this accounted for 20% of incidents, and the worldwide average cost of a data breach was $4.24 million. In the US, that number jumps to $9.05 million.

In some cases, compromised credentials may have come from personal data stolen in data breaches or password brute force attacks. Other times, users fell victim to phishing scams where they were tricked into giving up their company login credentials or other personal information. For companies with thousands of employees, that amounts to thousands of opportunities for data security to be compromised.

Addressing users’ lack of concern isn’t, however, a lost cause. Education is key and requires teaching them about in-office security hygiene, as well as how to protect their computers and mobile devices outside of work. This is especially important with so much of the workforce working remotely.

How to Bring Security Hygiene Home

While company-owned computers, smartphones and laptops are managed by in-house policies, personal devices that may access or store company data often aren’t. Employees need to be aware of the importance of installing system and application updates for patching security flaws, and that opening documents or links from unknown sources could expose them to malware or data theft.

Many users aren’t aware of the importance of good password practices such as using unique and strong passwords for every account login, relying on a quality password manager and using multifactor authentication or tokens wherever possible. Some aren’t even aware that passwords to unlock their computer or mobile devices are critical for data security. Company policies dictating how and where personal devices can access company resources help reduce the risk, but can’t replace routine vulnerability assessments and training to find weak points — or even violations — in security policies.

Helping employees better understand phishing attacks designed to trick them into sharing company login credentials is important, too. For example, they may know what to look for in a suspicious email message but might not realize they can also be tricked into sharing their personal information in a phone call or text message. Employees need to know it’s important to report suspected phishing attempts just like any other suspicious activity they see.

Buying into Data Protection

Educating employees is an ongoing process that should start when they’re hired. Ongoing training helps keep awareness up and informs everyone of new and changing threats. Empowering people in each department to act as security liaisons essentially extends the information and security team’s access for employees, too. A coworker who “gets security” is often more accessible because they’re always around, and may also see potential data security issues before they become bigger — and more expensive — problems.

Balancing education and vigilance isn’t easy, and can lead to security fatigue and a fear of getting in trouble. If that happens, your data protection efforts are likely to fail. Open and transparent communication is key to keeping everyone on board. Understanding why data security policies are in place, and how proactively working to protect company and private data impacts employees are important, too. People rarely follow policies that seem arbitrary.

How to Know if You’re a Data Breach Victim 

Knowing if your personal data may have been taken in a data breach is important, too. Unfortunately, many consumers and employees don’t know how to find out if they’ve fallen victim to personal data theft. Luckily, there are reputable websites ready to tell you which data breaches may affect you. Have I Been Pwned and F-Secure’s Identity Theft Checker, for example, can check to see if your email address is included in known data breaches or databases that were unintentionally left unprotected on the internet. Have I Been Pwned also checks phone numbers against known breaches, which is another vector consumers often don’t think about.

Services like Have I Been Pwned and F-Secure are handy for more than identifying which data breaches impact you. These services also note what information was taken in each incident, and can remind users of accounts they forgot about long ago. Those forgotten accounts might hold information attackers could use to gain access to a company’s data, making it important for users to understand that forgotten accounts can be data breach threats, too.

The battle to protect your company’s data from malicious attackers is ongoing, as is the effort to educate consumers and employees on better security practices. While the former relies primarily on the CISO and their team, the latter relies on everyone. Helping users understand how protecting their personal data, and maintaining strong security practices at home and at work, benefits them as well as the company is a win for everyone.

The post Why We Need To Beat ‘Breach Fatigue’ — At Work and at Home appeared first on Security Intelligence.

We may be only a short time into 5G deployments, but discussions of the impact 6G technology will have on our lives have already started. In late 2020, the Alliance for Telecommunications Industry Solutions created a new group called the Next G Alliance to “advance North American mobile technology leadership over the next decade through private sector-led efforts.” 

You have certainly heard of some of the founding members of this organization, such as AT&T, Ericsson, Mitre, Verizon and Booz Allen Hamilton. In other parts of the world, such as in Korea, Samsung Research founded the Advanced Communication Research Center in 2019. Its principal engineer leads the 6G Vision Group at the International Telecommunications Union – Radiocommunication. 

What Does 6G Do? 

When we talk about 6G, we’re talking about the use of the terahertz (THz) bands, a spectrum that has previously been used in high-resolution health imaging technologies. The technological possibilities are kind of wild: holographic communications, multi-sensory extended reality, 3D coverage, minimal latency and mobile hotspots in lieu of physical towers. The difference will truly be astounding. 5G operates at four to five times the speed of 4G, for a max speed of about 20Gbps, whereas 6G is intended to work at a speed of approximately 1Tbps.  That’s 50 times faster than 5G!   

The Samsung G6 Vision White Paper gives a sense of what the hyper-connected life could look like by 2030. If history holds true, 2030 is a good estimate for 6G deployment, based on an NTT DoCoMo White Paper that outlines the timing of 3G, 4G and 5G deployments.

Elsewhere, China has openly stated that they want to be the leader in 6G networks and patents, disclosing that Huawei started investing in the technology back in 2017. And countries such as the U.S. and Japan have created investment alliances to keep pace and offer open-source alternatives to country-specific led communication infrastructure. These are all good reasons to draw the conversation into the mainstream.

The Same 5G Challenges, Just a Whole Lot More of Them

With a better sense of what the hyper-connected future could look like, it’s worth looking at the challenges, which are surprisingly similar to the significant ones that come with 5G.

• Manageability. The leap from 4G to 5G meant more data, more bandwidth, more nodes, more endpoints, more alerts and a greater need for orchestration. That’s a lot of “more”, and we can expect plenty more of it with 6G deployments. More of everything, moving faster than ever, presents a significant increase in management challenges. 
• Supply chain. If the security operations center isn’t overwhelmed already, increasing supply chain issues (both on the software and hardware sides) will likely get them there. And 6G has every reason to be a supply chain nightmare. A mechanism to certify devices still does not exist, security-by-design development lacks widespread use and even policy and governance issues, such as who is responsible for what (e.g. private sector versus government), have not been finalized.
• Usage. Who really is the consumer in a 6G world? Is it us mere humans, the traditional end-users, or all the devices and artificial intelligence trying to pump out that holographic image for us to gaze upon? Furthermore, are we looking at a possible end to the wired environment?  Depending on the number of connections, the attack surface can easily become “everywhere”, and the users can be “everyone and everything”.

Security Realities in a Connected World 

The ubiquity of technologies like 5G in our lives poses a question: once these hyper-connected networks go fully online, do they become too big to fail? Consider the following questions: 

• What does the “perimeter” currently look like? Does it even exist anymore?
• What roles does the cloud play, especially as edge computing increases its presence in the market? 
• Where is the private/public divide in terms of networks, especially if we see higher adoption rates of private 5G networks?
• What are the privacy safeguards in place, and where do they come into the process? 
• Will all the generated data ever be destroyed? If so, how? If not, where does it get stored and what are the associated security risks?

6G Security and the Human Element 

6G presents an opportunity for deep integration of artificial intelligence and networking functions, meaning that the security and privacy functions will also become more closely integrated. Just as all aspects of operations will begin to roll into one, so will risk, security and privacy operations. This truly begs the question: where is the starting point? Do you build your network around zero trust and security principles, allowing the privacy issues to flow from there? Or do you start with the privacy program and then let that shape your security program?

Currently, our operations are set up to protect the enterprise. Your organization’s most valuable currency, data, is still, for the most part, behind the fortress. But in a hyper-connected world, that data becomes further distributed, right down to the individual user and device. Therefore, the future of cybersecurity in a 6G world may no longer be about protecting the business network, but rather protecting the privacy of the individual. Cybersecurity leaders would be wise to focus on protection methods to fortify the individual’s ability to minimize risk, even if machines do end up becoming the ultimate “users” after the 6G revolution.

The post It’s Not Too Soon to Start Talking About 6G appeared first on Security Intelligence.