By Mucteba Celik, Chief Technology Officer, RevBits

Driving forces, like multi-cloud, SaaS, mobility, and IoT, are causing enterprises to transition away from inefficient and complex legacy security architectures. Traditional solutions add high operational overhead and management complexity. Modern business networks are enabled by diverse security capabilities that can be delivered on-premises or as cloud services, that centrally manage and control the network edge. Today’s extended perimeter requires multi-layered security and a Zero Trust model to protect data, applications, endpoints, and networks – regardless of location.

Secure digital transformation is a business imperative

There is nothing conventional about today’s digital business transformation. The longer an enterprise holds on to strict traditional network perimeter confines, the greater their security risk, and their inability to compete with more technically agile companies. While enterprises can’t control the unsecured nature of the Internet, they can control and secure access to applications and systems that collect and store customer data and corporate secrets. A perimeter-less network means organizations can no longer rely upon a trust model. The identity of every user, device, and location must be verified and given authorization before allowing access.

Conflating multi-layered security capabilities

As digital infrastructure margins expand and edge intelligence increases, we must encrypt data and authenticate and authorize all users and devices. Secure access to network-connected assets is a requirement for true digital business transformation. A secure foundation for digital transformation requires a cohesive, unified, and user-friendly platform that supports security and privacy integrated throughout.

To accomplish this requires an integrated multi-layered security platform. This enables IT and security teams to support efficient, reliable, and secure on-premises and cloud services. All platform security functions can be viewed, automated, and managed through a single dashboard, enabling the flexibility to secure applications and services at scale.

Having a single view into everything, including identity, applications, and endpoints enable the governance needed through an integrated digital infrastructure with controlled access. A Zero Trust security model is key to enabling this, with advanced access controls across clouds, on-premises, hybrid, and mobile environments. Leveraging identity, by automatically authenticating and authorizing access based upon business policies, gives enterprises the control they need to protect their digital assets.

Don’t lose sight of your expanding business perimeter

Business success is no longer judged by the size of the walls that contain it. Software is breaking down walls, eliminating restrictive perimeters, and providing a secure and more risk-averse foundation of flexible, low-cost, simplified, and consolidated infrastructure. Today’s successful businesses are running faster than ever before and being driven by software that makes them fleet of foot and agile in execution.

An integrated software-based architectural approach, with capabilities like email security, endpoint security, identity management, deception technology, and ZTNA (zero trust network access), significantly increases an organization’s security posture. It closes security gaps, improves performance, and eliminates the need for multiple physical appliances.

These capabilities enable enterprises to extend their network perimeter, without gaps between siloed security functions. This simplifies and automates the creation, delivery, management, and operations of diverse security services, including configurations, policy, certificates, etc.

This software model requires a security platform that can abstract business advantages from the underlying infrastructure. One that can cross-pollinate security policies, unifying them with visibility across multiple domains, business units, locations, users, and devices. These are the requirements for securing today’s digital enterprise.

About the author

Mucteba Celik is RevBits‘ Chief Technology Officer. With over 15 years of experience in cybersecurity and development, he designed, architected, and led the development efforts of RevBits products, which utilize five of his patents. Mucteba is a hands-on and highly experienced cybersecurity leader with numerous advanced certificates, including GXPN, GREM, GCFA, OSCP, OSCE, etc. For many years Mucteba analyzed malware, cyberattacks, state-sponsored attackers, and cybercriminal behavior, and in parallel, he analyzed cybersecurity products, and their vulnerabilities and shortcomings. Overseeing more than 60 developers at RevBits, he has created a suite of innovative and effective security products that make cyberspace safer for enterprises.

Disclaimer

Views expressed in this article are personal. The facts, opinions, and language in the article do not reflect the views of CISO MAG and CISO MAG does not assume any responsibility or liability for the same.

The post Top Cybersecurity Rule: Don’t Put Your Business at Risk appeared first on CISO MAG | Cyber Security Magazine.

By Matias Katz, Founder and CEO, Byos

The report “Rise of Initial Access Brokers” examines the new role that Initial Access Brokers are playing at the top of the cyberattack kill-chain funnel.

IABs are de facto ‘middlemen’ whose business model is exactly what the name implies: they breach as many companies’ networks as they can. They then sell to the highest bidders that access victims. The buyers are often ransomware groups.

IABs have been proliferating lately largely because of the pandemic and the ensuing Work-From-Home migration. Workers who are logging into systems remotely and connecting from untrustworthy Wi-Fi networks create an exploitable vector of attack. Cybercriminals are exploiting this by scanning at scale for vulnerabilities which allow remote access, such as in virtual private networks (VPNs), and selling this access.

The $7,100 average selling price for access takes into consideration a victimized organization’s revenue, the type of access sold, the number of employees, and the number of devices accessible. RDP (remote desktop protocol) access, the most frequently listed access type for sale, let a threat actor take over a victim’s computer. RDP access typically goes for around $9,800.

The FBI notes that ‘RDP is still 70-80% of the initial foothold that ransomware actors use.’ RDP is believed tied to the Oldham Florida Water Treatment Facility attack, in which attackers attempted to alter the chemicals added to the public water supply.

Beyond the Remote User – As IoT Continues to Grow, So Do System Vulnerabilities

IABs are seeking to expand their offerings by also targeting a new threatscape: IoT devices. They see them as “low-hanging fruit” points of entry to corporate networks.

IoT devices are used as an entry point into the larger corporate networks, where the most valuable data resides because they aren’t built with security in mind. Legacy IoT devices such as servers, modems, PLCs, controllers, and networked medical devices are especially vulnerable as they are incompatible with modern security software agents.

Understanding the traffic at the edge of the corporate network is something that network administrators have long desired since they know their devices are exposed when connecting to any network.

A lot of remote access tools/protocols require local network and device configuration changes, which creates additional risk by exposing internal endpoints directly to the internet – a simple Shodan search confirms this. Once the attacker gains initial access to these exposed endpoints, it is difficult to remove this foothold from the network, let alone prevent it from spreading laterally, highlighting why IABs have become so prevalent.

Because of this, some organizations have even gone so far as to ban remote access to their systems altogether, forcing administrators and technicians to service endpoints physically on site. In a remote-friendly world, a better solution is necessary.

Securing Endpoints: Blocking Access to the Corporate Network

One strategy for mitigating risks of initial access at the edge is micro-segmentation using a secure endpoint edge device.  The main premise behind micro-segmentation asserts that the endpoint is never directly exposed to the network – it is isolated onto its own “micro-segment of one.” It enables organizations to own control of their edge by ensuring the traffic that flows to and from the endpoint flows to it on its own micro-segment.

Micro-segmentation also allows for Zero Trust Remote Access through what is called the “Secure Lobby”; Instead of an administrator configuring the perimeter to allow traffic to the endpoint directly, the secure endpoint edge acts as the gatekeeper to the endpoint, while maintaining full isolation from the rest of the network.

With Secure Lobby, both the remote user and secure endpoint edge “meet” in the lobby through an encrypted connection. The administrator can now remotely access the micro-segmented endpoint securely and perform any type of monitoring, updating, or patching necessary, without exposing the endpoint to the internet.

This is game-changing for secure remote management because attackers will no longer have direct access into endpoints, thus helping to eliminate the business of Initial Access Brokers all together.

About the Author

Matias Katz is the founder and CEO of Byos. Matias has 15+ years of experience in information security. He founded Mkit in 2008, which provided defensive and offensive security solutions, and is an official CISSP instructor. He has presented his research at cybersecurity conferences around the world and has a popular TEDx talk. He is the author of “Redes y Seguridad” (Networking and Security) and founded the Andsec international hacking conference.

Disclaimer

Views expressed in this article are personal. The facts, opinions, and language in the article do not reflect the views of CISO MAG and CISO MAG does not assume any responsibility or liability for the same.

The post Initial Access Brokers Are Breaking Into Corporate Networks and Selling Access to Bad Actors appeared first on CISO MAG | Cyber Security Magazine.

The following predictions offer insights into how cybersecurity will evolve in 2021:

By Jason Lee, CISO, Zoom

1. Data protection for the hybrid workforce will become increasingly complex.

• Many companies have embraced a fully remote workforce during this challenging time. Next year, many of these same companies will need to adapt to a hybrid workforce with some employees re-entering the office, and others staying remote.
• Security leaders will need to reevaluate their network security posture, maintain an effective data protection strategy on endpoints, and consider mobile device management (MDM). Corporate network congestion could also become a big issue for companies that have a lot of employees heading back to the office in addition to a large remote workforce.
• Companies with many remote employees will also need to support more endpoints than ever before. Protection of the data on these endpoints will be critical. Programs like BYOD will offer those employees secure access to the tools they need to stay productive.

2. Companies will move toward personal device authentication.

As we continue to practice social distancing in 2021, companies will move away from shared/communal computers, and shift toward supporting employees on their personal devices. Security teams will also need to deploy consistent authentication practices that support both in-office employees and those staying remote. Multi-factor authentication for corporate-owned and/or BYOD-supported mobile phones will be the most popular solution. Additionally, we will see a move toward passwordless access and leveraging other factors.

3. The war for cybersecurity talent will continue to heat up.

• This past year, many companies began hiring cybersecurity professionals remotely–no matter where they live. In 2021, cybersecurity pros will continue to be able to work from wherever they want. In particular, Zoom will continue hiring employees in the office and remotely for its cybersecurity team.
• One of the most effective ways to increase an organization’s security capabilities is to arm its development teams with rich training. Zoo m will be significantly investing in security training for its developers. The company supports continuous learning via secure code training, “capture the flag” competitions, and other gamification techniques to train its development organization on security.

4. The Zero Trust security model will be a primary focus in 2021.

With the Zero Trust model, employees must be authenticated and validated before given access to appropriate applications and the right level of data. As companies look to support a hybrid workforce, this approach will become even more attractive for security leaders, as it provides continuous checks as to whether employees need access at that time to sensitive data. Companies will also double down on endpoint controls to ensure their rapidly growing remote workforce stays secure.

About Jason Lee

Jason Lee is the Chief Information Security Officer at Zoom with 20 years of experience in technology, with a specialization in information security and operating mission-critical services. He was recently the Senior Vice President of Security Operations at Salesforce where he was accountable for the global organization delivering critical end-to-end security operations to customers and employees including company-wide network and system security, incident response, threat intel, data protection, vulnerability management, intrusion detection, identity and access management, and the offensive security team. Before Salesforce, he held the position of Principal Director of Security Engineering for the Windows and Devices division in Microsoft.

Disclaimer

Views expressed in this article are personal. The facts, opinions, and language in the article do not reflect the views of CISO MAG and CISO MAG does not assume any responsibility or liability for the same.

The post 2021 Security Predictions: Endpoint Security is of Utmost Importance appeared first on CISO MAG | Cyber Security Magazine.

By Pankit Desai, Co-founder and CEO, Sequretek

One may wonder what the above context has got to do with the topic of endpoint security — to start with: there is a “Virus” with a play here and, like its biological cousin, it seems to morph to a changing landscape, albeit technological in this case. It was way back in 1971 that the world encountered its first computer virus, “Creeper.” Since then, there has been a constant game of one-upmanship between the attackers and defenders. For a while, it seemed like the good guys had the upper hand only to be proven wrong, and for a few legitimate reasons.

Technological Changes and its Impact

Lowering of costs and complexity has resulted in the democratization of technologies like – IoT, cloud, big data, mobility, robotics, and additive manufacturing.  This technology infusion has transformed manual and offline systems into automated and networked employees moving out of their offices and data centers, moving to the cloud.

Before COVID, the companies who understood technology’s power had started embracing this transformation and absorb its impacts. However, the laggards ended up getting caught pretty much unaware. They were forced to quickly figure out a way to enable their enterprises to “work from home” scenarios and open up their internal processes to external access. As if this was not enough, the WFH creates an additional challenge where ‘personal assets are being used for professional purposes’ and ‘professional assets are being used for personal purposes.’

Enhanced Security Risks and Responses

Technological advances and changing circumstances have impacted how enterprises have configured their IT infrastructure, forcing them to rethink how they now need to be secured.

Traditionally there was an emphasis on a strong perimeter defense to protect critical assets, be it endpoints or servers in one’s datacentre, since they were supposed to protect the perimeter. However, there was a lopsided budget allocation leading to a strong perimeter but weak device security. For most of them, a signature-based antivirus was sufficient for endpoint security, and patching was done sporadically, if at all, for servers.

The result is for everyone to see. Pull up any report by analysts or security experts, and one sees varied statistics suggesting that attacks on the endpoints are on the rise and are the cause of the majority of breaches. Thankfully, there is a consensus that the endpoint is the new perimeter that needs to be defended.

Reactive Approach Leads to New Challenges

The industry has gone about addressing the threat perception by offering a series of layered products, each of whom solves a specific security challenge.

Antivirus (AV) was the first technology, launched in the late 80s, to address external threats by leveraging signature, behavior, and heuristics-based models. As zero-day attacks and advanced persistent threats (APT) started coming in somewhere in early 2010, one saw emulator based Anti-APT technologies coming into the market. We are now witnessing the proliferation of machine learning-based technology Endpoint Detection Protection and Response (EDR) to address the challenges of file-less malware, the effectiveness of emulator technologies, and signature dependencies with AV.

On the other hand, the need to understand and improve environmental hygiene resulted in another technology set.  Asset management to get an understanding of the heterogeneous landscape, both hardware and software. Application whitelisting to reduce the software asset sprawl and the consequent security risk. Vulnerability / Configuration Management to identify software vulnerabilities, followed by Patch Management, to fix the same.

Add technologies like encryption, device control, data loss prevention, host firewall, VPN, and you get the drift. It almost seems that every time there was a new security challenge, the industry’s response was to offer a new product, not only that, most of these technologies don’t talk to each other. It’s a classic case of six blind men and the elephant story, where each one touches a different part of the elephant to give a view on what they were seeing. In most enterprises, the endpoint security realm is about managing multiple management consoles, each reporting their point of view on devices’ health. The situation becomes even more complicated when the consoles can’t even agree on the inventory count as each of them reports independent numbers with considerable time spent on reconciliation.

Technology Bloat and Ensuing Challenges

Way back in 2015, Gartner coined the term “endpoint protection platform” (EPP), defining it as a solution that would converge endpoint device functionality into a single product that would combine several point technologies into one. Most of the technologies mentioned earlier are part of the Advanced EPP feature set.

It’s been more than five years since. A recent report by a security leader identified that, on average, there 50-70 different security tools that enterprises end-up investing in, and 35% of the security products had overlapping functionality. These findings should not come as a surprise, looking at how one sees the bloat of technologies for the endpoint space.

As if the technology bloat challenges weren’t enough, the same report identifies 80% of the tools as poorly configured. The way the market today operates, the product companies come out with products with rich but complicated feature sets. The implementation and subsequent management are left to poorly trained customers or resellers, leading to misconfigurations.

Therefore, the result is to talk to any CXO these days, and one hears a familiar grouse, “I spend so much money on these complicated three-letter acronym products. I, however, don’t get an answer to a simple question: Am I secure?” This has caused significant consternation with the security community that will need rectification.

Is there a way forward?

While the sins of the past have come to haunt us as the endpoint security battle remains unsolved and probably more complicated than before, we can take a series of measures to earn the trust back by thinking in the customer’s interest.

Machine Learning: Effective use of ML would be an effective method to remove the challenges of continuous security updates. However, there are two schools of thought on where the ML capability should reside agent v/s cloud. While the cloud gives much better control, there is an issue, especially in countries with relatively poor internet infrastructure or data residency issues, sending packets to the cloud for analysis may not be viable. A hybrid model with some localized capability for ML may be a better option.

Single Agent, Single Console: It is high time that products start looking at the endpoint security as an integrated problem, and not silos. It is heartening to note that companies branch into adjacent spaces and the coverage points seem to be improving. There are a lot of paths still to be covered.

Reduce feature bloat: In a zeal to differentiate the products, there are quite a few features that have made the products too complex to implement and run. There needs to be a critical view of what is essential as a feature set and what can be knocked off to make them simple to implement and manage.

Open interfaces: In the short run, at least till the consolidation play pans out, there needs to be an agreed API framework that allows the product to co-exist and lean on each other to become part of the security chain.

Platform v/s product: It is essential to think of a platform-based approach where products (yours or someone else) can be plugged in as new technologies or needs come. Expecting customers to overhaul their security architecture every time a new digital transformation wave comes in (5G, IoT) is not viable.

In closing

The federated nature, heterogeneity, and volume of endpoints make them the weakest link for enterprise security. It will need stakeholders’ collective efforts to overcome the inherent nature of the risk attached to them.

Till then, maintain social distance and stay safe for overcoming the risk attached to another virus that is running rampage across the world.

About the Author

Pankit  Desai,  Co-founder and CEO of Sequretek, a Mumbai-based cybersecurity company, launched it in 2013 with an aim to provide enterprise clients an end-to-end cybersecurity platform. Pankit, a veteran of the IT industry, brings 20+ years of hard-core technology and leadership experience from the information technology industry to lead Sequretek. Prior to Sequretek, he was with Rolta as the President of Business Operations. He has also served in a senior leadership capacity with NTT Data Inc, Intelligroup, Wipro, and IBM India. His vast experience has given him the ability to manage and scale global business units and service lines rapidly and efficiently. Pankit has diversified business operations and created an organization that has a multidimensional growth, understanding of business support functions, Financial Planning and Analysis, Recruitment and Operations, Internal IT, Quality, Marketing, and Alliance.

Disclaimer

Views expressed in this article are personal. The facts, opinions, and language in the article do not reflect the views of CISO MAG and CISO MAG does not assume any responsibility or liability for the same.

Is Your Endpoint Device Secure? Take our Endpoint Security Survey and win exciting goodies. Don’t miss out! Take Survey Now!

The post Endpoint Security: Your First Line of Defense appeared first on CISO MAG | Cyber Security Magazine.

By Nilesh Jain, Vice President, Southeast Asia and India, Trend Micro

Today, the major area of concern in any organization is to secure the endpoints and servers where most of the breaches and frauds happen. It’s not surprising in that context that so many IT leaders see endpoint security as a critical issue. In fact, endpoint security has become a hot topic on the cybersecurity front and is rising ever higher on IT managers’ to-do lists. IT leaders want a more effective, easier to use solution to address this issue. They need to find products that can consolidate a range of security capabilities into one easy-to-manage suite.

Endpoint security has changed fundamentally over the last two decades, in many ways mirroring the evolution of the wider information security market. From the first basic anti-malware scanners of the ‘90s, through innovations in black- and whitelisting, intrusion detection, web and email filtering, and today’s sophisticated targeted attack detection products – we’ve surely come a long way.

EDR – The Black Box of Breaches

EDR systems offer defenders the first line of defense that gives them a way to gain greater visibility into what is happening at the interface between production systems and the internet, with all its threats and malicious activity.

With traditional endpoint security technology, visibility into how a threat entered the network and its travel path is limited. One reason is that, when a hacker has compromised a device, he is likely to wipe away his criminal traces. Once an attack is discovered, customers want to know what the root cause was, and how it spread. When security teams go back to investigate a breach, the devices look pristine. They do not have enough information to piece the breach together. Now, with endpoint detection and response (EDR) technology, they are finally able to.

EDR works by recording the security events on any device connected to the corporate network. These endpoint devices include desktop computers, laptops, smartphones, tablets, thin clients, printers, or other specialized hardware such as POS terminals, etc. EDR is the black box of breaches. Some of these events may be regular activities; some may reveal a clue to how the threat inched towards the irreversible catastrophe. When a breach has taken place, EDR enables security teams to playback the infection and understand what has, and how it happened.

EDR Adoption

As per a global survey by Enterprise Strategy Group, 70% of organizations are already using EDR. Enterprises are always looking for new techniques to protect themselves from increasingly sophisticated malware and some standalone EDR vendors deliver their detection and response capabilities as part of EDR. To use it effectively, one would require years of training and hands-on experience. Not all companies have a security team that can do that. The downside of EDR is that it is operationally intensive. When you combine that with a global skills shortage in cybersecurity and the high level of skills needed to use the root cause tools, many customers can’t keep with EDR. While EDR tools can be difficult to use for less experienced operators, they can improve overall security efficiency by reducing the time to detect and respond to security incidents.

EDR is crucial for advanced endpoint protection solutions capable of detecting suspicious behaviors at all levels of the computing stack from the device to the user. Another key EDR functionality is that it enables security teams to do proactive threat hunting. As the EDR market matures, Gartner expects feature improvements to focus on increasing the capabilities of the adaptive security architecture to provide more holistic and integrated security capabilities.

EDR from a Security Provider and a User Standpoint

As threats continue to become stealthier and capable of evading traditional cyber defenses, cybersecurity leaders today need a comprehensive enterprise cybersecurity strategy that pre-empts threats, reduces risk, and responds to every regulatory requirement. Security leaders are concerned with increasing complexity in their endpoint environment, compounded by advanced, multistage attacks going beyond typical malware.

Endpoint security suites are now more than ever being tasked with protecting against targeted-style threats that utilize multiple stages involving user interactions, exploit chaining and script-based attacks. As mass threats increase in sophistication, buyers and vendors have begun focusing on behavioral detection with an automatic response. According to Forrester, endpoint security suite customers should look for providers that:

• Tightly integrate threat prevention, detection, and response
• Extend visibility and control over a broad endpoint ecosystem
• Offer flexibility in a variety of environments and risk tolerances

The highest priority for customers is improved detection and response, and hence we’ve integrated these capabilities into our endpoint protection platform to leverage the automation that already exists, which provides enterprises with better-layered protection. For instance, advanced detection capabilities such as behavioral analysis, pre-execution machine learning, run-time machine learning, and vulnerability protection work in concert with other endpoint detection and remediation capabilities.

Customers require a multi-layered approach to endpoint security incorporating tools that combine superior performance with low cost and centralized management. We believe it’s all about delivering the best in threat protection across all endpoints, email, and web; and ensuring that customer data is safe whether it’s run in a physical, virtual or hybrid environment. For enterprises that want to have root cause analysis capabilities on top of their advanced detection and response, endpoint sensor allows them to query endpoints and build a detailed analysis of how and where advanced attacks occurred. For those enterprises that may not have skilled threat researchers to develop this, we are expanding their MDR services that are already available in some limited geographies.

EDR is Here to Stay

Needless to say, EDR is a complex technology; its overarching benefits will make it indispensable for organizations in this highly connected digital world. Gartner’s predictions validate that EDR is here to stay. Their findings suggest that by 2022, 60% of organizations that leverage endpoint detection and response capabilities, will use the endpoint protection solution from the same vendor or managed detection and response (MDR) services.

Hence, for enterprises that are increasingly looking for scalability, strong data management, flexible analytics and open integration, EDR would be a mainstay in the 21^st century.

About the Author

Nilesh Jain heads South East Asia and India Operations for Trend Micro since January 2018, before that he was head of India operation as Managing director of Trend Micro India business. During his stint at Trend Micro, Nilesh has been instrumental in scaling business through Sales Management, Profitable growth & adding new Customers in the fold.

With over one has half-decade of a successful Sales career at Trend Micro, Nilesh has handled Channels, SMB, Enterprise & Govt segments with equal excellence. As head of the Business, Nilesh is responsible for all functions, with foremost emphasis on managing Sales Operations, Profit & Revenue in India, and SEA (Southeast Asia) region.

Disclaimer

Views expressed in this article are personal. The facts, opinions, and language in the article do not reflect the views of CISO MAG and CISO MAG does not assume any responsibility or liability for the same.

Is Your Endpoint Device Secure? Take our Endpoint Security Survey and win exciting goodies. Don’t miss out! Take Survey Now!

The post The Evolving Role of Endpoint Detection and Response appeared first on CISO MAG | Cyber Security Magazine.

By Brian Pereira, Principal Editor, CISO MAG

1. It’s a two-way street – The threats to IT infrastructure could come from the endpoints. A device with out-of-date software or no antimalware, and a careless user could open a can of “worms” that could crawl back to the private or public cloud (upstream) and then spread laterally, infecting other devices on the network. But the threat could also come from the Internet itself. A compromised service, malicious scripts, cross-site scripting, misconfigured S3 buckets that may have been infected; poorly configured cloud resources – could all infect the endpoint (downstream). Both the cloud service/resource owner and the endpoint user/administrator are equally responsible for securing the endpoints.

2. CASB – Cloud Access Security Broker is the way to ensure proper security in both directions (upstream and downstream). It is a software that acts as an intermediary between users and cloud service providers. McAfee, a pioneer in CASB technology, says CASB allows an organization to extend its security policy from on-premise infrastructure to the cloud — and create new policies for cloud-specific context. This includes SaaS, IaaS, and PaaS environments across public, private, and hybrid clouds.

3. Now even the Cloud has endpoints – Before cloud, we had physical resources like servers, storage, networking switches, and clients (PCs and Workstations) and we had to secure them. But today, resources are abstracted; we have virtual equivalents. For instance, physical network interface cards (NICs) on physical servers and nodes today have VNICs (virtual NICs) in the cloud. These are logical instances. Likewise, we have virtual switches vs. physical network switches. And APIs vs. cables, and physical connectors. Welcome to the Virtual world! These virtualized resources are on virtual networks in virtual private clouds. And these networks are organized into subnets. So you could have virtual instances (virtual machines), load balancers, storage, network connectivity within a subnet. A subnet is secured through ACLs (Access Control Lists) that defines who or what is allowed to access resources within that subnet. So, it boils down to good configuration. And that’s where managed endpoint security services come in.

4. The cloud is getting decentralized – With the advent of the pandemic, workforces became decentralized. IT infrastructure also had to keep up because it was not easy to administer distributed endpoints (outside the corporate perimeter) using traditional IT administration. So, the cloud began to get decentralized. The endpoint devices are now getting virtualized (VDI) to ensure better security and control for distributed (work from home) users. For years, organizations have been using VPNs to ensure secure communication between remote endpoints and the corporate network

5. Edge computing – In the years ahead we will see applications that demand real-time processing (closer to the endpoint or on the endpoint itself). The cloud will extend back into the enterprise. The endpoints will be connected to the cloud through high-speed connectivity like 5G. So, endpoint security will once again be redefined.

Conclusion

Over the years, endpoint protection has evolved from prevention (antivirus, data encryption, intrusion prevention, data loss prevention) to detection and response (EDR). So we now have various types of endpoint security and endpoint security tools and endpoint services. Moving into the future, with the proliferation of edge computing and high-speed connectivity, the cloud and the endpoints will be viewed as one seamless infrastructure. The focus will shift from securing endpoints to securing “workloads” and infrastructure. It would be “intrinsic” security with analytics and predictive capabilities. The industry acquisitions (notably VMware’s acquisition of endpoint security vendor Carbon Black²) are testimony to that – with billions of dollars spent on these acquisitions.

Is Your Endpoint Device Secure? Take our Endpoint Security Survey and win exciting goodies. Don’t miss out! Take Survey Now!

The post Endpoint Security Extends to the Cloud appeared first on CISO MAG | Cyber Security Magazine.

Since endpoints range from mobile devices, tablets, ATMs, smartwatches, printers, and more, users can quickly connect to an organization’s network. They are playing a significant role in communicating back and forth during the current work from home (WFH) scenario.

These devices end up becoming threat points and a favorite target of hackers.

At CISO MAG, we nurture an Endpoint Security culture. We invite you, the readers, to participate in our year-end Endpoint Security Survey to help us gain an insight into the looming cyberthreats and the challenges in deploying endpoint security solutions.

Your responses will be confidential and aggregated results will be shared in our Endpoint Security issue in December. The survey questionnaire will be live until November 17, 2020.

Your feedback will help industry leaders create better Endpoint Security solutions.

We appreciate your time, cooperation, and engagement. And as a token of thanks, we are offering you a free annual subscription of CISO MAG worth $149. We are also offering 30-days access to CodeRed (EC-Council’s high-quality videos and courses on various topics of cybersecurity that will take your career to the next level!).

Sincerely,

Team CISO MAG

The post Take Our Endpoint Security Survey and Win These Freebies appeared first on CISO MAG | Cyber Security Magazine.

Prominent Markets for Endpoint Security 

According to the study, the Middle East, Africa, Europe, Asia Pacific, Latin America, and North America are the leading regional markets for endpoint security globally.  North America is likely to lead the worldwide market for endpoint security soon, with revenues increasing to $12.30 bn by 2025.

“The swift expansion of businesses in the Asia Pacific has spiked the usage of endpoint devices in enterprises and organizations. With the heavy utilization of these devices and increased uptake of IoT applications has made enterprise networks more complex in this region, creating a significant need for endpoint security, which is the main factor behind the rising market for endpoint security in the Asia Pacific. Europe is also reporting a healthy rise in its market for endpoint security, thanks to the progressive adoption of endpoint security solutions in order to eradicate spills of critical information in countries like the U.K.,” the study stated.

Endpoint Security in the Pandemic

Research from Cisco stated that organizations became most concerned about data sharing during the COVID-19 pandemic. The research highlighted that increasing cybersecurity spending will make organizations and consumers ready for the current working conditions. One in two respondents said endpoints, including corporate laptops (56%) and personal devices (54%), are a challenge to protect in a remote environment. Nearly, 85% of organizations said that endpoint security is extremely important or more important than before COVID-19. Secure access is the top cybersecurity challenge faced by the largest proportion of organizations (62%) when supporting remote workers.

Is Your Endpoint Device Secure? Take our Endpoint Security Survey and win exciting goodies. Don’t miss out! Take Survey Now!

The post Global Endpoint Security Market to Witness Profitable Growth appeared first on CISO MAG | Cyber Security Magazine.

By Pooja Tikekar, Feature Writer at CISO MAG

Endpoints or end-user devices such as desktops, laptops, smartphones, tablets, and Internet of Things (IoT) devices (like smart home appliances) are playing a significant role in communicating back and forth during the current work from home (WFH) scenario. But how secure are these devices?

Myriad Security Challenges Posed by Endpoint Devices

1. Unsecured Wireless Access Point (WAP)

Before the outbreak of the COVID-19 pandemic, employees working out of public co-working spaces such as cafes, hotel lobbies, railway stations, and malls used “public Wi-Fi” connections. The word “public” encourages a stampede of cyberthreats as Wi-Fi is free and lacks encryption of data. However, today, home private networks are just as vulnerable due to the increased adoption of Bring Your Own Devices (BYOD) and WFH infrastructure. According to a survey conducted by access management solutions provider CyberArk, 77% of remote workers have been using unmanaged, insecure endpoint devices to access corporate systems.

2. Data Breach

Remote employees may risk-sensitive corporate data by uploading it on public cloud or unsecured home networks. This is an open invitation to opportunist hackers to easily access, steal, or misconfigure the data left open or visible without strict in-network cybersecurity. A study conducted by global intelligence firm IDC revealed that nearly 80% of the companies surveyed experienced at least one cloud data breach in the past 18 months, and nearly half (43%) reported 10 or more breaches.

3. IoT Incursions

Internet of Things (IoT) has leveraged how we operate and optimize operations in real-time, however it also opened new avenues for security incursions through hardware, software, cloud, and enterprise networks. Gartner’s 2019 research forecast a 21% increase in the enterprise and automotive Internet of Things (IoT) market in 2020 (totaling to 5.8 billion endpoints). Considering the number, IoT endpoints are potential targets if they are deployed outside standard IT security perimeters.

4. Malware and Phishing

Hackers are using social engineering tools to formulate phishing emails in the name of the World Health Organization (WHO) and other regulatory bodies to lure end-users into opening documents with embedded links that result in malware and ransomware attacks. According to Beazley Breach Response (BBR) Services, Q1 2020 witnessed a 25% surge in ransomware attacks, compared to Q4 2019.

Some of the rampant ransomware that bypass endpoint security in the name of COVID-19 include:

• CovidLock
• Dharma (CrySIS)
• Emotet
• Maze
• REvil
• NetWalker

In light of the current pandemic, the enterprise network perimeter is replaced with endpoint networks to conduct business using mobile devices. Although traditional antivirus software is central to endpoint security, it is not always enough. Every entry point needs additional protection to authorize control over access points and prevent attack vectors.

Endpoint Risk Mitigation Measures

Since endpoint threats are fileless, organizations need to strategize adequate and effective security solutions. Some of the key measures of endpoint management include:

1. Endpoint Visibility

It is advisable that businesses allow only those devices that are approved to connect to their networks. Endpoint detection gives an upper hand over advanced or unknown threats, analyze vulnerability, and come up with patching solutions. Corporates must audit their endpoints (perimeter) and ensure that they have complete visibility of all endpoints on their network. Revoke access to unauthorized endpoints and back this with a clear security policy.

2. Scrap Unnecessary Data

Scrapping or deleting unnecessary data and uninstalling Potentially Unwanted Applications (PUAs) from endpoints will free up excessive memory and prevent security risks. PUAs installed on endpoint devices may collect information without the user’s consent and display excessive advertisement popups interrupting the smooth functioning of the device.

3. Routine Patch Management

Businesses need to set up routine patches to address issues concerning operating systems and out-of-date certifications and licenses. Having a structured and proactive patch management program lessens system outages. IT governance should include patch management and OS or Windows updates on endpoint devices.

4. Device Control

Blocking or disabling USB ports, DVDs, or access to any other form of external media helps protect endpoint devices against malware. Device control must be a mandatory administrative policy for a company’s cybersecure environment.

5. Virtual Private Networks (VPNs)

Having a VPN technology in place offers end users safe remote access to corporate networks and data safety can be ensured through multi-factor authentication (MFA). Enabling MFA or 2FA for all internal applications and corporate virtual private networks (VPNs) prevents identity theft because an employee’s device is a treasure chest for threat actors.

6. Virtual Desktop Infrastructure (VDI)

Another solution is to switch from standalone desktops and laptops to virtual desktops. VDIs live within virtual machines (VMs) on a centralized server and are accessed over a network with an endpoint device or “thin” client such as a tablet or Chromebook. Since VDI computing takes place on a secure host server, endpoint devices are less likely at risk.

Conclusion

Building a secure endpoint ecosystem is the need of the hour. Hackers want to compromise any and every device because cybercrime is a booming business to siphon billions. As wireless endpoint devices inch closer to acting as corporate infrastructure in the current remote work scenario, debunking the myth that wireless hijacking cannot be done across remote geographic locations becomes more critical.

About the Author

Pooja Tikekar is a Feature Writer, and part of the editorial team at CISO MAG. She writes news and feature stories on cybersecurity trends.

More from the author.

 

The post Endpoint Security: No More a Blind Spot for Remote Work appeared first on CISO MAG | Cyber Security Magazine.

By Lenny Zeltser, CISO at Axonius

The shift from security paradigm grounded in a traditional network perimeter began years ago, driven in part by the popularity of SaaS products, which were easier to deploy and use than the applications that enterprises needed to manage themselves. Cloud computing made it possible to run code away from the local environment and enabled businesses to spend less and move more swiftly. Also, organizations started warming up to the idea of at least some employees working remotely.

So, even before the pandemic, cybersecurity teams needed to start accommodating:

• Sensitive connections traversing untrusted networks
• Transactions originating from potentially unmanaged computers
• Business logic running on infrastructure managed by others
• Web-based applications provided as a service by third parties

The ruthless fervor of the COVID-19 pandemic did not impose many new cybersecurity requirements. Instead, the sudden dispersal of the employees dramatically accelerated pre-existing trends. That is why many of the security measures you may have rushed to implement will serve you well in the long term.

The challenge is that when rushing to support a suddenly distributed workforce, you may have had to make in-the-moment decisions related to a variety of risks that usually would take months if not years to address:

• When you cannot trust the network, how can you protect the data from being intercepted or modified?
• When there is no network perimeter, how can you defend and safely manage your endpoints?
• When you rely on someone else’s apps and infrastructure, how can you live up to SLAs and track security metrics?
• When you lack centralized visibility into major aspects of your IT operations, how can you oversee their security and respond to incidents?

Fortunately, there is a security model that offers guidance for addressing such risks. It is called Zero Trust. John Kindervag, who coined this term back in 2010, explains that this paradigm “examines information about the device, its current state, and who is using it” when making security decisions. As described in the recent Zero Trust Architecture document by NIST, the idea is to narrow the sphere of trust from large networks protected by a perimeter to components, such as endpoints and users.

Zero Trust, as NIST puts it, “is a response to enterprise trends that include remote users and cloud-based assets.” This is the very configuration you are supporting due to the pandemic, so even if you weren’t sure how to begin your journey toward Zero Trust, COVID-19 forced you to advance down this path even.

When you get a chance to shift focus from tactical to the strategic planning of your security program, look at Zero Trust guidelines from the sources and people you trust. You will discover that your Zero Trust journey will likely include:

• Centralizing identity management using a provider that can integrate cloud, SaaS, and on-premise applications.
• Minimizing reliance on VPNs, so having access to a particular (once-trusted) network doesn’t give the user special privileges.
• Strengthening your endpoints’ security posture with the help of modern systems management, Mobile Device Management (MDM), and anti-malware tools.
• Implementing Single Sign-On (SSO) in a way that allows you to make access decisions based on multiple factors, such as the state of the user’s device.
• Automating user provisioning and de-provisioning based on people’s business needs in a way that incorporates the principle of least privilege.
• Gathering IT asset data from all components of your heterogeneous environment to maintain asset inventory and identify security gaps.

The business requirements of your organization today–remote workforce, distributed endpoints, heavy reliance on SaaS and cloud services–likely represent the ongoing needs of the enterprise. Take a look at the current state of your crisis-induced cybersecurity program. Decide which aspects of it you want to keep and which you will need to change once you are no longer in crisis mode. Consider using Zero Trust principles as guidelines. You might find that the work you have already done has advanced your program farther than you were expecting.

About the Author

Lenny Zeltser is the Chief Information Security Officer at Axonius, a cybersecurity asset management company, tackling foundational IT asset management challenges to dramatically improve organizations’ cybersecurity posture. Previously serving as VP of Product, Zeltser now focuses on protecting the company’s information assets, expanding its security architecture, and advocating a strong security culture to help enable the business. He previously led security product management at Minerva Labs and NCR.

Disclaimer

CISO MAG did not evaluate/test the products mentioned in this article, nor does it endorse any of the claims made by the writer. The facts, opinions, and language in the article do not reflect the views of CISO MAG and CISO MAG does not assume any responsibility or liability for the same. CISO MAG does not guarantee the satisfactory performance of the products mentioned in this article.

The post Advancing Your Cybersecurity Program Past the Crisis appeared first on CISO MAG | Cyber Security Magazine.