The vast majority of attackers are opportunist criminals looking for easy targets to maximize their profits. If defenses are sufficiently fortified, finding a way through will be so difficult and time consuming that all but the most elite nation-state level threat actors will give up and go search of easier prey. Penetration testing is one of the most effective methods for achieving this level of security. A team of ethical hackers can discover and close … More
The post Addressing the lack of knowledge around pen testing appeared first on Help Net Security.
As COVID-19 spread over the world and nations and businesses adapted to minimize citizens’ and employees’ personal interactions to help contain the infection, a greater than ever number of people stayed at and worked from home. As expected, this necessary adaptation did not go unnoticed by cyber criminals. “We just recently launched the first Xfinity Cyber Health Report which combines data from a new consumer survey with actual threat data collected by our artificial-intelligence-powered xFi … More
The post Securing the connected home: A joint task for homeowners and their ISP appeared first on Help Net Security.
With the growing threat of fraud fueled by the digital acceleration that took place in 2020, Experian revealed five emerging fraud threats facing businesses in 2021. The rapid increase in digital use created a perfect storm for fraudsters to quickly find new ways to steal funds, capitalizing on consumers’ lack of familiarity with digital platforms and the resource constraints faced by many businesses. In fact, from January 2020 to early January 2021, the Federal Trade … More
The post Five emerging fraud threats facing businesses in 2021 appeared first on Help Net Security.
2020 has ended with a stunning display of nation-state cyber capabilities. The Kremlin’s SVR shocked the cybersecurity industry and U.S. government with its intrusions into FireEye and the U.S. Office of the Treasury by way of SolarWinds, revealing only traces of its long-term, sophisticated campaigns. These breaches are reminders that no organization is immune to cyber risk or to hacking. Every company is subject to the same reality: compromise is inevitable. While many companies are … More
For the mobile communications industry, security has always held a prominent role. However, the onset of 5G – which introduces new network architectures, services and devices – raises the stakes and increases the challenge for network operators. 5G is set to affect almost every aspect of life through hosting more critical infrastructure and enabling the development of a digital environment. This makes any breach potentially catastrophic, and governments are taking note – it’s therefore imperative … More
Healix International has identified six key areas of risk – besides the continued impact of COVID-19 – for global organizations in 2021. Natural disasters The increasing frequency of extreme weather events with natural disasters becoming more pronounced both in terms of frequency and severity. Building resilience to natural disasters is a significant exercise. Faceless threats In a context of increased isolationism, and more time spent online, individuals will become increasingly disconnected from normative community activity … More
IT underwent a major change in 2020 as organizations were forced to quickly adopt strategies to handle new cybersecurity threats and increased remote working and collaboration needs, according to Matrix Integration. Cybersecurity remains a top concern for 2021, as attackers continue to threaten organizations, particularly in energy/utilities, government, and manufacturing. “Although every organization is putting more money towards cybersecurity, the ground is always shifting,” said Rob Wildman, VP of professional services at Matrix Integration. “It … More
Cybersecurity is an arms race, with defensive tools and training pushing threat actors to adopt even more sophisticated and evasive intrusion techniques as they attempt to gain a foothold in victim networks. Most modern endpoint protection (EPP) services are capable of easily identifying traditional malware payloads as they are downloaded and saved on the endpoint, which means attackers have now turned to fileless malware techniques that never touch the victim’s storage. We’ve covered the anatomy … More
The post A closer look at fileless malware, beyond the network appeared first on Help Net Security.
It’s safe to assume that pretty much everyone is ready to move on from 2020. Between the COVID-19 pandemic, political battles, and social unrest, this has been a stressful year in so many ways. It has also been a very active year for cybercriminals and fraudsters who have preyed on people’s fears and vulnerabilities to push new scams. They’ve spoofed government health sites to trick people into clicking on malware links. They’ve targeted food delivery … More
The post 2020 set the stage for cybersecurity priorities in 2021 appeared first on Help Net Security.
The global VPN market was valued at $25.41 Billion in 2019 and is projected to reach $75.59 Billion by 2027, growing at a CAGR of 14.7% from 2020 to 2027, Valuates Reports reveals. Major factors driving the growth of VPN market size, increase in data security concerns, rise in advanced & complex cyber threats, and an upsurge in usage of mobile & wireless devices within organizations. This study includes the analytical depiction of the virtual … More
The post Worldwide VPN market to reach $75.59 billion by 2027 appeared first on Help Net Security.
The year 2020 has given us a contentious U.S. election, a global economic crisis, and most notably a global pandemic. Disinformation has wreaked havoc in our ability to discern fact from truth, ransomware has been delivering ever more serious consequences, and insider leaks continue to validate privacy concerns despite increased adoption of privacy laws across the globe. According to a recent study published by Webroot, there has been a 40% increase in unsecured RDP-enabled machines … More
The post 2021 will overburden already stressed infosec teams appeared first on Help Net Security.
In 2020, cybersecurity became a business problem for every industry, as well as the U.S. government. According to a new report by the Aspen Cybersecurity Group, there are several opportunities for the new presidential administration to increase cybersecurity efforts and awareness to create a more resilient digital infrastructure. Organizations like the Cybersecurity and Infrastructure Security Agency (CISA), local and state governments, and the private sector have all taken significant steps to mitigate and respond to … More
The post U.S. cybersecurity: Preparing for the challenges of 2021 appeared first on Help Net Security.
The COVID-19 pandemic has had a profound impact on education, bringing about a sudden boom in remote and online learning. While the transition has forced many schools to implement innovative solutions, it has also revealed stark vulnerabilities in their cybersecurity strategies, which is especially concerning given that schools have become a new target for cyber criminals. A big problem is that even before the pandemic, cybersecurity hasn’t been a priority in education. A lack of … More
The post As technology develops in education so does the need for cybersecurity appeared first on Help Net Security.
For healthcare and pharmaceutical IT professionals, the launch of Amazon Pharmacy in late November signaled the acceleration of digitized pharma. But Amazon’s move into prescription fulfillment and delivery should be seen as part of a broader trend. As technology companies big and small move to disrupt healthcare, companies along the pharmaceutical supply chain will need to adapt in order to succeed (and keep succeeding). With new data showing half of all baby boomers now ordering … More
The post Tech’s bigger role in pharma industry demands stronger security measures appeared first on Help Net Security.
Most people in the IT industry are familiar with the phrase “people, process, and technology.” While there are many technology and process standards within organizations, and while they are created by people and supported by people, the innate “people” component of technology development and management is often neglected. The overemphasis on logic, analytics and process has led to leadership challenges such as poor communication, poor relationship management and poor stakeholder engagement. Critical IT projects have … More
The post Steps IT pros can take to prioritize interpersonal needs appeared first on Help Net Security.
The 2018 Winter Olympics in PyeongChang, South Korea stunned the world when they put on a dazzling light show made up of a record-breaking 1,218 drones, all dancing in harmony. In the Department of Defense (DoD), though, the display reinvigorated interest in counter-swarm tactics research, for drones and swarming tactics can have applications in all warfighting domains. Through funding provided by the DoD to the Naval Postgraduate School (NPS), Professors Isaac Kaminer and Abe Clark … More
The post Operational planning simulation for defense against an attacking drone swarm appeared first on Help Net Security.
The main story of 2021 won’t be the disease, but the vaccine. With three effective, promising vaccines in development as of November, COVID-19 (and its treatment) will continue causing major shifts in nearly every facet of our lives. That is particularly true for cybersecurity. Our sector transformed in 2020, and we have still not finished adapting to the virus. Here are five ways that COVID-19 and its vaccines will cause cybersecurity to change in 2021: … More
There’s no doubt that 2020 will be remembered for the uncertainty and rapid change it brought. As the global pandemic accelerated trends like remote working and digital transformation, it has also created new cybersecurity challenges. However, although much of 2020 was unpredictable, it’s still possible to step back and look at infosecurity developments that will point the way forward. Sophisticated social engineered attacks on the horizon A recent Verizon report highlighted social engineering as a … More
The post Disruption in 2020 paves the way for threat actors in 2021 and beyond appeared first on Help Net Security.
Virtualization has brought a dramatic level of growth and advancement to technology and business over the years. It transforms physical infrastructure into dedicated, partitioned virtual machines (VM) that deliver critical cloud applications and services to multiple customer organizations using the same hardware. While one server would previously be tasked with one OS install, today’s servers can host multiple instances of Windows or Linux running concurrently to increase system utilization. Client virtualization is the next step … More
The post 5 reasons IT should consider client virtualization appeared first on Help Net Security.
With chaos and uncertainty reigning, 2020 created near-perfect conditions for cybercriminals. The COVID-19 pandemic transformed the way we live and triggered a mass migration to digital channels as companies virtually replaced in-person interactions for employees and consumers alike. Nearly ten months in, the pandemic rages on, and cybersecurity threats are accelerating. While vaccine distribution is on the horizon, the pandemic’s economic and social fallout will take time to mend. Bad actors see opportunity during turbulent … More
The post 2020 broke cybersecurity records, here’s what’s to come in the new year appeared first on Help Net Security.
From increasingly sophisticated threats to the mad concoction of on-premise and cloud solutions that comprise most organizations’ IT infrastructure and the plethora of new IoT devices and a highly distributed workforce, enterprises and government agencies face a wide range of challenges that make cyber threat detection and response more difficult than ever before.
Simultaneously, the cybersecurity industry is facing a shortage of skilled workers, putting increasing strain on enterprise security teams and their ability to effectively identify and respond to threats.
Considering this contextual backdrop, Security Orchestration, Automation and Response (SOAR) products offer an appealing solution, promising efficiencies in detecting and responding to threats. However, organizations need to understand how these solutions can also introduce new challenges if not implemented correctly. Without proper planning, organizations adopting security automation tools can fall victim to common missteps that quickly lead to less efficiency and a weaker security posture.
When introducing SOAR tools to an organization, the most important first step isn’t how the solution is configured, or the act of connecting it to other systems, or even determining what data sources it needs to integrate. The most important first step is having mature security processes on which to build. Simply taking the pre-built playbooks or automation scripts that SOAR vendors provide and plugging them into your environment will seldom yield the desired results.
Start by examining the processes and procedures your organization’s security team already has in place and identify the tasks that consume the majority of team member’s time. These will be the key use cases where SOAR can provide the most benefit by applying efficiency, speed and consistency. For example, in many organizations this might include processes such as looking up asset information or reviewing additional data points related to a security alert or a reported phishing email.
It could be the process of pulling data on what’s running in memory on a device and adding that detail to an existing incident management ticket to assist in an investigative decision. Or it could be isolating hosts or blocking an IP range on the network in order to stop a threat from spreading. These are all common use cases that can be effectively automated, but only if the underlying processes and procedures are mature and well-defined.
Different categories of automation require different levels of maturity in the underlying processes. If you plan to introduce any type of automated response – such as automated threat containment – you must be absolutely certain that the underlying processes are mature, or it could have a greater than intended impact the availability of systems and people. Mature processes are those that have been proven, measured, inspected and performed iteratively at volume that you can understand and account for any variance in the way it works.
In a mature process you also understand how actions will impact downstream systems. Otherwise, if you apply automation to a process that is not mature and an edge case occurs, your automation may cause your own denial of service, potentially impacting critical systems.
One of the best areas to begin applying automation is within an organization’s security operations center (SOC) to speed the process of pulling together threat intelligence and asset information from several different sources to aid in the investigative and triage process for threats. Because it involves information gathering rather than performing a response, this scenario introduces less risk while still providing significant gains in efficiency by quickly bringing data from various sources into one view for SOC analysts to interpret and make decisions.
A related area that can benefit from SOAR is incident management where applying SOAR tools to the process of gathering information, artifacts and audit logs related to incidents can not only speed responses but also help improve process maturity by ensuring consistent documentation and record collection is taking place during the incident management process.
I often encounter security professionals who have an idea of what they want to automate, and they jump straight into applying SOAR solutions around that idea – this can work, but often does not scratch the surface of the potential power of SOAR for the organization. Even when starting with a single use case, I recommend mapping out the idea into a process flow, then turning that process flow into a playbook for automation that can run in a supervised mode. That way, you have an iterative plan for how to mature that process before you run it in an autonomous mode (or iteratively less supervised modes).
Introducing SOAR to an organization’s security operations is rarely a simple undertaking, and the complexity should not be underestimated. If you don’t plan for adequate resources and expertise up-front to implement this technology, you won’t get the return on investment (ROI) you are expecting, and certainly not on the timeline expected.
The SOAR implementation must also be managed and maintained over time, as it will need to continually evolve as your environment changes. Organizations that don’t have the staff or the skill sets on their security team to adequately maintain the SOAR implementation may benefit from a consultative and managed services model that can keep it functioning properly over time.
Ultimately, automation should be viewed as an outcome amplifier for the security team – not as a replacement for the security team itself. With proper planning, you can identify the most mature processes that your team performs often and map out detailed playbooks for automating them. These will introduce the least risk and provide the most benefit by creating greater efficiencies, enhancing your security team’s skills and freeing up their time to perform higher-level functions.