How tech trends and risks shape organizations’ data protection strategy

Trustwave released a report which depicts how technology trends, compromise risks and regulations are shaping how organizations’ data is stored and protected.

data protection strategy

Data protection strategy

The report is based on a recent survey of 966 full-time IT professionals who are cybersecurity decision makers or security influencers within their organizations.

Over 75% of respondents work in organizations with over 500 employees in key geographic regions including the U.S., U.K., Australia and Singapore.

“Data drives the global economy yet protecting databases, where the most critical data resides, remains one of the least focused-on areas in cybersecurity,” said Arthur Wong, CEO at Trustwave.

“Our findings illustrate organizations are under enormous pressure to secure data as workloads migrate off-premises, attacks on cloud services increases and ransomware evolves. Gaining complete visibility of data either at rest or in motion and eliminating threats as they occur are top cybersecurity challenges all industries are facing.”

More sensitive data moving to the cloud

Types of data organizations are moving into the cloud have become increasingly sensitive, therefore a solid data protection strategy is crucial. Ninety-six percent of total respondents stated they plan to move sensitive data to the cloud over the next two years with 52% planning to include highly sensitive data with Australia at 57% leading the regions surveyed.

Not surprisingly, when asked to rate the importance of securing data regarding digital transformation initiatives, an average score of 4.6 out of a possible high of five was tallied.

Hybrid cloud model driving digital transformation and data storage

Of those surveyed, most at 55% use both on-premises and public cloud to store data with 17% using public cloud only. Singapore organizations use the hybrid cloud model most frequently at 73% or 18% higher than the average and U.S. organizations employ it the least at 45%.

Government respondents store data on-premises only the most at 39% or 11% higher than average. Additionally, 48% of respondents stored data using the hybrid cloud model during a recent digital transformation project with only 29% relying solely on their own databases.

Most organizations use multiple cloud services

Seventy percent of organizations surveyed were found to use between two and four public cloud services and 12% use five or more. At 14%, the U.S. had the most instances of using five or more public cloud services followed by the U.K. at 13%, Australia at 9% and Singapore at 9%. Only 18% of organizations queried use zero or just one public cloud service.

Perceived threats do not match actual incidents

Thirty-eight percent of organizations are most concerned with malware and ransomware followed by phishing and social engineering at 18%, application threats 14%, insider threats at 9%, privilege escalation at 7% and misconfiguration attack at 6%.

Interestingly, when asked about actual threats experienced, phishing and social engineering came in first at 27% followed by malware and ransomware at 25%. The U.K. and Singapore experienced the most phishing and social engineering incidents at 32% and 31% and the U.S. and Australia experienced the most malware and ransomware attacks at 30% and 25%.

Respondents in the government sector had the highest incidents of insider threats at 13% or 5% above the average.

Patching practices show room for improvement

A resounding 96% of respondents have patching policies in place, however, of those, 71% rely on automated patching and 29% employ manual patching. Overall, 61% of organizations patched within 24 hours and 28% patched between 24 and 48 hours.

The highest percentage patching within a 24-hour window came from Australia at 66% and the U.K. at 61%. Unfortunately, 4% of organizations took a week to over a month to patch.

Reliance on automation driving key security processes

In addition to a high percentage of organizations using automated patching processes, findings show 89% of respondents employ automation to check for overprivileged users or lock down access credentials once an individual has left their job or changed roles.

This finding correlates to low concern for insider threats and data compromise due to privilege escalation according to the survey. Organizations must exercise caution when assuming removal of user access to applications to also include databases, which is often not the case.

Data regulations having minor impact on database security strategies

When asked if data regulations such as GDPR and CCPA impacted database security strategies, a surprising 60% of respondents said no.

These findings may suggest a lack of alignment between information technology and other departments, such as legal, responsible for helping ensure stipulations like ‘the right to be forgotten’ are properly enforced to avoid severe penalties.

Small teams with big responsibilities

Of those surveyed, 47% had a security team size of only six to 15 members. Respondents from Singapore had the smallest teams with 47% reporting between one and ten members and the U.S. had the largest teams with 22% reporting team size of 21 or more, 2% higher than the average.

Thirty-two percent of government respondents surprisingly run security operations with teams between just six and ten members.

Trustwave Fusion platform now also hosted on Amazon Web Services GovCloud

Trustwave announced the Trustwave Fusion platform is now also hosted on Amazon Web Services (AWS) GovCloud, providing U.S. government agencies and suppliers threat detection and response services to help address the constantly shifting threat landscape while meeting stringent U.S. Federal government security requirements.

The cloud-native Trustwave Fusion platform delivers the first U.S.-only managed threat detection and response services hosted on AWS GovCloud and is in the process of FedRAMP authorization. The Trustwave Fusion platform is the cornerstone of the company’s managed security services, products and other cybersecurity offerings.

“The scale and scope of government cybersecurity challenges are bigger than ever,” said Bill Rucker, president, Trustwave Government Solutions.

“The adversarial landscape is so complex, and agencies continue to face a massive cyber workforce gap. As mobility and cloud widen the attack surface, user behavior patterns have become more difficult to monitor. By unifying powerful threat detection and response services and technologies with some of the top talent in cybersecurity, Trustwave can help agencies respond to attackers’ evolving tactics.”

Helping agencies gain network visibility

One major finding of the U.S. Office of Management and Budget’s (OMB) Federal Cybersecurity Risk Determination Report and Action Plan – released in May 2018 – was that a majority of agencies lack sufficient visibility into what is happening on their network.

OMB mandated that agencies must submit an enterprise-level Cybersecurity Operations Maturation Plan, as well as complete Security Operation Center (SOC) maturation, consolidation or migration to SOC-as-a-Service by September 2020.

The Trustwave Fusion platform helps agencies on this journey, connecting their digital footprints to a robust security cloud comprised of the Trustwave data lake, advanced analytics, actionable threat intelligence, a wide range of security services and products and staffed by U.S. citizens, including Trustwave SpiderLabs, the company’s elite team of security specialists.

The platform unifies these capabilities onto a single, easy-to-use interface that can be accessed and managed via desktop, tablet or mobile phone. Agencies and suppliers can manage complex security programs and scale resources as needed with simple point-and-click navigation.

Compliance with government security requirements

The Trustwave Fusion platform runs completely in-country and enforces a “U.S. eyes only” policy, helping ensure that prime contractors and the cyber supply chain are secure.

Trustwave Government Solutions is a FOCI-mitigated entity with a Superior rating from the Defense Counterintelligence and Security Agency (DCSA), the highest-level rating awarded to private sector companies.

he platform enables customers to adhere to International Traffic in Arms (ITAR) regulations, FedRAMP requirements, Defense Federal Acquisition Regulation Supplement (DFARS), as well as DoD Impact Levels 2, 4 and 5 and Cybersecurity Maturity Model Certification (CMMC) requirements.

Hybrid security operations

As agencies continue to deploy and manage complex multi-cloud environments, many lack the skilled cyber resources to do so in-house.

Through APIs and Information Technology Infrastructure Library (ITIL)-based service management, the Trustwave Fusion platform tears down walls between Trustwave Managed Threat Detection and Response services, security testing services and an agency’s own SOC.

On-demand access to threat hunting and powerful threat intelligence

Agencies have access to advanced threat hunters and actionable threat intelligence derived from the global network of Trustwave Security Operation Centers and the Trustwave SpiderLabs Fusion Center, a leading-edge security command center. These facilities identify, collect and track the latest vulnerabilities, malware strains and adversary tactics.

Complete visibility and centralized control

The Trustwave Fusion platform offers a single dashboard view of threats, technology management, vulnerabilities and perceived risks across an organization’s entire environment.

Built using Security Orchestration, Automation and Response (SOAR) layers, the platform uses advanced analytics, machine learning and automation to improve incident accuracy and response.

Support for third-party data and products

The Trustwave Fusion platform integrates data lakes, technology actions and threat intelligence stemming from third-party sources into an agency’s environment to further strengthen its cybersecurity posture.

“As the threat landscape grows more challenging, the Federal government continues to struggle with complex environments, myriad legacy systems and a lack of resources to meet the issue head-on,” said Kevin Kerr, chief information security officer, Oak Ridge National Laboratory.

“A shift toward managed threat detection and response, and virtual, hybrid SOC environments give agencies the visibility and cyber defense support they need to improve their security postures and advance their missions.”

Using Cisco Webex for your video conferencing needs? Go patch!

Cisco has released security updates for Cisco Webex Meetings and Cisco Webex Meetings Server that fix several remotely exploitable vulnerabilities, as well as one less severe one that could allow hackers to gain access to a target’s Webex account.

Cisco Webex vulnerabilities

The patched Cisco Webex vulnerabilities

CVE-2020-3361 affects Cisco Webex Meetings sites and Cisco Webex Meetings Server and could allow an unauthenticated, remote attacker to gain unauthorized access to a vulnerable Webex site.

Customers on Cisco-hosted Webex Meetings sites do not need to take any actions to receive this update, but those running Cisco Webex Meetings Server on-premises should apply the updated version.

CVE-2020-3263 is a improper input validation flaw that could allow an unauthenticated, remote attacker to execute programs on an affected end-user system after they’ve persuaded a user to follow a malicious URL.

It affects affects Cisco Webex Meetings Desktop App releases earlier than release 39.5.12.

CVE-2020-3342 is due to improper validation of cryptographic protections on files that are downloaded by the application as part of a software update.

“An attacker could exploit this vulnerability by persuading a user to go to a website that returns files to the client that are similar to files that are returned from a valid Webex website. The client may fail to properly validate the cryptographic protections of the provided files before executing them as part of an update. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the user,” Cisco explained.

The flaw affects lockdown versions of Cisco Webex Meetings Desktop App for Mac earlier than release 39.5.11.

Finally, CVE-2020-3347 affects only Cisco Webex Meetings Desktop App for Windows releases earlier than 40.6.0, but may be used by a local, authenticated attacker to retrieve sensitive information and authentication tokens that could help them acces the target’s Webex account.

“In an attack scenario any malicious local user or malicious process running on a computer where Webex Client for Windows is installed can monitor the memory mapped file for a login token. Once found the token, like any leaked credentials, can be transmitted somewhere so that it can be used to login to the Webex account in question, download Recordings, view/edit Meetings and so on,” says Trustwave researcher Martin Rakhmanov, who discovered the flaw.

New infosec products of the week: April 24, 2020

Trustwave Security Colony delivers resources, playbooks and expertise to bolster security posture

Trustwave Security Colony is based on thousands of hours of actual consulting projects helping organizations implement new information security programs and heightening levels of security maturity. The platform is available to any organization as a standalone resource or can be tied to existing Trustwave Consulting and Professional Services.

infosec products April 2020

Amazon AppFlow automates bidirectional data flows between AWS and SaaS apps

Amazon AppFlow allows customers with diverse technical skills, including CRM administrators and BI specialists, to easily configure private, bidirectional data flows between AWS services and SaaS applications without writing code or performing data transformation.

infosec products April 2020

DefenseCode ThunderScan SAST 2.1.0 supports Go and ABAP languages

DefenseCode announced support for two additional programming languages Go and ABAP with its SAST solution ThunderScan 2.1.0, designed to highlight security vulnerabilities in source code against published standards including PCI-DSS, CWE/SANS Top 25, OWASP Top 10 and along with DefenseCode’s own experience of security vulnerabilities analysis.

infosec products April 2020

Claroty Platform: Enhanced continuous threat detection and secure remote access

The Claroty Platform leverages protocol coverage, scanning, segmentation, and secure remote access capabilities to grant visibility across all three OT dimensions critical to risk reduction: assets, network sessions, and processes.

infosec products April 2020

Trustwave Fusion platform now available to enterprises in Germany

Trustwave announced the Trustwave Fusion platform, the company’s cloud-native platform that serves as the cornerstone for its products, managed security services and other cybersecurity offerings, in Germany.

The platform delivers powerful threat detection and response capabilities to address a constantly evolving threat landscape while adhering to European data sovereignty laws and regulations.

“Germany is home to numerous enterprises who have tremendous impact on the global economy and, for that reason, are high-value targets for adversaries,” said Barry O’Connell, General Manager, Europe, Middle East & Africa at Trustwave.

“By delivering leading edge cybersecurity capabilities that also accounts for strict data regulations, we have equipped German companies with the means to remain resilient regardless of how the security landscape progresses. The Trustwave Fusion platform is a competitive differentiator we will leverage as we accelerate growth across Europe.”

The Trustwave Fusion platform connects German enterprises and government institutions to a security cloud composed of the Trustwave data lake, advanced analytics, actionable threat intelligence and a deep portfolio of products and managed security services.

In addition, the platform provides a direct channel to Trustwave SpiderLabs, the company’s elite team of security practitioners.

The platform unifies Trustwave technologies, services and security expertise onto a single application accessed and controlled by any device including desktop, tablet or mobile phone. Organizations gain an unprecedented ability to manage complex security programs and scale resources as needed using simple point and click navigation.

Support for data sovereignty laws and regulations

The Trustwave Fusion platform runs completely in-country to address data sovereignty laws including the General Data Protection Regulation.

The platform applies 24x7x365 monitoring and threat intelligence derived from the Trustwave SpiderLabs Fusion Center, a state-of-the-art cybercommand center and the global network of Trustwave Security Operation Centers, while customer data remains inside German borders.

Complete visibility and centralized control

The Trustwave Fusion platform offers a single view of threats, technology management, vulnerabilities and perceived risks across an organization’s entire environment.

An intuitive dashboard serves to track security events, respond to alerts and manage a range of advanced services including threat detection and response, vulnerability testing and scanning, security technology management and more.

Built using Security Orchestration, Automation and Response (SOAR) layers — the platform incorporates advanced analytics, machine learning and automation to improve incident accuracy, response time and actions.

On-demand access to elite security expertise

Organizations gain on-demand access to Trustwave SpiderLabs and its deep bench of some of the world’s leading threat hunters, ethical hackers and other highly skilled security practitioners.

This team monitors for, detects and eliminates threats, leads penetration tests and red teaming engagements to discover and remediate risks to environments and can co-manage or fully manage security technologies as needed.

Hybrid security operations

Through application programming interfaces (APIs) and Information Technology Infrastructure Library (ITIL) based service management, the Trustwave Fusion platform delivers the capability to connect operating environments to leverage corporate and government service management natively tearing down walls between Trustwave Managed Security Services, security testing services and a customer’s security operation center, resulting in an integrated and seamless operation.

Support for third-party data and products

Using APIs, the Trustwave Fusion platform integrates data lakes, technology actions and threat intelligence stemming from third-party sources into a customer’s environment to further strengthen cybersecurity posture.

Leveraging big data, threat intelligence and vendor technologies from preferred sources gives German businesses more control to fine tune and customize security programs as needs or requirements change.

In addition to the Trustwave Fusion platform, Trustwave plans to add depth to its German-based team in several key departments including engineering, sales, customer service and technical support. The company will also bolster its local presence of Trustwave SpiderLabs to spearhead risk assessments, security testing and threat elimination.

Trustwave releases consulting and managed security services for Palo Alto Networks Prisma Cloud

Trustwave unveiled a new portfolio of consulting and managed security services for Palo Alto Networks Prisma Cloud, the industry’s most comprehensive cloud native security platform (CNSP) designed to govern access, protect data and secure applications.

Trustwave support for Prisma Cloud helps enterprises address growing complexities achieving visibility, identifying threats and protecting assets in diverse environments.

“Prisma Cloud, in combination with managed security services from partners like Trustwave, gives enterprises powerful options for helping ensure their cloud footprint remains secure,” said Karl Soderlund, senior vice president of worldwide channel sales at Palo Alto Networks.

“This relationship will help customers identify and address threats before they escalate into a serious incident.”

Trustwave leverages Prisma Cloud to enhance threat monitoring and management of customer workloads across private and public clouds, including Amazon Web Services, Google Cloud Platform and Microsoft Azure.

Additionally, Trustwave consulting and professional services and managed security services teams deliver a set of offerings for Prisma Cloud customers that support the entire lifecycle — from initial planning and configuration to management and optimization.

For example, Trustwave security consultants work with enterprises to baseline assets, create policies and configure Prisma Cloud based on risk tolerance and specified objectives and remain engaged as strategic advisors post-deployment.

Trustwave security experts continuously monitor and analyze data flowing through Prisma Cloud, searching for suspicious activity, deciphering alerts and escalating into full-scale investigations if needed.

Continuous threat monitoring and detection in cloud environments is delivered through Trustwave Managed Detection Services and led by Trustwave SpiderLabs, the company’s elite security team. Data from users, devices and applications is closely inspected for malware, behavioral anomalies, policy violations and other potential threats.

Detected threats are cross-referenced with threat intelligence derived from the global network of Trustwave Security Operation Centers, Palo Alto Networks and third-party sources resulting in minimal false positives to help expedite proper response.

“Enterprises are under tremendous pressure to enforce policies and secure data across their footprint as they adopt multi-cloud strategies, while contending with industry-wide security talent shortages further compounded by cloud security,” said Chris Schueler, senior vice president of managed security services at Trustwave.

“By pairing Prisma Cloud with our security experts and managed offerings, we have delivered an effective solution that bolsters policy enforcement and threat detection capabilities while maximizing investments in cloud security.”

Trustwave consulting and managed security services for Prisma Cloud adds to a partnership that delivers managed support and security expertise for Palo Alto Networks.

Key offerings include next-generation firewalls, Cortex XDR Prevent for endpoint protection and Cortex XDR, a detection and response platform that runs on integrated endpoint, network, and cloud data.

Trustwave and Palo Alto Networks will continue to work together around key areas including cross-environment protection and cloud security services that extends protection to organizations anywhere in the world.