Skip to content

Posts from the ‘cybersecurity’ Category

Centrify’s New CEO Has A Compelling Vision For The Future Of Cybersecurity

Bottom Line: Flint Brenton’s vision for the future of Centrify and cybersecurity, in general, prioritizes the need for privileged access management to become core to the multi-cloud architectures and DevOps environments he sees pervading customers’ enterprises today.

Every new cybersecurity company CEO is writing their vision of the future by their decisions and the priorities they are based upon. From tech dominance to sales success, each CEO has their own long-term strategy and idea of what they and the company need to excel at to succeed.

Defining Cybersecurity As A Core Part Of DevOps

It is always fascinating to speak with new CEOs at cybersecurity companies and see what their vision for the company is after they’ve been there a few months. I recently had the opportunity to sit down and talk with Flint Brenton, who joined Centrify as President and CEO in July of this year. Flint leads the strategic direction and execution of the company’s vision drawing from an exceptional track record of accelerating growth through product innovation and sales execution. He recently served as president and CEO of CollabNet VersionOne, which pioneered the Value Stream Management market. He previously held president and CEO positions at AccelOps and Tidal Software and has successfully led engineering teams at NetIQ, Compaq, BMC Software, IBM and more.

Flint sees the needs of enterprise developers creating new apps using DevOps as pivotal to the future of Centrify, specifically and cybersecurity in general. A core part of those developers’ needs is securing privileged access management (PAM) in multi-cloud environments while supporting agile development. 

My interview with him provided five key insights into why cybersecurity will increasingly be defined by how well it can be incorporated into “DevSecOps,” and how Centrify’s vision for the future looks to capitalize on that demand and drive PAM into the DevOps pipeline to further automate built-in security practices:

  • Cybersecurity providers’ cloud-based architectural platforms will define the competitive landscape for the next several years in the industry. Since accepting the CEO role in July, Flint has been spending most of his time talking with customers to gain in-depth insights into their greatest challenges. He is hearing about the challenges customers face when attempting to make different cybersecurity vendors’ solutions work together and function in a multi-cloud architecture. “Having a clear architectural advantage where features can be added quickly is going to be key in cybersecurity for years to come,” he explained.
  • Any cybersecurity company’s vision needs to consider the speed at which infrastructure and workloads are moving from on-premise to the cloud – it’s faster than predicted. One of Centrify’s financial services customers in APAC is launching a virtual bank and wants the new venture to be entirely cloud-based. Like many Centrify customers, they are considering a multi-cloud architecture, including Amazon AWS, Google Cloud and Microsoft Azure. Flint explains they will need a security model and identity management controls that run in the cloud to accommodate their current and future computing plans. The FinTech is relying on Centrify to secure privileged access for administrators to its multi-cloud environment.
  • Viewing every enterprise customer as a software business first helps remove roadblocks to delivering more value faster. Cybersecurity companies need to consider how they can streamline DevOps and DevSecOps cycles by providing enterprise developers with new tools to integrate identity management efficiently. “The developer is now building identity management into apps and frequently those apps are built using container-based models and they are then deployed either into cloud, on-prem, or a combination of both,” Flint said.
  • Design in flexibility for the many different buying communities you’re trying to serve early on and continually monitor them to learn about what’s most valuable to them. DevOps leaders’ buying community is among the most self-sufficient, willing to download a trial, install it and buy it. Enterprise sales are more research and time-intensive. Flint observed that a company’s vision needs to encompass each buying community’s unique nature and be willing to extend platform-level features and DevOps tools if necessary.
  • Buy-in from the DevOps community will become increasingly important in cybersecurity in general and is a core part of Centrify’s vision. Prior to taking the helm at Centrify, Flint was the CEO of CollabNet VersionOne, where he helped define value stream management as a market standard. I asked him if he sees any parallels with value stream management’s success and the vision he has for Centrify. “The key with value stream management is to understand how developers wanted or needed to build software more successfully in the future. So you have to get the buy-in of the development community to include it in what they’re building, rather than making an appetite of adding it after it’s already been deployed. So I think that’s a major focus in the DevSecOps market. Make it part of what is built. Don’t allow it to become an afterthought,” Flint said. The future of cybersecurity will increasingly be defined by how easily Identity Access Management (IAM) and Privileged Access Management (PAM) can be designed at the beginning of DevOps and DevSecOps cycles.

Conclusion

What I find most compelling about his vision is how essential every person is to breaking apart complex cybersecurity problems and solving them. Flint’s vision of providing DevOps teams with the tools they need to design in identity access management is groundbreaking. No one is talking about design wins in this area of the market today.

Centrify is quickly turning into a company that actively seeks out their customers’ most difficult obstacles and uses them to challenge itself to grow and do excellent work. They are looking for cybersecurity leaders with cloud-based development skills, AI skills and automation skills who are up for the challenge.

83% Of Enterprises Transformed Their Cybersecurity In 2020

83% Of Enterprises Transformed Their Cybersecurity In 2020

  • 73% of enterprises (over 500 employees) accelerated their cloud migration plans to support the shift to remote working across their organizations due to the pandemic.
  • 81% of enterprises accelerated their IT modernization processes due to the pandemic.
  • 48% of all companies surveyed have accelerated their cloud migration plans, 49% have sped up their IT modernization plans because of Covid-19.
  • 32% of large-scale enterprises, over 500 employees, are implementing more automation using artificial intelligence-based tools this year.

These and many other insights are from a recent survey of IT leaders completed by CensusWide and sponsored by Centrify. The survey’s objectives on understanding how the dynamics of IT investments, operations and spending have shifted over the last six months. The study finds that the larger the enterprise, the more important it is to secure remote access to critical infrastructure to IT admin teams. Remote access and updating privacy policies and notices are two of the highest priorities for mid-size organizations to enterprises today. The methodology is based on interviews with 215 IT leaders located in the U.S.     

Key insights from the survey include the following:

  • The overwhelming majority of enterprises have transformed their cybersecurity approach over the last six months, with 83% of large-scale enterprises leading all organizations. It’s encouraging to see small and medium-sized businesses adjusting and improving their approach to cybersecurity. Reflecting how digitally-driven many small and medium businesses are, cybersecurity adjustments begin in organizations with 10 to 49 employees. 60% adjusted their cloud security postures as a result of distributed workforces. 

83% Of Enterprises Transformed Their Cybersecurity In 2020

  • 48% of all organizations had to accelerate cloud migration due to the pandemic, with larger enterprises leading the way. Enterprises with over 500 employees are the most likely to accelerate cloud migration plans due to the pandemic. 73.5% of enterprises with more than 500 employees accelerated cloud migration plans to support their employees’ remote working arrangements, leading all organization categories. This finding reflects how cloud-first the largest enterprises have become this year. It’s also consistent with many other surveys completed in 2020, reflecting how much the cloud has solidly won the enterprise. 
83% Of Enterprises Transformed Their Cybersecurity In 2020
  • 49% of all organizations and 81% of large-scale enterprises had to accelerate their IT modernization process due to the pandemic. For the largest enterprises, IT modernization equates to digitizing more processes using cloud-native services (59%), maintaining flexibility and security for a partially remote workforce (57%) and revisiting and adjusting their cybersecurity stacks (40%).
83% Of Enterprises Transformed Their Cybersecurity In 2020
  •  51% of enterprises with 500 employees or more are making remote, secure access their highest internal priority. In contrast, 27% of all organizations’ IT leaders say that providing secure, granular access to IT admin teams, outsourced IT and third-party vendors is a leading priority. The larger the enterprise, the more important remote access becomes. The survey also found organizations with 250 – 500 employees are most likely to purchase specific cybersecurity tools and applications to meet compliance requirements. 
83% Of Enterprises Transformed Their Cybersecurity In 2020

 

Conclusion & Wrap-Up  

IT leaders are quickly using the lessons learned from the pandemic as a crucible to strengthen cloud transformation and IT modernization strategies. One of every three IT leaders interviewed, 34%, say their budgets have increased during the pandemic. In large-scale enterprises with over 500 employees, 59% of IT leaders have seen their budgets increase.

All organizations are also keeping their IT staff in place. 63% saw little to no impact on their teams, indicating that the majority of organizations will have both the budget and resources to maintain or grow their cybersecurity programs. 25% of IT leaders indicated that their company plans to keep their entire workforce 100% remote.

It’s encouraging to see IT leaders getting the support they need to achieve their cloud transformation and IT modernization initiatives going into next year. With every size of organization spending on cybersecurity tools, protecting cloud infrastructures needs to be a priority. Controlling administrative access risk in the cloud and DevOps is an excellent place to start with a comprehensive, modern Privileged Access Management solution. Leaders in this field, including Centrify, whose cloud-native architecture and flexible deployment and management options, deliver deep expertise in securing cloud environments.

Absolute’s CEO Christy Wyatt On The Future Of Endpoint Security

Absolute's CEO Christy Wyatt On The Future Of Endpoint Security

Removing any doubt endpoints are resilient, self-healing and secure is what matters most to cybersecurity leaders today. It has become the highest priority across education, enterprise, financial services and government organizations in 2020 and beyond. At the same time, CIOs and CISOs are recognizing that endpoint complexity itself is a vulnerability. Absolute’s 2020 State of Endpoint Resilience Report​  finds there are now 10.2 agents per endpoint installed, up from 9.8. Add to this how quickly software agents degrade across thousands of remote devices and the size of the challenge becomes clear. 

Absolute’s approach to delivering unified endpoint security using their Endpoint Resilience platform that creates a permanent digital tether to every endpoint in the enterprise is getting noticed by CIOs and CISOs. IT leaders say Absolute’s ability to provide greater visibility and control is what they need. Interested in learning more about how Absolute is helping customers taking on the many challenges of protecting the proliferating number of endpoints today and how the company sees the future, I recently spoke with Christy Wyatt, CEO. (You can see my discussion with her last year here.)

Under her leadership, Absolute’s revenues, customer retention and Net Income continue to grow. Total revenue in Q4-FY2020 was $27.2M, representing a year-over-year increase of 7%. Annual revenue in FY2020 was $104.7M, representing an increase of 6% over F2019. Absolute also attained a 14% year-over-year increase in Enterprise and Government revenue making this segment 68% of Total ARR on June 30, 2020.

Christy is one of the most brilliant, insightful leaders in cybersecurity today and her perspective on the future of endpoint security makes for a fascinating discussion. The following is my interview with her:  

Louis: When you look back over the last eight months, which decisions and strategies do you see as being pivotal to Absolute’s growth and the fact that you accomplished so much, so quickly?

Christy: That’s a great question and the first thing that jumps to mind is our decision that Endpoint Resilience needs to be its own category. This was kind of a new thing. Many people talk about finding bad guys and the need for identity and access management.. there is a lot of use of the fear factor. And as an industry, we kept thinking of different ways devices could be compromised and we kept adding more security controls to solve those problems.

The thesis we arrived at, here at Absolute, is, “Listen, more isn’t always better. Making sure that things are actually working in there when you need them, that’s what is more important.” Because when you spend a lot of money on solutions, or when you tell your board or your CEO that you have a particular control and are now safe from a specific kind of risk… you need to go to sleep at night knowing that that’s in fact true. There needs to be a foundational belief that there is something solid to stand on when bad things happen.

And so, much of what we did this past year was really focused on quantifying that rate of decay because we believe that it is a painful problem organizations are having. I think that we are making traction and the insights we continue to publish on the state of Endpoint Resilience is really helping with that.

Louis: On your last earnings call, you talked about undeletable endpoint security and how it caught on in the education market. Did you change your go-to-market strategy this quarter to show you could scale an enterprise-wide deployment with teachers and administrators?

Christy: What’s important to remember is that we’ve been in business 20 years and that we started in education – as the one-to-one laptop initiatives for school kids were just getting underway. Those devices were very expensive and so that is the first problem we worked to solve. If somebody got their hands on a student’s device, how do you build a security platform that can survive anything that happens to that device? That was the original design premise all those years ago. And so, we have deep experience in things like scalability and solving problems for the education market.

What we’ve been seeing n the education market over the last couple of years has really been that, while technology has been an enabler for students, they weren’t necessarily thinking about teachers and administrators. So the challenge that they’ve grappled with over the last few months, notably with the accelerated shift to remote learning, is figuring out how to be both a digital and remote organization all at once. A lot of their processes were not yet online and not every single individual was connected.

Because we have a long-standing relationship with this community, we have a lot of expertise in the providing the scale and stability that they need. It was relatively intuitive for us to step and say, “Listen, these are things we can help you with. Here’s the bigger picture of things we could be helping you with, as you’re still figuring out distance learning and how to mobilize students.” Because we’ve also while serving education, we’ve also been serving banks and governments – and our enterprise business has been growing quite nicely over the years as well.

And I think we’re going to see that continue, because even as schools are contemplating sending children back to school, nobody knows whether this is a long-term or short-term. The new term I’ve started using is operational agility… and I think it applies to enterprise as well as it goes to education. I don’t think we ever again get to take for granted location and physical proximity to employees or students or devices. It has become a critical KPI for most organizations going forward.

Louis: Excellent point. And with regard to enterprise and government sectors growing 14% annually, what did you see in the eight months of this year that led to the double-digit growth in those markets?

Christy: Very few organizations had ever really contemplated the question, “What would happen if everybody had to be remote at a moment’s notice?” While our enterprise business has been experiencing double-digit growth for quite a while now, the onset of the pandemic really accelerated that growth. There has been a shift in thinking, that working remotely is not just for a smaller population of road warriors and sales reps and executives. I’ve spoken with many organizations that would say having a permanent digital connection to a device is really important for the people who are on airplanes and in a taxi cabs. But, I have a large percentage of my population that has a device that really they only use at work. Maybe it’s a laptop, maybe it’s a desktop – but either way, 99% of the time they are here. Or the times that they’re not here, they can VPN in. And I think that’s really become the challenge, that we can’t make that assumption anymore.

A lot of customers are rethinking all of that right now, as they’re seeing that being a remote, digitally-led organization can actually fit within their business model. If they give employees the flexibility to do what they love, where they want to do it, they’ll have an edge. While this is something that’s been forced on us, as with many things, the more you practice, the better you get… and then at some point, it becomes a part of the company’s DNA. And you learn to trust that you’re going to be safe and secure, your data and your employees are going to be just fine, because you don’t lose connection with them just because you can’t see them.

Louis: I think trust is an accelerator and Absolute’s success with endpoint security shows how to enable it at scale across organizations. Now with 13,000 customers, Absolute’s approach to building trust is working well.

On the earnings call you gave guidance of $112M to $118M with between 7% to 13% growth defined by how accounting transactions are handled. Underneath those figures, what’s the customer segment or what’s the geographic segment that you believe will be the primary catalyst for that revenue growth?

Christy: Perhaps a bit unusually for company our size, a large percentage of our revenue is actually North America-based. Our international markets have been some of the fastest growing segments for us. Our ecosystem of partners that we support – notably, the large PC and device manufacturers and their indirect channels – most of those are global entities and would like to support their customers in the same way internationally that they support them in North America. So one big focus for us is doing more selling and marketing globally, to meet this need.

I think the other big catalyst is going to be this shift to Resilience. We have a lot of customers who still rely on us for making sure they’re always connected to their devices and able to take preventative action – such as selectively wiping images or freezing a device, or geo-fencing a device from specific locations. While that’s certainly a critical set of capabilities, because we’re sitting in the hardware and sort of looking up at the software, we can help with this concept of self-healing. We can make sure that the critical controls you care about are truly working and protecting your employees.

A lot of the conversations we’re having, especially with new customers, are really focused on these capabilities. It’s not just, “How do I make sure I always know where my things are and that I can take action on them no matter where they are?” Instead, it’s “how do I use automated workflows to remediate risk? How do I have devices fix themselves so that my IT people don’t have to drown and help those calls?”

This concept of persistence and true self-healing that’s rooted in the hardware, I think is really, really powerful.. and the value of that really starts to become apparent when we’re in a world that looks like this. So I think those are some big focus areas for us as we go in the next year.

Louis: I like that one point you made on the earnings call about intelligence efforts, providing more data in a more interactive way for customers. I thought that that was really insightful and I think relevant to what you’ve been saying throughout our discussion. How do you help customers see themselves in a new way with new metrics, more interactively, more intuitively with greater insight?

Christy:  It’s a different view for us and it’s something I’m very excited about. When it comes to a new product, I focus on, “What’s the question the customer’s going to be asking? What’s the problem they’re trying to solve?” And from there, “How do I package that up neatly so that they click on a button and get a report and it solves all of their problems?” But that’s not the world we live in today, especially when you have so many moving parts and things are continuously changing.

So it’s a different design philosophy when we say to the team, “You actually have no idea what question the customer is going to ask. Your job is to create tools that allow them to ask any question they have and then help them define the answer, either using our tool or using our data in some other tool.” At the end of the day, that’s how they get closer to the truth about what’s going on within their organization… and how they gain the ability to make better decisions.

Louis: Absolutely, that’s key to creating a culture that can continues to innovate and with Absolute’s focus on helping customers attain greater autonomous endpoint resiliency, it’s proving to be a strong catalyst for future growth too.

What’s New In Gartner’s Hype Cycle For Endpoint Security, 2020

What’s New In Gartner’s Hype Cycle For Endpoint Security, 2020

  • Remote working’s rapid growth is making endpoint security an urgent priority for all organizations today.
  • Cloud-first deployment strategies dominate the innovations on this year’s Hype Cycle for Endpoint Security.
  • Zero Trust Security (ZTNA) is gaining adoption in enterprises who realize identities are the new security perimeter of their business.
  • By 2024, at least 40% of enterprises will have strategies for adopting Secure Access Service Edge (SASE) up from less than 1% at year-end 2018.

These and many other new insights are from Gartner Hype Cycle for Endpoint Security, 2020 published earlier this year and the recent announcement, Gartner Says Bring Your Own PC Security Will Transform Businesses within the Next Five Years. Gartner’s definition of Hype Cycles includes five phases of a technology’s lifecycle and is explained here.  There are 20 technologies on this year’s Hype Cycle for Endpoint Security. The proliferation of endpoint attacks, the rapid surge in remote working, ransomware, fileless and phishing attacks are together, creating new opportunities for vendors to fast-track innovation. Cloud has become the platform of choice for organizations adopting endpoint security today, as evidenced by the Hype Cycle’s many references to cloud-first deployment strategies.  The Gartner Hype Cycle for Endpoint Security, 2020, is shown below:

What’s New In Gartner’s Hype Cycle For Endpoint Security, 2020

 

Details Of What’s New In Gartner’s Hype Cycle for Endpoint Security, 2020

  • Five technologies are on the Hype Cycle for the first time reflecting remote working’s rapid growth and the growing severity and sophistication of endpoint attacks. Unified Endpoint Security, Extended Detection and Response, Business E-Mail Compromise Protection, BYOPC Security and Secure Access Service Edge (SASE) are the five technologies added this year. Many organizations are grappling with how to equip their remote workforces with systems, devices and smartphones, with many reverting to have employees use their own. Bring your PC (BYOPC) has become so dominant so fast that Gartner replaced BYOD on this year’s Hype Cycle with the new term. Gartner sees BYOPC as one of the most vulnerable threat surfaces every business has today. Employees’ devices accessing valuable data and applications continues to accelerate without safeguards in place across many organizations.
  • Extended detection and response (XDR) are on the Hype Cycle for the first time, reflecting the trend of vendor consolidation across cybersecurity spending today. Gartner defines XDR as a vendor-specific, threat detection and incident response tool that unifies multiple security products into a security operations system. XDR and its potential to reduce the total cost and complexity of cybersecurity infrastructures is a dominant theme throughout this year’s Hype Cycle. XDR vendors are claiming that their integrated portfolios of detection and response applications deliver greater accuracy and prevention than stand-alone systems, driving down Total Cost of Ownership (TCO) and increasing productivity. Key vendors in XDR include Cisco, FireEye, Fortinet, McAfee, Microsoft, Palo Alto Networks, Sophos, Symantec and Trend Micro.
  • Business email compromise (BEC) protection is on the Hype Cycle for the first time this year. Phishing attacks cost businesses $1.8B in 2019, according to the FBI, underscoring the need for better security in the area of business email. Gartner defines business email compromise (BEC) protection as a series of solutions that detect and filter malicious emails that fraudulently impersonate business associates to misdirect funds or data. There have been many instances of business email compromise attacks focused on C-level executives, hoping that a fraudulent directive from them to subordinates leads to thousands of dollars being transferred to outside accounts or being sent in gift cards. Gartner found that fraudulent invoices accounted for 39% of such attacks in 2018, posing an internal risk to organizations and reputation risk.
  • Unified Endpoint Security (UES) is being driven by IT organizations’ demand for having a single security console for all security events. Gartner notes that successful vendors in UES will be those that can demonstrate significant productivity gains from the integration of security and operations and those that can rapidly process large amounts of data to detect previously unknown threats. CIOs and CISOs are looking for a way to integrate UES and Unified Endpoint Management (UEM), so their teams can have a single, comprehensive real-time console of all devices that provides alerts of any security events. The goal is to adjust security policies across all devices. Absolute’s approach to leveraging their unique persistence, resilience and intelligence capabilities are worth watching. Their approach delivers unified endpoint security by relying on their Endpoint Resilience platform that includes a permanent digital tether to every endpoint in the enterprise. By having an undeletable digital thread to every device, Absolute is enabling self-healing, greater visibility and control. Based on conversations with their customers in Education and Healthcare, Absolute’s unique approach gives IT complete visibility into where every device is at all times and what each device configuration looks like in real-time.
  • Unified Endpoint Management (UEM) is expanding rapidly beyond managing PCs and mobile devices to provide greater insights from endpoint analytics and deeper integration Identity and Access Management. Gartner notes interest in UEM remains strong and use-case-driven across their client base. UEM’s many benefits, including streamlining continuous OS updates across multiple mobile platforms, enabling device management regardless of the connection and having an architecture capable of supporting a wide range of devices and operating systems are why enterprises are looking to expand their adoption of UEM. Another major benefit enterprises mention is automating Internet-based patching, policy, configuration management. UEM leaders include MobileIron, whose platform reflects industry leadership with its advanced unified endpoint management (UEM) capabilities. MobileIron provides customers with additional security solutions integrated to their UEM platform, including passwordless multi-factor authentication (Zero Sign-On) and mobile threat defense (MTD). MTD is noteworthy for its success at MobileIron customers who need to validate devices at scale, establish user context, verify network connections, then detect and remediate threats.
  •  Gartner says ten technologies were either removed or replaced in the Hype Cycle because they’ve evolved into features of broader technologies or have developed into tools that address more than security. The ten technologies include protected browsers, DLP for mobile devices, managed detection and response, user and entity behavior analytics, IoT security, content collaboration platforms, mobile identity, user authentication, trusted environments and BYOD being replaced by BYOPC.

 

Answers To Today’s Toughest Endpoint Security Questions In The Enterprise

Answers To Today's Toughest Endpoint Security Questions In The Enterprise

  • Enterprises who are increasing the average number of endpoint security agents from 9.8 last year to 10.2 today aren’t achieving the endpoint resilience they need because more software agents create more conflicts, leaving each endpoint exposed to a potential breach.
  • 1 in 3 enterprise devices is being used with a non-compliant VPN, further increasing the risk of a breach.
  • 60% of breaches can be linked to a vulnerability where a patch was available, but not applied. Windows 10 devices in enterprises are, on average, 95 days behind on patches.

CIOs, CISOs and cybersecurity teams say autonomous endpoint security is the most challenging area they need to strengthen in their cybersecurity strategy today. Software agents degrade faster than expected and conflict with each other, leaving endpoints exposed. Absolute’s 2020 State of Endpoint Resilience Report quantifies the current state of autonomous endpoint security, the scope of challenges CISOs face today and how elusive endpoint resiliency is to achieve with software agents. It’s an insightful read if you’re interested in autonomous endpoint security.

Endpoint Security Leads CISOs’ Priorities In 2020

With their entire companies working remotely, CIOs and CISOs I’ve spoken with say autonomous endpoint security is now among their top three priorities today. Cutting through the endpoint software clutter and turning autonomous endpoint security into a strength is the goal. CISOs are getting frustrated with spending millions of dollars among themselves only to find out their endpoints are unprotected due to software conflicts and degradation.  Interested in learning more, I spoke with Steven Spadaccini, Vice President, Sales Engineering at Absolute Software and one of the most knowledgeable autonomous endpoint cybersecurity experts I’ve ever met. Our conversation delved into numerous cybersecurity challenges enterprise CIOs and CISOs are facing today. My interview with him is below:

The Seven Toughest Questions the C-Suite Is Asking About Endpoint Security

Louis: Thank you for your time today. I have seven questions from CIOs, CISOs and their teams regarding endpoint security. Let’s get started with their first one. What happens if an endpoint is compromised, how do you recover, encrypt, or delete its data?

Steven:  It’s a challenge using software agents, both security and/or management, to do this as each agents’ tools and features often conflict with each other, making a comprised endpoints’ condition worse while making it virtually impossible to recover, encrypt, delete and replace data. The most proven approach working for enterprises today is to pursue an endpoint resilience strategy. At the center of this strategy is creating a root of trust in the hardware and re-establishes communication and control of a device through an unbreakable digital tether. I’m defining Endpoint Resilience as an autonomous endpoint security strategy that ensures connectivity, visibility and control are achieved and maintained no matter what is happening at the OS or application level. Taking this approach empowers devices to recover automatically from any state to a secure operational state without user intervention. Trust is at the center of every endpoint discussion today as CIOs, CISOs and their teams want the assurance every endpoint will be able to heal itself and keep functioning

Louis: Do endpoint software security solutions fail when you lose access to the endpoint, or is the device still protected at the local level?

Steven: When they’re only protected by software agents, they fail all the time. What’s important for CISOs to think about today is how they can lead their organizations to excel at automated endpoint hygiene. It’s about achieving a stronger endpoint security posture in the face of growing threats. Losing access to an endpoint doesn’t have to end badly; you can still have options to protect every device. It’s time for enterprises to start taking a more resilient-driven mindset and strategy to protecting every endpoint – focus on eliminating dark endpoints. One of the most proven ways to do that is to have endpoint security embedded to the BIOS level every day. That way, each device is still protected to the local level. Using geolocation, it’s possible to “see” a device when it comes online and promptly brick it if it’s been lost or stolen.

Louis: How can our cybersecurity team ensure compliance that all cybersecurity software is active and running on all endpoints?

Steven: Compliance is an area where having an undeletable tether pays off in a big way. Knowing what’s going on from a software configuration and endpoint security agent standpoint – basically the entire software build of a given endpoint – is the most proven way I’ve seen CISOs keep their inventory of devices in compliance. What CISOs and their teams need is the ability to see endpoints in near real-time and predict which ones are most likely to fail at compliance. Using a cloud-based or SaaS console to track compliance down to the BIOS level removes all uncertainty of compliance. Enterprises doing this today stay in compliance with HIPAA, GDPR, PCI, SOX and other compliance requirements at scale. It’s important also to consider how security automation and orchestration kicks on to instantly resolve violations by revising security controls and configurations, restoring anti-malware, or even freezing the device or isolating it from data access. Persistent visibility and control give organizations what they need to be audit-ready at every moment.

Having that level of visibility makes it easy to brick a device. Cybersecurity teams using Absolute’s Persistence platform can lead to humorous results for IT teams, who call the bricking option a “fun button as they watch hackers continually try to reload new images and right after they’re done, re-brick the device again. One CIO told the story of how their laptops had been given to a service provider who was supposed to destroy them to stay in compliance with the Health Insurance Portability and Accountability Act (HIPAA) and one had been resold on the black market, ending up in a 3rd world nation. As the hacker attempted to rebuild the machine, the security team watched as each new image was loaded at which time they would promptly brick the machine. After 19 tries, the hacker gave up and called the image rebuild “brick me.”

Louis: With everyone working remote today, how can we know, with confidence where a given endpoint device is at a moments’ notice?

Steven: That’s another use case where having an undeletable tether pays off in two powerful ways: enabling autonomous endpoint security and real-time asset management. You can know with 100% confidence where a given endpoint device is in real-time so long as the device is connected to a permanent digital tether . Even if the device isn’t reachable by your own corporate network it’s possible to locate it using the technologies and techniques mentioned earlier. CIOs sleep better at night knowing every device is accounted for and if one gets lost or stolen, their teams can brick it in seconds.

Louis: How can our IT and cybersecurity teams know all cybersecurity applications are active and protecting the endpoint?

Steven: By taking a more aggressive approach to endpoint hygiene, it’s possible to know every application, system configuration and attributes of user data on the device. It’s important not to grow complacent and assume the gold image IT uses to configure every new or recycled laptop is accurate. One CIO was adamant they had nine software agents on every endpoint, but Absolute’s Resilience platform found 16, saving the enterprise from potential security gaps. The gold image is an enterprise IT team was using had inadvertently captured only a subset of the total number of software endpoints active on their networks. Absolute’s Resilience offering and Persistence technology enabled the CIO to discover gaps in endpoint security the team didn’t know existed before.

Louis: How can we restrict the geolocations of every endpoint?

Steven: This is an area that’s innovating quickly in response to the needs enterprises have to track and manage assets across countries and regions. IP tracking alone isn’t as effective as the newer techniques, including GPS tracking, Wi-Fi triangulation, with both integrated into the Google Maps API. Enterprises whose business relies on Personal Identifiable Information (PII) is especially interested in and adopting these technologies today. Apria Healthcare is currently using geofencing for endpoint security and asset management. They have laptops in use today across Indonesia, the Philippines and India. Given the confidential nature of the data on those devices and compliance with local government data protection laws, each laptop needs to stay in the country they’re assigned to. Geofencing gives Apria the power to freeze any device that gets outside of its region within seconds, averting costly fines and potential breaches.

Louis: How can our IT team immediately validate an endpoint for vulnerabilities in software and hardware?

Steven: The quickest way is to design in audit-ready compliance as a core part of any endpoint resilience initiative. Endpoint resilience to the BIOS level makes it possible to audit devices and find vulnerabilities in real-time, enabling self-healing of mission-critical security applications regardless of complexity. The goal of immediately validating endpoints for current security posture needs to be a core part of any automated endpoint hygiene strategy. It’s possible to do this across platforms while being OS-agnostic yet still accessible to over 500M endpoint devices, deployed across Microsoft Windows, macOS via a Mac Agent and Chrome platforms.

Conclusion

Knowing if their autonomous endpoint security and enterprise-wide cybersecurity strategies are working or not is what keeps CIOs up the most at night. One CISO confided to me that 70% of the attempted breaches to his organization are happening in areas he and his team already knew were vulnerable to attack. Bad actors are getting very good at finding the weakest links of an enterprises’ cyber defenses fast. They’re able to look at the configuration of endpoints, see which software agents are installed, research known conflicts and exploit them to gain access to corporate networks. All this is happening 24/7 to enterprises today. Needing greater resilient, persistent connections to every device, CISOs are looking at how they can achieve greater resilience on every endpoint. Capitalizing on an undeletable tether to track the location of the device, ensure the device and the apps on that device have self-healing capabilities and gain valuable asset management data  – these are a few of the many benefits they’re after.

Improving Online Learning Experiences One Secured Endpoint At A Time

Improving Online Learning Experiences One Secured Endpoint At A Time

Bottom Line: Defining the perfect mix of cloud apps, platforms and secured endpoints to create compelling online learning experiences customizable to students’ learning strengths is how schools are overcoming the challenge of virtual teaching.

There are over 56 million students in the U.S. alone who are relying on remote learning apps, platforms and autonomous endpoint security to protect them as they pursue their education. School districts, online educators and teachers quickly realized the move to 100% online classes could mean the end to outdated mechanized approaches to teaching. Eager to teach using technologies that tailor individual learning programs to every student’s unique learning strengths, schools are combining cloud, e-learning and endpoint security with strong results. Combining technologies gives every student regardless of their socioeconomic background a chance to excel. The goal is to provide unique personalized instruction at scale using a teaching technique called scaffolding. Scaffolding stresses creating an individual learning plan for each student complete with reinforcement for each lesson.

Why Cybersecurity Is The Cornerstone Of Online Learning 

Tailoring the latest technologies to the diverse needs of online learners is the easy part of creating an online learning program. Far more difficult is choosing the right endpoint security strategies to protect their identities, every one of their video conference sessions with peers and teachers and thwarting breach attempts. Parents, teachers, students and administrators all need to trust an e-learning platform to make it work. The bottom line is an e-learning platform needs to create and grow trust while being adaptive enough to meet students’ unique learning needs.

Interested in learning more about how leading online educators are bringing together the latest cloud and autonomous endpoint security technologies to help students learn online, I recently interviewed Eric Ramos Chief Technology Officer at Duarte Unified School District and Dean Phillips, Senior Technology Director, David Atkins, Director of Marketing and Communications and Jennifer Shoaf, Deputy Chief Academic Officer at PA Cyber.  Duarte Unified School District (USD) serves the educational needs of 3,400 scholars at the elementary, K-8 and high school levels. The Pennsylvania Cyber Charter School (PA Cyber) in Midland, PA, is one of the most experienced and successful online K-12 public schools in the nation serving over 12,000 students. Together the group of education professionals provided valuable insights into how educators can combine cloud, collaboration and cybersecurity applications to create more personalized, effective learning experiences for students. David Atkins of PA Cyber says that their approach to e-learning is succeeding because they take a fully holistic view of the student, their family and their situation. “Our collaboration with the student starts from the very moment that there’s interest in having some sort of cyber education. And we go from enrollments, all the way through any issues of that students could have, or the students family could have and take them all the way through graduation’ David said. “We take the time to listen and see the student as a complete person.”

The following are the key insights based on our conversations:

  • Choosing to make cybersecurity the highest priority treats students as customers, protecting their unique online learning experiences while providing excellent access across all socioeconomic levels. That’s when online learning experiences excel. What’s impressive how committed the team of educators I spoke with is about making technology work as a catalyst to help every student achieve their educational goals across all socioeconomic levels. They’re also the most advanced at tailoring complex technologies to deliver customized online learning experiences with PA Cyber serving 12,000 remote students at once. “Each of our students is different and they’re looking to accomplish different things and they learn in different ways. We have a different classroom options that they can choose from. And we have a lot of different scaffolding options in place when it comes to our instructional platform, “Jennifer Shoaf, Deputy Chief Academic Officer at PA Cyber said. Eric Ramos, CTO at USD says that he and his staff “reach out to teachers and staff members and provide them with the latest cybersecurity alerts and make sure they are aware of how their autonomous endpoint security platform is securing every laptop and making their job of staying in compliance to security protocols easy.” Eric continued saying that, “having an undeletable digital tether gives my staff, senior educators and me peace of mind, especially with summer here and the need to keep track of the Chromebooks out with students and families.”
  • The more resilient the autonomous endpoint security on the laptop, the easier it is to secure, upgrade and locate each of them if they’re lost or stolen. Duarte Unified School District provides Chromebooks to students for use all year long, often also providing an Internet HotSpot as many students’ families don’t have Internet access. PA Cyber provides students a Dell laptop and an entire technology kit that includes printers and peripherals as well. Having an undeletable digital tether to every laptop makes it possible to keep every system up to date on security and system patches. Dean Phillips, Senior Technology Director at PA Cyber, says that it’s been very helpful to know each laptop has active autonomous endpoint security running at all times. Dean says that endpoint management is a must-have for PA Cyber “We’re using Absolute’s Persistence to ensure an always-on, two-way connection with our IT management solution, Kaseya®, which we use to remotely push out security patches, new applications and scripts. That’s been great for students’ laptops as we can keep updates current and know where the system is. Without an endpoint management solution on student laptops, it is very difficult to manage endpoints without that agent. So Absolute absolutely helps us with that as well. That’s been a big plus.” Eric Ramos, CTO, says that Absolute has been great, especially when student calls in and says they can’t find their laptop. I don’t know where it is. It’s lost or maybe stolen. We’re able to pull that up, figure out the last time it got pinged and we can locate that usually. Nine times out of 10, the student finds it by next day by just having that information. So that’s been crucial. It’s always been something we love having.”
  • Standardize on a secure cloud platform that is flexible enough to support scaffolding or individualized learning yet hardened enough to protect every laptop connected to it via an undeletable digital tether. A major challenge both online schools face is keeping their cloud platforms adaptive enough to support students’ varying skills yet also secure enough to protect every student online.  Dean Phillips, Senior Technology Director at PA Cyber, says that it’s best to “keep technology as simple as possible for the students and families. Standardization is key, I think, with everything you do from a technology standpoint. Making sure that you build from the inside out from the core. Your applications and networks and making sure that that’s consistent all the way to the endpoint, I think that’s extremely important.” PA Cyber’s lessons learned creating a secure and adaptive e-learning platform makes the goal of providing personalized instruction for every student achievable at scale.  Jennifer Shoaf, Deputy Chief Academic Officer at PA Cyber, explains how the school personalizes online instruction for every student. “It all starts when the student first comes to PA Cyber and we try to get an understanding of where they are and where they should be and where they want to see themselves, whether it’s in a month or in a couple years, or when they graduate from our school. So one of the things that we pride ourselves on here at this school is allowing for multiple modes of instruction for our students,” Jennifer said.
  • Capitalizing on the excellent asset management reporting autonomous endpoint security solutions have, CTOs and senior IT directors are gaining new insights into how to improve learning effectiveness. Having resilient, persistent connections to every endpoint with an undeletable digital tether also provides invaluable asset management data. Eric Ramos of Duarte USD and Dean Phillips of PA Cyber are leaders in this area of e-learning today. Eric Ramos says that asset management and activity reports made possible by the autonomous endpoint platform he is using from Absolute makes getting prepared for senior management meetings easy. “During principal meetings, I’m able to pull up these reports and say, look, these were the goals at the beginning of the year to use these four products at this amount of time. And here’s where you’re at on a small window. Or you can look at it over time and saying, this has been an increase here, this is a decrease here, these sites are doing really well with it, these sites may be not. But let’s now talk about what’s working for you. What are your teachers liking about the particular program? Or, program aside, how are your results coming about?” Eric Ramos, CTO said.

Conclusion

Delivering an excellent online learning experience needs to start with a cybersecurity strategy that includes autonomous endpoint security. Duarte USD and PA Cyber are leaders in this field, being among the first to see how combining core technologies while having an undeletable digital tether to every laptop is a must-have. Earning and growing the trust of parents, students, teachers and school administrators start with an endpoint security strategy that can adapt and grow as an e-learning program does.

Why Security Needs To Be Integral To DevOps

Why Security Needs To Be Integral To DevOps

Bottom Line: DevOps and security teams need to leave one-time gating inspections in the past and pursue a more collaborative real-time framework to achieve their shared compliance, security and time-to-market goals.

Shorter product lifecycles the need to out-innovate competitors and exceed customer expectations with each new release are a few of the many reasons why DevOps is so popular today. Traditional approaches to DevOps teams collaborating with security aren’t working today and product releases are falling behind or being rushed to-market leading to security gaps as a result.

Based on conversations with DevOps team leaders and my own experience being on a DevOps team the following are factors driving the urgency to integrate security into DevOps workflows:

  • Engineering, DevOps and security teams each have their lexicon and way of communicating reinforced by siloed systems.
  • Time-to-market and launch delays are common when engineering, DevOps and security don’t have a unified system to use that includes automation tools to help scale tasks and updates.
  • Developers are doing Application Security Testing (AST) with tools that aren’t integrated into their daily development environments, making the process time-consuming and challenging to get done.
  • Limiting security to the testing and deployment phases of the Software Development Lifecycle (SDLC) is a bottleneck that jeopardizes the critical path, launch date and compliance of any new project.
  • 70% of DevOps team members have not been trained on how to secure software adequately according to a DevSecOps Global Skills survey.

Adding to the urgency is the volume of builds DevOps teams produce in software companies and enterprises daily and the need for having security integrated into DevOps becomes clear. Consider the fact that Facebook on Android alone does 50,000 to 60,000 builds a day according to research cited from Checkmarx who is taking on the challenge of integrating DevOps and security into a unified workflow. Their Software Security Platform unifies DevOps with security and provides static and interactive application security testing, newly launched software composition analysis and developer AppSec awareness and training programs to reduce and remediate risk from software vulnerabilities.

Synchronizing Security Into DevOps Delivers Much Needed Speed & Scale

DevOps teams thrive in organizations built for speed, continuous integration, delivery and improvement. Contrast the high-speed always-on nature of DevOps teams with the one-time gating inspections security teams use to verify regulatory, industry and internal security and compliance standards and it’s clear security’s role in DevOps needs to change. Integrating security into DevOps is proving to be very effective at breaking through the roadblocks that stand in the way of getting projects done on time and launched into the market.  Getting the security and DevOps team onto the same development platform is needed to close the gaps between the two teams and accelerate development. Of the many approaches available for accomplishing this Checkmarx’s approach to integrating Application Security Testing into DevOps shown below is among the most comprehensive:

Why Security Needs To Be Integral To DevOps

Making DevOps A Core Strength Of An Organization

By 2025 nearly two-thirds of enterprises will be prolific software producers with code deployed daily to meet constant demand and over 90% of new apps will be cloud-native, enabling agility and responsiveness according to IDC FutureScape: Worldwide IT Industry 2020 Predictions. IDC also predicts there will be 1.6 times more developers than now, all working in collaborative systems to enable innovation. The bottom line is that every company will be a technology company in the next five years according to IDC’s predictions.

To capitalize on the pace of change happening today driven by DevOps, organizations need frameworks that deliver the following:

  • Greater agility and market responsiveness – Organizations need to create operating models that integrate business, operations and technology into stand-alone businesses-within-the-business domains.
  • Customer Centricity at the core of business models – The best organizations leverage a connected economy to ensure that they can meet and exceed customer expectations.  By creating an ecosystem that caters to every touchpoint of the customer journey using technology, these organizations seem to anticipate their customer needs and deliver the goods and services needed at the right time via the customer’s preferred channel.  As a result, successful organizations see growth from their existing customer base while they acquire new ones.
  • Have a DNA the delivers a wealth of actionable Insights – Organizations well-positioned to turn data into insights that drive actions to serve and anticipate customer needs are ahead of competitors today regarding time-to-market.  These organizations know how to pull all the relevant information, capabilities and people together so they can act quickly and efficiently in making the right decisions. They are the companies that will know the outcome of their actions before they take them and they will be able to anticipate their success.

BMC’s Autonomous Digital Enterprise framework, shown below highlights how companies that have an innovation mindset and the three common traits of agility, customer centricity and actionable insights at their foundation have greater consistency and technology maturity in their business model characteristics compared to competitors. They also can flex and support fundamental operating model characteristics and key technology-enabled tenets. These tenets include delivering a transcendent customer experience, automating customer transactions and providing automation everywhere seeing enterprise DevOps as a natural evolution of DevOps, enabling a business to be more data-driven and achieving more adaptive cybersecurity in a Zero-Trust framework.

Why Security Needs To Be Integral To DevOps

Conclusion

Meeting the challenge of integrating security in DevOps provides every organization with an opportunity to gain greater agility and market responsiveness, become more customer-centric and develop the DNA to be more data-driven. These three goals are achievable when organizations look to how they can build on their existing strengths and reinvent themselves for the future. As DevOps success goes so goes the success of any organization. Checkmarx’s approach to putting security at the center of DevOps is helping to break down the silos that exist between engineering, DevOps and security. To attain greater customer-centricity, become more data-driven and out-innovate competitors, organizations are adopting frameworks including BMC’s Autonomous Digital Enterprise to reinvent themselves and be ready to compete in the future now.

 

 

 

 

Dissecting The Twitter Hack With A Cybersecurity Evangelist

Dissecting The Twitter Hack With A Cybersecurity Evangelist

Bottom Line: Shattering the false sense of security in tech, the recent Twitter hack blended altruism, fame, greed, social engineering via SIM swapping and insider threats to steal $120,000 from victims when the economic and political damage could have been far worse.

Targeting the most influential celebrities on Twitter, hackers orchestrated a social engineering-based attack Wednesday promoting a cryptocurrency scam. Business leaders, celebrities, politicians and billionaires’ accounts were hacked using Twitter’s administrative tools. Personal Twitter accounts hacked include those of Amazon CEO Jeff Bezos, Joe Biden, Tesla CEO Elon Musk, President Barack Obama, Bill Gates, Warren Buffet and others. Apple and Uber’s Twitter accounts were also hacked.

Using SIM swapping, in which threat actors trick, coerce or bribe employees of their victims to gain access to privileged account credentials and administrative tools, hackers were able first to change the email address of each targeted account. Next, two-factor authentication was turned off so when an alert was sent of the account change it went to the hacker’s email address. With the targeted accounts under their control, hackers began promoting their cryptocurrency scam. While not all details of the attack have surfaced Motherboard’s story of how hackers convinced a Twitter employee to help them the hijack accounts makes for fascinating reading.

Dissecting The Hack

Interested in dissecting the hack from a cybersecurity standpoint, I contacted Dr. Torsten George, Cybersecurity Evangelist and industry expert from Centrify. Torsten is also a leading authority on privileged access management and how to thwart breaches involving privileged access credentials.

Louis:  What was your initial impression upon breaking news of the hack and what did you believe would cause such a massive hack of celebrity and leading political figures accounts this past week?

Torsten: When the news broke, the media probably polled other security experts and the first initial reaction was, ‘Oh, that’s a massive attack, most likely a credential-based attack,’ because 80% of today’s data breaches go back to privilege access abuse. They are typically first triggered by phishing attacks, the precursor to many attacks where the attackers tried to capture these credentials and then leverage them to attack their victim’s organizations.

So, the breaking news indicated that most likely, somebody was able to leverage a compromised credential to enter into the Twitter environment and take over accounts. However, more and more information became available, with screenshots being shared of internal Twitter tools. For me, that raised a red flag, because in a typical attack pattern we’re seeing three distinct phases in the cyber-attack lifecycle: the compromise, the exploration phase and the exfiltration of sensitive data, which includes covering up tracks and potentially creating a backdoor for future attacks.

When performing reconnaissance, hackers commonly try to identify regular IT schedules, security measures, network traffic flows and scan the entire IT environment to gain an accurate picture of the network resources, privileged accounts and services. Domain controllers, Active Directory and servers are prime reconnaissance targets to hunt for additional privileged credentials and privileged access.

They wouldn’t necessarily look for administrative tools that could be leveraged for their attack unless they have intimate knowledge that those tools exist in the victim’s environment — be it by having worked for the company in the past or representing an insider threat.

Louis: What’s the anatomy of an insider attack, based on your experience?

Torsten: As was later confirmed by Twitter, it became very apparent that this is a case of insider threats, where you have an insider that has been leveraged for this attack. The most common insider threats can be defined by the intent and motivation of the individuals involved. The 2019 Verizon Insider Threat Report defines five distinct insider threats based on data breach scenarios and they all have excellent, accurate names: the Careless Worker, the Inside (often recruited) Agent, the Disgruntled Employee, the Malicious Insider and the Feckless Third-Party.

Considering the global environment we’re facing right now, with Covid-19 and other related economic hardships, the risk of insider threats is exacerbated, as pending furloughs or pay cuts may tempt employees to exfiltrate data to secure a new job or make up for income losses.

So a privileged administrator might be more open to people that approach them and say, ‘Would you be willing to share with us your access credentials, or would you do something on our behalf to exfiltrate data or to manipulate data?’ That risk has increased dramatically across all industries.

So it turned out the first suspicion was phishing attacks, followed by compromised credentials. It turns out to be an insider threat. Organizations need to be prepared for that.

Louis: What can companies do to reduce the likelihood a malicious insider will hack them?

Torsten: It becomes a little bit trickier when you deal with a malicious insider because they most likely know your environment, they might know your defense mechanisms and they might know the security tools that your likely using. So they can bypass these security controls and try to gain the control of data that they can then profit from.

Organizations have to rethink the way that they’ve structured their defense controls and truly take an approach of an in-depth strategy with a different layer of defenses. The first layer that comes to mind in this particular case is multi-factor authentication (MFA) which is still low-hanging fruit. There are still many organizations out there that are not taking advantage of implementing MFA.

While MFA is highly recommended, it isn’t as effective against insider threats because they have that second factor of authentication and can pass those challenges. Organizations need to go beyond MFA if they want to have a layered security strategy.

Louis: What are some of the ways they can go beyond MFA to avoid being the victim of an insider threat?

Torsten: A very important component of your defense strategy should be the approach of zero standing privileges, which is something Gartner recommends to its clients. That means that I have normal privileges and entitlements to do my job, like answering emails and using the Internet, but that’s probably all I need. If I need more access, I’ll have to elevate my privilege for the time needed to do that particular task but then rescind that privilege once it’s done.

If I have zero standing privileges – even if somebody compromises my credential, even if I’m an insider – I don’t have immediate access to the keys to the kingdoms to do whatever I want.

And before privilege elevation, organizations should require context through a formal request. For example, require the user to submit a ticket through ServiceNow or any other IT Service Management platform to detail what they need to access, for how long and to do what. That way, there is an auditing trail and an approval process. If the threat actor – whether insider or not – doesn’t do this they don’t get privileged access to that target system.

Louis: Besides those perhaps expected controls, what other controls might have helped in this particular scenario?

Torsten: Organizations should also take advantage of modern tools to leverage machine learning technology, so that looks at user behavior and risk factors to also get a hold of these insider attacks. All the other security controls are more tailored towards external preparation at first. Still, once you implement machine learning technology and user behavior analytics that’s where you also can capture insider threats.

Machine learning can look for suspicious activity, such as a target being accessed outside of a typical maintenance window, or is the administrator logging in from a different location or device than usual. It can then trigger an MFA request and also issue a real-time alert, regardless of whether the MFA challenge is successfully resolved.

Furthermore, in the case of Twitter, there are privacy and regulatory concerns that could also be additional triggers for real-time alerts and to shut down this activity automatically. Regulations like the CCPA (California Consumer Privacy Act) and GDPR (General Data Protection Regulation) mean that platforms like Twitter have to be very careful with any access to or manipulation of a customer’s feed. That could – and should have – instantly triggered a real-time alert when an administrator was posting on behalf of a user.

Louis: Do you think this is going to be the start of an entirely new era of hacks where hackers will pay off internal employees for promotional messages?

Torsten: Quite frankly, we have seen an uptick since the start of the Covid-19 pandemic. And I believe now that this Twitter attack has been covered in the press so much, you will have copycats that will try to do the same. Some of them will also target social media platforms, but others that might be a little bit smarter because social media is easily detectable if something goes wrong. An industry like healthcare could be a prime target and there is already news that Russian hackers are attacking healthcare providers and research labs to try to gain access to vaccine research.

Louis: Given how significant this hack is in terms of the progression or the growing sophistication of threats, what are the top three predictions you have for the rest of 2020?

Torsten: Ransomware is an example of a technique that has changed quite significantly in two ways. First, they are no longer only delivered via an email, but also via social media platforms, SMS messages and more. Second, ransomware is no longer only focused on shutting down business operations. The most recent example with EDP Renewables North American, a subsidiary of an European-based electric utilities company, showed that hackers leveraged ransomware to exfiltrate data. Not to lock it down, but to exfiltrate data and then ask for ransom from their victim to not publish the data on the Dark Web.

Second, as I’ve already covered, the current economic hardships of the pandemic will cause more people to jump on the bandwagon and become cybercriminals. And these aren’t the people you see in movies – dark characters in hoodies using sophisticated hacking techniques to breach the government. These are your neighbors, the little boys next door. For them it’s not a big deal to become a cyber-criminal.

Third, as you’d expect, the number of cyber-attacks will increase as a result and they will continue to find new and innovative ways to find the easiest way in. The Twitter incident taught us that there was no technology “breach” required. It was just finding the right person with the right privileges and paying them to do 25 Tweets. That’s an easy payday.

I think this whole crisis that we’re going through will see a major uptick in attacks from the traditional cyber hackers, but also from a whole bunch of newbies and greenhorns that will try out their luck and see if they can make a buck. Either by ransomware attacks, phishing attacks, social engineering or any combination thereof.

5 Mistakes That Threaten Infrastructure Cybersecurity And Resilience

5 Mistakes That Threaten Infrastructure Cybersecurity And Resilience

 

Bottom line: With many IT budgets under scrutiny, cybersecurity teams are expected to do more with less, prioritizing spending that delivers the greatest ROI while avoiding the top five mistakes that threaten their infrastructures.

In a rush to reduce budgets and spending, cybersecurity teams and the CISOs that lead them need to avoid the mistakes that can thwart cybersecurity strategies and impede infrastructure performance. Cutting budgets too deep and too fast can turn into an epic fail from a cybersecurity standpoint. What I’ve found is that CIOs are making decisions based on budget requirements, while CISOs are looking out for the security of the company.

Based on their ongoing interviews with CIOs, Gartner is predicting an 8% decline in worldwide IT spending this year. Cybersecurity projects that don’t deliver a solid ROI are already out of IT budgets. Prioritizing and trimming projects to achieve tighter cost optimization is how CIOs and their teams are reshaping their budgets today. CIOs say the goal is to keep the business running as secure as possible, not attain perfect cybersecurity.

Despite the unsettling, rapid rise of cyber-attacks, including a 667% increase in spear-fishing email attacks related to Covid-19 since February alone, CIOs often trim IT budgets starting with cybersecurity first. The current economic downturn is making it clear that cybersecurity is more of a business strategy than an IT one, as spending gets prioritized by the best-to-worst business case.

Five Mistakes No CISO Wants To Make

One of the hardest parts of a CISO’s job is deciding which projects will continue to be funded and who will be responsible for leading them, so they deliver value. It gets challenging fast when budgets are shrinking and competitors actively recruit the most talented team members. Those factors taken together create the perfect conditions for the five mistakes that threaten the infrastructure cybersecurity and resilience of any business.

The five mistakes no CISO wants to make include the following:

1.   No accountability for the crown jewels for the company. Privileged access credentials continue to be the primary target for cyber-attackers. However, many companies just went through a challenging sprint to make sure all employees have secure remote access to enable Covid-19 work-from-home policies. Research by Centrify reveals that 41% of UK businesses aren’t treating outsourced IT and other third parties likely to have some form of privileged access as an equal security concern.

And while a password vault helps rotate credentials, it still relies on shared passwords and doesn’t provide any accountability to know who is doing what with them. That accountability can be introduced by moving to an identity-centric approach where privileged users log in as themselves and are authenticated using existing identity infrastructures (such as Microsoft Active Directory) to federate access with Centrify’s Privileged Access Service.

CISOs and their teams also continue to discount or underestimate the importance of privileged non-human identities that far outweigh human users as a cybersecurity risk in today’s business world. What’s needed is an enterprise-wide approach enabling machines to protect themselves across any network or infrastructure configuration.

2.   Cybersecurity budgets aren’t revised for current threatscapes. Even though many organizations are still in the midst of extensive digital transformation, their budgets often reflect the threatscape from years ago. This gives hackers the green light to get past antiquated legacy security systems to access and leverage modern infrastructures, such as cloud and DevOps. IT security leaders make this even more challenging by not listening to the front-line cybersecurity teams and security analysts who can see the patterns of breach attempts in data they review every day. In dysfunctional organizations, the analyst teams are ignored and cybersecurity suffers.

3. Conflicts of interest when CISOs report to CIOs and the IT budget wins.  This happens in organizations that get hacked because the cybersecurity teams aren’t getting the tools and support they need to do their jobs. With IT budgets facing the greatest scrutiny they’ve seen in a decade, CISOs need to have their budget to defend. Otherwise, too many cybersecurity projects will be cut without thinking of the business implications of each. The bottom line is CISOs need to report to the CEO and have the autonomy to plan, direct, evaluate and course-correct their strategies with their teams.

4. The mistake of thinking cloud platforms’ Identity and Access Management (IAM) tools can secure an enterprise on their own. Cloud providers offer a baseline level of IAM support that might be able to secure workloads in their clouds adequately but is insufficient to protect a multi-cloud, hybrid enterprise. IT leaders need to consider how they can better protect the complex areas of IAM and Privileged Access Management (PAM) with these significant expansions of the enterprise IT estate.

Native IAM capabilities offered by AWS, Microsoft Azure, Google Cloud and other vendors provide enough functionality to help an organization get up and running to control access in their respective homogeneous cloud environments. However, often they lack the scale to fully address the more challenging, complex areas of IAM and PAM in hybrid or multi-cloud environments. Please see the post, The Truth About Privileged Access Security On AWS and Other Public Clouds, for additional information.

5. Exposing their organizations to a greater risk of breach and privileged access credential abuse by staying with legacy password vaults too long. Given the severity, speed and scale of breach attempts, IT leaders need to re-think their vault strategy and make them more identity-centric. Just as organizations have spent the past 5 – 10 years modernizing their infrastructure, they must also consider how to modernize how they secure access to it. More modern solutions can enforce a least privilege approach based on Zero Trust principles that grant just enough, just-in-time access to reduce risk. Forward-thinking organizations will be more difficult to breach by reorienting PAM from being vault-centric to identity-centric.

Conclusion

Decisions about what stays or goes in cybersecurity budgets this year could easily make or break careers for CISOs and CIOs alike. Consider the five mistakes mentioned here and the leading cause of breaches – privileged access abuse. Prioritizing privileged access management for human and machine identities addresses the most vulnerable threat vector for any business. Taking a more modern approach that is aligned to digital transformation priorities can often allow organizations to leverage their existing solutions to reduce risk and costs at the same time.

 

 

 

Why Securing Endpoints Is The Future Of Cybersecurity

Why Securing Endpoints Is The Future Of Cybersecurity

  • 86% of all breaches are financially motivated, where threat actors are after company financial data, intellectual property, health records, and customer identities that can be sold fast on the Dark Web.
  • 70% of breaches are perpetrated by external actors, making endpoint security a high priority in any cybersecurity strategy.
  •  55% of breaches originate from organized crime groups.
  • Attacks on Web apps accessed from endpoints were part of 43% of breaches, more than double the results from last year.

These and many other insights are from Verizon’s 2020 Data Breach Investigations Report (DBIR), downloadable here (PDF, 119 pp. free, opt-in). One of the most-read and referenced data breach reports in cybersecurity, Verizon’s DBIR, is considered the definitive source of annual cybercrime statistics. Verizon expanded the scope of the report to include 16 industries this year, also providing break-outs for Asia-Pacific (APAC); Europe, Middle East and Africa (EMEA); Latin America and the Caribbean (LAC); and North America, Canada, and Bermuda, which Verizon says is experiencing more breaches (NA).

The study’s methodology is based on an analysis of a record total of 157,525 incidents. Of those, 32,002 met Verizon’s quality standards, and 3,950 were confirmed data breaches. The report is based on an analysis of those findings. Please see Appendix A for the methodology.

Key insights include the following:

  • Verizon’s DBIR reflects the stark reality that organized crime-funded cybercriminals are relentless in searching out unprotected endpoints and exploiting them for financial gain, which is why autonomous endpoints are a must-have today. After reading the 2020 Verizon DBIR, it’s clear that if organizations had more autonomous endpoints, many of the most costly breaches could be averted. Autonomous endpoints that can enforce compliance, control, automatically regenerating, and patching cybersecurity software while providing control and visibility is the cornerstone of cybersecurity’s future. For endpoint security to scale across every threat surface, the new hybrid remote workplace is creating an undeletable tether to every device as a must-have for achieving enterprise scale.
  • The lack of diligence around Asset Management is creating new threat surfaces as organizations often don’t know the current health, configurations, or locations of their systems and devices. Asset Management is a black hole in many organizations leading to partial at best efforts to protect every threat surface they have. What’s needed is more insightful data on the health of every device. There are several dashboards available, and one of the most insightful is from Absolute, called the Remote Work and Distance Learning Insights Center. An example of the dashboard shown below:
  • 85% of victims and subjects were in the same country, 56% were in the same state, and 35% were even in the same city based on FBI Internet Crime Complaint Center (IC3) data. Cybercriminals are very opportunistic when it comes to attacking high-profile targets in their regions of the world. Concerted efforts of cybercriminals funded by organized crime look for the weakest threat surfaces to launch an attack on, and unprotected endpoints are their favorite target. What’s needed is more of a true endpoint resilience approach that is based on a real-time, unbreakable digital tether that ensures the security of every device and the apps and data it contains.
  • Cloud assets were involved in about 24% of breaches this year, while on-premises assets are still 70%. Ask any CISO what the most valuable lesson they learned from the pandemic has been so far, and chances are they’ll say they didn’t move to the cloud quickly enough. Cloud platforms enable CIOs and CISOs to provide a greater scale of applications for their workforces who are entirely remote and a higher security level. Digging deeper into this, cloud-based Security Information and Event Management (SIEM) provides invaluable real-time analysis, alerts, and deterrence of potential breaches. Today it’s the exceptional rather than the rule that CISOs prefer on-premise over cloud-based SIEM and endpoint security applications. Cloud-based endpoint platforms and the apps they support are the future of cybersecurity as all organizations now are either considering or adopting cloud-based cybersecurity strategies.
  • Over 80% of breaches within hacking involve brute force or the use of lost or stolen credentials. One of the most valuable insights from the Verizon DBIR is how high of a priority cybercriminals are placing on stealing personal and privileged access credentials. Shutting down potential breach attempts from stolen passwords involves keeping every endpoint completely up to date on software updates, monitoring aberrant activity, and knowing if anyone is attempting to change the configuration of a system as an administrator. By having an unbreakable digital tether to every device, greater control and real-time response to breach attempts are possible.

Conclusion

Autonomous endpoints that can self-heal and regenerate operating systems and configurations are the future of cybersecurity, a point that can be inferred from Verizon’s DBIR this year. While CIOs are more budget-focused than ever, CISOs are focused on how to anticipate and protect their enterprises from new, emerging threats. Closing the asset management gaps while securing every endpoint is a must-have to secure any business today. There are several cybersecurity companies offering endpoint security today. Based on customer interviews I’ve done, one of the clear leaders in endpoint resilience is Absolute Software, whose persistent-firmware technology allows them to self-heal their own agent, as well as any endpoint security control and productivity tool on any protected device such as their Resilience suite of applications.

%d bloggers like this: