Posts

State and Local Cybersecurity Threats in 2021: Weathering the Storm

Recent pandemic pressures have created the perfect storm for state and local cybersecurity breaches. With some staff still working from home, state and local agencies face the challenge of deploying defense at a distance over networks, connections, and applications that are often insecure, unencrypted, and in many cases unapproved. What’s more, ransomware has surged — a significant problem since less than 40 percent of state and local staff members have received training on how to prevent cyberattacks.

The result is an increasing volume of local and state government cybersecurity threats, which are occurring across the country. For example, GovTech reported that an issue with third-party software exposed more than 38 million health records across states, including Texas, Indiana, Maryland, and New York. Another case reported by Healthcare IT News detailed a smaller-scale breach in California caused by a single employee that occurred over ten months and exposed both patient and employee data.

With hybrid work here to stay and cyberattacks on the rise, government organizations need to improve cybersecurity practices. They must focus on protecting against breaches that can compromise data, impair operations, and cause significant expenses.

Identifying the Biggest Barriers in Effective Defense

Before agencies can deploy better cybersecurity measures, they must identify critical vulnerabilities and threat vectors. And while every state and local government faces unique data handling and security challenges, three barriers to effective defense are common: visibility, accessibility, and resiliency.

Visibility

Traditionally, state and local governments have been behind the curve when it comes to technology adoption. As noted by research firm Deloitte, however, evolving citizen expectations around access and ease of use “will require uprooting outdated systems and practices and replacing them with new models.” As a result, agencies are now looking to expand their agility to streamline service availability and improve collaboration. To meet these goals, many have integrated and deployed cloud-based software, platforms, and infrastructure.

While these solutions offer improved agility and efficiency, they introduce significant new security risks. IT teams can not keep track of every app and service in use, which reduces visibility while simultaneously expanding the total attack surface.

Accessibility

For most state and local governments, the problem here isn’t too little access for employees that require it — it’s too much for those that don’t. One common example of excessive access occurs when staff complete one project and move to another. In many cases, their existing permissions aren’t revoked. Instead, new access is simply layered on top of the old, which creates a security risk. And with insider threats often more challenging to detect than their external counterparts, it’s now critical for agencies to identify, control, and correct for excessive access.

Resiliency

Most state and local governments have familiar security controls such as firewalls and antivirus scanners in place to catch potential threats. However, many lack the tools and tactics required to remediate issues when they occur, mitigate the amount of damage done and get services back up and running.

The result is IT environments that are primed to respond but struggle with resiliency. To effectively manage evolving threat landscapes, state and local governments need security plans and policies covering all aspects of an attack — from initial compromise to identification, isolation, remediation, and restoration.

Exploring the Issue of State and Local Breaches

So what do these breaches look like in practice? Let’s explore the impact of three recent scenarios.

1) New York State, January 2020

In January 2020, New York state officials found themselves up against a massive cyberattack that disabled access to databases used by the state’s civil service, environmental department, and police force. Likely the work of foreign actors, the hack went unreported for months, even as officials looked to restore critical access.

As noted by Security Today, the state received word about a potential flaw — and available patch — for its Citrix-based systems in December 2019. Unfortunately, the state did not install the patch in time to prevent the issue. As a consequence, more than 80,000 state devices were vulnerable to malware compromise. While it appears attackers didn’t access any citizen data, the state had to cover the costs of a three-week forensic investigation of more than 40 servers.

2) Multiple Municipalities, June 2021

Local government cybersecurity teams often look to save time and money by using the same services as other municipalities. It makes sense: They’ve been proven to work with government systems and generally have a track record for reliability.

However, if service providers become compromised, the results can be far-reaching. As reported by ZDNet, that’s what happened across dozens of municipalities in the US when a Massachusetts software provider used misconfigured Amazon S3 buckets. As a result, more than 1,000 gigabytes (GB) of data and 1.6 million files were exposed. Compromised data included email addresses, physical addresses, and driver’s license information, along with deed and tax records.

3) Oldsmar, Florida, February 2021

A cyberattack on Oldsmar, Florida in 2021 didn’t compromise data access or expose files. Instead, it nearly poisoned the town’s 15,000 residents. On February 5th, a plant operator at the local water treatment facility received an alert that someone had gained remote system access. The attacker opened multiple applications and services and then increased the concentration of sodium hydroxide — also called lye — to 100 times its normal level. Fortunately, operators were able to retake control and cancel the change quickly and prevent disastrous consequences.

Grant Funding for State and Local Governments

The good news is some new help is on the horizon for local and state government cybersecurity, thanks to the $1.2 trillion infrastructure package. The plan includes $1 billion in cybersecurity grants to help local and state governments boost their defense. If approved, the new program would offer $200 million worth of grants in 2022, $400 million in 2023, $300 million in 2024, and $100 million in 2025. In addition, the plan funds creation of a response and recovery fund at the Cyber and Infrastructure Security Agency (CISA), which would give an additional boost to cybersecurity efforts.

Mitigating the Impact of Cybersecurity Threats

Mitigating the impact of local and state cybersecurity threats depends on a strategy of defense in depth. In practice, this requires a three-step approach: Identification, evaluation, and implementation.

Identification focuses on finding potential threats in current cyber defenses — such as those tied to open source software, authorized apps, excessive access, and unintended exposure to the Internet. Evaluation includes internal and external assessment of existing security policies to see what’s working, what isn’t, and what vulnerabilities state and local governments need to prioritize. Finally, implementation looks to deploy security solutions that directly address key concerns, such as comprehensive cloud security services that provide visibility into public, private, and hybrid stacks simultaneously to empower threat detection and response.

Battening Down the Hatches

State and local governments now face a trifecta of security challenges: remote work, ransomware, and worker education. The combination creates ideal circumstances for malicious actors. By taking advantage of ideal compromise conditions, attackers can breach government networks, access critical services, and exfiltrate citizens’ data.

The result is a growing need to batten down the digital hatches by creating and implementing an in-depth strategy to help build robust, reliable, and resilient security infrastructure. To prevent risks and a host of unwanted outcomes, state and local governments need to prioritize cybersecurity.

Ready to boost cyber resiliency and better weather the storm? Click here to see a demo of RedSeal’s cloud security solution in action.

Join us!

Hear from Shannon Lawson, CISO, City of Phoenix, how the state and local agency leaned toward hardening their environment from attacks, recognized exposures, secured infrastructures, mitigated risks, and stayed compliant. The live webinar is January 18, 2022. Register now and don’t miss out!

Simplifying and Securing Hybrid Clouds

GovLoop | October 26, 2021

President Joe Biden’s executive order (EO) on cybersecurity suggests the cloud will play a pivotal role in the federal government’s future; it urges agencies to maximize the technology’s flexibility and scalability rapidly and securely.

But what can happen if agencies embrace the cloud too rapidly? The answer is haphazard and insecure IT environments. These environments often occur when agencies combine on-premises and cloud-based IT in a hybrid model.

RedSeal Announces Distribution Agreement with TD SYNNEX, providing RedSeal to Resellers in North America

RedSeal Inc., the award-winning cyber terrain analytics platform announces a strategic agreement with TD SYNNEX

The joint alliance offers MSSPs and security resellers a new and innovative way to identify and address cyber threats while combating the latest and most prevalent security business challenges. 

RedSeal’s platform shows organizations what is on their networks, how everything is connected, and the associated risk across physical—and cloud-based network environments. RedSeal verifies that network devices are securely configured, validates network segmentation policies, and continuously monitors compliance with policies and regulations. It also prioritizes mitigation based on each vulnerability’s associated risk.

The agreement marks the continued expansion of the TD SYNNEX security portfolio, which addresses the rapidly evolving threat landscape with leading solutions and the support of veteran network engineers available to consult on every point of the sales cycle.

“We here at RedSeal are extremely excited about working with TD SYNNEX moving forward. They will be a true force multiplier as we expand our portfolio and will allow us to reach additional markets. The potential here is significant, and we appreciate the opportunity to expand our reach together,” said Jay Miller, Vice President Worldwide Sales, RedSeal.

“We are pleased to work with RedSeal to bring a new, cloud-based security solution to our partners,” said Reyna Thompson, Senior Vice President, North America Advanced Solutions Security and Networking, TD SYNNEX. “RedSeal delivers an all-encompassing solution that we are confident will provide value for many of our reseller partners.”

For more information on RedSeal through TD SYNNEX, contact redseal@synnex.com.

About RedSeal

We boldly deliver on our promise to help organizations master cybersecurity fundamentals in a world of rapidly escalating cyber complexity and threats. We do this by providing a cloud security solution by which every global organization can be confident that it understands what’s on the network, how it’s connected and the associated risks. Founded in 2004, RedSeal is headquartered in San Jose, California.

About TD SYNNEX 

TD SYNNEX (NYSE: SNX) is a leading global distributor and solutions aggregator for the IT ecosystem. We’re an innovative partner helping more than 150,000 customers in 100+ countries to maximize the value of technology investments, demonstrate business outcomes and unlock growth opportunities. Headquartered in Clearwater, Florida, and Fremont, California, TD SYNNEX’ 22,000 co-workers are dedicated to uniting compelling IT products, services and solutions from 1,500+ best-in-class technology vendors. Our edge-to-cloud portfolio is anchored in some of the highest-growth technology segments including cloud, cybersecurity, big data/analytics, IoT, mobility and everything as a service. TD SYNNEX is committed to serving customers and communities, and we believe we can have a positive impact on our people and our planet, intentionally acting as a respected corporate citizen. We aspire to be a diverse and inclusive employer of choice for talent across the IT ecosystem. For more information, visit www.TDSYNNEX.com or follow us on Twitter, LinkedIn, Facebook and Instagram.

© 2021 SYNNEX Corporation. TD SYNNEX, the TD SYNNEX Logo, and all other TD SYNNEX company, product and services names and slogans are trademarks of SYNNEX Corporation. Other names and trademarks are the property of their respective owners.

Understanding What’s In My Cloud

Today’s business applications run in an environment that would be unrecognizable to IT professionals 10 years ago. The rise of virtualization and the cloud has finally cut the ties to specific hardware, and all but the most exotic workloads can now be run anywhere — on virtual machines in your physical buildings, or on a cloud vendor of your choice. The underlying cloud technologies are powerful, but with that power comes great responsibility. Security teams struggle to keep up, because the new technologies focus on agility, rapid rate of change, and dynamic response — all of these are positive buzzwords to most people in a business, but all of them are bad news to security. Ask any military commander — defense is far easier when your resources are home in a well-built fort, and far harder when your troops are constantly moving, shifting location into unfamiliar terrain.

It’s not all doom and gloom, however. Cloud innovation takes away certain legacy risks — after all, you can’t leave an open password on a key router in the middle of your network infrastructure if you don’t control the routers any more! The trouble is that the change to new ways of building and managing modern apps (often referred to as DevOps) closes out some old challenges, but opens just as many new ones. Cloud gives you new kinds of rope, and it’s different from the old rope, but you can still get just as tangled up in the complexities.

Some security fundamentals remain, though. No matter what kind of infrastructure you own or rent, you still need to pursue the basics:

1.    Find all your stuff

2.    Categorize it so you know what’s most important

3.    Harden the individual elements to avoid easy compromise

4.    Map out and run your defenses as a system, so you can be a hard target

The most basic discipline of all is inventory — cyber security experts and industry guidance all agree that you must start there. Inventory in cloud is not like inventory in conventional networks, though, so the same old principle has to be thought about differently in a cloud world.

The good news with the cloud is that each virtual network has a “God of the Cloud” — a central controller, run by the cloud provider that you can talk to via a proprietary API. I call it a “God”, because no endpoints can exist in that small virtual network that the controller did not create. This means you can always find a completely reliable resource for each virtual network — someone who knows the inventory. Problem solved, right? Well, not so fast — it’s certainly very different from legacy on-premises networks, but that’s hardly all there is to it. There are three major problems when talking to each cloud controller — finding the controllers, speaking their language, and keeping up with the changes.

The good news is a cloud account comes with an API you can talk to and get a complete inventory of the assets it knows about. The bad news is your company has many, many accounts. And even once you locate them all, they will speak a proprietary and changing language — the Amazon language for the AWS API is different from Microsoft’s for Azure, or Google’s, or Oracle’s. You need a network linguist to make sense of it all, and pull together a single view of your clouds — in all flavors. And since security is central by its nature (because it needs to look at the complete picture), that means security has the unenviable task of needing to speak all the languages — fluently — at once. This is hard, but it’s a great job for automated software.

Equally, the rate of change in the cloud is something automated software can tackle far more effectively than humans can. Cloud assets have ugly names — often just a long stream of gibberish assigned by a robot, to make it easy for other robots. You’ll need your own robot interpreter to even identify one asset, let alone track it as it moves and changes. The nature of the cloud is highly dynamic — instances are spun up and killed on demand, and they move far faster than, say, a classic vulnerability scanner can keep up with. If you want to see your final as-built infrastructure (and you need to, since this is what your adversary is looking at too), you need software to keep up with all the changes, track the assets, and untangle the myriad ways that cloud assets are marked. There are tags, there are labels, there are unique ID’s, and there are security groups. Every vendor has subtly different rules, and just to add to the confusion cloud vendors don’t even agree on what a cloud network should be called, but they all offer the same idea.

At the end of the day, security is about adapting and keeping up, as the pace of change keeps speeding up. Cloud is just the latest evolution, where names change, details shift, but the core principles remain — first and strongest of all is inventory. This is why we at RedSeal build software to automate all the communication and mapping, so that you can visually scan your cloud footprint, understand your security posture, and make optimal moves to increase your security and reduce your risk.

For more information, check out our overview of RedSeal Stratus Maps and Inventory capabilities to learn more about how you can Map Your AWS Infrastructure Including Connectivity Paths.

RedSeal and Cloud Security Posture Management

According to Gartner’s Innovation Insight for Cloud Security Posture Management, this year (2021), “50% of enterprises will unknowingly and mistakenly have exposed some applications, network segments, storage, or APIs directly to the public internet”. And by 2023, “…at least 99% of cloud security failures will be the customer’s fault.”

What do these statistics say about the changing face of cybersecurity? Twenty years ago, the most common source of security failures was naïve user behavior, typically clicking on a malicious email attachment or link. In on-premise environments, this is still a common vector of infection, but in the cloud the problem is not naïve users, it is overwhelmed administrators. 99% of cloud security failures will be the customer’s fault, because cloud platforms and applications will simply be misconfigured. Let that sink in. Simple misconfigurations were never the primary source of security failures in the past.

Administrators aren’t stupid; they misconfigure systems because they are overwhelmed. Of course, there is a chronic shortage of security talent, but that has been true for decades. What has changed, with the advent of cloud computing, is the overwhelming complexity of the systems. Cloud security controls and best practices are very different from those used in on-premise environments. Those available in AWS are similar, but different from those in Azure, or Google Cloud. Kubernetes has a unique security model of its own, and all these environments are changing constantly.

To deal with this complexity and constant change, a new family of technology has emerged broadly referred to as Cloud Security Posture Management (CSPM). The goal of these technologies is to help admins understand what resources they have in their cloud environments, what security controls are in place, how it is all really configured, and whether it meets various compliance standards.

For more than a decade, RedSeal has been in the business of helping customers understand their on-premise networks i.e. what devices are on the network, how they are connected, and the security implications of their configuration. We do this by creating a detailed model of their network that can be compared against best practices, compliance standards, and the customer’s intended network design (customers are almost always surprised with how different their network is from what they originally intended). Put simply, customers use us to find and correct network misconfigurations.

With data centers and networks moving to the cloud, our customers are increasingly asking us to help them find and correct cloud misconfigurations as well. They need an accurate model of their cloud environments to understand questions like how many cloud accounts they really have, what resources are in each, what security controls are in place, what is the aggregate effect of all those security controls on resource access, and are any resources inadvertently exposed to the internet. They often have a basic design for their cloud but are unsure if their implementation is consistent with their intentions. The truth is, it never is, and they need a product that can provide them with a reality check.

At RedSeal, our mission is to provide organizations with technology that allows them to understand their network, hybrid, and cloud security posture. Because cloud technology is so complex, and changing so quickly, organizations need powerful technology to understand their implementation. They need to model their environment, so they can easily spot flaws. Our tag line is “See and Secure” because you can’t secure what you don’t understand.

For more information on RedSeal Stratus, our new CSPM solution, click here.

For more information of ways that RedSeal can help avoid unintended internet exposure, check out our Solution Brief.

If you’re concerned about your EKS Security, click here.

Is your sector taking cyber security seriously?

Information Age | July 4, 2018

The responsibility of cyber security falls on everyones shoulders. But, the charge should be lead from the top. Has your sector fallen behind?

The frequency and severity of cyber attacks and data breaches has risen significantly in the last few years, as attacks increase in volume and variety.

President Obama’s $19 Billion Cyber-Defense Budget and Plan is a Bold and Necessary Step

“The federal government is finally taking bold steps to fulfill what the Constitution says in its preamble – ‘to provide for the common defense,’ in this case, the common cyber defense.

The actions and budget announced today are an important recognition and investment in the defense of the critical information infrastructure of the United States, and provides an example for governments, businesses, and NGOs worldwide.

The plan recognizes that it is critical to implement platforms with analytics and capabilities to understand complex networks and assist in prioritizing what needs to be done first to improve resilience.

As the president writes in a Wall Street Journal op-ed, ‘we are still in the early days of this challenge.’ Networks will only grow more complex, creating opportunities for hackers and challenges for defenders.

The federal government’s new Chief Information Security Officer should be asking talented agency teams, ‘how are we measuring our cyber results and defenses? How are we thinking about resilience? And how are we determining the first step to take to make our digital infrastructure more resilient?’

Networks were not designed with cyberattacks in mind, so they are not resilient to them.  But it’s not too late. Building digital resilience into networks before attacks is the only way to get ahead of the ongoing, automated, and ever more sophisticated attacks.

The proposal by the President can be an excellent step in leading the world to a more cyber resilient future.”