Tag Archive for: Cybersecurity

Future-Proofing Your Security Infrastructure

Cybersecurity is getting more complicated every day. Why is this happening? Organizations are seeing their infrastructure becoming more complex, attack surfaces growing dramatically, and threats from cybercriminals evolving. What’s more, the reliance on public cloud, private cloud, hybrid cloud, and multi-cloud environments — coupled with more remote workers — has expanded the security perimeter for many organizations.

Even before COVID burst onto the scene, cybercrime was on the rise. Instead of a lone hacker sitting in a dark basement, contemporary cyber threat actors are part of organized crime rings.

All these trends underscore the importance of future-proofing your security infrastructure to combat major security threats and protect your mission-critical data.

Cyberattacks Are on the Rise: Data Tells the Tale

From Solar Winds to the Colonial Pipeline attack, cybercriminals have been making headlines in recent years. In addition, statistics reveal that cyberattacks are an ever-growing problem:

Attacks are more prevalent, and they are getting more expensive. The average cost of a data breach now exceeds $4.2 million per incident and can cause recurring problems for years. On average, more than $2.9 million is lost to cybercrime every minute.

Despite increased spending on cybersecurity and best efforts by chief information security officers (CISOs) and information technology (IT) teams, nearly 80% of senior IT leaders believe their organizations lack sufficient protection against cyber-attacks. With the rising threat, every organization needs a strategy to future-proof its infrastructure.

What is Future-Proofing?

Future-proofing your cyber security creates a robust foundation that can evolve as your organization grows and new cyber threats emerge. This includes continually assessing your infrastructure for security gaps, proactively identifying threats, and remediating potential weaknesses.

Future-proof planning encompasses the totality of your security efforts. Failure to plan puts your entire organization at risk. You simply cannot afford to be left unprotected against current and future threats.

What Can (and Can’t) Be Future-Proofed within Your Technology Infrastructure?

What makes future-proofing technology challenging is that we don’t know exactly what the IT landscape will look like in the future. A few years ago, who knew we would see the explosion in the number of remote employees  — often working on unprotected home networks.

The good news is that the cloud has given us tremendous flexibility and helps us future-proof without overspending right now on capacity we may or may not need. With nearly infinite scalability, cloud applications have allowed organizations to adapt and grow as necessary. However, it’s also put more sensitive and proprietary data online than ever before and made IT infrastructure more complex.

To future-proof your infrastructure, you need an approach for visualizing, monitoring, and managing security risks across every platform and connection. This lets you expand your security perimeter as your network grows and proactively identify new exposure as you evolve.

How Can Organizations Prepare for the Future?

Security needs to be part of every company’s DNA. Before you make any business decisions, you should run through security filters to ensure the right safeguards are in place. It takes a security culture that goes beyond the IT departments to future-proof your organization.

With data in the cloud, there’s a shared security responsibility. For example, public cloud providers take responsibility for their cloud security, but they are not responsible for your apps, servers, or data security. Too many companies are still relying on cloud providers to protect assets and abdicating their part of the shared security model.

Between multi-cloud, hybrid cloud environments, and a mix of cloud and on-prem applications, it’s become increasingly difficult to track and manage security across every platform. Many security tools only work in one of these environments, so piecing together solutions is also challenging.

For example, do you know the answers to these questions:

  • What resources do we have across all our public cloud and on-premises environments?
  • Are any of these resources unintentionally exposed to the internet?
  • What access is possible within and between cloud and on-premises environments?
  • Do our cloud deployments meet security best practices?
  • How do we validate our cloud network segmentation policies?
  • Are we remediating the riskiest vulnerabilities in the cloud first?

An in-depth visualization of the topology and hierarchy of your infrastructure can uncover vulnerabilities, identify exposure, and provide targeted remediation strategies.

You also need a cloud security solution to identify every resource connected to the internet. Whether you’re using AWS, Microsoft Azure, Google Cloud, Oracle Cloud, or other public cloud resources along with private cloud and on-prem resources, you need a holistic view of security.

Traditional security information and event management (SEIM) systems often produce a large volume of data, making it unwieldy to identify and isolate the highest priority concerns. You need a network model across all resources to accelerate network incident response and quickly locate any compromised device on the network.

Another necessity is continuous penetration tests to measure your state of readiness and re-evaluate your security posture. This helps future-proof your security as you add resources and new threats emerge.

Create a Secure Future for Your Organization

Creating a secure future for your organization is essential. As IT infrastructure and connectivity become more complex, attack surfaces continue to grow, and cybercriminals evolve their tactics, the risks are too great for your company, customers, and career not to build a secure foundation. You need to do more than plan your response to an incident and must know how to prevent cyberattacks with proactive security measures.

Secure all your network environments — public clouds, private clouds, and on-premises — in one comprehensive, dynamic visualization. That’s Red Seal.

RedSeal — through its cloud security solution and professional services — helps government agencies and Global 2000 companies measurably reduce their cyber risk by showing them what’s in all their network environments and where resources are exposed to the internet. RedSeal verifies that networks align with security best practices, validates network segmentation policies, and continuously monitors compliance with policies and regulations.

Contact Red Seal today to take a test drive.

Mitigating Cloud Security’s Greatest Risk: Exposure

Cloud security is complex and distributed. Implementing security controls across on-premise environments traditionally sits with the information security team, but in the cloud, the responsibility could be distributed across developers, DevOps and InfoSec teams. DevOps and developers don’t primarily focus on security, and the impact is often seen as an increase in misconfigurations introducing the risk of breaches.

These security challenges in the cloud have become so prevalent that Gartner has defined cloud security posture management (CSPM) as a new category of security products designed to identify misconfiguration issues and risks in the cloud. CSPM tools today are relied on to provide visibility and compliance into the cloud infrastructure but still haven’t been able to address this issue at scale for InfoSec teams. These teams require solutions that can provide risk-based prioritized remediations in an automated way to handle the cloud scale and complexity. To determine which issues to remediate first, the InfoSec teams need to identify critical resources with unintended and accidental exposure to the internet and other untrusted parts of their cloud.

Calculating Exposure Considering All Security Controls

Whether they are on-prem or in the cloud, security professionals worry about getting breached. One recent report said 69% of organizations admit they had experienced at least one cyber-attack that started by exploiting an unknown or unmanaged internet-facing asset. Bad actors can now simply scan the perimeter of your cloud, look for exposed things and get into your network this way.

Cloud security providers (CSPs) like Amazon Web Service and Microsoft Azure have attempted to solve security by developing their own sets of controls, ranging from implementing security groups and network access control lists (NACLs) to developing their own native network firewalls.

Cloud-first companies often rely on these native tools from the CSPs, but for others who aren’t as far along on their cloud journey, making the transition from traditional on-prem to cloud workloads means pulling along their network security practitioners with them. These teams, who often aren’t cloud experts, are responding by deploying third-party firewalls and load balancers in the cloud due to their longstanding familiarity with them from the on-prem world.

Furthermore, the rise of application containerization with Kubernetes (and its corresponding flavors from AWS, Azure and Google Cloud) allows additional security controls such as pod security policies and ingress controllers.

These security controls are invaluable tools for security teams scrambling to secure their sprawling cloud environments and some under the control of development and DevOps teams. Still, they are largely unaccounted for by current CSPM tools when attempting to assess unintended exposure risk.

Current CSPM Solutions Don’t Accurately Calculate Access

Existing solutions look for misconfigurations at the compute or container level but don’t truly understand end-to-end access from critical resources to an untrusted network. They are essentially calling into the APIs of CSPs, and so if the setting in AWS for a particular subnet equals “public,” the tool believes there is exposure to the internet. That’s not necessarily true because a security team may have other controls in place, like a 3rd party firewall or Kubernetes security policy that successfully prevents access, or the security control is not in the path to the critical resources and not protecting them.

The result is that already short-staffed security teams are spending their days chasing security issues that do not impact the organization the most. The question to ask of today’s CSPM products is whether they are repeating data from CSPs based on their settings or accurately calculating effective reachability to their critical resources (and through which specific controls). Security teams need accurate and complete information to inform their remediation options, which can identify CSP-native security groups to specific ports and protocols controlling the access that may allow exposure to occur.

Increasing cloud complexity is making security as challenging as ever. The ability to quickly identify at-risk resources would go a long way in preventing many potential data breaches. Still, the approach that current tools take is incomplete and disregards much of what security teams are already doing to address the problem. Tools need to account for all security controls in place if security teams are to have truly accurate information on which to act.

For more information on RedSeal Stratus, our new CSPM solution, check out our website or sign up for our Early Adopters program.

Surviving the Worst-Case Scenario: Best Practices for Incident Response

There’s no way around it: Cyberattacks are escalating. According to data from the Identity Theft Resource Center (ITRC), the number of reported data breaches from January to September 2021 exceeded the total volume of breaches in 2020 by 17 percent — and with threat vectors such as ransomware and phishing on the rise, this number isn’t going anywhere but up.

What does this mean? It’s a matter of when, not if, when it comes to network compromise, and companies can no longer assume that security frameworks offer invincibility from evolving cyberattack trends. Instead, they need an approach designed to help them survive the work-case scenario — and come out stronger on the other side.

This is the role of robust cybersecurity incident response (IR) plans. Here’s what you need to know about how these plans work, where they can help, and what steps are necessary for effective implementation.

What is a Cybersecurity Incident Response Plan?

A cybersecurity incident response plan provides a framework for teams to follow in the event of a cyber incident or attack. Research firm Gartner defines an IR plan as something “formulated by an enterprise to respond to potentially catastrophic, computer-related incidents such as viruses or hackers.”

While there are no one-size-fits-all approaches to creating a cybersecurity incident response plan, common components include:

  • Creating an overall strategy to mitigate risk
  • Identifying potential threat vectors
  • Assigning specific tasks to team members
  • Testing the plan regularly to ensure effective operation.

It’s also worth noting that cyber incident response plans play a role in regulatory compliance. With companies now handling large volumes of financial, personal, and health information from various sources, alignment with compliance expectations requires companies to adopt the mandate of “due diligence.” That is, they must take every reasonable precaution to protect data at rest, in transit, and in use. While businesses can’t avoid every cyberattack, lacking due diligence can lead to legal and regulatory challenges. Robust incident response frameworks help ensure organizations are meeting current compliance goals.

How can a Strong Cyberattack Incident Response Plan Help Put the House Back Together?

A robust IR plan helps put your digital house back together by providing a pathway from initial incident detection to eventual remediation. This is critical because when incidents occur, panic and fear are common responses: Teams want to do everything they can to get networks back on track but simply throwing everything you have at the problem — all at once — often leads to process overlap and policy confusion.

By creating a cyberattack incident response plan that lays out a specific order of events when threats are detected and assigns key tasks to staff, teams can respond in unison when attacks occur. For example, one employee may be responsible for identifying the source of the threat, while another looks to quarantine the affected area. Other team members may be tasked with informing C-suite members about what’s happening and ensuring that backup data is safe from harm.

The Phases of an Incident Response Plan: Timing is Everything

Cyber incidents happen without warning and in real-time — they don’t wait for companies to ready their defenses and prepare for an attack. As a result, timing is everything. Businesses must be ready to respond at a moment’s notice when attacks occur to mitigate the overall impact and get systems back up and running ASAP.

To help streamline this process. The National Institute of Standards and Technology (NIST) defines four key phases:

  1. Preparation speaks to the actions taken before an attack occurs. These include regular network evaluations such as vulnerability scans and penetration tests, along with the deployment of protective tools such as encryption software, failover backups, and automated incident analysis tools.
  2. Next is detection and analysis. This includes determining primary attack vectors — such as emails, web applications, brute-force efforts such as DDoS or improper network usage by employees — along with identifying and analyzing signs of compromise such as network performance drops, antivirus warnings, or unusual traffic amounts.
  3. Containment, Eradication, and Recovery policies determine where attack data will be stored for analysis and debriefing, while eradication looks to remove malware code or breached user accounts once attacks are under control. Recovery focuses on bringing systems back online using a staged approach to ensure no threats remain.
  4. Finally, post-incident activity asks the question: What did we learn? By using data collected during the attack, companies can assess what information was needed sooner to improve response, what additional steps might speed recovery, and what steps they can take to prevent future incidents.

Top Tips for Managing Collateral Damage After an Attack

After attacks occur and incident response plans activate, it’s critical to manage collateral damage and get back on track. Five best practices include:

#1 Prioritize Visibility

The more you know, the better prepared you are to respond when attacks occur. By prioritizing network visibility, your team can discover what they don’t know and take appropriate action.

#2 Define Recovery Times

Recovery point objectives (RPOs) and recovery time objectives (RTOs) help set goals for getting back on track and provide a finite resolution to the IR process.

#3 Seek Out Answers

While successfully mitigating an attack offers business value, managing long-term collateral damage means looking for answers about what happened, why, and what can be done to prevent similar breaches in the future.

#4 Leverage Active Backups

Multiple local and cloud backups can help get your systems back up and running. By logically segmenting them from operational networks, you can significantly reduce their risk of compromise and streamline the recovery process.

#5 Practice, Practice, Practice

As noted by the Open Web Application Security Project (OWASP), practice is paramount to ensure IR plans work as intended. From regular drills to simulated, unscheduled attacks, the more you practice your cybersecurity incident response plan, the better.

Surviving — and Thriving — After the Worst-Case Scenario

While the goal of cybersecurity planning is to help companies survive the brunt of an attack and come out the other side relatively unscathed, effective IR response offers actionable post-incident threat data to help enterprises reduce the risk of future attacks. Intelligent network modeling from RedSeal, meanwhile, provides the insight and integrations you need to take action and thrive in the wake of cyberattacks quickly.

By creating a comprehensive model of your network across cloud, hybrid and virtual environments, teams can quickly locate compromised devices, determine which assets are accessible, and take steps to stop attackers in their tracks. Integration with IBM QRader, Splunk Adaptive Response Initiative, and ArcSight, meanwhile, provides end-to-end situational awareness for improved response.

Survive the worst-case scenario — and come out better on the other side — with an in-depth cyberattack incident response plan. See how RedSeal can help. 

The Eyes Have It: Six Commonly Overlooked Cybersecurity Threats

It’s been a banner year for cybersecurity threats. According to the Identity Theft Resource Center  (ITRC), the number of breaches reported as of September 30th, 2021, already exceeds the total number of breaches in 2020. And while rapid shifts to remote and hybrid work are partly responsible for this increase, attackers are also taking this opportunity to expand their efforts and find new ways to confuse security tools, confound infosec defenders and compromise critical services.

The result? Even with a focus on security, businesses often overlook cybersecurity threats that could cause substantial harm. Here’s a look at six commonly overlooked concerns and what companies can do to mitigate the risk.

The State of Cybersecurity in 2021

In many respects, 2021 has marked a return to form for attackers — threats such as phishing and ransomware are on the rise, as are the use of advanced persistent threats (APTs) to conduct reconnaissance and collect data. The result is a familiar landscape for information security professionals: Teams need to establish and maintain defensive systems capable of detecting, identifying, and removing common threats.

But there’s also an evolution of attacker efforts. Not only are they broadening their horizons, but they’re also selecting new targets: Small and midsize businesses now account for more than 70 percent of all attacks. With many of these businesses now storing valuable personal and financial data but often lacking specialized IT teams and robust infrastructure, attackers are more likely to get in — and get out — without being noticed.

The result is a changing security landscape that requires both active observation and robust response from IT teams. Unfortunately, continual monitoring for common threats often shifts the focus to the growing forest of technology threats — and leaves companies struggling to see the trees.

Six Overlooked Security Threats

Despite best efforts, it’s easy for teams to overlook cybersecurity vulnerabilities. Six of the most commonly neglected threats include:

1. Ineffective Encryption

Encryption remains a front-line defense against both familiar and overlooked security threats. If attackers can’t use data they steal, its value to them is significantly reduced. The challenge? Many businesses still rely on outdated encryption models that are easily circumvented or fail to consider the continuous movement of data across internal networks and external connections.

2. Open Source Solutions

Open source tools and application programming interfaces (APIs) are great ways for companies to reduce the work required to build new apps and services. But there is a caveat. These open solutions may contain critical vulnerabilities that could be exploited to compromise critical data.

3. Phishing 2.0

While phishing efforts remain popular, attackers now realize the need for innovation as businesses become more security-savvy. As a result, the quality of phishing emails has increased substantially over the past few years. Gone are the obvious grammar and spelling mistakes. Instead, they’ve been replaced with socially-engineered data and details designed to fool even experienced team members.

4. IoT Interconnection

The Internet of Things (IoT) offers a way to connect mobile devices, sensors, and monitoring to help streamline operations. But this same interconnection creates an increased attack surface that provides malicious actors multiple points of compromise.

5. Malvertisements

Malvertising — the process of using online ads to spread malware — is once again on the rise. By injecting malicious ads into legitimate ad networks, attackers can compromise even well-defended networks to capture user behavior and log keystrokes.

6. Invisible Assets

What you don’t see can hurt you. This is especially problematic as companies expand into multiple cloud networks. More devices and apps mean less visibility, which in turn increases the chance of a successful attack.

Potential Harms of Unseen Threats

The potential harms of unseen threats are variable — the nature and depth of these threats speak to their impact at scale. In general, however, businesses face three broad harms if attacks are successful.

Operational Impacts

First up are operational impacts. Consider the SolarWinds attack reported in late 2020. Attackers actually compromised the company’s system much earlier last year, allowing them to conduct significant data collection and eventually exploit SolarWinds’ IT management platform, which more than 33,000 companies use. As a result, more than 18,000 companies were rendered vulnerable to cybersecurity attacks and had to interrupt operations temporarily to get systems back on track.

Compromised Compliance

The next potential harm of unseen threats is compromised compliance. If companies don’t have processes and procedures to detect and mitigate attacks ASAP, they may fail to meet security due diligence obligations as outlined in compliance regulations. Sanctions or fines can result.

Reputation Damage

Finally, unseen threats can lead to severe reputation damage. While customers are now willing to share their personal and financial data if businesses can offer increased personalization and improved service, they also have no patience for companies that lose or misuse this information. If attacks go undetected and consumer data is compromised, your business reputation may be irreparably damaged.

Four Steps to Mitigate Risk

While it’s impossible to predict every potential threat to your network — or account for the evolution of attack vectors — there are four steps companies can take to mitigate cybersecurity risk.

1. Discover your assets. What services and software are on your network? How do these solutions connect and interact with other operations? Locally? At scale? Complete asset analysis helps you discover what you have so you can protect what matters.

2. Conduct a vulnerability assessment. Next, you need to determine where your assets are vulnerable with an in-depth scan of all interconnected resources. This provides both increased visibility of detected assets and can also help uncover “blind spots” that need attention.

3. Triage your findings. Prioritization is the third step in this risk mitigation process. By considering potential severity and asset value along with upstream and downstream access requirements, your teams can prioritize defensive efforts.

4. Remediate your issues. Finally, you need a plan to remediate and mitigate overlooked issues. In practice, this includes the identification of precise access paths and devices that require updating or adjustment to isolate, contain and eliminate potential threats.

Keeping Your Eyes on the Prize

The goal of any infosec effort? To defend networks, services, and people from harm. Unfortunately, traditional tools can’t keep up with the volume and variety of cyberattacks in today’s environment. To maximize protection and stay ahead of potential threats, organizations need to boost visibility with vulnerability best practices that help teams zero in on overlooked cybersecurity threats.

See more to secure more: Learn more about Network Vulnerability Best Practices with RedSeal.

If You Build It, They Will Come: The Top Four Cybersecurity Threats for Manufacturing Companies

Manufacturing companies face increasing risk from cyberattacks. As noted by IBM’s Security Intelligence blog, ransomware incidents rose more than 150 percent across the manufacturing sector from Q1 2019 to Q1 2020. Other recent survey data found that two-thirds of manufacturing firms believe their data breach risk has increased over the past two years.

There’s no single cause for this upward threat trajectory — the combination of always-on connected devices with growing cloud computing use and the increasing need for big data analysis in production planning and management all play a role in the evolution of manufacturing attacks.

Here’s a look at the underlying causes, possible impacts, and potential remedies for the top four manufacturing cybersecurity threats.

The Impact of Industry 4.0 on Manufacturing

Industry 4.0 changes the way manufacturing companies conduct day-to-day operations. From the use of always-connected sensors and devices that make up the industrial Internet of things (IIoT) to the integration of “smart devices” capable of proactively predicting maintenance needs, the digitization of Industry 4.0 represents a significant leap forward for manufacturing firms.

Unlike its operational predecessors — mechanization (1.0), mass production (2.0), automation (3.0), and globalization (3.5) — Industry 4.0 represents a substantive move into the world of always-on, always-connected devices. While this provides a wealth of data to help companies make better-informed manufacturing decisions, it also introduces significant risk. Frameworks such as industrial control systems (ICS) and supervisory control and data acquisition (SCADA) solutions that were historically cut off from external Internet connections are now part of a larger integrated ecosystem. Often, this ecosystem lacks the security controls and oversight necessary to identify and eliminate risks.

What the Cloud Means for Manufacturing

Cloud computing also plays a significant role in the shift to Industry 4.0 as firms look for ways to connect disparate tools and systems across both local facilities and global operations. The result is significant spend by manufacturing firms on robust cloud services. Recent data suggests the cloud market for manufacturing will grow by more than 15 percent year-over-year for the next five years.

But increasing cloud adoption also comes with a concern: complexity. As more applications and services are added to existing IT infrastructure, it’s easy for teams to lose track of what’s been deployed, where, and why. Consider the addition of public cloud services to help bolster computing resources and the storage of big data. Traditionally, these functions reside on-site, making it easy for teams to monitor operations. But as functions shift into the cloud, IT staff must contend with multiple layers of network connection and communication. As a consequence, teams find it harder to see exactly what’s going on — which potentially exposes key data to cybersecurity risk.

The Top Four Cybersecurity Threats

For manufacturing firms, four cybersecurity threats are now common: Data exfiltration, ransomware, phishing, and insider attacks. Let’s break down each in more detail.

1. Data Exfiltration

Data exfiltration occurs when attackers compromise manufacturing networks and then steal data to share or sell. Exfiltration often starts with malware — malicious actors may use legitimate-seeming emails that convince users to click links or download attachments, which then deploy malware to infiltrate network-connected storage systems. Personnel, product, or financial data is then in the hands of hackers, who may sell it on the dark web or threaten its release unless companies agree to pay for its return.

Take the example of Titan Manufacturing and Distributing. The company’s network was compromised by data exfiltration malware for almost a year, during which time attackers stole the names, billing addresses, and payment card details of more than 1,800 customers.

2. Ransomware

Another major threat to manufacturers is ransomware. This threat vector sees attackers infecting systems with programs designed to encrypt critical manufacturing data, rendering it inaccessible for companies. Then, they demand payment for decryption keys and threaten to delete or sell the information if their demands aren’t met.

Ransomware was responsible for the 2019 attack on Norwegian aluminum company Norsk Hydro, which has manufacturing operations in more than 40 companies worldwide. While the company didn’t pay the ransom, removing malicious code and remediating the damage — combined with lost revenue — cost the company almost $75 million.

3. Phishing

Phishing attacks happen when cybercriminals attempt to convince corporate users that they’re legitimate business contacts or members of the organization itself. In some cases, the intent of phishing attacks is to have users supply login credentials as part of a fake “reset” or “verification” process. In other situations, attackers attempt to compel specific — and costly — action. For example, attackers masquerading as C-suite executives may try to trick users into transferring funds into foreign bank accounts or request detailed HR data about specific employees. If staff can be convinced these emails are authentic, they often comply with requests immediately rather than double-checking because they don’t want to risk a management-level rebuke.

This was the case for aircraft parts manufacturer FACC. Attackers were able to convince multiple users that the CEO wanted money transferred into foreign accounts. The result was a loss of $61 million and civil prosecution of both the former CEO and chief financial officer for failing to detect and stop the fraud before it occurred.

4. Insider Attacks

Insider attacks may be the result of malicious action or accidental misuse of networks and data by employees. In either case, however, the results are the same: Manufacturing data is exposed, and corporate operations are put at risk. As noted by Industry Week, manufacturing firms now rank among the top five industries with the highest number of insider threats, and the average cost of an insider threat for a single manufacturing firm is more than $8.8 million.

Best Practices to Address Cybersecurity Concerns

To reduce the risk of manufacturing cybersecurity threats, firms need to follow three critical best practices.

Improved Visibility

As cloud and IIoT connections become more complex, it’s easy for teams to lose network visibility. This often creates a situation that sees companies acting based on what they think their network looks like rather than its actual structure. As a result, improved visibility is the first step on the road to enhanced cybersecurity.

Enhanced Agility

Agility is also critical. With cyberattacks on the rise, it’s now a matter of when not if firms will be attacked. Consequently, organizations must be prepared to respond ASAP if threats or vulnerabilities are detected across their networks.

Increased Access Control

As the number of public-facing connections and services increases, companies need granular access control to ensure that the right people are accessing the right data at the right time. Additionally, they must have processes to flag potential malicious actors are flagged and refuse access.

Making the Most of Comprehensive Cybersecurity

Making the most of cybersecurity starts by recognizing the risk: Threats such as data exfiltration, ransomware, phishing, and insider attacks are now commonplace and costly.

Firms must also account for the increasing attack surfaces created by cloud-enabled Industry 4.0 deployments. From unintentional exposure to public-facing Internet connections to previously undiscovered vulnerabilities, the move to modern infrastructure comes with a commensurate threat increase.

What can organizations do to protect themselves? To mitigate the impact of evolving threats, companies need security solutions capable of delivering improved visibility, enhancing overall agility, and increasing access control. Only then can organizations fortify themselves against threats and protect their growth and profitability.

Ready to get started? Find more information here or sign up for a live demo of RedSeal for manufacturers.

Visibility: The key to proper Cloud Security Posture Management

Cloud security has become increasingly complex and distributed. The rapid transition to remote work and increased cloud adoption have changed the IT landscape dramatically, which has produced new vectors for cyber attacks and data breaches. Today’s cyber criminals aren’t necessarily trying to knock down doors. Organizations are actually leaving many of them open themselves. According to Gartner, through 2023, “…at least 99% of cloud security failures will be the customer’s fault.”

This is an unsettling prediction, but not entirely surprising given realities that teams face today. The overwhelming complexity of the cloud systems asks for both expertise in both application development and security, which is perhaps unreasonable. The placement of security controls has moved away from security teams and into application development teams.

CSPM: The industry’s response to cloud complexity

To deal with this complexity and constant change, a new market segment has emerged broadly referred to as Cloud Security Posture Management (CSPM), which is typically used by security organizations that want the equivalent visibility and security that they’ve had with on-premise environments.

Current CSPM technology aims to help security teams understand what resources they have in their cloud environments, what security controls are in place, how it is all really configured–and to automate as much of it as possible. And while it is largely successful in accomplishing these feats, CSPM in its current form isn’t without its limitations. As we’ve learned in the past with our approach to securing on-premise networks, visibility plays a fundamental role.

The importance of visibility

It’s not uncommon for organizations to lose track of their cloud deployments over time, considering it only takes a developer and a department credit card to spin up a cloud environment. Nowadays developers are empowered to innovate at speed and scale but who is actually keeping track of these newly-created multi-cloud VPCs, VNETs, and VCNs? Even more worrisome–who is responsible for securing them?

There are always unknowns when networks grow and change, but we also know that tools that provide visibility can give security teams a more accurate, dynamic and comprehensive look at what resources they have, how they are connected and the risks associated with them.

Unfortunately, many CSPM tools present their findings in static, tabular forms and it can be challenging to get an understanding of the relationships between resources, such as between multiple accounts and whether they’re shared or not. Teams are often being asked to secure unmonitored cloud environments and can benefit from a visual, interactive model of their organization’s cloud resources.

This visibility allows security teams to gain full awareness of their cloud footprint and reduce their overall attack surface by understanding the interconnectivity between their resources. Some CSPM tools can show connectivity where there is traffic, but security teams want to calculate how an instance gets to the Internet, what security points it goes through, and through which port and protocols.

Understanding end-to-end access

Current CSPM solutions remain insufficient when it comes to accurately calculating access that can lead to data breaches. Many tools simply call into the APIs of CSPs looking for misconfigurations at the compute and container levels but they don’t fully understand “end-to-end” access. For example, they may only look at a setting in AWS that states a particular subnet is “public” so therefore it’s exposed. That’s not necessarily true because there may have other security controls in place, such as 3rd party firewalls or their own Kubernetes security policy.

For example, perhaps a network security engineer who doesn’t understand native AWS and Azure firewalls instead decides to use a 3rd party firewall from a vendor they’re already familiar with. If that firewall is blocking access to the public-facing Internet, current CSPM tools won’t recognize it, and security engineers can spend their days chasing false positives simply due to a lack of accurate information involving access.

Prioritizing exposed resources

With increased cloud complexity comes increased risk–there were over 200 reported breaches in the past 2 years due to misconfigured cloud deployments. Several of the largest data breaches occurred when cloud misconfigurations left critical resources exposed to untrusted networks, so prioritization efforts should begin there. Unintended access and Shadow IT can also lead to cloud leaks, and so by establishing an “exposure first” security approach, cloud security teams can identify key vulnerabilities and prevent costly breaches.

CSPM is a key ally in the fight to secure the cloud, but security teams need additional visibility and improved accuracy that is still lacking in many

For more information on RedSeal’s CSPM solution, RedSeal Stratus, check out our website. Or sign up for the Pilot program.

Lock Up Your Jewels: Reducing Exposure and Limiting Risk in a Ransomware-Riddled World

Ransomware is on the rise. That’s an often-repeated statement in the headlines — but what does it really mean for companies?

Data tells the tale. According to Tech Republic, attacks surged 57 percent between October 2020 and March 2021, while Purple Sec’s 2021 Cyber Security Trends Report notes that ransomware attacks have grown 350 percent since 2018. What’s more, the average ransomware payment rose by 82 percent to $570,000, with the largest single ransom demand coming in at $100 million.

Now that attackers have successfully breached some business networks, companies are understandably worried about the risk of data exfiltration leading to downtime or revenue losses. As Security Boulevard points out, companies now spend almost $2 million to recover after an attack and, on average, suffer 21 days of downtime. Even more worrisome? Paying up doesn’t guarantee the return of encrypted data. Attackers may decide to keep or destroy data or return for another round of attacks once they know payment is possible.

What’s the bottom line? Reducing exposure and limiting risk requires more than recognizing that ransomware is on the rise. To combat these attacks and safeguard what matters, companies need solid strategies backed by advanced cybersecurity solutions.

Ransomware Attacks in the Headlines

Although attackers often target smaller businesses to reduce the risk of getting caught, that hasn’t stopped some groups from prioritizing bigger payouts. Case in point: The Colonial Pipeline attack. On May 7th, 2021, staff found a digital ransom note saying that attackers had already exfiltrated data from Colonial’s network. The company immediately suspended both IT and operations, leading to sudden interruptions in fuel delivery along the East Coast. Within a day, Colonial paid the $5 million ransom and began getting their systems re-secured and back online.

Also making the news were attacks using the REvil ransomware-as-a-service (RaaS) suite. According to the Department of Justice, a Ukrainian national was arrested in conjunction with attacks spanning the last three years, including the July 2021 attack of information technology company Kaseya. While Kaseya says it didn’t pay the ransom demanded, it took the company ten days to recover from the attack and bring their software-as-a-service (SaaS) servers back online.

Why is Ransomware on the Rise?

So what’s driving the rise of ransomware? Several factors are converging that make ransomware attacks easier than ever before.

Enhanced RaaS Tools

Taking a cue from legitimate businesses, some capable coders have created ransomware-as-a-service (RaaS) platforms that sell both basic and customized attack tools to interested parties. The result is a win-win for hackers: They take money up-front from buyers while simultaneously reducing their risk since they’re not actually carrying out the attacks. Many RaaS marketplaces now resemble more familiar eCommerce offerings. Attack designers offer promotions, sales, and even customer support to keep clients coming back.

Expanded Attack Surfaces

Ransomware is also on the rise, thanks to expanding attack surfaces. With more potential avenues of attack — via mobile connections, internet of things (IoT) networks, or open-source software deployments — attackers can pick and choose their preferred compromise method. This reality is forcing IT staff to look to secure multiple points of potential compromise.

Evolved Work Environments

With remote and hybrid work here to stay, businesses now face the challenge of securing networks both in the office and at a distance. For many, however, the abrupt initial shift to remote work created insecure frameworks that remain in use but lack proper protection.

What are the Common Attack Vectors?

The constant evolution of technology means that attackers are always exploring new avenues of compromise. For example, the rise in open source software and application programming interfaces (APIs) has changed how businesses design and develop new services while simultaneously expanding the attack surface.

Despite occasional boundary-pushing, however, most attackers prefer to stick with tried-and-true ransomware vectors.

Remote desktop protocol (RDP)

The remote desktop protocol makes it possible for administrators to access servers and desktops anywhere, anytime. But RDP also opens the door to ransomware attacks. If malicious actors steal legitimate account credentials, they can leverage RDP to access networks, install ransomware, and leave without detection.

Phishing

In 2020 alone, bad actors created almost seven million phishing emails and scam pages. Using promises of COVID vaccines or masquerading as instructions from C-suite executives, these emails create a compromise point for ransomware. If attackers can convince users to click on malicious links or provide account information, they can infiltrate networks and deploy ransomware.

Software vulnerabilities

Open-source software tools and APIs make it possible for companies to streamline software development and put them at risk of unknown or zero-day vulnerabilities. If attackers compromise unreported issues, they can gain network access and encrypt data before teams have a chance to respond.

DDoS attacks

Distributed-denial-of-service (DDoS) attacks are now being used in concert with ransomware. In some cases, cybercriminals hit companies with DDoS attacks and demand ransom for restoration of services. In others, DDoS efforts are used as a distraction while ransomware is deployed.

Combatting the Rise of Ransomware Attacks

To combat the rise of ransomware, companies are best served with a multi-step approach designed to reduce both the initial risk and overall impact of ransomware threats.

Step 1: Identify Your Assets

First, pinpoint what you need to protect on your network. Think of the most critical assets as the “crown jewels” of your organization. Where are they located, and how are they currently defended?

Step 2: Prioritize Your Vulnerabilities

Next, conduct a security assessment — either in-house or using a third party — to determine where your risks lie. While on-site IT teams have greater familiarity with your network, using in-house personnel may be a security drawback because they may not recognize potential vulnerabilities. By contrast, third-party evaluators can often attack your network in unexpected ways to discover new or undiscovered weaknesses.

Step 3: Secure Your Workforce

Without a secure workforce, efforts at ransomware reduction won’t be effective. Addressing this issue requires the use of tools such as virtual private networks (VPNs) to protect connections and data. You should also deploy zero-trust security solutions that require two (or more) factor authentication and include robust identity and access management (IAM).

Step 4: Reduce Your Response Time

When attacks occur, you need to react ASAP. This rapid response requires the use of advanced cybersecurity solutions that help unify infosec response with end-to-end visibility that empowers teams to react in real-time.

Keep it Secret, Keep it Safe

Ransomware isn’t going anywhere. Attackers are constantly looking for new ways to compromise systems or leveraging tried-and-true methods to slip past IT security. Add in the risk of RaaS, increasing attack surfaces, and hybrid work, and it’s clear that companies need defensive strategies capable of finding, detecting, and defeating ransomware attacks no matter what form they take and no matter what vector they use.

Ready to ramp up your ransomware defense? Click here and see how Red Seal can help.

RedSeal Opens Stratus Early Adopter Program to Security Teams Struggling with Cloud Security

Stratus — a SaaS-based Cloud Security Posture Management (CSPM) solution — addresses dangers of exposure and unintended access issues; Free webinar and demo on December 8

SAN JOSE, Calif., Dec. 01, 2021 (GLOBE NEWSWIRE) — RedSeal today introduced its Stratus Early Adopter Program, which provides select customers and prospects the opportunity to evaluate the company’s new SaaS-based Cloud Security Posture Management (CSPM) solution. The new Stratus SaaS offering is focused on providing visibility to cloud and Kubernetes inventory and determining exposed resources in cloud and hybrid cloud environments.

Implementing security controls for cloud environments now extends beyond the responsibility of traditional network security teams, and today includes application developers and DevOps teams. These controls must also consider workload containerization such as Kubernetes, and native offerings from Cloud Security Providers such as Amazon Web Services. As a result, there is exponential growth and pervasiveness of misconfigurations, which put high value resources at risk of unintended exposure to the Internet.

Current members of the Stratus Early Adopter Program represent enterprises ranging from banking and financial services firms, to federal government agencies and high-tech companies. These users have reported benefiting from Stratus’ ability to easily see both exposure and conductivity in and across all accounts in a single view.

Security challenges in the cloud have become so prevalent that Gartner has defined CSPM as a new category of security products designed to identify misconfiguration issues and risks in the cloud. As a CSPM, RedSeal Stratus helps security teams better manage this increased risk by:

  • Immediately identifying which resources are unintentionally exposed to the Internet due to misconfigurations
  • Visualizing their complete AWS cloud architecture to truly understand connectivity between and within cloud resources
  • Understanding their Amazon Elastic Kubernetes Service (EKS) inventory and identifying overly permissive user and service accounts

“Everyone knows that visibility is critical for CSPM to meet its full potential, but very few vendors are delivering on this promise,” said Bryan Barney, RedSeal CEO. “What makes visibility so powerful is the true calculation of access and exposure, and not simply the reliance on CSP settings. With RedSeal Stratus, we are now providing the most accurate, reliable and actionable approach to calculating access and exposure in the cloud.”

RedSeal Stratus is currently focused on AWS cloud environments. Recognizing the demand for better security posture management across Microsoft Azure and Kubernetes environments, Stratus will evolve to support these platforms early next year, making Stratus a complete, robust CSPM solution. Participants of the Stratus Early Adopter Program are eligible for a free 6-month subscription to RedSeal Stratus, with up to 3,000 EC2 instances.

Stratus Webinar and Demonstration

RedSeal will be hosting a free webinar for customers and prospects interested in joining the Stratus Early Adopter Program. The online event will take place on Tuesday, December 8th at 11:00am PST and will provide an exclusive overview of RedSeal’s new SaaS-based CSPM solution. The webinar will cover how RedSeal Stratus can help security teams better manage increased cloud security risks with:

  • Complete and up-to-date visualization of cloud infrastructure
  • Detailed knowledge of Amazon EKS accounts and policies
  • Out-of-the-box dashboard that identifies resources that exposed to the Internet

Click here to register for the free event.

About RedSeal

RedSeal — a security solutions and professional services company — helps government agencies and Global 2000 companies see and secure their on-premise networks and cloud environments. RedSeal Stratus, the company’s SaaS CSPM solution, gives an integrated view of cloud security posture through visualization of cloud-native and Kubernetes controls, and shows which resources are unintentionally exposed to the Internet. RedSeal’s Classic product brings in all network environments — public and private clouds as well as on-premises. This award-winning security solution verifies that networks align with security best practices, validates network segmentation policies, and continuously monitors compliance with policies and regulations. It also prioritizes mitigation based on each vulnerability’s associated risk. The company is based in San Jose, Calif. Follow RedSeal on Twitter and LinkedIn.

State and Local Cybersecurity Threats in 2021: Weathering the Storm

Recent pandemic pressures have created the perfect storm for state and local cybersecurity breaches. With some staff still working from home, state and local agencies face the challenge of deploying defense at a distance over networks, connections, and applications that are often insecure, unencrypted, and in many cases unapproved. What’s more, ransomware has surged — a significant problem since less than 40 percent of state and local staff members have received training on how to prevent cyberattacks.

The result is an increasing volume of local and state government cybersecurity threats, which are occurring across the country. For example, GovTech reported that an issue with third-party software exposed more than 38 million health records across states, including Texas, Indiana, Maryland, and New York. Another case reported by Healthcare IT News detailed a smaller-scale breach in California caused by a single employee that occurred over ten months and exposed both patient and employee data.

With hybrid work here to stay and cyberattacks on the rise, government organizations need to improve cybersecurity practices. They must focus on protecting against breaches that can compromise data, impair operations, and cause significant expenses.

Identifying the Biggest Barriers in Effective Defense

Before agencies can deploy better cybersecurity measures, they must identify critical vulnerabilities and threat vectors. And while every state and local government faces unique data handling and security challenges, three barriers to effective defense are common: visibility, accessibility, and resiliency.

Visibility

Traditionally, state and local governments have been behind the curve when it comes to technology adoption. As noted by research firm Deloitte, however, evolving citizen expectations around access and ease of use “will require uprooting outdated systems and practices and replacing them with new models.” As a result, agencies are now looking to expand their agility to streamline service availability and improve collaboration. To meet these goals, many have integrated and deployed cloud-based software, platforms, and infrastructure.

While these solutions offer improved agility and efficiency, they introduce significant new security risks. IT teams can not keep track of every app and service in use, which reduces visibility while simultaneously expanding the total attack surface.

Accessibility

For most state and local governments, the problem here isn’t too little access for employees that require it — it’s too much for those that don’t. One common example of excessive access occurs when staff complete one project and move to another. In many cases, their existing permissions aren’t revoked. Instead, new access is simply layered on top of the old, which creates a security risk. And with insider threats often more challenging to detect than their external counterparts, it’s now critical for agencies to identify, control, and correct for excessive access.

Resiliency

Most state and local governments have familiar security controls such as firewalls and antivirus scanners in place to catch potential threats. However, many lack the tools and tactics required to remediate issues when they occur, mitigate the amount of damage done and get services back up and running.

The result is IT environments that are primed to respond but struggle with resiliency. To effectively manage evolving threat landscapes, state and local governments need security plans and policies covering all aspects of an attack — from initial compromise to identification, isolation, remediation, and restoration.

Exploring the Issue of State and Local Breaches

So what do these breaches look like in practice? Let’s explore the impact of three recent scenarios.

1) New York State, January 2020

In January 2020, New York state officials found themselves up against a massive cyberattack that disabled access to databases used by the state’s civil service, environmental department, and police force. Likely the work of foreign actors, the hack went unreported for months, even as officials looked to restore critical access.

As noted by Security Today, the state received word about a potential flaw — and available patch — for its Citrix-based systems in December 2019. Unfortunately, the state did not install the patch in time to prevent the issue. As a consequence, more than 80,000 state devices were vulnerable to malware compromise. While it appears attackers didn’t access any citizen data, the state had to cover the costs of a three-week forensic investigation of more than 40 servers.

2) Multiple Municipalities, June 2021

Local government cybersecurity teams often look to save time and money by using the same services as other municipalities. It makes sense: They’ve been proven to work with government systems and generally have a track record for reliability.

However, if service providers become compromised, the results can be far-reaching. As reported by ZDNet, that’s what happened across dozens of municipalities in the US when a Massachusetts software provider used misconfigured Amazon S3 buckets. As a result, more than 1,000 gigabytes (GB) of data and 1.6 million files were exposed. Compromised data included email addresses, physical addresses, and driver’s license information, along with deed and tax records.

3) Oldsmar, Florida, February 2021

A cyberattack on Oldsmar, Florida in 2021 didn’t compromise data access or expose files. Instead, it nearly poisoned the town’s 15,000 residents. On February 5th, a plant operator at the local water treatment facility received an alert that someone had gained remote system access. The attacker opened multiple applications and services and then increased the concentration of sodium hydroxide — also called lye — to 100 times its normal level. Fortunately, operators were able to retake control and cancel the change quickly and prevent disastrous consequences.

Grant Funding for State and Local Governments

The good news is some new help is on the horizon for local and state government cybersecurity, thanks to the $1.2 trillion infrastructure package. The plan includes $1 billion in cybersecurity grants to help local and state governments boost their defense. If approved, the new program would offer $200 million worth of grants in 2022, $400 million in 2023, $300 million in 2024, and $100 million in 2025. In addition, the plan funds creation of a response and recovery fund at the Cyber and Infrastructure Security Agency (CISA), which would give an additional boost to cybersecurity efforts.

Mitigating the Impact of Cybersecurity Threats

Mitigating the impact of local and state cybersecurity threats depends on a strategy of defense in depth. In practice, this requires a three-step approach: Identification, evaluation, and implementation.

Identification focuses on finding potential threats in current cyber defenses — such as those tied to open source software, authorized apps, excessive access, and unintended exposure to the Internet. Evaluation includes internal and external assessment of existing security policies to see what’s working, what isn’t, and what vulnerabilities state and local governments need to prioritize. Finally, implementation looks to deploy security solutions that directly address key concerns, such as comprehensive cloud security services that provide visibility into public, private, and hybrid stacks simultaneously to empower threat detection and response.

Battening Down the Hatches

State and local governments now face a trifecta of security challenges: remote work, ransomware, and worker education. The combination creates ideal circumstances for malicious actors. By taking advantage of ideal compromise conditions, attackers can breach government networks, access critical services, and exfiltrate citizens’ data.

The result is a growing need to batten down the digital hatches by creating and implementing an in-depth strategy to help build robust, reliable, and resilient security infrastructure. To prevent risks and a host of unwanted outcomes, state and local governments need to prioritize cybersecurity.

Ready to boost cyber resiliency and better weather the storm? Click here to see a demo of RedSeal’s cloud security solution in action.

Join us!

Hear from Shannon Lawson, CISO, City of Phoenix, how the state and local agency leaned toward hardening their environment from attacks, recognized exposures, secured infrastructures, mitigated risks, and stayed compliant. The live webinar is January 18, 2022. Register now and don’t miss out!

Simplifying and Securing Hybrid Clouds

GovLoop | October 26, 2021

President Joe Biden’s executive order (EO) on cybersecurity suggests the cloud will play a pivotal role in the federal government’s future; it urges agencies to maximize the technology’s flexibility and scalability rapidly and securely.

But what can happen if agencies embrace the cloud too rapidly? The answer is haphazard and insecure IT environments. These environments often occur when agencies combine on-premises and cloud-based IT in a hybrid model.

Tag Archive for: Cybersecurity

Nothing Found

Sorry, no posts matched your criteria