Proper segregation of a network is one simple line of defense against malicious threats that is very effective. Even the latest security systems won’t always protect your network if it’s not properly set up and segregated into different role based sections. These different sections or VLANS are what help keep your network safe. When carved-out properly an attacker will have to traverse several roadblocks along the way. The key to a properly segregated network is multiple areas with different permissions and roles for each area. This will prevent an attacker who infiltrates the network in one area from obtaining information from another area.
I’ve spent the past few years calling into CIOs, IT Managers, or Security Engineers discussing where their security program is today and what they would like it transformed too. Even though you probably dread the sight of an unknown number, my favorite part of my position is being a facilitator of conversation as well as understanding the focus of all parties involved. What I’ve come to realize is the disconnect that often exists within the security team and the individual goals differ position to position.
As a Solutions engineer, we have the privilege of listening to mid-sized and large organizations that are struggling to keep up with the ever-changing cyber security landscape. This blog post will provide insight and hopefully educate those with one or more of the following signs that a Security as a Service was needed yesterday.
Let’s pause though. What is Security as a Service? This is a software-as-a-service security program that comprehensively identifies threats, helps mitigate risk and meet compliance. Generally, this is comprised of a balance between People, Process, and Technology.
In 2011, the SEC published a set of recommendations relating to the disclosure of an organization’s cybersecurity risks and cyber incidents. In this document the SEC stated, “registrants should review, on an ongoing basis, the adequacy of their disclosure relating to cybersecurity risks and cyber incidents” and went on to describe existing disclosure obligations such as risk factors, description of business, and financial statement disclosures where cyber risks and incidents would often need to be discussed.
Seemingly, every week there are new security breaches reported; recently Uber and PayPal both announced that customer data may have been stolen by attackers. In the case of Uber, 57 million passengers’ data may have been leaked. Further, Uber also paid $100,000 dollars to the attackers and requested they sign non-disclosure agreements. This indicates that Uber may have intended to illegally withhold the breach from its customers. PayPal, on the other hand, identified a possible vulnerability in TIO Networks and reported that 1.6 million customer records may have been exposed. TIO Networks is a subsidiary of PayPal acquired in July that mainly processes utility bill payments at kiosk locations like Rite Aid. While the complete details of these breaches have not been disclosed these events continue to articulate the need for companies to evaluate their cybersecurity programs.
Are you looking to take your cybersecurity program to the next level? One of the most important steps in maturing your security program is moving to a dedicated team responsible for managing cyber risk.
Many organizations try to get by with someone on the IT team wearing the security hat. However, most recognize that this is only a temporary stage that will need to be addressed for several reasons:
It’s 2017 and while traditional password-based authentication is still widely used, security experts have long realized that traditional passwords are not enough to keep malicious intruders out. Even with requirements for password length, sophisticated complexity, and frequent changes, even the best password is still only one piece of information that’s required to gain access.
I would like to thank you for your continued support, trust, and partnership on our journey to a world where every organization, regardless of size, has the enterprise class security and compliance posture they deserve. With your valuable feedback, our dedicated team of engineers continues to enhance industry best Security Operations and Analytics Platform, SOCVue. Our Global SOC security engineers leverage SOCVue 24x7 for incident detection and analysis, incident response and remediation guidance to mitigate risk.
DarkNet.org.uk reported earlier this week that information on 4 million Time Warner Cable customers had been exposed in an apparent misconfiguration of an Amazon S3 bucket. You may recall in July it was widely reported that 14 million Verizon customers and 3 million WWE fans had been similarly exposed by a misconfigured S3 instances. Forbes also reported that month that Dow Jones has suffered a similar misconfiguration issue, exposing data on 2 million customers. In each of these cases, the data leak could easily have been prevented through proper configuration of the S3 buckets. In these cases, simple human error created the security gaps that allowed the leak of sensitive data. In each case the error was found by a third party who observed the issue and reported it to the company.
As regular readers of the EiQ blog know, we’re suspicious of the Internet of Things (IoT), the massive collection of Internet-connected devices that don’t fall into the traditional “computer” category. From “smart” energy meters, to in-car technology, to Internet-connected home appliances, the IoT is an incredibly broad spectrum of technologies that can gain value – in some cases, significant value, in other cases, more dubious – by connecting to other devices and networks.