ArticlesC2 Spring 2022Security Customer Success Story: Seamless and Secure Work From Home Solution at AMOCO Federal Credit Union by Alexandria Boecker March 27, 2022 written by Alexandria Boecker “Mobius is a trusted partner. To me that’s the most important part is the trust. I know they’re going to get the job done. I know they’re not going oversell me on anything. It’s been a great partnership. Most of the VARs we’ve come across are focused on the “R”- the Resell. Möbius is really focused on the value add. They really are a partner. When I tell my boss that I’m getting over to Möbius he feels a lot better.” – PAUL LADD, VP of Information Systems & Technology at AMOCO FEDERAL CREDIT UNION AMOCO Federal Credit Union (FCU) is based in the Houston, Texas area, where the state’s oil and natural gas thrives along the Gulf Coast. Serving nearly 93,000 members, the credit union’s reputation for impeccable service and a focus on developing trusted relationships among its members and its own team have earned it accolades and, more significantly, member-driven referrals. The process of ensuring the system and data security AMOCO FCU’s members expect was challenged by the COVID-19 pandemic and the work-from-home shift. The credit union was not going to risk its members’ data integrity nor its own reputation by remaining passive and potentially vulnerable. AMOCO FCU’s leadership knew they needed a technology partner who could support their credit union and workforce on multiple data and systems security fronts. And they knew Möbius Partners was the right choice for them. The challenges AMOCO FCU faced included: Creating secure connections for remote and working-from-home users Increasing visibility and control across its entire IT infrastructure Protecting the entire enterprise – branch offices and its datacenter – from internal and external threats to its systems. Möbius Partners helped AMOCO FCU address those challenges by leveraging industry best practices and implementing Aruba Networks Remote Access Points (RAPs). AMOCO was running a POC of RAPs when COVID-19 was forcing everyone to work from home. It was a great segue into implementing that into a production environment. Their primary challenge was protecting our network when bringing it into employees’ homes where there could be anything on those networks. Aruba gave them peace of mind. The end users our users love them, because they’re convenient, you open your laptop, and you’re on our network, which is a blessing. Möbius Partners was able to run through different products and scenarios, we’ve had some of our services team come in, and really help drive their solution tailored to their concerns around about security around their network. Where they previously had some gaps, Möbius Partners was able to fill those in. Check out Aruba’s remote access solutions for business continuity here. If you have questions, please email info@mobiuspartners.com. To stay up to date on news, events, case studies, podcasts and more, subscribe to our newsletter here. March 27, 2022 0 comment 0 FacebookTwitterPinterestEmail
ArticlesC2 Spring 2022Data SecuritySecurity Build a Cyber-Resilient Organization by Cohesity March 27, 2022 written by Cohesity [vc_row][vc_column][vc_column_text]People have always topped the list of what keeps enterprise executives up at night. Leaders wonder, “Is the right talent in the right places?” and “How do we maximize employee productivity and improve our customer experience?” Now two years into the pandemic, executives have a new people-related concern, “How do we stop bad actors from compromising our data and stealing it for gain?” Nearly nine in ten C-suite and other executives (87%) recently surveyed expect the number of cyberattacks targeting their organizations to increase over the next 12 months, reports Deloitte. And while almost two-thirds (65%) believe ransomware poses a major concern to their organization, only a third (33%) say they have prepared for such attacks. That’s not surprising considering how fast the vectors and targets of attacks are changing. The market saw a 1,070% increase in ransomware between July 2020 and June of 2021, according to a semiannual Global Threat Landscape Report. How can enterprise executives turn the tide, quickly pivoting from chasing to detecting and mitigating both external and insider threats? A giant first step is to rethink legacy data management infrastructure and architecture. Here’s why. Legacy Data Management Hinders Cyber Hunting Legacy infrastructure is complex and closed. An organization can have multiple silos, vendors, and fragmented data, leading to inefficiencies in processes, management, and systems designed to uncover threats. That makes it easier for criminals to get in and begin encrypting data for a quick payday (ransomware 1.0). Moreover, legacy infrastructure is vulnerable. Requirements for specialists to manage each silo individually and inconsistent patching and other protection processes are weak-link targets for hackers to enter the environment and not only encrypt data, but destroy backups to make data recovery more difficult (ransomware 2.0). Lack of intelligence in a data management solution is another flag to bad actors that enterprise data is not well protected. If IT teams have to spend hours or days manually sifting through logs to discover intrusions, attackers can penetrate and run malicious code inside of an environment for a long time before encrypting data, compromising backups, and stealing the data for maximum ill-gotten gains and reputational damage (ransomware 3.0). Although IT modernization is on enterprise executives’ minds, most are just beginning to recognize the important link between eliminating legacy data management and bolstering threat defenses. That’s where the Cohesity Threat Defense architecture and Cohesity and HPE solutions come in. By embracing an architecture and solutions focused on not only data security but on cyber resilience, organizations can better defend their data in the hybrid and multicloud era. Architecting for Cyber Resiliency Threat Defense is a defense-in-depth architecture to counter cyber threats that goes beyond Zero Trust security principles to keep data and applications secure. It helps keep bad actors away with least-privilege methods and advanced access controls while learning and continuously monitoring data changes using artificial intelligence and machine learning (AI/ML) techniques. It also serves as a framework for other security solution integrations. Comprehensive and multilayered, the Threat Defense architecture more closely aligns InfoSecOps professionals and teams, improving security postures. Figure 1. Comprehensive Threat Defense Architecture from Cohesity is Key to Cyber Resilience Key capabilities of the Threat Defense architecture, brought to life in Cohesity and HPE solutions, include: Data resiliency – At its core (as illustrated in Figure 1), Threat Defense is about providing organizations with a highly resilient platform that helps ensures confidentiality, availability and integrity of data. Key to safeguarding data is Zero Trust security principles, encryption, WORM (write one, read many) techniques, fault tolerance, and immutable snapshots. The latter ensures backups cannot be modified or deleted, thwarting ransomware 2.0 attackers. Data access – Policy-based controls within the architecture platform help prevent unauthorized access to sensitive data no matter where it resides—core, cloud or in edge locations. From role-based access (RBAC) and multi-factor authentication (MFA) to requiring more than one person to make root-level changes and continuous monitoring and auditing, Threat Defense helps ensure resilience for the data collected today as well as tomorrow. AI-driven insights – Another important architectural component to stopping threats is detection and analytics. These include data classification or cataloging what data is there and near real time anomaly detection or continually assessing the data to recognize and alert teams when patterns change, which can signal a ransomware attack. These capabilities give data security teams confidence they know where sensitive data resides and governance and compliance teams knowledge about who’s accessing it. Security features/apps extensibility – No single security product alone will be able to thwart all threats. That’s why the architecture platform features both integrated apps and APIs including vulnerability scanning, data masking and more that empower teams to join forces in combating bad actors. Threat Defense is designed for real-world environments, which means it’s architected to recover in a worst-case scenario ransomware attack or operational failure as well as failover gracefully in the event of a natural disaster. The platform supports the instant mass restore of hundreds, even thousands, of virtual machines (VMs), databases and more to the date and time of the last-known clean copy, providing confidence infected data isn’t reintroduced into the environment. Getting Executives a Better Night’s Sleep Cohesity and HPE at the foundation of Threat Defense architecture can help put enterprise executives’ minds at ease. They can be confident that a modern data management platform is keeping sensitive data protected and unplanned downtime to nearly zero. They also can be assured they have automated safeguards in place against human errors, natural disasters, and cybercriminals—but just in case, that their teams have the ability to recover data fast and with confidence that it’s free of ransomware. Moreover, jointly delivered Cohesity and HPE solutions empower organizations to reduce compliance risks and protect business reputations by preventing data downtime and breaches. Are you ready to defend your organization’s data against ransomware? Access this guide to find out. Discover Cohesity–HPE Solutions for Cyber Resiliency Together, Cohesity and HPE deliver integrated data protection and data management solutions that eliminate silos so you can easily back up, access and extract insights from data. Best-of-breed solutions, spanning on-premises, cloud, and the edge, combine the simplicity and efficiency of Cohesity data management software with the power and density of industry-leading, certified HPE Apollo and HPE ProLiant servers and can be delivered as a service through HPE GreenLake, hybrid cloud, or self-managed. Learn more about Cohesity and HPE.[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column width=”1/4″][vc_single_image image=”7119″][/vc_column][vc_column width=”3/4″][vc_column_text] Joanna Paul Senior Solutions Marketing Manager, Cohesity Seattle, WA, USA Joanna Paul leads the Cohesity | HPE Solution Marketing efforts for Cohesity. A seasoned technology marketing professional, Joanna is passionate about providing compelling value propositions and creating high value content. joanna.paul@cohesity.com LinkedIn[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][vc_empty_space][/vc_column][/vc_row] March 27, 2022 0 comment 1 FacebookTwitterPinterestEmail
ArticlesC2 Spring 2022Security Biggest Lie in the World (and Kevin’s Famous Chili Recipe) by Beth Ziesenis March 27, 2022 written by Beth Ziesenis He spilled the whole batch in the lobby, and no one got a bite. But that doesn’t mean his famous recipe is gone forever. A clever TikTok-er revealed that Peacock TV’s terms and conditions includes Kevin’s chili recipe buried in the tiny print as a reward for the very, very small percentage of subscribers who read the details. Almost No One Reads the Terms and Conditions Most apps or services require you to click a box to agree to their terms and conditions for use. You SHOULD be reading the fine print to understand how a company uses your data, what happens if they mess up, what permissions you’re giving them when you use their services, etc. But dang! These agreements are loooonnng, and they’re full of legal jargon, verbose gobbledygook and incomprehensible babble. According to a 2017 survey by Deloitte, 91% admit to clicking without reading… (97% of people 18-34!). You notice I said 91% admit to not reading… I’m almost 100% positive that the number is much closer to 100%. This Site Will Read Them for You Bookmark this site: ToC;DR. It stands for Terms of Service; Didn’t Read, a play on TL;DR (too long; didn’t read). ToC;DR exists because the kind nerds who run it know: that we won’t read the terms and conditions, and that we NEED to read the terms and conditions. Then they assign grades so you can quickly see the worst offenders (we’re looking at you, Facebook). Get Terms and Conditions Analyses Everywhere You Go ToC;DR has a browser add-on that lets you see the comprehensible version of terms and conditions of sites that they’ve analyzed. On Chrome you’ll get a little warning if the ToC is particularly heinous. March 27, 2022 0 comment 0 FacebookTwitterPinterestEmail
ArticlesC2 Spring 2022Data SolutionsData SolutionsRansomwareSecurity Continuous Data Protection: The new imperative by Ziv Kedem March 27, 2022 written by Ziv Kedem Recent world events have heightened concerns about data security. Stricter laws and increased risk of cyber attacks have forced businesses to prioritize data protection measures and implement them quickly. It’s a good time to assess the progress made around data protection and how technology modernization allows organizations to reassert control over the integrity and safety of this critical asset. Arguably, GDPR is the highest-profile emerging data protection rule in the global regulatory movement. Its impact has certainly been significant and, for a growing number of organizations, extremely costly. According to law firm DLA Piper, as of January 2021, 272.5 million euros ($332.4 million) of fines had been imposed for infringements relating to the regulations. And while significant progress has been made, with the United Nations Conference on Trade and Development (UNCTAD) reporting 128 out of 194 countries with data protection legislation in place in 2020, there are also significant data protection weaknesses, and cybercriminals are always on the lookout for vulnerabilities. Ransomware on the rise Organizations today face more serious threats to business data than ever before. Ransomware attacks grew by 150% in 2020 and have become an existential threat globally, putting entire data estates at risk. Even with GDPR requirements in mind, companies often overlook ransomware, which can affect an organization’s entire technology stack. Every company suffering a breach should fully evaluate its scope and impact. And every company must be prepared to defend itself against this scourge. When it comes to ransomware, it’s not a matter of if, but when. Attacks continue to rise in both volume and severity as cybercriminals develop new and unexpected methods to encrypt data. According to Cybersecurity Ventures, ransomware is expected to attack a business, consumer, or device every 2 seconds by 2031, up from every 11 seconds in 2021. Global ransomware costs are expected to rise from $20 billion in to $265 billion in that same time frame.1 Your organization needs to treat ransomware as a disaster scenario you know will happen. Shifting focus from protection to recovery While you almost certainly have taken actions to prevent data loss, a surprising share of IT organizations have paid little attention to recovery. That oversight can be costly. From a recovery point of view, it’s a depressingly familiar story: An organization wakes up to find its files are locked down, and its latest backup is from the previous night or week – or even the previous month. When the potential for data loss reaches this far back in time, businesses often face huge recovery costs, a situation that could spell disaster. Recovery is critical to your ransomware defense strategy because for your data to be truly protected, it needs to be recoverable—quickly and entirely. Typically, the weak link in data protection involves legacy solutions that protect data by using periodic snapshots, and the gaps between these snapshots are far too long. For organizations that rely on the always-on digital economy, the new imperative is data protection that keeps up with the speed of business, protecting data continuously, in real-time. Continuous data protection (CDP) recognizes every single change and update to your data. It tracks and captures data modifications in real-time, ensuring that every version of user-created data is stored locally or at a target repository via incremental writes that are replicated continuously and saved to a journal file. In a recovery situation, administrators can restore data to any point in time with granularity. It lets you essentially “rewind” business operations to a point moments before any disruption occurred, where anything from a single file, virtual machine, or an entire site can be brought back with minimal data loss and disruption. Backup, retention, and data mobility As IDC put it in a recent report, “In response to the need for ever greater application availability with less data loss, a new generation of continuous data protection technology is emerging to significantly reduce recovery point objectives (RPOs).” And the value extends beyond cyberattacks to other use cases where organizations struggle with traditional approaches, particularly around backup and long-term retention. Backup and restore Backup focuses on day-to-day restores and recoveries of specific files, VMs, or volumes. Because you are not protecting this backup data against a specific disaster incident, it doesn’t need an entire site recovery. A CDP solution can save time and money by automating and simplifying backup operations and enabling granular recoveries. Long-term retention As its name suggests, long-term retention addresses the need many organizations have to store data for months or years, typically for compliance, tax, or internal business reasons. This data is rarely mission-critical and doesn’t require urgent recovery. Modern CDP solutions can be programmed to store this data on cost-efficient media that’s not as immediately accessible, freeing up other storage tiers for operational data storage and recovery. Data mobility between clouds As more organizations embrace the flexibility of modern infrastructure, applications are frequently moved seamlessly from on-premises to multi-cloud. IDC, for example, says that 70% of CIOs now have a cloud-based strategy for application deployment. However, data protection strategy must keep pace with this approach to meet SLAs while ensuring applications and data remain available, regardless of the disruption. CDP solutions that offer unified, scalable, and automated data management make workload and data mobility across clouds simple and quick. These are all vital issues, and in practical terms, they can help you focus on some important questions when building a CDP strategy. When searching for a solution, keep these critical capabilities in mind: How fast can the solution deliver recovery, given short recovery time is fundamental to data protection? Consider the difference between the near-zero RTO of continuous backup capabilities versus snapshots and time-lagged solutions that can only capture data every few hours. Does the solution have application-consistency grouping to protect not only mission-critical VMs but also business-critical applications for both short-term and long-term retention? Can the solution deliver CDP at scale, and how does it run in the cloud? Zerto, a Hewlett Packard Enterprise company, ensures your data is protected and quickly recoverable with continuous data protection. In an environment where compliance has grown in importance, and where the impact of a serious data breach can be devastating to everything from reputation to profit, approaching backup as a continuous process makes it possible to ensure data remains safe. Learn more about Zerto, including how it can get you out of ransomware jail – and find out how you can try the Zerto Free Edition. ¹ David Braue, “Global Ransomware Damage Costs Predicted to Exceed $265 Billion by 2031.” Cybercrime Magazine. Jun. 3, 2021. March 27, 2022 0 comment 0 FacebookTwitterPinterestEmail
ArticlesC2 Winter 2021Data SecuritySecurity How to Keep Employee Home Wireless Networks from Being Weakest Link your Cybersecurity Chain by Yash Vartak December 6, 2021 written by Yash Vartak Now that we are slowly coming out of the COVID-19 Pandemic, work might never return to the “normal” of employees spending the majority of their days in an office building. Remote working, or some hybrid, is probably here to stay, says Forbes Magazine. How much did the Pandemic affect our working habits? Pew Research reported in December of 2020 that roughly 20% worked from home before the coronavirus outbreak and that number quickly ratcheting up to 71% during the outbreak. They also report that 54% would want to work from home after the outbreak ends. With a lot of us still working from home, our home wireless networks have become an indispensable component of the work ecosystem. We have come to a point where we cannot imagine a modern home or home office without a wireless network. However, these wireless networks have become very easy and lucrative hunting grounds for hackers looking for easy targets. Routers can be easily exposed to external attacks, or inadvertently transmit sensitive information over the web. Hence it has become increasingly important to secure your home network against hackers or other malicious threat actors. The following are ten simple tips that can be used to secure your home WIFI network from intruders. Change the default name of your WIFI network, avoid anything that gives more information about the equipment, yourself, or its location, use an SSID name that is simple and universal e.g., Pluto or Mickey1. (Avoid SSID names like Linksys1126-2.4GZ, or Jose-livingroom). For heaven’s sake secure your WIFI network with a strong password (Key) + WPA2 and regularly keep changing the password at least once every 90 days. Make an inventory of devices at home and regularly tally it to the devices connected, this will help to detect if any unauthorized devices that are/have been connected to your network. Limit the number of devices that can connect to your home WIFI, if you have 15 devices at home you do not need an entire /24 IP address subnet, use a much smaller IP address range like a /27 or /28 subnet, this also limits the number of devices that can connect to your network Do not share your WIFI network with guests, create a separate network just for your guests and then turn it off when it is not in use. Most modern WIFI routers allow you to create more than one network. With a separate guest network, this allows you to restrict what your guests can access, and you can ensure they only connect to the internet and not any of your devices & data. Where possible, have a separate network for work and one for non-work-related activities to ensure your sensitive work data and devices are fully segregated from any other devices. This will reduce the risk of accidental data spillage. Just because a device can connect to a WIFI network does not mean it has to connect to your WIFI, try to avoid connecting all nonessential devices like color-changing bulbs, Google Home, Alexa, or Fridge to your network. When connecting all these types of devices to your network they extend the attack surface for hackers to access your WIFI network by manipulating these devices. Invest in superior quality WIFI routers from reputable vendors as they go through rigorous security testing cycles. Avoid buying devices from the grey market or unknown online vendors as these devices may be compromised. Regularly update firmware on your WIFI devices to ensure they have the latest security patches and if there is an option set it to automatically update the firmware to make sure it is turned on. If you have the means and technical skills utilize advanced features and technologies like MAC (Media Access Control) address filtering, individual authentication, certificate-based authentication, firewall, and network rules to further enhance the security of your home network this make it many times harder for unauthorized people to access your network. Follow these ten simple tips to protect your home wireless network like a Ninja! Let me know if you find these ten tips to help secure your Home WIFI router were useful. If you have additional ideas to add to this list or want to share your experience (good, bad, or scary) securing your home WIFI, please share them in the comments section. December 6, 2021 0 comment 0 FacebookTwitterPinterestEmail
ArticlesC2 Fall 2021SecuritySOAR Taming the Security Alert Tsunami with Automation by Yash Vartak September 21, 2021 written by Yash Vartak Are you running a Security Operations Center (SOC) that handles hundreds or thousands of alerts? Are your analysts unable to cope with a tsunami of events and eventually get burnt out? Are they unable to zero in on events of interest at speed and scale? If the answer to any of the above questions is a yes, it is probably time to consider adding automation to your SOC ecosystem. Nowadays, most of the modern next-generation SOC platforms come with a native Security Orchestration Automation and Remediation (SOAR) capabilities. While automation does make things simpler in the long term, it needs a lot of careful planning and a clear strategy. Security Automation > What, When, Where and How If you feel lost trying to figure out where to get started with this, you are not the only one. To identify tasks or activities that can be automated, you need to start with an inventory of tasks and activities that your L1 function does, and out of those, identify the tasks that are repeatable in nature and have reversible outcomes. Typically tasks in which you can use SOAR broadly fall under these categories. Enrichment: add context or additional information to the event that is being collected, this is typically by far the most popular SOAR use case. e.g., finds hash of the file, do a ‘who is’ look up, find details of a user on LDAP Orchestration: start or stop a certain service or process on an end point e.g., finds hash of the file, do a ‘who is’ look up Remediation: take an action to contain or correct an incident e.g., disable user on a directory Case management: tracking of end-to-end triage process E.g., tagging findings, evidence, documentation, and triage process management Reporting: reporting of SOC’s operational parameters E.g., Heat maps, situation reports etc. Points to watch out for while implementing SOAR Automation works best in mature and stable environments. While SOAR solutions make your SOC function more efficiently it is not a replacement for your L1/L2 function. Below are the three common pitfalls you need to watch out for while implementing a SOAR platform in your SOC. Trying to automate everything at one go With so many manual processes and staff in short supply, it can be tempting to go all in on security automation. But if you are just starting out, identify processes that are prime candidates for automation and implement automation in those areas first. From there you can determine how to continue forward on the automation component of your journey. Also, it is practically impossible to automate everything. Many of the complex cases still need the hands-on, critical thinking that can only come from an experienced and well-trained security analyst. So, any SOAR implementation is always about finding the right balance of machine-led and analyst-led activities for your particular SOC. Not mapping out incident response processes Only the processes that have predictable and reversible outcomes can be considered for automation. SOAR solutions can be used to automate security operations processes, however, automation applied in an unplanned and uncontrolled manner can result in complete chaos. To avoid this pitfall, security operations teams need to devote considerable time to outlining and mapping their processes before building playbooks. Incident response processes that are ‘cast in stone’ You cannot get everything right the first time. Even if you have devoted a lot of time and energy designing a particular incident response playbook, there is still a good chance it will not turn out to be perfect. Besides, the tactics, techniques, and procedures (TTPs) of cyberthreats evolve with time. Thus, you need to adapt and incorporate changes accordingly. Expecting SOAR to be a wonder drug There is no magic cure for all the challenges security operations teams face. SOAR holds the promise of driving process improvement, increasing efficiency and maximizing effectiveness for enterprise SOCs. As such, as you embark upon a SOAR implementation project, be sure to be clear on how it can best enable your team to maximize the use of the security tools you already have, empower your existing team, and inject new structure to your processes and techniques. September 21, 2021 0 comment 0 FacebookTwitterPinterestEmail
ArticlesC2 Fall 2021Data SolutionsGDPRHPE NonStop ComplianceSecurity GDPR 2021 – Compliance and Penalties; 3 Years Later by Steve Tcherchian September 21, 2021 written by Steve Tcherchian The General Data Protection Regulation, or GDPR, is a major piece of legislation adopted in 2018. It is designed to address the protection and responsible use of every European Union citizen’s personal data. However, GDPR is not an EU-only regulation. It affects ANY business or individual handling the data of EU citizens, regardless of where that business or individual is based. We were warned that the penalties for non-compliance could be stiff: Up to €20 million (about $24 Million USD) or 4 percent of annual global turnover, whichever is greater. What Has GDPR Done Lately? Over the last 3+ years, GDPR has received mixed reviews. It’s often a slow process to bring a complaint because the companies involved may operate in many countries, but have their corporate headquarters in countries where litigation is exponentially more complex. To add to the delays, in most instances there is an opportunity for all other EU countries to join a complaint, extending the process and adding to the complexity of evidence gathering. The European Data Protection Board (EDPB), was set up to promote cooperation between the EU’s data protection regulators and acknowledge that the system isn’t all it could be. In the April 8th, 2021 of WIRED Magazine an EDPB spokesperson was quoted, saying “Enforcing at a national level and at the same time resolving cross-border cases is time and resource intensive. Slowly, but steadily, we are seeing results”. This claim is punctuated by the fact that there have been 254 final decisions from filed complaints. Make no mistake, GDPR has teeth. A recent judgment against Amazon resulted in a fine of $788 million. Ireland’s Data Protection Commission (DPC) just announced that WhatsApp, owned by Facebook, is facing fines up to $267M for violating articles 5(1)(a); 12, 13 and 14 of the GDPR. While all judgements are immediately contested (and in most cases reduced), the fines are still very substantial. The GDPR resembles the PCI DSS in that it aims for a comprehensive approach to data protection that goes well beyond the technical aspects, though the individual GDPR requirements aren’t as technically detailed. GDPR’s security tenets and objectives are the same as PCI DSS: to protect, secure and track use of specific types of data. Compliance with its requirements requires both implementing security best practices and modifying processes and human behavior to comply with those best practices, including timely analysis of anomalies. GDPR requirements differ in other ways from the PCI DSS requirements: They apply to many more types of personal data, including addresses, phone numbers, IP addresses and health-related data (and have different rules for handling certain data types). They are much more prescriptive with respect to governance. They place much more emphasis on allowable use of the data, including data subject consent and advance analysis of the potential privacy impact and available mitigations when introducing a new form of processing. Like most regulations, GDPR has its own distinct terminology and set of definitions. In order to evaluate its impact on your organization, it is important that you understand key concepts such as “personal data”, “data controller” and “processor”. To help make sense of it, the definitions of interest include: Personal data: any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person; Controller: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law; Processor: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. Processing: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. Pseudonymisation: the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person. Filing system: any structured set of personal data which are accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographical basis. See Article 4 of the GDPR for a complete set of definitions. Meeting GDPR Compliance Being a security technology company, we’d love to offer a cure-all solution that will effortlessly make an organization 100% secure and compliant. Each business, however, is unique. The best way to start is by identifying your assets and building a security strategy around those assets to mitigate risk. Proper identification of what needs to be protected is essential. Know what data you possess, where it resides, what you are protecting and why you are protecting it. GDPR compliance makes identifying your assets critically important. We discussed these processes in a previous article. Here are the brass tacks: A Step-By-Step Guide to HPE NonStop Compliance. Authentication and Access Control Article 32 of the GDPR states “the data controller and the processor shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk”. Further, Article 32 requires “the data controller or data processor must take steps to ensure that any natural person with access to personal data does not process the data except on instruction of the controller, processor, European Union law, or member state law”. This means ensuring that proper authentication, access control, and identity management are in place to ensure a level of security appropriate to the risk. These components are fundamental parts of a data security strategy and ensure that the appropriate protection layers are in place to mitigate the risk. The authentication aspects of Article 32 can be addressed by deploying and appropriately configuring the following solution supplied with the HPE NonStop OS: XYGATE User Authentication for extending Safeguard’s authentication controls and integrating NonStop security with RSA tokens for Multi-Factor Authentication. The access control technical aspects of Article 32 can be addressed by deploying and appropriately configuring the following optional product solution supplied through HPE XYGATE Access Control for Role Based Access Control and Keystroke Logging to capture command activity. And the identity management technical aspects of Article 32 can be addressed by deploying and appropriately configuring third-party solutions available for HPE NonStop servers “ Luckily, most of the solutions and tools required to address GDPR technical security requirements and demonstrate compliance are readily available.” – Steve Tcherchian, CISSP, XYPRO Technology Corporation Auditing and Alerting Article 33 of the GDPR requires prompt breach notification: “In the case of a personal data breach, the controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority. The processor shall notify the controller without undue delay after becoming aware of a personal data breach.” In order to be able to detect personal data security breaches, records of all activity that touch that data need to be collected and organized in a way that makes it as easy as possible to detect and report on all unauthorized access. For NonStop systems, this essentially means auditing everything associated with GDPR-defined personal data – or as much as possible to address the risk. Having security data available and solutions in place to report on the data will allow quick alerting and access to data and evidence to comply with this Article. Of course, you should act up front to minimize the potential for breaches as reflected in Article 32, and auditing other aspects of your security environment such as subsystem configuration changes is necessary for early detection of changes that might reduce the effectiveness of your security risk mitigation. Auditing all NonStop security-related activity and events may seem easier said than done, especially when you have hundreds of thousands (maybe millions) of events occurring daily throughout your environment. What you need is a really powerful software solution that allows you to track, filter, manage and report on all relevant NonStop security-related activity. XYGATE Merged Audit merges multiple sources of NonStop audit data (for example, Safeguard, XYGATE, EMS, Measure, ACI BASE24®, IHSS Telco solution, SECOM, and SQLXPress) into a single NonStop repository. This merged and normalized data can be used to forward to security analysis platforms specifically for HPE NonStop data, alerting, reporting and integrating with enterprise Security Information and Event Management (SIEM) solutions. Auditing and Alerting technical aspects of Article 33 can be addressed by deploying and appropriately configuring the following solutions: XYGATE Merged Audit for gathering, normalizing and centralizing security data. Further Auditing and Alerting technical aspects of Article 33 can be addressed by deploying and appropriately configuring the following optional solution available for HPE NonStop servers: XYGATE Compliance PRO for measuring compliance status against specific GDPR requirements. To best address all Auditing and Alerting technical aspects of Article 33, a real-time security monitoring, alerting, data analysis and security intelligence solution is required and there are plenty available on the market. Data Protection Article 32 of the GDPR also references Security of processing: “The controller and the processor shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including… the pseudonymization and encryption of personal data;” This part of the article essentially boils down to encryption and masking of personal data. Encryption is supported on the HPE NonStop at most layers – from network to data. Article 32 requires processors working with EU citizens’ personal data to use it. Pseudonymization is essentially tokenization or data masking. Tokenization does not transform data, but instead randomly maps a live data field to a functionally equivalent surrogate value (i.e., a “token”) which replaces the real data. Since tokens do not represent actual data, they can be shared and stored without risk of data loss. To convert a token back to real data, a system (or application) needs to use the tokenization server which hosts the random mapping table to return the token to its original value. Format Preserving Encryption (FPE) can also be used here. Compliance and Monitoring Ensuring compliance is a critical aspect of any security program, and compliance monitoring solutions provide the means to systematically measure, manage and report on a complex and dynamic HPE NonStop security environment. Let’s assume that you’ve implemented your security strategy based on the recommendations in this article and other security frameworks. You have established strong security procedures for your HPE NonStop system. The next step is to measure compliance against GDPR’s requirements. XYGATE SecurityOne and Compliance PRO contain GDPR policies, allowing security professionals to measure and monitor their GDPR compliance. XYPRO has broken down the individual GDPR data security Articles and mapped them to NonStop technical controls to validate your security configuration and simplify your GDPR compliance activity. Given the high-value business applications and processes that run on NonStop systems and the sensitive data that they store and process, you can see why many NonStop environments will be subjected to GDPR and how HPE’s offerings, as well as other third party security analytics solutions, can help build a zero-trust security strategy for proper data protection and monitoring of compliance. May 2018 is more than 2 and a half years behind us and there is still a lot to do to bring both organizations and their systems into compliance. Luckily, most of the solutions and tools required to address GDPR technical security requirements and demonstrate compliance are readily available. Hopefully, this article has given you the groundwork to rededicate your resources and what you need to focus on when it comes to GDPR and your HPE NonStop environment. The fines are significant enough to make every organization pay attention. If you need assistance with compliance readiness activity, please reach out to your account executive at HPE and they will be more than happy to help you. September 21, 2021 0 comment 0 FacebookTwitterPinterestEmail
ArticlesC2 Fall 2021CyberResRansomwareSecurity Ransomware Reality and Survival by Joe Leung September 21, 2021 written by Joe Leung Ransomware is making headlines everywhere. From the energy industry (Colonial Pipeline’s ransom payment of $4.4M) to the food industry (JBS Foods’ ransom payment of $11M), mounting data suggests this insidious trend may be getting out of control. Money, money, money Hackers see big cash when average ransom payment exceeds $80K ($780,000 for a large enterprise), while RaaS (Ransomware-as-a-service) and ransomware kits, which start at $175 and require little to no technical skills to deploy, are readily available in the dark web. No wonder ransomware revenues grew 74% to $20 billion in 2020 from $11.5 billion in 2019, according to research firm Purple Security. This highly profitable business with phenomenal growth will very likely fuel more and more attacks. Spotlight There is no doubt that ransomware is garnering serious attention. The new U.S. government’s one-stop resource site StopRansomware.gov and the latest U.S. White House’s announcement of a ransomware task force are just a few examples of actions springing up left and right. Complex problem The ransomware kill chain usually consists of multiple tactics such as initial access, persistence, lateral movement, and exfiltration. For example, the most common ransomware attack technique associated with the ‘initial access’ tactic is phishing, which delivers 65% of ransomware infections. The MITRE ATT&CK framework identifies three sub-techniques related to phishing: Spearphishing Attachment Spearphishing Link Spearphishing via Service The complexity stemming from different permutations of tactics, techniques and sub-techniques is further compounded by diverse and mutating ransomware. To accelerate effective ransomware detection for SOC analysts so they can focus on what matters without being overwhelmed by false positives, a holistic defense approach – ‘Layered Analytics’ powered by real-time correlation, supervised machine learning and unsupervised machine learning – is essential for contextually relevant threat insights. For more information on how ‘Layered Analytics’ can help thwart a ransomware attack, please check out this white paper: 360º Analytics for a Resilient SOC. It is unfortunate that we live in a world of unrelenting ransomware threats. Fortunately, with the right defenses, we do not have to live in fear. September 21, 2021 0 comment 0 FacebookTwitterPinterestEmail
ArticlesC2 Fall 2021HPE GreenLakeProject AuroraSecurityZero Trust Security Making the move to zero trust architecture: 4 key considerations by Jeff Enters September 21, 2021 written by Jeff Enters New approaches to innovative security architectures are starting to emerge, including HPE’s groundbreaking Project Aurora. Here’s how to make zero trust architecture work for your business. The broad concept of zero trust architecture has achieved wide acceptance in the marketplace, but exactly what it entails has been a subject of debate and even some confusion. Fortunately, we’re moving beyond that now. Some government bodies, like NIST, have published papers that lay out exactly what zero trust is all about.1 That guidance is important when you’re casting such a wide net in the realm of cyber security. Using a common terminology can help companies avoid the situation where you’re talking to one vendor and thinking and hearing one thing – and then when you talk to another vendor, you’re hearing something else. That’s the kind of disconnect that new definitions and guidelines can help you avoid. That said, it’s important to realize that zero trust is not a one-size-fits-all solution. We’re now at the point where we can, for example, create maturity models for it (HPE has one.) But those models can and should be adapted to your unique scenario. Think of zero-trust as a kind of continuous guiding light. You’re always looking to monitor, you’re always looking to secure the communications, you’re continually authenticating and validating. The basic core tenets of zero trust should be structured into every project that the organization takes on, while balancing against your risk appetite. But it’s not an end state; it’s something that will continue to change as security technologies evolve. 4 key moves for zero-trust security Zero trust isn’t a one-size-fits-all, and it’s not a one-time deal either. There are some key aspects that you should measure yourself against along the way. 1. Know the terrain. Job one is to really understand your security landscape. What is your attack surface? Does it include IoT/OT? What are the ‘crown jewels’ of your IT assets? What do you most need to protect? These are all basic elements of cybersecurity strategy, but they may take on a somewhat different color when seen in the light of zero trust. NIST offers this principle – ‘all data sources and computing services are considered as resources’ – as one of its seven key tenets of zero trust. Another tenet is continually monitoring communications for abnormalities – a session-by-session validation of communications. For example, let’s say your PC is talking to one server, but then all of a sudden it starts talking to a thousand servers? Seems odd, to say the least, right? So we look for abnormalities on a continual basis. Another part of knowing your terrain, one that’s not talked about as much, is testing. Validate that the controls you have put in place are working and current against the latest threat landscape. 2. Balance recommended practices against your specific needs. For example, if you have properly encrypted and secured each of the individual devices within a secure location, then do you really need to encrypt everything on that local area network? For many organizations that’s not realistic. Encrypting absolutely everything going off from a laptop, for example, would create a very heavy load and a drag on performance. So you have to find the right balance. Inside the data center, you might want to start encrypting everything there – it’s difficult, but it’s becoming more feasible with technologies like smart NICs (see my post The New Edge Is Here: The Tectonic Shift Needed for Workload Connectivity). Apply this concept across all of the NIST tenets – balance the benefits of achieving the objective vs the cost and complexity of getting there and operating the solution going forward. 3. Take a step-by-step approach. What are your weakest points right now? What are your biggest risk concerns? What appetite does the business have for this risk? You may be able to apply some zero trust principles right now to fortify those specific gaps. Identify a maturity model, know where you are, and then determine the right steps to address things that fall outside of your risk appetite. 4. Tie it back to the business. The ultimate litmus test of success with zero trust is its ability to align with business priorities. You’ll want to show that IT is rowing in the same direction and be ready to explain – i.e., show the metrics on how zero trust delivers crucial benefits. Today’s risk register may tell you that you have important data siting at remote locations on old workstations, old Microsoft Windows instances. Applying some zero trust principles could probably help. But the business might have other priorities in mind. Maybe what’s top of mind for management is six M&A moves coming up in the next year, and it all has to be done in a secure fashion, along with absorbing all the IP and everything else that goes with that. Knowing the organization’s overarching goals is crucial. Security is primarily a metrics-based exercise – even with the current ransomware wave and other attacks that are always going on. It’s not enough to report that “we stopped a thousand malware events today.” The response might be: “Well, that’s great. But how many did you let through? How many were there in total? And how do we quantify that risk to the business?” Or let’s say you want to report that you stopped a DDoS attack today. Okay, great – but, from the business’s point of view, isn’t that what you should be doing day-in-day-out? Be prepared to unpack the details: “The defense was actually done a very unique way, the attack was aimed against a part of the business that could have been put at risk, and it could have cost us $50 million.” You don’t have to go at it alone Use these four principles as checkpoints for the journey. Keep them in mind for major decisions along the way. And bear in mind that if internal security expertise is in short supply, you can leverage industry experts like HPE for anything from filling immediate gaps to building your maturity model. HPE has a long history of expertise and innovation in security. You might want to investigate Project Aurora, HPE’s comprehensive framework that will deliver cloud-native, zero-trust security for HPE GreenLake edge-to-cloud platform. Project Aurora is an embedded security platform that continuously and automatically protects without signatures, significant performance trade-offs, or lock-in. HPE has long held a leadership position in server infrastructure security solutions, with our silicon root of trust architecture. Project Aurora will extend that architecture very broadly – it will encompass everything: operating systems, software platforms and workloads. HPE: a leader in Network Consulting Services Per IDC analysis and customer feedback, HPE is also positioned as a Leader in the 2021 worldwide IDC MarketScape on network consulting services. Read an excerpt from the IDC Marketscape: Worldwide Network Consulting Services 2021 Vendor Assessment IDC MarketScape vendor analysis model is designed to provide an overview of the competitive fitness of ICT suppliers in a given market. The research methodology utilizes a rigorous scoring methodology based on both qualitative and quantitative criteria that results in a single graphical illustration of each vendor’s position within a given market. The Capabilities score measures vendor product, go-to-market and business execution in the short-term. The Strategy score measures alignment of vendor strategies with customer requirements in a 3-5-year timeframe. Vendor market share is represented by the size of the icons. HPE can help you on every step of your journey to zero-trust security. Our Network, Digital Workplace and IoT Edge Technology Services enable you to optimize connectivity and create secure, uninterrupted network access across your enterprise and workloads, supporting all devices across your digital workplace. Learn more about HPE Pointnext Services. September 21, 2021 0 comment 0 FacebookTwitterPinterestEmail
ArticlesC2 Fall 2021DataData SolutionsSecurity Payments Apps and Database Security. It’s Business as Usual. Until it’s Not. by Steve Tcherchian September 21, 2021 written by Steve Tcherchian CashApp, Zelle, Venmo, ApplePay, Square – the payments industry is growing and expanding into areas we hadn’t imagined. Everyone relied on it before the pandemic – now it’s critical infrastructure and embedded into our everyday habits. For payments providers, how are you protecting your payments application and databases? Applications store their data in a database in order to efficiently retrieve and make use of it. A database may contain everything from configuration data, usernames and passwords, to critical information such as results of your last medical examination. Some databases know you owe money and to whom, what you posted on a social media app two years ago, what you typically order for lunch and much more. Needless to say, this is a treasure trove for thieves, and a huge target. All this data is shared under the assumption that the application creator is doing everything possible to protect our most personal information. The tools exist to address it. So…… “how are the bad guys getting access to our data?” One of the most common database attacks, and interestingly enough, one of the simplest to protect against, is SQL injection (SQLi). This attack is where malicious SQL statements are inserted into an entry field for execution. A successful SQLi attack can read sensitive data such as usernames, passwords, credit card numbers (and more), tamper and destroy data, execute administrative operations, and worse. Below is an example of SQL Injection. This form accepts a username and password as input, validates the entry in a table called users and, if both username and password match, grants the user access. There is no guarantee that a user will only enter a valid username in the username field. In the above example, a user has entered the partial SQL statement ‘or ‘1’ – ‘1 and a blank password. The SQL engine interprets the command literally and since 1 will ALWAYS equal 1, grants the malicious user access to the application without a valid username or password. Layering security strategies provides comprehensive protection against this type of common attack. Step 1 – Sanitize all input, then escape all input. Easy stuff, right? This should also be coupled with proper database permissions and always use prepared statements or parameterized queries whenever user input is required. Parameterized queries are the database engine’s natural defense against SQLi. Whitelist Maps are also an effective strategy to protect against SQLi in cases where escaping and parameterization doesn’t help. If you’re interested in this topic, there are tons of great resources on the www.owasp.org website that describe an overall SQLi protection strategy. Secure, NonStop SQL Database Management SQLXPress from XYPRO is the most secure and functional database management solution for NonStop SQL. Think about it as the Microsoft SQL Management Studio for NonStop. SQLXPress includes a comprehensive set of security controls, including: Multi-factor Authentication Auditing Access Control Session Encryption Code Integrity SQL Injection Protection Multi-factor Authentication The SQLXPress client supports multi-factor authentication (MFA), a PCI-DSS and GDPR requirement, by prompting users for a second factor. Used in conjunction with XYGATE User Authentication (XUA), which is provided on each HPE NonStop server, you’re up-to-date not only with the very latest in PCI 3.2.1 (and soon 4.0) MFA compliance requirements but also with the advice of every security expert out there. Multi-factor authentication is a must! Auditing Configure the level of audit data that is collected by the audit subsystem. The audit subsystem records the actions of SQLXPress users and contains detailed information, including date and time, user logon name, PC device identification, SQL statement text, SQL parameter values, outcome details, and much more. Audit trail data is integrated with analytics solutions like SPLUNK through XYGATE Merged Audit. A rich set of audit reports is available, from activity summary reports down to individual actions. Reports are filtered by time of day, user, device, and SQL object name. Audit data answers questions such as: Who accessed or changed data? When was it changed? From which device was it changed? Who tried to perform an unauthorized command? Audit data is integral to effective troubleshooting. Provide diagnostic information to other departments or grant audit report access to authorized users on an individual, audited basis. Every HPE NonStop system is delivered with XYGATE Merged Audit (XMA). Additionally, an XMA plugin integrates the SQLXPress audit data directly into the XMA database, enabling sophisticated audit reporting and alerting capabilities for all NonStop SQL activity. Now just deliver that audit data to your enterprise SIEM such as SPLUNK or QRADAR, integrating NonStop database security into your overall enterprise security program Access Control NonStop SQL supports access control “out of the box”. SQLXPress augments these standard access control features by providing a more granular level of control over the actions users are permitted to perform, and the SQL objects they are permitted to access from within SQLXPress. Role-based Access Control Like all XYGATE software, SQLXPress supports a role-based access control model: Roles are granted permissions to perform activities Users are assigned to roles Roles may be restricted to an “environment” (an environment is a collection of specific SQL objects) Authorization checks on access & activity requests Access control is configured to suit the needs of the organization. Separation of Duties The Security Administrator is responsible for the configuration and management of the SQLXPress security subsystem, including audit and access control via a familiar user interface. To really appreciate SQLXPress access control let’s look at some use cases: Use Case 1: Command Lockdown NonStop SQL permits the owner of an SQL object, like a table, or a view, to perform any DDL or utility operation on the object. SQLXPress access control refines this so that restrictions can be applied to individual operations. Many commands, like Update Statistics, or Split Partition, are performed as part of the routine duties of a DBA. The DBA should have permission to perform them on an ongoing basis. However, there are some operations like Purge Data, Drop Table, or Disable Trigger, that are not required for the normal operation of the database, and can have disastrous consequences if performed inadvertently. SQLXPress access control allows these potentially dangerous commands to be “locked down” during normal use. When the DBA needs to perform a locked-down command, the Security Administrator temporarily grants permission for the command. When the command has been completed, the security administrator revokes permission. Use Case 2: Data Access Restrictions NonStop SQL permits the owner of a table to view and change the data stored in the table. SQLXPress access control can be used to limit the owner’s access to data while still permitting the owner to manage the table. SQLXPress security controls mean the owner can be prevented from changing data and can even be prevented from viewing data at all. Use Case 3: Database Visibility Restrictions SQL metadata is a rich source of information about the databases on the system. It includes details on table names, column names, security settings, data validation rules, and much more. Most organizations will want to limit access to SQL metadata to authorized users only. However, with NonStop SQL/MX, SQL metadata is secured for public read access. This means that any SQL/MX user can view information about all the databases on the system. In SQL/MP, metadata is secured per catalog. To enable database visibility restrictions, the SQLXPress access control feature allows the Security Administrator to define one or more “environments” on a system. An environment provides a restricted view of the SQL objects on a system. Only objects that have been registered in an environment are made visible to the user. The Security Administrator can restrict the SQL objects that are made visible to a user by assigning him a role for an environment. The user must open an environment to use SQLXPress and can only work with the SQL objects that are registered in that environment. Furthermore, a user can be granted roles for more than one environment, and even granted a different role in each of those environments. For example, user DEV.JOHN can be granted the role of Senior DBA in the DEV_ATM environment, and the role “Guest” in the QA_ATM environment. Summary With the most comprehensive set of features and full support of both NonStop SQL/MX and SQL/MP, SQLXPress is the leading solution for managing NonStop SQL databases. HPE NonStop SQL databases store highly sensitive and private information. In an increasingly security-conscious world, customers expect their database engines and database management tools to provide comprehensive security–and SQLXPress delivers. September 21, 2021 0 comment 0 FacebookTwitterPinterestEmail