Too start off the year, at least two publications have reported on surveys that detail the criticality of the cybersecurity skills gap. For those old enough, it harkens back to the Cold War missile gap of the 1950s. But unlike the missile gap, which was mostly fictional, this gap is very real, and much more relevant to the typical enterprise.
CSO drew on a Nov, 2017 ESG study that looked at gaps and potential solutions. The most alarming observation is that, despite increased spending and visibility, the percentage of respondents that reported a shortage of skills rose from 23% in 2014 to 51% in 2018. This doubling implies that the majority of organizations are threatened. As solutions, two areas that stand out include:
- Moving toward technologies with advanced analytics.Think of artificial intelligence and machine learning as a helper application that can accelerate security processes and make the staff more productive.
- Automating and orchestrating processes.Cybersecurity grew up with a reliance on manual processes, but these processes can no longer scale to meet growing demands. As a result, security automation/orchestration has become a top priority for many organizations.
- Details
- Written by David Ginsburg
- Category: Trending in Security
In my previous blog, I looked it just how easy it is for the typical hacker to obtain a variety of exploit tools, or to obtain compromised data. The hacker lifecycle roughly maps to the diagram below, where he or she first obtains or develops the various tools, or leverages ‘dark web’ services, then leverages these to compromise physical assets with a goal of obtaining useful data. Here, I’ll look at how Cavirin helps you counter these threats by focusing on the middle phase – how to protect your assets, either on-premise or in the cloud.
For those familiar with the Cyber Kill Chain concept (and I realize that there are different views on applicability, but it is useful to frame the discussion), the lifecycle may look familiar. There are seven stages, with stages 3-5 of interest.
- Reconnaissance: Intruder selects target, researches it, and attempts to identify vulnerabilities in the target network.
- Weaponization: Intruder creates remote access malware weapon, such as a virus or worm, tailored to one or more vulnerabilities.
- Delivery: Intruder transmits weapon to target (e.g., via e-mail attachments, websites or USB drives)
- Exploitation: Malware weapon's program code triggers, which takes action on target network to exploit vulnerability.
- Installation: Malware weapon installs access point (e.g., "backdoor") usable by intruder.
- Command and Control: Malware enables intruder to have "hands on the keyboard" persistent access to target network.
- Actions on Objective: Intruder takes action to achieve their goals, such as data exfiltration, data destruction, or encryption for ransom.
- Details
- Written by David Ginsburg
- Category: Continuous Security Assessment & Remediation
At Cavirin, 2017 was no less than re-thinking securing the hybrid enterprise and pioneering massive scalable solutions. This blog is a summary of all our announcements and key features related to Content and Policy frameworks that we brought to our customers and the community last year.
Read on!
- Defining Industry Accepted Security Standards – Cavirin is in the leadership position when defining security standards for container ecosystem. Working with CIS and the container communities, we published several versions of the security benchmarks.
Cavirin also released CIS Android Security Benchmark and launched CIS communities for Kubernetes and Azure benchmark development.
- Details
- Category: Continuous Security Assessment & Remediation
Now and then you come across a truly valuable presentation or piece of collateral. In this case, USTelecom, the organization that represents telecommunications businesses in the US, has put together a bit of both as a gift to the community at-large.
It was developed to help individuals and organizations better understand cybersecurity challenges and responses. The 50 slide PowerPoint show includes over 350 links to almost every security guideline imaginable – government, corporate, academic, analyst – and includes definitions, reports, best practices, and strategies.
- Details
- Written by David Ginsburg
- Category: Security Programs and ISMS
In November 2017, Fortune, leveraging data from Recorded Future, ran this sobering graphic on the price of various hacker tools, spanning personal records, attacks, and even services.
In the article, they quoted a statistic from Cybersecurity Ventures stating the global cost of hacking at $3 Trillion (with a T!) in 2015 will increase to $6 Trillion in 2021.Welcome to the era of Hacking-as-a-Service (HaaS).
How does the advent of HaaS impact the average consumer or employee? Why should they be concerned? I personally maintain a credit card virtual ‘go bag’ listing the 10-15 calls or emails I need to make when I receive the semi-annual notification that my primary credit card has been compromised.
- Details
- Written by David Ginsburg
- Category: Continuous Security Assessment & Remediation
Big Data aficionados should be familiar with data volume, velocity and variety as the key pillars that distinguish modern analytics environments from the prior generation. A similar trend is taking shape in infrastructure security with the adoption of public clouds and micro services architectures, significantly complicating the Security Operations (SecOps) job.
According to Datadog, there are 185 million Docker containers in use across 10,000 companies or 18,500 containers per company on average, for those that do use Docker! If this is any harbinger of scale, SecOps teams will continue to have a lot on their hands. Automated profiling and management of risk is the only way to secure an environment with such volumes.
Several company’s DevOps organizations, are pushing code as often as several times a day – Amazon.com, for example, deploys every 11 seconds (see Velocity Culture). Compound that with the desire to optimize costs via auto-scaling approaches. The average container lifecycle is 2.5 days while the average virtual machine lasts 14 days, likely reflecting the transient nature of auto-scale workloads. An inadvertent configuration change or a vulnerable package in a high velocity continuous deployment can jeopardize your security posture. Active monitoring of infrastructure and timely remediation of gaps in security are keys to SecOps success.
According to Forbes citing RightScale’s 2017 State of the Cloud Survey: “85% of enterprises have a multi-cloud strategy today, up from 82% in 2016, 58% are planning a hybrid cloud strategy, up from 55% a year ago. RightScale also found an increase in the number of enterprises planning for multiple public clouds (up from 16% to 20%)”.
- Details
- Written by Bashyam Anant
- Category: DevOps
Subscribe
Tag Cloud
Categories
-
Continuous Security Assessment & Remediation (18)
-
Amazon Web Services (AWS) (4)
-
Cloud Migration (6)
-
CyberPosture (8)
-
DevOps (11)
-
Docker Container Security (8)
-
Google Cloud Platform (GCP) (2)
-
Regulatory Compliance (9)
-
Risk Management & Analytics (3)
-
Security Compliance Platform (10)
-
Security Programs and ISMS (4)
-
Trending in Security (29)