Free Trial

Trending in Security

Too start off the year, at least two publications have reported on surveys that detail the criticality of the cybersecurity skills gap.  For those old enough, it harkens back to the Cold War missile gap of the 1950s.  But unlike the missile gap, which was mostly fictional, this gap is very real, and much more relevant to the typical enterprise.

CSO drew on a Nov, 2017 ESG study that looked at gaps and potential solutions. The most alarming observation is that, despite increased spending and visibility, the percentage of respondents that reported a shortage of skills rose from 23% in 2014 to 51% in 2018. This doubling implies that the majority of organizations are threatened. As solutions, two areas that stand out include:

  • Moving toward technologies with advanced analytics.Think of artificial intelligence and machine learning as a helper application that can accelerate security processes and make the staff more productive.
  • Automating and orchestrating processes.Cybersecurity grew up with a reliance on manual processes, but these processes can no longer scale to meet growing demands. As a result, security automation/orchestration has become a top priority for many organizations.

 

0
0
0
s2sdefault

A lot has been written about the Equifax breach and the impact it has on Americans. But, perhaps there are few articles that focus on what we can do about keeping the systems patched (the actual cause of the breach was a missing patch). Here are three things that relate to the Equifax breach but precisely tell you things that you might want to consider for your systems to avoid becoming the next Equifax.

  1. Detect – The majority of hacks these days, as Gartner predicted, are not zero-day. They come from known vulnerabilities. So, it is important that you have a detection system in place which can continuously keep you alerted if there are any security misconfigurations or unpatched systems. The Cavirin platform provides a very strong detection mechanism which can detect not only security misconfigurations and missing patches on individual operating systems for both machines on-premise but also in the cloud.    

    0
    0
    0
    s2sdefault
Control Your Cloud

Petya'd?  Cavirin to the Rescue!

On the back of WannaCry, the latest ransomware of the week is GoldenEye, a variant of Petya.  First reported a few days back, it has already caused havoc within some very large organizations.  Maersk, for example, was impacted, and one of our engineers from Bangalore reported that 10 million containers at the port of Mumbai don't know where to go.  No, Docker isn't going to come to the rescue.  And you think an airline reservation system shutdown is bad!  What is disturbing to me is that four of the companies hit - Maersk, Me-Doc, Merck, and Mondelez - all start with 'M', and that it is mostly targeted against critical industries.  Today's ransomware attack is sponsored by the letter M.  Someone refining their attack vectors?

0
0
0
s2sdefault
Control Your Cloud

A few days back, a security researcher came upon what is potentially one of the largest exposures to-date of Personally Identifiable Information (PII), but one that was so easy to prevent using the tools available.  Deep Root, a data analytics firm, had posted almost 200 million voter records to their AWS S3 database. This is the distributed offering leveraged by the majority of businesses and SaaS offerings that use AWS.  Note that this is also the same S3 that experienced a wide-ranging failure earlier in the year.  In this case, Deep Root set permissions on their database that would expose it unencrypted and with no password required to the outside world.  Just think what would have happened under GDPR if this occurred in 2018 within the European Union.

0
0
0
s2sdefault

Last week, Mary Meeker and her team at Kleiner Perkins published their yearly internet opus.  For those keeping track, it is now at 355 slides!  Though much of it focuses on the continuing evolution of commerce, media and gaming, as well as China and India, there are some excellent nuggets on the cloud security.  Her analysis plays well into Cavirin’s strategy and product direction.

We live in an increasingly multi-cloud world.  Amazon with AWS got off to an early start, but Microsoft’s Azure, by virtue of its strong enterprise footprint, is gaining ground quickly.  Whereas companies leveraging AWS remained constant at 57% between 2016 and 2017, Azure use grew from 20% to 34%.   And not to be dismissed is the Google Cloud Platform (GCP), growing from 10% to 15% and benefitting from strong enterprise focus as evidenced at this year’s Google Next conference. Beyond this baseline, AWS will experience even greater competition in the future, as only 27% of organizations who don’t currently use AWS are experimenting with or planning to use the platform in the future.   This grows to 33% for Azure and 30% for GCP.   Cavirin natively supports the three major cloud service providers (CSPs), and delivers consistent analysis between these and any on-premise deployments.

 

0
0
0
s2sdefault
Control Your Cloud

By now, anyone with any connection to security is aware of the WannaCry ransomware attack, and it says something, that on the Wiki entry, it is already listed amongst major incidents with Anthem, Sony Pictures, and the US Election.   As a quick review, the attack, leveraging the leaked NSA tool EternalBlue, took advantage of vulnerabilities in Microsoft’s SMB implementation.   The company issued a critical security bulletin, MS17-010 (CVE-2017-0144) on March 14, 2017, along with a patch for new versions of the OS.  Note that this was a 1-day exploit, and not a zero-day exploit since it was announced and patched.   But the issue is that older versions of the OS were still vulnerable, not every organization is on top of patches, and in some countries, the high percentage of bootleg software effectively disconnected the user from patching.  Nonetheless, Cavirin can play an integral role in helping to identify and remediate these types of vulnerabilities.

First off, Cavirin’s partner SecPod included the notification in its March 16, 2017 SCAP Feed Release.  This was two days after the Microsoft announcement.  This is automatically included in Cavirin’s Patches & Vulnerabilities policy pack, which continually updates the live deployment.   Based on this notification, the customer may quickly scan their environment and identify vulnerable resources.   They may then manually patch their workloads, or may have in place an automated mechanism (i.e., Chef, Ansible) to pull down the Microsoft patch and update their systems.

0
0
0
s2sdefault

© 2018 Cavirin Systems, Inc. All rights reserved.