Daily Tech Digest - March 10, 2017

Application support and maintenance add up to operational ALM

Approach operational maintenance and support lifecycles with a concept of application states. Every application exists in a specific number of states, each representing a set of components and workflow relationships. One state is usually considered the normal or base state, and all the others are responses to special conditions. In this multi-state dynamic, application maintenance and support has two goals throughout the application's lifecycle. It must define each possible operating state precisely, in terms of component hosting and workflow connection through the network. It also must manage the application's dynamic movement from one valid operating state to another, exhibiting stable, secure and compliant behavior.

Approaching Cybersecurity Risk Management At Any Organization

First, get the company leadership on board. A cyber risk management strategy is unlikely to succeed if it is not a priority across the entire organization. Second, outline and implement a strategy for securely adding new technologies – whether it is a new finance application or connecting something to the network. Review the new solution versus the rest of the network and determine if it adds or eliminates any risk, and assess if its level of impact is acceptable. Finally, educate your employees on their role in the overall corporate cyber risk strategy. Employees could be viewed as an easy target for criminals, so consistently educating them on the threats facing the organization will help prevent some attacks.

Bots: Biggest Player On The Cybercrime Block

Joe St. Sauver, scientist at Farsight Security, said bot makers, using compromised devices, spread the “traffic” among multiple IP addresses, “so that some clicks come from Oregon, others come from Ohio, others from Oklahoma etc. “That software may also include routines designed to mimic natural pauses, while pages are ‘being read,’ or subsequent clicks – perhaps drilling down on optional features, looking for local dealers or other things that look like what a normal human visitor would do,” he said. But Tiffany said too many security professionals still, “falsely assume that bot traffic looks robotic.” Instead, it comes from residential IP addresses, uses real browsers and does unrobotic things like, “run JavaScript, run Flash, use the victim's cookies to look like real humans, and interact with pages like real people, often by emulating the real people who own the computers they've infected.”

China mulls national cryptocurrency in race to digital money

It’s not surprising that countries have found it difficult to tackle cryptocurrencies. People exchanging things on peer to peer (P2P) networks used to be the music and video industry’s problem. Now, suddenly, people were exchanging money with them. When used properly, P2P money offers true anonymity, which creates problems for authorities trying to track the flow of cash to terrorists and organized criminals. Left unchecked, it’s also a great tax evasion tool. Where governments are regulating, they’re typically making sure that anyone trading bitcoins registers their identities so that authorities can follow the money. It’s a tricky line for policymakers to walk. Governments need to control cryptocurrencies, but if they squash them altogether, they risk missing some of its best innovations.

Deep packet inspection: The smart person's guide

Although DPI has a number of uses, the practice is rooted in enterprise network security. Sniffing traffic in and out of a network is understandably useful for preventing and detecting intrusions. Detecting and blocking the IP of malicious traffic is particularly effective at fending off buffer overflow and DDoS attacks. DPI is also used by internet service providers. If packets are mail, ISPs are the postal service and have access to unencrypted web traffic as well as packet metadata like headers. This provides ISPs with an abundance of useful information, and the companies leverage access to user data in a number of ways. Most ISPs in the United States are allowed to turn user data over to law enforcement agencies. Additionally, many ISPs use consumer data to target advertising, analyze file sharing habits, and tier access service and speeds.

State of Cyber Security 2017

State of Cyber Security 2017 reports the results of the annual ISACA global cyber security survey, conducted in October 2016. The survey results bolster the belief that the field of cyber security remains dynamic and turbulent during its formative years. Weekly news headlines confirm that cyberattacks are not a seasonal threat or dependent on specific industry environmental attributes, but are constant and should remain forefront in every enterprise executive’s thought process. To equip you with a comprehensive understanding of the cyber security industry through the lens of those who define it—the managers and practitioners—ISACA is presenting the survey results in a series of reports that focus on individual topics. This report is the first in the ISACA State of Cyber Security 2017 white paper series and presents timely information about cyber security workforce development and its current trends.

Big Growth in Data Security Provides Consultant Opportunities

Consultants need superior application and network penetration skills. This means that they should be able to break down, and analyze the way that software works within any environment. This includes input and output channels. Networks need to be understood in the same way. The purpose of this knowledge, is to identify where risks exist, or where existing security breaches are occurring. Software algorithms are known to provide false positives, so a consultant needs to be able to identify these, and should have skill in determining viable threats. This will help the consultant to allocate resources where they are most necessary, which can benefit their employer, financially. Consultants should build an understanding of the technologies used by their employer. Whenever working on a contract, a consultant will deal with systems that they are unfamiliar with.

Data Security: Don’t Call an Ambulance for a Sore Throat

It’s a constant struggle, one that today’s businesses fight with infrastructure- and device-based approaches, and (vital but often neglected) employee training against social engineering attacks. The challenges continue as technologies evolve from “strange new risk” to “vital to business success.” Five or six years ago, security concerns led many businesses to declare they’d never use cloud services. You’d be hard-pressed to find a CIO or CEO who’d say that today. Just as businesses have evolved toward the cloud, they’re also evolving toward enterprise-wide data access. We recognize the valuable insights and innovations to be gleaned from trading siloed departmental data warehouses for the comprehensive enterprise data lake. Tearing down those silos can cost us a layer of security around specific data sets, but curling up in an information panic room is not the way forward.

Application layer security puts up another obstacle for hackers

Businesses are baking security into applications during the development process. "Identifying a security flaw in development is much less expensive than doing it once the application is running," stated Nathan Wenzler, chief security strategist at AsTech Consulting, a cyber-risk management firm in San Francisco. ... In static analysis, security software examines code without running it. It analyzes source code, identifies locations where vulnerabilities may exist and outlines potential fixes. Dynamic analysis is another option wherein the IT team tests and evaluates application security while compiling the software. Dynamic analysis tools pepper the application with attack scenarios to detect vulnerabilities.

CIA-Made Malware ? Now Antivirus Vendors Can Find Out

Among those techniques are ways to bypass antivirus software from vendors including Avira, Bitdefender and Comodo, according to some of the leaked documents. The documents even include some snippets of code that antivirus vendors can use to detect whether a hacking attempt may have come from the CIA, said Jake Williams, founder of security company Rendition InfoSec. “In the documents, they (the CIA) mention specific code snippets used in operational tools,” Williams said. Antivirus vendors can use this to look at their customers’ networks for any traces of past intrusions. That might be a big blow to the CIA’s surveillance operations. Now anyone, including foreign governments, can use the WikiLeaks dump to figure out if the CIA ever targeted them, according to Williams.

Quote for the day:

"If people follow you, you have an obligation not to abuse that trust." -- Gordon Tredgold