Daily Tech Digest - December 22, 2017

New Year’s resolutions for CISOs

New Year’s resolutions for CISOs
CISOs should focus on rationalizing, consolidating and integrating security technologies in 2018 with the goal of building a security operations and analytics platform architecture (SOAPA) that can collect, normalize, process, analyze and act upon the growing amount of security telemetry.  At the same time, organizations should research, test, pilot and deploy selective security tools offering artificial intelligence. Based upon ESG research, CISOs can get the biggest bang for their buck by applying machine learning algorithms to existing security tools such as endpoint security software, network security analytics, threat intelligence platforms and DLP. This can help improve security efficacy of installed technologies without adding complex new projects. Make a commitment to automate and orchestrate manual processes.In cybersecurity, whatever can be automated should be automated. This includes gathering data, analyzing suspicious files 

Be a More Effective CISO by Aligning Security to the Business

A key to building cooperation is to develop the skill of empathetic listening to engage your ears before you start hammering a message into people. You listen with the goal of understanding the other person’s point of view and acknowledging how they feel about the situation. Listen to people’s complaints. Users work in different contexts than IT and security. They have work that needs to get done that has nothing to do with your security policy. Listen carefully to their problems and then, once they’ve had their say, you can connect their jobs to the security mission.... To break down barriers and silos, you’ll need to align users’ daily practices with security. Hopefully your examination of organizational processes and goals provides the information you needed for this. It also is useful for framing your security messages in the language of the organization’s culture, not in terms of security culture.

Google slips Chrome stub into Microsoft's app store

browser wars shields with logos at battle
Sources familiar with Google's plans said that the maneuver was meant to stifle the Chrome copycats the company thinks mislead Microsoft Store patrons into downloading worthless apps. Yet that left unexplained the real purpose Google had - Chrome wannabes have not overwhelmed the store - or why the company thought the applet would pass muster and make it into the store, or getting that far, that it would remain unnoticed by Microsoft for any amount of time. One motivation was forwarded by a Google software engineer, Chris Blume, who tweeted, "Microsoft denies Chrome the tools it needs to protect users when installed from the Windows Store.  So, we made a mini-app to help users get the full, safe version of Chrome. It was pulled." Later, after others asked him what Microsoft withheld from Google that prevented the latter's developers from crafting a UWP Chrome app, Blume replied, "Multiple processes is one example."

IT/OT Convergence and the Digital Supply Chain

Whatever the phraseology, the principle is the same. Advances in the manufacture of computer chips have enabled tiny-form sensors with a capacity to gather, receive and send information to be developed. They are applied to plant equipment, goods in transit, warehousing or other industrial assets, and embed both intelligence and connectivity into equipment. Now connected with each other and other systems, these assets can send and receive data about performance or any other parameter. Secure cloud technology then allows for seamless but flexible data handling and storage, as well as the compute power needed to perform advanced analytics that extract valuable insights into parts of the supply chain that were previously unavailable from the raw data. That analysis can open up a whole series of new possibilities through the development of new applications and APIs to derive even greater value from the original data.

Directors on-board the cyber security train
Criminals have discovered the immense power of social engineering-based email attacks, which have become one of the most prominent types of cyber threats to many organisations. However, research suggests that current social engineering methods are nowhere near as effective as they could be. Recent developments suggest an impending watershed moment among Internet criminals, in which their yields can be doubled by use of sophisticated multi-factor social engineering techniques. One example involves the use of legitimate functionality or infrastructure – such as traditional password reset – in combination with deceptive email messages. By sending a reset code to an intended victim, then immediately following up with a deceptive email request for that code, criminals are able to harvest reset codes on a significantly larger scale. This gives them direct access to user accounts without setting off alarm bells by requesting that the intended victim enter a password.

Why Network Visibility Is Critical to Removing Security Blind Spots

In the client-server era, all traffic went from a computer, into the data center, to the core, and back. This is known as north-south traffic. Securing this type of traffic flow means putting big firewalls and other tools in the core of the network where traffic would be inspected as it passed through. Over time the folks at VMware figured out a way to virtualize workloads and send traffic between them, even if they are in another location of the data center. This is known as east-west traffic. The challenge in securing east-west traffic is that it never passes through the core, so it bypasses all your traditional (and expensive) tools, as well as new ones such as behavioral analysis. Organizations could try to deploy security tools at every possible east-west junction, but that would be ridiculously expensive and complicated. Network visibility tools allow security managers to see every east-west flow and then individually direct them to specific security tools instead of sending all traffic to all tools.

Your Top Five Challenges Moving in to the IoT Space

When you’re on the path towards a digital transformation, you end up with more connected … things. This newfound focus on software and digital experiences means that deploying software into more places. Integrating assets and data into existing infrastructure and systems are arguably what IoT is all about. Vendors such as Microsoft, Amazon and IBM are making massive investments in their respective cloud platform to align with their customers’ demands for IoT-type solutions. Traditional technology vendors such as Schneider, Mitsubishi and Siemens are also on their toes, eager to be part of the new ecosystem. I’ve been involved in many IoT projects over the years and have come to realize that there is a big gap between what customers need and what these vendors provide. Not saying they should or even could solve all problems, but I’ll try to emphasize some of the areas organizations need focusing on.

Security platform or best of breed? There’s only one answer

Michael Cook, a senior security consultant at Indianapolis-based advisory Pondurance, says all-in-one platforms are generally made up of “about 15 applications or modules around that platform.” Each module addresses a different need, such as securing that API gateway. Cook cautions that not every module is equally strong and that with a single platform you risk a Jack of all trades, master of none scenario. Say, for example, the platform you use offers gateway security but isn’t great at it. Good luck getting management to approve a Forum Systems purchase. “When you’re using a platform versus best of breed, if there’s something you don’t like in one of the modules in the platform you’re kind of, ‘Well, we’ve gotta use it because we bought the whole thing,’” he says. Of course, just because a specialized tool might work better doesn’t mean all-in-one doesn’t offer any protection at all. The module is there.

The case for securing the SD-WAN

network security primary2
Enterprises can resolve this new spate of security challenges by moving their inspection and enforcement points away from the data center to either the branch or the cloud. Specifically, security administrators need to assess if they require security layers that consist of more than just encryption and general stateful firewall services. Then they need to ask whether there’s more risk in either the branch or the cloud, which will help determine what layers of security they will require. By nature, SD-WAN provides embedded security because of its native support for encryption end-to-end and segmentation on a per application or organizational level. However, the delivery of a comprehensive enterprise grade security solution is not wholly supported natively in numerous SD-WAN providers. So, how and what do you use to secure the branch that simultaneously serves as a direct pipeline for a maelstrom of malware and other threats?

Unsupervised Machine Learning Demonstrated On Quantum Computer

Rigetti announced that it was able to demonstrate unsupervised machine learning on its new 19-qubit quantum computer. Unsupervised machine learning refers to the neural networks being able to train on raw data without any pre-labeling of that data. The company achieved this with a quantum/classical hybrid algorithm for clustering data. Clustering analysis is one of the most common ways to do unsupervised machine learning in order to find hidden patterns within the analyzed data. It's often used in advertising, credit scoring, and image segmentation. This means that Rigetti’s quantum computer and its approach to hybrid quantum/classical algorithms could soon find uses in the real world. However, Rigetti warned that they still need more qubits in order to show that this solution is faster and more effective than purely classical approaches. This could be achieved once quantum supremacy is reached.

Quote for the day:

"Never stop learning, because life never stops teaching." -- Unknown