Thumbnail

2015 InfoSec Trends You Should and Shouldn’t Worry About

2015 Security PredictionsWe’re rushing headlong into the end of the year, which means it’s that time againtime to pull out my crystal ball for WatchGuard’s annual security predictions.

We actually already released next year’s security predictions last week. You can read our press release about them (which includes a shortened version of the predictions) or check out this cool and succinct infographic. In fact, you can even watch a recording of my one-hour prediction presentation. However, for the folks who prefer to read, I’ve gone ahead and posted the longer version of my predictions below.

Also, we decided to do things a bit differently this year. As security professionals we spend a lot of our time looking for trouble and expecting the worse. And in 2014, there were lots of vulnerabilities and threats to be found such as Heartbleed, Regin and Operation Cleaver. However, rather than just focusing on which threat trends you should worry about the most, we thought it might be useful to also share some over-hyped trends, which may not affect you. Hence, five predictions you need to prepare for in 2015, and five you don’t.

Top Five Things NOT to Worry About:

  1. The Internet of Everything Will NOT Bring a Rise of Machines:  Lately, information security (infosec) pundits, myself included, have warned the world about the dangers posed by the thousands of embedded computing devices popping up in stores, which we call the Internet of Things (IoT) or the Internet of Everything (IoE). Things like watches, cameras, Smart TVs, and much more, don’t look like computers, but they are, and we connect them to the same networks as our computers.

As a result, these devices can have the same potential security flaws as traditional computers, and we will see researchers find and demonstrate these flaws. That said, we won’t see malicious cyber criminals hacking these IoT devices at a large scale in 2015. Today’s cyber criminals typically don’t just hack for the heck of it—they need motive. There’s not much value to having control of your Smart watch or TV, so we won’t see hackers targeting them directly… yet. However, these IoT devices do increase the amount of ways we share data with the cloud. Though attackers probably won’t target the IoT next year, they will go after all the personally identifying information (PII) that our computing devices spew into the cloud.

  1. Cloud Adoption Will NOT Continue its Stratospheric Climb in 2015: Security pundits have always been a bit suspicious and slow to adopt certain cloud services, especially when the service requires you to share sensitive data with an external cloud vendor, or give up some control. Despite this, businesses have quickly and widely adopted many cloud services, presumable because they offer so much business advantage. For instance, web hosting and email have become services many companies choose to host elsewhere.

However, this cloud adoption will slow and plateau in 2015. Snowden has made the world aware that nation states intercept information from cloud services, and incidents like “The fappening” prove that the things we share with “the cloud” can leak. Between the “Snowden effect” and a number of popular cloud services leaking data, organizations will be more concerned with where they put certain sensitive information.  This doesn’t mean businesses will stop using the cloud where it makes sense. It just proves that we can’t put everything in the cloud. Administrators should consider security controls that help in this hybrid environment; controls that help them manage their network perimeter alongside of their cloud resources.

  1. Passwords Will NOT Die in 2015, or 2016, or 2017…: Over the past few years, the industry has suffered a number of password-related security incidents; both attackers stealing them en masse, and hackers hijacking high profile accounts. These incidents often illustrate that common folk still use bad passwords and that our reset mechanisms are weak. As a result, many in the industry have predicted passwords will die.

There’re two faults with this logic; first, they overlook the core cause of the issue and, second, we haven’t found a viable alternative. When bulk password thefts happen, the passwords aren’t at fault; rather the fault lies with that lack of security of the organization maintaining them. Furthermore, we haven’t found a perfect replacement for passwords. Biometrics are neat, but fingerprints can get stolen too, and once they are, you can’t ever change them. A better prediction for next year is two factor authentication will become ubiquitous online, and passwords will remain as one of the two factors.

  1. Secure Design Will NOT Win over Innovation: It’s easy to love new technology and gadgets and the innovations they introduce to our lives, making things easier and more delightful. However, humanity’s known for notoriously diving head first into innovation technology without considering the potential consequences. More specifically, security is usually the last thing on our minds when we innovate. This means the newest, most innovative technologies often arrive rife with vulnerability.

This won’t change in 2015. In order to invent, and push boundaries, we must take risks. That means security will continue to take a back seat to innovation. That doesn’t mean innovation is a bad thing. We should welcome technologies that make our lives easier. However, it does mean that you, as a security professional, have the tough job of weighing the operational benefits of new technologies against their potential security risks. While infosec professionals cannot afford to become a roadblock against innovation, we also can’t let insecurity creep into our networks under the guise of “good” business.

  1. SDN Will Have Security Implications, But NOT For Years: If you follow technology analysts or keep up with bleeding edge networking, you’ve probably heard all the excitement around the next great networking innovation—Software Defined Networking (SDN). Without going into detail, SDN basically does for networking what hypervisors did for computing… it virtualizes it. At the highest level, SDN is a new network architecture paradigm where the control plane is decoupled from the data place. Rather than letting proprietary networking hardware making fairly static traffic routing decisions that apply equally for all traffic, SDN allows controllers to make dynamic routing decisions that can differ based on the applications sending the traffic, the location of the device, and many other things. SDN will help networking catch up with the dynamic, mobile, cloudy world we live in.

SDN totally changes how we build and control networks, which means it will also completely changes network security. For instance, in an SDN world, network security controls don’t have to be inline. The SDN controller can forward certain traffic to the relevant security controls when necessary—no matter where that security control happens to be on the network. This could make mobile security much easier, but also places much of the network security onus on the SDN controller and proper policy.

Having said all that, our prediction is you won’t have to worry about SDN security next year, or anytime soon! Despite all the hyperbole and excitement from forward-leaning technologists, SDN is quite a ways from primetime adoption. While ISP and cloud providers might start experimenting with it, the average organization is nowhere near changing their network architecture to support it. Think of it like IPv6. We’ve been predicting IPv6 has been coming for years, and one day everyone will have to start using it, yet most organizations still haven’t adopted it. SDN is the next IPv6, so don’t lose sleep over securing it yet.

Top Five Things To Worry About:

  1. Nation States Lock ‘n Load for Cyber Cold War: All significant nations have long started developing their red team and blue team cyber defense and attack capabilities. Between incidents in Estonia and Georgia, Snowden’s revelations, Stuxnet, Regin, and many other incidents, we’ve already learned that nation states are quietly launching espionage campaigns against one another, and even stealing industrial intellectual property.

I expect to see many more nation state cyber espionage incidents next year and suspect we are already in the middle of a cyber cold war, where nation states quietly “demonstrate” their cyber capabilities. While this cyber posturing doesn’t directly affect the average citizen or business, the techniques nation states use are more sophisticated. Whenever these new campaigns surface (and they do), criminal hackers learn quite a bit from them. You should expect the nation state cyber attacks to ”raise the tide for all boats” and elevate the complexity of criminal attacks as well.

  1. Malware Jumps Platforms from Desktop to Mobile Devices – And Bites Hard: More and more malware has been designed to infect multiple systems. Traditionally, we’ve seen small samples of Java attacks and malware that infect both Windows and OSX computers, but an even better combination is malware that jumps from traditional operating systems to mobile platforms, or vice versa. In 2015, WatchGuard expects to see more malware samples like WireLurker, which infects your normal computer before jumping to the mobile devices that you plug into it. The cross-platform malware families could be in a better position to steal banking credentials, especially as more users adopt two-factor authentication with SMS messages to a mobile.

On top of that, attackers will find many new ways to monetize mobile infections, so expect mobile malware to have more teeth in 2015. For instance, after its success on traditional computers, expect to see customized mobile ransomware, designed to make you mobile unusable until you pay up. With the adoption of Apple Pay, we also expect to see more attackers targeting mobile wallets and NFC. You don’t want to shirk on mobile security in 2015.

  1. Encryption Skyrockets – As Do Government Attempts to Break It: Security pros have always recommended encryption to protect data. However, both users and the industry have historically been slow to adopt encryption on a wide scale—likely due to its complexity and resource expense. That is changing. Between Snowden’s revelations and an increase in breaches, we realize “bad actors” are snooping on our communications, and our privacy is at risk.

As a result, our use of encryption, especially HTTPS, has skyrocketed in 2014 and will continue to grow quickly in 2015. Meanwhile, government actors, like the director of the FBI, are petitioning for ways to break our encryption for “law enforcement use.” As an industry, security pros must do three things; continue to leverage encryption whenever possible; fight for the right to retain private, unbreakable encryption; and make sure to build networks that can support heavy use of encryption without slowing bandwidth and adversely affecting business.

In a related aside, attackers will also leverage encryption more in 2015, to help their attacks evade our detection. While there is no perfect way to defend against custom encryption, you should consider security technologies that can recognize attacks in HTTPS traffic, and can keep with up with the new volume of encrypted traffic on our networks.

  1. Business Verticals Become New Battleground for Targeted Attacks: There’s always been a mild debate between opportunistic and targeted attacks, and whether one or the other poses the bigger threat. One might say opportunistic attacks are more threatening because they affect everyone and happen at a large scale, whereas another points out targeted attacks tend to be more sophisticated and result in more damaging losses. While both threats pose risk, and can affect everyone, some new trends will tip the favor toward targeted threats next year, while also expanding the affected target base.

Targeted attacks have increased and become more sophisticated largely due to the fact that cyber criminals have matured. They realize writing malware costs something and that they need a return in that investment. They’ve also learned three, sometimes-competing, lessons:

  • The more widespread your attack, the quicker it gets detected.
  • It’s easier to monetize certain stolen data, so the type of victim matters
  • The more victims you can attack at once, the larger your return in investment.

How does a cyber criminal retain the benefits of a stealthy targeted attack, while still pursuing big victim-pools to make lots of money? They do so by targeting business verticals rather than individual organizations. We’ve already seen this begin to happen, with criminals targeting retailers, hotel chains, or game companies as verticals. They’ve even designed custom malware for some verticals (e.g. point-of-sale malware). This trend will continue into 2015, with attackers targeting other verticals, such as financial services, and healthcare. You also won’t have to be a Fortune 500 to become a target. Modern cyber criminals will target businesses of every size, as long as they are part of an interesting, profitable business vertical.

  1. Understanding Hacker Motives Key to Defending: Information security is a relatively new field and is evolving quickly. Until now, security pros have focused mostly on the “how” and “what” aspects of the cyber threat. For instance, we previously paid most attention to the technical ins and outs of how bad guys attacked our networks, or how their malware mechanically worked, and we created our defenses based on those technical understandings.

However, as our field matures we’re learning how important it is to understand the “who” part of the equation as well. The threat actors menacing us have changed greatly in the past decade. They’ve gone from curious and mischievous kids exploring, to cyber activists pushing a message, to organized criminals stealing billions in digital assets, to nation states launching long-term espionage campaigns. Each of these threat actors has different goals, different tactics, and different targets, and there’s even significant nuance among like groups of threat actors.

As defenders, we’re starting to realize that our adversaries’ motives matter greatly in how we defend ourselves. Few organizations have the resources to defend against every possible threat. However, knowing the motives and tactics of various actors helps us understand which ones threaten our organization the most, and how they prefer to attack. In 2015, smart organizations will use threat intelligence and adversary motive to better customize defenses for the type of threat actor most likely to target their organization. For instance, if you work for a restaurant chain, you’re probably most concerned with organized cyber criminals, and might want to tailor your defenses to the attack techniques and PoS malware used by Russian and Ukrainian cyber gangs.

I hope you’ve enjoyed and learned something from this year’s InfoSec predictions. If you want to learn more, download the infographic or watch my 2015 Security Predictions presentation— Corey Nachreiner, CISSP (@SecAdept)

 

 

 

 

You Can Learn More About the WatchGuards’ Product Line By Going to www.FirewallShop.com/WatchGuard.

The original article/video can be found at 2015 InfoSec Trends You Should and Shouldn’t Worry About

Latest Dimension 1.3 Update Improves Performance and Security

WatchGuard Dimension™ has been gaining rapid market adoption since it was first launched in late 2013. Customers have used the network security visibility tool to monitor and to gain critical and timely insights about network security threats, bandwidth and Internet usage as well as related traffic trends. The latest release of WatchGuard Dimension, Version 1.3 Update 1, is available now.

Release Highlights
Version 1.3 Update 1 includes SSL vulnerability mitigation (in response to the recent POODLE vulnerability), critical bug fixes, and minor feature enhancements that improve the efficiency, performance, and reliability of Dimension. For more information, please see the Enhancements and Resolved Issues section in the Release Notes.

Additional details about this release, including instructions for upgrade from previous versions of Dimension, can be found in Release Notes. Please review carefully before installing and trying out the new features.

If you are interested in installing Dimension in the Amazon Cloud, please contact WatchGuard Technical Support by logging in to http://www.watchguard.com/support and opening a technical support case.

Does This Release Pertain to Me?
This release applies to all Dimension users. Before you upgrade, read the Release Notes carefully to understand what’s involved, and pay special attention to the upgrade section.

How Do I Get this Release?
WatchGuard appliance owners with LiveSecurity can download the latest version of Dimension here, or by visiting software.watchguard.com and selecting Dimension from the first drop down menu. Remember to read the Release Notes for installation instructions.

If you need support, create a support case online or call our support staff directly. When you contact Technical Support, be sure to have your registered Product Serial Number or Partner ID available.

  • Authorized WatchGuard Resellers: +1.206.521.8375

You Can Learn More About the WatchGuards’ Product Line By Going to www.FirewallShop.com/WatchGuard.

The original article/video can be found at Latest Dimension 1.3 Update Improves Performance and Security

Fujitsu Fsas Selects WatchGuard Appliances for its Managed Security Services in Japan

WatchGuard Technologies continues to add key partnership across the globe, including the most recent announcement that Fujitsu Fsas, the leading IT and technical support services provider in Japan, is now integrating WatchGuard NGFW/UTM appliances into its managed security services.

Managed security solutions are gaining popularity as the volume and complexity of security threats continue to grow – especially among small-to-midsized and distributed enterprise environments. According to Shirou Ohtsubo, senior vice president of Fijitsu Fsas’ Service Business Unit, the rising popularity of managed security services has a lot to do with the realities of increased cloud adoption and multiple network access points.

“IT systems are transitioning to the cloud, intensifying the need for network access from a variety of applications and locations,” explained Ohtsubo-san. “At the same time, advanced persistent threats are causing increased damage. It’s vital that companies prevent these types of intrusions and threats across their network access points and inbound traffic.”

Integrating WatchGuard’s NGFW/UTM appliances with Fujitsu Fsas services strengthens the security gateway with the latest security technology and features, including advanced threat protection and network segmentation. It also allows Fujitsu Fsas to use WatchGuard System Manager to seamlessly manage its customer deployments.

“Our alliance with WatchGuard provides security appliances and operation management software that protects against these intrusions and threats,” continued Ohtsubo-san. “Their products complement our services and enable us to provide more granular and powerful security solutions to our customers.”

WatchGuard will continue to grow its partnership with Fujitsu Fsas and maximize customer value for deeper levels of network security. Appliances are now available as part of Fujitsu Fsas services, and the company will soon be selling standalone WatchGuard NGFW/UTM appliances.

You Can Learn More About the WatchGuards’ Product Line By Going to www.FirewallShop.com/WatchGuard.

The original article/video can be found at Fujitsu Fsas Selects WatchGuard Appliances for its Managed Security Services in Japan

OpManager Adds SIEM Plug-in: Integrate Your Data Center Security and Performance Management

Security threats are on the rise.Needless to say, the impact of security breaches has serious business consequences. Besides the cost of data loss, data breaches tarnish your business brand by causing business discontinuity, compliance violations and customer distrust.

Recent security breaches on financial and retail giants elucidate the fact that cyber attacks on the data center have grown more sophisticated. Cyber criminals employ advanced attack techniques to hit on specific systems, applications, and devices in the data center to bring down your service availability or steal your customers’ confidential data. Such targeted security attacks present security professionals with serious challenges to protect hosted services, applications, web communications and customer data.

The complexity of the security challenges increases with the evolving nature of data centers. Designing and managing security policies for highly dynamic applications, resources, virtual devices, and services of the new age data center  is a hard nut to crack. Further, to exacerbate the situation, comes stringent compliance requirements that involve constant monitoring of security activities inside your data center infrastructure.

See Beyond Your Security Devices

The Conventional security approach, which involves only the deployment of security devices, fails to combat advanced security threats like zero-day attacks and DDoS. The conventional approach falls short when it comes to the scalability, performance, visibility, and in-depth analytics needed to support high volumes of inbound-outbound data center traffic.

Further, misconfigured firewall rules or policies increase the risk of your business-sensitive data being compromised. They create application vulnerabilities and loopholes in your security framework, paving the path for zero-day exploits.

At times, privileged users of your data center environment misuse their permissions to perform highly sensitive operations on systems, applications, programming interfaces and data. It would be impossible for you to track down such internal security threats with your peripheral security devices that underpin a conventional security approach.

The Need of the hour for security managers is a comprehensive security solution that is designed to combat all kinds of data center security threats. The security solution should provide business continuity management, clear visibility and in-depth analysis of data center security events as well as a real-time incident response system.

The complexity of the security challenges increases with the evolving nature of data centers. Designing and managing security policies for highly dynamic applications, resources, virtual devices, and services of the new age data center is a hard nut to crack. Further, to exacerbate the situation, comes stringent compliance requirements that involve constant monitoring of security activities inside your data center infrastructure.

OpManager’s SIEM Plug-in: A High-profile Security Suite

ManageEngine OpManager introduces its all new SIEM plug-in that provides and control over your data center security infrastructure with its high-level, network security intelligence.

OpManager together with the SIEM plug-in unifies data center security and performance management. provides a ” single pane of glass” view of the data center assets’ performance, health and security status thus increasing your efficiency. The integrated view categorizes data center faults based on performance, health and security problems, thus helping you to prioritize and rectify the faults quickly.

With the SIEM plug-in you can,

  • Mitigate internal security threats: The SIEM plug-in’s out-of-the-box, privileged user monitoring reports give you the complete user audit trail. With the exhaustive reports, you can track down data center privileged user activities to discover who logged on to a critical server or application, who changed an application’s configuration, who copied your confidential business data, and more.
  • Ensure your data center server security: Be it physical, virtual or cloud, the robust SIEM plug-in collects, constantly monitors, and analyzes all your critical servers’ logs to detect mishaps and vulnerabilities. With this plug-in, you can also perform database activity monitoring for your MS SQL and Oracle database servers. The plug-in also allows you to perform extensive database auditing that provides the ability to restrict unauthorized access attempts to your critical data and prevent misuse of privileged access.
  • Protect your business confidential data: The plug-in ensures the security of your business confidential data round the clock. Any access attempts to modify, delete or rename your sensitive data will be captured by the plug-in, and it alerts you in real-time upon any of these critical changes. Further, it also provides you a complete audit trail that helps you to answer to “who, what, when” questions.
  • Be 100% compliant with regulatory mandates: OpManager’s SIEM plug-in enables the data center to stay 100% compliant to such as PCI-DSS, HIPAA, ISO 27001, FISMA, SOX, GLBA, and more with its out-of-the-box compliance reports. Further, it allows the customization of existing reports to suit internal security policies or build a new compliance report to meet the growing compliance mandates.
  • Perform forensic analysis on archived data: The SIEM plug-in allows you to archive log data in a centralized location for a user-defined time period. With this plug-in, you can audit the archived log data to strengthen your security policy and prevent recurring security threats. At any time, you can do a search and log forensic analysis on the archived data to get a complete picture of your security threats.

Click here to download and give the OpManager SIEM plug-in a try.

You Can Learn More About the ManageEngine Product Line By Going to www.ManageEngine.ca

The original article/video can be found at OpManager Adds SIEM Plug-in: Integrate Your Data Center Security and Performance Management

POODLE Bites SSL – WSWiR Episode 125

October Patch Bonanze, Leaky Apps, and POODLE

Cyber security has gone main stream, which means we’re getting a lot more security news each week than we used to. This week was even busier than usual, with updates fixing hundreds and hundreds of security vulnerabilities, as well as a significant vulnerabilities in a encryption standards. If you’re having trouble keeping track of the most important security info on your own, let our week video summary do it for you.

Today’s episode covers a ton of updates for October’s Patch Day, data leaks affecting SnapChat and DropBox, and a relatively serious SSL vulnerability called POODLE. The video is a bit longer than usual in order to better describe the POODLE flaw. Press play to learn more, and check the references for other interesting stories.

Enjoy your weekend, and beware what you click online.

(Episode Runtime: 16:37)

Direct YouTube Link: https://www.youtube.com/watch?v=AFX9DXDizu4

Episode References:

Extras:

— Corey Nachreiner, CISSP (@SecAdept)

You Can Learn More About the WatchGuards’ Product Line By Going to www.FirewallShop.com/WatchGuard.

The original article/video can be found at POODLE Bites SSL – WSWiR Episode 125

Shellshock – WSWiR Episode 123

Serious Bash Flaw affects *nix, Mac OS X, and IoT

Normally, my weekly video covers a number of important information and network security stories, in order to keep you informed of the latest threats. However, this week one story is so important I give it the primary focus.

Today’s show covers the critical “Shellshock” vulnerability in Bash. If you use Unix, Linux, or Mac systems, or any other embedded device that might run Linux, you’ll want to watch this episode to learn how this flaw affects you. Click play for more details.

Oh, and don’t forget WatchGuard appliances aren’t affected, and our IPS can protect you. Enjoy your weekend!

(Episode Runtime: 9:23)

Direct YouTube Link: https://www.youtube.com/watch?v=f6X5-bxj-Mw

Episode References:

Extras:

I’m skipping the extra stories this week so you focus on taking care of the Bash flaw.

— Corey Nachreiner, CISSP (@SecAdept)

You Can Learn More About the WatchGuards’ Product Line By Going to www.FirewallShop.com/WatchGuard.

The original article/video can be found at Shellshock – WSWiR Episode 123

Thumbnail

SolarWinds Security Software – Log & Event Manager

http://www.youtube.com/v/4blMAWYBQIA?version=3&f=user_uploads&app=youtube_gdata

For more information: http://www.solarwinds.com/network-security.aspx Watch this short video covering SolarWinds Log & Event Manager’s key security features. You will learn quickly how LEM…

You Can Learn More About the Solarwinds Software’s Product Line By Going to www.NetworkMonitoring.ca.

The original article/video can be found at SolarWinds Security Software – Log & Event Manager

Thumbnail

ManageEngine Desktop Central Catapults Its Customer into the Club of Golden Bridge Winners!

2013-GBA-Silver Award

This year, at the Golden Bridge Awards, ManageEngine customer Matt Rooney won silver for his company, BMI Healthcare, in the Best IT team category. Matt is BMI Healthcare’s IT Desktop Manager and has been a loyal Desktop Central customer. The Golden Bridge Awards program honors and recognizes achievements and great contributions of all major industries in the world. These awards generate global and industry-wide recognition of the achievements that organizations and individuals make across the world. We are happy to congratulate Matt – and his team – for the win.

We’re also honored to have played a role in helping Matt achieve this significant victory for his company. Before Matt found Desktop Central, he and his team had a tough time managing patch updates and assets. They had to continuously monitor their systems. BMI even had to resort to hiring contractors to do regulatory reporting.

After installing Desktop Central, most of BMI’s regular desktop management activities were automated. Some of the tasks were periodic software updates; patch management; delivery of service packs to Windows-based devices, including medical equipment; standardization of desktop interfaces; and implementation of company-wide security policies. Even the monitoring of USB and portable hard drive usage was automated. More, the IT department began to use Desktop Central to audit their entire Windows population and run the necessary reports to comply with various regulatory requirements.

With such sweeping changes came lots of advantages. The IT team was free to do more important things such as focus on network monitoring and security event management.

According to Matt, “Effective desktop management is becoming more and more crucial to the entire healthcare industry. The fast paced environment requires a carefully planned and articulated approach to technological advancements and the ever-evolving threat landscape. As the ramifications of a network security breach can be catastrophic in a hospital, compliance reporting plays a hugely important role in daily operations.”

“Much of the medical equipment we use is Windows-based,” he continued. “So it is imperative that it is protected against external threats by ensuring a carefully devised patching schedule is implemented, which Desktop Central has allowed us to facilitate.”

And, we say, thank you, Matt and thank you Golden Bridge; we’ll continue to design products that fulfill our customers’ expectations for many years to come.

You Can Learn More About the ManageEngine Product Line By Going to www.ManageEngine.ca

The original article/video can be found at ManageEngine Desktop Central Catapults Its Customer into the Club of Golden Bridge Winners!