Ryan Benson of Exabeam discusses SIEM software

ExabeamPreston and I interviewed Ryan Benson, Senior Threat Researcher at Exabeam about Security Information and Event Management (SIEM) software. We discussed what SIEM software is, what it does for a company, how it protects your network, and how to evaluate a SIEM suite.

Preston and I also agree that a SIEM suite should offer more than simple log aggregation and log scraping. There are less expensive and less cumbersome tools that can handle that functionality if that’s all you need. We also agree that SIEM companies need to bake some intelligence into their products that allow them to be automated, to respond automatically to threats, and to include advanced analytics so that you can optionally find out what’s going on and going wrong on your network.

Ryan gives us some insight into what’s going on in SIEM software and why you should care. Before you purchase a SIEM solution, take his advice offered in the podcast.

Podcast details:

Length: 22:35 minutes. Format: MP3. Rating: G for all audiences.

Check out Exabeam’s SIEM Platform for yourself.

America Exposed – Who’s Watching You Through Your Computer’s Camera? Interview with ICIT’s James Scott (Podcast)

ICITPreston and I interviewed Senior Fellow, James Scott from the Institute for Critical Infrastructure Technology about the serious threat to individuals from their webcams. You might think that because your camera is in your house and turned off that your safe from prying eyes, but you’re not. James gives us some insight as to what the problem is and how to solve it.

The unsecured cameras on PCs and mobile devices pose a serious threat to the private sector, to individual users, and to national security.  No other exploit is as vicious or expedient with its results as camera activation malware which can be used by malicious threat actors to surveil and spy on unsuspecting users.

In our most recent publication, entitled “America Exposed:  Who’s Watching You Through Your Computer’s Camera?”, ICIT provides an in-depth analysis of this underreported threat by discussing:

  • The evolution of surveillance capabilities in computing devices
  • Examples of malware used by malicious actors to gain access to cameras and microphones
  • “Webcam Gate” and creepy gaming surveillance technology
  • Strategies on how to mitigate mass camera-based surveillance

Podcast details:

Length: 26:59 minutes. Format: MP3. Rating: G for all audiences.

You can download the paper here: http://icitech.org/icit-analysis-america-exposed-whos-watching-you-through-your-computers-camera/

Agari’s Markus Jakobssen discusses Phishing trends (Podcast)

AgariThe old saying goes, “Give a man a fish and he feasts for a day; teach him to phish and he becomes a rich cybercriminal who retires at 30.” OK, so maybe it doesn’t go exactly like that, but I think you get the idea that phishing is bad for the majority of us who aren’t making a profit from other people’s pains. Phishing is the act of sending out email messages that look legitimate but whose only purpose is to get your banking, credit card, social media, or other online credentials in order to steal money from you.

Markus Jakobssen, a researcher at Agari, gives us his perspective on this trend that can cost larger companies millions of dollars. Markus tells us why phishing scams are so successful and what we can do to protect ourselves from this criminal trespass into our personal accounts and online identities. If you’ve been the victim of a phishing attack, you know how expensive it can be in trying to repair the damage that a single email message can have. Listen carefully to the podcast to find out what you can do to fight against this growing threat.

Podcast details:

Length: 17:54 minutes. Format: MP3. Rating: G for all audiences.

If you have an idea for a podcast or someone who’d like to be on the show, use the Contact Form and we’ll be glad to discuss.

Mayday! Mayday! Breaches and The Merry Month of May (Podcast)

Help!Preston and I visited our favorite Tuesday landing for this May overview where we briefly discuss what to do after you discover a breach, a compromise, a hack, or a ransomware infection on your network. My advice is “Don’t Panic.” Preston has more, and probably better, advice. One of the things you need to do is know what’s on your network, know what’s supposed to be on your network, and to establish a security baseline.

A security baseline is a starting point from which you will judge your systems from now on. Scan everything with anti-malware scanners. Clean up any infections. Plug security holes. Update your systems. And that is your baseline–a clean, uninfected, uncompromised network. It will be easier in the future to discover breaches if you know what’s going on now and keep track along the way. This short podcast is a topic of a longer, more in-depth future podcast.

Podcast details:

Length: 6:42. Format: MP3. Rating: G for all audiences.

All podcasts are Safe for Work and school and are licensed CC BY.

Turn GDPR Compliance into Lemonade

Lacy GruenBy Lacy Gruen, RES

“When life gives you lemons, make lemonade,” goes the popular saying, which inspires us to tackle life’s challenges in a positive way to help us grow and learn from hardships. For organizations struggling to meet the upcoming GDPR compliance deadline in May 2018, it may be difficult to view the massive data privacy compliance project as a positive, a piece of investment that can change the way an organization stores and handles user data for the better.

But how can an organization successfully turn GDPR “lemons” into lemonade? By using this time to solidify its overall compliance strategy, an organization can get a return on its GDPR compliance investment. Below is a quick summary of the payoff an organization can potentially see from implementing a comprehensive GDPR strategy:

  • Better data- and analytics-driven decision-making — visibility around data and access to data can help with both GDPR compliance and other IT or business initiatives.
  • Long-term customer/brand loyalty— customers want to know that the company they are buying from cares about protecting its users’ data.
  • Greater organizational agility—having automation around data access in place allows an organization to be nimble to respond to business changes and needs.
  • Reduced cybersecurity risk— security controls that are put in place for GDPR compliance can potentially help an organization protect against IT security threats such as ransomware.
  • Higher-value allocation of IT staff— some automation tools are flexible enough to not only automate the enforcement of data policies but automate many other IT tasks along the way.
  • Reduced overall compliance and audit costs— organizations most likely have multiple regulations to comply with, so streamlining auditing will help with more than just GDPR compliance.
  • Avoidance of GDPR-related fines— GDPR has set up hefty penalties for those who are not in compliance with the regulation, and any smart organization should plan to avoid the maximum non-compliance fine of 4% of the firm’s annual turnover.

Studies show that organizations are allocating significant budgets for GDPR compliance. But what are the key areas that organizations should invest in to ensure that GDPR compliance pays off in the long-run?

Key investment #1: Good data governance

Disciplined and diligent data governance is a must for any GDPR compliance effort. An organization cannot effectively manage and protect customer data if it does not know where it is located. For GDPR compliance, businesses must make an active effort to locate all user data, to know exactly what it consists of, and where the data originated. It also needs to define and enforce policies regarding how data is viewed, used, copied and accessed.

Key investment #2: Context-based mobile workspace controls

In the age of the digital workspace, employees take their digital identities everywhere with them, expecting to get their work done effectively regardless of the time of day or physical location. In fact, the majority of employers expect that employees work on-the-go from their smartphones, tablets, laptops, and home desktops. This is an issue for organizations that continue to depend on static, perimeter-based technologies to control access to sensitive data resources.

The only way to ensure that customer data doesn’t travel anywhere it shouldn’t—and that all use of customer data is legitimate and traceable—is to manage data access in context. Context and associated policies determine what is and isn’t allowed. It also provides the usage data essential for GDPR audit reporting.

Key investment #3: Streamline privilege administration with automation and delegation

Many employees unnecessarily have more access than they need to company data, posing a serious risk to GDPR compliance—as well as to general cybersecurity. The solution to the problem of creeping privilege is to streamline the administration of access rights. Automation also enables IT to put a “freshness date” on privileges so they don’t last indefinitely. Organizations can also fight privilege creeping by using delegation tools that empower LOB managers, HR admins, and other non-IT stakeholders to perform access administrative as appropriate. This adaptive, business-aligned approach to access control can significantly reduce total organizational privileging without impairing anyone’s ability to be productive.

Key investment #4: Anti-ransomware whitelisting

Ransomware attacks now impact about half of all businesses, and ransomware techniques continue to become more sophisticated. These attacks often take the form of social engineering techniques that circumvent cybersecurity perimeter defenses by tricking human users into clicking a malicious link or opening a malicious attachment.

Effective ransomware defense requires multiple counter-measures, including frequent data backups and aggressive user education. However, any organization seeking to fend off ransomware and similar cyberattacks must also implement some form of workspace whitelisting. Effective whitelisting is thus closely related to automated privilege administration (key investment #3)—with the added dimension of disallowing access to non-whitelisted resources.

Key investment #5: Push-button offboarding

Another related and essential capability for GDPR compliance is push-button offboarding. As noted above, employees can accumulate many privileges over time. So when they leave an organization, those privileges must be revoked immediately.

Revocation of a user’s privileges can tend to be slow, leaving organizations vulnerable to data leakage. This is a huge GDPR and data security no-no. Every organization needs an offboarding mechanism that triggers complete revocation of all privileges across all systems—on-premise and in the cloud—without exception immediately upon a termination or transfer event in the company’s HR system.

Regulations change and new legislation continue to pop up, but if an organization take the right data protection measures now, an organization will have the right tools in place to make its life much easier in the future. Businesses that properly view GDPR compliance as one part of a broader effort to better govern data the digital enterprise—traversing compliance, security, and automation—will significantly out-perform their more complacent competitors. And that performance will have a tangible, positive impact on the bottom line.

Bio: Lacy Gruen is a Director at global digital workspace provider RES, where she works to develop go-to-market strategy and help customers find solutions that will solve the real IT challenges of today and the future.

IoT and Mobile Security with Zimperium CPO John Michelsen (Podcast)

ZimperiumIn this podcast, Preston, our guest John Michelsen, CPO of Zimperium, and I discuss mobile security and extrapolate what’s happening in that space to what’s happening, and about to happen, with IoT security. We touch on monitoring, general security, costs, and the bigger problem of security implementation on devices that until recently were used based on an “air of trust.”

April is our “Month of Preventing Surprises” and this podcast kicks off that topic for The SecurityNOW Show. How awkward would it be to move headlong into a large IoT implementation only to realize that someone has easily hacked your devices and siphoned off your data? Surprise!

Mobile security has come a long way in the past two years with the adoption of higher security measures from vendors and third parties, such as per-app VPN, two-factor authentication, and containerization. IoT vendors will have to step up and enable encryption, use multi-factor authentication, and wipe or brick devices that have been compromised or moved. The Internet of Things may very well be security’s biggest challenge yet, not only because of the sheer numbers of devices but also because of device diversity.

Preston, John, and I just touch the surface of these topics in this podcast but stay tuned for more from all three of us on IoT security.

Podcast details:

Length: 20:45 minutes. Format: MP3. Rating: G for all audiences.

Licensed CC BY (2017)

A SecurityNOW Less Than Private Privacy Discussion (Podcast)

Privacy PleasePreston and I decided to discuss the latest in privacy at Shiloh’s Restaurant in Broken Arrow a few days ago. As you’ll hear on the podcast, we perhaps needed more privacy. I apologize for the background noise but you can think of it as a lesson in security in that our conversation at times was obfuscated by surrounding conversations and music that didn’t seem to start playing until we hit the Record button. Such is life. We deal with our surroundings all the time, which makes me believe that our choice of venue for this podcast was the perfect setting to have a conversation on privacy. It works on many levels.

During our talk, Preston and I ponder the outcome of the Congressional decision to remove current privacy legislation and put it firmly in the hands of someone grossly unqualified to make such a decision. In any case, I think we need to join together in embracing privacy much like the EU has with GDPR, which we’ve discussed in another podcast.

Stay tuned for more commentary as the situation develops.

Podcast details:

Length: 19:26 minutes. Format: MP3. Rating: G for all audiences.

Seriously, please write your Congressman and your Senators about this. It’s too important to leave in unqualified hands.