Cyber Defense Emagazine – June 2018 Edition Copyright © Cyber Defense Magazine, All Rights Reserved Worldwide

…130+ Packed Pages This Month…

CyberDefenseTV.com continues to grow with more interviews of C level executives in the Cyber HotSeat…

BlackHat Trip Report and Great C Level InfoSec Thought Leader interviews…

Transforming Cyber Security

An End to the Era of Passwords?

The Impact of SOAR on Incident Response Steps

The Art of Phishing and How To Fight It

…and much more…

CONTENTS

BlackHat Conference 2018 Trip Report...... 15

Transforming Cyber Security...... 35 Cyber Security Tips for Business Travelers...... 38

Building blocks to manage the supply chain ...... 40 Cyber PSYOP: The New Way to Impact Opinons and Politics ...... 42 Let Passwords Go Extinct ...... 45

The Impact of SOAR on Incident Response Steps ...... 47 2018 is Late but Still the Right Time to Bid Goodbye to Malware Prone SMBv1 ...... 50

Best Practices for DDoS Mitigation in the Terabit Attack Era ...... 53 How to Protect Your Business From Cyber-attacks? ...... 56

Want to protect your online customers? Keep your website safe...... 59 Local Backups May Not Keep Your Business Safe From Ransomware ...... 61

TOP 10 TIPS FOR WORDPRESS WEBSITE SECURITY ...... 63 Operation Eligible Receiver - The Birthplace of Cyber Security: Vulnerabilities ...... 66

Connectivity is key for the logistics of tomorrow...... 70 Are you correctly tackling the cybersecurity challenge? ...... 73

You Can’t Stop All Malware, But You Can Stop the Damage ...... 75 Protect Your Business with These Foundational Cybersecurity Defenses ...... 77

CONTENTS (Cont')

How to assess and audit your risk? ...... 79 Navigating the ‘Cloudy’ Sky ...... 81

How Automation Can Ensure Speedy, Successful PAM Deployment ...... 84 Software, hardware and procedural compliance ...... 88 Security Risks of the Instant Gratification Culture ...... 90

The Power of Cloud Technology: Fighting Cyberattacks ...... 92 Practices in Network Security Monitoring...... 94

The Art of Phishing and How To Fight It...... 96 Playing an integral part of the nation’s modernisation through security, fire and safety ...... 99

Free Monthly Cyber Defense eMagazine Via Email ...... 127 Marketing and Partnership Opportunities ...... 128

Job Opportunities ...... 128 Announcing CYBER DEFENSE GLOBAL AWARDS 2018 ...... 129

@MILIEFSKY

From the Publisher…

CyberDefense.TV is now live with more interviews each month…

Dear Readers,

Today, we launch this August 2018 edition of our eMagazine in parallel with ongoing expansion of CyberDefense.TV at www.cyberdefensetv.com and the shorter url cyberdefense.tv

We listened to our friends in cyber security, writers, public relations & marketing experts, C level executives and you, our faithful readers. We are now expanding with our Global Print Edition, Global Awards and in Q4 this year, yet another surprise platform we think you will be very pleased with – one that let’s the 3,000 and growing cyber security companies share their stories with you more frequently and more easily.

Key team members have just returned from BlackHat Conference 2018 in Las Vegas, Nevada. We saw many old friends and made new friends. We learned about new technologies, innovative ways to stop cyber attackers and of course, more vulnerabilities and exploits than any one person or organization could handle.

BlackHat continues to grow at an amazing pace, yet its theme is consistent – sharing all the best information on risk – threats, vulnerabilities and assets – from the cloud to satellites to voting gear and cars, nothing was off limits except maybe for the casino slot machines. In this environment hackers are extremely welcome, and they are not afraid to share every possible exploit or methodology to prove yet another weakness needing a better form of defense.

This is an exciting time to be part of a growing infosec community. Thank you so much for your continued support! We’re so thankful and honored to have you!

Gary S. Miliefsky, CEO, Cyber Defense Media Group Publisher, Cyber Defense Magazine

@CYBERDEFENSEMAG

@CyberDefenseMag CYBER DEFENSE eMAGAZINE

Published monthly by Cyber Defense Magazine and distributed electronically via opt-in Email, HTML, PDF and Online Flipbook formats.

PRESIDENT & CO-FOUNDER Stevin Miliefsky [email protected]

EDITOR-IN-CHIEF & CO-FOUNDER Pierluigi Paganini, CEH [email protected]

ADVERTISING Sarah Brandow, VP of Marketing [email protected]

Interested in writing for us: [email protected] Our Vision: To be the Global Leader of Cyber CONTACT US: Defense Knowledge & Information Cyber Defense Magazine Toll Free: 1-833-844-9468 International: +1-603-280-4451 SKYPE: cyber.defense http://www.cyberdefensemagazine.com From the Copyright © 2018, Cyber Defense Magazine, a division of CYBER DEFENSE MEDIA GROUP Editor… (a Steven G. Samuels LLC d/b/a) PO BOX 8224, NASHUA, NH 03060-8224 It’s friends at Trend Micro and WatchGuard and EIN: 454-18-8465, DUNS# 078358935. All rights reserved worldwide. RSA and HelpSystems and many others you’ll find advertising with us, providing great content PUBLISHER Gary S. Miliefsky, CISSP® to us and partnering for interviews with us at

CyberDefense.TV that have helped us continue Learn more about our founder & publisher at: http://www.cyberdefensemagazine.com/about-our-founder/ to grow. We’ve learned about ThreatBook from China and FFRI from Japan and WhiteHatSecurity and so many other innovators. With events like WE’RE CELEBRATING BlackHat and upcoming CloudSec in London in 6 YEARS OF EXCELLENCE!

September and IPEXPO Europe in October, we Providing free information, best practices, tips and continue to stay informed and share our ever techniques on cybersecurity since 2012, Cyber Defense expanding infosec knowledge with our readers. magazine is your go-to-source for Information Security. We’re a proud division of Cyber Defense Media Group: For that we are so thankful. CYBERDEFENSEMEDIAGROUP.COM To our faithful readers, MAGAZINE TV AWARDS Pierluigi Paganini SEE US IN OCTOBER AT…

Your website could be vulnerable to outside attacks. Wouldn’t you like to know where those vulnerabilities lie? Sign up today for your free trial of WhiteHat Sentinel Dynamic and gain a deep understanding of your web application vulnerabilities, how to prioritize them, and what to do about them. With this trial you will get:

An evaluation of the security of one of your organization’s websites

Application security guidance from security engineers in WhiteHat’s Threat Research Center

Full access to Sentinel’s web-based interface, offering the ability to review and generate reports as well as share findings with internal developers and security management

A customized review and complimentary final executive and technical report Click here to signup: https://www.whitehatsec.com/info/security-check/

BLACKHAT CONFERENCE 2018 TRIP REPORT by Gary S. Miliefsky, Publisher with additional content provided by UBM, RSA and others…

Every year, BlackHat continues to keep me and the growing number of attendees on our toes, literally. There is so much to see and do – so much to learn, you can’t help but to leave at the closing wanting more.

The event welcomed nearly 19,000 of the most security-savvy professionals across the InfoSec spectrum – spanning academia, world-class researchers, and leaders in the public and private sectors. The event’s robust lineup featured groundbreaking content led by security experts who showcased the latest and greatest research currently impacting the industry.

The Black Hat Review Board, comprised of 24 of the world's foremost security experts, evaluated more submissions this year than ever before – producing the largest program to date. This year's conference welcomed more than 300 speakers and Trainers across more than 80 deeply technical Trainings and nearly 120 innovative research-based Briefings on stage. For more information about the event and to download available whitepapers and presentations, visit: blackhat.com/us-18/.

Interviews and cool companies I found on the show floor…

I ran into WhiteSource, a market leader in the open source security space, who recently released the next generation of Software Composition Analysis: the Effective Usage Analysis. This new technology differentiates between the effective and ineffective vulnerable functionalities and reduces open source vulnerability alerts by 70%! Less work, anyone?

Checked out the updates from Digital Defense and McAfee. The integration of Digital Defense’s Frontline Vulnerability Manager™ (Frontline VM™) and McAfee® ePolicy Orchestrator® (McAfee ePO™) provides organizations with clear visibility into managed and unmanaged devices. Rapid, automated deployment of threat detection agents on unmanaged devices results in bolstered security, while reducing the resources required to administer security.

The integrated Frontline VM and McAfee ePO solution eases the burdens associated with running multiple systems and simplifies the process of vulnerability and threat management. Organizations benefit from:

• Accurate and comprehensive host identification capability

• Policy orchestration that automates deployment of agents to unmanaged systems immediately upon detection

• Connected Ecosystem provides capability to schedule a vulnerability scan directly from McAfee ePO

While walking on the expo floor, I found my friends at Polarity and we chatted about their latest innovations. As they reminded me, humans are good at analysis but bad at recall. To solve that, Polarity augments human memory with on-screen overlays. It's like a heads-up display or augmented reality, but for your computer, giving your team superhuman data awareness and recall. Add any data you want to remember to Polarity. Polarity uses computer vision to recognize what's on your computer screen as you do your work and overlay that data as it's related. Check them out at http:// www.polarity.io.

AlienVault demonstrated new endpoint detection and response capabilities (EDR) in its USM Anywhere platform that automate threat detection and response from wherever threats appear, all from one platform. By intelligently correlating activities across the network, cloud, and endpoint through continuous threat intelligence updates from the AlienVault Labs Security Research Team, USM Anywhere detects intrusions faster and with more accuracy, including those designed to evade detection by traditional perimeter security and signature-based detection techniques. AlienVault USM Anywhere also delivers detailed and automatically curated data to guide response teams to quickly contain threats across the entire network environment. In discussing nation-state cyberattacks, Jaime Blasco, vice president and chief scientist for AlienVault, said, “In analyzing global threats and vulnerabilities, we can recognize patterns in the data from malicious actors and groups based on our understanding of their past activities, but we’re focused on providing actionable intelligence to our customers to accelerate and simply threat detection and remediation” Learn more at http://www.alienvault.com.

I met with the F5 executives and their F5 Labs leadership, who, during BlackHat broke a huge story. If configured incorrectly, cellular IoT gateways can give attacker access to critical infrastructure, threatening human life in ways only Hollywood has conceived. We posted the story, here: http://www.cyberdefensemagazine.com/breaking-down-the-door-to-emergency- services-through-cellular-iot-gateways/

Sometimes the best meetings at BlackHat take place in the back of the tradeshow floor or even sometimes outside of the packed press room. In this case, I was lucky to catchup with Kevin Simzer, the COO of TrendMicro – one of my favorite InfoSec companies in the world. In the photo, to his left is a brilliant infosec fellow, Brian Gorenc, who leads their Zero Day Initiative (ZDI). I must say, this company is run in a humble, non-braggadocio way – for example, they have patented their Machine Learning (ML) methodologies, over 10 years ago, leading to their own artificial intelligence (A.I.) advances ahead of most competition, yet they don’t brag about it at all. They also don’t brag about their over 125,000 global resellers and channel partners. I’m met with some of their top partners and they have great things to say about their relationship with Trend Micro. We’re talking about the third largest Cybersecurity company in the world, here. Some stats from Kevin about Trend Micro’s record growth over the years, we’re looking at 120 quarters of always being cash flow positive of which 70 of those have been as a public company. He told me their doing 12% in topline growth so far, this year. We’re looking at a potential $1.5B+ USD in revenues year. Amazing company! You can track their numbers here: https://www.trendmicro.com/en_us/about/investor- relations/financial-reports-data.html and learn more from their CFO and CEO as well.

Back to my friend Brian Gorenc, who leads the ZDI iniative. He told me it was actually formed in 2005, when the cyber threat landscape was a bit different from what we see today. Threats were a little less sophisticated, but there was one thing that we saw then that we still see now: the shortage of cybersecurity professionals and researchers. The team decided that with ZDI, they could augment the internal team with the expertise of external researchers. In addition, ZDI would promote responsible vulnerability disclosure to affected vendors and protect our customers ahead of a vendor patch. As you probably suspected, the launch of ZDI was met with skepticism, with people saying things like “the ZDI is promoting hacking by creating a market for vulnerabilities” and “they’re going to fail,” but the team was determined to make this program work.

According to Trend Micro, as we fast forward to 2018, now in its thirteenth year, the ZDI manages the largest vendor-agnostic bug bounty program in the world with over 3,500 external researchers complementing the internal team’s efforts. The surge of over 500 new registered researchers in the first half of 2018 alone is a testament to the appeal and benefits that the ZDI program offers to those who want to conduct responsible security research and be appropriately compensated for their efforts. Since the program’s inception, over $18 million USD has been 18 Cyber Defense eMagazine – August 2018 Edition Copyright © 2018, Cyber Defense Magazine, All rights reserved worldwide.

awarded to external researchers. This is quite an accomplishment given that there was only one submission in the first year of the program. Contributions to the ZDI program have been growing steady since 2010 and in the first half of 2018, the ZDI published a record-breaking 600 advisories, paying researchers over $1 million USD.

But the benefits of ZDI go beyond the researcher community – Trend Micro customers also benefit from the vulnerability research conducted by the ZDI. The insights on threat and exploit trends that the team sees from external researchers, as well as their own internal research, has led to increased focus on SCADA and Industrial IoT (IIoT) vulnerabilities, which make up approximately 30% of submissions this year. The ZDI also works very closely with ICS-CERT and was the number one supplier of SCADA/ICS vulnerabilities in 2017. Trend Micro customers also benefit through preemptive protection for vulnerabilities that come through the ZDI program. Patch management is a constant headache for most organizations, and it can become a flat-out nightmare if a zero-day hits and you have hundreds of systems to patch. Filters that are created as a result of the exclusive access to vulnerability information from ZDI provide protection an average of 72 days before a patch is available and can play a key role in alleviating the patch management headache with a virtual patch at the network level while you work to update systems or wait for a vendor patch. Trend Micro is one of the few security vendors that has the breadth and depth of vulnerability research that results in this level of protection coverage. Does every vulnerability submitted to the program get exploited? No. But just like I carry automotive insurance “just in case” I get in a car accident, think of the ZDI program along the same lines – an extra level of protection “just in case” you can’t patch your systems in time in the event a vulnerability submitted through our program is exploited before a patch is issued by the affected vendor.

The continued growth of the Zero Day Initiative bug bounty program and leadership in vulnerability research can only lead to more secure products and more secure customers. Many vulnerabilities would continue to either remain behind closed doors or be sold to the black market and used for corrupt purposes. Accountability is paramount to the program, and over the course of 13 years, the ZDI has worked to build trust with leading software vendors and the research community to promote the importance of security in the product development lifecycle. As the threat landscape evolves, the ZDI will evolve with it and stay on the forefront of vulnerability research to make our technology world a safer place.

For more details on the ZDI’s record first half of 2018 and the trends they’re seeing, check out Brian Gorenc’s blog here. You can also follow the team on Twitter at @thezdi for the latest updates.

I stopped by Valimail’s booth and found that for both IT and marketing leaders, Valimail delivers real-time email authentication as a cloud service, bringing easy, accessible, and safe messaging to all organizations. It’s the only truly automated solution in the industry, period. Valimail's patented software technology allows us to identify email services by name (not just IP addresses), overcome limitations with DMARC, SPF, and DKIM, and ensure that your email authentication policies keep pace with ongoing changes to your infrastructure. And we do it all without touching any personally identifiable information (PII) or reading the contents of email messages.

Valimail closes the number one email attack vector -- impersonation -- and increases cybersecurity defense while protecting your brand. Valimail has won numerous awards for its innovative approach to email authentication, we are the only email anti-impersonation to be

FedRAMP Authorized, and we are also Privacy Shield Certified and SOC-2 Type 2 compliant. Check them out at http://www.valimail.com/.

As I rushed past Bromium’s booth, heading to my next meeting, they reminded me to stop back later and bring the worst, most destructive malware I could find and use it to target a Bromium- protected endpoint in front of a live audience. No gimmicks. No hiding. They offered to let me do this in plain view and either way, I would get an exclusive shirt owned only by those who’ve faced the challenge! I wish I had time to test my ‘genius’…ah next time, maybe at RSA Conference 2019…just like their booth – it’s a very cool t-shirt.

What I love about BlackHat is the chance to catchup with some of our industry thought leaders who’ve been writing for us. Corey Nachreiner, the CTO of WatchGuard, truly another favorite of mine, for a very long time, happened to have some time to sit down with me and discuss where WatchGuard is going – and it’s truly exciting. For SMBs and large enterprises who haven’t fixed their remote and small office security risks, WatchGuard has the scale-able solution for them, both of us seen above in our comfort soles for long distance walking of the tradeshow floor and speaker sessions. Recognized as a thought leader in IT security, Corey Nachreiner spearheads WatchGuard's technology vision and direction. Previously, he was the director of strategy and research at WatchGuard. Nachreiner has operated at the frontline of cyber security for 16 years, and for nearly a decade has been evaluating and making accurate predictions about information security trends. As an authority on network security and internationally quoted commentator, Nachreiner's expertise and ability to dissect complex security topics make him a sought- after speaker at forums such as Gartner, Infosec and RSA. He is also a regular contributor to leading publications including ours. He shared a few slides with me and this is clearly an important mission:

I suggested to Corey to have a look at one of my baby unicorns and he one-upped me. He shared the news (see below) about their acquisition of an incredible Identity and Access Management solution also known as a cloud-based multifactor authentication (MFA) solution, tweaked and rebranded as AuthPoint, which competes with SaasPass.

Corey reminded me that a massive portion of data breaches involve lost credentials, and since cyber criminals target organizations of any size, MFA is now a prerequisite for all businesses. In the absence of MFA, cyber criminals can utilize a variety of techniques to acquire usernames and passwords, such as spear phishing, social engineering, and buying stolen credentials on the dark web, to gain network access and then steal valuable company and customer data. With AuthPoint, he told me how WatchGuard is breaking down longstanding barriers between SMBs and MFA adoption with a solution that is affordable, easy to deploy, and vastly scalable – all of which is made possible by WatchGuard’s cloud-based approach to authentication.

Here's the news:

WatchGuard® Technologies, a leader in advanced network security solutions unveiled AuthPoint – a cloud-based multi-factor authentication (MFA) solution designed for small and midsize businesses (SMBs). MFA has always been out of reach for SMBs due to cost, complexity and management issues, until now. In fact, according to a new survey of IT managers and professionals conducted by independent market research firm CITE Research, 61 percent of respondents from companies with under 1,000 employees believe MFA services are reserved for large enterprises. WatchGuard’s AuthPoint addresses these authentication concerns by eliminating the complex integration processes, considerable up-front expenses, and burdensome on-premises management requirements.

WatchGuard’s AuthPoint solution is a cloud service that can be deployed and managed from any location without the need for expensive hardware components. The service relies on

WatchGuard’s AuthPoint app to facilitate user authentication. As the most effective and accessible MFA solution for SMBs, AuthPoint’s key features include:

• AuthPoint App – Once downloaded and activated on a user’s smartphone, WatchGuard’s AuthPoint app enables users to view and manage any login attempts – by way of push notifications, one-time passwords or QR code entries for those in offline scenarios. Additionally, the app is equipped to store third-party authenticators such as Google Authenticator, Facebook access, Dropbox, and more.

• Mobile Device DNA – WatchGuard uses an innovative approach to user authentication called Mobile Device DNA that distinguishes cloned login attempts from legitimate ones. The AuthPoint app creates personalized “DNA” signatures for users’ devices and adds them to the authentication calculation. The result is that authentication messages not originating from a legitimate user’s phone will be rejected.

• Cloud-based Management – As a cloud-based solution, the AuthPoint service comes with a convenient, intuitive interface for businesses to view reports and alerts, and configure and manage deployments. Enabled from the cloud, AuthPoint requires no on- premises equipment, which cuts down on costly deployment and management activities.

• Third-Party Integrations – WatchGuard’s ecosystem includes dozens of 3rd party integrations with AuthPoint. This allows companies to mandate that users undergo the authentication process before accessing sensitive cloud applications, VPNs and networks. Moreover, AuthPoint supports the SAML standard, allowing users to log on once to access a full range of applications and services.

“Cloud-based multifactor authentication (MFA) services provide an alternative to on-premises products for MSEs to implement strong authentication. MFA provides mitigation against account takeover and can significantly reduce the risk of phishing attacks. These services potentially provide total cost of ownership (TCO) benefits over legacy on-premises software or hardware deployments. Further, TCO benefits can accrue from choice of modern authentication methods (such as phone-as-a-token methods) that also provide good security combined with improved user experience.” Gartner:Midsize Enterprise Playlist: Security Actions That Scale, by Neil Wynne, James A. Browning, Published: 10 May 2018 ID: G00355786

“With the launch of AuthPoint, WatchGuard has smartly extended its product portfolio with a vital security offering that is often overlooked by SMBs, and done so in a channel-friendly way that is easy to sell, deploy, and manage,” said Greg Shanton, vice president of CyberSecurity at Neovera. “AuthPoint’s cloud-based architecture means we can easily onboard new customers, allocate licenses, segment permissions, and report on their activity from a single, easy-to-use interface. It’s evident throughout the entire experience that AuthPoint was built keeping both the success of its channel partners, and the security of our mutual customers in mind.”

KEY SURVEY FINDINGS:

Password security is still a major issue among companies with less than 1,000 employees:

• Although most IT managers surveyed claim they provide some password training or policies to employees, 47 percent believe that employees still use weak passwords, 31 percent believe employees use network passwords for personal applications, and 30 percent believe that employees share passwords. • 84 percent of surveyed IT managers would prefer to have technology solutions in place to enforce password best practices, rather than relying on password policies and training.

• Nearly half of surveyed IT managers (47 percent) suspect that their employees use simple or weak passwords, while only 18 percent believe employees don’t engage in any risky information security behaviors.

These companies need an intuitive, cost-effective MFA solution:

• Just over 61 percent of IT managers at companies with less than 1,000 employees believe MFA services are designed for companies larger than theirs. • Of companies that don’t currently use an MFA solution, their top reasons for not purchasing one are that MFA would be difficult to implement, maintain and support, and that it would be too expensive. Inter-organizational resistance to an MFA deployment was also a common concern. • 47 percent of companies currently using an MFA solution have implemented a version of SMS authentication methods, which are insecure and can be spoofed by a determined attacker. Also, 38 percent of companies using an MFA solution have hardware tokens, which are hard to manage, and can be lost or stolen.

This survey was conducted by CITE Research on behalf of WatchGuard. It covers small business owners and IT managers or higher at companies with less than 1,000 employees in the United States, the UK and Australia. For the complete survey findings, download the full report here. To learn more about WatchGuard’s new AuthPoint service, visit www.watchguard.com/authpoint.

ADDITIONAL RESOURCES:

• Report: Poor Password Handling and the Rise of Multi-Factor Authentication • InfoGraphic: Passwords have failed, so what’s next? • White paper: Protecting Your Network Assets with MFA • AuthPoint Datasheet • Solution Brochure

As many of you know, we launched our first ever print edition of Cyber Defense Magazine in 2013 (in our second year of operations) at the RSA Conference in San Francisco, California, USA. We’ve continued to grow thanks to our partnership and many friendships we’ve made over the years with the RSA team from the corporation to the conference folks, it’s been a great run. Like my friends at Trend Micro, Zulfikar Ramzan “Zully” is very humble and down to earth, yet extremely brilliant. As Chief Technology Officer of RSA, a Dell Technologies business, Zulfikar Ramzan leads the development of RSA’s technology strategy and is responsible for bringing to market innovations that protect customers from advanced cyberthreats. He joined RSA in 2015 from Elastica, where he was Chief Technology Officer. Ramzan holds more than 50 patents and a Ph.D. in electrical engineering and computer science from MIT. Zully believes that most companies need to take a better risk driven view of security. He gave me an example, “Ask an (accountant) Auditor about risk…they get it. Ask most infosec professionals about risk…many will conflate probable threats vs possible threats; others believe that WannaCry is a risk to them – WannaCry is a threat. We need to go back to the simple risk formula that has three variables, each with a weighted value – threats, vulnerabilities and assets.” He, of course, was speaking to the choir. We both absolutely agree that risk is not just about the likelihood of an event but the probable impact. This requires the potential business impact of an incident with smarter prioritization. For example, in an ecommerce business, which is a greater risk to your business – a critically vulnerable server, publicly facing, taking thousands of credit card transactions during the holidays and under a severe DDos attack or a poorly trained employee in a remote office with no access to the servers or data center having missed a few patches? The business impact of a critical server going offline is tremendous while an unpatched machine far away from this server is of a much lower impact so prioritizing 26 Cyber Defense eMagazine – August 2018 Edition Copyright © 2018, Cyber Defense Magazine, All rights reserved worldwide.

patching and hardening and backing up and DDoS protecting this critical server is much more important than rolling out a new automated desktop patch management system during the holidays. He continued with great advice, “When dealing with a major breach, we should have already been prepared and consider it a team sport – it will most likely impact all business units of the organization – from Legal to HR to IT to Sales and Marketing and Public Relations up to the CEO and the Board. We, therefore, at RSA, have launched an Innovative Risk Management model with the right tools and technologies to help make risk more easily measured and managed.” Zully gave me an example that really shined the light on the two major types of risks we usually don’t think about – Residual Risk vs Primary Risk. For example, in a $30,000.00 USD Ransomware event with minor downtime, payment being made, systems unlocked quickly, we still have to ensure the ransomware is removed, revalidate our data, do a forensic analysis and the list goes on – this has a $3.785m impact on the business, in just one example he gave me. So the Residual Risk impact is one hundred times (100x) greater than the initial impact of the Primary Risk.

BlackHat Conference 2018 Security Operations Center (SOC) deployed with RSA solutions

Zully told me about a new framework called FAIR and he said in this framework, the magic combo is the likelihood of an event and the impact of the event versus the resulting business loss. Factor Analysis of Information Risk (FAIR) has emerged as the standard Value at Risk (VaR) framework for cybersecurity and operational risk. The FAIR Institute is a non-profit professional organization dedicated to advancing the discipline of measuring and managing information risk.It provides information risk, cybersecurity and business executives with the standards and best practices to help organizations measure, manage and report on information risk from the business perspective. The FAIR Institute and its community focus on innovation, education and sharing of best practices to advance FAIR and the information risk management profession. You can learn more about FAIR here: https://www.fairinstitute.org/

Zully gave me a quick update on the RSA suite of solutions that help reduce, manage, mitigate and document risk. If you need to modernize authentication and provide your users with convenient, secure access to any application—from the cloud to the ground—from any device, he suggested we look at the RSA SECURID® SUITE.

When we talked about how severe some of the latest threats have become and how, if we understand time-based security, it’s time to detect and respond to threats faster than ever, on any device, in the cloud or across a virtual enterprise, he suggested we look at the RSA NETWITNESS® PLATFORM.

In our mutually favorite area of documenting and responding to risk in a more organized, professional and business impact fashion, with data-driven insights and a streamlined, fast time- to-value approach, to know exactly which risks are worth taking, he suggested we take a look at the RSA ARCHER® SUITE.

Finally, when it comes to stories about ecommerce and banking fraud, we also both agreed that it’s about stopping fraud, not customers. The idea is to manage fraud and digital risk across multi-channel environments without impacting customers or transactions. For this, RSA also has a solution for our needs and its’ called the RSA® FRAUD & RISK INTELLIGENCE SUITE.

You can learn more about all these solutions by visiting: https://www.rsa.com/

Other notables I’ll be keeping an eye on from the show, in no particular order: www.trustlook.com www.intertrust.com www.securechannels.com www.qadium.com www.palshack.org (seen on the right – good thing my wifi was off) www.specterops.io www.code42.com www.pfpcyber.com www.saltdna.com www.flexera.com www.gurucul.com www.wolfssl.com www.ziften.com www.silverfort.io www.neuvector.com www.cognigo.com www.brinqa.com www.securityscorecard.com

HIDDEN GEMS USUALLY UNCOVERED IN THE BACK OF EXPO FLOOR

Ready for my predictions of Unicorns – here are two – SafeBreach and SaasPass. These are must check out companies. Let’s start with SafeBreach:

SafeBreach is a cybersecurity company based in Sunnyvale, California and Tel Aviv, Israel. The company has developed a platform that simulates hacker breach methods, running continuous "war games" to identify breach scenarios across network systems. In July 2016, SafeBreach raised $15 million in series A funding from an investor group including Sequoia Capital, Hewlett- Packard, Deutsche Telekom Capital Partners and others.It was founded in September 2014 by 29 Cyber Defense eMagazine – August 2018 Edition Copyright © 2018, Cyber Defense Magazine, All rights reserved worldwide.

CEO Guy Bejerano and CTO Itzik Kotler in Tel Aviv. Prior to founding the company, Bejerano had worked as a chief information security officer and Kotler had spent time in the Israel Defense Force's technology unit as a hacker. In July 2015, the company raised $4 million in seed funding from an investor group led by angel investor, Shlomo Kramer, and Sequoia Capital. In July 2016, the company raised an additional $15 million in series A funding from existing investors along with participation from new investors Hewlett-Packard Enterprise, Deutsche Telekom, and Maverick Ventures. By this time, the company was operating in both Sunnyvale, California and Tel Aviv. Around 70 percent of the company's personnel works at the Tel Aviv office (largely on research and development).

I spent a good amount of time digging down into this amazing company with an exclusive interview of their CEO, Guy Bejerano. What Guy explained to me is that SafeBreach's primary product allows you to test thousands of possible breach scenarios by using and creating playbooks. Their platform reminded me of what Qualys could have become. Qaulys is a great company - the market leader in Vulnerability Management, however, they went down the 'lets make great compliance reports' road utilizing the CVE (common vulnerability and exposures) auditing model based on this CVE standard developed by my friends at MITRE. Similar to the formerly open source Nessus scanner by Tenable, Qualys audits for vulnerabilities - not for exploits or serious threats. If you understand the risk formula, you'll understand why SafeBreach is going to be a huge player if they continue to execute:

Risk = Threats x Vulnerabilities x Assets or R=TxVxA. So, while Qualys does an awesome job at finding the A and looking for the V, then didn't build their empire on the T - the threats. This is something SafeBreach seems to have done better than any vendor I saw at the show. As SafeBreach clearly markets – you need to simulate attacks and validate controls. To Gartner they are already a Cool Vendor for Breach and Attack Simulation Platform. To me they are a baby unicorn. Check them out at http://www.safebreach.com and see if my prediction of a huge IPO or M&A for them in the $500m - $1B market range happens within the next 3-5 years. Just a prediction.

Moving onto SaasPass, another baby unicorn…

SaasPass, which is trusted by NASA, BOEING, VISA, and many others solves one of the biggest IT security problems in the world – Identity and Access Management (IAM).

As Robert Herjavec and his innovative MSSP VP of IAM Ketan Kapadia pointed out, as well as Dr. David DeWalt, in prior interviews, this is becoming the biggest problem in Information Security – and hence a huge opportunity for a company to come along and help fix it. SaasPass does this in a major and elegant way. Please keep an eye on them, I’m predicting they also, with proper execution, will see an IPO or M&A for them in the $500m - $1B market range happening within the next 3-5 years. Just a prediction. Visit them online at http://www.saaspass.com

Show Highlights

• Keynote Parisa Tabriz, Director of Engineering and Project Zero for Google, presented “Optimistic Dissatisfaction with the Status Quo: Steps we Must Take to Improve Security in Complex Landscapes” to a bustling Mandalay Bay Events Center, which housed more than 6,000 attendees.

• CISO Summit welcomed 200 executives from top public and private organizations for an exclusive, program intended to give CISOs and other InfoSec executives more practical insight into the latest security trends and technologies and enterprise best practices. • Arsenal returned for its ninth year, offering researchers and the open source community the ability to demonstrate tools they develop and use in their daily professions – live. This year's program featured more than 90 tools, including 11 Arsenal Theater Demos and a new space for open-source enthusiasts to work with researchers in a hands-on environment.

• Business Hall buzzed with more than 300 leading companies. Attendees were given the opportunity to experience hands on learning, demonstrations and education on the latest products and technologies impacting the industry, as well as deep dive sessions presented by vendors in the Business Hall Theaters.

Community Focus Black Hat is driven by the needs of the InfoSec community - giving back and helping to foster the next generation of security professionals is a priority and Black Hat is proud to highlight some of its most recent initiatives:

• New Community Track: Developed to provide a focus on relevant issues currently impacting the InfoSec community, presented Briefings spanned careers, diversity, security awareness, health, and more. Insights and solutions from industry experts were provided to help individuals both new to InfoSec as well as seasoned professionals.

• New Community Programs: Over the years, Black Hat has expanded its community programming to shine light on topics specific to the InfoSec community, as well as welcome a wider range of professionals to the event. This year’s offerings spanned scholarship opportunities, workshops, networking, activities promoting health and wellness, partnerships with non-profit organizations and more.

• Electronic Frontier Foundation Support: For the fifth year, Black Hat is proudly donating $50,000 to the EFF to continue supporting their important work in protecting civil liberties within the digital world. Black Hat has a strong partnership with the EFF to provide pro-bono legal consultations to security researchers on the legality of any research or data they plan to present at the annual shows.

• Scholarships: Black Hat awarded more than 200 Academic Briefings Scholarships to deserving students from around the world. Black Hat and EWF again offered the Female Leaders Scholarship Program to minimize the gender gap among the InfoSec community and give students the opportunity to learn, network and collaborate with the world’s brightest minds. Event speakers were also given two complimentary Briefings passes per talk to be given to students of their choice.

• HERO Corps: Black Hat will be donating all proceeds from its specialized 2018 event t- shirt to the Human Exploitation Rescue Operative (HERO) Corps, a joint project of the National Association to Protect Children.

Top sponsors of Black Hat USA 2018 included: Diamond Sponsors: Cisco, Cylance, Forcepoint, LogRhythm, McAfee, Qualys, Rapid7, RSA, Tenable; Platinum Plus Sponsors: AlienVault, Bromium, Carbon Black, Cofense, CrowdStrike, Cybereason, DarkMatter, Darktrace, DigitalGuardian, ESET, FireEye, Fortinet, NETSCOUT, Palo Alto Networks, Recorded Future, 32 Cyber Defense eMagazine – August 2018 Edition Copyright © 2018, Cyber Defense Magazine, All rights reserved worldwide.

SentinelOne, Symantec, Webroot; Platinum Sponsors: Bomgar, CyberVista, Cyxtera Technologies, ExtraHop Networks, F5 Networks, iboss, Lastline, Mimecast, Optiv Security, Proofpoint, Inc., ReliaQuest, SecurityScorecard, Spirent Communications, Synack, Synopsys, Trend Micro, Vectra, ZeroFOX. For all sponsorship opportunities, visit: blackhat.com/us- 18/sponsors.html

What's Next: Black Hat Europe 2018 Following a successful USA event, Black Hat is preparing for Black Hat Europe 2018, a four-day event taking place December 3-6, 2018 at the ExCeL in London, England. The event will bring together an international security audience for two days of intense classroom-style Trainings followed by two days of the infamous Black Hat Briefings presented by some of the most renowned experts in the industry. For more information and to register, please visit: blackhat.com/eu-18/

Connect with Black Hat (#BlackHat)

• Twitter • Facebook • LinkedIn • Flickr

FUTURE DATES/EVENTS

• Black Hat Trainings 2018, Chicago, Illinois, October 22-23, 2018 • Black Hat Europe 2018, London, England, December 3-6, 2018 • Black Hat Asia 2019, Singapore, March 26-29, 2019 • Black Hat USA 2019, Las Vegas, Nevada, August 3-8, 2019

About Black Hat For more than 20 years, Black Hat has provided attendees with the very latest in information security research, development, and trends. These high-profile global events and trainings are driven by the needs of the security community, striving to bring together the best minds in the industry. Black Hat inspires professionals at all career levels, encouraging growth and collaboration among academia, world-class researchers, and leaders in the public and private sectors. Black Hat Briefings and Trainings are held annually in the United States, Europe and Asia. More information is available at: blackhat.com. Black Hat is organized by UBM, which in June 2018 combined with Informa PLC to become a leading B2B information services group and the largest B2B Events organizer in the world.

A SIDE NOTE ON PERSONAL PRIVACY, SAFETY AND DEFCON…

While I chose not to attend DEFCON this year, it was due to business scheduling conflicts and not because of the venue. It’s an amazing event that runs nearly parallel to BlackHat and has been at the Caesars Palace each year. According to one security research blogger and from Defcon official twitter account, hotel security made it clear that they would be doing, what I would consider, if on my own property, a violation of the 4th amendment of the US constitution, in the name of safety and security. It is their property and they have a right to visit and inspect their rooms for safety, security and cleanliness reasons, however, this might have been ‘one for the books’ on going to far?

See: https://www.secjuice.com/defcon-hotel-security-fiasco/

I also agree with the blogger at SecJuice that it’s worth stating that no one in our InfoSec space would ever object to enhanced security operations in Las Vegas this year, post the Vegas hotel shooting incident. Everyone should be able to attend both BlackHat and Defcon without incident and while some hackers love to hack, eavesdrop, deny service, prove the have the ability to gather intel on others without consent, this behavior is not professional and should not be condoned during any of these awesome events where the goal is sharing knowledge and information. You can find holes and document them. You can exploit holes without permission and end up going to jail. These are the choices we in our community face. It’s best to be a White Hat during BlackHat and during Defcon. The same should hold true for the Hotels and their staff. Knock knock. No answer. Sign says do not disturb, provided by Hotel. Honor it.

About the Author

Gary Miliefsky, Publisher, Cyber Defense Magazine Gary is our Publisher and a globally recognized cybersecurity expert, speaker and keynote, investor, advisor and consultant. He is the inventor and founder of technologies and corporations sold and/or licensed to Hexis Cyber, WatchGuard, Intel/McAfee, IBM, Computer Associates and BlackBox Corporation. He is currently the CEO of Cyber Defense Media Group (CDMG), which is the Publisher of Cyber Defense Magazine and Cyber Defense TV, is a frequent invited guest on national and international media commenting on mobile privacy, cyber security, cybercrime and cyber terrorism, also covered in Inc, Forbes and Fortune Magazines. Miliefsky is a Founding Member of the US Department of Homeland Security (http://www.DHS.gov), the National Information Security Group (http://www.NAISG.org) and the OVAL advisory board of MITRE responsible for the CVE Program (http://CVE.mitre.org). He also assisted the National Infrastructure Advisory Council (NIAC), which operates within the U.S. Department of Homeland Security, in their development of The National Strategy to Secure Cyberspace as well as the Center for the Study of Counter-Terrorism and Cyber Crime at Norwich University. Gary is a member of ISC2.org and is a CISSP®. Learn more about him athttp://www.cyberdefensemagazine.com/about-our-founder/

TRANSFORMING CYBER SECURITY by Dr Simon Wiseman, CTO, Deep Secure

Deep Secure CTO Dr Simon Wiseman explains how content threat removal is a game-changer in the battle to ensure business content is threat-free by using a transformative approach to boundary security and the problem of weaponized business content.

Unwinnable Wars

Digital content (documents and images) informs and facilitates every aspect of business and commerce. Little wonder then that it is the cyber criminal’s preferred carrier for an ever- increasing range of threats and kit-built exploits. Indeed, from the very beginning, cybersecurity defenses have struggled to deal with the digital content threat.

Often portrayed as an arms race in which the criminals constantly have the upper hand, the response of the cybersecurity industry to this threat – attempt to detect the content threat or try to isolate the content itself - has been largely ineffective in the face of relentless attacks from highly skilled criminals using sophisticated zero-day techniques.

Detection-based anti-malware defenses have been easily breached using polymorphic viruses and fileless malware. Sandboxed detonation has been rendered irrelevant with evasion techniques built-in to off-the-shelf malware kits as standard. Even defenses in highly sensitive government systems that employ deep content inspection to try and detect weaponized business content struggle to deal with sophisticated attacks from cybercriminals.

Weaponised Business Content

The fundamental reason for the cybersecurity industry’s inability to offer its customers the levels of protection they might reasonably expect is that the cyber defenses of the last 25 years are all based around trying to detect the presence of malware or an exploit and thus second guess the attacker. However, the truth is that the attacker is always one step ahead of this type of detection-based approach. Take a look at this week’s (in fact any week’s) cybersecurity headlines. 99% of the successful exploits are with weaponized business content crossing undetected across the network boundary in the documents, PDF, spreadsheets and images we all use every hour of every day.

The severity of the problem is escalating. Attackers are now employing against commercial targets the kind of sophisticated zero-day exploits that were hitherto the province of nation-state intelligence entities. They have taken evasion to new heights. They are using steganography to hide attacks, conceal command, control channels, and exfiltrate sensitive information stealthily. They are employing information hiding techniques that render detection completely impossible.

Content Threat Removal

The key to addressing the problem is to get ahead of the attacker and giving organizations the levels of protection from weaponized content they need. To do so the solution lies with Content Threat Removal (CTR), a technology that doesn’t depend on detection to stop the threat. 35 Cyber Defense eMagazine – August 2018 Edition Copyright © 2018, Cyber Defense Magazine, All rights reserved worldwide.

CTR works by assuming that all data is unsafe. It doesn’t try to distinguish good from bad. Whatever information an attacker sends in gets blocked. There’s no decision to make between safe or unsafe, so there’s nothing to get wrong. So how does this work – and how will the business get the information it needs?

Content threat removal transforms data. Using a technique called information extraction. This works by extracting the business information from the digital content received. The data carrying the information is then discarded, and new safe data is created to carry the business information to its destination. This way the attackers cannot get in and the business gets what it needs. When it comes to the content threat, in terms of efficacy, this approach cannot be beaten. The security team is satisfied because the threat is removed. The business team is satisfied because they get the information they need.

Turning the tables on the Bad Guys

CTR removes threats, concealed using polymorphism and steganography by intercepting all business content (documents and images), extracting the business information from them and creating brand new ones for onward delivery. This approach is a game-changer when it comes to dealing with sophisticated and indeed undetectable attacks because, nothing is trusted, everything is transformed and the threat is eliminated. It is the way to get ahead of the attackers and stay ahead because it eliminates the threat and leaves no opportunity for evasion techniques.

Threats Concealed in Plain Sight

The real proof content threat removal’s power is in its ability to eliminate any threat concealed using image steganography completely. Steganography is the covert hiding of data within seemingly innocuous files. It’s a way of encoding a secret message inside another message, called the carrier, with only the desired recipient able to read it. Now Stegware, the weaponization of steganography by cyber attackers, is on the rise. It is offered by default in malware-as-a-service kits on the Dark Web. It has been used in Malvertising campaigns to extort money from thousands of users and bring reputable news sites to their knees. It has been used in conjunction with social media websites to steal high-value financial assets concealed in seemingly innocuous images. Detection-based defenses cannot protect the business because steganography, done properly, is impossible to detect.

Content threat removal does not attempt to detect the threat. Image steganography works by hiding information in redundant parts of data. Content threat removal works by extracting useful information from data, and this process naturally leaves behind any information encoded in redundant data. Content threat removal defeats steganography by ignoring it.

Cyber Security Transformed

In a report from May 2018 “Beyond Detection: 5 Core Security Patterns to Prevent Highly Evasive Attacks”, industry analysts Gartner pinpointed content transformation as an essential technique in defeating the threat posed by weaponized business content.

Integrated into a content removal platform and deployed across the email, web, and file sharing boundaries, transformation delivers safe business content to users. As such, it will become the de facto way organizations ensure that content crossing the network boundary is 100% threat free.

It is the only way to defeat all content threats – known, unknown/zero-day, and undetectable – without the need to understand or identify the threats and without isolating the business from the content it needs.

About the Author

Dr Simon Wiseman is the CTO of Deep Secure. He has over 30 years of experience in the field of Government computer security.

Simon Joined the Royal Signals and Radar Establishment (RSRE) - a UK Ministry of Defence research establishment in Malvern, which became the Defence Research Agency (DRA), then the Defence Evaluation and Research Agency (DERA) before being privatized to become QinetiQ. He joined from QinetiQ in 2010 and his pioneering work has led to techniques for handling classified data with mainstream commercial software, the Domain Based Security method of risk assessment and techniques for combatting the use of Steganography.

Expertise:

Simon is responsible for the technical strategy at Deep Secure, devising unique solutions to hard cyber security problems. He has pioneered work on the use of data transformation to defeat attacks in digital content culminating in the development of the Content Threat Removal (CTR) strategy, along with the products and services that bring it to market.

Simon can be reached online at [email protected] and @srw_deepsecure on Twitter, and at the company website https://www.deep-secure.com/

CYBER SECURITY TIPS FOR BUSINESS TRAVELERS

by Luke Adshead, Cyber Security Tips for Business Travelers, Northdoor

It doesn’t matter whether you are travelling the world to ‘find yourself’ or you are on a business trip from NY to London for a big meeting. All types of travelling can pose various cyber security threats to your mobile phones and other devices. All of your devices will be carrying sensitive data, both personal and business related, so it is imperative you do everything you can to protect your work as much as possible, especially if you are using IBM Power 9 processor and have loads of important and sensitive data! If you are wondering what you more you can do to protect your information, read our top cyber security tips for business travelers or anyone going on holiday abroad.

Lock Devices Many smart devices such as mobile phones, laptops and tablets come equipped with security settings that’s are there to prevent unwanted parties gaining access to your device and having your information at their disposal. They, therefore, have set security measures in place such as PIN numbers and fingerprint ID’s. You should set up either a pin or a fingerprint on every device you own in order to prevent people being able to get in to said devices. Once the pin has been set up or fingerprint has been set up, make sure to lock all of your devices every time you are not using them to make sure they are always as secure as possible.

Public Wi-Fi Free Wi-Fi access is very appealing to business or leisure travelers who are working on the go and would like to save some of their data. The problem with public Wi-Fi is that is particularly vulnerable to security issues. Make sure to stay away from unencrypted Wi-Fi networks and ask your hotel about its internet security protocol before connecting to the web. If you absolutely must use a Wi-Fi hotspot, make sure that you do not access any personal account or sensitive data.

Disable Auto-Connect Many mobile phones have a certain setting that will allow a phone or tablet to automatically connect to Wi-Fi hotspots as you pass through them on your daily routine. This is, of course, a nice feature when used at home, although it’s not something you should allow while traveling abroad. Before you travel, change this setting so that your smartphone and laptop must be manually connected each time you wish to access the Web.

Install Anti-Virus This definitely one of the most successful ways you can keep your personal information, as well as business information, safe while traveling. Alongside using an established security company, make sure that you frequently update this software as new versions become accessible.

Update Passwords Make sure to change all of your passwords before you go travelling. It is also important that if you are asked to input a PIN for your safe in your hotel or hostel, you use a unique PIN number that you have not used before in order to prevent people who might find out your regularly used PINs from breaking in and having access to all your most valuable possessions.

About the Author

Luke was brought up in East London where he learnt a love for reading at writing at a very young age. He studies English Literature and English Language at University and now pursues his passion of writing and learning as much as he can about the digital world.

In his spare time he reads a lot of books and plays tennis.

Luke can be reached online at our company website https://www.northdoor.co.uk/

BUILDING BLOCKS TO MANAGE THE SUPPLY CHAIN

Supplied by ERTICO – ITS Europe

Most people, if they have heard of Blockchain at all, will have heard of it in relation to cryptocurrency. However, Blockchain has more to offer than just bitcoin, with solutions that can be put to good use in logistics and supply chain management. As an incorruptible digital ledger of economic transactions, the technology can potentially resolve many of the challenges created by the complexity of fragmented, globalised supply chains.

Supply chains are changeable by nature – they quickly incorporate and adapt to new technologies, from rail to air freight to the Internet. For supply chain managers, Internet technology in particular has changed their task from being a matter of keeping the machines fed and dispatching the finished product to something entirely more complex.

Standards and norms

Managing today’s supply chains involves controlling a tangled logistics nexus spanning multiple locations with hundreds of stages and various actors, requiring different payments and invoices spread out over several months. This presents a serious challenge for supply chain managers. For consumers too it is important to know that all of the elements in the products that they purchase have been ethically sourced with respect for environmental and labour standards and norms.

It is difficult for managers and consumers alike to accurately trace the provenance of elements all along the supply chain, and to quickly react to problems that arise related to quality or even illegality, because there is a significant lack of transparency in the current system.

Increasing transparency

As one of the technologies that enabled the globalisation of manufacturing, it is fitting that computer networks should also offer a solution to manage this complexity. Blockchain, which sees information held on a distributed database that is simultaneously hosted by multiple computers, can provide efficient solutions that are both verifiable and permanent.

With every transaction recorded across numerous copies of the digital ledger and distributed over multiple computers, Blockchain is highly transparent. It is also highly secure, as every block in the chain is linked to the preceding block. Information is distributed across the network, so there is no centralised hub that is vulnerable to cyber-attacks by hackers.

By enabling smart contracts, Blockchain helps make supply chain management more efficient and cost effective than current solutions because the contracts are trackable, they execute actions automatically and they do not require the involvement of third parties.

“Despite the current tendency to overhype its use, Blockchain will become an increasingly important element in the digital transformation of transportation logistics. Its potential to support this transformation will be measurably enhanced when architected with forthcoming advances in IoT, low-power wide-area networks (LPWAN), 5G and network edge processing,” said Jim Beveridge from ERTICO – ITS Europe, a private-public partnership that regards Blockchain as an alternative for smart contracts and transactions in mobility and logistics, complementing advanced data exchange networks (such as AEOLIX).

ITS World Congress 2018

Given the benefits of Blockchain, it is no surprise that it will be a key topic for discussion at the 25th ITS World Congress in Copenhagen this September. The ITS World Congress is the world’s biggest event, solely focused on the digitalisation of transport and smart mobility.

Experts in the field will present a number of sessions that cover Blockchain and cyber-security including:

ES11 Enhancing Cybersecurity & Resilience of Transport Infrastructure SIS60 Cybersecurity for Public-Facing ITS Systems SIS10 Assessing Next Generation Technologies for Emerging Future Transportation Environments SIS47 Blockchain and Distributed Ledger Technologies for Transport and Mobility

For the full Congress programme please click here, and for more information about the ITS World Congress 2018, please visit www.itsworldcongress.com.

About the Author

This article was produced and supplied by the Congress Department of ERTICO – ITS Europe.

CYBER PSYOP: THE NEW WAY TO Impact Opinions and Politics

PSYCHOLOGICAL OPERATIONS ARE UPGRADING TO THE 21ST CYBER CENTURY AND IMPACTS POLITICS, ECONOMIES AND SOCIETIES. by Julien Chesaux, Cyber Security Consultant, Kudelski Security

Cyber but not New

Fake news, disinformation, influence, propaganda, sponsored demonstration, and national interference are increasing but these threats are nothing new. What is new, however, is how functionalities of Web 2.0 - user-generated content, usability and interoperability - have enabled a whole new generation of innovative approaches and possibilities for attackers.

These can be grouped in what is called, in the U.S. military language, psychological operations (PSYOP). PSYOP are planned operations, which aim to influence specific audiences through the diffusion of information, real or not. Thanks to cyber space, cyber PSYOP are taking a new dimension and are nowadays used by states that want to protect and promote their own interests.

The Russian Government, for example, masters this strategy through the concept of hybrid warfare. Through different involvements, it creates opportunities that can be then leveraged. Therefore, it uses cyber PSYOP as a cyber-strategy integrated in its political, economic and social warfare.

Old Methods Are the Best

To protect and spread their ideas and interests, states use propaganda since time immemorial. At the beginning of the 20th Century it became institutionalized; governments systematically produced propaganda to target citizens to influence their opinion or in support of their efforts to undermine their enemy. WWI and WWII saw the advent of mass media as radio, television and video were added to print media1. After that, propaganda and opinion influence continued in many occasions, whether during wars or political duels. The aim was and still is to control information, especially through the Internet, which combines the communication means of traditional print, audio and visual media.

In Russia, the government’s foreign policy uses old communist methods from the Soviet era such as propaganda, disinformation, subversion, manipulation, destabilization and deception (the Russian military doctrine of Maskirovska) but updated for the 21st century Internet age.

1 E.g. posters, leaflets, books, movies, animations, newspapers and even comics books and cartoons [with 1940 comic book “How Superman Would End the War” by taking Adolf Hitler and Joseph Stalin to the League of Nations http://www.archive.org/stream/HowSupermanWouldEndTheWar/look#page/n3/mode/2up 42 Cyber Defense eMagazine – August 2018 Edition Copyright © 2018, Cyber Defense Magazine, All rights reserved worldwide.

Blur the Lines Between Peace and War

Over the last years, the Kremlin became Washington’s foremost foe in cyberspace by having no reluctance to use aggressive tactics in a stealthy way, thanks to the anonymity offered by the Internet. Since 2007, many campaigns were detected and analyzed. The majority of them targeted governments, international organizations and critical infrastructure (such as energy, electricity, transportation, and telecommunication sectors). Most of these operations are Advanced Persistent Threats (APT), which means that they target a specific entity with persistency and effectiveness. Recently, 13 Russian citizens and 3 Russian companies where charged for trolling on social media and supporting demonstrations against 2016 U.S. Presidential election candidate Hillary Clinton2.

The combination of traditional military methods with information manipulation to achieve political and strategic goals refers to hybrid warfare. The Russian Chief of General Staff General Gerasimov advised it in 2013 by integrating asymmetrical actions combining Special Forces – such as the “little green men” (i.e. masked and unmarked soldiers during the 2014 Crimea annexation) with information manipulation to establish a perpetual sensation of tension and unpredictability.

Russia’s Successes

This approach produced three operational field successes3. With the 2008 Georgian war, Russia used for the first time cyber PSYOP and cyber attacks towards Georgia’s state, media and critical infrastructure. The invasion resulted in the de facto independence of Abkhazia and South Ossetia. This was a clear action to stop the eastward spreading of the UE and NATO and to prove that the Russian army can effectively wage combined military operations abroad.

In Syria, the Russian intervention seized the opportunity to demonstrate that it is back at the core of the international playing field. The media coverage on the Mashriq region was exploited by nourishing it with propaganda, disinformation and fake news on social media.

Finally, the 2014 Crimea annexation employed a mixed strategy; as leverage internationally towards Europe and the U.S., and domestically to fill the glass of patriotism. Clearly, it was beyond belief that Russia would abandon its Sevastopol military harbor, its unique access to the Black and the Mediterranean seas, which have highly strategic values. Regarding these latest successes, this new doctrine might be used in “frozen conflicts” such as in the Balkans, Transnistria, Nagorno-Karabakh, the Caucasus, or Central Asia4.

2 APUZZO Matt & LAFRANIERE Sharon. “13 Russians Indicted as Mueller Reveals Effort to Aid Trump Campaign”, NY Times, 16 Feb, 2018 https://www.nytimes.com/2018/02/16/us/politics/russians-indicted-mueller-election-interference.html 3 DEVELLE Yuji. “Russia’s Pact with the Devil”, WonkBridge, Mar 17, 2017 https://medium.com/wonk-bridge/russias-pact-with-the-devil-a8fe72a3c076#.f73c7uwx0

4 CHAUSOVSKY Eugene. “In Europe’s Borderlands, the Winds of Change Blow in Every Direction”, Stratfor, Feb 28, 2017 https://www.stratfor.com/weekly/europes-borderlands-winds-change-blow-every-direction 43 Cyber Defense eMagazine – August 2018 Edition Copyright © 2018, Cyber Defense Magazine, All rights reserved worldwide.

Private Sector not Spared

The private sector is no stranger to these cyber PSYOP as politics and economics are intertwined. Based on a cost/benefit ratio, hacker groups employed by governments avoid a “front cyber assault” that would request too much effort to reach their objectives. Therefore, to attack a government, the higher cost/benefit ratio is to target a third party or an employee outside the internal network, like at home or in his/her favorite coffee place.

Consequently, a company can be the subject of an APT that will have a business impact on the performance (interruption of services), loss of clients and share value because the reputation is affected (as you suffered a data leak) and, worse, the loss of trust of its clients and the market (the basis of our modern economies).

The objective might be pecuniary but also political. A company can be a proxy for a political message. In its latest report, Global Malware Report 20175, the Comodo Threat Research Labs established links between the outbreak of malware activities and geopolitical events and tensions. Therefore, even if you do think that your business will not be impacted by these states’ quarrels, you are miscalculating your risks.

About the Author

Julien Chesaux is a Cyber Security Consultant at Kudelski Security, a Swiss and American cyber security company. Julien mainly works on cyber security, information security and geopolitics analysis in order to help clients to find solutions regarding their threats. He is also a mediator and writer for the Swiss Think Tank Foraus and the co- founder of the www.stralysis.com. He has worked in diplomacy and cyber security for seven years in Switzerland, Australia and France. His main research interests are Global Security, Cyber Geopolitics, and International Affairs.

LinkedIn profile: www.linkedin.com/in/julien- chesaux-65279456

You can reach me at [email protected]

5 Comodo. “Global Malware Report 2017”, Comodo Threat Research Labs, Feb, 2018 https://www.comodo.com/ctrlquarterlyreport/2017summary/Comodo_2017Report.pdf

LET PASSWORDS GO EXTINCT

OR, IT'S TIME FOR PASSWORDS TO EVOLVE by Chris Mindel, Marketing Manager, Dexter Edward LLC

Passwords are Dinosaurs

Let's face it: passwords have become part of the cybersecurity problem. That sounds contradictory, as passwords are supposed to help keep things safe, but it's true. Passwords are the seed of a good security idea, but human nature and counterproductive password practices have turned passwords into a hinderance instead of a help.

Having a password associated with a user name as a method of unlocking something makes sense - it's two pieces of information needed before access is granted. However, the password practice has been diluted and muddied by human nature getting in the way. For a password to work well, two things must happen: it has to be difficult to figure out and the user has to remember it. In theory, it's still a sound concept.

Duplicated Passwords are Hazardous

One thing that compromises the efficacy of passwords is the quantity of passwords you need to remember (everything has one, it seems). We've been instructed to come up with long passwords that are a combination of letters and numbers (and symbols, sometimes). What happens is this: the more passwords you are required to create, the greater the likelihood you'll duplicate passwords so you have fewer to remember. Plus, some companies require passwords be switched every X-number of days. In Special Publication (SP) 800-63B, the National Institutes of Standards and Technology (NIST) explicitly states that administrators, "SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically)." The NIST warns against this practice because the more someone has to change passwords, the more likely they are to use duplicated passwords to be able to remember them all.

A duplicated password instantly compromises every account for which you use it. A hacker just needs to figure out one, and the rest will fall. Same goes for password hints and security questions: they often duplicate which is anathema to having distinct, one-use-only passwords (indeed, these sorts of question were dumped as of 2017 from NIST's Special Publication (SP) 700-63).

Also, keep in mind a person isn't doing the actual work in deciphering your password - a computer is. As deftly illustrated in this classic xkcd comic by Randall Munroe, we've been trained to create passwords that are hard for humans to remember and easy for computers to figure out. This xkcd comic also serves as a fantastic segue for what passwords should evolve into: passphrases!

Use Passphrases Instead

Passphrases are like passwords but stepped up to the next level. Passphrases are a bunch of words put together. It can be a full sentence with spaces or it can just be a collection of words. To get a good passphrase, all you have to do is pick some words. Like Star Wars? Perhaps a passphrase like ForceGreedoWookieeYodaB-Wing is good for you. Think about how much easier that is to remember than something like R4ffead56!!#. It's more memorable because the words in the phrase mean something to you and can effortlessly be visualized. This makes it easier for you to remember and harder for a computer to figure out.

Now, you still must follow a few guidelines. Just like you shouldn't use the same password for everything, you also shouldn't use the same passphrase for everything. Try mixing up your topics based on what the passphrase is for. For example, if you are looking to create a passphrase for your work network, perhaps you mash together your favorite things in the kitchen: CheetosWaterScoobysnacksSkeleton. Again, these are things your mind has associations with, so it won't forget them.

To answer the question used for the title of this article: yes, let passwords go extinct. Use passphrases instead. 'Is that it, then?' you ask. 'Just use passphrases and we're good?' Of course not. The next step is multi-factor authentication . . . but that's another story for another time.

About the Author

Chris Mindel is the Marketing Manager of Dexter Edward LLC. Dexter Edward LLC is the premiere integrator of secure, encrypted, and traceless communications and collaboration systems. We provide products which are well-adapted for any situation with both trusted and untrusted assets. Chris has spent most of the last 15 years putting words together to form sentences and sentences together to form paragraphs - all with the express purpose of describing how things work and why they should be purchased. He is new to the cybersecurity world but is enjoying all the research and new topics he gets to explore now. Chris is a proud proponent of uncluttered writing, silly storytelling, and the usage of the Oxford comma. Chris can be reached online at [email protected] and at our company website https://dexteredward.com/

THE IMPACT OF SOAR ON INCIDENT RESPONSE STEPS

HOW AUTOMATION AND ORCHESTRATION AFFECT NIST’S FRAMEWORK FOR INCIDENT RESPONSE by Stan Engelbrecht, Director of Cybersecurity Practice, D3 Security

As cybersecurity incidents such as phishing scams, ransomware attacks, and user data breaches have become a never-ending threat for organizations of all sizes, incident response has grown in importance within security operations. Many companies use dedicated incident response platforms to plan, execute, and evaluate incident response processes.

Incident response plans are often built around the NIST 800-61 framework, which is the most widely accepted standard for organizing incident response. NIST breaks down incident response into four phases:

1. Preparation

2. Detection and Analysis

3. Containment, Eradication, and Recovery

4. Post-Event Activity

In recent years, incident response platforms have begun to evolve into what Gartner calls security orchestration, automation, and response (SOAR) platforms. SOAR platforms accelerate the pace and augment the power of incident response by automating repetitive tasks and coordinating actions—or “orchestrating”—across the entire security stack.

The technological advancements represented by SOAR are having a profound impact on how the phases of incident response are carried out. The NIST framework still applies, but using SOAR, responders can act faster and more conclusively at each stage.

Here is an overview of the NIST 800-61 framework, and how SOAR features can help enhance traditional incident response processes during each phase.

Phase 1: Preparation

Incidents move fast, so a comprehensive preparation phase is critical. Preparation, as defined by NIST, involves implementing the right tools and processes ahead of an incident occurring. A critical step in this phase is identifying your "crown jewels" — these assets must have the best possible defenses in place. The data from previous incidents is a useful resource during planning, as it will provide invaluable insight into your attack surface and areas of vulnerability.

SOAR platforms support the preparation phase by allowing analysts to build automated steps and orchestrated actions into their incident response playbooks. SOAR also helps you prepare your lines of communication by configuring automated task assignments and notifications.

Phase 2: Detection and Analysis

In order to stop an incident from causing damage, you first need to spot the irregular activity and figure out exactly what is happening. This phase begins with taking in data from sources such as SIEM, IDPS, network device logs, people in your organization, and more, to identify incidents based on indicators. Once incidents have been detected, you need to determine false positives, classify the attack vector, understand the scope of the event, identify the vulnerabilities being exploited, and prioritize response actions.

SOAR is especially useful in this phase, because it can integrate with other security systems to automate the gathering of threat intelligence and other contextual data, a process that wastes a great deal of time when done manually. SOAR platforms not only expedite this process, they also correlate alerts with information from historical incident and, some will even automate prioritization by assigning a risk score to each incident.

Phase 3: Containment, Eradication, and Recovery

In this phase, having gathered the information and gained an understanding of the incident, your IR team will begin to combat the threat. This includes taking actions to prevent further damage, such as closing ports or blocking IPs. Depending on the incident, you might gather and preserve evidence for future legal or regulatory cases. Once the threat is resolved, recovery will involve restoring systems to normal functionality, through actions like tightening network security, rebuilding systems, and replacing compromised files.

SOAR platforms accelerate containment and eradication to machine speeds with the ability to automate security actions. For example, if a user’s credentials are suspected of being compromised, the SOAR platform can interface with your identity and access management system to immediately disable that user’s access.

Phase 4: Post-Event Activity

Incident response can be chaotic, and it’s hard to take the time to do a post-mortem on major incidents, but NIST emphasizes the importance of this type of review. This phase includes having a “lessons learned” meeting to answer major questions about what happened, what went well, and what is needed for future incidents. Collected incident data should be used to drive these meetings and inform the resulting procedural changes. Post-event activity also involves determining what should be done with collected evidence. Is prosecution an option? How long should the data be retained?

The work of a SOAR platform is mostly done by this phase, but it can still contribute by providing a more complete data set to leverage for post-event analysis. Because of the ability to automate data capture and documentation of response actions, SOAR platforms will generally retain more usable data than would be gathered manually, and the ability to integrate across the security stack enables the incorporation of data from other security systems. The result is a data set that captures full picture of the incident, enabling more accurate metrics.

The Evolution of Incident Response

The NIST phases are still invaluable as a framework, but as you can see, the addition of automation and orchestration is reshaping how organizations approach the process of incident response. SOAR is empowering SOCs and incident response teams to do more with less, and with the addition of tools like machine learning, processes can be honed over time, analyzing patterns of incidents and tuning automation parameters to fit the exact needs of each organization. SOAR technology looks to be a promising step forward for organizations in their ongoing fight against cyber attackers.

About the Author

Stan Engelbrecht is the Director of Cybersecurity Practice at D3 Security and an accredited CISSP.

Stan is involved throughout the product delivery and customer success lifecycle, and takes particular interest in working with customers to configure solutions.

You can find Stan speaking about cybersecurity issues at conferences, in the media, and as the chapter president for a security special interest group.

You can find more writing from Stan on the D3 website http://www.d3security.com/

2018 IS LATE BUT STILL THE RIGHT TIME TO BID GOODBYE TO MALWARE PRONE SMBV1

UPGRADE TO AN ENCRYPTED SMB VERSION 3 by Tal Widerman, Marketing Manager , Visuality Systems

2018 is Late but Still the Right Time to Bid Goodbye to Malware Prone SMBv1

Much has been said and written about the security threats posed by the SMBv1 protocol, and yet, as we look around in the middle of 2018, the use of this protocol is still widespread. It is still not uncommon to find devices and applications using a protocol that is not only ancient, but also unsafe. Let’s take a quick look at some major reasons and recommendations that should convince anyone to stay away from this ancient version of SMB:

• SMB1 is not safe: Lack of encryption, pre-authentication integrity, insecure guest blocking and more makes it vulnerable to malicious attacks such as the WannaCry ransomware attack which spread through the SMB1 protocol.

• SMB1 is not efficient: SMB2 and SMB3 are much more productive by means of bigger reads and writes, peer caching, durable handles, etc.

• SMB1 isn’t necessary now: Only in a very outdated environment is SMB1 the only option.

For years Microsoft has tried to prevent companies from implementing SMBv1 in new products and to upgrade older products to safer and newer SMB versions. In September 2016 the company had released an article titled “STOP USING SMB1”, and one year later became more active and disabled SMBv1 completely, starting with Windows 10 RS3.

In parallel, a shaming list was published of all companies that risk their users by using the SMBv1 protocol only and warning users to keep a foot away from these products. The WannaCry cyber-attack is a concrete proof of the risk potential and results of using SMBv1. As is well known, the WannaCry malware spread via SMBv1, first infecting one machine that would then propagate the malware to other at-risk boxes.

While Microsoft has been fighting to eliminate the SMBv1 protocol, the United States Department of Homeland Security has released an official warning to the public to disable SMBv1, and that the sooner it is done, the better.

The move to an updated SMB library is Inevitable as Microsoft will continue to release newer Windows versions with SMBv1 disabled (or even dropped completely), and sooner or later products with only SMBv1 will become simply unusable.

Visuality Systems SMB products support all SMB dialects up to the latest , encrypted SMB3.1.1 version. The chart below illustrates how different SMB versions speak to each other as of September 2017:

Visuality Systems’ NQ products are commercial, developed from scratch and come with support available round the clock. When you purchase from Visuality, you receive a product built on 20 years invested in SMB along with the backup of a professional and experienced SMB team.

Visuality Systems also provides personal email and phone numbers of its engineers to ensure customers receive a quick response to any enquiry.

About the Author

Tal Widerman is the director of Marketing at Visuality Systems located at 3 Hatamar St. Hi Tech Star Building, Yokneam Illit. Israel. 20692002. For years Tal has been active in the file sharing technology marketplace, managing licensing and partnerships of Visuality’s software and security libraries. He loves to study cyber security trends and was one of the first to take notice of how WannaCry exploited an easily fixed vulnerability. Tal is responsible for Visuality Systems' marketing activities since 2012. Tal holds an MBA from the Tel Aviv University International Business School majoring in Marketing. Tal can be reached at [email protected] and at Visaulity Systems company website www.visualitynq.com

BEST PRACTICES FOR DDOS MITIGATION IN THE TERABIT ATTACK ERA by Tom Bienkowski, Director, DDoS Product Marketing, NETSCOUT Arbor

IoT botnets changed the DDoS attack landscape, but not necessarily in the way many people thought they would. The Mirai IoT botnet was, initially and with much success, used to launch a high volume DDoS attack which left large parts of the internet inaccessible. After the Mirai botnet source code was released in October 2016, attackers innovated and diversified their toolkit. But, rather than focusing exclusively on high volume attacks, they used Mirai and other IoT botnets as a platform for multi-vector attacks, simultaneously targeting bandwidth, applications and infrastructure. The evolution of Mirai code continues today.

Contrary to what may be percolating in the industry due to the emergence of highly publicized threats of ransomware and cryptojacking, however, DDoS is not dead. In fact, 57 percent of Enterprise respondents to NETSCOUT Arbor’s 13th annual Worldwide Infrastructure Security Report saw their internet bandwidth saturated due to DDoS attacks, an increase of 27 percent on the previous year, and half (52%) had firewalls or IPS devices fail or contribute to an outage during a DDoS attack. In addition, there was a reported annual increase of 20 percent in multi- vector attacks, and a 30 percent increase in application-layer attacks.

DDoS attacks clearly remain a serious concern, with 57 percent of respondents (up from 48 percent last year) citing reputation/brand damage and operational expense as the two main business impacts. 32 percent of respondents also saw an increase in revenue loss as a business impact, up from just 17 percent previously.

What, then, does this mean for defenders? Given the increasingly complex threat landscape, the choice of DDoS protection has significant implications on the risk profile of the modern enterprise.

Cloud-only protection, for example, leaves organizations vulnerable to layer-7 application attacks, as well as stateful attacks targeting firewalls, while CDNs protect web traffic, but not layer-7 applications or stateful infrastructure. The modern threat landscape demands best practice DDoS defense which includes integrated on-premise and cloud-based protection. Only then will organizations be protected from the full spectrum of modern DDoS attacks.

Landscape implications

While 2018 has ushered in an era of terabit DDoS attacks, the report’s findings indicate that it will also prove to be a year faced with application-layer attacks. Unlike volumetric attacks, which overwhelm networks quickly by consuming high levels of bandwidth, application-layer attacks are more subtle and insidious – and much more difficult to detect and block.

The application-layer attack, sometimes called a Layer 7 attack, targets the top layer of the OSI model, which supports application and end-user processes. In these outbreaks, attackers pose as legitimate application users, targeting specific resources and services with repeated application requests that gradually increase in volume, eventually exhausting the ability of the resource to respond. Widely regarded as the deadliest kind of DDoS attack and often fueled by Mirai botnets, application-layer attacks can inflict significant damage with a much lower volume of traffic than a typical volumetric attack, making them difficult to detect and mitigate proactively with traditional ISP or cloud-based monitoring solutions. They have a singular goal: take out a website, application or online service. While service providers can detect and block volumetric attacks as well as larger application-layer attacks, smaller application attacks can easily escape detection in the large ISP backbone, while still being large enough to cause a problem for the enterprise network or data center.

Domain name system servers (DNS), the directories that route internet traffic to specific IP addresses, are the most common targets, and HTTP and secure HTTPS services are also targeted frequently, rendering them unavailable to legitimate requests. In fact, many business- critical applications are built on top of HTTP or HTTPS, making them vulnerable to this form of attack even though they may not look like traditional public web-based applications.

WAF is not enough

But won’t a web application firewall (WAF) provide adequate protection against application-layer attacks? Since applications are the targets, this seems logical on the surface. And WAFs are certainly necessary to filter or block attempts to gain access to servers or data. However, they are vulnerable to state or resource exhaustion. The problem is that what starts as a trickle of legitimate-looking app service requests eventually turns into a flood, and application-level defenses won’t recognize the flood of legitimate requests as an attack at all. Moreover, a typical application-layer attack is often just part of a larger “blended” attack employing multiple attack methods, which may not be targeting the application layer that a WAF is analyzing.

For these reasons, a DDoS perspective is necessary to detect and thwart application-layer attacks, especially because security teams may not even realize they are under attack when the site goes offline. Unsuspecting teams can be left scrambling to restore service on the fly, diverting IT resources and spending hours or days to fix the problem, translating into millions of dollars of lost business.

Best practice defense against DDoS

Application-layer attacks contradict the perception of DDoS attacks as large-scale threats that overwhelm defenses and incapacitate networks through sheer brute force. Network guardians need to be on the lookout for these smaller but smarter threats that can work their way through the slightest openings. If you’re using traditional network management tools, signs of a potential application-layer attack may manifest themselves as “503 “Service Unavailable” errors.

To effectively detect and mitigate this type of attack in real time, what’s needed is an inline, always-on solution deployed on-premise as part of a best-practice, hybrid DDoS defense strategy combining cloud-based and on-premise mitigation. An intelligent on-premise system will have the visibility and capacity to quickly detect and mitigate these stealthy, low-bandwidth attacks on its own, and early enough to avoid the need for cloud mitigation. Should the attack turn into a flood, the on-premise system can instantly activate cloud-based defenses through cloud signaling. Deploying any widely available on-premise component of a hybrid DDoS defense solution can mitigate the vast majority of application-layer attacks before they can do damage

The best place to deploy application-layer DDoS detection and mitigation measures is at the traffic entry point at the edge of the enterprise data center or ISP infrastructure, ideally outside the firewall as, due to the small scale of these attacks, they are harder to detect and stop once they have worked their way into the data center or network. An edge-based DDoS protection system gives operators the ability to customize detection and mitigation for the specific applications running within the data center.

Some approaches to DDoS mitigation, such as cloud-based solutions, can have a false positive problem – blocking legitimate users while trying to block attacks. Having a dedicated, edge- based DDoS protection system allows protections to be tuned so that they won’t block legitimate application traffic or have an impact on normal users, even during an attack.

In closing, consider that on-premise doesn’t just mean the enterprise network itself. It’s also about the migration to “the cloud,” and the need to provide the same kind of on-premise protection for assets hosted in either public or private cloud environments, which have the same application layer vulnerability to DDoS as an on-premise datacenter. Enterprises should make sure that, as they move critical assets to the cloud, they are providing the same level of application protection there and not falling back to relying on WAF or other non-DDoS solutions for their DDoS protection. And as cloud migration continues, consider that most organizations will have a hybrid-cloud environment. That is, a combination of applications or parts of applications running on-premise and others running in the cloud. In this case, organizations should strive to have a single DDoS attack protection solution that they can centrally manage and configure to protect on-premise and in-cloud applications.

About the Author

Tom Bienkowski is the Director, DDoS Product Marketing, NETSCOUT Arbor. Tom has worked in the network and security industries for more than 20 years. During this time, he has served as a Network Engineer for large enterprises and has had roles in Sales Engineering /Management, Technical Field Marketing and Product Management at multiple network management and security vendors. Currently, as Director of DDoS Product Marketing at NETSCOUT Arbor he focuses on Arbor’s industry leading DDoS Protection Solutions. Tom can be reached online at @arbornetworks and at our company website https://www.netscout.com/arbor.

HOW TO PROTECT YOUR BUSINESS FROM CYBER- ATTACKS?

by Ravindra Savaram, Vmonlinetraining and Tekslate

Introduction

Cyber threats have become a scary reality with a high percentage particularly targeting individuals and businesses. No matter what the company’s government stature or the size of the business or who the individual victim, the threat of cybercriminals stealing critical information is real. The practice of extortion resulting from a cyber attack has become more common for all business sizes and types.

Today, one of the major places to do business is the Internet and it brings a wealth of benefits and opportunities. In fact, the capability to operate a website, transact and work remotely, safely store data and email is crucial to the ability to grow, everyday operation, and success. However, along with this comes a huge element of risk.

For the purpose of extortion, cyber-attackers can threaten to institute a DoS(Denial-of-Service) attack, publish personally identifiable information or personal information on employees or customers, take over social media accounts, infect an organization with a virus, or erase data or shut down computer systems. As such, it is important that businesses must do whatever they can to protect themselves against cyber attacks.

How Businesses Can Protect Themselves From Cyber Threats?

Let’s have a look at ways in which businesses can protect themselves from cyber threats.

Security Policy

It is crucial that your company defines security protocols for each of your business aspects to ensure your organization is protected from cyber threats. These protocols must be intrinsic within your business strategy. Due to a large amount of information being stored digitally, it is crucial that your company’s policy cover addresses newer concerns like the Internet of Things, cloud computing, and social media security along with standard practices like data backup and security audits. In addition to this, ensure you have an incident response plan in place as part of your security policy so that your company will be prepared to respond immediately if something does happen.

Ensure Everything is Up-To-Date

Always make sure your anti-virus software and various other security applications are updated regularly. By doing this, you can keep your company safe from new threats and ensure your infrastructure is secure. You can also use full-disk encryption tools to secure your data and these tools come as standard with almost all the operating systems. These tools will encrypt every file on your device within a minute without slowing it down.

Hire a Cybersecurity Expert

Appointing a cybersecurity expert for monitoring and safeguarding information is an excellent option that many businesses are turning to, especially because the cloud-based services are on the rise. By using a third-party company that specializes in the field of cybersecurity, you can rest assured that they are updated frequently with the latest threats and your protection grows and scales as required. These companies will know what to look for and will intimate you if they find anything suspicious. This way, you can focus more on your employees and business.

Backing Up Your Data

Protection of your business enhances if you backup your information regularly. You have to backup all your data, files, and various other basic resources as they are the backbones of your business. This is quite helpful if any unknown invasion takes place.

A cyber threat such as malware can erase all your information or disable your structure/framework. So, it is great that you have a reinforcement of all the data, especially basic information. Saving backups in the cloud or to an outside hard drive is an effortless method to ensure that your data is stored securely.

Train Your Staff

Educate your employees on how their online behavior should be and what risks they are prone to. Train them about the warning signs of cyberattack and best practices in cybersecurity, as well as the procedures to follow if any attack occurs. Enforce strict password policies for all your staff and business accounts. Draw the line on what internet practices are not allowed on devices and within the office. Make sure your employees are aware of how to act when a sudden attack happens.

Wrap-Up

Cyberattacks are quite common these days and the prime targets for them are the businesses. By implementing the above mentioned practices, you can save your business from a lot of cyberattacks down the line. Make sure your employees obtain training in cybersecurity to better counter the cyberattacks.

About the Author

Savaram Ravindra was born and raised in Hyderabad, popularly known as the ‘City of Pearls’. He is presently working as a Content Contributor at Tekslate.com and vmonlinetraining.com. His previous professional experience includes Programmer Analyst at Cognizant Technology Solutions. He holds a Masters degree in Nanotechnology from VIT University. He can be contacted at [email protected]. Connect with him also on LinkedIn and Twitter.

WANT TO PROTECT YOUR ONLINE CUSTOMERS? KEEP YOUR WEBSITE SAFE. by Pedro Fortuna, Co-founder and CTO Jscrambler

How would you know if your users were being compromised on the client-side whilst logging on to their bank account online? How confident can you be that the content and components they are seeing and interacting with are precisely the ones that you deployed for them? Up until now it has been difficult to know for sure. The many advances in security techniques have proved to be successful in protecting the server side from cyber criminals. However, hackers are now increasingly targeting the end users on the client side of applications. Man-in-the-Browser (MITB) attacks, for example, are worryingly very much underestimated by e-banking organisations. This lack of preparation and understanding on behalf of many financial organisations results in unsafe web platforms and exploited customers. Bad news on both fronts if you consider the potential reputational damage and financial losses incurred.

So what actually happens then in a typical MITB attack? In most cases users are completely unaware that they have had their device infected with malware (a Trojan), which is usually injected by a phishing campaign, a malicious browser extension or some kind of social engineering offensive. It stays silently in the background, waiting for the user to visit a target website. When this happens the Trojan, which is embedded in the browser, can start to harvest sensitive information. Users remain unaware of the attack, as their interactions appear to be valid and true. Similarly, the bank remains equally in the dark as the user appears to be behaving normally and no red flags appeared at the login stage.

These attacks set out to commit some kind of financial extortion whether it’s to steal credentials or data such as a user’s credit card information – and this can still happen even if other authentication factors are in play. Banks must not underestimate the reputational damage that such incursions can inflict. Customers need to feel reassured that they can access e-banking services via safe and secure technology platforms. Building and maintaining trust is critical for those organisations operating in the financial services sector.

Ironically, even though banking Trojans have been around for a decade or so, most banks still lack the tools that would give them the correct level of insight into the frequency and scale of such intrusions. The degree of bank hacking activities seems never-ending; indeed, gangs are looking to hack bitcoin and cryptocurrency exchanges these days, still using good old man in the browser techniques though.

So what then can banks do to protect the browser side of their e-banking services? How can banks protect users who are accessing their online banking sites using their computers and devices that might well be compromised without their knowledge?

Fraud monitoring can offer some help. If a bank is screening transactions then they might detect that something is awry. However, if an attacker is simply waiting for the user to carry out a transaction and then only modifying the destination account number, this activity will not trigger anything. Similarly, bot detection or behaviour-based detection will yield no results as the user is commanding the navigation. Everything will seem normal. How about device fingerprinting or

geo-location? Unfortunately, these cannot be considered viable solutions because, under such attacks, the user is using their own device in its usual location.

What about a totally different approach then? For example, you could monitor the application in real-time for modifications to the DOM, to Native APIs, and to events. Since anything could be potentially malicious, a whitelisting approach combined with machine learning is needed in order to tackle false positives. Such a system can generate real-time notifications to the backend of the application, with useful data that can drive automated responses.

The proposition of application real-time monitoring provides a solid defence. It can detect changes produced by MITB (as well as other injection/tampering attacks such as MITM, malicious extensions, malicious or compromised third-party modules). It doesn’t matter how these attacks are implemented, this approach works by detecting changes made to the web page without user knowledge. It allows financial institutions to react in real-time by having set policies in place that act upon the alerts in metadata. It also detects zero-day threats.

These days banks have no excuses for getting security right across all access points. The financial losses stemming from cyber attacks can be severe and the damage to both reputation and brand could potentially prove to be even more so.

About the Author

Co-Founder and CTO of Jscrambler, where he leads the application security research activities and lays out the technical vision for all the products developed by the company. Pedro holds a degree in Computing Engineering and an MSc in Computer Networks and has more than a decade of experience researching and working in the application security area. He is a regular speaker at cyber security conferences and software development events, including multiple-time speaker at OWASP events. His research interests lie in the fields of Application Security, Reverse Engineering, Malware, and Software Engineering. Pedro is also the author of several patents in application security.

Pedro can be reached online at [email protected] and at the company website www.jscrambler.com

LOCAL BACKUPS MAY NOT KEEP YOUR BUSINESS SAFE FROM RANSOMWARE

In the last few years, a series of devastating ransomware attacks has cost businesses billions of dollars. Ransomware doesn’t discriminate: businesses of all sizes have been hit hard, but smaller businesses are disproportionately affected because they are less likely to have the resources and the expertise to bounce back quickly. Much of the discussion around ransomware has focused on the ransom — the money that criminals demand in return for a key to decrypt the data. But, in reality, the biggest cost associated with ransomware is downtime.

Losing access to business-critical data and software disrupts business operations. For larger businesses, that cost may be measured in the millions. For smaller companies, the absolute numbers are lower, but the impact on the business’s long-term future can be devastating.

PREVENTION IS BETTER THAN CURE

The best way to combat ransomware is to ensure it never finds its way onto your business’s servers and desktop computers in the first place. Ransomware has a number of vectors, but the most common are phishing attacks and software vulnerabilities.

The NotPetya attacks of 2017 used a vulnerability called EternalBlue to infect Windows systems. Patches were available for EternalBlue for months prior to the attacks. The Locky ransomware was distributed via links in phishing emails. 61 Cyber Defense eMagazine – August 2018 Edition Copyright © 2018, Cyber Defense Magazine, All rights reserved worldwide.

Keeping software up-to-date and training staff how to spot phishing emails are the first line of defense against ransomware.

BUT PREVENTION IS NOT ENOUGH

No business is immune from security mistakes and human error, so prevention is not enough. It is also necessary to make sure that attackers can’t deprive you of data if your infrastructure is infected. Up-to-date backups provide a surefire defense against data loss. But, in my experience, many businesses do not have backup systems that are robust enough to keep data safe from ransomware.

Ransomware is sophisticated, and some strains are capable of sniffing out local backup drives, including the network-attached storage that many businesses use for backups. Once the ransomware is on your system, it will search for copies and encrypt them too. The most effective backup systems send data to a secure offsite location that can’t be reached by ransomware. Cloud backup platforms that continuously uploading data to a secure remote data center are the best option.

BEYOND BACKUPS

Big businesses don’t just do backups: they also replicate key systems – including servers, networking, storage, and software – in multiple data centers. If their primary infrastructure is knocked out, they can switch to redundant infrastructure running in a distant data center.

In the past, this type of disaster recovery infrastructure was too expensive for smaller businesses, most of which can’t afford to buy and maintain duplicate infrastructure that sits idle until disaster strikes. But the introduction of inexpensive cloud servers has changed all that. Today, cloud Disaster Recovery as a Platform (DRaaS) services allow businesses to create comprehensive disaster recovery plans than combine continuous data backups with quickly deployed redundant cloud infrastructure. If ransomware or human error take out key systems, duplicates can be deployed to the cloud in minutes. Ransomware is a serious threat, but with modern cloud technology, businesses can protect their data and minimize the risk of disruption.

About the Author Karl Zimmerman is the founder and CEO of Steadfast, a leading IT Data Center Service company. Steadfast specializes in highly flexible cloud environments, robust dedicated and colocation hosting, and disaster recovery.

TOP 10 TIPS FOR WORDPRESS WEBSITE SECURITY by Julia Sowells, Security Expert, Hacker Combat

WordPress, which is a very commonly used CMS, powers a third of the world's websites. An advantage of using WordPress is that even the premium features are available at reasonable prices.

Now, let's look at the other side of the picture. A recent survey report had stated that in today's world, where cyber attacks are so rampant, 70 percent of all websites are vulnerable to attacks. But experts point out that there are certain basic measures that can be adopted to ensure better security of your websites. Let's discuss certain basic tips that could help ensure better security for WordPress websites:

Restrict website access by setting up website lockdown

Setting up website lockdown to restrict access to your WordPress website is critical to ensuring proper website security. Hackers would try their best to crack into your system by using different passwords, but by setting up login limits brute force attempts can be prevented. Whenever the number of login attempts exceeds this limit, you'd be promptly notified.

Have email as login in place of username

Email login to WordPress websites helps prevent security issues. So, it's always advisable to choose your email for your login rather than opting for a username. This is simply because usernames are easy to crack compared to email IDs.

Always use two-factor authentication

Always opt to use two-factor authentication at the login page. This would want anyone who tries to log in to provide two different components while logging in. The components could be anything- password followed by a secret code or question, a set of characters etc. It could be a bit irritating at times, but since security is of utmost importance, it's always good to go for two- factor authentication.

Give importance to password management

Password management is pivotal to website security. Make sure your WordPress website is secure by changing your website password regularly. You also need to ensure that your password is always strong and difficult to crack. Go for passwords that are a mix of small and capital letters, plus alphabets and special characters (non-alphanumerical characters).

Always rename your login URL

Replacing the login URL with a new one would help you protect your WordPress website from almost 99 percent of direct brute force attacks. If you retain the direct URL of your login page, it would be like giving an open invitation to hackers to come and hack your website.

Delete old plugins that you no longer use

Delete all the old plugins that you are no longer using. Such old, unused plugins can be used by attackers to gain a backdoor entry into your WordPress website.

Add a password to the wp-admin directory

It's always good to add a password to the wp-admin directory of your WordPress website. That helps secure the admin area in particular and the WordPress website in general.

Install firewall software

Install firewall software to protect your WordPress website from external threats. There are many options available. Choose one that fits your needs and gives comprehensive security. A robust firewall software is a must for the security of your WordPress website.

Encrypt Data with SSL

SSL (Secure Socket Layer) certificate is critical as regards data security. Encrypt and secure your website data and the data of the users who access your website, with SSL certificate.

Have regular backups

You might have taken all necessary steps, but still, data breaches can happen. It's here that the relevance of having data backup comes in. Have data backups, update them regularly. This would help you restore your website fast in case of a security breach.

About the Author

Julia Sowells is a security geek with almost 5+ years of experience, writes on various topics pertaining to network security.

For a decade of experience in technology, she has worked on dozens of large-scale enterprise security projects, and even writing technical articles.

Julia can be reached online at (EMAIL, TWITTER, etc..) and at our company website https://hackercombat.com/

OPERATION ELIGIBLE RECEIVER - THE BIRTHPLACE OF CYBER SECURITY: VULNERABILITIES

More than 20 years ago, the NSA conducted an exercise named Operation Eligible Receiver 97. The purpose of the exercise was to test the response capabilities of critical Department of Defense information systems in the case of a breach. The exercise concluded with startling results. Utilizing only publicly available hacking techniques, the NSA was able to completely infiltrate the DoD network and gained superuser access into high-priority devices. This was done primarily through the use of exploiting common vulnerabilities.

Following a two year review of the exercise, the importance of patching vulnerabilities was made clear. Though best practices were not formally codified, security frameworks and practices were developed to help protect organizations from vulnerabilities. These include NIST 800-53, The Common Vulnerability Scoring System (CVSS), and The National Vulnerability Database. Operation Eligible Receiver 97 served as the birthplace of risk management knowledge for security teams. The dangers of exploitable vulnerabilities were demonstrated and documented. Today, more than 20 years after the exercise, many organizations continue to struggle with risk management.

Current Struggles With Vulnerabilities In order for an organization to administer their vulnerability management process, they must first understand what assets they have. Many times organizations rely on DHCP servers and IP leases to conduct an asset inventory, but this leads to inaccurate records and exploitable vulnerabilities. Security teams need a reliable record of all software to properly apply patches. An accurate asset inventory gives organizations direction towards where to focus or apply patches.

In addition to an accurate asset inventory, organizations need a method of continuously tracking what machines did or did not receive patches and if they are still vulnerable. Most networks have measures in place for automatic patching. However, installing additional applications and user-made changes will lead to anomalies.

These anomalies can be patched through group policies, but this can be difficult for organizations to organize and there is no guarantee of success. For example, machines that were turned off when group policies were pushed will not receive patches and will remain vulnerable.

Security frameworks incorporating risk management practices are a great starting point for any organization struggling with risk management. When vulnerabilities are audited, members from both security teams and management discover answers to questions such as “who applied this patch?” or “why was this vulnerability accepted?”

Regulations and Standards

Following the results of Operation Eligible Receiver 97, a number of frameworks and standards such as NIST 800-53, The Common Vulnerability Scoring System, and The National Vulnerability Database were put into place to ensure organizations can document compliance with tracking vulnerabilities.

NIST 800-53 is a publication of security and privacy controls for information systems and organizations from which a majority of industry-specific frameworks (such as HIPAA, FFIEC, PCI DSS) are derived. This publication offers a guideline for improving security posture and emphasizes the importance of continuously monitoring networks for the latest vulnerabilities.

NIST 800-53, along with other security frameworks, call for organizations to assess risks through the use of the Common Vulnerability Scoring System (CVSS).

The CVSS offers a method of capturing the characteristics of a vulnerability and producing a numerical score reflecting its severity.6 This scoring system brings direction to the vulnerability management process by differentiating risks that need immediate attention and risks that are much less dangerous. Vulnerability assessments typically return large amounts of risks for organizations, many of which are false positives.

The CVSS and The National Vulnerability Database are great resources for organizations attempting to mitigate risk efficiently.

Continuously Monitoring Vulnerabilities

Trying to manage risks without the proper tools can take large amounts of time that security professionals do not have. Continuous monitoring solutions streamline the vulnerability management process while improving security posture at the same time.

For example, if an employee decides to violate an organization’s acceptable use policy and download a program such as Flash, new vulnerabilities will be introduced.

A continuous monitoring solution will detect these new risks the moment they appear and alert the appropriate personnel of the new risk via email. This allows security professionals to act quickly to remediate risk and also view usable security metrics such as what the vulnerability is, who introduced it, and when did it enter the network.

6 Common Vulnerability Scoring System SIG, https://www.first.org/cvss/

(The Risk Enumeration Dashboard in AristotleInsight® displays a summary of your current vulnerability risk; either for a specific group or for your entire enterprise. The dashboard shows metrics based on NIST standards in addition to other metrics like CVSS, vulnerability distribution, Vulnerability Risk Cluster graph, and general statistics on the number of devices and software currently impacted by vulnerabilities.) One example of a solution is AristotleInsight®, which identifies risks as they enter the network through one of the three vulnerability gateways: Critical CVEs, Cyber Hygiene or End of Life Software and allows security professionals to document the remediation process in detail.

(The Enumeration Management Report in AristotleInsight utilizes several tabs for the process of identification, remediation, audit, and assessment of vulnerabilities and vulnerable software on your network.)

Managing Vulnerabilities With AristotleInsight

AristotleInsight was developed to meet the needs identified by Operation Eligible Receiver 97. The system continuously identifies risk, directs remediation, and documents results from security functions such as Vulnerabilities, Configurations, Privileged User Management, Asset Inventory, and Threat Analytics.

Utilizing the revolutionary UDAPE® technology, AristotleInsight collects reliable data from the process level across all devices on an organization’s network.

A unique Bayesian Inference Engine sorts through the kernel level data highlighting actionable items to help security teams identify risk, direct the remediation process, and document results. This helps security teams save time and better manage cybersecurity posture.

AristotleInsight is the perfect solution for an organization attempting to build their security process. For organizations with a mature cybersecurity process in place, AristotleInsight is an effective hunt tool.

To learn more about AristotleInsight:

Visit - www.aristotleinsight.com

Email - [email protected]

Call - 866-748-5227

About the Author:

Josh Paape is an Online Marketing Specialist at Sergeant Laboratories, a leader in security and compliance solutions that allow businesses, governments, and healthcare institutions to comply with regulations and stay a step ahead of criminals. As a graduate of the University of Wisconsin - La Crosse, Josh has experience marketing products from a variety of industries. As a contributor to CDM, he hopes to spark new thought and discussion topics in the information security community.

Connect with Sergeant Laboratories: https://www.sgtlabs.com

Sergeant Laboratories Blog: https://www.aristotleinsight.com

LinkedIn: https://www.linkedin.com/company/sergeant-laboratories-inc

Twitter: @Sergeant_Labs

CONNECTIVITY IS KEY FOR THE LOGISTICS OF TOMORROW

OUR ECONOMIES AND OUR LIVES DEPEND ON THE EFFICIENT MOVEMENT OF GOODS; MOVEMENT THAT IS UNDERPINNED BY COMPLEX TRANSPORT AND LOGISTICS CHAINS. BUT, WHILE DELIVERING GOODS FROM PRODUCER TO END USER, TRANSPORT AND LOGI STICS SYSTEMS ARE UNDER INCREASING PRESSURE TO DELIVER GREATER EFFICIENCY, MORE SUSTAINABILITY AND I MPROVED COST-EFFECTIVENESS. A NUMBER OF INITIATIVES FROM ERTICO – ITS EUROPE ARE ADDRESSING THESE CHALLENGES AND CREATING THE TRANSPORT AND LOGISTICS SYSTEMS OF TOMORROW.

Transport and logistics are facing the same challenges as other sectors – the need to increase efficiency, improve sustainability and lower costs. For transport and logistics however, this is further compounded by the need to offer a better customer service in the face of growing customer expectations, and to ensure compliance with ever more stringent regulations.

One of the biggest transport problems globally is congestion, especially on the roads. Congestion costs Europe about 1 % of its GDP every year and is the cause of a large amount of carbon emissions. Another challenge is the digitalisation process of transport networks and infrastructure. If fully implemented, this could better integrate road, rail, air and waterborne travel into a seamless logistics chain across Europe.

The sustainability of urban logistics is a challenge for rapidly growing cities worldwide. Sharing is a big story for logistics – from Uber-style approaches to last-mile delivery, to more formal joint ventures and partnerships at corporate level. The whole sector is redefining collaboration through change, but is still hampered by inconsistencies in everything from shipment sizes to processes and IT systems. Large e-commerce players as well as various start-ups view last mile services as a key differentiator from their competitors. Services are in competition for traffic lanes and parking spaces as well as being vulnerable to other disruptions, like traffic accidents, traffic jams or weather.

Services will need an active data exchange and an open location platform to host the appropriate data. ‘New digitized innovations and services will require collaboration since nobody can do this alone,’ says Mika Rytkonen CEO behind data driven solution HERE Tracking. ‘New innovations, such as HERE Tracking, automated vehicles or active traffic management, are entering the market and are all powered by data. ERTICO with its innovative platforms will play a key role in driving industry collaboration to make transportation smarter.’ One of these platforms is ERTICO’s TM 2.0 that enhances logistical efficiencies by providing better insight into highly congested delivery areas such as rails and ports.

Also key to meeting these daunting challenges will be improving the way that elements in the freight and logistics chain communicate with each other and exchange data. This is particularly true for highly congested hubs such as ports. ERTICO, a public-private partnership that develops, promotes and deploys Intelligent Transport Systems and Services (ITS), understands the key importance of improving interoperability and connectivity when it comes to optimising cargo flows and streamlining supply chain management.

ERTICO has set itself the goal of achieving fully digital, interoperable and automated freight and logistics operations in Europe by 2025 and seamless logistics and freight transport by 2030. With this goal in mind the partnership has recently announced its intention to develop the new LogistiX hub for a trusted data exchange in supply chain and logistics.

Dr. Johanna Tzanidaki, Director of Innovation and Deployment at ERTICO, said: ‘The LogistiX hub will be a knowledge and business incubation centre, which will help companies to become more competitive with regards to logistics and supply chain services using digital technologies. Offering a catalogue of leading edge ideas, solutions, networks and compliance testing it will enable the optimisation of international end-to-end data visibility of the supply chain.’ The LogistiX hub will be formally launched at the ITS Congress in Copenhagen in September 2018.

Leveraging the state-of-the-art

To achieve fully digital and interoperable freight and logistics chains it will be necessary to leverage cutting-edge technologies and solutions, for example autonomous mobility and unmanned aerial vehicles (drones). But the greatest impact in this area will undoubtedly come from exploiting synergies between ICT solutions, such as 5G, IoT, end-to-end visibility networks and blockchain.

ICT platform connectivity is a core consideration of ERTICO’s AEOLIX project. This project is developing a digital ecosystem to better manage, plan and synchronise freight and logistics operations across Europe. AEOLIX will improve the overall competitiveness of goods transport in the supply chain by enabling low-complexity and low-cost connectivity of local ICT platforms and systems. It will also overcome fragmentation of data exchange and ensure scalability, interoperability and visibility across the supply chain. The resulting automation of the data flow between logistic chain stakeholders will make management of their relationships more flexible, supporting an improved workflow across companies.

The improved connectivity that the project will deliver will enable the scalable, trusted and secure exchange of information. This, in turn, will improve the overall competitiveness of goods transport in the supply chain and make it more environmentally, economically and socially sustainable. Improved connectivity will also support cooperative ITS solutions, which will also improve logistics operations by generating real-time traffic information, allowing better tracking and tracing of goods.

Join the conversation

Efficiency in freight transport is one of the key topics that will be discussed at this year’s Intelligent Transport Systems (ITS) World Congress, which will take place in Copenhagen, Denmark on 17-21 September 2018. If you would like to come to Copenhagen and join the discussion, register here. Early birds will receive a discount if they register before 2 July 2018.

Just a few of the relevant sessions on this topic include:

• ES08 Efficiency in Freight Transport • SIS80 Across the Pavement – Smart Freight Delivery for the last Metres • ES03 Essentials for developing a Smart City • SIS70 Port of the Future towards Automation • SIS87 Ensuring a network for logistics data exchange

For the full programme of the please click here.

Author: ERTICO – ITS Europe.

ARE YOU CORRECTLY TACKLING THE CYBERSECURITY CHALLENGE? by Dan Meyrick, Regional Sales Manager, UK & Ireland, Genetec Inc.

With the rapid adoption of the Internet of Things (IoT), we are moving towards an entirely interconnected world, from smart organizations to smart cities. No one can dispute the power that IoT presents, but with it brings an unprecedented cybersecurity challenge. Therefore, its deployment needs to be strategically thought out together with wide-scale collaboration, responsibility, openness, accessibility and most of all trust between all relevant parties - vendors, systems integrators, consultants, IT departments and cybersecurity specialists.

As we become more and more reliant on web-based services and connected devices, we run the risk of making ourselves more vulnerable, particularly if we fail to recognize the importance of cyber-security in relation to the IoT.

Connectivity means vulnerability

Having doubled in frequency, 2017 was the worst year in terms of ransomware attacks and with barely a week going by without a new breach hitting the news, the trend isn’t set to slowdown. One of the first high profile examples was the major US retailer Target dating back to 2013. Over 100 million customers were affected, costing Target an estimated $300M to date. The attack occurred when an HVAC (heating, ventilation and air-conditioning) system was compromised, allowing hackers to steal sensitive personal customer data.

As part of both public and private networks, connected devices are becoming increasingly interconnected to facilitate their management, speed up communications and increase data sharing. However, the last five years has seen a proliferation in the availability of cyber hacking tools and cybercriminals have become wider-more spread and sophisticated. Without adequate security, these connected devices provide a gateway into personal, corporate, and governmental networks where confidential data can be stolen or vicious malware can be planted.

Cybercrime is more of an issue now than ever

Whilst interconnectivity is inevitable, as I’ve already indicated, there are risks we have to be aware of and stay vigilant against. Many incidents occur on unsecured networks, exploiting devices lacking basic cybersecurity features. The speed at which these unprotected networks and devices are being hacked is increasing. An easy example of these types of cyber-attacks involves those of vehicles with keyless entry. Back in 2017 it took thieves less than 30 seconds to intercept unencrypted communications between a car key fob and the car before it was driven away from the unsuspecting owner’s driveway. http://www.bbc.com/news/uk-england- birmingham-42132689 . A further example of the speed at which systems can be hacked and compromised is when a fake web toaster was put online with open web ports on an unsecure network. It was found in less than one hour which just shows how easily these devices can be

pinpointed and violated. https://www.theatlantic.com/technology/archive/2016/10/we-built-a- fake-web-toaster-and-it-was-hacked-in-an-hour/505571/

Whilst companies may recognize the importance of cybersecurity, in practice they are still not vigilant enough in regularly reviewing and enhancing industry security standards and practices to protect both themselves and their clients in an increasingly complex and threating environment.

Small medium businesses (SMBs) are considered fair game by cyber hackers, and according to IBM, 62% of all cyber-attacks—about 4,000 per day—are on SMBs. These attacks occur based on a number of contributing factors—organizations continue to add devices and systems to their networks and have poor bring your own device (BYOD) policies. Services are frequently outsourced to reduce costs, and they often solely rely on installers to deploy effective security practices, making them ‘soft targets’ to exploit.

What measures can you take?

When choosing an IP-based security solution, the customer must scrutinize and evaluate the vendor’s cybersecurity policies—what are their principles and practices? Do the built-in security mechanisms offered in their solutions use multi-layered encrypted communications, data protection capabilities, and strong user authentication and password protection? These measures help protect your organization and your customers against malicious attacks. They also ensure only those with defined privileges will be able to access or use resources, data and applications.

Interestingly, in May this year, IBM banned staff using any removable memory devices such as USB sticks, SD cards and flash drives as an extra layer of security. This follows in the footsteps of several other security conscious organizations, including my own.

If the unfortunate happens and a data breach does occur, then the recovery and settlement costs have the capacity to reach hundreds of millions of pounds. And the damage to the affected company’s reputation is often irreversible. The National Cybersecurity Alliance found that 60% of small companies are unable to sustain their businesses beyond six months following a major cyber-attack.

That’s why as the IoT gains momentum and data laws evolve, it will become critical to strengthen cybersecurity policies for all systems, including physical security solutions, which is more than just providing cybersecurity features. For companies to combat the cybersecurity challenge, there needs to be a true and trusted integration between cyber and physical security and a shared responsibility and partnership between all parties involved.

YOU CAN’T STOP ALL MALWARE, BUT YOU CAN STOP THE DAMAGE by Teresa Wingfield, Director of Product Marketing at Nyotron

Organizations cannot stop all malware with today’s endpoint security technologies, but they can mitigate the damage that malware intends to cause. To do so, they will need to implement a defense-in-depth strategy with an additional security layer that takes a fundamentally different approach from the others.

Malware is winning. A SANS survey shows that 53% of organizations have experienced an endpoint compromise within the last two years. According to Ponemon Institute’s 2017 Cost of Data Breach Study: Global Overview, organizations face a 27.7 percent likelihood of a recurring material breach over the next two years. Cybercriminals are successful since traditional antivirus and even next-generation antivirus solutions have trouble detecting increasingly evasive attacks. To avoid a breach, organizations need to realize that the bad guys are eventually going to bypass their current endpoint security layer and deploy an additional security control to stop the damage that the malware intends to cause.

Gartner analyst Mario de Boer defines a highly evasive attack as “an attack that uses novel, unique or previously unknown methods with the purpose of evading detection by most, if not all, commonly available technologies”. He believes that when evasive attacks do not reuse artifacts and use new techniques and tactics, threat intelligence, machine learning models or signatures alone will not catch them. This is exactly why malware is able to infect so many organizations even though they have deployed antivirus or next-generation antivirus solutions.

Traditional antivirus technology dates back to the 1980s. It is widely agreed that it is no match for unknown malware since it relies on signatures for malware detection. To compensate for this gap, next-generation antivirus emerged sometime around 2014 using technologies such as machine learning to discover malware. There is no doubt that this category of endpoint security has significantly improved detection efficacy. However, it falls short of 100% detection for many reasons:

● Since machine learning models are trained on known malware samples, they are not always effective against new unknown malware and fileless attacks.

● A machine learning model is just another signature, although a bit more generic than those used by traditional antivirus solutions are.

● Security solutions based on machine learning are focused on static file analysis. Hence, they aren’t necessarily effective against fileless attacks.

● These solutions tend to produce significant false positives, making it harder to identify true threats.

Endpoint security solutions such as antivirus, next-generation antivirus, host intrusion prevention systems and data loss prevention are all based on the very same negative security model that attempts to hunt down what is “bad” and allows everything else. Layering these security controls will not keep systems safe. When malware evades one security control, it will most likely evade all others because of the redundancy in security approaches that deliver “shallow” defense in depth.

True defense in depth is possible by adding a preventative security control that does not depend on the detection of threats. Rather than evaluating threats based on known malware with a negative security model, OS-Centric Positive Security draws on a completely opposite security paradigm using a whitelist of legitimate operating system behavior. This includes all normative ways to interact with the file system, registry, partition information and network at the operating system call level. OS-Centric Positive Security flags all other actions (outside of the finite set of normative actions) as the malware attempts to cause damage and blocks its activity.

A major advantage of OS-Centric Positive Security is that it is threat agnostic. It does not care what kind of threat is trying to get in. It does not care about the method or technique of the attack. It does not even care if the threat is already inside a network. It simply stops the damage.

The malware landscape is evolving and so too are the security solutions to address attacks. Just as next-generation antivirus arose to address traditional antivirus weaknesses, OS-Centric Positive Security is gaining momentum as a way to boost endpoint protection solutions by stopping the execution of malware that evades them.

About the Author:

Teresa Wingfield is Director of Product Marketing at Nyotron. Teresa has worked in the security industry for over a decade. Most recently, she managed McAfees’s portfolio of cloud workload and data center security solutions. She has also managed product lines in mobile security at VMware, virtual machine protection and website security at Symantec and file integrity monitoring at Active Reasoning (acquired by Oracle). Teresa holds graduate degrees from MIT’s Sloan School of Management and Harvard University.

PROTECT YOUR BUSINESS WITH THESE FOUNDATIONAL CYBERSECURITY DEFENSES

by Chris Novak

Cybersecurity data breaches are growing in frequency as the enterprise landscape continues to evolve digitally. With new technologies coming online every day, there is an increasing number of opportunities for cybercriminals to steal sensitive data from businesses – both internally and on customer levels. Moreover, the impact of breaches are far-reaching and financially costly for all parties involved – from a damaged reputation with customers, to legal teams embroiled in litigation, all the way to frontline employees, who can’t access the tools they need to do their jobs. Implementing the appropriate solutions to ward off potential threat actors is of the utmost importance for businesses. The size of an organization or the difficulty of scaling solutions to meet a large enterprise’s needs are reasons IT departments are often deterred from implementing the proper cybersecurity protocols, but there are initial, easy steps organizations of any size can take to implement a layer of security to ward off cybercriminals.

1. Two-factor Authentication: Passwords, regardless of length or complexity, are not sufficient on their own. No matter who is accessing your point-of-sale (POS), they should be required to use two-factor authentication. Phishing campaigns are still hugely effective, and employees make mistakes. Two-factor authentication can limit the damage that can be done if credentials are lost or stolen.

2. Employee Education is Key: Do your employees understand how important cybersecurity is to your brand and your bottom line? Get them on board, and teach them how to spot the signs of an attack and how to react. From full-time workers who handle sensitive information like employee W-2’s, to part-time employees who have access to company devices like tablets, all employees need to understand the severity of cyber threats and how they can prevent and react to potential incidents.

3. Patch Antivirus Software Promptly: Having antivirus software in place is not a one- and-done fix. The Verizon 2018 Data Breach Investigations Report found that 6% of breaches in 2017 could be attributed to patchable vulnerabilities in antivirus software. To prevent this, implement a routine checklist for general security hygiene, and have system admins make sure that the systems you build are made to deploy patches and updates in a timely fashion. Automate anything you can as this reduces human error associated with many breaches and don’t forget to conduct routine scans to discover misconfigurations before an adversary does.

4. Encrypt Sensitive Data: Encrypted data is rendered useless if it is stolen but the theft or misplacement of unencrypted devices continues to be a persistent cybersecurity issue across industries. Consider Full Disk Encryption (FDE), which is both an effective and low-cost method of keeping sensitive data out of the hands of criminals. FDE automatically converts any data saved to a hard drive into a format that cannot be read by someone who does not have the key to undo the conversion. FDE ultimately mitigates the consequences of physical theft of assets.

5. Don’t Forget Physical Security: Verizon also found that 11% of breaches over the past year involved physical actions, ranging from tampering with payment card readers to theft or loss of papers assets or devices. The theft and loss of assets were most commonly reported at the victim’s work area, or from an employee-owned vehicle. Surveillance cameras and entry systems for restricted areas, for example, can help deter criminals from tampering with systems or stealing sensitive material.

Maintaining cybersecurity best practices is a long-term play that all businesses should take more seriously. Protecting your good name does not just involve your response to a breach, but also the defense against one. Taking basic precautions that are dynamic and proactive is the easiest first step for any organization. Criminals will continue to find new and inventive ways to steal sensitive information, so businesses must stay vigilant and remain educated on the latest cyber threats facing their industry. This will allow them to better prepare and defend against future attacks.

HOW TO ASSESS AND AUDIT YOUR RISK? by Milica D. Djekic

Dealing with the risk is not an easy challenge! By the risk, we could mean the likelihood that something wrong could happen with our IT infrastructure. As it’s quite obvious, the risk could easily get correlated with the Murphy’s Law which would suggest that everything that can go wrong will go wrong. In other words, the risk is something that would increase with a time if we do not manage so in order to keep it at an acceptable level. Differently saying, the risk would get higher and higher if we do not put a certain effort to make it being satifactionary.

Cybersecurity environment is the very dynamic and complex one and as the laws of physics would teach us the entropy in the Universe would only go up and up. So, how could we correlate the entropy with the risk? The entropy is the level of the system’s disorder and the risk could get observed from a similar perspective. If we talk about the potential disorder within a cyber system, we would undoubtedly cope with the risk that can occur in case we do not watch out that asset and do not put some hard work in order to prevent the consequences of such causality.

In order to deal with the risk using the most appropriate manner we should know that there are some methods and techniques to obtain so. In this case, we would talk about the risk assessment and cyber defense auditing as the ways of managing the risk. The risk assessment could get seen as the initial step in approaching the risk and estimating how such an occurrence could affect the entire cyber asset. On the other hand, once you get all procedures, policies and preventive measures implemented within your organization – you could review the status of your cyber infrastructure applying some of the cybersecurity auditing phases.

The risk assessment would usually include the skillfully prepared questionnaire that would offer the chance to an assessor to estimate how serious the risk to a certain IT infrastructure is. The likelihood of something harmful getting happen could get assessed and prevented once you get the completed assessment. The risk assessment survey would normally cope with the intelligently written questions and places for comments that would support the assessor in preparing the skillful reportings.

Once the risk assessor produces the well-developed reportings, he would push forward his effort to the decision makers who would make a decision on how such a cyber system could get prevented from the risk. The questions being the part of the risk assessment would try to find the answers how we could protect our cyber asset from being compromised or attacked. For instance, if we want to prevent our system from the hacker’s incidents, we should think hard about some anti-malware solutions or at least some intrusion detection and prevention systems. It’s not always necessary to count on the expensive technology, because we could obtain the quite good results dealing with the pretty cost-effective solutions. It’s always encouraging to highlight that cost-effectiveness could be from the vital significance especially in the developing economies, because those societies would need the adequate cyber defense – but, for the rational pricings. Sometimes we should think about the advantages of some open-source or freeware software that could get downloaded from the web free of charge and also do the good job to their users.

Also, we would like to mention that it’s not an easy task to develop the risk assessment surveys that would cope with the all law regulation requirements as well as cybersecurity frameworks and documents. Next, once the risk assessment gets approved, the cyber defense professionals would get scheduled the task to create the cybersecurity procedures, policies and education and training programs. This is so important for a reason of dealing with the risk in the practice. For example, many cybersecurity experts would see antivirus applications as the best ways of cyber defense prevention and they would also appeal on the well-prepared cybersecurity procedures, awareness efforts and skillfully implemented laws and frameworks. In other words, once you pass through your risk assessment process, you would need to implement all those phases into your operating process.

The purpose of the cybersecurity auditing is to review how well your cyber defense preventive measures as well as awareness programs are implemented in the practice. So many cyber professionals would use some tools in order to do auditing and they would so commonly suggest that those advancements got appropriate for the good reporting. Some experts would recommend the three main phases in the good auditing process and those are monitoring, scanning and configuration analysis. It’s also advised that the cybersecurity auditing should get done annually and in the combination with the good risk assessment it can serve in terms of improving the organization’s cyber defense.

In other words, we would see the risk assessment, developing of cybersecurity measures and awareness efforts and cyber defense auditing as the crucial steps in the cybersecurity best practice. The risk assessment with the cyber auditing could get observed as the good risk management and those phases could greatly contribute to the good cybersecurity. The cyber auditing is nothing else than the usage of some monitor, scanning and configuration analysis applications in order to discover some vulnerabilities that could get exploited and once we get such an input – we should prepare the skillful reporting about our findings and use so to advance the cyber defense – in total. So, the auditing is not the risk assessment as many experts would suggest and it’s rather the phase in the good cyber defense practice. In conclusion, the main steps in the cybersecurity best practice could get the risk assessment, operating process development and cyber defense auditing. Through this effort, we have tried to provide a brief insight into the challenges of the risk assessment and cyber auditing. This research would indicate to us that there are so many solutions regarding these topics on the marketplace and if anyone wants to become the good risk assessor or auditor – he would need to cope with the quite wide range of the skills. Finally, we would recommend to everyone who wants to deal with the cyber risk to take advantage over the good training programs and tries to gain some professional experience – before he decides to take part into so requiring assessor’s or auditor’s roles.

About the Author

A thoughtful and frequent contributor to Cyber Defense Magazine, Milica Djekic graduated at the Department of Control Engineering at University of Belgrade, Serbia, she’s been an engineer with a passion for cryptography, cyber security, and wireless systems. Milica is a researcher from Subotica, Serbia. She also serves as a Reviewer at the Journal of Computer Sciences and Applications and. She writes for American and Asia-Pacific security magazines. She is a volunteer with the American corner of Subotica as well as a lecturer with the local engineering society.

NAVIGATING THE ‘CLOUDY’ SKY by Raj Samani, Chief Scientist at McAfee

Cloud services are nearly ubiquitous, with 97% of worldwide IT professionals surveyed using some type of cloud functions in their organization, up from 93% just one year ago, according to data from a recent McAfee study. Indeed, this cloud-first strategy has driven organizations to take on many different providers in their cloud ecosystem. As organizations tackle new data use initiatives, intelligence building, new capabilities to store and execute on applications—we have seen an explosion in the number of sanctioned cloud providers that businesses are reporting, each a source of potential risk and management need for the organization. The provider count requires readiness in governance strategy that joins security capabilities and procurement together to protect the data entrusted to each new cloud deployment. As a consequence, security operations teams will need to have enhanced visibility, that is unified, to compose a picture across so many different environments containing enterprise data and then map this visibility against resources to ensure the organization has the right skills in place to address the security challenges.

Visibility over control Think of this analogy—poor visibility is one of the greatest challenges to a navigator, preventing them from ever leaving their familiar and well-charted environment unless they can learn to rely on their instruments and expertise. After all, you cannot steer around what you cannot see. The leading adopters of cloud services understand this axiom and are integrating cloud visibility into their IT operations to accelerate business. Better visibility enables an organization to confidently adopt transformative cloud services sooner, respond more quickly to security threats, and reap the cost savings the cloud provides. It is better to be able to see everything in the cloud, than to attempt to control an incomplete portion of it. Your organization is using cloud services, even if they are not your primary strategy. From a security perspective, there are three best practices that all organizations should be actively working towards:

• DevSecOps processes — DevOps and DevSecOps have repeatedly been demonstrated to improve code quality and reduce exploits and vulnerabilities, while increasing the speed of application development and feature deployment. Integrating development, QA, and security processes within the business unit or application team, instead of relying on a stand-alone security verification team, is crucial to operating at the speed today’s business environment demands.

• Deployment automation and management tools — Even the most experienced security professionals find it difficult to keep up with the volume and pace of cloud deployments on their own. Automation can augment human advantages with machine advantages, creating a fundamental component of modern IT operations. Deployment automation and management tools, such as Chef, Puppet, or Ansible are examples which can be used in both public and private cloud environments.

• Unified security solution with centralized management across all services and providers — Multiple cloud provider management tools make it too easy for something to slip through. A unified management solution with an open integration fabric reduces complexity by bringing multiple clouds together and streamlining workflows.

Mind the gap While visibility is crucial, the absence of adequately trained professionals can leave holes in many aspects of a modern-day security infrastructure, with one of the widest specifically involving cloud security. The cloud is a nuanced area in technology and securely managing it requires specific knowledge. In fact, according to the same report I cited earlier, more than 25% of organizations using infrastructure as a service (IaaS) or software as a service (SaaS) have experienced data theft from their hosted infrastructure or applications. Furthermore, 20% were infiltrated by advanced attackers targeting their public cloud infrastructures. All too often these attacks originate from user misconfigurations, a lack of updates, or a selection of the wrong technology. These breaches make one thing apparent—organizations are not only lacking cybersecurity talent, but sufficient cloud security talent, which ultimately puts them more at risk of an attack. Mind you, this talent gap is also delaying enterprise migration to cloud computing.

Security skills vs. cloud security skills However, it’s important to note that the list of skills required for successful cloud security isn’t precisely a carbon copy of what many expect from a cybersecurity professional. Plugging one gap will not always fill the other. Of course, general security skills such as incident response, data analysis, and threat hunting are still crucial when it comes to securing the cloud. But they’re not entirely sufficient. For instance, cloud security professionals and architects need to come to the table with a deep knowledge of identity access management (IAM), deployment automation, and cloud regulatory compliance. But just like cloud security is a shared responsibility between vendor and customer, so too is the cloud security skills shortage between the cybersecurity industry and future professionals. While we must hope that professionals pursue the right training, the cybersecurity industry must also do its part in educating both future candidates and current employees on the ins and outs of modern-day cloud security. And this doesn’t just mean teaching the correct configurations for AWS either, but rather helping these professionals learn about the tenets of cloud adoption, including costs, monitoring, potential barriers, and more.

In summary, when trade-off decisions have to be made, better visibility should be the number one priority, not greater control. It is better to be able to see everything in the cloud, than to attempt to control an incomplete portion of it. Once you have visibility, evaluate what security issues your cloud infrastructure has faced and map those issues back to the applicable skills needed to address them.

From there, securing IaaS and SaaS solutions shouldn’t seem so cloudy to your IT team.

About the Author

Raj Samani is a cybersecurity expert working as the Chief Scientist and McAfee Fellow at cybersecurity firm, McAfee. Raj is a special advisor to the European Cybercrime Centre (EC3) and has assisted multiple law enforcement agencies in cybercrime cases.

Raj has been recognised for his contribution to the computer security industry through numerous awards, including the Infosecurity Europe Hall of Fame, Peter Szor award, Intel Achievement Award, among others. He is the co-author of Applied Cyber Security and the Smart Grid, CSA Guide to Cloud Computing, as well as the technical editor of numerous other publications.

He can be found on twitter @Raj_Samani

HOW AUTOMATION CAN ENSURE SPEEDY, SUCCESSFUL PAM DEPLOYMENT

In today’s operating environments, where threats are increasing in volume and sophistication daily, security and IT leaders are forced to balance protecting an organization’s critical data to ensure business continuity and enabling users and administrators to be productive at work.

Years ago, companies aimed to prevent hackers from gaining access to their systems by erecting firewalls and perimeter defenses focused on keeping bad actors out. However, this approach has grown outdated and ineffective. Organizations no longer have the luxury of automatically trusting anything inside or outside its perimeters, and instead must now focus on verifying and protecting the devices and privileged users already inside an organization from being exploited.

Today, controlling and monitoring which system users need privileged access to accomplish specific tasks is extremely important to mitigating the risks posed by insider threats, preventing data breaches and meeting compliance requirements. A privileged user is someone who has administrative access to critical systems, and privilege should only be extended to trusted users. Privileges include the ability to change system configurations, install software, change user accounts or access secure data, which is why only responsible users should be trusted with these privileges.

Privileged access management (PAM) is a suite of functionality that protects privileged user accounts from compromise by providing a safe environment in which users with privileged access may access target systems with credentials managed by the PAM system on behalf of the user.

The bigger and more complex an organization’s IT systems get, the more privileged users they have. These privileged users could include employees, contractors, remote or even automated users, and some organizations have as many as two to three times as many privileged users as employees.

With today’s operating networks evolving at such a rapid pace, countless organizations have lost track of the endpoints, devices and infrastructure attached to their network. Organizations are also behind on rolling out protections to their critical infrastructure.

Unfortunately, for many organizations, this all means it is not a question of if but when a breach will occur. However, PAM aims to keep organizations safe from accidental or deliberate misuse of privileged access by offering a secure, streamlined way to authorize and monitor all privileged users for all relevant systems.

FAILED PAM DEPLOYMENTS

The first challenge in proactive cybersecurity is gaining “situational awareness,” or a solid picture of the network environment — even the “invisible” portion. To see users, network devices and connections, security teams are required to collect significant network information and assemble it into a model of the network. Combing through all of this data is difficult, especially when the only resource may be a spreadsheet of device inventory data created months ago that is likely both out of date and missing information.

Unfortunately, there have been a significant number of failed PAM deployments in recent years as IT systems grow bigger and more complex. When deploying PAM, organizations often run into challenging issues, including two incredibly difficult steps. First, it’s very hard to detect every device and privileged user on a network. Then, its excruciatingly difficult to put all of those users and devices into a PAM system and deploy everything needed for PAM.

Many organizations don’t expect PAM deployment to take as long or cost as much as it ultimately does in many cases. Consequently, countless companies either give up or can’t continue to invest — and their deployment fails.

As a result, too many companies have no idea which assets and privileged users are connected to their networks, presenting both security risk and complexity when deploying countermeasures. Fortunately, automated discovery tools can help to get handle on assets, ensuring they’re managed securely and that PAM is being deployed on time and on budget.

HOW AUTOMATION HELPS

Increasingly, a critical component of a robust cybersecurity program is automation. Hackers and bad actors are progressively developing and deploying automated attacks in order to scale more effectively and to reduce the amount of direct support and instruction that many traditional cyberattacks require. To effectively compete against this level of sophistication, organizations need to combat automation with automation.

Before companies can effectively manage privileged access, they have to identify and catalog devices, assets, configuration data, access paths and security policies. Automation makes this process faster, easier and more accurate than ever before.

DISCOVERY

While some companies have a solid inventory of critical assets, many do not. And for those that don’t, an automated discovery tool can be incredibly helpful. Today, advances in automation technologies allow organizations to detect privileged users and devices on the network quickly and more efficiently than ever before.

After an automated discovery tools reveals the privileged users and devices on a network, the real fun begins. The information provided during automated discovery offers insight that powers automated orchestration tools to provide complete coverage with the PAM deployment.

ORCHESTRATION

Automated orchestration technologies enable users to arrange and manage the myriad of security technologies in place at most companies (i.e. firewalls, IDS/IPS, sandboxes, endpoint security agents, ticketing systems, deception technologies, vulnerability scanners, behavioral detection tools, etc.), eliminating the manual effort that comes with managing assets in an identity security platform. With most PAM vendors, users would have to go out and manually configure servers one at a time or figure out how to script the servers themselves.

Orchestration is vital as it directs all activities relating to an organization’s standard operating procedures, delivering consistently predictable results and optimal utilization of available resources. High-tech tools reduce the once time-consuming orchestration of hundreds of servers from months of work down to just a few moments, significantly reducing the time it takes to deploy PAM solutions.

IN THE END…

Talented IT staffers are fighting an uphill battle as cyberthreats appear more frequently and grow ever more sophisticated in today’s increasingly complex IT networks. In fact, 2017 set the record for both the most breaches and the most data compromised in a year. In order to claim victory in this environment and adequately secure critical assets and data, IT security teams must plan for PAM as a core preventative and monitoring technology.

Automation reduces or completely removes the friction associated with PAM deployment. It levels the playing field by keeping servers, devices and infrastructure up to date, limits or prevents lateral movement in a breach and prevents insiders from damaging complex critical IT infrastructure. In today’s public-private cloud environments, servers are added rapidly to an environment. Automated discovery and orchestration tools allow PAM components to be deployed in just a few minutes, not hours or days, to protect new cloud servers. While many companies may be able to fuse copious amounts of security tools to protect their IT infrastructure, it still requires a significant amount of manual effort.

Data breaches are not going away anytime soon, and as the threat of cyberattacks continues to increase, organizations need to reconsider how security is managed. In the era of constant connectivity, it’s vital that companies leverage available tools and technologies. The best tools are all-in-one security platforms that revolutionize the speed at which PAM can be deployed by automating the discovery of assets as well as the onboarding of all target systems into the platform, providing continuous protection against identity-based breaches in even the most dynamic environments. 86 Cyber Defense eMagazine – August 2018 Edition Copyright © 2018, Cyber Defense Magazine, All rights reserved worldwide.

About the Author

Cameron Williams is the founder and CTO of OverWatchID, the industry's first Converged Identity Security Platform, comprising Privilege Account Management, Cloud Access Security Brokering, Identity Access Management and MultiFactor Authentication in a multi-tenant SaaS platform.

Cameron can be reached on LinkedIn at https://www.linkedin.com/in/cameron-williams-3696a18b/

SOFTWARE, HARDWARE AND PROCEDURAL COMPLIANCE by Milica D. Djekic

The good software and hardware configuration as well as the adequately written procedures and policies are crucially important for cyber defense of any IT infrastructure. By well-developed procedures and policies, we mean a set of rules and principles that could guide us to follow the best practice and cope with the legal regulations, frameworks and standards. There are a plenty of standards and frameworks that would deal with cybersecurity and the expert’s community would always strive to meet those requirements. It’s not always easy to make the good configuration of your IT asset and well as enforce your employees to operate as suggested.

The well-organized people, processes and technologies are from a vital importance to productivity, safety, security and effectiveness of any working unit. It’s well-known that time means money and if you want to follow that rule – you need to try to avoid any discontinuity in your business. Once you get your IT devices and network being well-configured and in compliance with all the standards, demands and regulations, you could count on the good business continuity as well as the appropriate readiness to the incident response. So, could we anyhow correlate the business continuity and disaster recovery with the cybersecurity compliance?

The answer to this question is mainly yes! In other words, before you establish any IT system, you need to invest the certain time and effort to do some kinds of preparations for so. Many cyber defense professionals would agree that you need the good skill in order to start your IT infrastructure to work well for you. On the other hand, if we talk about business continuity and disaster recovery, it’s well-known that the perfectly set up assets and well-enforced procedures and policies could play a crucial role in the both – time and cost effectiveness. For such a reason, it’s strategically significant to pay attention to cyber defense compliance getting with so the good software, hardware and procedural adjustments.

We could begin with the software compliance! First, let’s explain what it is and why it matters. The software compliance is any sort of adjustment in terms of your computer programs and operating systems that should get in compliance with your hardware capacities as well as IT standards and legal regulations. Many software developers would know that they need to follow the strict guidelines in order to produce their solutions. Those products would necessarily cope with the intellectual property laws and rights. As we know, there would be several well- dominated operating systems in the world as well as the heaps of programming languages that would offer a chance to create the code. Why is this so important? Well, if you want to develop an application for the certain operating systems, you would get the limited numbers of tools to do so. All those tools and operating systems would cope with IT standardization and they would offer you an opportunity to deal only under such constrains.

Also, if you want to install already developed software on your device, you should know that you cannot do everything you want and in such a case, you would need to follow some rules. You would agree with us that if you try to set up on your machine two programs being incompatible with each other, you could cause some business discontinuity – because your entire operating system may crash and you could lose a plenty of sensitive information in case you do not mind about your back up procedures. In other words, this could affect your disaster recovery process and put a great risk to your private or business asset. In addition, it’s good to know that any software or operating system you use should deal with the license. In case you use the piracy

product, you should know that you are breaking the law as well as you are doing the highly risky stuff for a reason the majority of piracy things would work with the flaws which can hugely affect your cybersecurity, too.

Next, if we think about the hardware compliance, we should know that the engineers and technicians setting up the hardware components must deal with the best possible compliance skills. In the practice, they would use a plenty of hardware parts to make some computer or network configuration and you would agree with us – that would require the good amount of knowledge and experience. In other words, you should get aware of that the hardware pieces should get in compliance with each other in case you want to make the whole and the experience would suggest that the engineers doing such a task should understand the technical documentation being written to any of those components. So commonly, the technical team would do some research on the web and contact many vendors in order to get the first hand information and once they realize they can configure a device or network out of those parts – they would purchase those solutions and in the best feasible case, they would make no mistakes which means they would make no additional costs to their employer. As it’s quite obvious, the skill means money as well!

Finally, we would say some words about the procedural compliance. In the practice, it’s essentially important to get well-developed procedures and policies that would satisfy the needs of your employer and make your cyber experience being more convenient and safe. Making the procedures and policies seeks a lot of experience and expertise and in the practice only the senior level IT professionals could get capable to obtain such a demanding task. Practically, the policies and procedures should get clearly written and understandable to their users and they should also be time effective, because they cannot represent the additional load that would pull the entire working process back. Also the policies and procedures must be in compliance with the ongoing standards, laws and regulations. Any change in such a manner should bring the better and better update to the existing procedures and policies. Additionally, the procedural compliance should cope with the good understanding of a working process for a reason that could support the employer’s demands in terms of the best possible practice being followed as well as the best possible business continuity and disaster recovery plans being applied.

The purpose of this effort is to provide a closer look to software, hardware and procedural compliance as well as try to illustrate why those pillars mean in the practice. Through our research, we also have tried to correlate those compliance requirements with more practical cybersecurity topics such as business continuity and disaster recovery strategies. The special point has been put to the challenges regarding the time and cost effectiveness of IT infrastructure and its operations.

About the Author

SECURITY RISKS OF THE INSTANT GRATIFICATION CULTURE by Javvad Malik, security advocate, AlienVault

Gone are the days where one would write a letter, post it, and wait a couple of days for it to be delivered. These days people expect a message should not only be delivered to the recipient immediately, but notification should be received as soon as the recipient has opened and read it. Connected technology has not only enabled the automation of many tasks, but also greatly reduced the time needed to carry these out. The impact of this on individuals has been profound. Shopping, trading, watching a show, even hailing a cab is an almost instant experience requiring no human interaction. But what has this done to expectations? Has it made people more impatient? Or less tolerant when things don’t go their way immediately? Let’s look at the data.

Not a cinema experience Online video has grown in popularity over the last few years, however, the average attention span of viewers has gone down. According to a study by Wistia, 75% of YouTube viewers will watch a 1-2 minute video to the end, however, that number drops to fewer than 60% for a video 4-5 minutes in length. This isn't just restricted to YouTube videos. Locowise reported that on Facebook, the average video length is 55.3 seconds and the average view duration is a mere 18.2 seconds.

You probably haven't made it this far Written content isn't treated much differently than video. While publishers tend to focus on the number of clicks an article or news story gets (think clickbait), it doesn't reveal how engaged a reader is. In fact, according to Time, 55 percent spend fewer than 15 seconds actively on a page.

OK, so where's the risk? Patience is a rare thing to find in the digital world. People huff and puff, and tweet horrible things if they are made to wait for what they would deem an unreasonable amount of time. It's this impatience, or yearning for instant gratification that many scammers, fraudsters, and online criminals prey on. Phishing emails use such tactics all the time, "Click here to see these shocking photos of the latest Tesla before it gets pulled" or "Make your machine run faster".

But it extends further to that. When the latest Marvel summer blockbuster comes out, criminals look to put fake malware-ridden movie downloads online. Similarly, we see the pre-release of malicious mobile apps in gaming stores which entice users to be among the first to get a game.

I came here to detect threats and educate users Humans, unlike machines can get impatient, be enticed or have a bad day where they are not paying attention. It is why phishing remains a popular tactic of attackers – and is why it is impossible to ensure users won’t fall for phishing attacks all the time.

But relying on users isn’t the end goal. Security in an organization should be architected with layers that take into consideration the weaknesses within humans, and technology. Therefore, threat detection controls should be deployed so that if a phishing attempt is successful, administrators can be notified in time and take appropriate action.

Corporate users, and the public at large, need to be continually educated and made aware of the relevant digital risks and dangers they face.

About the Author

Javvad Malik is a security advocate at AlienVault and a London-based IT security professional.

Prior to joining AlienVault, Javvad was a senior analyst with 451 Research providing technology vendors, investors and end users with strategic advisory services, including competitive research and go-to-market positioning.

He can be reached on Twitter, YouTube or through his website or AlienVault’s website.

THE POWER OF CLOUD TECHNOLOGY: FIGHTING CYBERATTACKS by Ryan Eisenacher, CMM, FilmTrack

The media and entertainment industry is no stranger to cyberattacks. It started with the Sony Pictures Entertainment breach in 2014 where 40 gigabytes of sensitive company data, including private emails, were stolen and posted online. Let’s also not forget that last year when Netflix refused to pay a ransom, hackers released ten episodes of Season 5’s “Orange Is the New Black” over a month before its premiere. A few short months later, HBO also had a leak where multiple episodes of unreleased shows and scripts were posted online, including the first five episodes of Season 7’s “Game of Thrones”. Hackers claimed to have 1.5 terabytes of stolen digital content in their ransom note.3 And according to a 2016 nScreenMedia report, 28% of media organizations admit having experienced some kind of attack. It’s a nightmare for all involved with significant revenue lost.

According to the 19th Annual Global CEO Survey by PricewaterhouseCoopers, which surveyed the opinions of 1,409 chief executives in 83 countries, 66 percent of media and entertainment CEOs say cybersecurity could threaten growth at the companies they run. However, 89 percent of chief executives find technological advances concerning and the one to “influence stakeholder expectations”, while 59 percent state that they’re considering making significant changes in how they use technology to meet those expectations.

There is now the ability to access, process, and transfer huge amounts of data across multiple platforms at incredible speeds to a much wider audience than ever before. Portable devices and developing distribution channels, such as OTT delivery that allows a video to be played on any device, social media, and subscription video on demand (SVOD) cater to a wide range of tastes in a connected world. Yet, by being so connected there is also an increase in security challenges. Breaches can begin with a phishing attack where emails sent to employees contain malicious attachments or links to websites where malware is unknowingly downloaded to the network. Hackers also look for PCs running older versions of Window that they can easily break into. If security measures aren’t in place, hackers can get into backend databases through a company website and then map a network where they can find passwords that lead to protected areas that contain sensitive data that they can then steal, destroy, or hold hostage for a ransom payment.

Companies within the entire entertainment sector need to become more vigilant about the systems, protocols, and practices they have in place. TechWorld interviewed ethical hacker Ralph Echemendia, who was shocked by the entertainment industry’s lack of security or cybersecurity insurance to cover a cyber breach. The first few weekends of a movie’s box office release are crucial in determining its success. If any part of it gets out prior to its box office release date, it could cost “hundreds of millions of dollars” to the company.5 Hackers know how lucrative the entertainment industry is and its focus on premiere dates. Cybersecurity protection

over intellectual property should be a necessity and considered money well spent in preventing such attacks.

So, how can the media and entertainment industry fight against cyberattacks? With the help of cloud technology. All data must be protected while creating content that the viewing audience has come to expect, along with the expectation that that content is also being delivered securely. Cloud-based technology solutions provide remote rights management storage in a connected environment with instant access to current real-time information, such as availabilities and financials, while substantially reducing the spending of capital expenditure and fixed costs. A full-time team of security experts actively manages the security environment and regularly works toward finding and delivering product improvement. There are also multi-DRM (digital rights management) based security solutions available that can protect delivery of video content. Some cloud technology also prevents piracy by locating, authenticating, and eliminating illegal online content streaming.

Digital content needs to be both secure and secured. Production networks, storage locations, corporate IT, and customer data should be access controlled and continuously monitored for intrusion. Stored data and media content in transit across networks, systems, and users should be properly encrypted with encryption keys changed frequently. Proper encryption prevents content from being seen and easily read if intercepted. Emails that contain malicious attachments or websites that contain malware should be blocked while not impeding the creative process. Any sign of a threat should be quickly detected, contained, mitigated, and addressed to prevent any compromise to the company.

Avoid being the next target in the entertainment industry and instead make headlines by being one of the most secure. Fight back.

About the Author

Ryan Eisenacher is the content marketing manager at FilmTrack, the leading SaaS rights management solution for the media & entertainment industry. With over eight years of experience leading content strategy and implementation for both B2B and B2C industries, she has worked in startup, agency, and nonprofit environments, developing social media and content marketing campaigns for Goodwill Industries, The National Disaster Search Dog Foundation, The San Diego Union Tribune, and more.

Linkedin: https://www.linkedin.com/in/ryaneisenacher/

Twitter: https://twitter.com/filmtrack

PRACTICES IN NETWORK SECURITY MONITORING

UPDATE YOUR DEPLOYMENT CONSIDERATIONS by Joe Guerra, Cybersecurity Instructor, Hallmark University

In the past decade, Cybersecurity departments have been tasked with applying solutions to answer the question:

• How to protect and secure everything?

While some cyber departments approach this question with a pre-determined set of guidelines it becomes imperative to take out that change management plan and start modifying for the present and future. In most occasions, the technologies out there are so powerful or transformational to an organization that leaves no option then to immediately adapt and use them. Frequently, arrangements need to be talked about between business and IT sectors to reach a security agreement. Whether to either accept, mitigate, transfer or eliminate the risk.

Nonetheless, the security operatives need to know what to protect and how to protect the assets that need the security. In the past, network people usually relied on universal, already-made monitoring tools and templates for security. While in reality, the security infrastructure should have rigorously designed strategies to scale up techniques and tools as the network advances.

In order to address this spreading challenge, the basic trust beliefs around cyber security needs to be revisited. The contemporary cyber strategies have to be composed on the realization that breaches are imminent and inevitable. Specifically, since the primary channel that interconnects the physical, remote, and virtual environments is the network. The network carries the traffic that opens the window to the organization for malware and threats. Many security tools can monitor and analyze network traffic for anomalies, threats, and malware movement. However, it doesn’t matter how sophisticated these tools become, they will only work for as what the network traffic it sees.

Being involved in network security monitoring requires collecting packet data, separating it from other layers, and implementing security algorithms to answer pressing security-related dilemmas. The reason why this is done is to find out in real-time what is happening on the infrastructure at a meticulous level, and bolster up security by hardening policies, devices, software and processes.

Although, there is no particular list of considerations to span all possible scenarios; you can still enumerate a variety of points on a checklist to follow for a network system.

Practices to Follow

• Assess what you need to secure and where it is located.

• Perform a performance baseline before adding a security solution, since it can also have its own digital footprint on the network.

• Deploy more than one anti-virus component, since a combo effect is always helpful. • Monitor all aspects and layers in your network infrastructure, from extranet to intranet.

• Make sure to consider all of the protocols in your process. Leave no stone unturned.

• Make sure to enable the auditing levels on the deployed devices.

In relation to these best practices, make sure to have an update in the deploying process whenever a new appliance or software is modified in the network. However, even in the midst of having no modifications it is essential to review the security process in a cautious and accurate manner to stay up to date with the capricious nature of cybersecurity situations.

While there are a multitude of means to monitor your network, it is imperative to keep up and apply the industry’s standards. The security team needs to be in the know of the state and proceedings of their network, at the moment and gradually if possible with the proper change management implement the new technologies. With cyber security being a methodology that is constantly improving it is essential to evolve with the infrastructure and devices being used.

In conclusion, network deployment strategies is crucial for the state of health of the organization, and a solid-dynamic monitoring structure will assist in alleviating expenses and harm to the organization.

About the Author

Joe Guerra, Cybersecurity Instructor, Hallmark University

Joe Guerra is a cybersecurity/computer programming instructor at Hallmark University. He has 12 years of teaching/training experience in software and information technology development. Joe has been involved in teaching information systems security and secure software development towards industry certifications. Initially, Joe was a software developer working in Java, PHP, and Python projects. Now, he is focused on training the new generation of cyber first responders at Hallmark University.

Joe can be reached online at ([email protected]) and at our company website http://www.hallmarkuniversity.edu/

THE ART OF PHISHING AND HOW TO FIGHT IT

THE MOST DANGEROUS ATTACK VECTOR IN MODERN DAYS by Pedro Tavares, CSIRT.UBI Co-Founder

Cybercriminals continue using phishing attacks as an effective “cyber weapon”. Of all attack vectors, this remains as the most exploited attack with a relevant success rate in malicious activities. Phishing campaigns are becoming more sophisticated and people need to be aware of the danger of falling into crooks’ tentacles. Within a company, for instance, employees should be educated and better informed about prevalent phishing attacks in order to proactively protect themselves against such attacks in the wild.

In general, companies are not prepared to fight this old problem, and thus the number of attacks have increased in the last years. For example, after a data breach has been published on the Internet, several spear phishing campaigns can be performed by cybercriminals. Notice that it’s common that at least one person in every 14 clicks on a link or opens an attachment shared within a phishing message.

THE MOST COMMON PHISHING CAMPAIGNS

There are various types of phishing campaigns “cooked” and widespread by crooks. Below are presented some examples.

Deceptive Phishing This refers to the most common type of phishing attacks. Here, an attacker impersonates a legitimate company in order to steal personal information or any credentials from victims as a way to access unauthorized systems. The fraudulent link is often distributed via a malicious website in a URL that is very much identical to the company’s official domain (generally only one letter will be misplaced).

Spear Phishing Spear phishing is considered a sophisticated way for cybercriminals to get information about their victim. These attacks usually occur after a data breach and the criminals customize malicious emails with data related to the victim, e.g., their name, position, company, work phone number, or information that has been published online or obtained via a social media platform such as Linkedin.

The main goal is to lure the victim to click on a malicious URL or email attachment which will, in turn, give them access to the victim’s personal data. The most effective spear phishing attacks are often the simplest and that might occur on a normal day for a company. For instance, an

email from a company regarding their privacy policy is sent to the victim. When the victim opens a link attached in the email body, a pre-filled form is presented on the screen. Here, criminals request additional information from the victim, and as everything looks like a normal procedure, the victim eventually falls into the trap of delivering valuable information to the criminals.

Business Email Compromise (BEC) Attacks - CEO Fraud CEO fraud is often the second part of BEC attacks, where attackers impersonate an executive and use that individual’s email to authorize fraudulent wire transfers to a financial institution of their choice. Such scenario is possible because companies do not provide adequate training for their employees. To fight that threat, as well as the risk of CEO fraud, all company personnel, including C-level executives, should undergo security awareness training. For example, employees should be aware that it will never be possible to conduct an asset transfer via email without additional validation.

These type of attacks rarely set off typical spam traps because they’re not mass emailed – the victims are carefully targeted by the criminal.

Malware-Based Phishing Campaigns This type of malicious activity happens when the attacker sends an email attachment or downloadable file to a victim with the intent of exploiting some vulnerabilities or even stealing sensitive information from their devices. After that file or link is clicked on, it triggers the malicious content embedded in the attachment. At this point, an attacker can spread various types of malware, including computer viruses, keyloggers, worms, trojan horses, etc. In some cases, this malware disseminates to others and infects them, as happened last year with the Wannacry ransomware attack.

KEEPING PEOPLE AND COMPANIES AWAY FROM PHISHING

Preventive Measures

• Promote training for all employees

• Many security problems and cyber attacks are performed via phishing, and that is the result of a bad cyber security culture.

• Training employees should be seen as a prevention measure and an effective way to stop low-level threads.

Maintain software up-to-date Have web browsers and operating systems totally up-to-date is a mandatory measure — this represents the first line of defense against viruses and malware spread by criminals.

Encryption and backups Cryptography is always required as a supplementary protection step. One of the most important IT procedures in a company are the backups. A golden rule for companies should be to prevent and minimize the risks of data loss after a well-succeeded cybercrime schema.

FINAL THOUGHTS

Phishing continues to be the main attack vector used by cybercriminals, and it is becoming increasingly sophisticated. Acting in the opposite direction from criminals is crucial, promoting, thus, a cybersecurity culture within the company, by providing training actions in which employees can be submitted to potential real-life cases of fraud.

Don’t forget, humans are still the weakest target.

About the Author

Pedro Tavares is a cybersecurity professional and a founding member and Pentester of CSIRT.UBI and the founder of seguranca-informatica.pt.

In recent years he has invested in the field of information security, exploring and analyzing a wide range of topics, such as pentesting (Kali Linux), malware, hacking, cybersecurity, IoT and security in computer networks.

He is also a Freelance Writer.

PLAYING AN INTEGRAL PART OF THE NATION’S MODERNISATION THROUGH SECURITY, FIRE AND SAFETY

The second edition of the Philippines’ leading security, fire and safety event, IFSEC Philippines took place on 29 May – 1 June 2018 at the SMX Convention Center. Attended by 3,879 visitors from around the country, the event proved to be the centre point of all industry players to converge under one roof.

IFSEC Philippines 2018 was participated in by a total of 78 exhibitors comprising of manufacturers and distributors in access control and biometrics, cyber security, drones, fire and safety, home automation, Internet of Things (IoT), physical security, perimeter protection and more. Almost half of the exhibitors were based in the Philippines, whilst the rest are from China, Hong Kong, Indonesia, Malaysia, Singapore, South Korea and other countries.

With such innovation and cutting-edge products available on the show floor, IFSEC Philippines attracted visitors from various backgrounds including communications, business services, construction / development, architecture, distributors and others. Based on the survey, 21% of the total number of visitors were interested in access control and biometrics, 14% in alarms / intruder detection, 10% in asset management, 9% in cyber security and more. The Philippines is facing its “Golden Era of Infrastructure” and is, therefore, investing more than PHP 8.4 trillion to construct roads, airports, ports and railways, in its effort to modernise its cities, pushing itself to become a higher-income nation. With such investments, the Philippines’ industry players will need the best solution available in the market.

Aside from the exhibitions, the event provided free seminars that took place at the IFSEC Philippines Theatre. More than 22 topics were presented by industry experts covering the security industry overview, crisis management, cyber security, safe cities and more. With experts serving as speakers, the theatre was packed with visitors. Some of the notable speakers were Chairman of Cyber Security Malaysia, General Tan Sri Mohd Azumi Mohamed; Chairman Emeritus of PSIS, Dr Eduardo M. Fulgencio; Chief Editor of SecurityMatters Philippines, Mr Ace Esmeralda; TAPA certified expert, Mr Nilo S. Pomaloy; Director of CIISCM, Mr Munies Pillai, and more.

IFSEC Philippines 2018 witnessed the launching of a Business Matching Platform. The platform was free for all exhibitors and registered visitors, where both parties could select and arrange their meetings to be held throughout the events. There were more than 300 meeting requests made, proving that the platform was a useful tool for the attendees, and giving a dynamic experience for visitors and exhibitors.

The organiser, UBM Exhibitions Philippines Inc. has forged partnerships with related government bodies and associations to make the second edition of IFSEC Philippines a huge success. Supporting the event was the Metropolitan Manila Development Authority (MMDA), Asian Professional Security Association (APSA) Philippines Chapter, Mall Security Management Association of the Philippines (MSMAP), the Philippines Society for Industrial Security Inc.

(PSIS), Safety Organisation of the Philippines Inc. (SOPI), Hotel and Restaurant Association of the Philippines (HRAP), Transported Asset Protection Association (TAPA), Chartered International Institute of Security and Crisis Management (CIISCM), and Security Guard Association of the Philippines (SEGAP).

One of the highlights of the event was the MMDA Forum that was led by its MMDA chairman, Mr. Danilo Lim. It was attended by members of the Senate, city mayors from around the Philippines and high ranking officials. The MMDA Forum highlighted the latest traffic management system and featured Dr. Kim Wim-Jab, the Director of IT from Seoul Metropolitan Government Authority, as speaker, to share case studies in solving the traffic crisis.

“IFSEC Philippines is an interesting and educational event for the industry,” said Hon. Bayani F. Fernando, District Representative of Marikina City 1st District who attended the forum. “This will actually help solve a lot of traffic problems in Metro Manila. I hope that IFSEC Philippines will maintain their partnership with both the local government and private sector, and I wish the show’s success as its success is the success of the industry.”

With the success of the second edition, UBM Exhibition Philippines Inc. will organise the next one on 29–31 May 2019 at the SMX Convention Center. For more information on exhibiting and attending, please log in to www.ifsecphilippines.com or contact at +63 2 551 7718 / +63 2 551 7564.

AWS Direct Connect and Google Cloud Interconnect.

Meet Our Publisher: Gary S. Miliefsky, CISSP, fmDHS

“Amazing Keynote”

“Best Speaker on the Hacking Stage”

“Most Entertaining and Engaging”

Upcoming Engagements: CloudSec September 2018, IPEXPO Europe October 2018 and many more…If you are looking for a cybersecurity expert who can make the difference from a nice event to a stellar conference, look no further email [email protected]

You asked, and it’s finally here…we’ve launched CyberDefense.TV

At least a dozen exceptional interviews rolling out each month starting this summer…

Market leaders, innovators, CEO hot seat interviews and much more.

A new division of Cyber Defense Media Group and sister to Cyber Defense Magazine.

FREE MONTHLY CYBER DEFENSE EMAGAZINE VIA EMAIL

ENJOY OUR MONTHLY ELECTRONIC EDITIONS OF OUR MAGAZINES FOR FREE.

This magazine is by and for ethical information security professionals with a twist on innovative consumer products and privacy issues on top of best practices for IT security and Regulatory Compliance. Our mission is to share cutting edge knowledge, real world stories and independent lab reviews on the best ideas, products and services in the information technology industry. Our monthly Cyber Defense e-Magazines will also keep you up to speed on what’s happening in the cyber-crime and cyber warfare arena plus we’ll inform you as next generation and innovative technology vendors have news worthy of sharing with you – so enjoy. You get all of this for FREE, always, for our electronic editions. Click here to sign up today and within moments, you’ll receive your first email from us with an archive of our newsletters along with this month’s newsletter.

By signing up, you’ll always be in the loop with CDM.

MARKETING AND PARTNERSHIP OPPORTUNITIES

BANNERS, E-MAILS, INFOSEC AWARDS, DOWNLOADS, PRINT EDITIONS AND MUCH MORE…

Copyright (C) 2018, Cyber Defense Magazine, a division of CYBER DEFENSE MEDIA GROUP (STEVEN G. SAMUELS LLC. d/b/a) PO Box 8224, Nashua, NH 03060-8224. EIN: 454-18-8465, DUNS# 078358935. All rights reserved worldwide. [email protected] Cyber Defense Published by Cyber Defense Magazine, a divisio n o f STEVEN G. SAMUELS LLC. Cyber Defense Magazine, CDM, Cyber Defense eMagazine, Cyber Defense Test Labs and CDTL a re Re gistered Trademarks of STEVEN G. SAMUELS LLC. All rights reserved worldwide. Copyright © 2018, Cyber Defense Magazine. All rights reserved. No part of this newsletter may be used or reproduced by any means, graphic, electronic, or mech anical, i ncluding photocopying, recording, taping or by any information storage retrieval system without the written permission of the publisher except in the case of brief quotations embodied in critical articles and reviews. Because of the dynamic nature of the Intern et, any Web addresses or links contained in this newsletter may have changed since publication and may no longer b e va lid . The views expressed in this work are solely those of the author and do not necessarily reflect the views of the publisher, a nd th e publisher hereby disclaims any responsibility for them.

JOB OPPORTUNITIES

Send us your list and we’ll post it in the magazine for free, subject to editorial approval and layout. Email us at [email protected]

Cyber Defense Magazine

Our New Office Addresses coming soon: NEW YORK (US HQ), LONDON, HONG KONG Cyber Defense Magazine - Cyber Defense eMagazine rev. date: 08/16/2018

ANNOUNCING CYBER DEFENSE GLOBAL AWARDS 2018

Cyber Defense Magazine (CDM), the global leader at information sharing and knowledge exchange of all things cyber defense that it’s 6th annual Cyber Defense Global Awards for 2018 is now open.

Nominees please visit the following web page to apply: http://www.cyberdefensemagazine.com/cyber-defense-global-awards-2018/

CDM is looking for applicants who are helping their customers get one step ahead of the next breach with innovative products, services and technologies in the following categories: http://www.cyberdefensemagazine.com/global-awards-2018-categories- selections/

Finalists will be notified in September and Winners will be announced at IPEXPO Europe 2018 in London, England, United Kingdom on October 3, 2018 at the Excel London convention center and in the year end print edition of Cyber Defense Magazine that CDM staff will be handing out by the thousands at this event. Online versions of this special edition as well as six years of Cyber Defense e-Magazines are always freely available by signing up at http://www.cyberdefensemagazine.com

About Cyber Defense Global Awards 2018 This is Cyber Defense Magazine’s sixth year of honoring cyber defense and information security innovators. Our submission requirements are for any startup, early stage, later stage or public companies in the INFORMATION SECURITY (INFOSEC) industry who believe they have a unique and compelling value proposition for their people, products and services. Download our Cyber Defense Global Awards 2018 Fact Sheet here: http://www.cyberdefensemagazine.com/wp-content/uploads/2018/06/CDM-Global- Awards-Facts-Sheet-2018.pdf