Privacy-First Becomes A Priority & Other 2019 IT Predictions From Commvault

Posted in Commentary with tags on December 10, 2018 by itnerd

Here are some predictions from Ottawa-based Matt Tyrer, Commvault’s senior manager, solutions marketing, Americas, and Don Foster, Commvault’s senior director of worldwide solutions marketing. Matt and Don believe that in the year ahead regulations and business priorities will force companies to improve their data management practices and ensure their most important information is both protected and visible to them no matter where it resides.

Privacy-first Becomes a Priority: As government agencies increasingly cite enterprises for non-compliance with the European Union’s GDPR and other strict data privacy regulations, and other governments implement new data privacy regulations, enterprises will increasingly adopt a “Privacy First” approach to data management. We’ve seen this discussion quite a bit in the Waterfront Toronto / Sidewalk Labs (smart cities) project where the push for “privacy by design” has come to the forefront. Canada recently expanded its own data privacy act (PIPEDA) to include much more stringent requirements around record keeping for data breaches and notifications of those incidents to the public. However, the challenges enterprises will face as they seek to integrate data privacy best practices into their existing applications, as well as new mobile, IoT and other applications, will be significant. Enterprises will need AI-powered, automated, outcome-driven data management solutions to address these challenges if they hope to implement strong data privacy policies without sacrificing productivity or agility.

2019 will be game-changing for cloud adoption in production IT workloads – globally: Enterprises will continue to pour investment into cloud initiatives, focusing increasingly on technologies and services that enable them to transform the cloud from merely a storage location into a solution that enables new, more agile ways of working. Technology providers will increasingly move to deliver this agility by offering native support for multiple cloud providers and other powerful cloud tools that equip enterprises with a single interface for efficiently, effectively and responsibly managing applications, workloads and data across both on-premises and cloud environments.

Artificial intelligence and machine learning will become a requirement for new solutions for simplified operations: The IT skills gap will require progressive enterprises to implement new, innovative solutions that automate complex operations. Machine learning and artificial intelligence will become key requirements for new IT solutions to help businesses close the skills gap through smarter operations and modern IT solutions. Enterprise software firms will force their strategic vendors to integrate AI and machine learning into their existing offerings to provide a more efficient operating model and a higher level of success for meeting their desired outcomes.

aaS vs. the Cloud : as-a-Service offerings will continue to accelerate and a new battle will be fought for the IT wallet. Cloud vs. aaS or both? On-premises solutions will still be a major part of IT, however IT growth will continue to accelerate in the cloud and through aaS offerings forcing providers and technology vendors alike to reassess their strategies for how they will serve their customers and ultimately help them define and achieve their necessary business and IT outcomes.

Technology skillsets and time gaps will stall digital transformation: Organizations that continue to leverage traditional methods to meet the modern and transformative needs of the changing digital business will run into major obstacles in 2019. Comprehensive IT skillsets that traverse the worlds of traditional IT and the new Hybrid IT will become more rare. New compliance and governance measures together with a growing monetization of malware/ransomware attacks will continue to put pressure on IT organizations and force improved operations in order to successfully meet the needs of the digitally transforming business. Without the consolidation of disconnected point solutions in data management and all areas of IT, digital transformation efforts will stall especially as cloud computing becomes the standard for the growing digital enterprise.

Recovery Readiness metrics will become the newest trend in technology RFP (request for proposal): Technology vendors must be prepared to meet the requirement for recovery readiness – or the speed in which a service, solution, or offering can be properly brought back online in the event of an outage – as a key requirement definition in technology solution RFPs. Business requirements to keep services active and available for their consumers will continue to mature and become part of the outcome purchasing criteria to pass or fail a solution for specific needs. Solution providers will need to prove their ability to meet necessary SLAs and will be judged on the ease and simplicity in which this metric can be met.

The end of swampy data lakes: Over the past decade, as data storage hardware costs plunged and applications proliferated, enterprises frequently collected and stored as much data as they could, often giving little to no thought to what this data was or how valuable it could be to their organization. They typically stored all this data in a repository known as a data lake. Not fully knowing or understanding what is being placed in the data lake, why it is stored, and whether it has proper data integrity will prove untenable and inefficient for mining and insight gathering. The data lake will begin to disappear in favour of technology that can discover, profile and map data where it lives, reducing storage and infrastructure costs while implementing data strategies that can truly provide insights to improve operations, mitigate risks and potentially lead to new business outcomes.

Advertisements

Elon Musk Suggests That Tesla Would Buy A Factory That GM Is Closing…. And Says A Bunch Of Other Things That Will Attract Negative Attention

Posted in Commentary with tags on December 10, 2018 by itnerd

In an new interview with the CBS program 60 Minutes, Tesla CEO Elon Musk suggested that Tesla would buy a factory that GM is closing. Partially mirroring what I suggested after GM made the announcement that they were closing a number of factories. Though not specifically saying which one that he might be interested in buying. Now while that part of the interview will be of interest to people who are affected by GM’s plant closures. But what will likely attract attention is the rest of the interview where he says the following:

  • Nobody is overseeing is Tweeting despite the fact he’s gotten into trouble with the SEC by saying things on Twitter that he should not.
  • He can get “anything he wants” from Tesla’s board despite the fact that he is no longer on the board due to getting into trouble with the SEC as he is the largest shareholder.
  • He “doesn’t respect” the SEC.

Both of these items will attract a lot of negative attention. And do not be surprised if the SEC who has already slapped Musk once decides that he needs to be slapped again. But much harder.

Guest Post: Flying Under the Radar: How Darktrace Detects ‘Low and Slow’ Cyber-Attacks

Posted in Commentary with tags on December 10, 2018 by itnerd

Introduction

The speed of today’s most advanced threats can be devastating. In the few minutes it takes a security analyst to step away from her screen to grab a coffee, ransomware can take down thousands of computers before human teams or traditional tools have the chance to respond.  And while big, fast threats are more likely to grab the headlines, cyber-attacks which do the opposite can be just as dangerous. The latest escalation in the cyber arms race sees attackers choosing stealth over speed and cunning over chaos.

As defenders work to rapidly deploy new security and detection technologies, malware authors have been similarly innovative, working to find a means of evading them. New ‘low and slow’ attacks are able to bypass traditional security tools because each individual action compiling the larger threat is too small to detect. These attacks are designed to operate over a longer period of time – and by minimizing disruption to any data transfer or connectivity levels, they blend into legitimate traffic.

For advanced and well-resourced actors like nation states in search of valuable intellectual property or sensitive political records, subtle and prolonged exposure to the systems they attack is a significant benefit. When it comes to the most sophisticated threats, slow and steady really can win the race.

Nevertheless, detection of low and slow attacks is possible with advanced machine learning techniques. To do so, contextual knowledge is critical; by modeling the subtle and unique ‘patterns of life’ of every user, device, and the network as a whole, AI-powered defenses are, for the first time, winning this battle.

This blog explores how attackers use low and slow techniques during multiple stages of the kill chain to achieve their eventual goal. We examine three real-world case studies, drawn from over 7,000 deployments of the Enterprise Immune System, to demonstrate how cyber AI detects low and slow reconnaissance, data exfiltration, and command-and-control activity.

Low and Slow Reconnaissance

By monitoring the behavioral pattern of devices and users, Darktrace AI is able to learn an evolving profile for expected activity. Armed with this understanding of ‘normal’ for the network, it can then identify significant anomalies indicative of a threat. It does all this without relying on training sets of historical data, enabling the technology to spot threats that other tools miss.

On the network of a European financial services firm, Darktrace discovered a server conducting port scans of various internal computers. This type of network scanning is regularly performed for legitimate testing purposes by administrative devices, but it is also a tactic for attackers to identify vulnerabilities and points of compromise – an early stage of an attack.

Over a duration of 7 days, the server made around 214,000 failed connections to 276 unique devices. However, only a small number of ports were targeted per day. The attack was sequential, but slow over time. Measured in one day, the level of disturbance was minimal enough to evade all rules-based defenses. Nevertheless, by learning ‘self’ across the entire digital business over time, cyber AI can detect even the subtlest deviation from ‘normal’ relative to the individual device, user, or network. Darktrace recognized the longer pattern of network scanning and alerted the customer immediately.

darktrace1a

Advanced search view showing regular connections to closed ports over the scanning period.

Low and Slow Data Exfiltration

At an industrial manufacturing company, a desktop was identified establishing over 2,000 connections to a rare host over a 7-day period. During this time, a total of 9.15GB of data was transferred externally. No single connection transmitted more than a few MB of data – an amount which, if viewed in isolation, would not be cause for concern. However, the destination for these connections was 100% rare for the network and maintained that level of rarity for the entire period of exfiltration. This not only flagged the activity as initially suspicious, but also prevented it from being absorbed into legitimate traffic. Combined with the accumulated volume of data leaving the network, Darktrace AI identified this as significant deviation in the device’s behavior, indicating a threat in progress.

darktrace2

Steady exfiltration of data over a 7-day period

darktrace 3

A series of model breaches (orange circles) occurring throughout the period of steady external data exfiltration (blue line)

Low and Slow Command and Control

Darktrace is extremely successful in finding malware infections before they appear on open-source threat lists, a crucial ability when stopping the most serious, never-before-seen threats. This is achieved in large part by detecting beaconing patterns rather than relying on signatures. Beaconing occurs when a malicious program attempts to establish contact with its online infrastructure. Similar to network scanning, it creates a surge in outgoing connections.

Darktrace was deployed in a corporate network where a device was found making connections at steady intervals to a malicious browser extension. The average rate of connection was 11 connections every 4 hours – a low activity level which could easily have blended into legitimate internet traffic. Having identified the regularity of these connections, Darktrace’s AI assigned a high beaconing score, which indicated that they were likely initiated by an automated process. If we include the fact that the destination was rare, it became clear that this was caused by a malicious background program that was running unbeknownst to the user.

darktrace4

Regular low-level beaconing over a 7-day period.

As cyber security advances, attackers will develop increasingly sophisticated methods to operate under the radar. Traditional cyber security tools which work in binary ways based on historical data – either the upload exceeded a predefined limit or not – cannot keep up. This new era will see AI proven crucial because of its ability to learn a constantly-evolving ‘pattern of life’ for a network over the duration of its deployment. This allows Darktrace AI to effectively locate the disturbances in connectivity levels – no matter how small – that have been caused by malicious or non-compliant activity. Fundamentally, this enables Darktrace to discover in-progress attacks and then autonomously respond, neutralizing them before they become a crisis.

High-profile, fast-moving attacks like NotPetya and WannaCry have encouraged some organizations to focus on preventing certain types of threat, at the expense of others – and hackers are catching on. By leveraging powerful AI, Darktrace empowers customers to prevent not just the fastest-moving attacks, but also the slowest and subtlest.

Trend Micro Survey Finds Nearly Half of Organizations Have Been Victims of BPC Attacks

Posted in Commentary with tags on December 8, 2018 by itnerd

Trend Micro Incorporated has revealed that 43 percent of surveyed organizations have been impacted by a Business Process Compromise (BPC). Despite a high incidence of these types of attacks, 50 percent of management teams still don’t know what these attacks are or how their business would be impacted if they were victimized.

In a BPC attack, criminals look for loopholes in business processes, vulnerable systems and susceptible practices. Once a weakness has been identified, a part of the process is altered to benefit the attacker, without the enterprise or its client detecting the change. If victimized by this type of attack, 85 percent of businesses would be limited from offering at least one of their business lines.

Global security teams are not ignoring this risk, with 72 percent of respondents stating that BPC is a priority when developing and implementing their organization’s cybersecurity strategy. However, the lack of management awareness around this problem creates a cybersecurity knowledge gap that could leave organizations vulnerable to attack as businesses strive to transform and automate core processes to increase efficiency and competitivenessi.

The most common way for cybercriminals to infiltrate corporate networks is through a Business Email Compromise (BEC). This is a type of scam that targets email accounts of high-level employees related to finance or involved with wire transfer payments, either spoofing or compromising them through keyloggers or phishing attacks.

In Trend Micro’s survey, 61 percent of organizations said they could not afford to lose money from a BEC attack. However, according to the FBI, global losses due to BEC attacks continue to rise, reaching $12 billion earlier this year.

For more information on BPC and BEC attacks, read this Trend Micro Research report.

Martello Named Employees’ Choice Awards 2018-19 Winner

Posted in Commentary with tags on December 8, 2018 by itnerd

Martello Technologies Group Inc. was recently named a recipient of the Employees’ Choice Awards 2018-19. This is the third time Martello has been recognized with this award, which is designed to identify, recognize and honour the best places of employment in the National Capital Region

This annual competition is organized by the Ottawa Business Journal, theOttawa Board of Trade and sponsored by Meldrum Horne & Associates. The recipient companies were celebrated at a cocktail awards reception on Thursday, December 6th at Marshes Golf Club. They will also be profiled in OBJ’s January 2019 issue. This survey and awards program was designed to identify, recognize and honour the best places of employment in the National Capital Region, benefiting the region’s economy, its work force and businesses. The Employee’s Choice Awards list is made up of a total of 10 companies.

As demonstrated in the Board of Trade’s recent report, “Skilled Labour Shortages, Immigrants and Hidden Talent,” 63 percent of respondents in the 2018 Ottawa Business Growth Survey reported that talent acquisition and retention is one of their most important business issues.

Organizations from across the region entered the survey process to determine the list of recipients. The survey process consisted of an employee survey to measure the employee experience. The scores determined the top organizations and the final ranking. Best Companies Group managed the overall registration, survey and analysis process and determined the final rankings.

For more information on the Employees’ Choice Awards program, visit www.employeeschoice.ca.

Australia Passes A New Encryption Law That Qualifies As The Worst Idea Ever

Posted in Commentary with tags on December 7, 2018 by itnerd

Australia has passed a new encryption law which the folks down under claim is essential for national security and an important part of law enforcement efforts in fighting terrorism. Essentially, the legislation allows for law enforcement and select government agencies to ask for three different levels of assistance from technology companies in accessing encrypted messages. CNET details those three levels:

  • Technical assistance request: A notice to provide “voluntary assistance” to law enforcement for “safeguarding of national security and the enforcement of the law.”
  • Technical assistance notice: A notice requiring tech companies to offer decryption “they are already capable of providing that is reasonable, proportionate, practicable and technically feasible” where the company already has the “existing means” to decrypt communications (e.g. where messages aren’t end-to-end encrypted).
  • Technical capability notice: A notice issued by the attorney general, requiring tech companies to “build a new capability” to decrypt communications for law enforcement. The bill stipulates this can’t include capabilities that “remove electronic protection, such as encryption.”

This is the dumbest idea ever on a number of levels. First, it sets a dangerous precedent that other countries might be stupid enough to follow. Second, there is almost zero chance that an Apple or Google will willingly go along with this. Finally, you have to trust Australia can keep secrets as what they want is a backdoor. The problem with that is that no government in the history of the universe can keep a secret and you can bet that whatever backdoor access they want will either fall into the wrong hands or get used for something that it was never intended for. That of course is bad.

Australia seriously needs to rethink this because they’re really out to lunch here.

Pulse Secure Expands Zero Trust Security For IoT

Posted in Commentary with tags on December 6, 2018 by itnerd

Pulse Secure, the leading provider of Secure Access solutions to both enterprises and service providers, today announced the release of Pulse Policy Secure (PPS) 9.0R3 to extend its Zero Trust Security model to IIoT devices and smart factories. The new version enables factories to streamline machinery repairs and diminish costly production downtime through IT-managed secure access. It also secures networks by expanding its behavioral analytics to IoT devices, detecting anomalies and preventing their compromise.

 

Pulse Policy Secure (PPS) is an integral part of Pulse Secure’s combined VPN and NAC solution that provides corporate networks with Zero Trust Security through visibility, “comply to connect” policy enforcement and security orchestration with popular network and security infrastructure. PPS dynamically profiles the network to discover, classify and apply policy to IoT devices, and includes a built-in IoT device identification library.  The solution also integrates with Next Generation Firewall (NGFW) solutions to provide identity and device security state data, as well as to fortify micro-segmentation to isolate and manage IoT devices on enterprises networks.

PPS 9.0 extends the Zero Trust Security model to IIoT devices used in smart factories and buildings, with blended IT and OT environments. It automatically discovers and profiles IIoT systems, such as factory floor SCADAs, PLCs and HMIs, or office building HVAC systems, providing dynamic visibility and securing them by enforcing policies for local and remote access by authorized users and contractors. PPS 9.0 also automatically provisions IIoT devices to next-generation firewalls (NGFWs) to facilitate remote access without provisioning overhead.

The latest release of PPS also provides sophisticated behavioral analytics that alert security teams of anomalous IoT device behavior and automatically requires added factors of authentication. PPS 9.0 builds baseline behavior profiles for managed and unmanaged IoT devices utilizing information correlated from multiple sources such as NetFlow, user and device data. With these profiles, the platform detects anomalous activity, malware infections and domain generation attacks, allowing security teams to be more responsive to threats and take preemptive measures before attacks succeed.

The new PPS 9.0 IoT support also provides practical relief for the frequent and costly issue of factory floor equipment outages. Aberdeen recently reported that 82 percent of companies reported unplanned downtime in the past three years, which can cost a company as much as $260,000 an hour.

The resulting downtime breaks production and lowers profit, because factory floor repairs often take days when security requirements mandate that service technicians physically visit the factory to diagnose and repair the problem. The latest PPS release works seamlessly with Pulse Connect Secure to solve the problem in an innovative way. The combined NAC and VPN approach enables IT teams to grant remote secure access—authenticated and encrypted—to support contractors for expedited repair and return to service of factory IIoT systems for greater uptime and productivity. IT teams ensure security with remote zero-trust access via auto-provisioned NGFWs, and by enforcing security policies that authenticate contractors based on their technician role, endpoint device status and authorization to work on the targeted IIoT device.

Availability

The latest features of Pulse Policy Secure 9.0 are available on physical or virtual Pulse Secure Appliances (PSA). Existing customers with PSA appliances under PPS subscription or software maintenance can readily upgrade at no charge. PPS on a virtual appliance with a three-year subscription starts at $31,000 MSRP for 500 concurrent connections. Pulse Connect Secure customers can cost-effectively extend their VPN investment to include network visibility, access control and mobile security with the Pulse Access Suite.

Those interested in learning more on the topic are invited to register for the January 8th, 1 p.m. EST webinar, “Zero Trust Secure Success for the Industrial Internet of Things.”

Also available is a  blog, “Pulse Secure Access for Industrial Internet of Things (IIoT),” authored by James Tolosa, senior product marketing manager at Pulse Secure.