Tips, Expertise, Articles and Advice from the Pro's for Your Website or Blog to Succeed
We've all heard a lot about digital transformation and how it affects the IT world. Each of these technologies, whether it's big data, the Internet of Things (IoT), or cloud computing, has made a significant contribution to a range of enterprises. Few people, however, talk about the complexity they add, especially in the context of business network infrastructures.
The fences are crumbling, and there is a hazy peripheral that is causing security concerns.
"Security is always going to be a cat and mouse game because there'll be people out there that are hunting for the zero day award, you have people that don't have configuration management, don't have vulnerability management, don't have patch management." - Kevin Mitnick (American Businessman)
Work culture has changed a lot recently. The ability to work from anywhere and at any time has become comfortable for employees, which in turn has brightened up things for hackers too. These days, sites are being bombarded by hack attacks from groups of hackers who later claim responsibility for the incident and make demands. There are a few pain points where hackers start their games.
Let's look into those vulnerable spots one by one.
The recent surge in Work-From-Home, triggered by the COVID-19 crisis, is here to stay and the first sign of it is that "WFH" has been added to the alphabet soup of jargons crowding the technology industry. WFH, however, has also created a fresh set of challenges for organizations to protect their intellectual assets from cyberattacks. It’s a no-brainer to say that our home networks are far more vulnerable than enterprise networks. Companies are leveraging this crisis to meet immediate needs as well as for building more lasting, longer-term access to a variety of resources in the cloud as well as in the enterprise data center.
As the world logs on to enterprise networks from home, the demand for more secure remote access for employees is at an all-time high. Organizations must prepare for possible cyberattacks on our home IT networks to exploit its vulnerabilities. They need to monitor IT use for signs of malicious behaviour, safeguard sensitive data and assure maximum compliance with privacy and regulatory requirements. Also, the extensive use of cloud services necessitated by the COVID-19 crisis, both on-premise and public, will compel enterprises to reassess this ecosystem and take additional steps to protect it.
IoT is something of a double-edged sword. While it makes life so much simpler to have a smart home with a smart lock, and a Wi-Fi kettle that boils the water for your morning tea automatically, it comes at a price that may cost you significantly more than what’s on the price tag. In IoT security, there are security trade-offs and, unfortunately, these can do more harm than good, and almost make you miss the days when there was nothing “smart” about your TV!
Let’s take a look at some examples to drive home the importance of security before we welcome this technology into our homes, our industries, and our everyday lives.
The number of cyber threats faced by businesses and individual internet users seems to increase by the minute. As such, individuals and enterprises that treat cybersecurity as an afterthought are often prime targets for hackers, data thieves, and malware spreaders.
When such unsavory characters are able to find their way onto private networks, the damage they do can be far-reaching.
We had the opportunity to speak to Greg Bell, CEO, Brian Dye, CPO, and Alan Saldich, CMO of Corelight during the IT Press Tour in San Francisco. Corelight is the enterprise offering of Zeek (formerly Bro) initially developed to protect the severe environment of the Department of Energy and the Energy Sciences Network including the NERSC supercomputing facility at Lawrence Berkeley National Laboratory.
Want to see where threat hunting fits in with the broader security landscape? Check out The Future of Security, Part One.
The threat hunting workflow includes:
It’s hard to ignore Kubernetes nowadays when discussing container orchestration thanks to its robustness and comprehensive features. It is capable of supporting even the most complex apps and services. Despite the wealth of features built into Kubernetes, the platform only provides a set of built-in authentication and authorization mechanisms which all administrators can configure and use—the thing is, in the information security world, this is not enough. You need to optimize security yourself to take it next level.
With security becoming a primary concern in cloud deployment, knowing how to secure Kubernetes properly is a must. Putting a firewall layer on the host cluster is simply not enough, even though taking care of host security across all servers running Kubernetes containers can help.
When you hear about a massive data breach in the news, it usually involves a large company that has been targeted by cybercriminals. But some of the most dangerous attacks actually occur on a smaller scale because of the vulnerabilities in a single user's online accounts or devices.
At the individual level, the best decision you can make to protect your privacy is to invest in a reliable virtual private network (VPN) client. A VPN encrypts all data as it leaves your device, which means that if a hacker tries to intercept your web traffic, they will be unable to decode it.
This week there were a lot of reports of vulnerable APIs: from flight reservations systems to trading sites and even hot tubs. We also look into best practices for handling special characters in JSON and protecting APIs for mobile applications.
Noam Rotem found a dangerous combination of vulnerabilities in APIs of Amadeus flight booking system and El Al airline:
Today, data is often characterized as the new oil of the digital age. Organizations are leveraging their data to enhance operational efficiency, better the customer experience, increase revenue, and boost growth. In addition, virtually every organization is now collecting data, whether it be from banks and financial institutions or healthcare organizations and industrial manufacturers.
Not only are these businesses all about collecting data, but they are also collecting it from a wide variety of sources at an accelerated pace, resulting in an increasingly complex data environment. Not to mention the business complexities collecting data brings like privacy protection, IP protection, and brand protection. However, data is only useful if it can be securely shared and leveraged across not only an entire organization but also across business partners and third-party suppliers.