To prevent security breaches and data loss, organizations have directed a lot of time, effort, and capital spend toward security initiatives. Even the most advanced “next generation” application layer firewalls filtering malicious traffic at the network perimeter have only revealed equal if not greater threats within. To help counter this internal threat, organizations have invested heavily in internal monitoring and other advanced security controls that inspect traffic at all layers of the OSI stack to identify malicious activity and stop it before it reaches the destination, or to issue an alert on the activity alone. While these initiatives have been helpful, they rely on a connection first being malicious or a trigger on a pre-established set of criteria before any bells and whistles sound or prevention techniques are applied. By throwing more technology and controls at the problem, networks have become a chaotic mess of watchers, gatekeepers, and agents as more and more technologies and controls are thrown into it, with legitimate business traffic trying to navigate its way to through it all. Yet breaches are still occurring at an alarming rate – leaving organizations looking to a different approach. Zero Trust is gaining momentum as a different lens to data and network security. It casts aside complete reliance on a decades-old and easily neglected least privilege/whitelisting model by eliminating trust from every communication packet on the network, whether it originated from inside the organization or outside, and looks to gain confidence that the packet is legitimate. In short, rather than the traditional “trust but verify” approach, it never trusts and always verifies all traffic. Zero Trust is built on a set of foundational principles or tenets: All network flows are authenticated before being processed and access is determined by dynamic policy. In a Zero Trust Network (ZTN), confidence must be gained in a requestor of access before access can be granted, and that confidence does not traverse the network. Authentication may involve an evaluation of attributes in identity or other artifacts, asset state, requestor state, behavioral attributes, and others. The transaction requiring authentication is evaluated against an ever-changing policy based on that transaction’s behavior over time. All transaction flows are cataloged in order to enforce access. Understanding what you’re trying to protect is just as important as where it is going. Assets (basically, anything with an IP address as well as data sources) must have value. Classification of data as well as its location must be known if it is to be protected. Mapping and cataloging network flows to assets will help build access policies and reveal expected and unexpected traffic patterns. Security (authentication and encryption) is applied to all communications independent of location and must be performed at the application layer closest to the asset in the network. Communications must be secured and access requests from systems located within the enterprise network must meet the same requirements as external systems. Application layer security applied as close to the asset as possible eliminates upstream threats. Comprehensive vulnerability and patch management procedures must be followed. Device security issues will persist and, as such, a comprehensive vulnerability and patch management program will keep enterprise-owned devices in their most protected and functioning state. Continuous monitoring of device and application state is required to identify and address security vulnerabilities as needed, or act on their access privileges accordingly. Technology is utilized for automation in support of user/asset access and other policy decisions. A Zero Trust architecture requires automation, especially in support of dynamic policy, authorization, and authentication. Automated technology must be used in obtaining access, scanning and assessing threats, adapting to behavior changes, and continually re-evaluating confidence in communications. All traffic is controlled and monitored as access is provided. Effective monitoring must be performed to improve security posture, and create, adjust, and enforce policy. Working in conjunction with automation, advanced analytics involving user and device behavior will provide that defenses are automatically appropriated and aligned before actual incidents occur. The general concept of Zero Trust applied with the above tenets serves as guidance in developing a Zero Trust Architecture (ZTA). The ZTA involves not only implemented and interconnected tools and advanced technologies, but also a set of operational policies and authentication requirements that enforce the Zero Trust principles. A ZTA can be implemented in various ways depending on an organization’s use case, business flows, and risk profile. While each approach applies different components and technologies, such as enhanced identity, micro-segmentation, and software-defined perimeters, any approach should implement all the above tenets. Learn about AT&T Cybersecurity Consulting’s Zero Trust Readiness Asset here.
About Brand PostThis author has not yet filled in any details.
So far Brand Post has created 61 blog entries.
State and local governments and educational (SLED) institutions face many of the same security challenges as other organizations, but often with less man power and budget, and more regulations that must be closely followed. For example, a local government may have a small seven-person team maintaining and managing network security and access to critical resources for thousands of users across an entire county. Or a public college in a hurricane-prone region must ensure business continuity for 11 campuses with limited resources. Unlike their commercial counterparts, security leaders in SLED organizations do not have the latitude to break down departmental silos or move operations to more favorable locations. They must secure whatever data, applications, and user groups exist in their organization, while adhering to budget and regulatory constraints. Operational efficiency is key for the continued success of SLED organizations. Here, we will outline three ways in which the Fabric Management Center enhances the value of the Fortinet Security Fabric for SLED customers. Centralized Management While organizations and networks can scale rapidly, network and security operations teams often struggle to keep up. This is especially true in SLED organizations. For example, when the local government in Salt Lake County, Utah scaled its FortiGate footprint from twelve firewalls to 55 individual FortiGate NGFWs, security leaders realized the need for greater visibility and centralized control. FortiManager, the automation-driven centralized management component of the Fabric Management Center, was the perfect way to simplify network operations across all 55 firewalls. As Salt Lake County’s information security analyst explains, “It definitely is a huge advantage being able to centrally manage the devices—it saves time to where you have redundancies. You only have to manage it once instead of 55 times. If I had to go change a policy stack on ten firewalls, that is an hour and a half, [but with FortiManager] that’s five minutes.” Central Log Management and Analytics Logs are an important source of truth for root-cause analysis, for operational issues, threat analysis, and for compliance reporting and audits. Small security teams can quickly become overloaded with data from various logs gathered from security devices and third party sources. The FortiAnalyzer component of the Fabric Management Center aggregates these logs and readily scales to support long-term or large-volume log retention requirements. Log storage was an important factor for St. Petersburg College, which serves more than 30,000 students at 11 locations along the central Florida coast. Its FortiGate-VM firewalls, deployed in the Oracle Cloud Infrastructure, are configured to block any suspicious content requests. FortiGate automatically blocks the content at the network edge and sends the associated logs to FortiAnalyzer. Then, analysts will review the security logs and flag false positives as exceptions to the default-deny policy. To support this process and enable forensic investigation and external audit responses, the college has chosen to retain logs for five years. According to St. Petersburg CTO David Creamer, consolidating log collection into a single tool and interface has been a huge asset. “My team simply would not be able to gather and analyze log data in the same way without the FortiAnalyzer user interface,” he notes. Now, St. Petersburg’s team is able to rapidly inspect alerts on a daily basis, manage exceptions to their security policies, and quickly generate reports based upon collected data. These capabilities reduce the log analysis time and allow the team to generate reports more quickly than their previous solution. Analysis speed is another important benefit of the Fabric Management Center. For example, at Westminster School in Marion, Australia, a student had been accused of posting inappropriate comments on a website. Former Westminster Director of ICT Services Keith Rutherford remembers: “Within two minutes, we got into [FortiAnalyzer], we found out exactly what he was doing at the time the post was made, and we proved without any doubt that it was not him.” Fabric Automation Due to a shortage of security analysts and administrators, SLED organizations are looking for ways to automate and orchestrate workflows and enforce security policies consistently. Reaching across on-premises and multi-cloud environments, the Fabric Management Center provides automation and orchestration capabilities via connectors, automation hooks, and real-time alerts. St. Petersburg College is leveraging the automation capabilities in the Fabric Management Center to feed security logs from the content access requests to FortiAnalyzer. On the other hand, Westminster School has set up an automated process that enables teachers to control access to certain websites during their classes, without having to log an ICT help desk call. They also leveraged the automated functionality and industry-leading continuous risk assessment features to achieve a more intelligent system that is constantly updating upon, and evaluating, the School’s network practices. Tailoring the Fabric Management Center to the Organizations Needs By delivering enhanced visibility and insights across the entire architecture, the Fabric Management Center can help you uncover numerous opportunities to simplify your operations and improve efficiencies. Whether you need to economically deploy security at scale, expertly manage your architecture with minimal staff, or be ready to respond quickly to regulatory or internal audits, Fortinet can help you tailor the Fabric Management Center to your organization’s needs. Learn more about how Fortinet’s Fabric Management Center enables enterprise-class automation capabilities while helping network leaders realize industry-leading benefits like improved efficiency, reduced risk, and decreased TCO.
Just a few weeks ago several federal agencies, including the HHS and the FBI, issued a joint cybersecurity advisory warning healthcare organizations about an increased and imminent cybercrime threat from Russian criminal groups targeting hospitals with Ryuk ransomware. We at CyberMaxx have also issued threats to our customers warning of Maze ransomware targeting Cognizant. “The threat of a ransomware attack on healthcare organizations has never been more real, and the sophistication of bad actors and their attacks have grown tremendously over the past few months,” says Thomas Lewis, CEO of CyberMaxx. What makes these cyberattacks so potent is their ability to go unnoticed weeks or even months before they execute encryption of the victim’s data files. This gives malicious actors insight into the most valuable resources and systems which they leverage as ransom. Don’t think it could happen to your organization? To date, our friends at CrowdStrike found that threat actors targeting enterprise environments with Ryuk have netted over $3 million dollars since it was introduced in August. We’ve pulled together best practices and steps you can take to better protect your network from ransomware. While there’s no one way to protect your network, implementing a combination of these steps will help minimize exposure. Beef up end-user education on identifying phishing attacks Create monthly user education and reminders to help end-users better spot suspicious emails and documents before it’s too late. Additionally, set up parameters so that employees have to pick a strong password and change them frequently – quarterly or bi-annually. Expert tip: Disable macros for documents received via email. Phishing emails commonly attach macro-infected word documents that deliver ransomware and hold networks hostage. Employ a layered security approach that maps to the “Cyber Kill Chain” The ability to gain visibility and enforce policy at multiple points on the cyber kill chain is a must for enterprise organizations. Many organizations rely on protections only in a few locations, such as relying solely on perimeter protections. This not a good practice. Make sure you have sufficient network, endpoint, server, and application visibility and enforcement, both on-prem and in the cloud. Deploy a next-generation endpoint protection solution Endpoints are one of the most vulnerable aspects of your environment – so it’s key to deploy a best-in-breed solution. Next-generation endpoint protection solutions like CrowdStrike Falcon include machine learning capabilities that can spot suspicious files and provide attack indicators faster than anything else on the market. Managed endpoint solutions offer a dedicated cybersecurity team with experts who monitor endpoints, perform strategic analyses, and detect behavioral anomalies. At CyberMaxx we’ve partnered with CrowdStrike to offer dynamic endpoint solution that alerts users to potential threats, while simultaneously taking action to prevent any damage to the endpoints. Reduce the surface area of attack Employ a Patch Management Policy that encompasses devices and software in your network. Keep a log of when devices and software were last patched and follow a patching schedule. Expert tip: A basic reoccurring calendar invite can help hold you and your team accountable to a strict schedule for patching. Employ GeoIP Filtering to help block Internet traffic from countries you don’t do business with and reduce exposure. Leverage a Least Privileges Model. Restrict users to only the permissions that they need for their job functions – this limits the spread of ransomware and lateral movement. Ensure you have a Backup and Recovery Plan. Follow the old but time-honored '3-2-1' rule for system/data backups: At least three copies, on two devices, and one offsite. Test the restoration process often to easily recover from a ransomware incident. Employ Multi-Factor Authentication. This can help neutralize credential harvesting, protect passwords, and help alert you to potential attacks and reduce lateral movement. Monitor capabilities to identify malicious activity 24x7 Leverage industry-specific threat intelligence. Finding a cybersecurity company with expertise in the field will provide access to the most up-to-date and comprehensive data on new/active threats. A managed solution is also highly recommended considering dynamic scope of IT security. With a rapidly evolving technology and cyberthreat landscape it’s important to have the most knowledgeable team available. Extending your team and security through a managed solution can provide optimal security 24/7/365. Next Steps Want to dive deeper into the latest in healthcare cybersecurity? Check out the Future of Cybersecurity in Healthcare e-book. Ready to see CyberMaxx for yourself? Contact us now for a free trial.
In this episode of the Strengthen and Streamline Your Security podcast, we look at how an identity-based security framework can help organizations let users work from anywhere while securing them seamlessly. We’ll hear fresh insights from three experts: Joy Chik, Corporate Vice President of Identity with Microsoft; Peter Hesse, Chief Security Officer at 10 Pearls; and Bob Bragdon, senior vice president and managing director of CSO.
Cybersecurity is first and foremost a business challenge. Many companies began recognizing this as digital transformation initiatives accelerated last year due to the pandemic, expanding the attack surface and associated cyber risks. For businesses uncertain about how to create a security-first mindset across the organization, here are five key considerations. Align security with business objectives and outcomes. As C-suite stakeholders develop, change, and implement their overall business objectives, it’s important for CISOs and security leaders to engage in that conversation from the start. Having immediate line-of-sight into the business objectives helps security leaders develop a customized, scalable, and highly secure system to help reach desired business outcomes. Over time, we will see more CFOs blending their roles to become more integrated with CISOs, helping the company connect security investments and risks to the bottom line. Start the conversation by identifying the business benefits of security. For example, better security means the company doesn’t have to shut down operations because of a breach, which leads to less downtime and greater productivity. Together, the entire C-suite should determine which cybersecurity measures best serve the company's existing and future business outcomes, along with financial interests. Forget short-term ROI metrics. Business leaders looking to tie security to business outcomes need to think less about short-term ROI and start thinking about security as a long-term investment. It’s tough to justify results if security gets bundled into a short-term ROI metric. That’s why for years security was sold as an insurance policy – it was something business executives could understand. Of course, when that happened security programs went nowhere because too often business executives didn’t understand the risks – or they were willing to take their chances. Today, they have no choice. The threats – and the negative impact to the business in the form of downtime, lost revenue, and damaged IT equipment – are well documented. As we look at what sets a strong security posture vs. a less mature one, it starts with executives reaching agreement and understanding the long-term benefits of a robust security program. The odds of success increase immeasurably if a company can nurture the long-term support of a security-first mindset. While many companies are applying financial constraints because of COVID, cutting security investments to achieve a short-term ROI can lead to a disastrous short-term outcome with potentially no long-term options. Set the tone at the top. CEOs need to take a leadership role with security. Security programs work best when CEOs position security as a critical element that makes the company stronger, safer, and more strategic. Strong security makes it possible for business leaders to focus on what’s most important – innovation, market growth, and profitability. Too often CISOs and security leaders develop security programs for the business that are shared once a year with employees. Unfortunately, they are not revisited or communicated often enough for them to resonate and have the desired business impact. Outdated misconceptions and practices still linger, as security teams are left as the the sole communicators and the only team responsible for company security practices. There’s a communication and education gap that needs filling as companies adopt the security-first mindset. How do companies fill that gap? Make security a routine topic of business discussion in staff meetings, employee training, end-of-year evaluations, business strategy sessions, budget planning meetings, and mergers and acquisition evaluations. Security belongs to everyone. The security-first mindset brings security front and center to the business – in turn establishing the need for more discussion on the agenda. Continuously assess risk. For any business to adapt and change, it’s critical to continuously assess risk. Understanding how companies will handle business disruptions in the event of something unforeseen means that an organization must understand the risks. As organizations go through digital transformation, they must determine their appetite for risk and the rate of change they can absorb. Part of the planning process needs to include ongoing risk assessment at the strategic, tactical, and operational levels. Companies should determine the risks to any plan and in the event of a disruption, have a nimble enough strategy to avoid any identified risks. Any strong cybersecurity practice works in tandem with line-of-business managers to continuously identify risk and its impact on the business. Create a shared responsibility model for employees. It’s more important than ever for businesses to educate employees in their shared responsibility for security. After all, the human element represents most of the risk in any organization. As part of this education, employees need to understand that security enables the business and the work that they do. For example, better authentication methods make it easier for employees to access applications and do their jobs. If employees are connected to their work, they will connect to the need for better security. Without diving into the technical components of security, executives can share and model the security-first mindset in a more personalized way that connects with their employees. For example, when sharing the impact of compromised credentials and ransomware, execs can communicate that these cyber threats don’t just happen in the workplace, but take place on personal devices as well. Security belongs to every employee in the company, from the C-suite down to interns – every employee owns a piece of the exposed attack surface. However, security programs work best when everyone understands that security makes the business stronger and their jobs easier. Watch this video to learn how AT&T Cybersecurity can help make it safer for your business to innovate.
The holiday countdown has begun and shoppers are gearing up to check off their gift lists. This time of year normally sees shoppers perusing the aisles in big box stores and shopping malls for the perfects gifts, but this year will be a little different. Many shoppers will be relying on e-commerce for most—if not all—of their holiday shopping needs. Shoppers are populating e-commerce websites, creating more traffic than they’ve seen in previous years. Digital gift card sales are also likely to increase. However, given the spike in digital activity predicted over the holidays, cybercriminals, too, will be making their lists and checking them twice. It’s a particularly risky time of the year as shoppers of all ages (including some with less experience recognizing digital threats) flock to search engines and online channels to place orders before holiday delivery date cutoffs. Opportunistic hackers know just how to create enticing, seasonally-appropriate lures—even some of the simplest scams can fool adept online shoppers. Here are some of the most common cyber threats to prepare for during the holidays—along with a few unique outliers we’re expecting to see this season as a result of the pandemic. Online Holiday Gift Scams Gift cards are a common vector for cyber criminals and scammers, since stealing the money loaded onto them is like stealing cash: Once it’s taken, there’s virtually no way for a victim to get it back (unlike credit card transactions, which allow chargebacks). This is by no means a new tactic, but during the holidays, phony requests from friends or family members to buy gift cards may suddenly show up in your inbox. Attackers will impersonate someone you know and trust, then request you purchase gift card and send them a code. The easiest way to avoid this scam is to simply confirm with the supposed requester outside of email. Around the holiday season, when gift card purchases spike, thieves are on the lookout for easy ways to take advantage. Some will go as far as to manipulate gift cards sold in stores, scratching off the layer of protective coating to write down pin numbers, and then “replacing” the coating with a sticker so it looks brand new. Scammers will plug those PINs into software that sends an alert once someone has purchased and activated their gift card—and then proceed to drain all its funds. Additionally, fake e-commerce websites often make an appearance during the holidays. They are often designed to lure shoppers in with unbelievable deals, only to ask for suspicious forms of payments. These sites will often require direct payments from your banks, wire transfers, or gifts card as forms of payment. When visiting a website for the first time, do some research. Make sure the company has a phone number and address listed and look up reviews about that particular site before purchasing. Another common gift card-related ploy is the account takeover attack (ATO). These attacks tend to spike around the holidays. A cybercriminal first uses credential stuffing or password spraying tactics to obtain account credentials for a particular e-commerce platform. They then use this information to make purchases by using that account information, often buying high-value electronic gift cards in bulk before promptly spending those gift cards to avoid being tracked down. The best way to avoid becoming the target of gift card scams is to remain vigilant and follow the best practices listed below: Set a strong password for every online account, making sure not to repeat the same password across any two platforms. Use a password management app to keep track of different accounts. Regularly update your login credentials and monitor your payment accounts for signs of unusual activity. If you purchase gift cards in stores, visually inspect them for signs of tampering before loading funds and stick with retailers who keep their gift cards secured behind a checkout counter. Never agree to pay for online purchases in gift cards when prompted via email—in these instances, the item you’re trying to “purchase” probably doesn’t exist. Stick with retailers you know and trust, and make sure the site’s checkout system is secure. Credit cards are the best way to pay since most offer some level of fraud protection. Video Conferencing Phishing Scams Increased reliance on online shopping isn’t the only thing changing this holiday season. If your family, like many around the globe, is celebrating holidays virtually rather than in person, be on the lookout for certain social interaction-based scams. Since the onset of COVID-19, businesses were forced to transition the majority of their employees to remote work, resulting in an increased reliance on video conferencing. And cybercriminals have been all over popular video conferencing platforms since the pandemic first took hold in the first few months of 2020. As a result, cybercriminals have begun to execute phishing campaigns that take advantage of these video-based platforms. These phishing attempts involve emails containing phony links that prompt the user to download a new version of their video conferencing software. The link directs them to a third-party website where the user can download an installer. In some cases, the program does install the video conferencing software—but whether it does or doesn’t, it also loads a remote-access Trojan malware program on the host. This program gives scammers access to the user’s sensitive data and information, which is either sold on the Black Market or leveraged for identity theft. Other phishing attempts prey on remote employees waiting to receive emailed invitations with links to video calls. In these instances, scammers send out links that bring the user to a fake login page (that looks much like the real thing) in an attempt to steal login credentials. If successful, these attackers will attempt to use these credentials to gain access to corporate accounts and networks. To avoid video conferencing scams, always follow cybersecurity best practices: Look at the sender’s email address before clicking on emailed links or downloading attachments, even if they appear to come from a trusted source. In most cases, phishing emails are sent from addresses that do not contain the supposed sender’s organization’s legitimate web address. Educate employees, family members, and friends about what to avoid and keep devices updated with the latest security software. Phishing, Smishing, Vishing: Threats Aren’t Limited to the Desktop Video conferencing-themed phishing attempts are only the tip of the iceberg this holiday season. Unfortunately, other forms of phishing are still on the rise, including those that target your phone or mobile devices. The telephone version of phishing is sometimes referred to as “vishing,” and text message scams are called “smishing” – a play on SMS. Mobile phishing attempts are especially common for e-commerce shoppers. More users than ever rely on their smartphones to make purchases. While these devices may seem less vulnerable to threats, that is actually not the case. Online shoppers may receive fraudulent text messages that appear to come from retailers they’re familiar with, for instance. These messages typically contain a link that, once clicked, redirects to a fraudulent website that looks like the retailer’s legitimate site but is designed to extract your personally identifiable information (PII). Malicious apps, particularly for Android devices, can also be used to skim financial data and credentials. With vishing, cyber criminals use phone calls to solicit PII, relying on “social engineering” tactics (i.e., an urgent message about your recent order) to trick you into providing information such as login credentials or bank account information. Ironically, vishers often leverage our innate fear of cyber scams and attacks to pull off these attacks. For example, a voicemail message may state, “URGENT: Your bank account has been locked due to suspicious activity. Call us back immediately to restore access.” Then, when the victim calls back, they are asked to provide sensitive information that is then stolen and used maliciously. Avoid vishing and smishing by confirming that the phone number from which you received a call or text message does, in fact, belong to the organization claiming to have sent it—before you provide any information. And remember that banks and government agencies rarely contact customers or individuals in this way. Instead, it would be wise to call your bank directly to inquire about the message you received. They’ll be able to tell you whether or not it was legitimate, and will report the incident to the appropriate authorities if it turns out to have been a scam. Final Thoughts on Digital Safety While COVID-19 has transformed the holiday season this year in more ways than one, it’s still possible to enjoy your favorite traditions safely. Thanks to digital platforms, we can connect with family and friends from the comfort and safety of our homes – and check off those gift lists without setting foot in crowded malls and shopping centers. It just requires a new level of vigilance that, itself, can become the new normal. Stay safe online this season by remaining vigilant: Never blindly trust an email, text message, or phone call, especially those that come from unfamiliar numbers or sources. Use common sense to look out for signs of phishing. Update login credentials regularly. And, of course, pass along this information to anyone you believe could benefit from it. Education, after all, is the best weapon in fighting back against cybercrime. Find out more about Fortinet’s NSE Training Institute programs, including the Certification Program, Security Academy Program and Veterans Program, which provide critical cybersecurity training and education to help solve the cyber skills gap and prepare the cybersecurity workforce of tomorrow.
Almost literally overnight in spring 2020, working from home morphed from an option to an outright necessity as organizations around the world closed their offices amid the COVID-19 health crisis. An estimated 62% of employed Americans were doing their jobs remotely as of April 2, 2020—up from about 31% just two weeks earlier.2 Globally, 88% of organizations had encouraged or required their employees to work from home.3 Although this event intensified the pressure on IT teams and executives to ramp up new or expanded support for remote workers, the work-from-home movement had already been accelerating steadily since the start of the new millennium. Many organizations are now using the experience gained from COVID-19 to shape their plans for addressing longer-term remote workforce needs and opportunities. Organizations that invested in cloud-based workplace and remote access capabilities prior to the COVID-19 crisis are adapting more readily than those with systems that were designed mainly for corporate network usage. Both now and in the long term, the advantages of enabling employees to work productively, securely, and happily—from anywhere and at any time they choose—have never been clearer. Responsive services for dynamic requirements With the multitude of other mission-critical tasks that compete for your IT department’s finite attention, bringing in an experienced and responsive services provider to handle your remote workplace requirements could be pivotal to your long-term success. How do you decide whether a services approach is right for your organization and what capabilities to expect from a provider? Start by examining the specific IT demands of a work-from-home setup that typically add complexity and risk for your organization as well as individual employees. Once you recognize where your greatest pain points and gaps lie, you’ll be better equipped to choose the right partner. Manageability that stays a step ahead of user needs Moving your organization’s IT environment to the cloud not only opens greater opportunities for employees to work remotely but also gives them access to a broader array of technologies and more satisfying ways to collaborate. However, the related demands of managing additional end-user devices with multiple operating systems (OSs) could overwhelm an already time- and budget-strapped IT team. Many organizations are bringing in a service provider to help automate device management tasks and use analytics platforms to resolve issues before they affect employees. This type of arrangement really starts to make business sense when a provider can demonstrate that its services will reduce overall costs, complexity, and in-house support across a cloud-based environment. Some important considerations include: How extensively will this service provider monitor my device health and security? Will I receive actionable insights into the performance of users’ notebooks, workstations, and mobile devices across my multi-OS environment? Can the provider analyze and report on which devices are connected to my network and what apps are installed on them? Will I receive fast and complete details on the causes of system errors or crashes? How does the provider stay on top of whether connected devices comply with my organization’s security policies? Security that goes where data, devices, and employees do Safeguarding devices and data against increasingly sophisticated cyberattacks as well as accidental breaches is a perennial focus for IT professionals. The security challenges multiply as employees spend more time working remotely. Potential risks emerge whenever someone logs into the corporate network using a personal device, accesses sensitive information on home or public Wi-Fi connection, or travels with a company-issued device. To be effective, you need a security approach that protects your organization without adding complexity to employees’ roles or impeding their productivity. You also have to balance your IT team’s security work alongside myriad other priorities. Here are some key areas to explore: Can this security services provider help add defenses around my remote work environment quickly— without increasing the in-house IT workload? Does the provider offer integrated protection across endpoint devices, cloud-based applications, network hardware, and web touchpoints? Does the provider have a deep bench of security experts, and how much ongoing support will my IT department consistently receive from them? Can I count on these services to proactively identify and resolve potential security risks before they cause actual damage? What’s the provider’s approach to keeping security unobtrusive for employees so they can stay focused on their day-to-day work? When IT does more, so can your employees Organizations of all sizes are discovering the benefits of adopting managed services to support an increasingly mobile and remote workforce. When you’re ready to expand the possibilities for device deployment, management, and security across your organization, HP Services can help assess your specific requirements and line up potential solutions. We have decades of experience meeting the needs of customers in all industries through: HP Lifecycle Services that help keep employees happy, productive, and more engaged—by improving how they work HP Manageability Services that reduce the cost and complexity of managing end-user devices and simplify IT workloads—enabling a better employee experience HP Security Services that comprehensively protect devices and data against threats—allowing employees to work when and where they want, without putting the organization at risk HP Services helps businesses adapt and compete as circumstances change – which is even more important in uncertain times. With HP, IT can focus people and resources on the things that drive business forward. Sources 1 HP Proprietary Research, 2020. 2 Gallup Panel, conducted March 30-April 2, 2020. 3 Facility Executive, “Most Employees Are Working From Home Due To COVID-19,” March 19, 2020.
Everything IT manages on a day-to-day basis has grown in size and complexity – more devices, more apps, more data, and more vendors ‒ and remote work and security have become the natural focus. As IT takes a more visible role, it creates major opportunities for strategic IT initiatives. However, it also puts significant pressure on IT leaders to make sure daily operations are secure and employees are engaged and productive. That’s why third-party services relationships are now essential to running a successful IT organization. Managing a secure, remote workforce Today’s workforce now relies on anywhere/anytime access; according to recent Gallup research, 62% of U.S. employees are now working entirely from home.1 And while this provides benefits for employee productivity, the increase in devices also increases exposure to security threats. IT leaders look to services experts to help manage the devices and keep them secure. Making sense of the data Large amounts of data have become essential to business operations, but it can be overwhelming to manage. 73.4% of executives say that business adoption of big data and AI initiatives continues to be a challenge for their organizations,2 revealing the need for services partners with the expertise and resources to manage the data, analyze it, and create actionable information. Participating in the service economy While businesses continue to take on more data and devices, consumer buying behavior is shifting to services. That’s why companies seek services vendors who can take on functional and tactical tasks and offer strategic oversight on everything from device usage to enterprise risk management. Ensuring continuity Managed services play an important role for businesses looking to build capabilities and subscribe to services or solutions on flexible terms. With HP Services as a partner, your organization is supported with intelligent solutions that streamline, secure, and optimize IT service delivery. And when IT does more, so can your employees. To learn more about HP Security Services, go here. Sources: 1 “U.S. Workers Discovering Affinity for Remote Work,” Gallup, April 2020. 2 New Vantage Partners, Big Data and Executive Survey 2019, 2019.
Cyberattacks are targeting endpoints – and it’s a growing trend. Ponemon recently surveyed 671 IT and IT security professionals from global companies. Sixty-eight percent of respondents said the frequency of attacks has increased over the past 12 months. More than half of respondents (51%) said their organizations are ineffective at surfacing threats because their endpoint security solutions are not effective at detecting advanced attacks.1 It’s no surprise, as cybercriminals have become more sophisticated and devices more complex to secure. Here are five reasons why your endpoints could be leaving you vulnerable. The workplace is decentralized Where employees were once confined to an office, they’re now spread across locations and time zones: according to recent Gallup research, 62% of U.S. employees are now working entirely from home.2 Increased flexibility brings increased risk. More employees log on to personal devices for work, and 60% of these devices are not monitored for security3 – making it challenging to keep tech protected. Moreover, the COVID-19 pandemic has had a profound effect on the way organizations conduct business. According to IDG’s Security Priorities Study, released in November, the pandemic has changed the way organizations assess risks and respond to threats—permanently. For their part, threat actors know that many people are working from home and are likely more vulnerable. Employees can miss threats Many successful cyberattacks depend on human weakness. Over half of breaches in small and medium companies are caused by human error, found Ponemon.4 And there’s plenty of opportunity for employees to become a victim of cybercrime: one in ten emails reported by users are identified as malicious.5 Antivirus is no longer enough To sufficiently protect endpoints, organizations need to think past traditional antivirus software. Over half of endpoint attacks are missed by antivirus1, and zero-day attacks are ready to exploit security vulnerabilities. Released into systems, for example through clicking links or downloading files from emails or browsers, zero-day threats are four times more likely to compromise organizations than a known attack.1 A lack of visibility compromises safety A breach is quick to cause disruption and systems can be compromised within minutes. Yet, two thirds of breaches aren’t discovered until months after the attack.6 Without a clear oversight of device health, organizations can suffer further financial and data losses. Expertise is in short supply Endpoint security isn’t just about securing devices. Organizations must consider device management and monitoring. Yet, IT departments are feeling the strain. There is a distinct lack of IT professionals available to tackle threats, with a shortfall in the cybersecurity workforce of just under three million.7 From weakest link to best defense Support is available for endpoint security. HP Device as a Service (DaaS) with Proactive Security takes your whole organization beyond traditional antivirus to keep devices safe and employee productivity high. Real-time threat isolation technology insulates zero-day attacks from email attachments, phishing links, browser downloads and file attacks, and stops them spreading – protecting devices from human error and keeping you up and running. Security and threat analytics and reporting with HP TechPulse provides the visibility and insights needed to predict issues and proactively protect devices and data. Plus, with the HP managed service, you can rely on our cybersecurity experts for added security, while reducing the burden on your IT team. HP Security Experts* monitor protection status and analyze threats to safeguard against future attacks – allowing your IT teams to utilize resources to focus on other priority projects. HP DaaS Proactive Security transforms endpoints from your biggest risk to your best defense. And, HP delivers the world’s most secure PCs, a worthy consideration for endpoint security protection.** * Security Experts available in the Proactive Security Enhanced plan only. **Based on HP’s unique and comprehensive security capabilities at no additional cost and HP Manageability Integration Kit’s management of every aspect of a PC including hardware, BIOS and software management using Microsoft System Center Configuration Manager among vendors with >1M unit annual sales as of November 2016 on HP Elite PCs with 7th Gen and higher Intel® Core® Processors, Intel® integrated graphics, and Intel® WLAN, and on HP Workstations with 7th Gen and higher Intel® Core™ Processors as of January 2017. Sources 1 Ponemon Institute, Third Annual Study on the State of Endpoint Security Risk sponsored by Morphisec, January 2020. 2 “U.S. Workers Discovering Affinity for Remote Work,” Gallup, April 2020. 3 HR Dive, Employees use personal devices for work without much oversight, May 2018. 4 Ponemon Institute, 2018 State of Cybersecurity in Small & Medium Size Businesses, November 2018. 5 Cofense, State of Phishing Defense 2018, 2018. 6 Verizon, 2018 Data Breach Investigations report 11th Edition, 2018. 7 ISC2, Cybersecurity professionals focus on developing new skills as workforce gap widens, 2018. HP DaaS plans and/or included components may vary by region or by Authorized HP DaaS Service Partner. Please contact your local HP Representative or Authorized DaaS Partner for specific details in your location. HP services are governed by the applicable HP terms and conditions of service provided or indicated to Customer at the time of purchase. Customer may have additional statutory rights according to applicable local laws, and such rights are not in any way affected by the HP terms and conditions of service or the HP Limited Warranty provided with your HP Product. HP Services are governed by the applicable HP terms and conditions of service provided or indicated to the Customer at the time of purchase. The Customer may have additional statutory rights according to applicable local laws, and such rights are not in any way affected by the HP terms and conditions of service or the HP Limited Warranty provided with an HP product.
With the holiday shopping season settling in, eCommerce growth has continued to skyrocket. In November, the U.S. Department of Commerce reports an almost 37% increase in quarterly retail e-commerce sales, when compared to the previous year. However, with growth come challenges, including a concurrent spike in cyberattacks on e-commerce web infrastructure as more and more consumers flock to these websites. In fact, since the beginning of September, Fortinet’s FortiGuard Labs global threat intelligence and research team showed a very steady, consistent wave of e-commerce attack type attempts. A month later, the team saw over a billion different attempts which is almost a 140% increase. Those responsible for protecting their customers data should operate with two key responsibilities in mind: delivering dynamic and engaging shopping experiences to their customers and securing the web applications that deliver that experience. Securing Your APIs Web applications expose APIs to the outside world to allow customers to purchase using mobile applications and to create more engaging user experiences, but also create a new attack surface. Defend that attack surface by implementing some core best practices for your APIs. The API should only provide access to the data required for the specific use case to prevent abuse. Rate limits should be imposed to prevent abuse of the API for bulk data harvesting. The server should be doing the heavy lifting and only well-vetted authentication and encryption protocols should be used. Rigorous coding standards and practices, such as avoiding the issues outlined in the OWASP API Security Top 10, should be followed. But what if you’re not the developer, and your responsibility is securing the deployment of an application? While your DevOps team is likely the most well versed in the web application, relying on them may not be the best place to implement security controls for your API. Application developers are typically evaluated on feature delivery, uptime, and other metrics. Ideally, security is somewhere on their list, but in practice, consistently making security a top priority is a challenge, especially when a DevOps team may not have extensive cybersecurity skills. While some development teams do focus on application security, unique security approaches from multiple application teams can complicate the learning process and limit visibility for your security team. Without a clear view of security events across all of your web applications, you are exposing your applications — and your organization — to unnecessary and serious risk. Deploying security controls external to the application is critical to give you the clarity and control you need to secure your applications. Protecting Organizations From Online Shopping Threats Web Application Firewalls (WAFs) have been the most commonly deployed methods of protecting applications from common threats like SQL injection attacks and cross-site scripting. However, the attack surface for web applications evolves rapidly and WAF solutions are struggling to keep up. Organizations need to extend the WAF concept to encompass Web Application and API Protection (WAAP). Using an advanced, multi-layer approach is crucial in keeping up with cyber attackers and protecting against new and old vulnerabilities. An API security solution needs to support the following basic API gateway capabilities: Protection against automated attacks, including rate limiting to prevent abuse of your API for either credential abuse or bulk data harvesting The ability to manage API keys that can enable access to specific APIs for your trusted business partners The ability to implement a positive security model, validating users input against the developer’s own definitions, in OpenAPI or other formats A modern WAF solution that incorporates these key API security controls can make deploying and maintaining the APIs that underpin the ecommerce applications that your customers rely on. Fortinet’s WAF Solution: FortiWeb If your API has already been deployed and has no security solution in place, it is not too late to implement one. A solution like FortiWeb Cloud can be easily deployed and managed within minutes. FortiWeb’s WAF solution provide advanced security features to defend your web applications and APIs from new, old, and unknown threats. Protections for each application is customized through FortiWeb machine learning (ML), removing the time-consuming process of manual policy tuning. With ML, FortiWeb identifies anomalies and examines them to distinguish between benign and malicious anomalies. Deployment options include hardware appliances, virtual machines, data center containers, or cloud-native Saas solutions to protect business applications are also available. Securing your web applications and APIs is most efficiently done through restricting API resources and implementing a multi-layer WAAP approach. Holiday shopping season is already an attractive target for cybercriminals, so a dedicated approach to web security is necessary. Explore how FortiWeb Cloud can secure your APIs with a free trial available through AWS, Azure, and Google Marketplaces.