Below, security professionals have shared which technologies have influenced summer security trends and how.

Generative AI 

The ongoing proliferation of generative AI technologies is deeply influencing cybersecurity technologies. Existing security products on the market are proving to be highly vulnerable to deepfakes, which are being used to trick unprepared identity verification systems and fool unsuspecting employees. We’ve seen an AI arms race for detecting deepfakes, yet cyberattacks only escalate, with bad actors social engineering employees using voice, video and image deepfakes. Following a winter and spring of crippling deepfake attacks, businesses are looking to adopt stronger AI-powered cyber defenses by implementing identity verification solutions that focus not on passive detection, but on active prevention of digital injection attacks and the use of AI deepfakes. – Aaron Painter CEO at Nametag. 

Balancing Cybersecurity Strategy with Risk Tolerance

Relying on just one security component barely leads to actual protection. A museum can have the most advanced surveillance system in the world — but without physical measures in place, security personnel can only observe a theft, not prevent it. Along the same lines, even if businesses invest in monitoring tools, they won’t be able to actually respond to threats without an effective incident response plan and the right team to execute it.

A balanced cybersecurity strategy supports tools with people and processes, which play a crucial role in protecting infrastructure without much financial investment. For example, establishing a process that requires business users to annually review their data repository permissions can minimize your attack surface by eliminating superfluous permissions. This process-based approach that emphasizes least privilege security can be particularly helpful for SMBs, as it provides a solid foundation that can be scaled up as the business expands. – Illia Sotnikov,  Security Strategist & Vice President of User Experience at Netwrix

Zero-Trust, EDR and IAM  

Typically, summer months lead to an increase in cybersecurity risks and threats due to employees traveling on vacation and having more relaxed “work from home” policies. It’s crucial that organizations have a heightened alert when it comes to gaining visibility into employee usage and access to corporate devices to pinpoint unusual behavior. Technologies such as Identity and Access Management (IAM), Endpoint Detection and Response (EDR), and Zero-Trust Architecture are being adopted by businesses to secure their organizations and employees.

The concept of Zero-Trust is being adopted by enforcing strict controls over every individual or machine, inside or outside the network, looking to gain access to the environment. “Never trust, always verify”.

EDR platforms are being adopted by organizations to gain visibility into assets, whether that be in the cloud or on-premises devices, to detect abnormal behaviors and allow for quick automated remediation.

Lastly, IAM solutions are being adopted to authorize and authenticate users, including multi-factor authentication, to mitigate unwarranted and suspicious activity. – Jeremy Ventura, Field CISO at Myriad360

Moving Target Defense (MTD)

Moving Target Defense (MTD). This is a technology that can tear down and rebuild a compute environment in seconds, making it nearly impossible for a hacker to gain persistence in the environment. MTD requires the use of containers and specific application conditions, so it demands a lot of implementation effort. However, once in place, an environment becomes extremely difficult to attack. Examples of this technology are Morphisec and Phoenix. – Andrew Plato, author of The Founder’s User Manual and Founder of Zenaciti

Security News

The post Summer Security Trends: Influencing Technologies appeared first on Digital IT News.

Let’s talk about the cause of the CrowdStrike issue, what unscathed companies did right, and what professionals have to say about preventing this from happening again.

What Caused the Software Issue: Lax Software Testing Processes or More?

Many believe adequate software testing would have prevented this catastrophe. However, others have concluded that multiple layers of bugs caused the issue, which is more difficult to catch in a fully automated testing system. 

Even testing for one minute would have discovered these issues …In my mind, that one minute of testing would have been acceptable. – Kyler Middleton, senior principal software engineer at Veradigm

Testing continues to be a significant point of friction [in application development]…Software quality governance requires automation with agile, continuous quality initiatives in the face of constrained QA staff and increasing software complexity…Software testing, both for security and quality, appears to be among the most promising uses for generative AI in other IDC surveys…I am hopeful that the next few years will see improvements in these statistics…However, AI can’t fix the lack of or failure to follow policy and procedures. – IDC analyst Katie Norton

The CrowdStrike flaw was caused by multiple layers of bugs. That includes a content validator software testing tool that should have detected the flaw in the Rapid Release Content configuration template — an indirect method that, in theory, poses less of a risk of causing a system crash than updates to system files themselves …This is a challenge in fully automated systems because they, too, rely on software to progress releases from development through delivery … If there’s a bug in the software somewhere in that CI/CD pipeline … it can lead to a situation like this. So to discover the testing bug in an automated way, you’d have to test the tests. But that’s software, too, so you’d have to test the test that tests the tests and so on. – Gabe Knuth, analyst at TechTarget’s Enterprise Strategy Group.

How Some Companies Went Unscathed

Not every company that got the blue screen of death had to shut down. Some had procedures in place that helped them recover relatively quickly.  

We’ve really focused on business continuity, redundancies, safety nets, and understanding of the difference between cybersecurity as a task and cybersecurity as a cultural commitment of your organization…It’s a validation of our investments while so many of our peers were languishing…The redundancies are numerous…They’re not necessarily terribly sophisticated, but we have literally gone through and said, ‘What are the critical systems of our organization? What is the interplay between them? And if it comes crashing down, what is the plan?’…The reality for cybersecurity and business continuity is the work [must be]done well ahead of the disaster. It has to be part of the fabric of your company, like compliances, like customer service…It’s hard to celebrate cybersecurity—except for the days when you’re the only ones not sweating it. – Andrew Molosky, president and CEO of Tampa-based Chapters Health System

Professionals Input on Preventing A Repeat 

Everyone wants to avoid a repeat. Below is some advice from professionals on preventing this from happening again. 

Phased Check-ins on Endpoint Health

I’m incredibly surprised, even though they call it ‘Rapid Response,’ that [CrowdStrike] doesn’t have some phased approach that allows them to check in on the health of the endpoints that have been deployed … Even with some logical order of customer criticality, they could have circuit breakers to stop a deployment early that they see causes health issues. For example, don’t [update]airlines until your confidence level is higher from seeing the health of endpoints from other customers. –  Andy Domeier, senior director of technology at SPS Commerce

Move Away from Auto-deploying Kernel Module Updates

It is absolutely irresponsible to auto-deploy a kernel module update globally without a health-mediated process or, at least, a recovery path at a lower level of the control plane … Something that remains functional even if the OS deployed on top crashes. – David Strauss, co-founder and CTO at Pantheon

Eliminate Unmanageable Endpoint Complexity

The Windows endpoint environment has reached the point of unmanageable complexity. A steady stream of updates and layering of security features has created a web of complexity that is difficult to manage or fix and therefore promotes risk. Moving Windows to the cloud and replacing the endpoint with a secure by design operating system, such as IGEL OS, can simplify management through centralization and aid in recovery should an outage or breach occur saving millions of dollars in lost productivity. We have grown somewhat numb to the steady stream of data breaches. This latest incident of the shepherd turning on the metaphorical sheep it was protecting highlights that we must consider approaching this problem differently. The move to Windows 11 and the opportunity for cloud transformation, along with the proliferation of SaaS, are proven technologies that can enable a much more secure endpoint strategy. – Jason Mafera, Field CTO at IGEL

Platform, People and Process in Software Testing

It’s not sufficient to just have a great software platform. It’s not sufficient to have highly enabled developers. It’s also not sufficient to just have predefined workflows and governance. All three of those have to come together – Dan Rogers, CEO at LaunchDarkly

Balance Security With Tight Deadlines 

What you don’t want to have happen now is that you’re so worried about making software changes that you have a very long and protracted testing cycle and you end up stifling software innovation  – Dan Rogers, CEO at LaunchDarkly

Security News

The post How to Prevent a CrowdStrike IT Outage Repeat appeared first on Digital IT News.

“I applaud that this consummate consortium of nonprofits has formed to actively protect us against security threats to our digital infrastructure and uphold our open internet, combining their knowledge, skills, and tools for the greatest effect,” said Govind Shivkumar, director of responsible technology at Omidyar Network.

Nonprofit Cyber will initially focus on two priorities: building awareness of the work of cybersecurity nonprofits globally and aligning their work to achieve the greatest effect. Envisioned as a “collaboration-of-equals,” each member organization has committed to work in coordination to better serve Internet users globally. Coalition members must be a 501(c)(3) or 501(c)(6) nonprofit if organized under U.S. law or hold an equivalent status if organized under the laws of another country. More information is available at the coalition’s website NonprofitCyber.org and on Twitter at @NonprofitCyber.

The twenty-two founding members of Nonprofit Cyber are the Anti-Phishing Working Group, the Center for Internet Security, the Center for Threat-Informed Defense, the Cloud Security Alliance, Consumer Reports, CREST International, the Cyber Defence Alliance, the CyberPeace Institute, the Cyber Readiness Institute, the Cyber Threat Alliance, the Cybercrime Support Network, the CyberGreen Institute, the FIDO Alliance, the Forum of Incident Response and Security Teams, the Global Cyber Alliance, the National Cyber Forensics and Training Alliance, the National Cybersecurity Alliance, the Open Web Application Security Project, SAFECode, the Shadowserver Foundation, Sightline Security, and #ShareTheMicInCyber. Tony Sager of CIS and Philip Reitinger of GCA will serve as co-chairs as the organization begins operations.

Nonprofit Cyber welcomes applications for new members that work to implement best practices and solutions at scale. Nonprofit Cyber is focused on these organizations, rather than lobbying or policy development and advocacy organizations, or industry associations.

Information on joining Nonprofit Cyber can be found at its website.

About the Nonprofit Cyber Founding Members

The Anti-Phishing Working Group (APWG) is the international coalition unifying the global response to cybercrime across industry, government and law-enforcement sectors and NGO communities. Learn more at https://apwg.org.

The Center for Internet Security (CIS) makes the connected world a safer place for people, businesses, and governments through our core competencies of collaboration and innovation. Learn more at https://cisecurity.org.

The Center for Threat-Informed Defense (CTID) is a non-profit, privately funded research and development organization whose mission is to advance the state of the art and the state of the practice in threat-informed defense globally. Learn more at https://ctid.mitre-engenuity.org/.

The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. Learn more at https://cloudsecurityalliance.org.

Consumer Reports (CR) is an independent, nonprofit member organization that works side by side with consumers for truth, transparency, and fairness in the marketplace. Learn more at https://www.consumerreports.org.

CREST International is an international not-for-profit accreditation and certification body that represents and supports the technical information security market. Learn more at https://crest-approved.org.

The Cyber Defence Alliance (CDA) is a not for profit members organization based in London working on behalf of financial institutions to proactively share threat intelligence and expertise to prevent and disrupt cyber attacks, liaise with Law enforcement agencies to target cybercriminal networks and apprehend the most prolific offenders. The CDA works on a cross sector basis and with like minded organizations on an international basis to address the global threat from cybercrime. The CDA also provides a 24/7 incident response capability to support the member organizations and the UK Financial Services Cybercrime Collaboration Centre (FSCCC) during major cyber incidents.

The Cyber Readiness Institute (CRI) mission is to empower small and medium-sized enterprises with free tools and resources to help them become more secure and resilient. Learn more at https://cyberreadinessinstitute.org.

The Cyber Threat Alliance (CTA) is working to improve the cybersecurity of our global digital ecosystem by enabling near real-time, high-quality cyber threat information sharing among companies and organizations in the cybersecurity field. Learn more at https://www.cyberthreatalliance.org.

The Cybercrime Support Network’s (CSN) mission is to serve individuals and small businesses impacted by cybercrime. Learn more at https://cybercrimesupport.org. ‘

The CyberGreen Institute (CyberGreen) is dedicated to mobilizing a global community of experts, business leaders, and policymakers to revolutionize cybersecurity through the development of a science of Internet Public Health. Learn more at https://www.cybergreen.net.

The CyberPeace Institute is a nongovernmental organization whose mission is to reduce the harms from cyberattacks on people’s lives worldwide, provide assistance to vulnerable communities and call for responsible cyber behaviour, accountability and cyberpeace. At the heart of the CyberPeace Institute’s efforts is the recognition that cyberspace is about people. Learn more at https://cyberpeaceinstitute.org

The FIDO Alliance is an open industry association with a focused mission: authentication standards to help reduce the world’s over-reliance on passwords. The FIDO Alliance promotes the development of, use of, and compliance with standards for authentication and device attestation. Learn more at https://fidoalliance.org/.

The Forum of Incident Response and Security Teams (FIRST) aspires to bring together incident response and security teams from every country across the world to ensure a safe internet for all. Learn more at https://www.first.org.

The Global Cyber Alliance (GCA) builds practical, measurable solutions and tools that are easy to use, and works with partners to accelerate adoption around the world. Learn more at www.globalcyberalliance.org.

The National Cyber Forensics and Training Alliance (NCFTA) was established in 2002 as a nonprofit partnership between private industry, government, and academia. The NCFTA provides a neutral environment for operational collaboration in the ongoing effort to identify, mitigate, and disrupt cyber crime. Learn more at https://www.ncfta.net.

The National Cybersecurity Alliance (NCA) advocates for the safe use of all technology and educates everyone on how best to protect ourselves, our families, and our organizations from cybercrime. Learn more at www.staysafeonline.org.

The Open Web Application Security Project® (OWASP) is a nonprofit foundation that works to improve the security of software. Through community-led open-source software projects, hundreds of local chapters worldwide, tens of thousands of members, and leading educational and training conferences, the OWASP Foundation is the source for developers and technologists to secure the web. Learn more at https://owasp.org.

SAFECode is a global industry forum where business leaders and technical experts come together to exchange insights and ideas on creating, improving, and promoting scalable and effective software security programs. Learn more at https://safecode.org.

The Shadowserver Foundation’s (Shadowserver) mission is to make the Internet more secure by bringing to light vulnerabilities, malicious activity and emerging threats. Learn more at https://shadowserver.org.

#ShareTheMicInCyber (#STMIC) is an online movement to address issues stemming from systemic racism in cybersecurity. The social media campaign highlights the experiences of Black practitioners in this field, catalyzes a critical conversation on race in the industry, and shines a light on Black practitioners’ accomplishments to showcase them as experts in their fields all while creating professional opportunities and bringing the cyber community together. Learn more at www.sharethemicincyber.com.

Sightline Security is a nonprofit security organization whose mission is to equip, empower, and support global nonprofits to navigate and embed cybersecurity into their organizations with confidence—founded to address the lack of cybersecurity adoption in the nonprofit sector by offering a holistic, business, and community-centric approach designed to embrace cybersecurity best practices. At Sightline, there is a world where nonprofits have the confidence, knowledge, and business acumen to stay protected in a digital world. Learn more at https://sightlinesecurity.org.

The post Cybersecurity Nonprofits Team Up to Form “Nonprofit Cyber” Coalition appeared first on Digital IT News.

CRSA is a new Registered level practical penetration testing certification.  It has a slightly broader scope than the CREST Registered Penetration Tester (CRT) and includes desktop breakout assessments and a larger web application component. CRSA will run in parallel with CRT.

The UK’s National Cyber Security Centre (NCSC) has confirmed that the CRSA certification will be recognized alongside the CRT for technical entry for CHECK Team Member.  This applies to all CRSA certifications awarded, wherever in the world candidates take the examination.

The existing CREST Practitioner Security Analyst (CPSA) certification, which is already a prerequisite for the CRT, is also a prerequisite for the new CRSA examination.  Please note that a CPSA qualification attained via equivalency cannot be used as the pre-requisite for booking the CRSA examination.

The CRSA is available to book from today through Pearson Vue CREST :: Pearson VUE.

The CRSA is the first in a suite of new practical certifications being developed by CREST.  The others, which have not yet been recognized by NCSC, are:

• CREST Certified Security Consultant (Red Team) – CCSC RED
• CREST Certified Security Consultant (Networks) – CCSC NET
• CREST Certified Security Consultant (Web) – CCSC WEB

“The examinations for all four new practical penetration testing certifications have been designed to be delivered entirely through Pearson Vue centers,” said Ian Glover, President of CREST International. “This opens up the opportunity to individuals working in the cyber security industry to get the access to certify with CREST wherever they are in the world.”

Pearson Vue centers offer a distraction-free, secure testing environment with continuous candidate surveillance. There are number of mandatory security measures at all test centers to ensure the integrity of the examinations and the safety of the candidates.

For full details on the CRSA please visit: https://www.crest-approved.org/professional-qualifications/crest-exams/index.html

Image licensed by pexels.com

Related News:

Want to Learn about Digital Marketing? Talk to a Cybercriminal.

CREST Launches Remote Audit Facility for SOC Accreditation

For future updates on Penetration Testing Certifications and announcements, follow Digital IT News on Twitter, LinkedIn, or Facebook, or visit our Contact Page for subscription options.

The post Launched by CREST Accreditation: New Globally Available Practical Penetration Testing Certification appeared first on Digital IT News.

Microsoft Power Apps is a browser-based platform that allows non-developers to build low-code personalized business apps by simply dragging and dropping objects to a Web browser. PowerApps targets business users and works across mobile and the web with options to retrieve and store information.

An analyst for UpGuard first discovered that the OData API for a Power Apps portal had anonymous accessible list data including personally identifiable information. UpGuard’s view that this isn’t precisely a software vulnerability, it is a platform issue that necessitates product code updates, and thus should be handled in the same way as vulnerabilities.

“The real scale of the issue is hard to assess. On one hand, it is obvious that headlines are overstating it: the majority of the exposed 38 million records did not include the most sensitive details like SSN or health information. Security researchers from UpGuard give some examples of data the exposed records included in their blog post. For the majority of records this was limited to names and email addresses. That said, more sensitive information was still exposed for at least hundreds of thousands of individuals. On the other hand, there is no way to be certain these records had not been harvested before UpGuard reported the issue to Microsoft and the application owners,” according to Ilia Sotnikov, VP of User Experience & Security Strategist at Netwrix.

Kenn White, director of the Open Crypto Audit Project, said it was a wakeup call for the industry as a whole. ‘Secure default settings matter,’ he told Wired. ‘When a pattern emerges in web-facing systems built using a particular technology that continue to be misconfigured, something is very wrong. ‘If developers from diverse industries and technical backgrounds continue to make the same missteps on a platform, the spotlight should be squarely on the builder of that platform.’

Ilia Sotnikov also said, “This news should hopefully lead to both vendors and companies to think more about the balance between time to market and security of their solutions. Power Aps allow to build and quickly launch no code or low code applications. Since this is hosted by Microsoft, this may create a false sense of security for a customer that just puts together the building blocks. Companies still must take time to learn the security features and the access model of the cloud platforms they use. They also should do at least basic threat modelling and security review for the applications they build and launch.”

“Hats off to the UpGuard team for their efforts not only to report the issue to the vendor (Microsoft), but working closely with affected parties to remediate the impact of potential exposure of sensitive data,” continued Netwrix VP of User Experience & Security Strategy. “Great way to handle security research and coordinate the response and disclosure efforts across multiple parties.”

The prevalence of sensitive data being leaked with more and more information moved online, increasing cyberattacks, and hackers around every corner, it is more important than ever that businesses need to extensively safeguard their IT department. Consistently it’s the “bad” news surrounding data breaches that we become aware of and not the good Samaritan offering a hand.

Image licensed by unsplash.com

Related News:

Saudi Aramco’s Data Breach with a 28 Day Puzzle Twist

Lack of Budget and Cloud Security Skills are Top Obstacles Keeping Organizations from Protecting Data in the Cloud, According to Netwrix Study

The post Microsoft’s Power Apps New Vector of Data Exposure appeared first on Digital IT News.

The post CompTIA ISAO Adds Real-time Cybersecurity Threat Analysis and Intelligence Resources from Sophos appeared first on Digital IT News.

Teaming with Red Hat, Qualys is offering a unique approach providing a containerized Qualys Cloud Agent that extends security to the operating system. The Cloud Agent for Red Hat Enterprise Linux CoreOS on OpenShift combined with the Qualys solution for Container Security provides continuous discovery of packages and vulnerabilities for the complete Red Hat OpenShift stack. Built on the Qualys Cloud Platform, Qualys’ solution seamlessly integrates with customers’ vulnerability management workflows, reporting and metrics to help reduce risk.

“Security is one of the biggest areas of concern for nearly every organization, and we believe that a strong partner ecosystem helps to address these concerns by giving our customers a wide range of solution choices,” said Aaron Levey, Head of Security Partner Ecosystem at Red Hat. “Qualys’ Cloud Platform and Cloud Agent helps administrators gain deeper visibility into known vulnerabilities that may be present on their Red Hat Enterprise Linux CoreOS nodes with pointers to associated Red Hat Security Advisories, leaning on the expertise of Red Hat as well as Qualys’ own skills in driving cloud-native security.”

The Qualys Cloud Agent for Red Hat Enterprise Linux CoreOS on Red Hat OpenShift helps customers:

• See the Full Inventory – Continuous visibility of installed software, open ports, and Red Hat Security Advisories (RHSA) for all Red Hat Enterprise Linux CoreOS nodes with comprehensive reporting.
• Manage Host Hygiene – Fully integrated on the Qualys Cloud Platform to automatically detect and manage host status related to patches and compliance adherence for known vulnerabilities.
• Easily Deploy to the Host – Simplified deployment via the Qualys Cloud Agent to secure the host operating system. This approach eliminates the need to modify the host, open ports, or manage credentials.
• Get Complete Coverage – Full coverage of Red Hat OpenShift and Qualys Container security delivers comprehensive visibility from the host operating system through to images and containers running on OpenShift.

“As security teams look to support modern applications built on cutting edge technology like Red Hat OpenShift, they need to secure both the running container images and the underlying OpenShift cluster,” said Sumedh Thakar, president and CEO of Qualys. “By collaborating with Red Hat, we have built a unique approach to secure Red Hat Enterprise Linux CoreOS that provides complete control over containerized workloads enhancing Qualys’ ability to help customers discover, track and continuously secure containers.”

Image licensed by Adobe Stock

Related News:

IGEL and NVIDIA Collaborate to Power High-Performance End User Computing

68% of Sysadmins Say Their Organizations Faced Increased Risk of Cybersecurity Attacks Due to the Shift to Remote Work

The post Qualys Collaborates with Red Hat to Enhance Security for Red Hat Enterprise Linux CoreOS and Red Hat OpenShift appeared first on Digital IT News.

The post Optiv Security Launches Next-Gen Managed XDR to Stop Threats Earlier in Attack Lifecycle appeared first on Digital IT News.

The post PC Matic Selected by NIST’s National Cybersecurity Center of Excellence to Demonstrate Zero Trust Architectures appeared first on Digital IT News.

ITES-SW2 is a firm-fixed price, indefinite delivery/indefinite quantity contract vehicle for commercial off-the-shelf software products and related services and hardware. The contract has no fees, and ordering is open to all Army, DoD and federal agencies and authorized systems integrators on a worldwide basis. Under this contract, Carahsoft provides cybersecurity and data access governance software from Stealthbits to support the IT infrastructure goals of federal agencies.

Federal agencies often find it difficult to properly govern access to structured and unstructured sensitive data due to multiple layers of oversight, compliance requirements and lack of data governance. Stealthbits solutions help agencies overcome these challenges by enabling them to control data access, enforce security policy and detect threats to their most critical assets.

“We are excited to become a part of the Carahsoft ITES-SW2 contract, as it will be easier for our federal clients to purchase our products for cybersecurity and data access governance using this trusted purchase vehicle. By expanding our partnership with Carahsoft, we will increase Stealthbits’ ability to help the Army, the DoD and federal agencies mitigate their cybersecurity risks,” said Steven Hollins, Chief Revenue Officer at Netwrix (including Stealthbits).

Stealthbits software is available through Carahsoft’s ITES-SW2 contract W52P1J-20-D-0042. For procurement information, contact Carahsoft’s ITES-SW2 contract team at (703) 871-8681 orITES-SW2@carahsoft.com or visit Carahsoft’s dedicated ITES-SW2 contract resource center.

To learn more about Stealthbits’ offerings under ITES-SW2, contact the Stealthbits Team at Carahsoft at (866) 421-4683 or Stealthbits@carahsoft.com.

Image licensed by: Pixabay.com

Related News:

Malwarebytes Launches VPN for Mobile, Expanding Privacy & Cyberprotection Across Devices

Survey Finds User Experience is IT’s Top Remote Work Challenge

The post Stealthbits, Now Part of Netwrix, Named to Carahsoft ITES-SW2 Contract to Support U.S. Army Enterprise Infrastructure Goals appeared first on Digital IT News.