In our previous blog, we began our exploration of how Fast IT will transform the role of the IT organization — enabling it to drive innovation in unprecedented ways for the business. And to do so amid the rapid disruption of the Internet of Everything (IoE) economy.
Specifically, we examined the role of Fast IT in simplifying complex, cumbersome infrastructure. And how this added agility will open the door to faster provisioning of enterprise apps; a new dimension in value derived from cloud; and a true place for IT as a service orchestrator and trusted partner for the business.
But Fast IT transformation extends further still, enabling expansive and dynamic new capabilities through analytics and security; driving the cultural change that must accompany infrastructure change; and liberating the IT organization through dividends in cost and time savings.
Every organization needs to face the fact that breaches can and do happen. Hackers have the resources, the expertise, and the persistence to infiltrate any organization, and there is no such thing as a 100 percent effective, silver-bullet detection technology. As security professionals, we tend to focus on what we can do to defend directly against hackers that will infiltrate a system. But, what about our own users? Increasingly we need to look at how user behavior contributes to attacks and how to deal with that.
The 2013 Verizon Data Breach Investigation Report found that 71 percent of malware attacks target user devices. And, the 2014 report finds that the use of user devices as an attack vector has been growing over time, probably because they offer an easy foot in the door. According to the 2014 Cisco Midyear Security Report, global spam is at its highest level since 2010 and that’s just one technique targeted at end users. “Watering hole” attacks, phishing, and drive-by attacks launched from mainstream websites are all popular ways to target devices. And, then there’s the shadow IT phenomenon where users will ignore approved corporate standards to use the hottest technologies or whatever device or application will help them get their job done faster, better, and easier.
Educating users is important. They need to be wise to attackers’ techniques and the dangers that unsanctioned websites and applications can present. Also, putting policies in place to restrict user behavior can go a long way toward preventing malicious attacks that often rely on relatively simple methods. But it is not enough.
Microsoft Tuesday is here once again and this month they are releasing a total of eight bulletins. Three of which are rated as critical, while the remaining five are rated as important. There’s a total of 24 CVEs this month, 20 of which were privately disclosed to Microsoft and four which are either publicly known or under active attack, making them 0-day vulnerabilities. Of those four, two are being actively attacked, while two have been publicly disclosed but do not seem to be under attack for supported software. Of the 24 CVEs, 15 are categorized as allowing remote code execution, four as elevation of privilege and three as security feature bypasses.
Everyone has certain characteristics that can be recognised. This may be a way of walking, an accent, a turn of phrase or a style of dressing. If you know what to look for you can easily spot a friend or acquaintance in a crowd by knowing what characteristics to look for. Exactly the same is true for threat actors.
Each threat actor group may have certain characteristics that they display during their attack campaigns. These may be the types of malware that they use, a pattern in the naming conventions of their command and control servers, their choice of victims etc. Collecting attack data allows an observer to spot the characteristics that define each group and identify specific threat actors from the crowd of malicious activity on the internet.
Talos security and intelligence research group collects attack data from our various telemetry systems to analyse, identify and monitor threat actors through their different tactics, techniques, and procedures. Rather than give names to the different identified groups, we assign numbers to the threat actors. We frequently blog about significant attack campaigns that we discover, behind the scenes we integrate our intelligence data directly into our products. As part of our research we keep track of certain threat actor groups and their activities. In conjunction with a number of other security companies, we are taking action to highlight and disrupt the activities of the threat actors identified by us as Group 72. Read More »
I am very pleased to be able to share some Gartner research on TrustSec.
While we’re continuing to make progress through broader product support, validation from auditors and implementation by other vendors, we believe that this research and Gartner’s perspective will provide you with a useful and informative viewpoint.
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
Source: Gartner Research, G00245544, Phil Schacter, 12 February 2013, refreshed 1 October 2014