Insecure Mag Infosec2014

8/11/2019 Insecure Mag Infosec2014

1/18


2/18


3/18

At this years Infosecurity Europe conference and exhibition, senior figures from both governmentand industry have called for greater collaboration on how security intelligence is shared, in orderto protect against cyber-attacks and ensure that security insight spreads beyond IT teams to affectboardroom decisions.

The show, which attracted more than 15,000 unique industry professionals from 73 countriesacross the three days, had a massive show floor featuring 345 exhibitors from 24 countries.Presented in this issue are some of the most interesting news and companies we've seen at theshow.

Mirko ZorzEditor in Chief

Visit the magazine website at www.insecuremag.com

(IN)SECURE Magazine contacts

Feedback and contributions: Mirko Zorz, Editor in Chief - [email protected]: Zeljka Zorz, Managing Editor - [email protected]: Berislav Kucan, Director of Operations - [email protected]

Distribution

(IN)SECURE Magazine can be freely distributed in the form of the original, non-modified PDF

document. Distribution of modified versions of (IN)SECURE Magazine content is prohibitedwithout the explicit permission from the editor.

Copyright (IN)SECURE Magazine 2014.

www.insecuremag.com


4/18

Below is an index of companies featured in this issue, along with the page number.

A

Acronis - 9

Airbus Group - 14, 15

Arbor Networks - 10

B

BalaBit - 12

BH Consulting - 7

C

Centrify - 9, 17

CSA - 17

Corero Network

Security - 13

CoSoSys - 5, 9

Check Point - 16

D

Digital Shadows - 12

Dimension Data - 6, 16

Divide - 9

E

Emulex - 15

G

Good Technology - 13

H

High-Tech Bridge - 12

I

IGUANA Security - 10

(ISC)2 - 16

L

Lancope - 7

M

MobileIron - 9

P

Ponemon Institute - 8

Q

Qualys - 6, 13

Quarri - 13

Quotium - 10

S

Sophos - 9, 15, 17

Spikes Security - 13

W

WatchGuard - 16

Websense - 14

Z

Zscaler - 9

www.insecuremag.com


5/18

CoSoSys updates

Endpoint Protector 4

CoSoSys updated theEndpoint Protector 4platform, which provides ITadministrators with improved

Content Aware Protectionpolicies on the managementside, as well as the reportingside.

The new version alsoincludes enhancements forthe Mobile DeviceManagement (MDM) modulethat will allow them toperform more advanced

actions to better securemobile devices andcomputers across multipleoperating systems includingOS X, iOS and Android.

Roman Foeckl, CEO andFounder of CoSoSys,comments: Demand for ITservices that can incorporate

Macs onto their networks isat an all time high, and weare proud to offer not onlythe first Enforced Encryptionfor removable devices onMacs solution and the firstContent Aware Protectionsolution for Macs, but now

we are taking full advantageof the OS X offerings tomake sure we areaddressing data loss from allperspectives.

For the Mobile DeviceManagement module,updates include expandingsupport for Macs in theEndpoint Protector 4 platformto help businesses securedata on all endpoints. Macsare enrolled the same way asiOS devices are and featureslike Passcode Setting, FileVault 2 Full Disk Encryption,control of VPN, Mail andWiFi, as well as otherfeatures are available nowfor MacBooks and iMacs.

Endpoint Protector Version4.4.0.3 brings updates for theAndroid platform as well.Controlling Android devicescan be done at a higherlevel, with more sophisticatedfunctionalities. MobileApplication Management

(MAM) is another keyaddition that has beenrequested by a significantnumber of customers andpartners. Pushing apps toAndroid mobile devices is apriority for an increasednumber of companies, due toa better control of whatemployees use for workpurposes derived from thisfeature.

Other actions that can beperformed with this releaseinclude enabling encryption,activating/deactivating Wi-Fi,Bluetooth and camera,visualizing/editing calendarevents.

www.insecuremag.com 5


6/18www.insecuremag.com 6


7/18

Security pros and

government failing to

collaborate

Infosecurity Europe releaseda new report that provides asnapshot of the industry

landscape and thechallenges it is currentlyfacing.

Having surveyed 1,149information securityprofessionals from across theworld, the report highlightsthe increasing importance ofinformation security tobusiness strategy from the

effect of Edward SnowdensNSA leaks and the impact ofbig data, to the demand forboardroom education and theneed to develop a long-termstrategy to combat evolvingthreats.

Historically viewed as anobstacle to business,

information security isgradually being recognizedas a business enabler.

The report also reveals thatmore effective collaborationbetween government and theinformation security industryis crucial to protectingorganizations from futurecyber threats. Additionally,

more work needs to be doneto strengthen governmentsposition as a source ofinformation on potentialthreats: only 4.8% ofinformation securityprofessionals selected thegovernment as their most

trusted source forintelligence.

This is something that needsto be addressed urgently,said Brian Honan, Founder &CEO, BH Consulting, whowas a speaker at InfosecurityEurope 2014. Without bettercollaboration betweenindustry and governments weare at a disadvantageagainst our adversaries. Asthreats and the capabilities ofthose looking to breach oursystems evolve we need tojointly respond better in howwe proactively deal with thethreat. We need industry andgovernment to work togetherin ensuring a strategic

approach is taken to enablingcompanies and citizens to bemore aware of the threats totheir data, to educate them inhow to deal with the threat,and finally how to worktogether at national andinternational level to tacklethe threats we face.

Data security is beingpushed up the agendaaccording to the survey,possibly catalyzed by theSnowden revelations in Junelast year. The NSA exposhas triggered action, with58.6% believing the

Snowden affair has beenpositive in making theirbusiness understandpotential threats. Despitethis, its clear boardroomrecognition needs toimprove, as 46.7% feel it hasnot been easier to make theirbusiness understand thechallenges they face as aresult of the leaks.

While, on the whole, theindustry is coping with thedeluge of data they receive,30.5% of information securityprofessionals feel theirorganization isnt able tomake effective strategicdecisions based on that data.Considering the majority

have seen this volume ofdata increase over the past12 months, adopting a future-proof approach to informationsecurity is going to becomeincreasingly important.Worryingly, 47.4% believethe industry has a short-termist approach, lurchingfrom one threat to another.



8/18

Widespread

uncertainty about

cloud security

More and more organizationsare transferring sensitive orconfidential information to

public cloud services eventhough more than a thirdexpect a negative impact onsecurity posture. Inresponse, the use ofencryption is increasing butmore than half ofrespondents still admit theirsensitive data goesunprotected when it is storedin the cloud, despite data

security topping the globalnews agenda.

Released at InfosecurityEurope 2014, theindependent global study ofmore than 4,000organizations conducted bythe Ponemon Institutereveals differing opinions

over who is responsible forsecurity in the cloud thecloud provider, or the cloudconsumer and how best toprotect the sensitive data thatis sent there.

Cloud security is here tostay:The use of the cloud forprocessing and storingsensitive data seems

inevitable. More than half ofall respondents say theirorganization alreadytransfers sensitive orconfidential data to the cloudand only 11 percent say thattheir organization has noplans to use the cloud forsensitive operations, downfrom 19 percent only twoyears ago.

Cloud confidence is on theup, but at what cost?Although nearly half ofrespondents believe that

their use of the cloud hashad no impact on theiroverall security posture,those that believe it has hada negative effect (34 percent)on their security postureoutnumbered those thatexperienced a positive effect

(17 percent) by a factor oftwo to one.

Where does the securitybuck stop?The perceivedresponsibility for protectingsensitive data in the cloud isvery dependent on the typeof cloud service in question.In SaaS environments morethan half of respondents seethe cloud provider as beingprimarily responsible forsecurity. In contrast, nearlyhalf of IaaS/PaaS users viewsecurity as a sharedresponsibility between theuser and cloud provider.

Visibility improves but gapsremain:The good news is

that visibility into the securitypractices of cloud providersis increasing with 35 percentof respondents consideringthemselves knowledgeableabout the security practicesof their cloud providerscompared with 29 percentonly two years ago. But, halfof SaaS users still claim tohave no knowledge of what

steps their providers aretaking to secure theirsensitive data.

Encryption usage increasesbut data still exposed:Theuse of encryption to protectsensitive or confidential datastored in the cloud (data atrest) appears to beincreasing. For SaaS userswe see an increase from 32percent in 2011 to 39 percentin 2013 and for IaaS/PaaSusers respondents report an

increase from 17 percent to26 percent over the sameperiod, but still, more thanhalf of respondents reportthat their sensitive data is inthe clear and thereforereadable when stored in thecloud.

Treading a line between trustand control:There iscurrently an almost equaldivision in terms of howstored data is encryptedwhile in the cloud. Of thoserespondents that encryptstored data just over halfapply encryption directlywithin in the cloud with justover 40 percent elect toencrypt the data before it issent to the cloud.

Who holds the key?When itcomes to key managementthere is a clear recognition ofthe importance of retainingownership of encryption keyswith 34 percent of

respondents reporting thattheir own organization is incontrol of encryption keyswhen data is encrypted in thecloud. Only 18 percent ofrespondents report that thecloud provider has full controlover keys.

Standards enable trust in ashared environment:The

need to share keys betweenorganizations and the cloudhighlights the growinginterest in key managementstandards in particularOASIS Key ManagementInteroperability Protocol(KMIP) where 54 percent ofrespondents identify cloudbased applications andstorage encryption as thearea to be most impacted bythe adoption of the KMIPstandard.



10/18

Spike in DDoS attack

size driven by NTP

misuse

The beginning of 2014 saw1.5 times the number ofattacks over 20GB/sec,

compared to the rest of 2013,according to stats releasedby Arbor Networks.

The company releasedglobal DDoS attack dataderived from its ATLAS threatmonitoring infrastructure,which shows anunprecedented spike involumetric attacks, driven by

the proliferation of NTPreflection/amplificationattacks.

NTP is a UDP-basedprotocol used to synchronizeclocks over a computernetwork. Any UDP-basedservice including DNS,SNMP, NTP, chargen, and

RADIUS is a potential vectorfor DDoS attacks becausethe protocol isconnectionless and sourceIP addresses can be spoofedby attackers who havecontrol of compromised orbotted hosts residing onnetworks which have notimplemented basic anti-spoofing measures.

NTP is popular due to itshigh amplification ratio ofapproximately 1000x.Furthermore, attacks toolsare becoming readilyavailable, making theseattacks easy to execute.

NTP attacks highlights

Average NTP traffic globallyin November 2013 was 1.29GB/sec, by February 2014 itwas 351.64 GB/sec

NTP was used in 14% ofDDoS events overall but 56%of events over 10 GB/secand 84.7% of events over100 GB/secUS, France and Australiawere the most commontargets overall

US and France were themost common targets oflarge attacks.

Arbor has been monitoringand mitigating DDoS attackssince 2000. The spike in thesize and frequency of largeattacks so far in 2014 hasbeen unprecedented, saidArbor Networks Director ofSolutions Architects DarrenAnstee. These attacks havebecome so large, they posea very serious threat toInternet infrastructure, fromthe ISP to the enterprise.

Data encryption for

secure

communications

IGUANA Security launchedthe latest addition to itsfamily of Critical NationalInfrastructure (CNI) solutions.

IGUANAGreen is acommercial encryptionsolution designed to encryptand protect sensitive data at

the highest level, enablingsecure communicationsacross public IP networks.It's part of the IGUANASecurity family of solutions,designed for the protection ofcritical networks and dataassets, defending against theproliferation of complex cyberattacks.

IGUANAGreen, a flexiblevoice and data solution, andIGUANAGreen forEnterprise, a high-speed,low-latency device, offer

hardware-based protectionthat results in anexceptionally small attacksurface. This increasesresilience to network attacksand malware, providing themost dependable protectionfor critical IT infrastructure.

Code analysis and app

security testing

simplified

Quotium released SeekerEnterprise 3.0, whosetechnology correlatesapplication behavior withsimulated hacker's attacks to

pinpoint vulnerable code.

Seeker is the run-time code& data analysis applicationsecurity testing solution forthe SDLC. It assists invulnerability management byaccurately demonstratingrisks to business critical data.It can be fully automated andis very suitable for Agile andcontinuous integrationenvironments.

Delivering an applicationsecurity testing automationprocess in the developmentlifecycle, it allowsorganizations to secure everybuild, every release andevery application without

requiring manpoweroverhead or specific securityknowledge.

Seeker's capabilities thatallow organizations to handlesoftware cyber threats indevelopment environments.The new dashboards allowexecutives and managers toview their overall

organizational securitystatus, see which systemspose the most threat, whichcompliance requirements aremet and which aren't.



11/18


12/18

Cyber intelligence

services reveal

sensitive data firms are

leaking online

Digital Shadows has

launched SearchLight asuite of managed cyberintelligence servicesdesigned to reveal sensitivedata companies are leakingonline and which hostilegroups are targeting them.

Threat SearchLight usesdata mining and otheranalytical techniques tocontinuously monitor hostilegroups and their operationsto identify the "who, what,where, when and how" of atargeted attack.

It draws on over 80 millioninformation sources in 26languages across the globe.Sources include social

networking sites, blogs,forums, cyber criminal sites,chatrooms, search engines,file sharing sites and otherplaces within the "dark web".

Defacement mitigator

for cybersecurity

protection

Foresight releasedDefacement Mitigator, the

first cloud-based websecurity solution thatprovides full defacementmitigation and protection togovernment, academic,religious, financial services,and other organizationstargeted by cyber hacktivists.

Defacement Mitigator isavailable as a managed

service (SaaS) and sold as astand-alone product or aspart of Foresights cloud-based web security platform.Pricing is based on thenumber of domains and usertraffic.

A hybrid approach to

web app security

assessment

High-Tech Bridge introducedits hybrid web application

security assessment SaaS,ImmuniWeb for the first timeever to visitors at InfosecurityEurope 2014.

The service, which wasdeveloped in-house by High-

Tech Bridge, is now in openBeta. The ImmuniWebsecurity assessment is thefirst hybrid service thatcombines automatedvulnerability scanning andmanual penetration testing toallow companies to conducta quick and efficient websitesecurity review and ensurethat a website or web appsare secure.

Priced at $639 (or 461Euros / 380), the servicecomprises 12 hours ofmanual penetration testingby High-Tech Bridge securityauditors, combined with anautomated scan by thecompanys proprietary

vulnerability scanner.



14/18

Airbus Group debuts

SCADA research

project to mitigate ICS

vulnerabilities

Airbus Group highlighted itsrange of technologies,

services and a researchproject to help governmentsand industry deal with theincreasingly complex andunpredictable nature of cyberattacks.

Debuting in the UK, details ofa 1.2M SCADA researchproject will be disclosed,which is aiming to

understand and mitigate thevulnerabilities in the industrialcontrol systems that driveCritical NationalInfrastructures (CNI) such asgas, water, transportationnetworks and bankingsystems.

The three-year project is a

collaboration between theAirbus Group Innovationsresearch centre, the EADSFoundation Wales, threeuniversities and the WelshGovernment. A robotic armproduction demonstration willhighlight the potentialweaknesses in industrialcontrol systems andshowcase some of the cyber

security mechanisms thatcan be used to preventpotentially disastrousimplications of a cyber attackon UK Critical NationalInfrastructure.

Advanced cybersecuritycapabilities including theinnovative Cyber DefenceCentre services will also bean important part of theAirbus Defence and Spaceoffering this year.

Most enterprises use

cloud storage, but

don't trust it

completely

A global survey of 912businesses reveals that

although 83 percent ofbusinesses surveyed backup some part of their data tothe cloud, there is a strongreluctance to embrace themedium fully. In fact, 47percent of respondents storeless than half of their data inthe cloud and 17 percent donot use cloud storage at all,the results of the survey

revealed at InfosecurityEurope 2014.

Of the companies surveyedthat are using a cloudstorage solution, 69 percentconsider the data they storethere as sensitive. However,16 percent of companiessurveyed have experienced

problems with their cloudprovider.

Of these, 42 percent hadfound that the data held bytheir cloud provider was notsecure. Meanwhile, 40percent claimed that dataheld in the cloud had notbeen available when neededand over one-third (37

percent) said their cloudprovider had actually losttheir data.

Further, approximately 89percent of the firms surveyedcited the security credentialsof their cloud provider asimportant or very important.Respondents said that theyare more than twice as likely(53 percent vs. 23 percent) totrust a security vendor than astorage vendor to keep theirdata safe in the cloud.

63% of orgs believe

they cant stop data

theft

Websense released the firstreport of the PonemonInstitute survey, Exposing

the Cybersecurity Cracks: AGlobal Perspective, whichgives new insight into whycybercriminals have afoothold in the broaderenterprise.

The new survey of nearly5,000 global IT securityprofessionals reveals adeficit in enterprise security

systems, a disconnect in howconfidential data is valuedand limited visibility intocybercriminal activity.

Most respondents (69percent) believecybersecurity threatssometimes fall through thecracks of their companiesexisting security systems.

According to respondents,there is a gap between databreach perception and reality specifically regarding thepotential revenue loss to theirbusiness. 80 percent ofrespondents say theircompanys leaders do notequate losing confidential

data with a potential loss ofrevenue. This is in contrast torecent Ponemon Instituteresearch, which indicatesthat data breaches haveserious financialconsequences fororganizations.

The average cost per lost orstolen record due to a data

breach is $188 and theaverage cost of anorganizational data breach is$5.4 million.



15/18

The importance of

visibility for todays

complex networks

The complexity of modernenterprise networks isincreasing due to a number

of factors, and deeper levelsof network visibility arenecessary to aid in theirmanagement andtroubleshooting, say theresults of an Emulex study.

Of particular note, 69% ofrespondents stated that theyexpect the number ofrequests to capture network

data (including metadata andpacket-level data) to increasedramatically, driven by theneeds of a variety of ITgroups including networkarchitecture, security,

compliance, applications,and IT audit teams.

The survey polled 150 ITprofessionals from variousindustries, all fromenterprises with 1,000 ormore employees.

Sophos Cloud

manages Windows,

Mac and mobile

devices

Sophos announced the latestversion of Sophos Cloud, thecompanys cloud-basedsolution for small- and mid-

sized organizations seekinga simpler approach to ITsecurity that still providesworld-class protection.The new version of SophosCloud is the only cloud-

managed security service tomanage Windows, Mac andmobile devices from a singleconsole. It features user-based management,reporting and licensing; built-in web security to preventuser access to malicious and

infected websites, and newpolicy-based Web Controlfeatures to enforce safe andproductive web usage.

Sophos Cloud's new webfeatures enable IT managersto easily set and enforcepolicies for enhancedsecurity and compliance;user-based policies can becreated once and rapidlydeployed across multiplegroups and platforms, andfollow the users and theirdevices even when they areoff the network.



17/18

London warbiking

reveals worrying state

of Wi-Fi security

Sophos highlighted theworrying state of wirelesssecurity when it sent security

expert James Lyne and hiscomputer-equipped bicycleonto the streets of London totest how safe homes,businesses, and even peopleon mobiles phones are fromcyber criminals.

Lyne went warbiking acrossthe city to track downinsecure wireless networks

and spotlight user behaviorsthat could be exploited byrogue hackers, and hediscovered some alarmingresults: Incredibly,conventional wirelessnetwork security is still amajor concern, despite thesecurity industry assumingsuch issues had beenresolved years ago. Manywould assume thesemethods are old hat but it isstill a very viable attackvector that demonstratesbasic security best practice isnot being adopted. saysLyne.

London was the latest stopon the World of Warbiking

tour - a global researchproject targeting major citiesacross the globe. Conductedover two days around thestreets of the capital, Lyneswarbiking exercise revealedthat of 81,743 networkssurveyed, some 29.5 percentwere using either the known-broken WEP algorithm, or nosecurity encryption at all. A

further 52 percent ofnetworks were using WPA - ano longer recommendedsecurity algorithm.

CSA releases Software

Defined Perimeter 1.0

The Cloud Security Alliance(CSA) released two keydocuments related to theCSA's Software DefinedPerimeter (SDP), an initiativeto create the next generationnetwork security architecture.

As part of the updatedframework, key conceptscomprising the SDP, such asSingle Packet Authorizationand Mutual Transport LayerSecurity have undergoneextensive review.

Additionally, a number ofCSA members, includingsome of the largest globalcompanies, have SDP pilotsin place.

IT security pros

surprisingly cavalier

about mobile security

best practices

A flash poll conducted atInfosecurity Europe 2014 byCentrify has found that 94per cent of IT securityprofessionals use third partyapplications on their mobiledevices for work, with 82 percent using up to 10 apps.

Applications are now at theheart of corporate IT andhave become a vital part ofhow employees get the jobdone whilst either in theoffice or on the move.Removing access toapplications isn't an option -in fact it would create moreproblems than it wouldsolve," says Darren Gross,

EMEA Director, Centrify. "Butthe risk for organizations isthat the more cloud-based ormobile apps employees

interact with, the more theycreate islands of identity thatbecome harder for IT to trackand manage."

How do you access forthousands of employeesacross multiple devices and

platforms? Let alone de-provision them when theyleave the company. Identityand access can often beoverlooked, but unlessenterprises can find a unifiedway to securely identifyindividuals, they risk theirbusiness coming to ashuddering halt, he added.

The poll also revealed that ofthe 169 people surveyed, 7per cent of securityprofessionals do not believeit is their responsibility toprotect corporate informationheld on their personal device.A further 8 per cent do nothave a password or PINenabled on the mobile device

that they use for workpurposes, potentiallyexposing organizations torisk.

Surprisingly, despiterepeated warnings about therisks posed by WiFinetworks, 52 per cent ofrespondents said that theyhave accessed sensitive

corporate information overinsecure networks atlocations such as a coffeeshop or airport.

Gross concluded, "As thepoll shows, the majority ofemployees are nowleveraging more and moreapplications on their mobiledevices. We are now seeinga greater need than ever forunified security identityacross multiple devices andplatforms."



18/18

Documents

Insecure Mag Infosec2014