What Security Leaders Should Consider When Building a Business Case for Integrity Monitoring

We all know there are a number of different security devices that need to be continually monitored because they represent attack vectors. That’s why understanding configuration management is critical to security hygiene. As practitioners, we need to adhere to CIS controls as they provide a critical baseline for maintaining our security framework and keeping up our integrity monitoring processes.To understand the utility of integrity monitoring, let’s review some questions that we might ask ourselves in order to evaluate a network firewall’s configuration:What was the last known good configuration?What were the settings of the operating system on the device at the last known good configuration?What are the file types and executables on this device?What are the patching procedures, and how are they reconciled?Is it automated? Are exceptions to the environments? If yes, how are they addressed?Is the software regularly updated, and how is the integrity measured and validated?Who has access to the device, and have they made changes to it?Who has made changes, and are all changes incorporated into an SCM or a CM Systems/Process?How much time is the above taking, and how accurate is it?These considerations also need to be broken down into costs which either a VP of operations or a CISO consider to have major importance to the company. Doing this takes time and money. For instance, if it takes an FTE 10 hours per week to address the organization’s firewall infrastructure, without taking into consideration the skills-gap, hiring, wages and the talent pool, then what about the rest of the security environment?It’s also crucial to keep the following questions in mind:How accurate is the process?Are their assumptions built into the above model?What are the known points that are tied into the company’s baseline, and how often is this reviewed and validated?What are the costs involved?For setting up the baseline?For going through the change control process?How often is it audited? Is this a major undertaking, or can reports be garnered in time to meet the needs of the business seamlessly and effortlessly?How much time is this all taking?What are the costs to the business in lack of detail?In lack of automation?In lack of repeatability?In the stress to the organization by not being able to access the information in time when there is an operational incident or a misconfiguration or worse?As a great example of this type monitoring, one of our clients performed the cost justification easily since two people had literally taken a year to be able to understand and monitor the above for just two devices.Two highly paid FTEs took 20% of their days to get this information manually. And we can do things at just the click of a mouse. In the process, we’re able to glean the following:A description of the deviceSeverityWeighted scoreTypeRulesElementsVersion ConditionsRemediationAcknowledging all of this, there are a number of different parameters that can be monitored within specific security devices. These parameters need to be identified and remediation actions defined.But Tripwire delivers.Once identified, Tripwire can provide the requisite integrity monitoring in any facet of a device and provide monitoring for change on an ongoing basis, all without the need for labor to be involved in such a tedious task.In this sense, the human element is taken away because it is now fully automated in software, and reporting can be done at any point in time. It does not require a structured manual effort in order to make this happen.We then have the ability to provide full Integrity monitoring on devices that would have taken several working hours to complete.Productivity rises, and do we really want a team of experts working on a manual process? Or would you rather let the technology do the heavy lifting and have your experts spend their time on action items, recommendations, etc.? You know, doing the things that benefit the business in a myriad of other ways?Now about those savings. ROI that flows back to the business can be measured in many ways, and each business case is different. But with a 92% customer satisfaction rate of nearly a quarter-century in business, we believe we are well on our way to helping our clients succeed with best of class solutions tied to the CIS Controls.Learn more about how Tripwire’s solutions can help you fulfil your integrity monitoring processes.

Zoom Accused of Misrepresenting Security Measures In New Lawsuit

Video conferencing company Zoom is being used by a shareholder over allegations of fraud and overstating the security protocols in place on its service. Gizmodo reports: In the lawsuit filed Tuesday in the U.S. District Court for the Northern District of California, plaintiff Michael Drieu — on behalf of individuals who purchased Zoom securities after the company went public last year — accuses the company of making “materially false and misleading statements” about its product and failing to disclose key information about the service. Namely, the suit cites Zoom as claiming that its product supported end-to-end encryption, when in fact it supports a different form of encryption called transport encryption — as the Intercept reported last month — that still allows Zoom to access data.

Additionally, the suit alleges that Zoom’s security failures put users “eat an increased risk of having their personal information accessed by unauthorized parties, including Facebook,” that these facts would necessarily result in a decline in users, and that the company’s responses to ongoing reporting on myriad problems on the service were “misleading at all relevant times.” The suit states that the fallout from these incidents was exacerbated by the covid-19 crisis, during which time users of the service jumped from just 10 million to 200 million in a matter of months as schools and organizations turned to Zoom amid social distancing measures and shelter-in-place orders. The suit cites documentation related to Zoom’s IPO as evidence that the company misrepresented the security protocols in place for protecting users. Specifically, the suit states, Zoom said it offered “robust security capabilities, including end-to-end encryption, secure login, administrative controls and role-based access controls,” and — in what was clearly an embarrassing claim by the company — that it strives “to live up to the trust our customers place in us by delivering a communications solution that “just works.'”

Outrunning COVID-19 twice

Editor’s note: Our writer Rita’s journey from China to the US and back again was planned months before the coronavirus pandemic descended on the world. That descent ended up turning a simple trip home into a kind of epic journey. The changes in her location — which we reference, but do not dwell on, to help anchor the story — gave her a unique perspective on the changing landscape — and outlook — of the world as COVID-19 infections spread. We’re publishing a diary of that period here in part to relay some of that first-person perspective to you, our readers. It goes without saying, but the tech angles run throughout, as they are running throughout all of our lives right now (whether or not we “work” in tech). Apps connect us more than ever at a time when we can’t physically be together, and they are now a critical lever in getting things done. Governments scramble to use tech to track what’s happening — although surprisingly even what we think of as the most totalitarian efforts fall short in a crisis. And at the end of the day, the internet is where all our information is coming from. (IL)

Threats Can Be Anywhere: Modernize Your Data Center Security‎

Virtualization, cloud, and software-defined networking are redefining the modern data center. There is a huge influx of data, from big data analytics and new types of applications. Workloads are even more dynamic than before, spanning across multiple physical data center locations and across public, private, and hybrid cloud environments. This spread of data creates a “new” perimeter outside of your traditional data center premises and can increase data theft opportunities. You could thus be challenged with where and how to secure your data center.

Free Threat Intel Consolidated at COVID-19 Attacks Resource Center

As the global COVID-19 crisis continues to escalate, organizations are facing an increasing number of cyber attacks aimed at exploiting the situation. Anomali and our threat intelligence ecosystem partners are continuously identifying attackers attempting to lure unsuspecting users with phishing, fraud, and disinformation campaigns.