We all know there are a number of different security devices that need to be continually monitored because they represent attack vectors. That’s why understanding configuration management is critical to security hygiene. As practitioners, we need to adhere to CIS controls as they provide a critical baseline for maintaining our security framework and keeping up our integrity monitoring processes.To understand the utility of integrity monitoring, let’s review some questions that we might ask ourselves in order to evaluate a network firewall’s configuration:What was the last known good configuration?What were the settings of the operating system on the device at the last known good configuration?What are the file types and executables on this device?What are the patching procedures, and how are they reconciled?Is it automated? Are exceptions to the environments? If yes, how are they addressed?Is the software regularly updated, and how is the integrity measured and validated?Who has access to the device, and have they made changes to it?Who has made changes, and are all changes incorporated into an SCM or a CM Systems/Process?How much time is the above taking, and how accurate is it?These considerations also need to be broken down into costs which either a VP of operations or a CISO consider to have major importance to the company. Doing this takes time and money. For instance, if it takes an FTE 10 hours per week to address the organization’s firewall infrastructure, without taking into consideration the skills-gap, hiring, wages and the talent pool, then what about the rest of the security environment?It’s also crucial to keep the following questions in mind:How accurate is the process?Are their assumptions built into the above model?What are the known points that are tied into the company’s baseline, and how often is this reviewed and validated?What are the costs involved?For setting up the baseline?For going through the change control process?How often is it audited? Is this a major undertaking, or can reports be garnered in time to meet the needs of the business seamlessly and effortlessly?How much time is this all taking?What are the costs to the business in lack of detail?In lack of automation?In lack of repeatability?In the stress to the organization by not being able to access the information in time when there is an operational incident or a misconfiguration or worse?As a great example of this type monitoring, one of our clients performed the cost justification easily since two people had literally taken a year to be able to understand and monitor the above for just two devices.Two highly paid FTEs took 20% of their days to get this information manually. And we can do things at just the click of a mouse. In the process, we’re able to glean the following:A description of the deviceSeverityWeighted scoreTypeRulesElementsVersion ConditionsRemediationAcknowledging all of this, there are a number of different parameters that can be monitored within specific security devices. These parameters need to be identified and remediation actions defined.But Tripwire delivers.Once identified, Tripwire can provide the requisite integrity monitoring in any facet of a device and provide monitoring for change on an ongoing basis, all without the need for labor to be involved in such a tedious task.In this sense, the human element is taken away because it is now fully automated in software, and reporting can be done at any point in time. It does not require a structured manual effort in order to make this happen.We then have the ability to provide full Integrity monitoring on devices that would have taken several working hours to complete.Productivity rises, and do we really want a team of experts working on a manual process? Or would you rather let the technology do the heavy lifting and have your experts spend their time on action items, recommendations, etc.? You know, doing the things that benefit the business in a myriad of other ways?Now about those savings. ROI that flows back to the business can be measured in many ways, and each business case is different. But with a 92% customer satisfaction rate of nearly a quarter-century in business, we believe we are well on our way to helping our clients succeed with best of class solutions tied to the CIS Controls.Learn more about how Tripwire’s solutions can help you fulfil your integrity monitoring processes.
Commercial real estate owners, brokers, and landlords have collectively made many hundreds of billions of dollars a year in recent years as the economy zipped along.
Additionally, the suit alleges that Zoom’s security failures put users “eat an increased risk of having their personal information accessed by unauthorized parties, including Facebook,” that these facts would necessarily result in a decline in users, and that the company’s responses to ongoing reporting on myriad problems on the service were “misleading at all relevant times.” The suit states that the fallout from these incidents was exacerbated by the covid-19 crisis, during which time users of the service jumped from just 10 million to 200 million in a matter of months as schools and organizations turned to Zoom amid social distancing measures and shelter-in-place orders. The suit cites documentation related to Zoom’s IPO as evidence that the company misrepresented the security protocols in place for protecting users. Specifically, the suit states, Zoom said it offered “robust security capabilities, including end-to-end encryption, secure login, administrative controls and role-based access controls,” and — in what was clearly an embarrassing claim by the company — that it strives “to live up to the trust our customers place in us by delivering a communications solution that “just works.'”
Editor’s note: Our writer Rita’s journey from China to the US and back again was planned months before the coronavirus pandemic descended on the world. That descent ended up turning a simple trip home into a kind of epic journey. The changes in her location — which we reference, but do not dwell on, to help anchor the story — gave her a unique perspective on the changing landscape — and outlook — of the world as COVID-19 infections spread. We’re publishing a diary of that period here in part to relay some of that first-person perspective to you, our readers. It goes without saying, but the tech angles run throughout, as they are running throughout all of our lives right now (whether or not we “work” in tech). Apps connect us more than ever at a time when we can’t physically be together, and they are now a critical lever in getting things done. Governments scramble to use tech to track what’s happening — although surprisingly even what we think of as the most totalitarian efforts fall short in a crisis. And at the end of the day, the internet is where all our information is coming from. (IL)
Boiling the ocean with the subject, sous-vide deliciousness with the content.
Ubuntu Security Notice USN-4326-1
April 08, 2020
—–BEGIN PGP SIGNED MESSAGE—–
—–BEGIN PGP SIGNED MESSAGE—–
Virtualization, cloud, and software-defined networking are redefining the modern data center. There is a huge influx of data, from big data analytics and new types of applications. Workloads are even more dynamic than before, spanning across multiple physical data center locations and across public, private, and hybrid cloud environments. This spread of data creates a “new” perimeter outside of your traditional data center premises and can increase data theft opportunities. You could thus be challenged with where and how to secure your data center.
phoenixNAP®, a global IT services provider offering security-focused cloud infrastructure, dedicated servers, colocation, and specialised Infrastructure-as-a-Service (IaaS) technology solutions, today announced a collaboration with Alert Logic, the industry’s first SaaS-enabled managed detection and response provider.
Written by Sean Lyngaas
American and British cybersecurity authorities on Wednesday issued a fresh warning that “a growing number of cyber criminals and other malicious groups” are exploiting the coronavirus pandemic, adding to a chorus of public and private-sector advisories intended to blunt COVID-19-related hacking.
Zoom’s CEO Eric S. Yuan announced today that the company has formed a CISO Council and an Advisory Board to collaborate and share ideas on how to address the videoconferencing platform’s current security and privacy issues.
With more folks working at home than ever, and many on machines outside the purview of IT and security teams, it’s becoming increasingly imperative to find creative ways to protect them from harm. Today, Box announced it was adding automated malware detection tools to Box Shield, the security product it announced last year.
As the global COVID-19 crisis continues to escalate, organizations are facing an increasing number of cyber attacks aimed at exploiting the situation. Anomali and our threat intelligence ecosystem partners are continuously identifying attackers attempting to lure unsuspecting users with phishing, fraud, and disinformation campaigns.