pritha's Posts (591)

Sort by

Cybersecurity strategies for enterprise in 2023

As technology continues to evolve, so too the threats to the security of enterprises. As we enter 2023, the threat landscape for enterprises is becoming increasingly complex, fast-moving, with cyber threats growing in both volume and sophistication. The threat actors are using technology and knowledge from multiple domains to weaponize and create layers of techniques forming complex advanced attacks. From lone actor hacking for fun and some profit, cyber attack has turned into a full fledged underground industry. To protect against these threats, enterprises must adopt a comprehensive cybersecurity strategy.

Some of the key elements that ideally be included in any security strategy relevant for 2023 are:

  • External attack surface management
  • Continuous automated pen testing
  • Identifying day 1 vulnerabilities at the earliest
  • Protecting against supplier chain compromise threat
  • Create mitigation plans against new classes of threat arising due to generative AI
  • Continuously monitor against Ransomware susceptibility

 

External Attack Surface Management 

The external attack surface of an enterprise refers to all the potential entry points. It involves discovering an enterprise’s assets exposed over the internet, critical ports remaining open due to misconfiguration, exposed sensitive data, shadow IT by means of Cloud and other virtual environment, dangling domain records, leaked credential, leaked code and more. In 2023, external attack surface management should include monitoring of cloud environments, third-party vendors, and supply chain partners. Also, the capability to filter, validate, prioritize and integrate with enterprise security management systems are also essential.

 

Continuous Automated Pen Testing 

Traditional manual penetration testing is no longer sufficient in keeping up with the pace of technological advancements and the evolving threat landscape. Continuous automated pen testing provides businesses with a comprehensive view of their security posture and enables them to detect vulnerabilities quickly and respond promptly. It also allows businesses to conduct more frequent testing without impacting their day-to-day Advt Get App Leaders Speak Events Webinars More bilities ts Ransomware Cybercrime & Fraud Identity & Access Management GRC OT Security News Newsletters operations. Remember, the attackers are testing all the systems all the time whereas enterprise using traditional methods test some of the systems some of the time.

 

Identifying Day 1 Vulnerabilities 

Day 1 vulnerabilities refer to zero-day vulnerabilities or vulnerabilities found very recently and the existing hunting and defense systems yet to identify and implement controls. The threat actors today are very fast to exploit those before a patch or update is available. In 2023, identifying day 1 vulnerabilities should be a priority for businesses. Enterprises should focus on identifying Day 1 vulnerabilities on their attack surface, preferable in 24 hours of its publishing. Proactive vulnerability management, including vulnerability scanning and assessment, to identify vulnerabilities before they are exploited by attackers is becoming extremely crucial.

Incident response plans should also be in place to address any Day 1 vulnerabilities that are discovered. This will help businesses respond quickly and minimize the damage caused by any potential attacks.

 

Supplier Chain Compromise 

In recent years, threat actors have increasingly targeted third-party vendors and supply chain partners to gain access to an enterprise's network infrastructure. In the recent past, utilities, manufacturing and health care has seen APT actors attacking critical systems using supplier chain weaknesses. The impact has been very serious. In 2023, supplier chain compromise should be a focus for businesses as they are responsible for ensuring that their partners have adequate cybersecurity measures in place. Enterprises must establish a security vetting process for third-party vendors and suppliers and ensure that they adhere to their cybersecurity policies and standards. This will help prevent supply chain attacks, which can have devastating consequences for businesses.

 

Defense against Generative AI based threats 

Generative AI is an emerging technology that is transforming the way businesses operate. However, it is also presenting new challenges to cybersecurity. In 2023, businesses must address the new class of threat arising due to generative AI. Generative AI can be used to create convincing phishing emails and other social engineering attacks that can bypass traditional security defenses. Therefore, businesses must invest in AI-powered security tools that can detect and respond to these new types of threats. 

 

Continuous Monitoring of Ransomware Susceptibility 

Ransomware attacks have been on the rise over the past few years, with cybercriminals using increasingly sophisticated methods to target businesses. A recent data breach report from Verizon mentioned Ransomware attacks as a key threat to enterprises. It also mentions phishing emails, malicious downloads, and through compromised supply chain partners as key attack vectors commonly used by ransomwares. The consequences of a successful ransomware attack can be devastating. In addition to the financial impact of paying the ransom, businesses may also face lost productivity, data loss, and reputational damage. Furthermore, some threat actors may not honor their promise to restore the encrypted data, even if the ransom is paid. Apart from internal preparation it may be worthwhile for large operations to arrange Insurance cover. Business Interruption insurance or standard Errors and Omissions (E&O) may not be sufficient. There are specialized Insurers and Lloyds of London market may be tapped. Some of these Insurers have specialized units who can also help in audit of preparations and cover financial re-mediation to customers

 

Cybersecurity is a critical issue for enterprises in 2023, and they must focus on implementing a robust cybersecurity strategy to protect themselves from the increasing number of cyber threats. This includes External attack surface management, Continuous automated pen testing, Continuous monitoring, Identifying Day 1 vulnerabilities in near real-time, Protecting against supplier chain compromise threat, Create mitigation plans against new classes of threat arising due to generative AI, Continuously monitor against Ransomware susceptibility. By taking the approach mentioned above, an enterprise will be able to reduce the Get App Leaders Speak Events Webinars More bilities ts Ransomware Cybercrime & Fraud Identity & Access Management GRC OT Security News Newsletters gap in cybersecurity controls, mitigate risks at a speed that matches the current day's attackers.

 

Posted from CISOPlatform member Arnab Chattopadhyay (Member of the CybersecurityWorking Group, IET Future Tech Panel) 

Blog also here : https://ciso.economictimes.indiatimes.com/news/ot-security/cybersecurity-strategies-for-enterprise-in-2023/103046315

Read more…

According to latest Threat Intelligence, 80% of the times, Ransomware gets initial access using Top 3 Attack Vectors:
1. Exploiting Vulnerabilities
2. Shadow IT & Stolen Credentials
3. Various Variants Of Phishing Attacks
This webinar covers 6 most critical and ransomware weaponized CVEs published in the last 3 months and how CISOs can identify them and immediately decrease the chance of Ransomware by 26%.



Key Discussion Points : 

  • Key Insights on Reducing Ransomware Risk by 26% 
  • Top 6 CVEs in last 3 months tracked by FireCompass Research Team
  • Key Recommendations and Best Practices
  • Know the 3 Weaknesses which leads to 80% Ransomwares

 

About Speaker

Jitendra Chauhan, Head of Research at FireCompass. Jitendra holds multiple patents in Information Security and has 18+ years of experience in key areas such as Building and Managing Highly Scalable Platforms, Red Teaming, Penetration Testing and SIEM.

 

(Webinar) Recorded

 

 

Discussion Highlights

1. 3 Weaknesses leads to 80% Ransomewares

3%20Weaknesses%20leads%20to%2080%25%20Ransomewares.png?profile=RESIZE_710x

 

 

 

 

 

 

 

 

 

 

 

 

 

2. Attackers Capability to scan internet in few days

One of the typical automation, without any human intervention is following

  • Scan for targets on mass scale
  • Profile the targets using custom crawlers or fingerprinting techniques
  • Detect CVEs based on technology, or banner
  • Attempt exploitation
  • Attempt persistence

 

3. Ransomewares runs on Global Attack SurfaceRansomewares%20runs%20on%20Global%20Attack%20Surface.png?profile=RESIZE_710xRansomewares%20runs%20on%20Global%20Attack%20Surface%20(1).png?profile=RESIZE_710x

 

4.  CVE Prioritized in April by Firecompass

_CVE%20Prioritized%20in%20April%20by%20Firecompass.png?profile=RESIZE_710x

 

5. Possible Recommendations

  • Threat Intel + Pentesting on Daily Basis.
  • Combine ASM + Threat Intel + Vulnerability Management.
  • Firecompass Day 1 CVE + Threat Exposure Alerts

 

6. Ransomewares targetted CVEs 

Ransomewares%20targetted%20CVEs%20.png?profile=RESIZE_710x

 

Read more…

1687852888551?e=1693440000&v=beta&t=k1FRADu4jt3NZ4jWUc9Asogkkj8_CNCPhCH0IyRd61c

 

Incident Lifecycle Management : Threat Management - NIST Aligned Process

Incident Lifecycle Management (ILM) refers to the systematic process of handling and managing security incidents within an organization. It involves the entire lifecycle of an incident, from detection and response to resolution and learning. The goal of ILM is to minimize the impact of incidents on the organization's operations, systems, and data, while also improving incident response capabilities.. Threat Management, specifically NIST Aligned Process, refers to the approach of managing threats to an organization's information and technology systems in accordance with the guidelines and best practices outlined by the National Institute of Standards and Technology (NIST). NIST provides a comprehensive framework and resources for managing cybersecurity risks and protecting critical infrastructure.

 

Detection & Analysis

Identification
• Analyze logs and information security events
• Identify potential information security incidents.
• Categorize incident


Validation
• Validate incident scale and consequence.
• Assign
consequence, seventy and priority ratings.
• Review and confirm ratings
• Endorse ratings.


Declaration & Escalation
• Based on priority, assemble ISIRT and notify appropriate parties and escalate incidents. (e.g. cntical & high pronty crisis and emergency incidents escalated to Country Emergency Manager).

 

 

Response & Recovery


Containment, Investigation & Forensics
• Direct ISIRT, develop incident response plan, activate rapid response team if needed, and communicate incident to internal and external stakeholders.
• Perform incident containment, investigation and root cause analysis, forensics and evidence management.

Eradication
• Eradicate technical vulnerabilities and incident root causes.

Recovery
• Recover affected information systems and business operations.

 


Post Incident


Post Incident Activities
• Document lessons
learnt.
• Close incident.
• Create incident review report.
• Develop and implement IS-IM improvement recommendations.

(Many years back we started the 'Top 100 CISO Awards' recognizing the important role a CISO plays in preventing huge breaches. Nominate yourself for the 15th Edition Of Top 100 Awards, The 1st recognition for CISOs)

 

12130284674?profile=RESIZE_710x

 

 

 

 

Presentation For Reference

Read more…

We are excited for the next ‘Best Of The World’ Session On "What's Hot For State CISOs In 2023?" by Dan Lohrmann (Field CISO, Presidio), Danielle Cox (CISO, West Virginia) & Michael Gregg (CISO, North Dakota)

 

The 'Best Of The World' Series features the world's best security minds (researchers, inventors, subject experts, analysts). It covers security content and Q&A that is often hard to comprehend and you simply cannot ‘Google it’. It has featured great minds like Paul Raines (Nobel prize winner), Jacob Torrey (DARPA), Dr. Phil Polstra (Renowned Forensic Expert, BlackHat).

 

Key Discussion Points :

  • What are top cyber threats that state and local governments face?
  • What solutions are you implementing to address these cyber risks?
  • Thoughts & projects on new technologies and applications like ChatGPT and other GenAI apps?
  • How will they impact cybersecurity in your view?

 

You can join us here: https://attendee.gotowebinar.com/register/7309533942335246687

 

Dan%20panel%20V2.png?profile=RESIZE_710x

 

Please Note : Since the speakers are across the globe (best of the world in security), the timings might be odd. In case the time does not suit your timezone, kindly register yourself, so you can get access to the recording post-session.

 

Read more…

This webinar covers popular IaaS/PaaS attack vectors, list them, and map to other relevant projects such as STRIDE & MITRE. Security professionals can better understand what are the common attack vectors that are utilized in attacks, examples for previous events, and where they should focus their controls and security efforts.

 

Key Discussion Points

  • Understanding current cloud threats landscape
  • Reviewing cloud attack vectors
  • Recent examples of cloud security incidents
  • Prioritize cloud security efforts

 

About Speaker

Moshe Ferber (Cloud Security Expert, Frequent Speaker at Defcon, Blackhat, RSAC APJ). Moshe served as high ranking manager in large corporations, founder of innovative startups, frequent lecturer at cyber conferences and major contributor to various cloud education programs and certifications.

 

(Webinar) Recorded

 

Discussion Highlights

1. CSA relevant publications

b1.jpg?profile=RESIZE_710x

 

2.  IaaS/PaaS

  • SaaS - Evaluate our providers correctly
  • PaaS - Very hard to provide best practices
  • IaaS - Gain the expertise for building secure applications

 

3. Exploitable workloads

  • Atlassian Confluence servers hacked via Zero-Day Vulnerability
  • Hildegard new team TNT Cryptojacking Malware targeting Kubernetes

 

4. Workloads with excessive permissions

  • A hacker gained access to 100 million capital one credit card applications and accounts
  • The attack on ONUS - areal life case of the Log4shell vulnerability

 

5. Unsecured keys, credentials, and application secrets

  • Samsung spilled smart things app source code and secret keys
  • CIrcle CI says hackers stole encryption keys and customers secrets

 

6. Exploitable authentication or authorization

b2.jpg?profile=RESIZE_710x

 

 

7. Unauthorized access to object storage

b3.jpg?profile=RESIZE_710x

 

 

8. Third party cross environment/account access leading to privilege escalation

b4.jpg?profile=RESIZE_710x

 

(PPT) Presentation From The Discussion

 

 

 

Read more…

1687852888551?e=1693440000&v=beta&t=k1FRADu4jt3NZ4jWUc9Asogkkj8_CNCPhCH0IyRd61c

Overview of Incident Response

Incident response is a critical aspect of any organization's cybersecurity strategy. When a security incident occurs, it is crucial to have a well-defined plan in place to handle the situation effectively. This blog post delves into the key components of incident response, focusing on the validation of incidents, containment measures, and the role of forensics in investigating and understanding security breaches.

1.Incident Validation

The first step in incident response is validating whether an incident has indeed occurred. This involves assessing the nature and severity of the event to determine its validity. The validation process typically includes gathering evidence, analyzing logs, and employing various detection tools and techniques to confirm the incident.

1.1 Evidence Collection
To validate an incident, it is essential to collect relevant evidence. This includes system logs, network traffic data, user reports, and any other artifacts that can provide insight into the incident. Proper evidence collection is crucial for a thorough investigation and ensures that critical information is not overlooked or compromised.

1.2 Analysis and Detection
Once the evidence is collected, it undergoes detailed analysis to detect any signs of compromise or malicious activity. Security analysts employ various tools and techniques, such as intrusion detection systems (IDS), security information and event management (SIEM) systems, and behavioral analytics, to identify anomalies and indicators of compromise.

 

(Many years back we started the 'Top 100 CISO Awards' recognizing the important role a CISO plays in preventing huge breaches. Nominate yourself for the 15th Edition Of Top 100 Awards, The 1st recognition for CISOs)

 

 

2.Incident Containment 

Once an incident is validated, the next step is containment. The primary objective of containment is to limit the impact of the incident and prevent further damage to the organization's systems, data, and reputation. Prompt and effective containment measures are crucial to minimizing the potential harm caused by the incident.

2.1 Isolation and Segmentation
Isolating the affected systems or networks is a critical step in containment. By disconnecting compromised systems from the network, organizations can prevent lateral movement and limit the spread of the incident. Network segmentation techniques, such as virtual LANs (VLANs) and firewalls, are employed to restrict unauthorized access and contain the incident within a specific area.

2.2 Access Control and Privilege Management
Implementing stringent access controls and privilege management measures helps limit the impact of an incident. This involves revoking unnecessary privileges, enforcing strong authentication mechanisms, and implementing the principle of least privilege. By controlling access to sensitive resources, organizations can mitigate the risk of further compromise and maintain the integrity of their systems.

 

(Many years back we started the 'Top 100 CISO Awards' recognizing the important role a CISO plays in preventing huge breaches. Nominate yourself for the 15th Edition Of Top 100 Awards, The 1st recognition for CISOs)

 

 

3.Forensics and Investigation

Once the incident is contained, the focus shifts towards conducting a thorough forensic investigation. Forensics play a vital role in understanding the scope and nature of the incident, identifying the root cause, and gathering evidence for potential legal proceedings. The following steps are typically involved in a forensic investigation:

3.1 Preservation of Evidence 
Preserving the integrity of evidence is of utmost importance in forensic investigations. This includes creating forensic copies of compromised systems, preserving logs, and maintaining a chain of custody to ensure the admissibility of evidence in legal proceedings.

3.2 Analysis and Reconstruction 
During the analysis phase, forensic experts examine the collected evidence to reconstruct the sequence of events leading up to the incident. This involves examining log files, system artifacts, and memory dumps to identify the tactics, techniques, and procedures (TTPs) employed by the attackers.

3.3 Attribution and Lessons Learned 
In some cases, it may be possible to attribute the incident to a specific threat actor or group. Forensic analysis, in conjunction with threat intelligence, can aid in determining the motives and tactics employed by the attackers. Additionally, the lessons learned from the incident can be used to improve security practices and enhance future incident response capabilities.

An effective incident response strategy is crucial for organizations to detect, validate, and respond to security incidents promptly and effectively. The process of incident response involves validating incidents, implementing containment measures, and conducting thorough forensic investigations. By following a well-defined incident response plan and leveraging the right tools and techniques, organizations can minimize the impact of security incidents and enhance their overall cybersecurity posture. 

P.S. I plan to add in more details from the slide, since it's a gold mine with so much relevant and interesting details

 

(Many years back we started the 'Top 100 CISO Awards' recognizing the important role a CISO plays in preventing huge breaches. Nominate yourself for the 15th Edition Of Top 100 Awards, The 1st recognition for CISOs)

 

 

Presentation For Reference

Read more…

We are excited for the next ‘Best Of The World’ Session On "Understanding Cloud Attack Vectors" by Moshe Ferber (Cloud Security Expert, Frequent Speaker at Defcon, Blackhat, RSAC APJ)

 

The 'Best Of The World' Series features the world's best security minds (researchers, inventors, subject experts, analysts). It covers security content and Q&A that is often hard to comprehend and you simply cannot ‘Google it’. It has featured great minds like Paul Raines (Nobel prize winner), Jacob Torrey (DARPA), Dr. Phil Polstra (Renowned Forensic Expert, BlackHat).

 

Key Discussion Points :

  • Understanding current cloud threats landscape
  • Reviewing cloud attack vectors
  • Recent examples of cloud security incidents
  • Prioritize cloud security efforts

 

You can join us here: https://info.cisoplatform.com/understanding-cloud-attack-vectors?utm_src=CPblog

 

Moshe%20V2%20(3).png?profile=RESIZE_710x

 

Please Note : Since the speakers are across the globe (best of the world in security), the timings might be odd. In case the time does not suit your timezone, kindly register yourself, so you can get access to the recording post-session.

 

Read more…

This webinar covers various aspects, including the rise in cyber security incidents, identification of vulnerabilities and loopholes, effective prevention strategies, mitigation techniques, and more. It aims to provide a comprehensive understanding of the evolving cybersecurity landscape in the context of Web3 technologies.

 

Key Discussion Points

  • Discuss Security Incidents & Business Use Case
  • Understanding Web 3 Pros
  • Understanding Web 3 Cons. Prevention mechanism
  • How to make sure that it doesn’t happen to you?

 

About Speaker

Gregory Pickett is a Blackhat USA Speaker, CISSP, GCIA, GPEN. He is the founder and Head of Cybersecurity Operations for Hellfire Security. He has presented research at over seventeen international conferences. He is a Six-time speaker at Defcon and three-time speaker at Blackhat.

 

(Webinar) Recorded

 

Discussion Highlights

1. Common Attacks

  • Price Oracle Manipulation
  • Improper Access Control
  • Improper Validation and Logic Errors
  • MEV Attacks (Front Running, Sandwiches)
  • Traditional Methods :
    SIM Swapping, Phishing Attacks, Vulnerable Nodes, Abused Permissions, Abused Network

2. NUWA Hack

  • ERC-20 Token
  • Price Oracle Manipulation
  • Publicly Known
  • Liquidity Pool Imbalance
  • Distorted Exchange Rate
  • Used to Exchange At A Favorable Rate

1.jpg?profile=RESIZE_710x

2.jpg?profile=RESIZE_710x

3.jpg?profile=RESIZE_710x

 

3. Important Events/States To Emit

  • Low Balances
  • Liquidity Pool Ratios (Or Exchange Rates)
  • Change in Ownership
  • Funds Distributions
  • Attributes Generated
  • Wins/Losses

 

4. Important Operational Capabilities

  • Blacklist Wallets
  • Transfer Pools
  • Pause Contract
  • Kill Contract

 

5. TenderFi Hack

  • DeFi Platform
  • Price Oracle Misconfiguration
  • Publicly Known
  • Implicit Decimal Point
  • Overvalued Token
  • Produced a very favorable loan (larger than total value of all Bitcoin)

4.jpg?profile=RESIZE_710x

 

5.jpg?profile=RESIZE_710x

 

6. AquaDAO Hack

  • Decentralized Autonomous Organization
  • Governance Attack
  • Insufficient Stake
  • Malicious Proposal
  • Destroyed Value

6.jpg?profile=RESIZE_710x

 

7. Exchange Hack

  • Hot Wallet
  • Abused Privileges
  • Not Public
  • No Privileged Access Management
  • No Compensating Controls
  • Transferred Funds Out of Hot Wallet
  • Drained Hot Wallet
  • No Privileged Access Management
  • No Log Aggregation
  • No Monitoring of Login/Logout Events
  • No Access Attestation
  • Enterprise Network
  • Abused Network
  • Not Public
  • No Zoning, No Hardening, and No Governance
  • No Compensating Controls
  • All Customer Data include OTP Seeds
  • Wouldn’t you like to know

7.jpg?profile=RESIZE_710x

 

8. Fintech Hack

  • Key Engineer
  • Phishing Attack
  • Not Public
  • Lacking Cybersecurity Fundamentals
  • Buying Products to Solve Problems
  • Who Knows
  • No Security Awareness Training
  • No SIEM Tuning
  • No Flow Monitoring
  • No Privileged Access Management

8.jpg?profile=RESIZE_710x

 

9. Buying Products (or Services) to Solve Problems

  • Protecting Users (EDR)
  • Protecting Network (SASE)
  • Monitoring Activity (SIEM)
  • Secure Software (SSDLC) (Audit Services)

 

10. Hope Is Not A Strategy

  • They Are Looking for the Perfect Products
  • If we have the right X/Y/Z, we will never have to worry about threats
  • Web3 Itself Is Seen In A Similar Fashion
  • Just Perform More Audits

 

(PPT) Presentation From The Discussion

 

 

Read more…

We are excited for the next ‘Best Of The World’ Session On "How To Create Scalable And Sustainable Cybersecurity Program For Any Size Organization" by Gordon Rudd, (Ex-CISO RCB Bank | Author | Coach)

 

The 'Best Of The World' Series features the world's best security minds (researchers, inventors, subject experts, analysts). It covers security content and Q&A that is often hard to comprehend and you simply cannot ‘Google it’. It has featured great minds like Paul Raines (Nobel prize winner), Jacob Torrey (DARPA), Dr. Phil Polstra (Renowned Forensic Expert, BlackHat).

 

Key Discussion Points :

  • Understand the relationship between the cybersecurity and IT Operations
  • Assess organizational cybersecurity, GRC & operational readiness
  • Successfully communicate with the C-Suite and the Board on the state of cybersecurity in the organization
  • Identify and focus on the top five areas needed in building real world cyber defenses

 

You can join us here: https://info.cisoplatform.com/creating-scalable-sustainable-cybersecurity-for-any-size-organization?utm_src=cpblog

 

Gordon%20V4.png?profile=RESIZE_710x

 

Please Note : Since the speakers are across the globe (best of the world in security), the timings might be odd. In case the time does not suit your timezone, kindly register yourself, so you can get access to the recording post-session.

 

Read more…

Over 18 years, RSAC Innovation Sandbox contest brings cybersecurity's new innovators to put the spotlight on their potentially game-changing ideas. Each year, 10 finalists grab the spotlight for a three-minute pitch while demonstrating groundbreaking security technologies to the broader RSA Conference community. Since the start of the contest, the top 10 finalists have collectively seen over 75 acquisitions and $12.48 billion in investments. (Source : RSA Conference)

 

"Innovation And Security converge on the floor of RSA Conference 2023!"

RSA1.jpg?profile=RESIZE_710x

 

RSA2.jpg?profile=RESIZE_710x

 

RSA3.jpg?profile=RESIZE_710x

 

RSA4.jpg?profile=RESIZE_710x

 

 

Top 10 Finalists Sandbox 2023

 

AnChain.AI

AnChain.AI (www.anchain.ai) is an AI-powered cybersecurity company enhancing blockchain security, risk, and compliance strategies. Blockchain Xcelerator.

 

 

Astrix Security

Astrix provides holistic visibility into all non-human connections and identities - automatically detects and remediates over-privileged, unnecessary, misbehaving and malicious app-to-app connections to prevent supply chain attacks, data leaks and compliance violations.

 

 

Dazz

Dazz is a cloud security company specializing in protecting cloud development environments. The platform helps solve vulnerabilities and prevents risks in cloud development environments.

 

 

Endor Labs

Endor Labs offers a dependency lifecycle management tool that facilitates the security and maintenance of Open Source Software.

 

 

Hidden Layer

HiddenLayer’s patent-pending solution provides a noninvasive, software-based platform that monitors the inputs and outputs of your machine learning algorithms for anomalous activity consistent with adversarial ML attack techniques. Response actions are immediate with a flexible response framework to protect your ML.

 

 

Pangea

 Pangea Cyber wants to change that with an API-driven approach to adding security to an application, making it as easy as adding a few lines of code.

 

 

Relyance

Manage privacy, data governance, and compliance operations seamlessly, all on a single, intuitive platform.

 

 

SafeBase

The Smart Trust Center for sharing your security posture and automating access to sensitive documents.

 

 

Valence Security

Valence Security collaboratively remediates SaaS data, supply chain and identity risks through automated policy enforcement.

 

 

Zama

Advancing Homomorphic Encryption for a More Private Internet

 

 

Judges

  • Niloofar Razi Howe, Sr. Operating Partner, Energy Impact Partners
  • Paul Kocher, Researcher, Independent Researcher
  • Shlomo Kramer, Co-founder and CEO, Cato Networks
  • Barmak Meftah, Co-founder and Partner, Ballistic Ventures
  • Executive Vice-President, Bus Dev, Strategy and Ventures, Microsoft

 

Read more…

We had a community webinar on "From Chaos To Control : Lessons Learned From The Ransomware Attack". We discussed the importance of cybersecurity and the growing threat of ransomware attacks. Described the specific incident we experienced, highlighting the impact on our organization and the challenges we faced. Key lessons we learned from the incident, including what worked well and what could have been done differently. Emphasize the importance of having a comprehensive backup and employee training.

 

Session Agenda

  • Importance of having a comprehensive incident response plan
  • Need for regular backups and employee training
  • Best practices for preventing ransomware attacks
  • Need for ongoing monitoring and testing of security measures to ensure they are effective and up to date
  • Importance of learning from the experience and continually improving security measures to stay ahead of evolving threats

 

About Speaker

Prabhakar Ramakrishnan, CISO & General Manager - IT Infrastructure at TNQ Technologies

 

(PPT) Presentation From The Discussion

 

Discussion Highlights

1. Growing Threat of Ransomware Attacks

  • Ransomware is a type of malware that encrypts files on a victim's computer system, making them inaccessible until a ransom is paid
  • The threat of ransomware attacks is growing as cybercriminals are becoming more sophisticated and using new tactics such as double extortion, where they not only encrypt the victim's data but also threaten to leak it if the ransom is not paid

 

2. Impact of Ransomware Attacks

  • Ransomware attacks can have a devastating impact on individuals and organizations, causing financial losses, reputational damage, and even legal liabilities
  • In addition to the direct costs of paying the ransom and restoring the encrypted data, there are also indirect costs such as lost productivity, business interruption and regulatory compliance

 

3. Personal experience and lessons learned :

1.jpg?profile=RESIZE_710x

 

Backup - RPO : 2hours, 8hours, 24hours

Incident Response Plan

2.jpg?profile=RESIZE_710x

 

4. How we recovered

3.jpg?profile=RESIZE_710x

 

4.jpg?profile=RESIZE_710x

 

5.jpg?profile=RESIZE_710x

 

6.jpg?profile=RESIZE_710x

 

5. Incident Summary

  • Threat actor used a compromised account to access the servers over RDP
  • Using the Admin account the Threat actor copied and installed an open-source softwarefor anonymous communication named TOR (The Onion Router). During this installation, Threat Actor masqueraded the anonymity software TOR as Applocker.exe which is a legitimate Microsoft Windows application
  • TOR is an open-source software that creates a multi-hop proxy network which allows Threat Actors to communicate with the installed systems over an encrypted channel
  • To further maintain persistence in the environment, the Threat Actor installed multiple remote management software like Atera agent, AnyDesk, LogMeIn and BitVise and ZeroTier
  • Threat Actor attempted to perform lateral movement by installing the Remote Management tool named Action1
  • Threat Actor used the compromised privileged account to copy a compressed file which contained multiple legitimate system administration tools, different variants of ransomware encryptor and text files
  • Threat Actor created an account MS_BACKUP on the Domain controller and added the Account Domain Admin Group

 

6. Ransomware Deployment Activity

  • The Threat Actor copied multiple binaries of Windows and Linux based ALPHV ransomware encryptors to the system
  • The Threat Actor targeted ESXi systems by copying the Linux ALPHV ransomware executable and linkable format (ELF) binaries on multiple VMware ESXi systems
  • Once connected to the ESXi systems through SSH connections using the root account, the Threat Actor copied over the ALPHV ELF binary encryptor to the ESXi systems and executed the ransomware encryptor. This resulted in the encryption of several virtual machine disk (VMDK) files stored on the datastore attached to these ESXi systems

 

7. Major Gap’s

  • EDR was not installed in the servers that were compromised
  • Weak password, Same password used for multiple devices
  • 2FA was not configured for all external facing applications
  • Backups stored in the same environment
  • Lack of centralized logging

 

8. Important Documents

  • Situational Awareness Report
  • Communication Plan
  • Recovery Process

 

 

 

Read more…

We are excited for the next ‘Best Of The World’ Session On "Impacts of Web3 on Cybersecurity : Cyber Security Incidents; Loopholes; Prevention; Mitigation & More" by Gregory Pickett (Blackhat USA Speaker, CISSP, GCIA, GPEN, Head of Cybersecurity Operations, Hellfire Security)

 

The 'Best Of The World' Series features the world's best security minds (researchers, inventors, subject experts, analysts). It covers security content and Q&A that is often hard to comprehend and you simply cannot ‘Google it’. It has featured great minds like Paul Raines (Nobel prize winner), Jacob Torrey (DARPA), Dr. Phil Polstra (Renowned Forensic Expert, BlackHat).

 

Key Discussion Points :

  • Discuss Security Incidents & Business Use Case
  • Understanding Web 3 Pros
  • Understanding Web 3 Cons. Prevention mechanism
  • How to make sure that it doesn’t happen to you ?

 

You can join us here: https://info.cisoplatform.com/stories-from-the-web3-battlefield-a-hackers-point-of-view?utm_src=cpblog

 

Gregory%20V4.png?profile=RESIZE_710x

 

Please Note : Since the speakers are across the globe (best of the world in security), the timings might be odd. In case the time does not suit your timezone, kindly register yourself, so you can get access to the recording post-session.

 

Read more…

We had “Best Of The World In Security” Webinar On "Analysing Cybersecurity Industry In Quarter 1". We discussed the latest analysis of the 3,251+ vendors in the cybersecurity industry. A bottoms up analysis of all the vendors derived from platform for industry research reveals the overall health of cybersecurity. Which companies and segments are growing and Which are failing Learnt how do these numbers compare to historical trends.

 

Session Agenda

  • Zero signs of industry consolidation
  • Digital Mercantilism is driving the growth in number of vendors
  • Still no solution to the SolarWinds problem

 

About Speaker

Richard Stiennon is the Past VP Research, Network Security @Gartner, Author of Security Yearbook 2023. He is the Chief Research Analyst for IT-Harvest and has presented on cybersecurity in 29 countries in six continents, A Lecturer at Charles Sturt University and the Author of Surviving Cyberwar and There Will Be Cyberwar. Richard held leadership roles at Blancco Technology Group, Fortinet, Webroot Software and Gartner.

 

(Webinar) Recorded

 

Discussion Highlights

1. The vendor companies are categorization process & Industry experts. There are 3359 vendors company which create their own technology for security. The vendors are breakdown into categories by the country. The top 5 bucket of cybersecurity have always been - Government Risk Compliance (GRC), Data Security, Identity & Access Management (IAM), Network security, Endpoint Security.

There were 71 vendors that took in new capital. They were spread across 16 of the 17 categories we track, Deception was the one category with no new investments. As usual, the US led in funding rounds, followed by Israel and then the UK.

1.jpg?profile=RESIZE_710x

 

2. Vendors graph by founding dates, average date is 12 years.

2.jpg?profile=RESIZE_710x

 

3. Vendors category Differences by Country 

3.jpg?profile=RESIZE_710x

 

4. 50 more vendors are from India

4.jpg?profile=RESIZE_710x

 

5. Growth by Sector, 2022

  • Training
  • Fraud Prevention
  • Testing
  • Security Analytics
  • Deception
  • GRC
  • IOT Security
  • Network Security
  • Endpoint Security

5.jpg?profile=RESIZE_710x

 

6. Growth by Sector, Quarter 1 2023

  • Training
  • Fraud Prevention
  • Testing
  • Security Analytics
  • Deception
  • GRC
  • IOT Security
  • Network Security
  • Endpoint Security

6.jpg?profile=RESIZE_710x

 

7. Fastest Growing Quarter 1, 2023

7.jpg?profile=RESIZE_710x

 

8. Investments - $17 billion 2022, while at $2.4 billion in Q1 on track to be under $10 billion in 2023. Last year saw 330 total investments, so Q1 is running at a lower annualized rate of 284. The top rounds below were all over $50 million, with NetSkope taking in the largest round of $401 million and Wiz taking in an additional $300 million at a $10 billion valuation.

8.jpg?profile=RESIZE_710x

 

9. Is the Industry Heading into a Recession?

  • 54% of vendors grew in 2022
  • 26% lost head count
  • $17 billion is up 70% from 2020 level
  • There were 338 acquisitions compared to 2021’s 415

 

Total funding was $2.413 billion, on track for a paltry $9.6 billion which will fall short of 2020’s $10 billion (which was a record at the time.) When I was a Gartner analyst we pegged the entire industry at a $2.2 billion market.One explanation for the short fall in new funding rounds could be that the March collapse of Silicon Valley Bank disrupted deal flow across the entire tech center. We will know if that is the case as Q2 plays out. An upswing in activity may be explained by delayed Q1 deals. (Reference link here)

 

Read more…

We are excited for the next ‘Best Of The World’ Session On (Can't Google It | Best Of The World) Richard Stiennon (Past VP Research, Network Security @Gartner; Chief Research Analyst, IT-Harvest) On "Analysing Q1 Cybersecurity Industry" | CISO Session. 

 

The 'Best Of The World' Series features the world's best security minds (researchers, inventors, subject experts, analysts). It covers security content and Q&A that is often hard to comprehend and you simply cannot ‘Google it’. It has featured great minds like Paul Raines (Nobel prize winner), Jacob Torrey (DARPA), Dr. Phil Polstra (Renowned Forensic Expert, BlackHat).

 

Key Discussion Points :

  • Zero signs of industry consolidation
  • Digital Mercantilism is driving the growth in number of vendors
  • Still no solution to the SolarWinds problem

 

You can join us here: https://info.cisoplatform.com/q1-entire-cybersecurity-industry?utm_src=cpblog

 

Richard%20v3.png?profile=RESIZE_710x

 

Please Note : Since the speakers are across the globe (best of the world in security), the timings might be odd. In case the time does not suit your timezone, kindly register yourself, so you can get access to the recording post-session.

 

Read more…

We had “Best Of The World In Security” Webinar On "DevOps Lesson For Your SOC (SRE)". We discussed Google-inspired lessons of transforming detection and response practices using the approach we call Autonomic Security Operations. DevOps transformed IT and changed roles, practices and skills within IT. Security in general and security ops, in particular, are sometimes left behind. 

 

Session Agenda

  • How does the security analyst role evolve?
  • How security processes change in an ASO SOC?
  • How automation reduces toil (and what is toil, anyway)

 

About Speaker

Dr. Anton Chuvakin, Past Gartner Analyst and very well known in the information security community. He is currently the security advisor at Office Of The CISO At Google Cloud. He is a recognized security expert in the field of SIEM, log management and PCI DSS compliance.

 

(Webinar) Recorded

 

Discussion Highlights

1. 2003 or 2023? Sec Ops is Ripe for Transformation

  • We can’t store and analyze all data, resulting in blindspots
  • It’s cost prohibitive to ingest all the data we need
  • It takes too long to investigate alerts
  • We struggle to build effective detection and have too many false positives/negatives
  • Our processes are too manual, we are too slow to respond to and remediate threats
  • We don’t have enough skilled engineers to make everything work

 

2.  What Outcomes did DevOps / SRE achieve?

b1.jpg?profile=RESIZE_710x

 

3. Google vs Enterprise “SecOps”

- What does Google do?

  • Automation/SRE is a mindset – part of the hiring process, part of OKRs, and performance reviews
  • Requires coding interviews, high pay, attracts the best, invests in growth
  • 40/40/20 between eng, operations, and learning
  • Investment in efficiency solves for human costs
  • Intel strongly embedded in D&R, mostly utilized towards proactive work, strong collaboration across Alphabet & benefits from developer hygiene

- What do most enterprises do?

  • Experimenting with SOAR, full adoption is tough due to minimal automation culture
  • Hires traditional roles, no coding, rarely outsources, less pay, less growth, more stress
  • Utilization is almost always >100%
  • Cost-prohibitive data ingestion, oftentimes paying SIEM + DIY, increasing $ from complexity
  • CTI team produces great reports, SOC consistently doing fire drills, >90% false positive rate, uneven distribution of skill (Tier 3)

 

4. Autonomic Security Operations Principles:

- ASO should

  • Eliminate toil
  • Embrace change
  • Strive for continuous improvement
  • Bridge all siloes
  • Use service level objectives
  • Avoid hero mentality
  • Aim for simplicity

- ASO should not

  • Restrict hiring to top professionals
  • Require an engineering-only culture
  • Increase overall tooling footprint
  • Aim for incremental gain

 

5. Eliminate Toil : manual, repetitive, automatable, tactical, devoid of enduring value, and that scales linearly as a service grows

- Causes of Toil

  • Too much technical debt
  • Priorities or goals are not aligned
  • Lack of training or support
  • Lack of collaboration
  • The business value to fix is too hard to realize

- Less Gathering, More Analysis – basics to automate

  • Gathering machine information
  • Gathering user information
  • Process executions
  • All context needed to help get to final (human) judgement

- Key Activities To Implement

  • Train your team on toil & automation
  • Create an Automation Queue
  • Implement Blameless Postmortems
  • Conduct Weekly Incident Reviews
  • Implement SOAR
  • Hire Automation Engineer(s)
  • Implement CD/CR pipelines with metrics

 

6. Evolve Automation

b2.jpg?profile=RESIZE_710x

 

7. Practice Release Engineering

b3.jpg?profile=RESIZE_710x

 

8. Strive for Simplicity

Complex systems require substantial human expertise in their operation and management. This expertise changes in character as technology changes but it also changes because of the need to replace experts who leave. In every case, training and refinement of skill and expertise is one part of the function of the system itself. At any moment, therefore, a given complex system will contain practitioners and trainees with varying degrees of expertise. Critical issues related to expertise arise from (1) the need to use scarce expertise as a resource for the most difficult or demanding production needs and (2) the need to develop expertise for future use.

 

9. The Power of Continuous Improvement

b4.jpg?profile=RESIZE_710x

 

10. Actions

  • Reduce toil in your SOC - shift toil to machines
  • Evolve automation in SIEM, SOAR, threat intel, etc
  • Use SLOs / metrics to drive change
  • Practice release engineering for consistent improvement
  • Strive for simplicity with processes, technology stack, etc
Read more…

We are hosting “Best Of The World In Security” Webinar On "DevOps Lesson For Your SOC (SRE)".

The 'Best Of The World' Series features the world's best security minds (researchers, inventors, subject experts, analysts). It covers security content and Q&A that is often hard to comprehend and you simply cannot ‘Google it’. This series has featured many great minds like Paul Raines (Nobel prize winner), Jacob Torrey (DARPA), Dr. Phil Polstra (Renowned Forensic Expert, BlackHat).

This is a community discussion with Dr. Anton Chuvakin (Ex Gartner Analyst, Security Advisor at office of the CISO, Google Cloud). We encourage you to make the most of it by inviting your teams and peer. You can send us your questions in advance or even ask live during the session in Q&A sections.

 

Why DevOps (SRE) ? 

DevOps transformed IT and changed roles, practices and skills within IT. Security in general and security ops, in particular, are sometimes left behind. This session will share Google-inspired lessons of transforming detection and response practices using the approach we call Autonomic Security Operations.

 

Key Discussion Points :  

  • How does the security analyst role evolve?
  • How security processes change in an ASO SOC?
  • How automation reduces toil (and what is toil, anyway)

 

You can join us here: https://info.cisoplatform.com/sre/devops-lesson-for-your-soc?utm_src=CPblog

 

Anton%20v4.png?profile=RESIZE_710x

Read more…

We had a community webinar on "Zero Trust : Architecture Principles; Threats; Architecture Components; Guidance Documents - NIST, CISA, NSA, DOD". We discussed history of the zero trust model, why is it relevant now ? (perimeter is dead, people work from anywhere and data is on endpoints and in the cloud), Zero trust architecture principles and tenets, Zero trust threats, Zero trust architecture components, Policy enforcement point types, Cloud deployment models, Zero trust guidance documents - NIST, CISA, NSA, DOD and more.

 

Session Agenda

  • History of the zero trust mode
  • Why is it relevant now ? (perimeter is dead, people work from anywhere and data is on endpoints and in the cloud)
  • Zero trust architecture principles and tenets
  • Zero trust threats
  • Zero trust architecture components
  • Policy enforcement point types
  • Cloud deployment models
  • Zero trust guidance documents - NIST, CISA, NSA, DOD

 

About Speaker

Wayne Tufek (Frequent Speaker RSAConference APJ, ISC 2, SACON & Renowned Security Architect) Wayne is currently on the board of the Melbourne Chapter of ISACA and holds the position of Vice President.

 

(Webinar) Recorded

 

Discussion Highlights

1. Why Zero Trust?

  • Previous security models did not  holistically apply important well known security principles
  • Most Security architectures are like a cocunut

 

2. History of Zero Trust

1.jpg?profile=RESIZE_710x

 

3. Definition of Zero Trust

  • Security model and set of design principles
  • Threats exist both inside and outside traditional network boundaries
  • Model Eliminates implicit trust in any one element
  • Instead requires continuous verification
  • Via real time information from multiple sources
  • Model assumes that a breach is inevitable or has likely already occurred
  • Limits access to what is needed and looks for anomalous or malicious activity
  • Embeds comprehensive security monitoring; granular risk based access controls
  • Data centric model allows the concept of least privilege to be applied for every access decision

 

4. Tenets

  • Identity & Inventory is key - know your users, devices, services and data
  • Trust is not based on device's network location - the network is always assumed to be hostile
  • Every device, User and network flow is authenticated and authorised
  • Access is based on context, for example the identity of the user, the device being used etc
  • Devices may be company owned or owned by the User
  • Access is granted on a per session basis
  • All communication is secure
  • Access to resources is determined by dynamic policy and observable state
  • Strong authentication is used
  • Continuous logging, monitoring and posture assessment
  • Monitoring should be an ongoing basis to access risk, access is adaptive and varies based on context
  • Assume breach - an attacker is already on our network
  • External and Internal threats exist at all times

 

5. Foundation Of Zero Trust

2.jpg?profile=RESIZE_710x

 

6. Logical Components

3.jpg?profile=RESIZE_710x

 

7. Benefits

  • Support work from anywhere
  • Prevention First
  • Protect resources regardless of their location
  • Better address threats
  • Limit an attacker's ability to move laterally
  • Users connect directly to services and not to the network
  • Improve incident detection and response
  • Improve visibility
  • Dynamic risk-based assessments = better defence

 

8. Capabilities and Services

4.jpg?profile=RESIZE_710x

 

9. Implementing Zero Trust

- Users

  • Centralised enterprise managed identities
  • MFA (application layer enforcement, Phishing resistant, passwords)
  • Check password against known breaches
  • At least one device level signal during authentication
  • PAM
  • ABAC
  • RBAC

- Devices

  • Maintain a complete reliable inventory of assets
  • EDR

- Networks

  • Network visibility
  • Encrypt DNS requests
  • Use HTTPS for web application and APIs
  • Plan for Network isolation

- Applications and Workloads

  • Understand your network protect surface
  • Treat all applications as internet connected
  • Have a dedicated application security testing program
  • Operate an effective and welcoming public vulnerability disclosure program
  • Work towards employing immutable workloads

- Data

  • Categorise and tag your assests
  • Audit access to any data encrypted at rest in a commercial cloud
  • Implement comprehensive logging
  • Automate security responses

- Key Steps

  • Decide to adopt a zero trust strategy
  • Inventory your environment 
  • Determine your current state 
  • Set desired maturity
  • Don't forget governance
  • Start with identity and device security
  • Slow and steady - work with your existing capabilities first
  • Ditch passwords

 

10. Zero Trust In Action : Deconstructing the Uber Attack - what we reportedly know

5.jpg?profile=RESIZE_710x

 

 

 

Read more…