If it comes to embracing one email-focused protection solution or another, what is best for an organization?
Many orgs solely deploy DLP for email due to an enterprise DLP purchase; however, does this protect against spear phising, whaling, or spamming?
Not really, especially if your DLP deployment is in its infancy. With that said, email protections like DMAC & SPF will not work to prevent data loss without some type of content & context-aware solution (e.g., classification, labeling).
Thankfully, email-as-a-service (EmaaS) cloud providers include both services, while usually as an add-on service at an additional cost.
Thursday, April 28, 2016
Wednesday, April 27, 2016
AWS Mobile Hub = Death of Local / Network-based DevOps?
https://aws.amazon.com/mobile/
With more organizations leveraging (at least) a cloud-first policy, is the time for local / network-based DevOps gone?
I suspect that the larger, internal development functions of Fortune 1000 firms wont change anytime soon. However, the ecosystem between large and small is tightly coupled. So, give it 5-10 years, and the local SCM repository will be gone.
With more organizations leveraging (at least) a cloud-first policy, is the time for local / network-based DevOps gone?
I suspect that the larger, internal development functions of Fortune 1000 firms wont change anytime soon. However, the ecosystem between large and small is tightly coupled. So, give it 5-10 years, and the local SCM repository will be gone.
Docker Security
Great blog post from CloudPassage below:
https://blog.cloudpassage.com/2015/10/21/docker-best-practices
But what agents does one place on a container?
Must:
Nice to Haves:
https://blog.cloudpassage.com/2015/10/21/docker-best-practices
But what agents does one place on a container?
Must:
- File Integrity Monitoring (FIM)
- Anti-virus / Malware
- Logging / SIEM
Nice to Haves:
- Edge Protection / Network Access Controls (NAC) - assuming a private cloud deployment
- Data Loss Prevention (DLP) - only if an enterprise solution is deployed
Tuesday, April 26, 2016
SaaS (e.g., Cloud) Apps & Enterprise Security Architecture
Beyond extending formal enterprise security architecture (ESA) frameworks like SABSA, TOGAF, DoDAF, etc. to the cloud, organizations will have to choose on a strategy for implementing controls in the cloud as well.
Now, many cloud service providers (CSP) enumerate their safeguards on a high-level and say hands-off; however, more and more are either adding premium add-on security services (e.g., Salesforce.com Shield, Office 365 DLP), or allow for the integration with third party solutions (e.g., Dropbox & CloudLock).
Pending the ubiquity of usage (i.e., enterprise-wide), industry, and / or amount of CSPs used, a hybrid strategy probably works best. In this manner an organization can leverage enterprise access controls and monitoring via cloud access security broker (CASB) or enterprise mobility management (EMM) solutions, while leveraging native content awareness (e.g., DLP, RMS) or cryptography solutions as well.
Now, many cloud service providers (CSP) enumerate their safeguards on a high-level and say hands-off; however, more and more are either adding premium add-on security services (e.g., Salesforce.com Shield, Office 365 DLP), or allow for the integration with third party solutions (e.g., Dropbox & CloudLock).
Pending the ubiquity of usage (i.e., enterprise-wide), industry, and / or amount of CSPs used, a hybrid strategy probably works best. In this manner an organization can leverage enterprise access controls and monitoring via cloud access security broker (CASB) or enterprise mobility management (EMM) solutions, while leveraging native content awareness (e.g., DLP, RMS) or cryptography solutions as well.
Friday, April 22, 2016
Whaling, Spear Phishing, Scamming.....oh my!
Orgs need to conduct red team-like exercises to benchmark their exposure to this stuff....big time!
http://www.cio.com/article/3059621/security/whaling-emerges-as-major-cybersecurity-threat.html
Gotchas, and ah-hahs, are not necessary when conducting this testing. Though identification for security education, training, & awareness (SETA) is.....
http://www.cio.com/article/3059621/security/whaling-emerges-as-major-cybersecurity-threat.html
Gotchas, and ah-hahs, are not necessary when conducting this testing. Though identification for security education, training, & awareness (SETA) is.....
Wednesday, April 20, 2016
Ransomware Response & Red Teaming
Too many pen tests are more or less vulnerability scans.
So, how many orgs engage in the next logical step, red teaming?
Better yet, how many orgs engage a red team to test their incident response process & procedures for ransomware, malware, DDoS / DoS, APT, or brute forcing / rainbow attacks throughout the cyber kill chain (http://www.darkreading.com/attacks-breaches/deconstructing-the-cyber-kill-chain/a/d-id/1317542)?
As orgs progress w/ pen testing, red teaming, etc., they need to up the ante with more inclusive testing.
So, how many orgs engage in the next logical step, red teaming?
Better yet, how many orgs engage a red team to test their incident response process & procedures for ransomware, malware, DDoS / DoS, APT, or brute forcing / rainbow attacks throughout the cyber kill chain (http://www.darkreading.com/attacks-breaches/deconstructing-the-cyber-kill-chain/a/d-id/1317542)?
As orgs progress w/ pen testing, red teaming, etc., they need to up the ante with more inclusive testing.
Tuesday, April 12, 2016
Cloud Service Providers & Retention
When
it comes to using cloud services for business, it pays to know what retention
policies can and will be leveraged, particularly for heavily regulated
industries. Below are the retention policies for the heavy hitters
regarding cloud:
For
the retention policies of traditional cloud file storage, see below:
Here
are the retention policies for popular cloud (e.g., SaaS) apps:
On Premise DLP for Cloud-first Organizations
More often than not cloud-first organizations still engage in on premise DLP projects. The mentality being that on prem DLP has a solid use case (file shares, etc.).
With many orgs now leveraging Exchange Online or Gmail, as well as cloud file sharing (e.g., Box, Dropbox, OneDrive, Dive), is this the best strategy?
No, most of these orgs would be better off to first focus on:
With many orgs now leveraging Exchange Online or Gmail, as well as cloud file sharing (e.g., Box, Dropbox, OneDrive, Dive), is this the best strategy?
No, most of these orgs would be better off to first focus on:
- Cloud App Security Brokers (CASB) solutions (e.g., CloudLock, Centrify)
- Whole Disk Encryption / EMM / MDM (e.g., BitLocker / Intune, AirWatch)
- Email / EDM DLP
- Web Filtering DLP
After that, orgs should focus on these investments to tie up any residual risk:
- Database Crypto
- IRM / RMS / DRM
- NAC / NAP
Subscribe to:
Posts (Atom)