Category: Data Visibility & Protection

The Future of Botnets is IoT

Just when defenders think they have successfully eliminated a threat, attackers come back with new variants capable of circumventing previous blockades. This is the case with the Mirai Botnet, a self-propagating botnet malware that first started causing wide-spread destruction via home routers in 2016. What is a botnet and how are they evolving to stay ahead of defenders? As Mirai demonstrates as recently as this month, the future of botnets is IoT.
What is a botnet?
A botnet is a group of computers connected in a coordinated fashion for malicious purposes. Botnets are comprised of individual computers —called bots — that have fallen under the control of cyber criminals. Most often, these crooks start with a virus to gain control of individual computers and then connect them into a giant botnet army. Botnets are used to launch expansive criminal activity such as coordinated distributed denial-of-service (DDoS) attacks or large-scale spam campaigns. In many cases, an individual computer owner may not even know their computer is being used for illegal activity – they become Zombie computers or bots.
How botnets are gaining strength
Unlike traditional botnets made up of computers, the Mirai botnet was the idea of some really smart teens who were trying to gain a competitive edge in the game, Minecraft. The idea quickly grew into a connected army of internet of things ‘IoT’ devices such as routers and digital cameras. Then, in the fall of 2016, the Mirai botnet orchestrated a massive distributed denial of service (DDoS) attack against internet domain company, Dyn which resulted in website failures at Twitter, Netflix, CNN and many other big brands in the U.S. and Europe.
Mirai has continued to evolve since then, with new variants popping up regularly. As recently as this month, reports surfaced about a collection of new Mirai malware samples compiled to run for “Altera Nios II, OpenRIC, Tenilica Xtensa and Xilinx MicroBlaze processors.” This, according to researchers, increases the number of devices that can be added to the Mirai botnet.
Even in the three short years since Mirai was first discovered, the number of IoT devices have grown exponentially. Printers, IP cameras, building controls, wearables and many other smart devices are now commonly used both at work and at home. With an internet connection built into each one, they all represent a possibility for botnet control and subsequently, a source for large-scale DDoS attacks and other criminal activity.
Preventing a botnet attack
What can you do to prevent your device from falling into botnet control? First, you need visibility into what devices you have and the security control each has running. Are those controls working? Is the device still where is should be? Another important early step is to change the default password set by the device manufacturer. Customize your devices — all your devices — and boost their security individually.
If you would like more information on botnets and how they work, watch the next episode of our Cybersecurity Insights video below. And while you’re at it, watch and subscribe to our full Cybersecurity Insights video series on YouTube.

Video Transcript:
Hey everyone, it’s Josh from Absolute. We’ve been talking about cyber threats and in today’s episode, we look at one of the shadowy characters: botnets.
The term botnet is a mashed-together term that comes from robot and network.
A botnet is an array of hacked computers, connected together so they can team up to perform cyber-attacks.
Typically, the user is totally unaware that their device has been compromised and joined some rebel army; this is one of that computers inside the botnet are often called ‘zombie computers’.
These zombies are controlled by a number of protocols, including: Telnet, IRC, Peer-to-Peer (P2P), and domain controls.
These control systems allow the cybercriminal to link the hacked machines together for a powerful and coordinated attack.
So what do they do, these botnets?  The most common form of botnet attack is denial of service, which can also be widespread, hitting many of your resources at once. This is called a distributed denial of service attack or DDoS.
When a collection of zombie computers within the botnet send millions of requests to something like a webserver, the webserver can crash…leaving legitimate requesters unable to access the service.
Beyond denial of service attacks, botnets have been observed launching spyware, email spamming, click fraud, and GPU mining; enslaving millions of machines to churn out cryptocurrencies.
In 2018, 37% of botnet zombie computers were endpoints in the United States.
That’s right! Although most botnets are controlled outside the U.S., close to half of the machines are working inside the USA.
We just don’t know it, because most of the time…we lack visibility to every device – especially those off the corporate network.
The largest botnet of all time (so far) was called BredoLab, also known as Oficla, and had more than 30 million zombie computers to do its bidding. Thankfully, BredoLab was dismantled in 2010.
Botnet attacks are dangerous because they don’t come with a return address; you can’t know for sure who’s doing it and when it’ll happen.
Even though we can’t predict botnet attacks, we can reduce their odds of success with ceaseless endpoint visibility and control.
Don’t forget to like and comment below. And remember to subscribe to get more Cybersecurity Insights. I’ll see you next time.
 

Uncovering the Fragility of Endpoint Security

New report highlights vulnerabilities caused by the degradation of endpoint security solutions over time.
IT and security professionals have a huge range of tools and technologies at their disposal to help combat data and device security risks. In fact, by 2020, the global spend on IT security is predicted to total a staggering $128 billion. Despite this, every week it seems there is news of another high-profile data breach.
A new primary research study by Absolute has uncovered an explanation for this: much of IT security spending is done in vain due, in part, to missing or broken endpoint security agents or disabled controls.
The study found that the fragility of endpoint security tools causes the efficacy of these tools to diminish significantly over time — unless those tools are deliberately controlled to improve their resilience.
Endpoint security is more vulnerable than you think
Our security research team gathered data from over one billion change events on more than six million devices. They monitored the data over a one-year period to see how security solutions performed — or failed to perform — during that timeframe. The sample included data from 12,000 anonymized organizations across North America and Europe.

One billion change events
Six million devices
12,000 organizations (anonymized)
One-year benchmark study

The findings were eye-opening. While it’s reasonable to expect the fundamental endpoint security solutions we invest in — such as encryption, antivirus/anti-malware (AV/AM)— to keep our devices secure, the harsh reality is this: Endpoint security solutions fail reliably and predictably. The false sense of security they provide is probably enterprises’ biggest risk.
Security tools fail: Endpoint security is flawed
We expect encryption to protect our data, AV/AM to protect us from cyber threats, and client management tools (CMT) to ensure our applications are patched and safe from publishing vulnerabilities. Our expectations are too high, apparently.
Read: The Biggest Challenges with Encryption
Our research shows that encryption is regularly disabled, broken, or missing entirely. In fact, 100 percent of endpoint security tools failed eventually — no tool is immune. And of the devices where encryption fails, 30 percent remain unencrypted for more than 60 days — an unacceptable window of data vulnerability considering the heavy penalties laid down by HIPAA, PIPEDA, GDPR, and other global regulations.
The 2019 Endpoint Security Trends Report uncovers some startling truths about what is putting organizations at risk.
Our research also found that 21 percent of devices had outdated AV/AM; additionally, seven percent of endpoint protection tools were missing altogether, leaving 28 percent of devices unprotected.
28% of Endpoints have AV/AM that is either outdated or missing altogether
Further to this, 23 percent of the patching tools designed to remediate vulnerabilities in devices and the applications running on them were broken or disabled. This is concerning since the 20 most common applications published over 5,000 vulnerabilities last year. In fact, every 5.7 days there’s at least one vulnerability published by the top eight application publishers This means that every few days, there’s a window of opportunity for attack on almost a quarter of your devices.
Key takeaways from the 2019 Endpoint Security Trends Report include:

28% of endpoints have missing or outdated endpoint protection tools
100% of devices experience an encryption failure within one year
42% of endpoints are unprotected at any given time

Strengthen existing endpoint security
While the analysis is sobering, it doesn’t mean that existing security tools are without merit — they just need greater resilience.
There is a way for organizations to monitor, manage, and secure their entire endpoint infrastructure so their staff can do their best work safely, from anywhere. Absolute’s technology is embedded in the firmware of more than 500 million of the world’s devices. Because it’s the only embedded security solution, it maintains a persistent connection to devices.
This connection enables IT and security professionals to keep a close eye on existing security controls to ensure they’re always performing at an optimal level. In this way, IT and security teams can unlock value from solutions they’re already paying for and avoid unnecessary spend on yet more endpoint security.
Uncover the findings from an extensive primary research study analyzing over six million enterprise devices over a one year period and discover actions toward real-world resilience. Read the Endpoint Security Trends Report 2019.

IT Complexity: Metrics and Strategies to Navigate and Measure Performance

IT complexity is one of the biggest roadblocks to success. One of the culprits is the tendency to pack endpoints with more and more controls, apps, and of course, agents. When an organization’s device and agent population expand, they compound the effects of one another; not multiplying endpoint complexity, but exponentiating it.
Different agents compete with one another for the device’s underlying resources: hardware, software, processes, etc. These zero-sum cage fights are more common as the number of agents has grown. Moreover, the variation in hardware — Dell, Lenovo, Microsoft — and software — OS versions and builds, agents, apps—has made everyone a de facto multi-platform enterprise.
This power law creates more security-eroding complexity than security-enabling assurance. Because…by the laws of probability, there are now many more ways for things to go wrong, than to go right.  The astonishing odds against this backdrop fall at the feet of IT and security teams trying to make sense out of what appears to be a senseless device-agent landscape.
This tangled web of complexity has completely changed how we see, control, respond to, and secure endpoints.
What Is IT Complexity?
The concept of IT complexity isn’t anything new. In fact, a 1979 paper by Bill Curtis was written to address the issue.
But not too long ago, keeping track of all our devices and everything running on them used to be manageable. Even ten years ago, maintaining agents and tools was a fairly straightforward process; so having conflicting controls, apps and agents on your devices just wasn’t a factor.
Those days are long gone, however. Today, device care is 12 times as difficult to reach the same degree of endpoint cyber resilience.
Why? Because every control, app, and agent is tapping into hardware and software resources — a zero-sum game in which some feast while others starve.
This agent friction leads to some startling results. Data from a recent webinar, The State of Endpoint Security 2019, recently revealed:

At any given time, 28 percent of antivirus/antimalware agents fail
42 percent of encryption agents go to an early grave
50 percent of repaired client/patch management agents required more than three repair events within one month
..in an era where patching is already a struggle, one in five patching agents break every month.

Our maniacal pursuit to stuff endpoints with controls, apps, and agents creates entirely new risks. By adding more security controls on a device, our organizations aren’t getting any safer; in fact, this only increases endpoint vulnerabilities. Worse, it diminishes the capabilities of our IT people. With so many tools and combinations, it’s almost impossible to determine what is causing things to fail.
When complexity intensifies, exposures that open up the attack surface become a feature of our IT environments.
To achieve cyber resilience, we must first acknowledge the self-inflicted trouble that occurs when we stuff our endpoints with competing agents. It’s as if we’re putting all our endpoints into a knife fight in a phone booth!
When agents conflict, we can optimize their behavior. When they fail, we can regenerate them, bringing them back to life. This is the power of persistence.
How to Measure IT Complexity
“Measurement is the first step that leads to control and eventually to improvement. If you can’t measure something, you can’t understand it. If you can’t understand it, you can’t control it. If you can’t control it, you can’t improve it.”–H. James Harrington, business process guru.
Measuring IT complexity is all about looking for redundancy. You basically need to establish a heatmap of where things are getting complex. You need to answer these questions: Where is there agent creep, driver creep or app creep within your endpoints? What are all the OS types, device types, and client types within your organization? What is the lifecycle process?
There are so many factors, but these variables must be measured.
Sound overwhelming? It is. It isn’t called IT complexity for fun.
Measuring everything manually can be done, sure, but at what organizational cost? You can bring your enterprise architecture team into every budget meeting with a live inventory framework, and spend countless hours strategizing, but how sustainable is that?
The best way to help measure and deal with IT complexity is to reduce the effort. You need to manage it. If you’re in IT, you have no choice.
You need to manage your FTE (full time equivalent). What if you can reduce your FTE from 3½ to .3 in measuring complexity?
The only way to properly measure complexity is to have a solution manage it for you.
What It Means To Have IT under Control
To achieve true IT resilience, your endpoint management solution must go deeper and have a full view of everything going on within and outside of your devices with a privileged position.
You need to have a solution that resides right in the firmware to understand the complexities of your ecosystem. When measuring complexity, it’s imperative to get a detailed snapshot of your endpoints versus a sample level.
Most solutions on the market can look at your endpoints and present data that — if it were a court of law — would amount to circumstantial evidence. With Absolute, it’s like a DNA test.
Or think of it in other terms: say your friend sends you a video of a cute cat playing the piano. The coding behind that video is made up of ones and zeros. The coding is merely information; the other — the video — is knowledge. You want knowledge.
How to Manage IT Complexity
How do you even get started managing IT complexity without the right knowledge?
Absolute can not only provide validation that something may have occurred, but it looks at the implications of your services, can boomerang all the relevant data back to you and display a modelling of what happened before and after each incident.
When the time comes to demonstrate, prove, and validate your security posture, Absolute can be audit-ready and close the complexity gap with ceaseless visibility and control.
Want to learn more about how reducing IT complexity can lead to resilience for your endpoints? Watch our new webinar: The State of Endpoint Security in 2019, to discover actions you can take toward real-world resilience.

Increased Security Spend Creates Enterprise Risk

It’s become a vicious cycle. Budgets grow, tools are purchased, and IT workloads expand. But in the end, IT teams are still forced to scramble and mega data breaches continue. What is going on?
Security teams evolve and improve, but so do the cybercriminals who are equally as determined to pilfer your data. In the forever game of cat-and-mouse, the answer for many organizations has come in the form of increased security budgets and more tools on devices.
Is this fear propelled InfoSec budget explosion working? The evidence – overwhelmingly – says no. In fact, increased security spending actually creates enterprise risk.
Security Fatigue
Despite growing budgets and a heightened awareness of cybercrime, the majority of IT security teams remain unsatisfied with their results. Absolute is releasing a new report that represents more than six million endpoints studied over a one year period. In it, nearly three-fourths of respondents say they have little or no confidence in their ability to prevent and mitigate risks. The data also shows more than half of ‘high-security spenders’ have suffered a data breach.
There are many reasons behind the high no-confidence vote and the report offers an interesting deeper dive into that topic. One obvious driver though is the strong correlation between endpoint complexity and increased risk.
Security Tool Degradation
Regardless of the security tools you use, all of them degrade over time – no tool is immune. Patches fail. Encryption breaks. Antivirus falls out of date. Not only are these failures inevitable, but they also happen faster than you think too. The more security tools you use and devices you manage, the more rampant the problem. No matter how many new solutions you layer on top. Rather, the data says, because of the new solutions layered on top.
The research found that devices can have 10 or more endpoint security agents installed — including encryption, AV/AM, and client/patch management options. With all of these tools, there are virtually unlimited combinations on devices and there is no way to know which ones don’t play nicely together. Until they break.
How do you know if this is a problem for your organization? Better yet, how do you address it?
Asset Management
First, because you can’t secure what you can’t see, examine your asset management program. It should go beyond a quick asset inventory to include a comprehensive look at asset intelligence. This approach is an evolution from a simple catalog of your machines and include an identification of the business function for every resource.
Endpoint Health
Then, take stock of your device fleet’s Endpoint Hygiene (Health) Coefficient. I’ve described this idea in more detail in an earlier post (Read: NIST Cybersecurity Framework: Second, Build A Moat Part 2) but simply put, it’s a way to score your device fleet at a single point in time against your organization’s definition of endpoint hygiene on a scale from 0 to 1.
When your endpoint population is reckoned at “0” this indicates that no single device has any controls or configurations aligning with my policy or security intent. A hygiene coefficient of “1” signals that every device has every control, configuration, and policy-granting behavior in place. Both extremes are rare of course – you’ll typically fall somewhere in the middle.
Resilience
Finally, you need to know when agents break and have the ability to repair it immediately. Our data shows that 100 percent of endpoint security controls fail eventually and 28 percent of devices are unprotected at any point in a year. And no one knows. These blind spots keep IT and security leaders from being able to protect organizations and leave them increasingly vulnerable over time.
There is no one sure-fire way to keep hackers out of your data. However, it is possible to prevent security incidents by knowing what you have on your endpoints, removing unnecessary agents to reduce complexity, and ensuring that the basic protection tools are working as intended. Endpoint resilience is possible when you have visibility and control.
We talked in greater detail about the state of our industry, security tool degradation and what to do about it in a webinar with Forrester Principal Analyst, Renee Murphy titled The State of Endpoint Security in 2019. Listen in on the results of our new study and hear how endpoint security can flourish by persisting the controls, apps, and agents you already own.
 

What You Need to Know About Zero Trust

The Zero Trust security model establishes the idea that an enterprise cannot automatically trust any endpoint originating inside or outside of its perimeters. There is an authentication that happens at every single turn. Ideally, businesses should verify anything and anyone attempting to connect to their systems before granting access.
Think about going through the various stages of an airport from check-in to boarding. However, instead of going through security once to check your credentials, at every step you take there is another checkpoint to ensure you are the right person, and another, and another. That’s what Zero Trust is like.
What is Zero Trust
The concept of a Zero Trust Network (or Zero Trust Architecture), was the brainchild of former Forrester Research analyst John Kindervag. In 2010, he published a paper that introduced the concept to the IT world.
The granularity and micro-segmentation of a Zero Trust network enforces rules based on users, their locations, and/or other relevant details to determine whether that user, machine, or app requiring access should be trusted.
Without knowing the security status of an endpoint, Zero Trust networks won’t authenticate until it can verify the user and the location.
After an endpoint has been authenticated, a restrictive policy can be carried out for that specific session. Not unlike the “need-to-know” basis used by the government, a Zero Trust policy only provides the exact amount of network access required for users, machines or apps — nothing more, nothing less.
For independent security researcher Rod Soto, Zero Trust is not exactly zero in the literal sense. “Zero Trust is an operationalization of the least privilege principle and segregation of duties by the use of different technologies,” he said. “This can go from high privileges and full access to no access rights at all and can be applied to applications, devices, and users within and outside the perimeter.” 
The role of network segmentation
Network segmentation is all about partitioning the network into smaller networks, and in doing so, restricting access levels. This way, hosts and services containing sensitive information would be on their own separate network — apart from other networks.
For example, you wouldn’t want sensitive HR or Finance data to reside on the same network as your general company documents or spreadsheets.
But to be effective, network segmentation requires careful planning and strict enforcement. Access should be monitored.
“I would say that a more comprehensive Zero Trust approach should go beyond just network segmentation and include asset and identity management components,” says Soto. “It is important to verify not just at the network level but also devices, applications, and users.”
Because once a bad actor compromises your network, they’re likely to poke around your systems in search of sensitive information, hosts and services.
Check out our Cybersecurity 101 guide to understand why preventing threats is so important.
Advantages of network segmentation
There are several benefits from segmenting your network and embracing the Zero Trust framework, the most obvious being improved security. We’ve discussed this above.
We’ve also touched upon better access control — the ability to make sure users and endpoints only have access to specific network resources, which can stop any accidental and malicious activity in its tracks. 
Improved Containment
By segmenting your network, you reap the benefits of more containment of your network. Any networking issue that arises is limited to that local subnet. In addition to the attack protection, any network errors can be targeted to a precise location, which translates to an easier fix.
Improved Performance
With fewer hosts and endpoints per subnet, local network traffic can be minimized. By segmenting all your network traffic to its own subnet, you’ll use fewer resources detecting any incident.
Improved Monitoring
With network segmentation, you can not only log events but monitor internal connections (both approved and denied) and even detect suspicious behavior. Monitoring and logging events give your IT team the capability to notice patterns of malicious activity, and in turn, make the right changes so that future breaches can be prevented.
To sum up, according to Soto, Zero Trust can be used to strengthen defenses within and outside the perimeter, reduce the attack surface, contain and isolate intruders as well as improve management of security operations.
However, Soto advises that such implementations go hand in hand with business objectives. “I have seen applications of Zero Trust model that break legacy applications becoming counterproductive for business,” he said.
A few lingering questions
Although we’ve covered all the bases on the field of Zero Trust, there are still several concepts that are often confused. For instance — what is the difference between Zero Trust security and Zero Trust architecture?
While the two can be seen as interchangeable, Soto views Zero Trust security as conceptual models, with Zero Trust architecture representing the translation in technology deployment and implementation of such models.
You may also be wondering where PAM (privileged access management) fits into the equation.
“PAM is simply a technology framework that allows the application and enforcement of Zero Trust models,” Soto explained.
If all this sounds too restrictive to your business, we don’t blame you. But when it comes to your endpoints, it’s unfortunately not a question of IF there will be a breach, but WHEN.
How to achieve Zero Trust
The bottom line is, if you don’t have visibility into all of your devices, you can’t answer the question of whether they are trustworthy. If you can’t extract intelligence from your endpoints – all you have is an inventory – you also cannot determine their trustworthiness.
Existing endpoint security tools, such as encryption, AV/AM, and client/patch management, fail – regularly and reliably. Unless you go deeper, into the firmware, and have a ceaseless grip you cannot ensure trustworthiness of a device and achieve a zero trust environment.
All of these questions can be answered when you have visibility and intelligence. Absolute acts as an informant. It lets you know about the trustworthiness of devices, data, apps, people, and networks.
Learn more about how Absolute provides Asset Intelligence and helps you achieve a Zero Trust environment.

3 Foundations for Strong Data Privacy

It isn’t rocket science — consumers want to do business with companies they trust. As the world becomes increasingly dematerialized and people take a greater interest in their digital selves, the foundations for strong data privacy is now of utmost importance for everyone. Consumers are increasingly choosing to give their business to companies that have strong data protection safeguards in place. In the event of a cyberattack, blame most often is placed squarely on the breached company, even above the hacker, according to the RSA Data Privacy and Security Survey 2019.
Blame translates into unhappy customers and, consequently, lost business. Companies that act now to build data privacy into their company’s foundation will be the ones that retain customer trust and flourish as a result.
Build Your Foundation
Data privacy isn’t a set it and forget it endeavor. But there are steps you can take that will provide you with a strong foundation from which to continually build on.

Build your data ethics code: From the CEO to the administrative team, everyone in your organization should be trained to treat data privacy with the reverence it deserves. Your data ethics code should be intentional, public, and comprehensive enough to satisfy even the most austere regulators.

Perfect your security foundation: Use native security to ensure complete visibility and control over all endpoints. These solutions are built into the firmware of devices and can’t be tampered with. They should be the foundation on which you build the rest of your security controls. With this foundation in place, you’ll know where your data resides, have the ability or orchestrate controls seamlessly, and be confident that you can monitor the data and controls continuously.

Implement a cybersecurity framework: A cybersecurity framework (CSF) can help you get your house in order, formalize your security disciplines, and scale your security operations by prioritizing doing the right things in the right way. Many organizations are adopting the model recommended by the National Institute of Standards and Technology (NIST). The NIST CSF can help you evaluate your security posture by implementing functions to ensure data security and business sustainability.

Read: How to Use the NIST Cybersecurity Framework
The most important ingredient in any successful data privacy initiative is ensuring that it is ingrained across your company culture. Starting with your most senior executives, recognize the value of your data and demonstrate that understanding in everything you do, from IT to sales, marketing to engineering.
Take a closer look at best practices for protecting personally identifiable information (PII) by downloading our new eBook, 3 Overlooked Data Privacy Considerations.
 

Expert Tips to Protect Personally Identifiable Information (PII)

Protecting personally identifiable information (PII), while staying audit-ready for a growing number of state, federal, and global data privacy regulations is no easy task for IT teams. While the goal feels frighteningly out of reach at times for many organizations, there are a few back-to-basics data privacy tips that can help you stay ahead of the long chase.
3 Tips to Protect PII

See everything. Reducing your risk exposure starts with comprehensive IT asset management. But when mapping out your long list of IT assets, keep in mind each one represents far more than the visible machine. Beyond the basic hardware, you must consider how the asset encompasses not only devices but also data, apps, and users. Taking it one step further, identify all asset locations, how they’re being used, and by whom.

Read Why IT Asset Management is key to Data Security

Analyze the risk. PII is spread across more endpoints than you think. To identify all the pockets where sensitive data resides, use lexicographic crawling — the equivalent of Google for all of your endpoint data – that will alert you to any data hiding out there in dark corners. This step sees you transitioning from a mindset of traditional IT asset management to one of embracing assets as providing an intelligence service for your organization.
Apply rapid response. You need the ability to find data for individuals who request you delete it, for regulators who require proof of protections, and validation that you are mitigating exposures quickly and, of course, before hackers can gain unauthorized access to it. Make sure you can reach any device with fine-tuned commands to restore privacy protections and meet applicable legal requirements that demand proof of protections and validation that you are mitigating exposures quickly.

Data privacy is continually growing in urgency as hackers get smarter and change their tactics, and global laws – like GDPR – are being created and enforced. So, how should your organization stay on top of this evolution?  Promote a strong data privacy culture across your organization and maintain vigilance over your data privacy strategies.
For more information and expert tips on how to improve your organization’s data privacy efforts, watch the next episode of our Cybersecurity Insights video below. And while you’re at it, watch and subscribe to our full Cybersecurity Insights video series on YouTube.

Video Transcript:
Welcome back! Josh here from Absolute. In our last episode, we looked at the latest in data privacy. Now, let’s consider how to maintain privacy with confidence.
In 2018, 33% of successful attacks targeted personally identifiable information.
At the same time these criminals are doing their thing, data privacy regulations are popping up all over the world.
You’re trying to win the battle on two fronts: defeat would-be attackers and stay audit-ready for regulators. That’s hard.
But here are some tips to meet the challenge for your IT and security teams.
First, see everything. Try to think of IT assets as more than just machines – physical or virtual – and consider a new definition of ‘asset’ that embraces devices, data, users, and apps.
Start by pinpointing all the places these assets are and how they’re being used.
This moves us away from run-of-the-mill IT asset management into a mindset that sees asset management as an intelligence service for your organization.
Having scooped up all that asset intelligence, let’s identify all the pockets of sensitive data.
Now that we can see the landscape, we need to start crawling through the assets to find sensitive data.
The preferred technique is called lexicographic crawling, because the crawler is continuously looking for key data markers like names, addresses, phone numbers, and other personal identifiers. When you get a ‘hit’, you know where the data is camped.
Now that we’ve located sensitive data, we move on to our next step: analyze the risk.
By assessing the risks that are unique to your organization, you’re able to rationalize which follow up actions are needed based on risk tolerance, instead of assumptions or intuition.
This brings us to the final step for protecting data privacy: rapid response. Most of the legal requirements demand proof of protections and validation that you are mitigating exposures quickly.
We need the ability to REACH any device with fine-tuned commands to restore privacy protections.
By automatically regenerating controls, apps, or agents when they’re disabled, you’re positioned to thwart the criminals and bring smiles to the faces of regulators, auditors, and most of all…those individuals whose data you have.
Protecting privacy is a moral concern because it has the potential to cause harm to real-life people, but with the steps we’ve outlined here, you can be audit-ready and withstand the onslaught of cybercriminals.
Pull every asset into view, crawl for sensitive data, analyze the ‘hits’ for risk, and respond in an instant to restore protection.
Be sure to subscribe and don’t hesitate to drop your comments below. I’ll see you next time!
 

3 Overlooked Data Privacy Considerations

While legislators struggle to agree on a new federal data privacy law and how it would handle fast-emerging state laws like the one in California, organizations shouldn’t sit back and wait on a list of rules. Data privacy considerations are increasingly critical, especially as our now digital world has dematerialized people into being who the data says they are.
Protecting personally identifiable information, PII, for the benefit of your constituents and the demands of regulators is no easy task, however. To address the enormous goal of protecting data, start with these three often-overlooked considerations:

Data residency: Are you certain you know where your data is hiding?
Orchestration of controls: How are your security controls policed?
Continuous monitoring: Can you be sure data is not residing in the wrong place and, if it is, are security controls in place?

Data Residency
Your organization is full of sensitive data. You need it to fuel your business. Generally speaking, PII is accessed only via approved business applications.
Of course, your employees would never export data from Salesforce.com and save it on their laptop. And, they’d never save an Excel spreadsheet containing PHI to their hard drive. They’d certainly never sync a proposal containing proprietary company information to Dropbox.
The problem is that your employees would do all of the above. And they do.
Your sensitive data is sitting out there on more endpoints than you think. You need the equivalent of Google for your endpoint data — a lexicographical crawler for PHI and PII data that can alert you to any unauthorized data hiding out there on endpoint devices.
Unless you have that, you simply won’t be able to track all the places where the data resides.
According to Forbes, one laptop is stolen every 53 seconds. What happens when one of those laptops belongs to your organization? Results from a recent Forrester security survey found that 39 percent of breaches can be traced back to the endpoint (24 percent caused by employee misuse and 15 percent caused by lost or missing devices). Without the ability to know what data resides on a device, you’ve no idea if you’ve exposed your customers to a data breach risk.
Read Lost or Stolen Devices: What To Do in 4 Steps
Orchestration of Controls
There is no shortage of security controls, whether they be native in the operating system or third-party applications like antivirus, antimalware, encryption, or other endpoint detection and response (EDR) solutions. These controls help ensure that the place that data resides is a secure one.
The problem organizations face is ensuring that the third-party controls remain in place and are functioning at all times. Native controls can help with this, giving organizations the ability to pull information from the controls and push actions to the device if they are not operating as they should or if the user of the device is acting suspiciously.
This is particularly important in a breach scenario. For example, if a company laptop is stolen from the trunk of your employee’s car and you know that the laptop contains PHI, without visibility into that device, you have no way to prove that encryption was in place and functioning and that no data was accessed post-incident. In this scenario, you would have to assume that the data was breached and follow HIPAA’s breach notification rules.
With the right visibility in place, you can categorically prove that security controls were in place on a device, that no data was accessed, and that the device has been locked down and is no longer a threat.
Continuous Monitoring
Annual auditing is only valid on the day the audit takes place. Can you be sure on any day in between audits that data is not residing in the wrong place and, if it is, that security controls are in place to protect it? Without continuous monitoring, you’ll never be able to keep track of all the data copies that exist on all your devices. This can leave you in hot water when the regulators come knocking.
Say, for example, that you have a customer who resides in Nice, France. They notify your company that they want to be erased from your records. Under GDPR, you have to find every stitch of their data that is saved in your organization and erase it.
You can pull them from your data lakes — that’s the easy part — but shards of their data will still exist out there on numerous endpoints, leaving you exposed to sanctions under GDPR. In this scenario, you need the ability to reverse your gaze, looking outwards rather than inwards, and surgically delete their data elements from your endpoints.
For your data privacy efforts to be effective, diligence is required across all three these three areas. In my next post, I will discuss 3 simple steps to approaching data protection. In the meantime, if you’d like to learn more, get our new eBook, 3 Overlooked Data Privacy Considerations.

The Importance of the CMDB

A Configuration Management Database (CMDB) is the core of ITIL processes. CMDB is a database of information related to all the components of an information system; it contains information about the configuration items (CI) in the IT infrastructure. CIs can be hardware, software, personnel or documentation. As it relates to IT Asset Management, a CMDB is a comprehensive ‘map’ of your entire IT, helping you to keep track of the state of endpoint devices, software and data, useful to detection and response to security incidents.
The CMDB describes CIs using three configurable attributes: technical, ownership and relationship. In plain terms, the CMDB is like the index for the components in the IT environment, helping understand their attributes, relationships and configurations. A key success factor in implementing a CMDB is the ability to automatically discover information about the CIs and to track changes as they happen. CMDBs are important in IT decision making, allowing users to identify dependencies among processes, people, applications and IT infrastructure to find opportunities for change, faster resolution of incidents fewer errors and more.

Unlike a traditional database, the CMDB pulls in data from other sources in such a way that original sources retain control of said data. The CMDB can help you understand data in an organized way, examining it from a multitude of perspectives. According to the ITIL recommended specifications, there are four tasks involved in configuration management:

Identify the CIs to be put in the CMDB
Control the data so that it is only changed by authorized individuals
Ensure the current status of incoming CI is always recorded and updated
Maintain data accuracy through audits and reviews

A CMDB may be accessed by many individuals, so many companies find it useful to make it more user-friendly by adopting a web interface.
How to Automate Your CMDB (Configuration Management Database)
Automation is the name of the game for IT teams struggling to keep up with a range of seemingly countless manual tasks. Some of these tasks are tedious and others are increasingly complicated as companies push toward digital transformation. Asset management is one area where IT is finding success with the automation of time-consuming tasks, particularly in updating the Configuration Management Database (CMDB) for an accurate asset inventory.
Whether you call it a CMDB or not, everyone has ‘a list’ of company-owned assets. This includes hardware, software licenses, documentation and even personnel. Depending upon your organization, your CMDB may go so far as to serve as a map of all that is IT. More likely though, your CMDB is a static spreadsheet that lists devices and pre-loaded software given to a new employee on their first day.
CMDB in a Perfect World
In its truest form, a CMDB is a database of all configurable items in your IT infrastructure, including laptops, desktops, phones, printers, servers, and more. Going beyond a simple inventory of items however, the database should also include three configurable attributes for each item: technical details (including the software running on them), user information and the asset’s relationship with other people, processes and technologies in the organization.
An accurate, up-to-date CMDB can be thought of as the anchor of your IT asset management program. When done well, it should:

Provide you and any auditor who asks with an accurate, efficient, at-a-glance view of company assets, where they are, what they are running, and inter-dependencies on other organizational assets.
Serve as a financial tracker so you aren’t buying more of what you already have or aren’t using. It can also help leadership build out an organizational valuation.
Help you meet compliance requirements including GDPR, HIPAA and several other regulations related to personal data privacy.
Improve your security posture. Because you can’t secure what you can’t see or don’t even know you have in your environment, an up-to-date CMDB will give you the confidence that you are securing all of your endpoints. Pushing security updates to an outdated list of assets will leave you with many vulnerabilities.

The Trouble with Manual Updates
While CMDBs should outline what’s listed above, they usually don’t when updates are left to manual, human effort. Firstly, it’s simply too much to keep up with. Secondly, manual processes aren’t a solution for devices that fall off the corporate network. You can’t accurately inventory and monitor what you can’t even see.
Read more about: Cybersecurity 101
Automation is both an effective and efficient way to maintain an up-to-date CMDB, as long as the solution you rely on doesn’t require your endpoints to have a network connection. Another common challenge with most endpoint management solutions is that the health of the agent is not stable. If the agent you rely on is disabled or corrupt when a device is off the network, your visibility into that device is typically gone.
Employees, their devices, and the data that resides on them are always on the move; you need to be able to track the devices (and their security controls) as they travel. Manual effort toward this goal is time wasted, especially when you consider the numerous other tasks left undone while you are trying to keep an updated inventory.
To automate your CMDB, start with your assets. How many endpoints does your organization have and how are you tracking them? If you’d like to find out more about how many off-network endpoints you have, take our Dark Endpoint Assessment.

 
 

What is Endpoint Management?

At a high-level, the definition of endpoint management is the process an organization undergoes to detect, provision, deploy, update, and troubleshoot its endpoint devices. Sounds simplistic, and it is.
What is an endpoint?
To get a good grasp of endpoint management, the first step is to ensure we have a solid understanding of what constitutes an endpoint.
An endpoint is essentially any remote device that sends and receives communications with the network to which it’s connected.
Endpoints can include:

Desktops/workstations
Laptops
Smartphones
POS Systems
Tablets
Servers

The critical issue surrounding endpoints is that they represent one of the key areas of vulnerability for businesses, and can be an easy entry point for cybercriminals.
Through endpoints, attackers may execute code and exploit vulnerabilities on and with our assets. Today, the workforce is more mobile than ever, with employees connecting to internal networks from outside the office and from endpoints anywhere in the world.
Read: Absolute Named the Leader in the G2 Crowd Grid® Report for Endpoint Management
Now that we’ve established the “what,” we can move on to the “why.”
Why is endpoint management so critical in 2019?
It all starts on the endpoint.
Perhaps the most pressing reason for endpoint management is that most successful breaches begin at the endpoint. In fact, according to an IDC study, the endpoint was the cause of 70 percent of successful breaches.
This stat is no surprise since endpoints represent all the devices connecting to your network. Therefore, if those devices are not well-managed, attacks can quickly morph from a brushfire to a widespread blaze.
Maintaining visibility and control of your endpoints is crucial.
Not enough resources to keep up
The definition of a secure endpoint has changed over the years and is much more complex in 2019 than it was even a few years ago.
New critical threats materialize all the time, and for most IT and security teams, it’s a constant struggle to prioritize the threats that can cause the most harm. When your company lacks sufficient visibility into potentially infected enterprise endpoints, vulnerabilities are patched haphazardly, leaving you more vulnerable.
It’s probably no surprise that in a recent Ponemon study, a mere 37 percent of companies surveyed said they had sufficient resources to minimize risk, despite 69 percent of them acknowledging that endpoint security risk has significantly increased.
Not your typical malware.
Attacks aimed at endpoints are hurtling toward us at an unprecedented rate. In 2019, the attackers are getting stealthier. Bad actors (hackers) may not be changing the strains of their attacks, but their tactics, techniques, and procedures are more sophisticated than ever.
Expect to see more zero-day attacks (where a security hole known to the software vendor exists without a patch in place to fix the flaw) this year. Another attack to watch out for is a file-less attack – which avoids downloading malicious executable files by leveraging exploits or launch scripts and macros from memory in order to circumvent detection by antivirus solutions.
The Ponemon study mentioned above, The State of Endpoint Security Risk, found that “76 percent of successful attacks leveraged unknown and polymorphic malware or zero-day attacks, making them four times more likely to succeed in compromise compared to traditional attack techniques.”
Risks of selecting the wrong type of endpoint management system
Investing in any security solution is a critical decision requiring careful consideration. Think about it – you’re going to be trusting the provider with your critical data. The team behind the endpoint management system you choose is essentially a partner that will help you secure all of your endpoints — preferably for the long-term. After all, who wants to go through the process of evaluating, rolling out, and deploying a solution more than once?
One of the most significant ramifications for choosing the wrong product would be if your endpoint management has promoted a false sense of security within your organization. Assuming you’re secure when you are not may be just as disastrous as not having a solution at all.
In your selection process, make sure the solution is easy to manage and isn’t too complicated. Anything with too much complexity may suit highly-trained IT staff, but most businesses don’t have the time or resources to navigate the choppy waters of an overly confusing management console.
The next generation of endpoint security
We’ve learned that what constitutes a secure endpoint has changed over time. As our endpoints also become weaker over their lifespan, the problem compounds. When you add bad actors to the mix, we have a recipe for potential disaster and an exponential curve downward toward decay.
The next generation of endpoint management is one of self-healing. OS manufacturers may make their operating systems more restorative, but they won’t be self-healing. Next-generation solutions will be organization-specific and customized to your business with its unique set of endpoints.
Read: Comprehensive Security and Why Self-Healing is Imperative
Now, where do I start with endpoint management?
Getting started with endpoint security is not simple, nor is it something you can do in a single day – it takes a lot of time, planning, resources, training, and practice to build a solid foundation.
To help you along, download our whitepaper: Four Essential Strategies For Endpoint Security And Protection.
To see how our endpoint management platform can work in your organization, request a demo or contact our sales team.

Loading

Categories