Charles Chuck Leaver- CEO Blog : 2013

Friday, October 18, 2013

SURVEY FINDS ORGANIZATIONS STRUGGLE WITH ENDPOINT PROTECTION

According to a recent Forrester survey many enterprises are still struggling to create a bulletproof endpoint security strategy for data loss prevention.

The survey advised organizations to gain more complete visibility over applications and the state of endpoints. This can help administrators identify possible vulnerable points, malicious behavior and other suspicious activities. However, a main threat that security professionals must deal with is malware protection.

Struggling with malware
Recently, experts placed the number of malware samples discovered this year at 147 million, according to CRN. These cyber attacks are not only threatening computer operating systems, but mobile devices as well as hackers now seek to infect smartphones and tablets.

Despite the seriousness of this endpoint security threat, the survey found that while businesses have antivirus software in place, it is not adequately protecting them. In Q2 2013, 89 percent of U.S. enterprises had implemented antivirus or anti-spyware within their operating systems. However, Forrester stated the endpoints within these organizations are not fully protected against malware infections.

With new malware samples discovered daily, organizations need to be proactive about their data loss prevention strategies. Therefore, it is important to continuously review and update antivirus and anti-spyware technologies to avoid data leakage. According to the survey, however, only 29 percent of businesses with current strategies in place are expanding or upgrading their anti-malware implementations.

Current malware challenges
The survey, which included 50 IT managers at organizations of 1,000 employees or more, showed that a main challenge faced by enterprises today is that of zero-day malware and targeted cyber attacks. Advanced malware attacks, which are sometimes pretested for optimum enterprise system infection, pose a great threat to endpoint security. Cybercriminals have the ability to customize zero-day malware to attack a specific vulnerability within an endpoint security strategy. The survey stated 88 percent of businesses within the U.S. are concerned about this type of threat.

Organizations also experience difficulty when attempting to patch end-user applications within their companies. According to the survey, 29 percent of businesses stated gaps in their endpoint protection plans are a result of a lack of patch management. While managing patch statuses can be quite the undertaking for any establishment, the risk of infection greatly increases when systems are out of date. Thus, IT professionals should create a schedule for patch updates, sectioning the updates off depending on the area of the business to more effectively complete the total workload.

Value of effective endpoint management
Forrester stated that IT security experts have found significant value in certain aspects of endpoint management plans, including cross-platform management. A feature of this kind allows administrators to view an organization’s physical, virtual, mobile and traditional endpoints. During a time when malware has the ability to span a range of systems and endpoints, a strategy of this kind is incredibly valuable to data loss prevention.

Historical insight, or the ability to recognize which systems have been affected by a cyber attack and for how long, is also an incredibly important piece of the endpoint security puzzle. Eighty-six percent of survey participants stated that it is helpful to keep a log of past endpoint activity to determine if the business has been a victim of a targeted attack.

Ziften, which sponsored the white paper, can help companies address these issues, as the enterprise software provider enhances security through means such as cross-platform management and providing root-cause forensic information about the endpoint post attack.

Thursday, October 17, 2013

NEW MOBILE MALWARE THREATENS ENDPOINT SECURITY

Experts recently determined that there were over 1 million malicious mobile applications present in the wild. These represent a significant threat to data loss prevention, especially within businesses with bring-your-own-device policies.

While BYOD policies can provide flexibility for employees as well as increased productivity, allowing workers to utilize the same device for personal and business purposes can threaten company data present on such endpoints. Therefore, IT professionals should remain up to date about new mobile threats and preventative measures.

Sys-Con Media contributor Peter Silva stated that mobile malware consequences can range from a device sending unauthorized text messages to adware redirecting users to infected websites. Experts recently discovered that 75 percent of all malware samples perform outright malicious activities, including data leakage. Another 25 percent execute dubious activities, like adware.

Silva stated that one of the most popular malware forms are apps that steal banking information from mobile devices, as seen with FAKEBANK and FAKETOKEN. These have been known to disguise themselves as official financial applications, as well as displaying phishing notices on devices asking for personal information.

Another popular form of malware is FAKEINST, which appears as a legitimate application that registers users for costly services like premium rate text messaging. Of the million malware samples discovered, this kind of threat comprises 34 percent, Silva stated.

Copycat App
A new strain of mobile malware similar to FAKEISNT repackages applications and is currently threatening data loss prevention efforts. The malware, called Copycat App or a.frau.longjian.a, has been affecting Android smartphone users primarily in China and Southeast Asia. According to Dark Reading, the malware presents itself as an application update, but aims to track data usage on infected systems. When a user downloads the malicious update, the malware also downloads other repackaged apps in the background. These repackaged apps consume the user’s data as well as performing other malicious activities.

The apps subscribe the user to premium rate SMS services without notification, where fees show up on the monthly bill. The malware also has the ability to view and collect information on the device, including the phone number and information from applications, stated Dark Reading. Mobile security expert Gavin Kim said superior technology was used to isolate and identify this malware, which spread across nine countries.

“This again, shows that malware knows no boundaries and will continue to spread as more affluent markets are targeted,” Kim told Dark Reading.

Wednesday, October 16, 2013

MORE THAN 80 PERCENT OF MOBILE ENDPOINTS AT RISK FOR DATA LEAKAGE

A new report recently discovered that more than 80 percent of enterprise and consumer devices were unprotected and therefore at risk of data leakage.

The Juniper Research report, Mobile Security: BYOD, mCommerce, Consumer & Enterprise 2013-2018, stated the unprotected devices found are expected to remain at risk through the rest of the year. However, while 325 million devices currently have endpoint protection software installed, this number is predicted to rise to nearly 1.3 billion by 2018, according to eWeek.

Mobile malware can take many forms and infect a system in a variety of ways. Security expert Adrian Ludwig told InfoSecurity that some malware can appear as a text message link from an unknown number and has the capability to install itself once a user clicks on the link. Additionally, close to 40 percent of malware samples are fake applications claiming to perform certain functions, but actually send premium-rate messages from the infected endpoint. Other malware samples are spyware and theft applications, which can record keystrokes and other activity.

Low awareness
A main reason why many mobile device users do not prioritize data leak prevention is due to low awareness of mobile malware threats, stated the report. Additionally, users are seeing an increase in infected systems as a result of a sharp increase in the amount of mobile malware created during the past two years.

According to eWeek, many cybercriminals are shifting their aim from infecting computers to establishing data-stealing malware for mobile platforms, as the number of mobile malware samples will reach 1 million by the end of the year.

BYOD policies
Furthermore, the study found that the implementation of bring-your-own-device practices within corporations has also increased. Experts advised these companies to employ more than one endpoint security program for optimum data loss prevention. In addition, a BYOD policy should be clearly and formally outlined to make sure employees are informed of security requirements and best practices.

“A single policy or measure may not be sufficient and a unified perspective on mobile platform risks is critical,” eWeek stated.

Android-targeted malware
Businesses should also be aware of what devices are being used to access a corporate network and take steps to ensure that each endpoint is secure.

InfoSecurity stated that 99 percent of all mobile malware aims to infect the Android operating system. Therefore, extra measures should be taken by employees and businesses to ensure these devices have endpoint software and are properly protected.

According to security researchers, many malware samples do not reach the install stage, however, these infections are still present and can pose a threat to data loss prevention efforts.

GOVERNMENT SHUTDOWN AFFECTS ENDPOINT SECURITY PATCHES

Government agencies affected by the recent partial shutdown may face difficulties installing software patches for endpoint security.

Addressing not one, but two critical security issues
This year marks the 10th anniversary of Microsoft’s Patch Tuesday, according to ZDNet. The organization has celebrated by releasing two critical patches that address security concerns related to the Internet Explorer browser, including one that was previously unknown to the public.

“The biggest surprise from this month’s advisories is that Microsoft has addressed not one, but two, critical Internet Explorer zero-days,” said security researcher Craig Young. “These fixes should be the highest priority for patch deployment, since both of these issues are being exploited in the wild.”

Furthermore, Tom’s Guide contributor Paul Wagenseil advised users to avoid utilizing the Web browser until all patches are installed and the machine is restarted. Wagenseil said both security weaknesses can affect endpoint data protection, as they allow cybercriminals to transmit malware when an individual clicks on a malignant page, infecting the browser despite the user only remaining on the corrupted page for less than a minute.

Microsoft released patches for 26 security flaws, in addition to updates related to the Web browser. These include certain remotely exploitable issues in Windows XP, Windows Server 2003, and Microsoft .Net Framework.

Effects of the government shutdown
According to Computerworld, however, some government agencies affected by the shutdown will be unable to update employee devices, or otherwise face substantial difficulties. This can leave these machines open to data leakage and other security threats.

Computerworld stated that many government organizations only kept a skeletal IT staff in place during the shutdown, as all non-essential IT systems are not currently operational. Desktop computers, laptops and other devices will go unpatched during the shutdown.

John Pescatore, SANS Institute director of emerging technologies said the Windows security weaknesses affect endpoint security across PC and server operating systems.

“While most of the government security staff was deemed essential, it is likely that many of the employee PCs and laptops were turned off, so it will be hard to patch them,” Pescatore told Computerworld.

Although one may think that updates would be easier without employees utilizing servers, Pescatore said this is not the case.

“The reality of these shutdowns is that informal processes get disrupted even if the essential people are still there,” Pescatore said.

Once employees return, they must exercise caution before using their unpatched devices.

“Best practice would be to isolate these machines until they can be brought up to the most recent patch level,” security expert Richard Stiennon told Computerworld.

Thursday, October 10, 2013

SECURE ENTERPRISE MOBILE APPLICATIONS FOR ENDPOINT SECURITY

In today’s technological business environment, cybercriminals find new ways to compromise data every day.

According to Aberdeen research, besides the benefits of data loss prevention and peace of mind, organizations can tally measurable value when they ensure the security of their mobile infrastructure.

Therefore, it is essential that organizations secure endpoints and the information contained on them. InformationWeek contributor Andrew Borg stated that simply managing the device itself is not enough, and administrators should also focus on securing individual features of the device, especially enterprise mobile applications.

Borg advised companies to implement user authentication before granting access to enterprise apps. Such a system can protect the sensitive information on the application, especially important if a device is stolen or lost. Businesses should employ two factor authentication wherever possible, which requires users to, for example, enter a username and password and also answer a predetermined question for identification.

Additionally, this authentication technology should be connected to a corporate directory service to ensure complete endpoint security. Enterprise applications should also have a high level of encryption to protect sensitive information and prevent data leakage.

Borg also suggested businesses use application management, which can secure access and deployment of enterprise applications. Such technologies also allow the user to create white and blacklists for approved apps, and those which should be denied access.

Furthermore, antivirus and anti-malware systems are also important in endpoint security. These programs can not only protect the mobile operating system, anti-malware can also prevent a device from loading, storing or spreading a malicious item.

According to Borg, mobile app security should be the responsibility of every employee, not just administrators and IT personnel. Education and knowledge is essential, and workers should be notified of best practices and policies in place for endpoint protection.

FURTHER PREVENT DATA LEAKAGE IN FOUR STEPS

In today's business marketplace, endpoint protection is essential to ensure the safe transmission of shared data. Increased utilization of personal laptops and smartphones in accordance with bring-your-own-device policies has also escalated the instances of stolen or lost devices, which pose a security risk for data leakage.

Data loss can result in significant costs associated with security repairs and device replacement, as well as brand uncertainty and public embarrassment. Research director Randy Abrams told State Tech Magazine that organizations cannot afford to make headlines due to a data breach.

Therefore, institutions need to improve endpoint protection for better ensure data leak prevention. Organizations can follow these steps to lower their risk of data loss.

1. Establish a defense strategy
CSO contributor Gordon Makryllos stated the organizations should evaluate their enterprise IT infrastructure to determine where the system may be vulnerable to data leakage and how cybercriminals could gain access to endpoints. Makryllos advised paying special attention to servers, unified communication devices and the network itself when planning a data loss prevention strategy.

2. Get peer advice
State Tech Magazine contributor Sandra Gittlen suggested asking industry peers for advice and guidance as far as their own security strategies.

"Find out out what your peers are using and how they like their product is very important," said Jack Rolfs, director of computer technology for Salina, Kans.

In this way, organizations can compare similar establishment strategies and security products used with their own network requirements. Find out what has worked and select the endpoint security provider that is best suited for meeting industry-specific needs.

This can also be beneficial for smaller companies, said Brad Bowers, director of information technology for Saline County, Kans.

"Small organizations don't always have the resources to do the research," Bowers said.

However, by asking their peers, organizations can obtain valuable information for their own internal security plans.

3. Plan for Growth
Due to the current environment, the number of endpoints needing protection can constantly expand within any business. An employee that may work in-house at one point in time may need to work remotely in the future, and the endpoint he or she uses to gain access to the corporate network will need protection.

Keeping this in mind, Gittlen advised organizations to allow room for growth in their data loss prevention strategies.

4. Realize the importance of education
Gittlen also recommended that administrators explain the possible risks of sharing information as well as the consequences associated with data breach to their employees.

"Education for users is sorely underappreciated," Abrams said. "[Education] can prevent data breaches and losses."

Furthermore, Gittlen pointed out that informing employees of the activity monitoring and logging practices that come with endpoint protection can serve as a deterrent.

Tuesday, October 8, 2013

ENDPOINT SECURITY: COMPUTER PROTECTION

Desktop and laptop computers are a continually utilized corporate network endpoint. It is therefore vital to lock down these devices for both on-premise and remote workers for data loss prevention.

While a current security policy relating to PCs may be adequate, with new and different attacks occurring daily, there is always room for improvement when it comes to these protection practices.

Passwords: The best first line of defense
PCWorld contributor Ian Paul stated that passwords are one of the best ways to keep prying eyes from sensitive data on mobile devices. He recommended that passwords be relatively long, unique and random for optimum endpoint protection. Paul also suggested using a password managing program to generate random passwords and store them safely.

Email encryption
Paul advised enterprises utilizing an email desktop client to also use an open-source encryption key to secure sensitive information transmitted through this platform. This type of encryption prevents cybercriminals from intercepting and reading email messages, which by default are sent through the Internet as plain text.

However, Paul pointed out that email metadata, like the subject line and email address of the recipient, cannot be encrypted. Therefore, sensitive information should not be included or alluded to in the subject line for endpoint data protection.

Keep up with current trends in endpoint threats
Security professionals should maintain awareness of current trends in malware or other threats to endpoint security. Personnel should regularly check technology news and blogs to discover what threats could affect their endpoint security and research ways to prevent or respond to these infections.

A current trend in the world of endpoint security threats is the rash of spam related to the government shutdown, Patient Protection, the Affordable Care Act and Obamacare. According to ZDNet, there has been a push to register domain names associated with these hot button issues, and these registrations have the potential to confuse and abuse users.

Fake websites have been a growing trend in watering hole attacks, however these are targeting a larger group than most other attacks, which normally only seek to infect those who visit niche Web pages. This attack has the potential to spread malicious items to anyone following current events in the news.

Such fake pages play off the domain names of reputable pages. For example, ZDNet stated that one recently registered domain name was that of healthcaregov.com, which is incredibly similar to the official federal Web page, healthcare.gov.

Security professionals should remain up to date with recent threats like this one, and inform their employees to be cautious of these kinds of fake websites.

Thursday, September 26, 2013

APPLE’S SOFTWARE UPGRADE OFFERS IMPROVED ENDPOINT SECURITY

Apple’s new software upgrade includes new security features to improve endpoint security on the iPhone 4 and later versions, especially when utilized by employees as part of a BYOD practice.

According to Apple, iOS 7 patches 80 known security vulnerabilities, making devices running iOS 6 and earlier systems at risk for infection and other issues. These include addressing issues with certificate trust policies, plus data protection and security, among many other improvements.

ZDNet stated that if the upgrade is not installed on a device, existing bugs could execute malicious code, use applications to discover passwords, send tweets without user permission through sandbox apps and control or interfere with telephony capabilities. Additionally, unpatched devices could experience data leakage despite protection under IPSec Hybrid Auth.

Patches and benefits
SilverSky CTO Andrew Jaquith said in a CSO article that Apple already had a secure operating system with multiple lock down options available before iOS 7.

“With iOS 7, companies will find many of their remaining needs addressed,” Jaquith said. “It’s clear that Apple is listening to their enterprise customers.”

For example, Apple stated in a mailing list announcement that iOS 7 resolves a privilege separation issue where cybercriminals could sidestep authentication restrictions to figure out a user’s password despite a “Erase Data” setting through an app within the third-party sandbox. This patch will greatly improve endpoint security and control, especially where lost or stolen devices are concerned.

Additionally, Apple soothed data leakage concerns with improvements to data security. According to the notification, a hacker could seize credentials and other sensitive information from devices earlier versions of iOS if using a privileged network position. A recently revoked sub-CA certificate has been added to the operating system’s list of untrusted certificates.

CSO also stated that with previous Apple operating systems, a criminal could perform a reset and input their own preferences, allowing them to utilize the device for themselves. However, on iOS 7, once an application lock is activated, a thief cannot use the phone through a system reset.

The upgrade demonstrated Apple’s commitment to their devices being secure as part of BYOD policies. Jaquith said iOS 7 also incorporates additional policies to securely lock down devices, including restriction options for Siri, AirDrop and Dropbox. Furthermore, corporate applications have been restricted from communicating with personal applications.

“In my opinion, Apple appears to have significantly improved the controls which help separate work and personal information,” said Fiberlink marketing director Jonathan Dale, according to CSO. “Users and companies should feel more secure that their data will not go to unintended places.

Friday, September 13, 2013

WHAT MICROSOFT’S NOKIA ACQUISITION MEANS FOR ENDPOINT MANAGEMENT STRATEGIES

Mobile device proliferation has dramatically complicated the endpoint management strategies employed by many leading enterprises, and endpoint security and control may soon get even more difficult thanks to Microsoft’s recent acquisition of Nokia.

Earlier this month, Microsoft sent shockwaves throughout the business and IT worlds when it announced that it would spend $7.2 billion to obtain Nokia’s devices and services business, which includes its line of mobile hardware. With the move to get the second biggest cellphone maker in the world, Microsoft is now expected to be a far larger player in the already crowded device manufacturing market, the Los Angeles Times reported.

“Bringing these great teams together will accelerate Microsoft’s share and profits in phones, and strengthen the overall opportunities for both Microsoft and our partners across our entire family of devices and services,” Microsoft CEO Steve Ballmer said.

Expect further device proliferation
According to the Times, the move comes as Microsoft attempts to better position itself against rivals like Apple as consumers and enterprises further embrace handheld technology. A June report from the Pew Research Center found that 56 percent of all Americans over 18 now own a smartphone, and the rise in popularity of bring-your-own-device policies means that a fair number of these products were ending up in corporate environments for enterprise-related purposes.

However, prior to this deal, Microsoft has failed to capture a significant amount of this market. IDC earlier this month predicted that smartphone sales will grow 7.3 percent by the end of 2013, although devices running the Microsoft Windows mobile operating system are only expected to make up 3.9 percent of the approximately 1 billion cellphones sent out over the course of this year.

While device manufacturers like Apple and Samsung are currently dominating the marketplace, Microsoft’s recent announcement plus other industry happenings will likely create more market parity over the next five years. IDC predicted that between today and 2017, the compound annual growth rate of phones running the Android OS will drop slightly, but it will go up for Apple iOS and Windows phones.

Why endpoint management may never be the same
For consumers looking for more full-fledged smartphones, Microsoft’s recent announcement is welcome news. For enterprises already dealing with personal mobile device proliferation, however, this expected shift in the smartphone market may create more management and security headaches.

When it comes to data leak prevention, BYOD can create a nightmarish situation for IT departments. Many technology professionals are used to maintaining the security of one type of computer running one operating system. However, as more and more smartphones flood the market and enter business settings, these professionals are now tasked with securing more devices and OSs than ever before. With Microsoft making a bigger push into this market, the already complicated task of endpoint security and control just potentially got even harder.

To address this concern, IT departments should consider utilizing state-of-the-art endpoint protection software. Armed with this data leak protection tool, cybersecurity professionals are able to more easily oversee all devices accessing enterprise materials and more quickly alert decision makers should an issue be discovered.

ENDPOINT SECURITY MUST BE COMPREHENSIVE YET UNOBTRUSIVE

Thousands of new malware variants emerge each day, underscoring the considerable endpoint management challenges that IT departments face in securing devices and networks. Many organizations use patchwork solutions that appear effective, but in reality even one failure could result in catastrophic data loss or infection. With bring-your-own-device policies complicating the endpoint landscape, organizations need a centralized management console that can monitor what each endpoint is running, ensuring network security while not impairing company productivity.

InformationWeek’s Ankur Chadda recently examined the current state of network security, focusing on the simultaneous rise of sophisticated malware and the BYOD-enabled hardware that often carries it. Roughly 74,000 new malware strains are released each day, and so far organizations have fought back by using traditional tools like antivirus software and firewalls.

However, these tools may be becoming less effective in light of the proliferation of mobile threats like SMS chargeware, as well as the refinement of desktop trojans. For example, Infosecurity chronicled the evolution of the Taidoor trojan, which originally delivered malware via a classic email phishing scheme. However, it has since become more sophisticated, now employing a separate downloader that can install additional malware later on. It also links to an innocuous-looking Yahoo blog, rather than a standard command-and-control apparatus.

To deal with these threats, organizations should adequately test endpoint security solutions under realistic conditions, so that managers can discern whether tools identify anomalies as they emerge. Good endpoint tools will also be unobtrusive, coexisting well with BYOD initiatives.

“Companies that implement aggressive malware policies need to strike a balance between network security and organizational performance,” advised Chadda, later adding “Controls cannot be so restrictive that they get in the way of systems being efficient and workers doing their jobs.”

Friday, August 30, 2013

VARIED STORAGE MEDIA, WINDOWS XP COMPLICATE DATA LOSS PREVENTION

Consumer smartphones and tablets, and the bring-your-own-device policies that have fueled their advent in enterprises, are the subjects of growing security and compliance scrutiny. At the same time, they may not paint the full picture of corporate data leakage and compliance vulnerabilities, since many organizations, especially in the healthcare industry, still store information on optical media, PCs and other appliances. Additionally, outmoded hardware running Microsoft Windows XP is becoming a lightning rod for zero-day threats that can compromise the entire network, revealing the wide range of challenges currently facing endpoint management.

Locking down a mix of old and new endpoints
Data breaches are not only costly, but also likely to land healthcare providers in hot water with regulators. A recent incident involving the U.S. Department of Health and Human Services and a third-party records management agency resulted in the latter having to pay $1.2 million after it failed to properly erase data from hard drives.

Reporting on the issue for Lexology, Alaap Shah of the law firm Epstein Becker Green pointed out that companies handling protected health information often do not account for the many different endpoints through which that data passes. Examples may include DVDs, email archives, and hard drives, or seemingly innocuous appliances like the photocopiers at the center of the HHS incident.

If administrators do not implement well-designed endpoint security software that tracks leaks and threats across numerous devices, then simply using a secure claims database as the original storage medium will not matter. Encryption and BYOD policies that wall-off legally protected data from personal effects are also vital measures for protecting it from the many individuals and third-party firms that now have access to that information.

Windows XP complicates endpoint security and control
Old storage media and mobile policies are not the only lingering vulnerabilities. Even as it approaches end-of-life on April 8, 2014, Windows XP remains popular 12 years after its original release, powering many mission-critical endpoints. A VMware survey revealed that 64 percent of large enterprises, and over half of midsize outfits, had not migrated off XP.

Microsoft executive Tim Rains advised anyone still on the operating system to immediately upgrade to at least Windows 7 to avoid falling victim to the near-certain proliferation of threats that the company will not patch.

“After April 8, Windows XP Service Pack 3 customers will no longer receive new security updates, non-security hotfixes, free or paid assisted support options or online technical content updates,” wrote Rains. “This means that any new vulnerabilities discovered in Windows XP after its end-of-life will not be addressed by new security updates from Microsoft.”

Currently, attackers reverse engineer Windows patches in order to discover exploits. While newer versions may receive more hacker attention due to their growing adoption rates, older platforms like XP are usually vulnerable to the same dangers, since they share the same kernel. Catastrophic zero-day exploits can emerge in this context, and in lieu of timely patching by next year, XP “will essentially have a zero-day vulnerability forever,” stated Rains.

BYOD, CONSUMER APPS LEADING CAUSES OF CORPORATE DATA LEAKAGE

What are the most likely catalysts for data leakage? IT departments may now have entered a perfect storm of risks, emanating from rising use of cloud services, increasingly fragmented device fleets and ongoing consumerization trends in both software and hardware usage. As a result, many leaks occur accidentally, and total incidents have been ballooning in both frequency and scale over the past decade. An endpoint security and control strategy that combines technically precise monitoring tools with adequate employee awareness is the only way for organizations to protect themselves in the current threat-ridden environment.

Corporate applications like email services are often much slower, albeit more secure, than their consumer counterparts and perform less ideally outside the confines of the company network. Accordingly, employees often resort to popular commercial webmail services that run well in nearly any environment, and this universality pairs well with the self-supplied hardware, especially smartphones and tablets, which they use for both business and leisure activities.

IT departments must improve file tracking visibility
By doing so, workers create many endpoint security risks tied to the unsecured movement of files, although some fault lies with IT departments that have not adopted comprehensive monitoring tools. According to a IPSwitch survey summarized by CIO.com’s Rich Hein, departments often fail to keep tabs on activity from personal email accounts used on their networks. An older study found that more than 70 percent of IT executives had no visibility into file movements within their organizations.

Aside from better performance speed, employees may use personal accounts to share large files that would otherwise be blocked by corporate email restrictions. Consumer cloud services like Dropbox have complicated data loss prevention efforts because of their similar facility with large file transfers, which users may tap into using an inter-app “Open In” button that is not properly secured.

“Opening documents in third-party applications presents some unique challenges related to putting corporate data at risk,” Fiberlink security officer David Lingenfelter, whose organization also conducted a survey on data leakage risks, told Hein. “The first risk is sharing data with third parties, including applications like Facebook and Dropbox. While employees may naturally use caution when forwarding emails, the ‘Open In’ functionality is much less obvious, and they may be leaking data using ‘Open In’ unintentionally.”

BYOD and lost devices
Endpoint management must also address a dizzying range of at-risk hardware. Hein cited a security study that found that 62 percent of IT employees believed it was okay to put corporate files on their personal devices, and that most of them never deleted these items.

USB thumb drives are a common way to improperly move files, with 33 percent of Fiberlink survey respondents stating that they had lost a drive containing confidential information. However, security executives have to be aware of smartphones and tablets with increasingly large storage capacities supplemented by consumer clouds. Over half of respondents admitted to using such devices for work. Without remote wipe capability, a lost mobile device can translate into major financial and IP-related damage.

ENDPOINTS BECOMING CONDUITS FOR WIDELY DISTRIBUTED ATTACKS

The advent of cloud computing and bring-your-own-device strategies has made it more difficult to secure specific endpoints, since administrators may be prioritizing ease of data access at the expense of safety. Threats remain, however, as much of the current generation of endpoint security software has not yet adjusted to aggressive hacking and cyberwarfare tactics that use individual endpoints as launching pads for widely distributed attacks.

In one of the most famous endpoint-initiated attacks in recent time, a family of malware known as Comfoo was employed to compromise the networks of many multinational corporations in 2010. According to CRN contributor Robert Westervelt, the Comfoo umbrella included a number of custom-designed backdoor exploits and trojans that could distribute malware on an ongoing basis. Perhaps more seriously, they could cause damaging data leakage by scraping network and account details and monitoring all user input. The Comfoo malware may have been part of a sophisticated cyberespionage campaign, as evinced by both its methodology and the lengths to which it went to avoid and misdirect endpoint monitoring.

The attacks used social engineering and email phishing to compromise targeted devices, highlighting how endpoints have become, in the words of security executive Jason O’Reilly, “surfaces” ripe for malware infiltration. Speaking to ITWeb, O’Reilly stated that endpoint software often does not sufficiently account for access from locations beyond the IT department, and that it does not have access controls that limit data exposure to authorized parties.

“Endpoint security solutions must offer layered protection that goes beyond signature-based detection only to include heuristic-based detection and polymorphic-based detection,” advised O’Reilly. “Today’s networks are exposed to threats from many different sources.”

Generating reports and catching threats in real-time
Business consulting firm Frost & Sullivan identified the high stakes for endpoint security and control strategies, which are under pressure from both outside attackers and seemingly insatiable employee demand for device choice flexibility.

“Enterprise IT organizations now face tremendous pressure to enable employees to access the corporate network and files from their own personal devices,” said Frost & Sullivan analyst Chris Rodriguez. “Considering their seemingly omnipresent nature, fast data connections, and powerful hardware and operating systems, these devices represent prime targets for hackers.”

What can organization do to clamp down on the unique weaknesses of mobile hardware? O’Reilly suggested that solutions should provide clear, comprehensive visibility into what is occurring on each endpoint so that threats can be swiftly addressed.

Thursday, August 22, 2013

Building a Fearless Company

I took the time today to re-watch a video posted by the Commonwealth Club with Steve Blank today – “How to Build a Great Company, Step by Step.”

Steve is a smart guy, with a nice sense of humor, and I’ve always valued his insights. Several of his key points ring true to me.

I like the quote from the video, “there are no facts inside your building, so get the hell out of it!” – Steve called it a lesson hard learned in Silicon Valley. At Ziften most of our key execs are out with customers and prospects on a weekly basis. We are a young company and understand it is critically important that our business model have a realistic view of our market, and how we can add value.
Listening to our customers is the most important thing we do. In the video Steve points out how hard it is for entrepreneurs to listen rather than dumping their IP on anyone willing to listen. I regularly counsel my staff on the value of listening over talking – after all, customers and prospects are far more interested in hearing how we solve their problems than how smart we are!
Steve speaks about how innovation is treated in America, versus the rest of the world. This is one of my core beliefs. We are blessed in America with an attitude that previous failures, from which learning occurs; make an executive “experienced” and more valuable in startups. Fear of failure is the death knell to innovation.

I encourage my people to take risks without fear of reprisal. It is making the team much faster at getting to our goal of bridging the gap between security technologies and really effective enterprise client security management. There’s a big difference – we are on the verge of sharing additional information on our unique value proposition in endpoint security management, so watch this space!

Wednesday, August 21, 2013

WITH BREACHES INEVITABLE, COMPANIES MUST PURSUE DATA LOSS PREVENTION

Occurrence of a major data leakage incident may now be a matter of “when” rather than “if” for U.S. companies, due to the convergence of new risks inherent in data-intensive applications, fragmented endpoint strategies and cloud computing. Too frequently, companies ignore or inadequately address known vulnerabilities, and the persistence of aging, unsecured IT assets eventually attracts the attention of cybercriminals.

Data breaches occur at an alarming rate. In 2011 alone, 855 breaches resulted in the loss of 174 million records, according to a report from the Verizon RISK Team. For companies that handle personally identifiable information (PII), the stakes are particularly high, since insufficient endpoint data protection measures and lack of employee compliance education can result in costly legal action.

Writing for Mondaq, legal expert Jeffrey Vagle stated that “[t]he likelihood of a data breach or privacy issue occurring in any business has become a virtual certainty,” and he advised record keepers to rethink their approaches to device and network security, administration of PII information and employee data access controls. However, data leak prevention may be more difficult due to rising usage of cloud services, which permit the storage and exchange of massive amounts of information at a time. Even one incident could result in the loss of thousands or millions of files.

Focusing on known vulnerabilities
IT departments frequently worry about zero-day attacks that can catch them off-guard and result in data leakage. For example, Network World’s Dirk Smith chronicled the recent emergence of a Adobe Acrobat exploit that could let hackers conduct advanced surveillance. However, IT vulnerabilities may more often stem from unpatched old software, and even many zero-day threats arise from weaknesses in legacy code, including a Windows bug which Smith said targeted features first implemented 20 years ago.

“[O]ne thing that I have found is that many of the breaches and intrusions which succeeded did so by attacking known vulnerabilities that had been identified and had been around for years: not from some sophisticated ‘zero-day’ attack which was unidentified and unknown until only yesterday by the security community at large,” wrote security expert Jim Kennedy in a recent Continuity Central article. “And, even more disturbing, social engineering continues to be a most successful way to begin and/precipitate an attack.”

Additionally, hackers now have access to a wide range of prepackaged malware. These tools can often perform complex analytics of a computer or network and then suggest an optimal line of attack. Aside from literal tools, attackers also take advantage of employees who are not trained to screen out calls or messages from individuals who falsely claim to be a security provider’s technical support team.

While it is imperative to proactively guard against zero-day attacks with robust endpoint protection software, companies also need to pair effective processes and training with their software and hardware solutions. Organizations often have multiple security policies in place, but the issue is enforcement. As a result, risky fluctuations in traffic or data movement, though nominally identified for security review, are not quickly and efficiently addressed.

-Charles H. Leaver

ACCESS CONTROL AND ENDPOINT MANAGEMENT: TWO KEYS TO SECURE BYOD

-Chuck Leaver

PASSWORDS, EMPLOYEE SHARING ARE DATA LOSS RISKS FOR BYOD

Enterprises that have implemented bring-your-own-device policies are at increased risk of cybercrime and data loss, most often because of their insufficient endpoint security and control measures. On mobile devices, employees typically access less secure consumer cloud services and engage in unsafe password practices, which accounts for a large portion of all BYOD-related risk. Endpoint software that provides visibility into exactly what is running on a device can help IT departments to understand and eventually address their vulnerabilities.

BYOD is a popular way for executives and workers to access sensitive corporate data on their personal smartphones, tablets and laptops. A recent ZDNet survey discovered that nearly nine in 10 Australian businesses have granted some of their senior IT staff members access to critical company information via their own BYOD devices, while 57 percent stated that they had provided it to at least four-fifths of their leadership. Even in the case of newer and less privileged staff, 64 percent had provided BYOD access, although company financial information was typically blocked from all but the most senior workers.

While BYOD devices and usage are proliferating, many of these organizations have not implemented proper endpoint management strategies to secure their increasingly mobile workflows. Nearly half of respondents stated that their companies did not have BYOD policies, and only 17 percent confirmed that their practices were ISO 27001 certified.

Passwords may be the greatest risk to safe BYOD
For companies that had taken steps to secure BYOD usage, acceptable use policies and passwords were the most popular measures. However, passwords may represent a unique and critical vulnerability in BYOD implementations, since users often reuse passwords that are not sufficiently complex. In an interview with CIO Magazine’s Tom Kaneshige, former Federal Trade Commission executive Paul Luehr asserted that while enterprises with BYOD initiatives certainly face heightened external risk from hackers, the greatest risk may be internal.

“The most common way BYOD policies affect data security and breaches is in the cross-pollination of passwords,” Luehr told Kaneshige. “A person is probably using the same or very similar password as the one they use on their home devices.”

Disgruntled employees, who often leak critical data after being let go, are prime risks for companies that have permitted BYOD, noted Luehr. As a result of BYOD, the distinction between home and the workplace is disappearing, and employees may now feel empowered to engage in relatively risky behavior like using social media on corporate networks, as a prelude to eventually sharing information either carelessly or willfully via cloud services. Comprehensive endpoint security is a necessity for preserving BYOD-induced productivity gains in the face of these threats.

About Me