Archive for April, 2017

New SentinelOne Enterprise Risk Index Provides Evidence of Growing Use of In-Memory Attacks; Renders Traditional Antivirus Protection Methods Redundant

Friday, April 28th, 2017

SentinelOne, the company transforming endpoint protection by delivering unified, multi-layer protection driven by machine learning and intelligent automation, today launched its first Enterprise Risk Index which highlights the growing use of in-memory attacks, further proof that attacks simply cannot be stopped by traditional, static, file inspection security solutions.

The report includes an analysis of filtered data from more than one million SentinelOne Enterprise Platform agents deployed worldwide during the last half of 2016. Findings are based on behavioural analysis of malware programs that bypassed firewalls and network controls to infect endpoint devices.

“These days, infecting a target is just a matter of resources; but how long the hackers get to stay inside the network is a matter of good detection,” said Andy Norton, EMEA risk officer for SentinelOne and lead researcher for the Enterprise Risk Index. “In our analysis we focused on the attacks that are successful in making their way past traditional defences to reach endpoint targets because these are the threats that pose the greatest risk to an organisation. That’s what we should be measuring – not what’s stopped at the gateway.”

The report focuses on attack methods classified into three risk categories:

  • Attacks detected from document-based files, largely associated with Microsoft Word or Adobe PDF.
  • Attacks detected from traditional portable executable-based files.
  • Attacks detected only from the memory of the system with no associated new artefacts on the system.
  • From the report, “we won’t be announcing what the top malware family is – for example, Zeus, Diamond Fox or Updare – however, we do build indicators of compromise to help with identification and response, and when a hash value exists we have submitted the hash to malware repositories to see what other submissions there have been for them.”

    Key findings of the report include:

  • The growing menace of in-memory attacks: in this timeframe, we found that these attacks have doubled in comparison to the infection rates of file based vectors.
  • Even for file-based attacks, only 20 percent of threats had corresponding signatures from existing AV engines.
  • Nation-state actors are trading infection sustainability for stealth, leaving no new artefacts on the file system and relying on memory-based attacks, even if it means needing to re-infect the target.
  • Three-pronged infections are becoming the norm as attackers no longer rely solely on .exe files to deliver malware, but instead use hybrid attacks that multiple attack vectors can utilise in one attack chain.
  • “Our goal with the Enterprise Risk Index is to help organisations get a better view of which threats are successful in reaching the final barrier in enterprise defences,” said Norton. “With this data in mind, customers can better determine not only what the risks are but where they are and can adjust their security planning and investments accordingly.”

    A copy of the full SentinelOne Enterprise Risk Index is available for download here.

    Brocade Study Reveals More than Half of IT Teams Will Struggle with Business Demands in Next 12 Months

    Thursday, April 27th, 2017

    Germany and U.S. Ahead of the Digital Transformation Skills Game, While UK Lags Behind

    Brocade announced a new GLOBAL DIGITAL TRANSFORMATION SKILLS STUDY, which aims to uncover how well-placed global IT leaders consider themselves and their teams to be in terms of meeting current and future business demands. Of the six markets surveyed, Germany was found to be the best prepared to meet its digital transformation goals, closely followed by the U.S., while the UK lagged well behind its counterparts.

    The research, which surveyed 630 IT leaders in the U.S., UK, France, Germany, Australia, and Singapore, indicates that many organisations are at a tipping point, as new technology demands are set to outstrip the skills supply. Organisations that address this now through additional skills training will be in the strongest position to ensure business growth and competitive advantage.

    Overall, an encouraging 91 percent of global IT leaders acknowledge that IT departments are currently recognised as very important or critical to innovation and business growth. However, more than half (54 percent) predict they will struggle with a lack of IT talent in 12 months. Contributing factors identified from the research include skills shortages, a prevalence of outdated skills, lack of commitment to training at the corporate board level, and the rapidly changing technology environment.

    “Businesses are approaching the peak of IT strategic influence. Now is the moment that IT teams feel they have the strongest opportunity to influence the transformation of their organisations,” said Christine Heckart, chief marketing officer and senior vice president of ecosystems, Brocade. However, with a rapidly changing technology landscape and potential impact on international labour markets, it is critical that IT receives the right training to further develop their skills and business relevance.”

    The research also found that skills planning had to be aligned with other areas of business planning to avoid the risk of a technology skills deficit, where IT teams are expected to deliver the benefits of technologies that they are ill-equipped to implement.

    Staff shortages and outdated skills are preventing ITDMs from delivering on current business demands

    Organisations are attempting to move their IT departments away from their traditional roles, but the lack of skills and the time required to learn those skills have held them back. IT decision makers (ITDM) believe this could be a major contributor to their inability to meet business demands, putting organisations at risk of falling behind their competitors and losing customers.

  • Approximately one in four respondents in Australia, France, Germany, Singapore, and the U.S. claim that they cannot deliver on current business demand due to staff shortages. This number rises to 42 percent in the UK.
  • Respondents claim that the lack of access to talent will prevent them from implementing new technologies efficiently, lead to a decrease in employee satisfaction, and result in the loss of market share.
  • The IT skills gap is only likely to get worse and organisations need to act now

    The political landscape is also a contributing factor in the widening skills gap. As market uncertainty intensifies in the next few years, it is more important than ever for IT departments to remain agile and take advantage of new technologies.

  • Ninety-two percent of those questioned had some level of concern about future hiring of IT staff, while 54 percent were concerned about a lack of skilled talent to choose from.
  • Forty-three percent of global respondents agreed or strongly agreed that the current political climate makes it difficult to hire employees with the right skills. In the U.S. and Australia, the numbers were 52 percent and 54 percent, respectively.
  • Even with the uncertainty surrounding the Brexit situation, EMEA respondents were less concerned, with only 31 percent of UK ITDMs believing it presented a challenge compared to 39 percent in Germany and 35 percent in France.
  • Training time and investment will prove to be business-critical

    Training continues to be an issue as day-to-day IT maintenance tasks take priority. For organizations to address the technical skills deficit, they first need to invest time and money — or face the consequences.

  • There is consistent demand globally to spend more time on increasing skills — from 15 percent of time that is currently spent on this to 22 percent.
  • Respondents reported that insufficient budget (45 percent) and training time (45 percent) are constraining IT departments’ attempts to develop skills more than any other factors. These factors rise to 60 percent and 50 percent respectively in Australia but drop to 37 percent and 30 percent in Germany.
  • Currently, only three hours are allocated per week for learning and skills development. Respondents in Singapore average four hours of skills development per week.
  • Sixty-seven percent of respondents agree that the key to closing the skills gap would be to spend more money on training.
  • IT professionals need to take control of their professional future

    The research also showed that IT professionals at all levels must take increased responsibility for their own professional destiny, embracing the opportunities delivered by new technologies such as artificial intelligence (AI) and all areas of IoT from device management to security.

  • Thirty-five percent of global respondents agreed or strongly agreed that their organisation’s IT team does not have the right skills to protect their jobs in the future.
  • When asked to identify the one skill that they see as critical to their future career progression, cybersecurity was the most frequently cited, by 22 percent of respondents globally.
  • AI and IoT security tied for second as the most critical skill at 18 percent. While AI was the most critical skill in France and Australia, IoT security was the most valued skill in Germany.
  • AI could be a friend or foe

    AI could revolutionise the IT skills that are required and the way that we work. AI is likely to replace a number of IT roles and tasks, but this doesn’t mean the end for the IT department. Employees need to have the right skills to be in a position to work alongside AI and embrace its future impact, so that organizations can unleash its full potential.

  • When asked which current roles were already being replaced by AI, desktop support (23 percent), data analyst (20 percent), software testers (17 percent), system architects (14 percent), and network engineers (11 percent) topped the list.
  • Within the next 10 years, these numbers are expected to increase: desktop support (37 percent), data analyst (34 percent), software testers (33 percent), system architects (31 percent), and network engineers (31 percent).
  • AI will also impact the role of the CIO, with almost half of the global respondents claiming increased focus from the business.
  • Fifty-six percent of respondents believe that developing AI-related skills is key to securing a role in the future.
  • Vital role of the board in ensuring long-term IT skills development

    Organisations’ boards will often dictate whether employees have the time and empowerment to develop their skills, but this is common in organisations that do not have the right support. The boards also have to ensure that skills and training improvements are aligned with other areas of business planning.

  • Forty-four percent of respondents think that new skills acquisition is not seen as being as valuable as it should be by the board. This rises to 59 percent in Australia and 50 percent in the UK. The U.S. (42 percent), Germany (41 percent), Singapore (40 percent), and France (34 percent) had slightly more positive results.
  • Almost a fifth of global respondents think their boards view gaining knowledge and skills as a cost to the business, rather than an asset. This rises to 35 percent in Australia.
  • However, the majority of respondents in France (63 percent) and Germany (62 percent) see knowledge and skills growth as an asset.
  • Despite respondents claiming that they plan approximately two years in advance for most areas of the business, staffing and recruitment is still on average only planned for a maximum of a year.
  • This is creating a disconnect where organisations are attempting to address key IT challenges with teams not as well equipped in terms of skills and experience as they could be.
  • Additional Resources

    Data in the study also revealed four main personas of global IT leaders, all with different levels of effectiveness when it comes to pioneering digital transformation projects and managing the skills of their teams.

    EXECUTIVE SUMMARY
    GLOBAL AND REGIONAL ANALYSIS OF EACH PERSONA IN EACH OF THE COUNTRIES SURVEYED

    The study was conducted by independent research house Vanson Bourne in March 2017. 630 IT decision-makers in organisations with more than 500 employees in the U.S., U.K., France, Germany, Singapore and Australia were surveyed.

    This article has been taken from Brocade.com.

    Ruckus Wireless: SmartZone 3.5 OS Feature Highlights

    Monday, April 24th, 2017

    Earlier this month we saw the release of Ruckus’ latest OS for their SmartZone portfolio, 3.5. We wanted to highlight some of the new features available in this release:

    Visual Connection Diagnostics: This real-time visual troubleshooting tool on the user interface (UI) helps an IT user discover and investigate client connectivity issues across the entire network.

    Improved UI and UX design: Ruckus have completely revamped the controller UI and user experience design, improving configuration, management, and operation of SmartZone-managed Wi-Fi networks.

    Multi-tier managed services: On SmartZone platforms hosted by MSPs, systems integrators and partners can log in and manage their own networks, secure in the knowledge that their network is completely partitioned from those of other users. They have the flexibility to extend into tiers of their own by defining cascading domains and zones.

    Data-driven architecture: APs report radio, client and performance data with minimal latency to the SmartZone controller, which then renders the data in responsive widgets to provide a “context-aware” user experience.

    Open programmable framework: A full suite of representational state transfer (RESTful) JSON application programming interfaces (APIs) for configuration and management enable open networks and the ability for our SP, MSP and enterprise customers to build their own sophisticated Wi-Fi management systems.

    Streaming APIs: In SmartZone 3.5, Ruckus introduce streaming APIs for granular, near real-time statistics. The streaming API leverages MQTT and GPB (Google Protocol Buffers) to push-stream the full array of client, AP, controller and cluster statistics to third-party analytics, business intelligence or visualization tools.

    Multi-firmware access point (AP) management: SmartZone can accommodate multiple AP models and associated firmware within a single cluster.

    Virtualized and scalable data plane: The SmartZone portfolio features a scalable virtualized data plane appliance that provides high-performance packet processing and user traffic management.

    If you have any questions about this latest release, please get in touch by completing our contact form.

    Dump the Sandbox

    Thursday, April 20th, 2017

    By Andy Norton at SentinelOne

    Technology becomes obsolete quickly in a variety of industries as “newer” and “more innovative” options crop up on what feels like an almost daily basis. The same is true for the pace of technological innovation in the information security space.

    Traditional antivirus vendors spurred on by waning detection rates and unhappy customers have been acquiring companies that offer potential solutions to the satisfactory prevention of the latest threat of the day, that currently pose enormous risks to its already languishing and disgruntled customers.

    Sandboxes grew in popularity as a stop gap because organisations needed to apply reasonable levels of certainty to security controls in the absence of confidence in endpoint AV to protect the organisation. But, at what cost?

    Apart from being hideously expensive because they knew about “Chinese” attackers, sandboxes identified thousands of Indicators of Compromise (IoCs), that had every security analyst chasing every instance to determine if the attack only detonated in the sandbox, or if it also ran on the endpoint. And, if so, did it successfully communicate with its command-and-control infrastructure? If it did that, then they had to determine what it actually did to the endpoint.

    This Pyrrhic victory in malware defence has been the reality for many organisations for the past few years. The lack of efficiency in the sandbox has forced organisations to consume intel feeds and hope that an IoC somewhere might turn up in the environment at some point, only to find out that the level of false positive reduction in that feed was not satisfactory.

    Here´s the message for the CISO

    If you are about to renew a really expensive purchase order for sandboxes… don´t sign the renewal agreement without first considering alternative approaches.

    It´s time to get rid of high maintenance security technology. It´s time to stop shouldering the burden of proof of what might occur at the endpoint, based on what was detected on the network.

    Even a leading sandbox vendor admits: “the endpoint has always been the most reliable source of truth.” The endpoint is ground-zero for the organisation, and as such it should be the most accurate and least costly source of security escalation.

    Microsoft operates 12 security operation centres, they found IoC led investigations have a negative value to security. Instead, they base their analysis of threats on observed behaviours in their environment, behaviour analysis is responsible for tracking nearly 100% of the active threats at Microsoft.

    Total Cost of Risk Ownership

    Information security controls are placed into an organisation to manage risk. The big questions to ask: does the capital and operational burden of sandboxes actually reduce the risk? What is the delta in risk between running sandbox technology and not running it? Further, what is the savings in expenditure and operational costs?

    The quantitative answer is determined by how many threats are detected in the sandbox that would not have been detected by other security controls. For example, if you have a system that monitors the actual behaviour of the endpoint, then the risk delta value of the sandbox is zero. In addition, the cost savings are enormous because the wild goose chases of analyst time disappears too. Instrumenting the endpoint with behavioural modeling instead of using sandboxes reduces the Total Cost of Ownership massively, as the expenditure drops while the residual risk remains the same.

    Related Posts from SentinelOne:

    Cyber Security Importance Doesn’t Always Translate in Business
    We hear a lot about cyber security these days, both in the business world and…

    Deepening threat intelligence: SentinelOne’s DFI engine now part of VirusTotal
    A short while ago, SentinelOne—in the latest release of EPP– brought to market a powerful…

    SentinelOne Now Supports Windows Legacy Systems
    Not all operating systems are created equal Last month, at South China University of Technology…

    Three Common Misconceptions about Designing Your Cybersecurity Solution

    Wednesday, April 12th, 2017

    Outdated cybersecurity solutions with data backhaul and hardware upgrades cost organisations millions of dollars each year. There are other alternatives to backhauling data that keep your network secure and your costs down. Here are three misconceptions of designing your cybersecurity solution.

    1. Thinking that backhauling data from remote offices and mobile workers to on-prem appliances is the only way to protect a distributed organisation.

    Since the age of the mainframe in the late 60s, centralising your IT infrastructure was logical. Most companies had large headquarters where a majority of their employees worked, and infrastructure was housed centrally to provide compute power and business resources. As technology advanced through the mid-90s, internet and email became common work tools, meaning organisations now had the flexibility to conduct business from multiple office locations. Enter the Blackberry in the early 2000s, and now we’ve reached the distributed age. Businesses are rarely in one location. If you consider every mobile device accessing work applications a “remote office,” you have now gone from securing one site to securing hundreds.

    This exponential increase in business locations puts increasing strain on your network security plan. While the pain of backhauling data as you added individual remote offices was manageable, the concept of backhauling data was never designed to scale to the mobile world we live in. This new paradigm shift in business requires a new approach to network security. Continuing to backhaul data from mobile users and remote offices is like. It might work for today, and maybe for tomorrow, but you either keep paying for more sandbags, or consider a new approach that is designed for the current situation.

    2. Completely rearchitecting your network by moving to an all-cloud solution is the only way to avoid excessive backhaul

    There are cloud-only SWG solutions that provide infrastructure cost benefits, but they come with a pricey compromise – rearchitecting your entire network to direct all traffic to cloud-based SWGs. A cloud-only approach is not for every business. There are compliance issues for many industries, legal ramifications from data privacy laws, and operational security concerns that arise from using a multitenant cloud. If you have requirements that can’t completely be met by a cloud-only SWG, it’s critical that you find a solution that’s built for the cloud, but not built exclusively in the cloud.

    3. Believing that leveraging cloud and on-prem capabilities mean you have to manage two separate interfaces or sacrifice policy consistency.

    If you’re already one step ahead and know that you don’t have to rely on solely cloud or on-prem secure web gateways, perhaps you are exploring a hybrid solution. Traditional “hybrid” solutions have two different systems operating in tandem. While this seems like a good idea, in theory, it creates significant management overhead and headaches to administer the two systems. For example, policies often only sync in one direction, which creates gaps in your security plan as you work to ensure each system is managed correctly. Not to mention that the two systems frequently lack feature parity, making uniform policy enforcement a real challenge.

    Your experiences managing your network security should be seamless and should not require separate management systems just to reap the benefits of both cloud and hybrid deployment. Your secure web gateway should give you the flexibility to define your own network security policies without reconfiguration or sacrificing user experience.

    Beyond backhauling

    Most companies haven’t reevaluated their network security solution because the thought of ripping and replacing appliances or completely reconfiguring their network is enough to scare them away. But SWG solutions designed 10-15 years ago were built to secure a different type of organisation than we see today, so it’s worth considering other options. It is not financially sustainable to backhaul the increasing amount of data created by a mobile workforce. Instead, find a solution that leverages the cloud to avoid expensive VPN and MPLS links, but also doesn’t force you to overhaul your network architecture.

    Believe it or not, there are network security solutions that were built specifically to support the distributed organisation. iboss designed the first Distributed Gateway Platform to address the challenges facing decentralised organisations today by leveraging an elastic, node-based architecture that scales to meet changing bandwidth needs. Learn more about the changing secure web gateway landscape and the needs posed by distributed organisations.

    As you think about your security needs over the next five to ten years, evaluate whether your current vendor can help you scale and grow without network re-architecture, management of multiple, isolated systems, or increased bandwidth costs from backhauling data. Here are 11 things to consider as you evaluate and plan for your cybersecurity needs in the coming years.

    Original article published by Ed Gaudet. https://blog.iboss.com/sled/3-common-misconceptions-about-designing-your-cybersecurity-solution

    Ruckus Wireless Unveils New SmartZone Capabilities in New OS Release

    Wednesday, April 12th, 2017

    Ruckus Wireless, has announced the availability of version 3.5 of its SmartZone™ Operating System (OS). The new release powers the industry’s highest-capacity controller portfolio, including the SmartZone 300 (SZ300) high-scale control and management appliance, which is also being announced today. With more than 30 new features and enhancements, SmartZone OS 3.5 makes it easier than ever for IT to improve the end-user experience and to better align security and policy posture with a diverse user device constituency. New capabilities also enable enterprises and managed service providers to easily and securely implement complex network architectures and multi-tier business models.

    The SmartZone portfolio includes high-capacity appliances designed for service provider and large enterprise deployments—SZ300 and virtual SmartZone High-Scale (vSZ-H)—and enterprise-class appliances—SmartZone 100 (SZ100) and virtual SmartZone Essentials (vSZ-E)—designed for mid-sized enterprise networks. The virtual SmartZone Data Plane (vSZ-D) works in conjunction with virtual control and management appliances, enabling a high-throughput distributed data plane. Since their introduction in 2015, SmartZone controllers have been deployed by more than 2,000 enterprise and service provider organisations that are collectively managing more than 600,000 APs.

    “Cloud-managed wireless services revenue is growing at 26 percent, far faster than the enterprise WLAN equipment market,” said Rohit Mehra, vice president, network infrastructure, IDC. “WLAN vendors that can build products that enable those service providers to grow their own businesses profitably stand to outperform the market. With its SmartZone portfolio and its latest enhancements, Ruckus is clearly vying to be a dominant vendor in this segment. At the same time, the company is investing in universally critical functionality related to end-user experience management, security and analytics.”

    Enhancing End-user Experience Management

    As end-user quality-of-service expectations increase, IT departments are increasingly challenged to meet them. SmartZone OS 3.5 provides IT with tools to better ensure quality experience:

  • Visual Connection Diagnostics (VCD) enables IT to react in real time to end-user problems, visually troubleshooting the client connection process, pinpointing the failure stage and identifying the likely cause of failure.
  • New “super-KPIs,” combined with visual alerts and pivot-table functionality, provide IT with a more effective means of predicting end-user experience degradation, reducing the time IT must spend on identifying systemic failures.
  • Near real-time push-streaming enables IT to effectively respond to rapidly deteriorating network conditions by allowing third-party or custom-built analytics tools to consume key performance indicators (KPIs) with no delay, no fidelity loss and no need for IT to create a firewall pinhole.
  • Creating More Flexible Security and Policy Management

    Ensuring that the network, devices and users are protected without compromising expected service and access levels is critically important. The new release helps IT address these challenges more easily:

  • SmartZone integration with Ruckus Cloudpath™ security and policy management software allows IT to create a practically unlimited number of user and device roles, enabling user-specific VLAN, access control and bandwidth attributes. This capability enables IT to segment the network based on real security and policy needs, rather than on a one-size-fits-all basis.
  • Usability improvements to Ruckus Dynamic Pre-Shared Key™ (DPSK) technology include a group DPSK function and, with Cloudpath integration, automatic key distribution to end users. Group DPSK is designed to make it easier for organisations with “headless” Internet of Things (IoT) devices such as printers and Apple TVs to manually distribute keys to these devices by enabling groups of device types to use a common DPSK key.
  • Enabling More Sophisticated Business and Deployment Models

    The latest SmartZone release further enhances multi-tenant and data plane functionality and flexibility for service providers that host private clouds and for large enterprises and educational institutions:

  • Multi-tenant partner domain segmentation allows service providers that operate private clouds to establish secure, isolated operating domains for their non-hosting managed service provider clients. This new capability, combined with existing domain and zone functionality, enables the private-cloud service provider to support any single-tier or dual-tier managed services business model while meeting stringent operational and security requirements.
  • The zone affinity feature in the vSZ-D provides a common data plane to distributed sites, allowing customers to maintain a centralised data architecture in the event of a WLAN vendor change. Managed service providers can use the same capability to allow their customers to tunnel guest traffic away from their local area network (LAN).
  • Native DHCP/NAT functionality in the vSZ-D simplifies deployment complexity by enabling high-performance DHCP assignment in a centralised or distributed network context without the need for third-party DHCP/NAT servers.
  • The vSZ-D enables Layer 3 roaming without the need for a dedicated mobility controller. Parameters are defined just once in a centrally located vSZ-H/E instance. Distributed vSZ-D instances automatically establish tunnels between themselves. Roaming devices maintain their original IP address, ensuring session persistence for sensitive applications such as voice.
  • “With Ruckus’ latest version of its SmartZone control and management software, browsing across the user interface is straightforward and simple, with the ability to access configuration and monitoring on a single page,” said Yves Premel-Cabic, head of engineering, WiFirst. “Ruckus now goes far beyond its competitors, with call-flow diagnostics for client association issues and crystal clear technical data. By combining it with the Ruckus SmartCell Insight platform, we will now be able to enjoy state-of-the-art analytics. vSZ 3.5 is now the best carrier-grade Wi-Fi management solution, and WiFirst’s engineers and technicians can’t wait to upgrade to this major release.”

    “SmartZone allows service providers and large organisations to easily deploy high-scale, multi-site, multi-region WLANs while practically eliminating the usual costs associated with data plane scaling,” said Greg Beach, vice president of product management at Ruckus Wireless. “With this latest release, we’ve made SmartZone even more compelling for service providers of all kinds, while giving IT in every organisation easy-to-use tools that allow them to more effectively manage the entire end-user experience from service quality to security and policy.”

    To learn more about Ruckus Wireless’s SmartZone portfolio, visit https://www.ruckuswireless.com/products/system-management-control/smartzone.

    Original article: https://www.ruckuswireless.com/ruckus-wireless-unveils-experience-management-capabilities-with-new-smartzone-os-release