Tuesday, 8 November 2016

Trump or Clinton? DDoS or Protection? Who will be the winner?

In a recent blog post by Arbor Networks, it was shown that DDoS attacks increase significantly during global events.

With the Presidential election in the United States happening in a matter of hours, will we see another significant, sustained attack on major websites, such as US media sites, political parties websites, etc?

I suspect we will, but much like the US election, we won't know who wins for a couple of days.

We can only hope that these sites have adequate protection from such an attack.  As for the election, we'll see...

Thursday, 3 November 2016

How businesses can protect Office 365 from ransomware attacks [Link - MTI Bytes]

After a recent webinar from Chris Taylor, Director of Product Marketing from Trend Micro around Ransomware, I created a blog post around this: https://www.mti.com/mtibytes/how-businesses-can-protect-office-365-ransomware-attacks/


In the last year, businesses have seen a large increase in ransomware threats. The Guardian recently reported that 54 per cent of businesses have been threatened with ransomware in the last 12 months alone. When we consider the money that can be made from a career in cyber crime, this is hardly surprising.

Ransomware refers to malicious software (malware) which is designed to block access to a computer system until a sum of money is paid.

But how can you protect your cloud environments from it? In a recent webinar, Chris Taylor, Director of Product Marketing, Trend Micro, looked at exactly that:

How does malware work?

Email is a common method that attackers will use to infect their victims, most often businesses. The malware is embedded in an email either in the form of a web link in the body of the text, which vulnerable users click on or a link within the attachment.

It is becoming increasingly more common for malware to be laced within documents in email attachments. Embedded JavaScript within the text encourages users to unknowingly click, starting the download of malicious software. It can be more difficult to detect the malware via the email attachment as it could be compressed within a common office file, such as a CV from a job-hunter, or an invoice, which seem convincing.

Prevention is better than cure

There are a number of recommendations that can be made, such as always back up your system, make sure it’s fully patched and train users not to open suspicious attachments. However, there are opportunities to stop many ransomware attacks before it even gets to that point. The best way is to block ransomware before it has a chance to reach users. There are certainly fix measures that can come in and save the day should the worst happen, but this can take up a lot of the IT team’s time.

What can businesses do to protect their Office 365 environment?

Office 365 includes anti-spam and anti-malware protection, which block every known malware. But the majority of malware is unknown, as criminals are increasingly using automated tools to change their malware, to beat the system.

In order to remain one step ahead from threats, businesses can implement advanced threat protection, which looks for malware in different ways, malicious URLs in attachments as well as the body of emails, and full data loss protection.

To set up a free evaluation of your Office 365 protection, email ukmarketing@mti.com

Saturday, 22 October 2016

VMworld 2016 Europe - Barcelona

After a number of years of meaning to go, I have finally attended my first VMworld.  As the recent strategy is the incorporate security into VMware solutions, it makes sense that my years in the security field would finally coincide with the virtual world.

I attended with my friend and work collegue, Anthony Poh, who runs this blog dedicated to all things virtual: https://thevirtualunknown.co.uk/

The experience was incredibly valuable from a work front.  VMworld allowed me to meet and engage with some very high level executives, allowing me to honestly share our thoughts, challenges and ideas.  I got the opportunity to attend a number of roundtables with my peers from across the world and understand where they are at.

It also led me to be asked participate in a Q&A session around MTI's strategy and approach to VMware NSX.  It meant going on stage in front of 400-500 people and be quizzed about what we do, which led me to write a LinkedIn post about it: https://www.linkedin.com/pulse/stage-fright-presence-andrew-tang

My only criticisms about VMworld is the amount of walking between the breakout sessions, Solution Exchange and lunch.  While I'm talking about lunch, it would have been good if there was enough to feed everyone who attended.

Despite these issues, the value from attending outweigh the minor niggles, and I hope to enjoy VMworld Europe again in 2017.

Below is a transcript of my LinkedIn post:


I've just got back from my first VMworld in Barcelona. I had no idea of the scale, content and knowledge available in one massive conference centre, predominantly around one vendor.

My world has been IT Security for over a decade, with little appreciation that virtualisation is on a completely different scale in IT minds. I would have been very lost were it not for my colleague and friend, Anthony Poh, who is much more experienced in all things VMware and VMworld!

I was asked to attend a Q&A session at one of the Partner Exchange, which turned out to be Accelerate Network Virtualization presented by Rajiv Ramaswami, EVP and GM, Networking and Security at VMware; Dom Delfino, VP of Worldwide Sales and Systems Engineering, Networking & Security at VMware; and Louise Ostrom, VP Network & Security, EMEA at VMware.

I felt like a little known support act to some of greatest artists in the world, worried that what I had to say in front of other partners and vendors wouldn't be of interest and value, but when you get a chance to get your thoughts straight, I realised that MTI had a lot to offer and I was comfortable talking about it on a big stage to an audience of a few hundred people.

The confidence of being on stage came from a familiarity of the topic, rather than memorising a script. I was able to show that MTI is a solutions and service provider in Europe; having offices in the UK, Germany and France, providing Datacentre, Security and Managed Services. We discussed MTI's adoption of VMware NSX and how NSX is the foundation to some of our offerings with integration to our key security partners in Trend Micro and Palo Alto.

Like life, the presentation wasn't scripted and, equipped with my new found confidence, I hope I get the opportunity to do some more in the future!

Tuesday, 27 September 2016

CLOUDSEC takeaway – Cyber security is not just an IT issue [Link - Trend Micro Blog]

After attending CLOUDSEC 2016, I was asked to create a guest blog on the Trend Micro blog site, including standout statistics and take-away lessons: http://blog.trendmicro.co.uk/cloudsec-takeaway-cyber-security-is-not-just-an-it-issue/


With a fantastic turnout at CLOUDSEC 2016, attendees comprised of security and IT practitioners from numerous industries. Despite these varying sectors, one thing became abundantly clear: the same issues are keeping IT security professionals awake at night – securing cloud environments, securing privileged access accounts and user education.

Many enlightening statistics were shared. Trend Micro’s research found that in the last two years, 44% of UK businesses were hit by ransomware attacks, and a third (33%) of their employees were affected by the infection. We also heard that over $2.3 billion was lost to phishing attacks over the past three years (FBI), though the real figure is likely to be higher.

While this makes the somewhat abstract world of cyber threats very real indeed, if there’s one point to take away from CLOUDSEC, it’s that cyber security isn’t just an IT issue. When the entire workforce is educated around safe IT usage, the chance of a business network being hacked is significantly reduced.

Everyone needs best practice training 

Organisations can defend against cyber-attacks; they don’t have to be victims. While in any organisation the CIO ultimately takes responsibility for cyber security, the rest of the organisation needs to accept responsibility too and not just shrug their collective shoulders. Regardless of seniority, companies should invest in best practice training when using a corporate network.

Best practice knowledge should percolate through the entire organisation from board directors, to employees and IT people involved in daily operations. It should explain why businesses have approved channels for storing data, the risks of using personal cloud storage platforms for data storage, and the need to question email content if it arouses suspicion – even if it’s from the CEO’s office.

Employees must understand the importance of cyber defences within the context of the business and how to safeguard against internal and external intrusions. Are they aware of the importance of setting difficult to crack passwords, as well as understanding that password variations of existing passwords are a source of vulnerability when used in other parts of the network? Do they know that in the last six months or so, ransomware attacks have spiralled as ransomware-as-a-service kits became commonplace on the dark web?

Serious business implications

The whole organisation must realise the possible business implications of a major hack – spiralling revenues, lost customers and plummeting share price, and this could all happen well after the event. Furthermore, jobs could be on the line if declining income hits the business badly.

Despite the growing evidence suggesting otherwise, many organisations still believe they won’t be hacked. With that said, however, if cyber security education is a part of the organisational culture, the chances of a serious breach are dramatically reduced.

Wednesday, 21 September 2016

The Right Train of Thought [Link - Computing Security]

I was asked to contribute to an article for Computing Security, focusing on IT security practices on how an effective cybersecurity strategy must include employee training: http://www.btc.co.uk/Articles/index.php?mag=Security&page=compDetails&link=7074



Any effective cybersecurity strategy should include information about how employees can safeguard against, not only external threats, but insider threats too, cautions Andrew Tang, service director, security, MTI Technology. "It also needs to include perimeter protection, but, as companies are increasingly working with cloud-based solutions, remotely and from various devices, it also needs to be sophisticated and fool-proof. Companies should invest in training all employees, regardless of seniority, on best practice when using a corporate network.

"Staff should understand how to protect against internal and external intrusions, as well as how to stay safe when accessing and sharing sensitive corporate data, opening emails from non-trusted sources and why businesses have approved corporate channels for storing data. It shouldn't just be a case of setting procedures and guidelines; staff should understand the consequences and risks of misuse or misjudgement when accessing corporate networks," he says.

"Employees should also be educated on the importance of password setting, as those that use a variation of the same password across different platforms leave the network vulnerable to attack. IT can also implement two-way authentication to add an extra layer of protection," adds Tang. "While the CIO should ultimately be responsible for implementing and monitoring employee guidelines and policies around cyber security, they should work closely with the HR team and heads of departments to ensure that safe computer usage becomes company culture. When a workforce is educated around safe IT usage, the chance of a business network being hacked is significantly reduced."

Thursday, 15 September 2016

Managing the keys to the kingdom [Link - Professional Security Magazine Online]

After the recent breach at Sage, I was asked to write a piece about insider threat for Professional Security Magazine Online: http://www.professionalsecurity.co.uk/products/cyber/managing-the-keys-to-the-kingdom/


The recent data breach at Sage, in which sensitive customer data was accessed internally, raises a wider question on whether UK companies are doing enough to defend against hacks, writes Andrew Tang, Service Security Director, MTI Technology, pictured.

After all, data breaches have become so commonplace that the widely accepted maxim of ‘Not if, but when’ stands true for most companies. The implication is that every major company is going to be hacked at some point. Of course, some keep it quiet and do their best to roll down the blinds so it stays in-house, while others have no choice but to come clean, usually when the breach is made public. The irony is that it doesn’t have to be like this. Attacks can be defended against. Internal breaches can be stopped. Data can be protected. It’s just a question of refocusing and committing to security as a business priority, rather than an IT need. The problem with internal attacks is that they undermine trust; a finger of doubt is pointed at all employees. People who were once held in high regard are now viewed with narrow-eyed suspicion. Paranoia rules.

In with the new

Traditional security has focused on building the castle, digging a moat and raising a drawbridge. Or in other words, putting in place rigorous and robust network defences that keep hackers out. But today we need a zero-trust model, one in which the enterprise is viewed as a hotel. Access to rooms, for example, are restricted to certain people. You can’t just walk through the front door and roam around unchallenged. You can only gain access to certain rooms according to the authorisations you have been given.

At the technology level it’s about introducing internal controls such as micro segmentation of the network, access controls and reducing administrators’ rights. Admin rights are often available to a wide number of people in any given organisation, but it’s a fact that between 80 and 100 per cent of system compromises have been carried out using admin credentials. For someone who knows what they are doing, and it doesn’t require a lot of technical knowledge, admin rights can be used to erase firewall logs, scrub back-ups, disable antivirus software and even erase CCTV footage if cameras are digitally connected to the network.

Only the few

Securing an organisation internally is about introducing privileged access, so only a small number of people who have the need can move through a company’s systems. It’s about recording these sessions so there is an audit trail and it’s easy to see who has gone where and when. It’s about introducing two factor authentications for internal access so people can’t just roam through the network at will.

In small organisations it’s relatively easy to introduce these controls precisely because the operations are small. As you step up in size, however, analytics engines need to be introduced so you can see what is going on internally and also set rules. Is someone, for example, trying to access Dropbox and have they just visited a corporate database that holds customer payment details? Of course, if this is the case the klaxons should be blaring loudly. While this is an obvious example, it illustrates how with the right technology you can see and stop potentially deviant behaviour and in fact can block it before it happens. For instance, you might want to stop all access to cloud-based storage for some employees while allowing it for others, depending on role-based needs. Data loss prevention (DLP) technologies have been around a while and are a powerful tool for identifying sensitive data and raising alerts if sensitive data suddenly starts moving across the network when it shouldn’t.


This approach to security is transformative for the business because it introduces fundamental changes to the way people work, limiting their ability to roam around networks at will, pick up information from databases, or probe internal servers. But internal security is not just about getting the right technologies in place; it’s about a different mindset. It’s about looking at IT spend through the eyes of a realised IT soul. Do you really need an all singing and all dancing firewall or would a next generation firewall suit you better? Do you want to keep spending on the same technology or should you be looking at two factor authentication? Do you want to put 80 per cent of your budget into traditional security or would an investment in proactive analytics and DLP serve you better?

Ironically, this zero-trust approach engenders greater trust. You know who is doing what, and if someone does try to walk off with a rake of customer credit cards numbers, they will be stopped in their tracks.

Wednesday, 14 September 2016

CyberArk Expands Global Channel Partner Program [Link: CyberArk Press Release]


CyberArk Expands Global Channel Partner Program

CyberArk Expands Access to New Training and Technical Sales Tools Enhance Partners’ Privileged Account Security Expertise and Help Drive New Business Opportunities Global Channel Partner Program

Newton, Mass. and Petach Tikva, Israel – September 14, 2016 – CyberArk (NASDAQ: CYBR), the company that protects organizations from cyber attacks that have made their way inside the network perimeter, today announced new CyberArk Global Channel Partner Program offerings to enhance its partners’ privileged account security expertise and ability to drive new business opportunities. Partners can now benefit from access to expanded training and technical certification programs as well as enhancements to the CyberArk Discovery and Audit (DNA) tool that helps quantify security risk within enterprise networks.

CyberArk University: New Technical Certification, Growing Course Catalog
CyberArk is committed to helping its partners develop their own CyberArk practices, comprised of internal CyberArk-trained professionals to address customers’ cyber security skills gaps and maximize the effectiveness of CyberArk solutions. CyberArk is expanding its Global Certification Program for sales and technical learning, recently adding a new CyberArk Certified Delivery Engineer (CCDE) option. Achieving CCDE certification requires passing a rigorous course that involves an in-depth technical introduction to the CyberArk Privileged Account Security Solution as well as a shadowing and technical challenge component.

“Access to the evolving CyberArk University curriculum enables our team to expand the application of business-critical privileged account security knowledge and experience,” said Kyle Kappel, advisory principal, KPMG Cyber Services. “As a result, we’re helping CIOs and their teams build competence and confidence in their risk management strategies, while improving the skills needed to positively impact business growth and innovation goals. We’re excited about the expanding program and look forward to more KPMG professionals becoming CCDE certified.”

CyberArk regularly adds courses that closely mirror its product line, such as the addition of the CyberArk Viewfinity class, as well as new advanced level classes that complement its popular fundamentals courses. CyberArk University offers certified training through several flexible options including a new self-paced online option via the CyberArk Partner Portal, in addition to virtual classroom or face-to-face classroom training. More than 2,000 individuals across CyberArk’s global partner network have taken advantage of training courses through CyberArk University.

“The IT security talent shortage is something we hear about every day, with customers needing help ranging from implementation to driving value from existing software,” said Charles Drum, director of security technology, Integral Partners LLC. “With new certifications and expanded training options available through CyberArk University, we are creating internal CyberArk experts who can augment customers’ existing teams and help close skill gaps to evolve privileged account security strategies as part of customers’ proactive security programs.”

CyberArk DNA: Data-Driven Insight to Increase Deal Impact
CyberArk DNA is a valuable tool for quantifying privileged account security-related risks, and gaining visibility into the vulnerable attack surface that exists within enterprise environments. In 2015, CyberArk DNA was used to scan seven million machines.

“It’s widely accepted now that most – if not all – major data breaches in recent times have involved the compromise of privileged accounts as an essential part of how attackers got to what they wanted, or where they wanted to be,” said Andrew Tang, service director, security at MTI. “Organizations often have little to no idea of how many privileged accounts exist in their network and thus the extent of their vulnerability. MTI uses CyberArk DNA as a precursor to consulting projects, mapping networks to identify all privileged accounts and vulnerable machines. CyberArk DNA allows MTI to show prospective customers the weak points in their security posture and helps accelerate their security purchasing decisions.”

Partners using CyberArk DNA can generate comprehensive reports for customers and prospects identifying privileged accounts on the network as well as privileged passwords – including hard-coded passwords in applications and scripts – and their status in terms of policy compliance. New CyberArk DNA reporting features help customers better visualize and understand the extent of their security vulnerabilities, with recommendations on how to prioritize risk mitigation using the CyberArk Privileged Account Security Solution. CyberArk recently received another patent for innovative security risk detection technology that has been implemented in the CyberArk DNA tool.

CyberArk Partner Program Momentum
CyberArk works with more than 250 channel partners around the world and is increasing collaboration with advisory firms, systems integrators and value added resellers worldwide and across key vertical markets such as healthcare and government. CyberArk’s success in the channel has contributed to increased sales momentum with indirect sales representing approximately 60 percent of CyberArk business in 2015. CyberArk has more than doubled its channel management team in the past 12 months.

“With cyber attacks increasing in prevalence and sophistication every day, organizations need the right know-how, products and processes in place to effectively minimize risk and better protect their businesses,” said Andy Welsh, vice president of partner management, Optiv. “Optiv has built a strategic relationship with CyberArk to help us deliver end-to-end cyber security solutions and services that help organizations solve their unique cyber security problems. We look forward to leveraging CyberArk’s new global technology partner program to continue meeting the evolving needs of our clients.”

CyberArk recently launched the C3 Alliance, its new global technology partner program. Providing the channel with greater access to integrated technology solutions is another strategic differentiator. The C3 Alliance delivers certified technology integrations between CyberArk and alliance member products that make it easier for channel partners and customers to extend the power of privileged account security across their organization and enhance their overall security posture.

“CyberArk views the channel as an important growth engine and is committed to driving differentiation for our partners. Our focus on the channel has spurred new business opportunities over the past year across virtually all vertical industries and company sizes. We continue to have valuable, productive conversations with our partners who are helping to educate C-level executives about prioritizing privileged account security programs,” said Udi Mokady, chairman and CEO, CyberArk. “We value the important business relationships we are building with influential partners and view CyberArk-led programs, like the C3 Alliance, as well as CyberArk DNA and expanding training and certification offerings as strategic for helping partners uncover new revenue drivers.”