In July 2015, I did my first threat webinar. I had planned to do it on a monthly basis, and never imagined I would still be doing it five years later, but here I am, still creating monthly webinars. I still do. I started the webinar series to help people understand the different threats targeting our customers and I have always tried to focus on three areas:
|
|
This last point, discussing technologies versus solutions, has been one of the key items I try to follow as much as possible – after all, the goal of my webinars is to be educational, not a sales pitch.
Coming from a technical background, BS in Electrical Engineering from Michigan State University (Go Spartans!!), I enjoy learning about the new technologies being used to detect the latest threats and to ensure you know what to look for when selecting a vendor and/or a security solution. Over the years, I’ve discussed everything from APTs, coinminers, exploits, messaging threats, ransomware, underground activity and lots in between. It is pretty easy to find topics to discuss, as there is so much going on in our industry, and with the malicious actors regularly shifting their tactics, techniques and procedures, I can keep the content fairly fresh.
I really enjoy having guest speakers on my webinars to mix things up a bit for the viewers as well, as I know my limitations – there are just too many threats out there to keep up with all of them. The main reason I love doing the threat webinars is that I enjoy sharing information and teaching others about our industry and the threats affecting them. If you want to check out any of my previous five years of webinars you can watch them here.
For my fifth year anniversary I wanted to try something different and I would like to do an open Q&A session. As I’ve never done this before, it will certainly be an interesting experience for me, but hopefully for you as well. I hope I can answer a majority of your questions, but I know some of you are way too smart for me, so please bear with me.
Our registration page for this webinar allows you to submit any pre-session questions that I’ll answer throughout the webinar. You can ask me anything that is on your mind and if I cannot get to your question, I’ll do my best to answer you afterwards in an email.
I hope to continue to do these webinars for the foreseeable future and I would like to end my post by thanking each and every one of you who has participated in my webinars over the years. It has been a pleasure, and I look forward to answering your questions.
Take care, stay healthy, and keep on smiling!
Jon
The post Ask Me Anything – Celebrating The Fifth Anniversary Of My Monthly Threat Webinar appeared first on .
Trend Micro is excited to launch new Trend Micro Cloud One – Conformity capabilities that will strengthen protection for Azure resources.
As with any launch, there is a lot of new information, so we decided to sit down with one of the founders of Conformity, Mike Rahmati. Mike is a technologist at heart, with a proven track record of success in the development of software systems that are resilient to failure and grow and scale dynamically through cloud, open-source, agile, and lean disciplines. In the interview, we picked Mike’s brain on how these new capabilities can help customers prevent or easily remediate misconfigurations on Azure. Let’s dive in.
What are the common business problems that customers encounter when building on or moving their applications to Azure or Amazon Web Services (AWS)?
The common problem is there are a lot of tools and cloud services out there. Organizations are looking for tool consolidation and visibility into their cloud environment. Shadow IT and business units spinning up their own cloud accounts is a real challenge for IT organizations to keep on top of. Compliance, security, and governance controls are not necessarily top of mind for business units that are innovating at incredible speeds. That is why it is so powerful to have a tool that can provide visibility into your cloud environment and show where you are potentially vulnerable from a security and compliance perspective.
Common misconfigurations on AWS are an open Amazon Elastic Compute Cloud (EC2) or a misconfigured IAM policy. What is the equivalent for Microsoft?
The common misconfigurations are actually quite similar to what we’ve seen with AWS. During the product preview phase, we’ve seen customers with many of the same kinds of misconfiguration issues as we’ve seen with AWS. For example, Microsoft Azure Blobs Storage is the equivalent to Amazon S3 – that is a common source of misconfigurations. We have observed misconfiguration in two main areas: Firewall and Web Application Firewall (WAF),which is equivalent to AWS WAF. The Firewall is similar to networking configuration in AWS, which provides inbound protection for non-HTTP protocols and network related protection for all ports and protocols. It is important to note that this is based on the 100 best practices and 15 services we currently support for Azure and growing, whereas, for AWS, we have over 600 best practices in total, with over 70 controls with auto-remediation.
Can you tell me about the CIS Microsoft Azure Foundation Security Benchmark?
We are thrilled to support the CIS Microsoft Azure Foundation Security Benchmark. The CIS Microsoft Azure Foundations Benchmark includes automated checks and remediation recommendations for the following: Identity and Access Management, Security Center, Storage Accounts, Database Services, Logging and Monitoring, Networking, Virtual Machines, and App Service. There are over 100 best practices in this framework and we have rules built to check for all of those best practices to ensure cloud builders are avoiding risk in their Azure environments.
Can you tell me a little bit about the Microsoft Shared Responsibility Model?
In terms of shared responsibility model, it’s is very similar to AWS. The security OF the cloud is a Microsoft responsibility, but the security IN the cloud is the customers responsibility. Microsoft’s ecosystem is growing rapidly, and there are a lot of services that you need to know in order to configure them properly. With Conformity, customers only need to know how to properly configure the core services, according to best practices, and then we can help you take it to the next level.
Can you give an example of how the shared responsibility model is used?
Yes. Imagine you have a Microsoft Azure Blob Storage that includes sensitive data. Then, by accident, someone makes it public. The customer might not be able to afford an hour, two hours, or even days to close that security gap.
In just a few minutes, Conformity will alert you to your risk status, provide remediation recommendations, and for our AWS checks give you the ability to set up auto-remediation. Auto-remediation can be very helpful, as it can close the gap in near-real time for customers.
What are next steps for our readers?
I’d say that whether your cloud exploration is just taking shape, you’re midway through a migration, or you’re already running complex workloads in the cloud, we can help. You can gain full visibility of your infrastructure with continuous cloud security and compliance posture management. We can do the heavy lifting so you can focus on innovating and growing. Also, you can ask anyone from our team to set you up with a complimentary cloud health check. Our cloud engineers are happy to provide an AWS and/or Azure assessment to see if you are building a secure, compliant, and reliable cloud infrastructure. You can find out your risk level in just 10-minutes.
Get started today with a 60-day free trial >
Check out our knowledge base of Azure best practice rules>
Do you see value in building a security culture that is shifted left?
Yes, we have done this for our customers using AWS and it has been very successful. The more we talk about shifting security left the better, and I think that’s where we help customers build a security culture. Every cloud customer is struggling with implementing earlier on in the development cycle and they need tools. Conformity is a tool for customers which is DevOps or DevSecOps friendly and helps them build a security culture that is shifted left.
We help customers shift security left by integrating the Conformity API into their CI/CD pipeline. The product also has preventative controls, which our API and template scanners provide. The idea is we help customers shift security left to identify those misconfigurations early on, even before they’re actually deployed into their environments.
We also help them scan their infrastructure-as-code templates before being deployed into the cloud. Customers need a tool to bake into their CI/CD pipeline. Shifting left doesn’t simply mean having a reporting tool, but rather a tool that allows them to shift security left. That’s where our product, Conformity, can help.
The post Knowing your shared security responsibility in Microsoft Azure and avoiding misconfigurations appeared first on .
The introduction of the MITRE ATT&CK evaluations is a welcomed addition to the third-party testing arena. The ATT&CK framework, and the evaluations in particular, have gone such a long way in helping advance the security industry as a whole, and the individual security products serving the market.
The insight garnered from these evaluations is incredibly useful. But let’s admit, for everyone except those steeped in the analysis, it can be hard to understand. The information is valuable, but dense. There are multiple ways to look at the data and even more ways to interpret and present the results (as no doubt you’ve already come to realize after reading all the vendor blogs and industry articles!) We have been looking at the data for the past week since it published, and still have more to examine over the coming days and weeks.
The more we assess the information, the clearer the story becomes, so we wanted to share with you Trend Micro’s 10 key takeaways for our results:
1. Looking at the results of the first run of the evaluation is important:
|
|
|
|
2. There is a hierarchy in the type of main detections – Techniques is most significant
|
|
https://attackevals.mitre.org/APT29/detection-categories.html
3. More alerts does not equal better alerting – quite the opposite
|
|
4. Managed Service detections are not exclusive
|
|
5. Let’s not forget about the effectiveness and need for blocking!
|
|
6. We need to look through more than the Windows
|
|
7. The evaluation shows where our product is going
|
|
8. This evaluation is helping us make our product better
|
|
9. MITRE is more than the evaluation
|
|
10. It is hard not to get confused by the fud!
|
|
The post Trend Micro’s Top Ten MITRE Evaluation Considerations appeared first on .
Over the past three decades, we’ve had time at Trend Micro to observe the industry trends that have the biggest impact on our customers. And one of the big things we’ve seen is that threats move largely in tandem with changes to IT infrastructure. This matters today because most organizations are transforming the way they run and manage their infrastructure—a daunting task on its own.
But with digital transformation also comes an expanded corporate attack surface, driving security leaders to demand enhanced visibility, detection & response across the entire enterprise — this is not just about the endpoint.
Transforming business
Over the past five years, there has been a major shift in the way IT infrastructure is delivered, and with that shift, increasing complexity. A big part of this change has been the use of the cloud, reflected in Gartner’s prediction that the market will grow to over $266 billion in 2020. Organizations everywhere are leveraging the cloud and DevOps to rapidly deliver new and differentiated applications and services for their customers, partners and employees. And the use of containers and microservices across a multi-cloud and hybrid environment is increasingly common.
In addition to leveraging public cloud services like IaaS, organizations are also rapidly adopting SaaS applications like Office 365, and expanding their use of mobile and collaborative applications to support remote working. Some are even arguing that working patterns may never be the same again, following the changes forced on many employers by the Covid-19 pandemic.
Combine these changes with networks that continue to extend to include branch offices and add new areas to protect like operational technology including industrial systems, and we can certainly see that the challenges facing the modern enterprise look nothing like they did a few years ago.
Under fire, under pressure
All of these infrastructure changes make for a broader attack surface that the bad guys can take advantage of, and they’re doing so with an increasingly wide range of tools and techniques. In the cloud there is a new class of vulnerabilities introduced through a greater use of open source, containers, orchestration platforms, supply chain applications and more. For all organizations, the majority of threats still prey upon the user, arriving via email (over 90% of the 52.3 billion we blocked in 2019), and they’re no longer just basic phishing attempts. There’s been an uptick in fileless events designed to bypass traditional security filters (we blocked 1.4 million last year). And Business Email Compromise (BEC) and ransomware continue to evolve, the latter causing major outages across local government, healthcare and other vulnerable sectors.
Organizations are often left flat-footed because they don’t have the in-house skills to secure a rapidly evolving IT environment. Mistakes get made, and configuration errors can allow the hackers to sneak in.
Against this backdrop, CISOs need visibility, detection and response capabilities across the extended enterprise. But in too many cases, teams are struggling because they have:
|
|
Beyond the endpoint
While endpoint detection and response (EDR) has become a popular response to some of these problems over recent years, the reality is that cyber-attacks are rarely straightforward and limited to the endpoint (as noted in the email statistic above). Security teams actually need visibility, detection, and response across the entire IT environment, so they can better contextualize and deal with threats.
This is what Trend Micro XDR offers. It provides visibility across not just endpoints but also email, servers, cloud workloads and networks, applying AI and expert security analytics to correlate and identify potential threats. The result is fewer, higher fidelity alerts for stretched IT security teams to deal with. Recognizing the skills shortage reality, we also offer a managed XDR service that augments in-house SOC activities with the power of Trend Micro security experts.
Detection and response is too important to be limited to the endpoint. Today’s CISOs need visibility, detection, and response everywhere.
The post Why CISOs Are Demanding Detection and Response Everywhere appeared first on .