[From the desk of Paul Davis – his opinions and no-one else’s]
Apart from the reporter’s opinions 😉
So onto the news:
What are the benefits of a having a CISO title in an organization?
According to a Threat Track Security survey, companies that employ a CISO are significantly more aware of security threats and more confident about their ability to defend against attacks.
The CISO title does matter as long as the CISO earns management support with recurring communication, aligns security initiatives to business objectives and uses a proven security framework retrofitted to the enterprise. Can an information security director or manager accomplish the same without the title? Of course, but it would be less of a Sisyphean struggle.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=f2e42842bd&e=20056c7556 (http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=a491781843&e=20056c7556(UserUniverse:%201522338)_myka-reports@techtarget.com&utm_source=ERU&src=5388751)
China-based hackers used Microsoft’s TechNet for attacks
Microsoft has taken steps to stop a China-based hacking group from using its TechNet website as part of its attack infrastructure, according to security vendor FireEye.
APT17 — nicknamed DeputyDog — created accounts on TechNet and then left comments on certain pages. Those comments contained the name of an encoded domain, which computers infected by the group’s malware were instructed to contact.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=3e09e45fee&e=20056c7556
Cyber Security Cited As Number One Risk To The Financial Markets, According To Most Recent DTCC Study – Almost Half Of Market Participants Cite Cyber Security As The Top Threat, Up From Just 24% One Year Ago
The Depository Trust & Clearing Corporation (DTCC), the premier post-trade market infrastructure for the global financial services industry, today announced that almost half of the respondents (46%) in its most recent Systemic Risk Barometer Study cited cyber security as their top concern and 80% of respondents rated it as a top 5 risk overall.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=22ea8fdffe&e=20056c7556
The slow death of static security detections: Beginning of SIEM deployments
The problem is that there’s a cyber security skills shortage. How many security colleagues do you know that have that have had a data breach If There are re will be In large enterprises, the security information and event management (SIEM) system is collecting 10,000 alerts per day from security point solutions and of those; maybe 8 or 9 percent are not false-positives or false-negatives. This means that about 800 are alerts that should be followed up on by the incident response (IR) team. But who does that? The security team in most organizations simply isn’t large enough to handle the volume. So the IR team has to manually prioritize 800 alerts per day.
In summary, while the comparison breaks down pretty quickly, just like the Victor Champion, today’s SIEM is best at processing mathematical data inputs. Computers take this one step further because they can be programed to perform statistical and mathematical correlations understanding traffic spikes, watching for beaconing hosts or seeing pre-defined relationships in data. This is what it was built for. The SIEM was not built to handle logical data correlations. These are best handled by a human being. The human brain is best at taking into account identities, additional circumstances and context.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=230ff208da&e=20056c7556
Google Network Security Sans Perimeter
Leading-edge network architecture called BeyondCorp is a sign of things to come With BeyondCorp, all users and devices reside on a quasi-public network, so no LANs, VPNs, etc., and all users and devices must be authenticated before being granted access to applications and IT services. User authentication requires multiple factors, not just user name and passwords, while all devices are managed and approved as they are instrumented with digital certificates tied to each systems Trusted Platform Module (TPM). Upon authentication, all devices are then assigned to network segments (VLANs) based upon business and security policies in order to restrict them to only those network assets necessary to do their jobs. Finally, all network traffic between clients and applications is encrypted by an externally-facing network proxy.
On the back end, all externally-facing applications reside on semi-public networks with private address spaces and all applications have services for things like load balancing, global reachability, and DDoS protection. Aside from user and device authentication for network protection, each application is protected with entitlement policies that makes authorization decisions based upon the user, device, user group, artifacts on the device, and device location. In other words, application access and usage is dynamically controlled based upon risk factors.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=bef4d17de6&e=20056c7556
Survey Finds: Cyber Attacks are Highest Monday Mornings
Research in the annual NTT 2015 Global Threat Intelligence Report shows a massive increase in malware detections on Monday mornings when users reconnect their devices to the corporate network.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=4274da40e5&e=20056c7556
============================================================
Feedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)
If someone forwarded this email to you and you want to be added in,
please click this: ** Subscribe to this list (http://paulgdavis.us3.list-manage.com/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)
** Unsubscribe from this list (http://paulgdavis.us3.list-manage.com/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=1346fe1c72)
** Update subscription preferences (http://paulgdavis.us3.list-manage.com/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)