The Digital Insider | Category: Digital Security

Secure out-of-band console and power management for Check Point security gateways – CyberTalk

Contributed by WTI as part of Check Point’s CPX silver-level partner sponsorship opportunity. WTI is an industry leader in out-of-band network management.

Nobody has time to drive to a site when an ISP drops service or you simply need to reconfigure and/or reboot a switch, router or firewall. Your time is too valuable not to have an out-of-band solution in place. WTI out-of-band solutions comes with a cellular connect and fallback option that gives you secure remote access to console ports as well as control of individual power outlets when your network services are disrupted.

WTI out-of-band management solutions

WTI engineers and manufactures secure out-of-band management solutions for local and globally deployed networks. WTI out-of-band products are designed to ensure uninterrupted access to network devices and services by providing solutions to quickly and effectively respond to problems at distant or hard to reach equipment sites. When a router, switch or security appliance becomes inaccessible and interrupts network services, WTI out-of-band solutions provide redundant, remote console port management and power switching/reboot control to regain access and restore services in mission critical applications.

Even when the network is down, WTI out-of-band console server solutions can provide secure connectivity over primary and secondary ethernet and cellular LTE connections, allowing remote access to console ports and power control functions.

In addition, WTI DevOps allows administrators to configure, deploy and orchestrate WTI out-of-band management solutions across your entire network for automated provisioning, monitoring and disaster recovery of critical infrastructure. Features such as RESTful API, Ansible Playbooks and Python Scripting are supported.

Check Point Software Technologies and WTI

WTI offers a comprehensive out-of-band management strategy for Check Point Security Gateways, allowing your NOC to deal with equipment outages and resulting interruptions of network communication without the need to dispatch support teams to remote branch offices and data centers.

During network outages, WTI’s console server products allow you to establish remote out-of-band connections to console ports on security gateways via secure, authenticated communication protocols. If a reboot is needed, WTI Switched PDU products can provide remote out-of-band access to power switching functions at distant equipment sites. WTI also offers a combination console server plus switched PDU unit for applications that require both out-of-band console access and power reboot control.

WTI out-of-band centralized management provides access and control for all of your network devices, allowing for console data from multiple Check Point devices spread over a global network to be monitored, logged and available to administrators, simplifying the challenge of managing a large number of remote devices while minimizing resources.

With multiple connectivity options, WTI console servers including 4G LTE and/or dual Gigabit Ethernet ports can provide secure access to advanced DNS functions when primary and/or secondary ISP connections are switched or disconnected. WTI’s dual ethernet console servers allow you to remotely configure primary and secondary DNS settings and set up IP tables to maximize availability of security gateways during network outages, ensuring seamless transfers between primary and secondary ISPs. The optional 4G LTE internal modem provides a secure additional alternate path for out-of-band connectivity using security protocols such as IPSec and OpenVPN.

About WTI

WTI designs and manufactures Secure Out-of-Band Management Solutions for local and globally deployed networks. WTI provides redundant OOB console access and power control to mission critical infrastructure … even when the network is down. WTI products can be purchased factory direct and through various channel partners worldwide. Since 1964, WTI has maintained local in-house manufacturing, engineering and technical support. Learn more at www.wti.com.

About Check Point Software Technologies, Ltd.

Check Point Software Technologies Ltd. (www.checkpoint.com) is a leading AI-powered, cloud-delivered cyber security platform provider protecting over 100,000 organizations worldwide. Check Point leverages the power of AI everywhere to enhance cyber security efficiency and accuracy through its Infinity Platform, with industry-leading catch rates enabling proactive threat anticipation and smarter, faster response times. The comprehensive platform includes cloud-delivered technologies consisting of Check Point Harmony to secure the workspace, Check Point CloudGuard to secure the cloud, Check Point Quantum to secure the network, and Check Point Infinity Core Services for collaborative security operations and services.

WTI out-of-band management solutions provide Check Point security gateways with:

In-band and out-of-band console access from anywhere.
Remotely reconfigure, revive and restore gateways via SSH.
Connect via ethernet or cellular 4G LTE with optional failover.
Power cycle and monitoring capabilities.
Faster network issue resolution.

Application example

Challenge: Provide secure, authenticated access to configuration parameters on console ports on Check Point security gateways during outages.

Answer: WTI console servers with dual gig ethernet ports ensure secure console port connections via primary and secondary ethernet as well as OOB access via optional LTE cellular modem.

Results: If the primary in-band network fails, admins can initiate secure SSH connections to security gateway console ports via out-of-band, allowing access to configuration parameters and other data used to troubleshoot unresponsive devices and revive network services.

In conclusion, WTI out-of-band management solutions empower your team to regain control quickly and reduce network disruptions. Are you ready to save time, energy and resources? Let’s discuss how WTI can help!

The MSSP perspective: CISO insights into stronger security – CyberTalk

Gary Landau has been leading IT and information security teams for over 25 years as part of startups as well as large global organizations. He is currently a Virtual Field CISO with Unisys Security Services, where he supports companies in many different industries. His mantra is “keep making it better” and he is passionate about continuously improving system reliability, performance, and security.

In this interview, Gary Landau unpacks valuable ideas, processes and solutions that can help businesses succeed in becoming more cyber secure. This is a fascinating read for any security professional eager to make an impact.

What are the most significant cyber security threats that your clients are currently facing?

The main cyber security threats most customers are worried about are AI and deepfakes. But where they really should be worried is around the basics — things like vulnerability management and credential protection.

As security protections have improved, I see more attacks around credentials — making credential protection and identity proofing more essential for our customers. There’s an adage that attackers don’t break in, they log-in. We’ve recently seen a lot more sophisticated fraud and credential-based attacks, especially due to improvements in AI.

We also see concerns about service desks needing to be more sophisticated in how they’re doing identity proofing, so that the service desks are not duped into resetting passwords for non-legitimate callers. In fact, a lot of organizations are starting to eliminate password resets by service desks altogether in favor of more sophisticated and automated identity proofing and password reset solutions.

Can you describe your customers? Is there a typical profile that you serve?

Our customers tend to be medium-to-large enterprises, and they can be in the public or private sector. There isn’t a single vertical that we focus on — we have customers from different industries. I’ve helped our customers in state and local governments and global enterprises — many different verticals. I’ve also spent recent years working with higher education institutions.

In your experience, what are the primary drivers that compel organizations to seek out MSSP services?

One unfortunate driver has been organizational breaches or attacks. Sadly, some organizations don’t realize that they need MSSP services like ours until after they are breached or have their business disrupted. In many cases, organizations aren’t benefiting or saving money by trying to manage all of their security in-house. In many instances, organizations have tools that they just don’t fully utilize because they don’t have the experienced nor trained staff to manage them. Also, maintaining the right staffing levels in-house can be challenging. In those cases, there is no advantage to keeping those services in-house. It becomes less expensive and more efficient to use an MSSP than to try and maintain that internal expertise. Plus, by using an MSSP, organizations have coverage even if their in-house staff turns over.

Can you walk us through your approach to assessing an organization’s cyber security needs and tailoring your services accordingly?

We have a three step approach, which starts with assessing the organization — and usually it’s based on some sort of security framework. I like the NIST frameworks, like NIST 800-53 and CSF. From the assessment we identify their security gaps and needs. We then propose and implement solutions to address those gaps. Lastly, we continually manage those solutions to make sure the security improvements are sustained. So, it’s an “assess,” “implement,” and “manage” approach.

How does your MSSP ensure the highest levels of security and compliance for clients across different industries, especially given differing regulatory requirements?

Since budgets typically aren’t unlimited, it’s about managing risk to an acceptable level for that organization. We recommend and strive to configure systems according to stringent security benchmarks, such as the NIST frameworks/standards or the CIS benchmarks. Then, irrespective if those benchmarks are for cloud environments or OS configuration settings, we will continuously improve those security settings for our clients to the point where we’re reaching 100% compliance with those recommendations.

Is it correct that cloud security is a specialty of Unisys?

It is. And it’s been a special focus of mine as well. Our focus is on helping businesses improve their services and a big driver is application modernization. What I mean by that is not just moving to the cloud, but modernizing their infrastructure, application processes, and security posture by refactoring legacy systems in the cloud. This helps make them more efficient while also making them more secure. Part of that security in the cloud is aided by our partnership with Check Point, which provides us with a CNAPP.

Could you share a bit about your partnership with Check Point and how that assists your enterprise?

Providing a comprehensive and effective solution requires people, processes and technologies. At Unisys, we have the skilled people and the effective processes, but we need a partner, Check Point, to provide that technology. It takes all three.

The rise of deepfake scams: How AI is being used to steal millions – CyberTalk

By Edwin Doyle, Global Cyber Security Strategist.

In a world increasingly reliant on artificial intelligence, a new threat has emerged: deepfake scams. These scams utilize AI-generated audio and video to impersonate individuals, leading to sophisticated and convincing fraud. Recently, in a first-of-its-kind incident, a deepfake scammer walked off with a staggering $25 million, highlighting the urgent need for awareness and vigilance in the face of this emerging threat.

Deepfakes are AI-generated media, often videos, that depict individuals saying or doing things they never actually said or did. It’s not the real individuals on screen, but rather computer-generated models of them. While deepfake technology has been used for entertainment and artistic purposes, such as inserting actors into classic films or creating hyper-realistic animations, it has also been leveraged for malicious activities, including fraud and misinformation campaigns.

In the case of the recent $25 million heist, threat actors used deepfake technology to impersonate a high-ranking executive within a large corporation. By creating a convincing video message, using digitally recreated versions of the company’s CFO & other employees, the scammer was able to instruct the only “real employee” on the video call to transfer funds to offshore accounts, ultimately leading to the massive loss. This incident underscores organizations’ vulnerability to sophisticated cyber attacks and the need for robust security measures.

One of the key challenges posed by deepfake scams is their ability to deceive even the most cautious individuals. Unlike traditional phishing emails or scam calls, which often contain obvious signs of fraud, deepfake videos can be incredibly convincing, making it difficult for people to discern fact from fiction. This makes it crucial for organizations to implement multi-factor authentication and other security measures to verify the identity of individuals requesting sensitive information or transactions.

Furthermore, the rise of deepfake scams highlights the need for increased awareness and education surrounding AI-based threats. As AI technology continues to advance, so too do the capabilities of malicious actors. It is essential for individuals and organizations alike to stay informed about the latest developments in AI and cyber security and to take proactive steps to protect themselves against potential threats.

In response to the growing threat of deepfake scams, researchers and security experts are working to develop new tools and techniques to detect and mitigate the impact of deepfake technology. These efforts include the development of AI algorithms capable of identifying and flagging deepfake content, as well as the implementation of stricter security protocols within organizations to prevent unauthorized access to sensitive information.

To avoid falling victim to deepfake scams, individuals and organizations can take several proactive steps. First, it’s crucial to verify the authenticity of any requests for sensitive information or transactions, especially if they come from a high-ranking executive or trusted source. This can be done by using multi-factor authentication, contacting the requester through a separate communication channel to confirm the request.

One limitation of this scam is that AI can’t yet recreated the back of a person’s head, so simply asking participants to turn around will reveal their digitally created images. Also, asking participants personal questions might also reveal the limitations of the threat actors’ research.

In terms of cyber security, Check Point plays a crucial role in protecting individuals and organizations from deepfake scams. With a focus on innovative solutions and a dedication to safeguarding users, Check Point stands out as a leader in combating this evolving threat. By providing advanced threat intelligence, network security, and endpoint protection, Check Point enables users to detect and address the risks associated with deepfake technology. Through collaboration with Check Point, individuals and organizations can implement proactive measures to defend against these kinds of scams, contributing to a safer digital landscape for everyone.

Additionally, individuals can stay informed about the latest trends in deepfake technology and cyber security by following reputable sources and participating in training programs.

To receive cutting-edge cyber insights, groundbreaking research and emerging threat analyses each week, subscribe to the CyberTalk.org newsletter.

10 benefits of using cyber security managed services

EXECUTIVE SUMMARY:

Three quarters of CEOs (74%) are concerned about their business’s ability to avert or limit damage from a cyber attack. Although most executives recognize the role of cyber security in maintaining organizational stability, some are instructing security admins to delay cyber security maintenance and upgrades due to resource constraints.

In the long run, this can imperil a business. For organizations that are struggling to prevent threats, to implement innovative technologies and to reduce capital expenditures, managed security service providers (MSSPs) represent a pragmatic and powerful solution.

MSSPs offer comprehensive expertise and cyber security provisioning, allowing businesses to direct internal resources back towards core operations. In this article, discover the benefits of using cyber security managed services. Find out about how to dramatically improve cyber security while cutting costs and more.

10 cyber security managed services benefits

1. Get expertise on demand. An MSSP offers access to a pool of elite cyber security practitioners who are constantly monitoring the threat landscape and up-to-date on the latest cyber security best practices. These individuals can offer small and medium sized businesses the same level of expertise that’s accessible to a large corporation with a healthy budget.

2. 24/7/365 threat monitoring. Cyber attacks can occur at any hour of the day, during any day of the week. An MSSP provides around-the-clock security monitoring, ensuring that your organization is protected 100% of the time. Leveraging an MSSP is like having a security guard stationed outside of your perimeter 24/7 – ever vigilant and continuously ready to respond to suspicious activity.

3. Proactive threat detection & response. MSSPs leverage advanced security tools and threat intelligence – in other words, a highly sophisticated technology stack – to identify and respond to potential breaches before they occur.

Specifically, MSSPs often use Security Information and Event Management (SIEM) solutions to stop threats before they can cause any damage.

4. Compliance assistance. MSSPs can relieve the strain that is adhering to increasingly complex requirements across divergent geographic locales and market sectors. They effectively reduce the risk that is non-compliance, which can result in fines, reputational damage and legal action.

5. Vulnerability management & patching. An MSSP can bring focus and follow-through to vulnerability identification and patch management. They can prioritize risks and streamline patching processes, relieving your team of hundreds of hours of labor.

An MSSP will hold itself accountable for patching swiftly, so that your team can focus on core business operations, not on vulnerabilities.

6. Improved incident response. In the event of a cyber attack, an MSSP can provide a pre-defined incident response plan and a battle-tested roadmap, minimizing damage and operational downtime.

The MSSP acts as an extension of your own team, but saves you from the cyber security and IT headache. The service provider simply restores normalcy while keeping you informed and in control.

7. Scalability. As your organization expands through mergers and acquisitions or adopts new technologies, an MSSP can seamlessly adapt. An MSSP can secure a growing network (employees, devices, cloud resources), without forcing your organization to pursue a security overhaul.

8. Access to advanced technologies. MSSPs leverage state-of-the-art technologies and threat intelligence, which can be costly for individual organizations to buy and manage on their own.

An MSSP provides an organization with the same firepower as is available to industry giants, without the burden of managing complex technologies in-house.

9. Improved security awareness. Level-up your human firewall. MSSPs go beyond technology to address the human element of cyber security. Their engaging employee training programs can equip a workforce to identify and block phishing attacks, social engineering threats and other common threats.

10. Cost-effectiveness. MSSPs offer predictable monthly costs, which are sometimes lower than building an in-house team from scratch. This translates to efficient security budgeting, allowing for the scaling of defenses without spiraling expenses.

Selecting cyber security managed services

Finding the right MSSP requires a thoughtful and strategic approach. For instance, be sure to understand your own organization’s cyber security needs. Consider aligning them with an MSSP’s strengths. In turn, this will enable you to build a robust defense; one that protects your organization from relevant threats.

Ready to embark on this journey? If interested in learning more about cyber security managed services, please see this thought leadership article featuring Check Point expert Tony Sabaj.

To receive cutting-edge cyber insights, groundbreaking research and emerging threat analyses each week, subscribe to the CyberTalk.org newsletter.

Why enterprises are going hybrid and returning to colo! – CyberTalk

By Ervin Suarez, Security Engineer for Cable and Colocation Accounts, Check Point Software Technologies.

I’ve been closely observing a fascinating shift in the IT landscape and wanted to share some insights with all of you, especially given how these changes could impact our industry.

Lately, there’s been a noticeable shift among enterprises back towards colocation (colo) services, while they’ve simultaneously embraced hybrid cloud models. This trend is intriguing and speaks volumes about the evolving needs and strategies of businesses when it comes to managing IT infrastructure.

Why the shift, you might ask?

Cost efficiency: The reality is, while cloud services offer unmatched scalability, they can also escalate costs for specific workloads or data-intensive operations. Colocation offers a more predictable expense model, which is especially appealing for operations with stable demand.

Enhanced control and security: With colocation, businesses gain direct control over their physical servers, a non-negotiable for industries under tight regulatory scrutiny. This control translates into superior compliance and security, aligned with stringent industry standards.

Optimized performance: By strategically choosing colo sites, enterprises can drastically reduce latency for critical applications, ensuring high-performance outputs that cloud environments can sometimes struggle to match.

Flexibility and scalability: The hybrid model shines by offering the best of both worlds – colo for critical, stable workloads and cloud services for scalable, flexible needs. This balance is crucial for businesses that aim to maintain agility without compromising on reliability.

Robust business continuity: Distributing resources between colo and cloud environments enhances disaster recovery strategies, leveraging colo’s inherent infrastructure resilience and reliability.

Compliance with data sovereignty: In an era where data privacy reigns supreme, colocation facilities offer a strategic advantage by allowing businesses to physically host data within required jurisdictions, meeting stringent regulatory demands head-on.

What does this mean for us?

The resurgence in colocation interest, alongside a robust adoption of hybrid cloud strategies, indicates a balanced, pragmatic approach to digital infrastructure management. Businesses are seeking to optimize costs without sacrificing control, performance, or compliance.

We’re also seeing increasing collaborations between cloud and colo providers, simplifying the transition to hybrid models for enterprises. This partnership ecosystem paves the way for innovative solutions, making hybrid strategies more accessible and effective.

Innovations in networking and connectivity continue to blur the lines between colo and cloud, enabling more seamless management of distributed IT resources.

As we navigate these changes, it’s clear that flexibility, strategic planning, and an eye for optimization are key to leveraging the best of both colo and cloud worlds. The move towards hybrid infrastructures isn’t just a trend; it’s a strategic realignment of IT resources to better meet the demands of modern business operations.

This shift is supported by several trends and developments in the industry:

1. Resurgence of colocation: Colocation is becoming crucial again as companies become increasingly dependent on robust IT infrastructure to manage the growing volume of data. Traditional colocation provides reliable and secure options for IT infrastructure, which is critical given the rising importance of data privacy and security. Colocation solutions offer businesses a way to protect their data, ensure high availability, and achieve resilience while saving on capital expenditure and operational costs. This is because colocation allows businesses to leverage existing, well-maintained infrastructures which would otherwise require significant upfront investment (Datacenters).

2. Hybrid cloud flexibility: Hybrid cloud models are being recognized for their ability to provide agility and flexibility in the technology stack. This model allows enterprises to not only meet their current technological needs but also prepare for future demands. The hybrid cloud’s capacity to integrate edge computing with cloud architectures enables more businesses to adopt this technology. It effectively lowers latency, reduces bandwidth requirements, and enhances resiliency against network outages. This adoption is visible across various sectors, including telecommunications, retail, manufacturing, and energy, indicating a broad-based validation of the hybrid cloud’s value (The Enterprisers Project).

3. Multi-cloud and vendor-neutral environments: Enterprises are also moving towards a more vendor-neutral approach in their cloud and colocation strategies. This shift is partly due to the need to avoid vendor lock-in, which can limit flexibility and control. The hybrid and multi-cloud architectures, comprised of combinations of public clouds, private clouds, and colocation data centers, allow enterprises to tailor their IT infrastructure to meet specific needs while ensuring that they can manage and integrate various cloud services effectively (PacketFabric).

In summary, the trends towards colocation and hybrid cloud are driven by a need for cost efficiency, control, security, flexibility, and strategic deployment of IT resources. These models not only help with optimizing current operations, but also assist with scaling future technologies and infrastructure needs. Enterprises are increasingly aware of these benefits and are adjusting their IT strategies to leverage colocation and hybrid cloud solutions as part of their broader digital transformation initiatives.

I’m keen to hear your thoughts and experiences on this shift. How do you see the hybrid model shaping the future of IT infrastructure in your field?

Managed firewall as a service – How secure is your data center?

As we navigate through the evolving landscape of IT infrastructure, with a noticeable shift towards colocation services and hybrid cloud models, I’m thrilled to share a bit about how Check Point Software is leading the way in enhancing security within these environments.

We’ve recently launched an innovative offering, Firewall as a Service (FWaaS), specifically designed to bolster the security posture of businesses leveraging colocation facilities.

Why Check Point’s FWaaS?

In the world of colocation, where businesses seek the perfect balance between control, cost, and flexibility, Check Point’s Managed Firewall as a Service stands out as a beacon of security excellence.

We understand the complexities of managing IT infrastructure across colo and cloud environments. That’s why we’ve introduced a solution that simplifies data center workflow orchestration and scales security on-demand, akin to spinning up servers in the cloud.

Our Managed FWaaS is not just a product, but a comprehensive security ecosystem. It’s designed to integrate seamlessly with your existing security infrastructure, protecting both private and public network services from a plethora of threats that can undermine your business.

With a 98.8% catch rate, our service ensures unparalleled protection against cyber security threats, providing peace of mind in an era where security breaches are all too common.

What sets Check Point apart?

Ease of integration: Customers within a colocation facility can effortlessly connect to Check Point’s infrastructure, gaining access to a managed security cluster that’s fully maintained by our team of experts.

Comprehensive security: Our service covers all bases, from Firewall, VPN, IPS, application control, content awareness, URL filtering, anti-bot, anti-virus, anti-spam, threat emulation, to threat extraction. We manage and monitor everything, alerting you to high and critical events, ensuring your infrastructure remains secure against evolving threats.

Fully managed solution: Let our MSS experts take the wheel. We handle everything from initial setup, weekly operational changes, to yearly upgrades, allowing you to focus on core business functions without the hassle of managing security infrastructure.

Cyber insurance partnership: Recognizing the importance of comprehensive protection, we’ve partnered with Cysurance to offer cyber insurance, providing an extra layer of security and assurance for businesses in need.

Empower your security with Check Point’s FWaaS

Check Point’s Managed Firewall as a Service leverages our deep expertise to maintain your security assets, ensuring your business operates smoothly and securely, without the operational overhead. This allows organizations to scale up their security measures on-demand, mirroring the flexibility of public clouds but with the added benefit of Check Point’s industry-leading threat prevention and management.

In an era where businesses are increasingly leveraging colocation for its cost efficiency, flexibility, and enhanced control, Check Point provides a security solution that aligns perfectly with these needs. Our FWaaS offering ensures that businesses can enjoy the benefits of colocation and hybrid cloud models, with the confidence that their security is in the hands of the experts.

I’m excited about the possibilities this brings to our industry and am eager to discuss how we can support your business’s security needs in this changing landscape. Let’s embrace this shift together, with Check Point ensuring that our journey is secure.

Is open source under siege? – CyberTalk

EXECUTIVE SUMMARY:

The recent discovery of a backdoor in XZ Utils, a core compression utility embedded in countless Linux systems, has sent shockwaves through the cyber security community.

As journalist Kevin Roose of the New York Times pointed out in relation to the XZ Utils fiasco, in some places, the internet is held together by the digital equivalent of bubble gum and Scotch tape, and the inherent fragility is a draw for cyber criminals.

According to today’s joint alert issued by the Open Source Security Foundation (OpenSSF) and the OpenJS Foundation, the XZ Utils breach might not be an isolated incident.

Beyond XZ Utils: Broader concerns

The open source community has reported that at least three separate JavaScript projects have been targeted by unknown individuals.

While the details surrounding these projects remain scarce, the involvement of the OpenJS Foundation, a key player in fostering the development of popular JavaScript tools, noted that these projects underpin a significant portion of the modern web.

According to the alert, the attackers made suspicious update demands or requested admin access, indicating deliberate attempts to manipulate or gain control over these specific projects.

The growing threat landscape for OSS

Open source software (OSS) has been a driving force behind technological innovation. Yet, a single compromised project, especially one as widely used as XZ Utils, can have a ripple effect, impacting countless users and downstream applications.

The targeting of XZ Utils, and now JavaScript projects, highlights the level of vulnerability within the open source software development landscape.

The need for a multi-pronged approach

The recent incidents underscore the need for a multi-layered approach to securing minimally maintained open source projects. Here are key areas of focus:

Generally fortifying OSS security. The open source community needs to prioritize more intensive security measures, such as stricter code review processes, the adoption of secure coding practices, the development of stronger tools for vulnerability detection…etc. In addition, increased funding for open source initiatives is warranted in order to better secure under-resourced projects.
Collaboration and intelligence sharing. It might sound trite, but effective collaboration and communication between software developers, security researchers and government agencies can make a huge difference in threat prevention. Shared intelligence allows for a more coordinated response to any threats that arise.
AI-based tools. For example, Check Point’s Infinity AI capabilities can assist with securing open source code. Infinity can integrate with existing code scanning tools to perform static code analyses. In addition, its AI engines can analyze code for known vulnerabilities and potential weaknesses beyond simple syntax errors, identifying patterns indicative of backdoor insertions (like that used in the XZ Utils case).

A call to action for CISOs

The recent open source attacks also mean that CISOs and cyber security professionals must further enhance code-related security protection. Within individual organizations, CISOs should ensure that development teams are using secure coding practices; secure design, code reviews and testing.

CISOs can also integrate security into the software development lifecycle by performing regular software security assessments (static analysis, dynamic testing…etc). And there are many other ways in which CISOs can ensure the security of software – get more insights here.

For further details pertaining to the JavaScript story, please visit Reuters. Lastly, to receive cutting-edge cyber insights, groundbreaking research and emerging threat analyses each week, subscribe to the CyberTalk.org newsletter.

How to protect company data in the gig economy – CyberTalk

By Zac Amos, Features Editor, Rehack.com.

Hiring gig workers and freelancers has a lot of business benefits, allowing companies to utilize the contractors’ expertise while saving money. Unfortunately, the rise of the gig workforce also opens up a new problem for businesses: increased cyber security vulnerabilities.

If companies want to work with freelancers, they must understand the security issues that may arise and how to address them.

The need for secure collaboration

Industries across the board are increasingly leaning on the expertise and flexibility of freelancers and contractors, with about 57 million freelance workers in the U.S. — a number experts forecast to grow by 17% in the coming years.

While beneficial in many respects, this surge in remote, independent workforces also elevates the risks of data breaches and cyber security threats. For instance, gig workers often save and access data across a more diverse range of systems and networks, as these individuals may work for multiple clients with varying security protocols.

Notably, up to 91% of U.S. corporations face the challenge of losing laptops or other portable devices to theft or loss, underscoring the vulnerability of data in such work arrangements. Beyond the immediate loss, data breaches’ legal and reputational consequences can be severe. They can result in significant financial penalties, loss of customer trust and long-term damage to a company’s brand.

1. Implement access control measures

Companies can mitigate data exposure risks by implementing robust access control and permission systems. A startling statistic reveals that 87% of contractors retain access to accounts containing sensitive data from previous clients, highlighting a widespread oversight in managing access rights.

To address this, businesses must ensure that freelancers and contractors are granted strict access to the information and systems necessary for their specific tasks. This approach, often called the principle of least privilege, ensures that each individual has the minimum level of access to perform their job functions.

Companies can dramatically reduce the risk of unauthorized data access and potential breaches by regularly viewing and revoking access when they complete a project or when a contractor’s role changes. This practice protects sensitive information, aligns with data protection regulations and safeguards the company from legal repercussions.

2. Use of secure platforms for collaboration

Having secure and encrypted platforms through which to chat about and manage projects is vital for a successful digital workspace. These platforms protect sensitive information through encryption, making it harder for unauthorized individuals to access data.

For example, Slack, often used for team communication, and Asana, commonly used for project management, are known for their robust security measures, including data encryption in transit and at rest. By choosing such reputable platforms, companies can significantly reduce the risk of data breaches and ensure that their collaborations with freelancers and contractors are secure and efficient.

3. Regular security audits and compliance checks

Keeping a close eye on the systems and platforms freelancers use through regular security checks is imperative, especially considering that organizations worldwide detected a staggering 493 million ransomware attacks in 2022 alone. These audits help identify vulnerabilities and ensure that the digital tools and environments freelancers use meet the highest security standards.

Further, compliance checks are crucial in this process, as they verify that the freelancers and companies they work for adhere to relevant industry standards and regulations. Implementing these practices can help protect businesses against cyber threats and keep sensitive operations and data safe.

4. Secure file-sharing practices

Secure file-sharing methods, particularly those that utilize encryption, safeguard against unauthorized access and data breaches. These services encrypt files at rest and during transit and guarantee that only the intended recipient reads the data. In contrast, using unsecured methods — like standard mail attachments or non-encrypted file transfer services — expose sensitive information to potential intercepts and unauthorized users.

The benefits of secure alternatives go beyond protecting data. They also foster trust with clients and contractors by demonstrating a commitment to cyber security; complying with data protection laws and reducing the risk of costly data breaches. These advantages make encrypted file-sharing services an essential component of a company’s security strategy, especially in collaborations involving sensitive or proprietary information.

5. Education and training

Educating freelancers on cyber security best practices is critical, especially because phishing remains the most commonly reported cyber crime in the U.S., with over 300,000 cases in 2022. If freelancers and gig workers fall prey to phishing attempts, their direct access to company data and systems can result in data breaches and compromised systems.

Successful cyber attacks against anyone in a company — whether it’s an internal, full-time employee or the gig worker hired for one short project — threaten sensitive company information and can lead to significant financial losses and damage to the business’s reputation. Ensuring freelancers are well-informed about potential threats and how to avoid them is essential.

Implementing a brief training or orientation session on data security protocols can significantly mitigate risks. Such educational efforts can equip freelancers with the knowledge to recognize and respond to phishing attempts, secure their devices and networks, and adhere to password management and handling best practices.

Safeguarding data in freelance collaborations

A company is only as secure as its weakest link. Full-time employees may be supported by their IT team, but gig workers do not have unified cyber security standards to protect their data. Businesses must take proactive steps to ensure that freelancers and contractors secure any data they interact with. Adopting innovative practices, like using secure platforms and teaching freelancers about cyber security, is essential to keep the cyber attackers out, the data safe, and everyone collaborating smoothly.

For more cyber security thought leadership from Zac Amos, click here. Lastly, to receive cutting-edge cyber insights, groundbreaking research and emerging threat analyses each week, subscribe to the CyberTalk.org newsletter.

Leveraging the power of AI and cloud computing – CyberTalk

EXECUTIVE SUMMARY:

As cyber adversaries diversify their tactics and devise increasingly sophisticated attack methods, legacy cyber security tools may not be competent enough to block threats. As every cyber security professional knows, novel and sophisticated threats are among the most difficult to prevent or defend against.

That said, the convergence of artificial intelligence (AI) and cloud computing might just be a game-changer. Staying ahead of sophisticated threats requires new thinking, new strategies and sometimes, new tools.

In this article, explore the benefits of AI and cloud. See how these transformative technologies can strengthen cyber security, despite presenting a few small challenges. Plus, become acquainted with a comprehensive AI-powered, cloud-delivered security platform.

Artificial intelligence advantages

Previous generations of cyber security tools have relied on predefined rules to identify threats. In contrast, AI can learn and adapt. It recognizes anomalies and suspicious patterns that could easily escape human analysts. This allows for fast and more accurate threat detection, enabling security teams to respond to incidents quickly — at a pace that could actually prevent the threat from spreading or engendering further damage.

The cloud computing component

Cloud computing offers a secure and scalable platform for deploying AI-powered security solutions. On-premise infrastructure often lacks the processing power and storage capacity needed to train and run complex AI models.

The cloud, on the other hand, provides access to virtually limitless resources, allowing cyber security teams to scale security systems up or down, as needed. In addition, cloud-based AI solutions are readily available and can be deployed very efficiently, reducing the time it takes to implement strong cyber security measures.

AI and cloud computing

Within the cyber security domain, the synergy between AI and cloud computing creates a powerful force-multiplier for productivity and positive outcomes. Here’s a closer look at how AI and cloud work together:

Data collection and aggregation: Cloud platforms enable the collection and storage of vast amounts of security data from various sources, including network traffic logs, the endpoint and users.
AI-powered analysis: AI algorithms analyze the aforementioned data to identify threats, predict security incidents and uncover hidden patterns in attacker behavior.
Automated response: Security teams can leverage AI for automated responses. These include isolating compromised systems, blocking suspicious traffic, and triggering remediation efforts.

Benefits of AI and cloud computing for cyber security professionals

Reduced time to detection and response: AI can significantly reduce the time it takes to identify and respond to threats, minimizing the potential damage caused by cyber attacks.
Improved threat hunting: Security teams can utilize AI to proactively hunt for threats within their environments, uncovering hidden vulnerabilities and advanced persistent threats (APTs).
Enhanced security decision-making: AI provides valuable insights and recommendations, enabling security professionals to make more informed decisions when prioritizing security risks and allocating resources.
Reduced operational costs: Cloud-based AI eliminates the need for expensive on-premise infrastructure, reducing hardware and software costs associated with traditional security solutions.

Overcoming challenges of AI and cloud computing

While AI and cloud computing offer significant advantages for cyber security, there are also a handful of challenges to remain aware of:

Data security concerns: Security professionals need to ensure that sensitive data stored in the cloud is protected from unauthorized access. Implementing robust security controls and encryption solutions is crucial.
Explainability of AI decisions: Understanding how AI models arrive at their conclusions is essential for building trust within security teams. Implementing explainable AI (XAI) techniques can help address this concern.
Talent shortage: The cyber security industry already faces a skilled workforce shortage. Integrating AI into systems requires that professionals have experience in both cyber security and AI – a not-so-common combination as of yet. Organizations may need to provide training for employees to help bridge knowledge gaps.

Check Point Infinity: A powerful AI & cloud security platform

Check Point Infinity is a comprehensive cloud-delivered security platform that leverages the power of AI and advanced threat prevention technologies to secure organizations around the globe, around the clock.

Check Point Infinity’s AI-powered features, such as ThreatCloud intelligence and SandBlast Zero-Day Protection, enable security professionals to proactively block even the most sophisticated of cyber attacks.

By leveraging the power of AI and cloud computing, Check Point Infinity empowers security teams to strengthen their preventative measures and defenses, streamline security operations, and stay ahead of the most sophisticated threats.

For more insights into cyber security and AI, click here. Lastly, to receive cutting-edge cyber insights, groundbreaking research and emerging threat analyses each week, subscribe to the CyberTalk.org newsletter.

Key strategies for building cyber resilience in 2024 – CyberTalk

By Deryck Mitchelson, EMEA Field Chief Information Security Officer, Check Point Software Technologies.

Cyber resilience is more than just a buzzword in the security industry; it is an essential approach to safeguarding digital assets in an era where cyber threats are not a matter of “if” but “when”.

According to Check Point’s 2024 Cyber Security Report, in 2023 we witnessed a 90% increase in victims of ransomware attacks who were publicly extorted for compensation. While cyber security is a critical pathway through which to bypass ransomware, another dimension of the story that merits discussion is the resilience component.

Resilience encompasses the ability of an organization to maintain its core functions – not just in the immediate aftermath of attacks, but also during recovery from them. It is about being prepared for the inevitable breach, and recognizing that every system, no matter how robust, has potential vulnerabilities. Key strategies for building cyber resilience in 2024 – CyberTalk

Roughly 4 in 10 (39%) of global businesses say they aren’t resilient enough to handle a sophisticated cyber attack. As attack methods evolve and increasingly utilize artificial intelligence, the actual figure indicating lack of preparedness may prove much higher.

Some businesses may think they are well prepared if they have a secure perimeter, but resilience is less about the first line of defence, and more about how well businesses can absorb risk and cope with mounting threats. Fending off one attack does not equal resilience.

The essence of cyber resilience lies in its dual focus. On one hand, it involves fortifying operations against constant attacks, ensuring business continuity under what can be considered “normal” cyber warfare conditions.

On the other, it demands a robust strategy for post-breach scenarios. This means having a plan that goes beyond mere recovery, one that adapts and evolves in response to the incident. Such a strategy acknowledges that the digital landscape is a dynamic battlefield, where threats evolve and so must defences.

The role of leadership in cyber resilience

Leadership plays a pivotal role in shaping an organization’s approach to cyber resilience. It’s not just about having a technically sound cyber security team; it’s about fostering a culture where cyber resilience is ingrained in every decision and action. This starts at the top, with board members and executives who don’t just passively endorse cybersecurity strategies but actively engage with them.

Effective leaders understand that cybersecurity is not a siloed IT issue but a critical business function that impacts every aspect of the organization. They ensure that cyber security discussions are not relegated to the IT department alone but are a regular feature of boardroom conversations.

Moreover, leaders in this field recognize the importance of being proactive rather than reactive. They don’t wait for an incident to occur to appreciate the value of a resilient cybersecurity posture. Instead, they invest in continuous education, staying abreast of emerging threats and adapting their strategies accordingly.

This proactive stance involves not only understanding the technicalities of cyber threats but also appreciating their potential business impact. By doing so, they can make informed decisions about where to allocate resources, how to develop their teams and when to implement new technologies or strategies, ensuring that the organization’s cyber resilience is always a step ahead of potential threats.

Technological and human elements of cyber resilience

When it comes to resilience, technology and human expertise must work in tandem. While advanced technological solutions like AI and machine learning are indispensable in identifying and responding to threats swiftly, the human element remains irreplaceable.

This synergy is crucial; technology can provide the tools and automation necessary for efficient threat detection and response, but it is the human insight that contextualizes and interprets these threats within the unique framework of each organization. Staff training, capacity management and a keen understanding of the organization’s specific risk landscape are as vital as the technology deployed to protect it.

The human aspect also extends to fostering a security-aware culture within the organization. This involves regular training and awareness programmes to ensure that all employees, not just the IT staff, understand the role they play in maintaining cybersecurity.

Overall, it’s about creating an environment where cybersecurity is everyone’s responsibility, and where employees are equipped to recognize and report potential threats. Such an approach not only strengthens the organization’s defence against external threats but also helps in mitigating risks posed by insider threats, whether intentional or accidental.

Frameworks and strategies for enhanced resilience

Adopting comprehensive frameworks and strategies is also essential for building a robust cyber resilience infrastructure. Frameworks like NIST2 and MITRE offer structured approaches, guiding organizations through the complexities of cybersecurity and resilience.

In the US, the National Institute of Standards and Technology (NIST) provides comprehensive guidelines and frameworks for cybersecurity, including the widely recognized NIST Cybersecurity Framework. This framework offers a flexible approach to managing cybersecurity risks, emphasizing the importance of identifying, protecting, detecting, responding, and recovering from cyber incidents.

MITRE, on the other hand, is known for its MITRE ATT&CK framework, a globally accessible knowledge base of adversary tactics and techniques based on real-world observations. This framework is used as a foundation for the development of specific threat models and methodologies in the cybersecurity community, helping organizations to understand and prepare for potential attack scenarios.

Both frameworks help in identifying vulnerabilities, setting priorities and implementing measures that go beyond conventional defence mechanisms. They encourage a holistic view of cybersecurity, encompassing not just technical defences but also aspects like risk management, incident response and recovery strategies.

By aligning with such frameworks, organizations can develop a more nuanced understanding of their cybersecurity position, enabling them to anticipate, withstand, and recover from adverse cyber events more effectively. This strategic alignment ensures that cybersecurity efforts are not just about meeting compliance standards but are tailored to the specific needs and challenges of the organization, thereby enhancing overall resilience.

Future-proofing against emerging cyber threats

Safegaurding against emerging threats is a critical component of cyber resilience. This requires organizations to stay vigilant and adaptive, anticipating not just current threats but also preparing for future challenges.

The rise of sophisticated AI-driven attacks, for instance, necessitates a forward-thinking approach where defence mechanisms are continuously updated and refined. Organizations must also consider the broader geopolitical landscape, which can influence the nature and frequency of cyber threats.

By integrating advanced technologies, continuous learning and strategic planning, organizations can develop a resilience posture that not only addresses today’s threats but is also agile enough to adapt to the unknown challenges of tomorrow.

This proactive approach to cyber security ensures that organizations are not just responding to threats, but are always a step ahead, ready to counteract and mitigate the risks in this dynamic digital era.

This article was originally published by the World Economic Forum and has been reprinted with permission.

How artificial intelligence is revolutionizing cyber security – CyberTalk

By Shira Landau, Editor-in-Chief, CyberTalk.org.

In recent years, artificial intelligence (AI) has become one of the most sure-fire and strategic tools available for cyber security professionals. Due to the increasing sophistication of cyber attacks, cyber security experts have broadly turned to AI in order to enhance abilities to detect and prevent cyber threats.

As it stands, nearly 50% of enterprises are already using a combination of artificial intelligence and machine learning tools to improve cyber security outcomes, and 92% of organizations plan to adopt these types of tools in the future.

Powerful AI technology is particularly useful for identifying and mitigating security threats that are difficult or impossible to detect manually, such as zero-day exploits, polymorphic malware, and advanced persistent threats. AI-based tools can also help streamline tasks, lower costs, augment under-resourced operations and enable security professionals to work ‘smarter.’

Are you ready to take your organization’s cyber security to the next level? With AI, you can stay ahead of the curve and protect your organization from the most advanced of cyber threats. In this article, explore the incredible ways in which AI is enhancing and revolutionizing cyber security and the digital world.

Key information

A spike in cyber attacks has helped fuel market growth for AI-based cyber security products.
The global market for AI-based cyber security products is estimated to reach $133.8 billion by 2030.
AI-based tools enable cyber security professionals to work smarter and more efficiently than is otherwise possible.

How AI is revolutionizing cyber security

1. Threat detection. One of the most significant challenges that cyber security professionals face is the sheer volume of data that they need to sift through. Given the number of internet-connected devices (IoT growth is projected to reach 3.22 billion in North America alone in 2023), there is a seemingly insatiable appetite for data processing.

Artificial intelligence technology is extremely helpful when it comes to efficiently and accurately analyzing large volumes of data, rendering AI an essential tool for cyber security professionals. Algorithms can quickly analyze patterns in data to identify threats and to detect anomalous behavior.

2. Automation. AI is also being deployed in order to automate and streamline aspects of cyber security. In turn, this enables cyber security professionals to focus on investigating and mitigating complex threats, while AI takes care of tedious or monotonous basic tasks.

3. Machine learning. Another advantage of AI-powered cyber security systems consists of its ability to learn from past attacks and to improve on existing threat detection capabilities.

By looking at data from past attacks, machine learning algorithms can identify patterns, and then actually develop new and sophisticated detection methods. Over time, this development makes breaching systems tougher for cyber criminals.

4. Insider threats. Artificial intelligence is particularly useful in cyber security when it comes to detecting and responding to insider threats. These threats are tricky to detect, as the individuals involved always have legitimate access to a given network.

Nonetheless, AI-powered systems can analyze user behavior, and thereby identify patterns that indicate an insider threat. Such patterns can then be flagged for further investigation.

5. Endpoint security. AI is also being used to enhance endpoint security. Traditional endpoint security solutions rely on signature-based detection, which involves identifying known threats and blocking them. But this approach is losing its effectiveness.

AI-powered endpoint security solutions leverage machine learning algorithms to identify anomalous behavior and to detect previously unknown threats. This approach is more effective than what traditional endpoint security solutions can offer, as it can identify threats that would otherwise remain unnoticed.

6. Finally, AI is being used to improve threat intelligence. By analyzing large volumes of data from disparate sources, AI-powered threat intelligence solutions can zero in on potential threats and offer early warnings around new types of attacks. This information can then be used to develop optimally effective cyber security strategies and to advance the overall security posture of an organization.

In conclusion

AI is revolutionizing the field of cyber security by providing cyber security professionals with the tools that they need to detect, prevent and respond to cyber threats.

Are you drowning in data? Struggling to keep up amidst the ever-evolving threat landscape? Get ready for whatever comes your way! Explore AI-based cyber security tools that make it easier (and more efficient) than ever to protect your systems. Click here to learn more and to start applying AI’s game-changing capabilities within your business.

Want to stay up-to-date with the latest and greatest in cyber security? Check out the CyberTalk.org newsletter! Sign up today to receive top-notch news articles, best practices and expert analyses; delivered straight to your inbox.