Connect with us

Expert Speak

The Six Tech Trends Affecting the Security Sector in 2022

Published

on

By Ettiene van der Watt, Regional Director – Middle East & Africa at Axis Communications

The beginning month of any year is characterised by many articles listing the technology trends that will shape industry sectors in the next one. But over the years, one can see a pattern develop, a roadmap that reveals the sentiments, and technologies we should be prioritising.

In this case, the keyword is ‘trust’, which is an interesting one. The 2021 Edelman Trust Barometer shows that among online survey respondents in 28 countries, trust in the technology sector is declining globally, along with concerns of climate change, job losses, and cyberattacks. Worries that are all valid to the global security and surveillance sector.

In the pursuit of realising a smarter, safer, and more sustainable world built on the back of a trustworthy and reliable ecosystem of innovation, these are the technologies and insights that will continue to transform security in 2022 and beyond.

A post-pandemic world
The impact of the COVID-19 pandemic continues to be felt in multiple ways. We see its physical manifestation in the challenges to supply chains, with global manufacturing brought to a near standstill and companies having to re-evaluate where and how they source key components and equipment for their respective products and services. We also see it in deployed technology – how intelligent solutions in video and monitoring are used to enforce social distancing and implement public health strategies.

A global shortage of semiconductors has also seen companies explore in-house manufacturing and the potential of systems on a chip (SoC) for relevant sectors. While this may be a very specific trend, combined with the substantial shifts caused by the pandemic, more businesses will consider SoCs for their security solutions going forward.

Embracing a sustainable future
Sustainability is no longer just a trend, nor should it be deemed as such. With a global focus and push towards environmentally friendly principles and practices, exemplified by initiatives such as the UN Sustainable Development Goals towards industry, human settlements, and consumption and production, a business must exhibit sustainability in its offerings and examine new possibilities through a sustainable lens.

Companies must pay closer attention to their processes from end to end. They need to scrutinise their products and services in terms of sustainability factors, such as power efficiency, building materials, and ethical deployments. These discussions are already taking place at events like Expo 2020, where the conversations have taken on a more forward-thinking position, and real progress is being made for long-term impact. More conversations like this need to be had, and it’s up to companies to facilitate them.

Healthy scepticism equals effective cybersecurity
|We don’t always think of scepticism as a positive trait, but in relation to cybersecurity it can be a prudent one. In a highly connected world with an increasing number of interconnected systems, comprehensive security strategies must ensure that if one area is compromised, the rest of the system won’t collapse.

A trend that’s emerged from taking a sceptical eye towards technology is zero trust networks. Built on the fundamental assumption that no device or entity connected to a network can be trusted, the deployment of these architectural setups is likely to accelerate and become the default approach. In turn, this will dramatically impact video surveillance in the form of encryption, identification, and hardware and software maintenance. COVID-19 has also played a role in forming this approach, as remote working solutions call for more connected devices in a wider context.

This high-impact technology conference at Expo 2020 further unpacks cybersecurity as the cornerstone of trust.

5G is connecting the world
What is commonly used as a buzzword for the next era of internet connectivity is starting to see real-world applications. With 5G networks projected to cover one-third of the world’s population by 2025, this technology is starting to make its way into the security and network video surveillance sectors, hinting at it being more than just a trend.

A specific 5G-related trend that is likely to grow in leaps and bounds is the deployment of private 5G networks – wireless networks that use 5G-enabled technology and dedicated bandwidth to serve as a closed solution for a company. They are faster than public networks, more reliable, and offer an ideal situation for specific industries. These networks also present security benefits that, when applied to the sector, could potentially streamline and improve solutions of varying size. This specific manifestation of technology is one to watch out for.

Artificial intelligence, formalised
No trends piece for the next decade would be complete without mentioning artificial intelligence (AI). In the case of security and surveillance, this ranges from image quality and analytics to camera configuration and performance. By taking a simple process and applying AI to it, you optimise that process to its full potential.

With more widespread use comes the need for regulation, specifically for the applications of AI. The solution is legislation on multiple levels of governance, ensuring AI is being used ethically and without bias. With a common agreement on local, regional, and international levels, we will be able to lay the foundation for the next industrial revolution and the growth of other technological trends, most notably smart cities.

Increased authentication measures
With the question of trust and increased scrutiny in cybersecurity, authenticity is becoming the next big hurdle in the age of data manipulation. This is valid for both hardware networks and video surveillance itself. How can you trust surveillance when you assign no value to its authenticity?

Deepfake technology is a growing threat. With improved methods of manipulating and altering images and videos, the authenticity of captured real-world events and people is compromised. This is not a problem exclusive to the security sector, but it is one that requires comprehensive solutions to overcome, such as applying digital signatures and verifying the source of data to specific hardware. The application of AI also shows promise in being able to detect when manipulation has occurred. Regardless, this is a challenge that multiple sectors have to contend with and work harder to combat.

All these trends factor into the need for businesses and other entities to rethink their security solutions for 2022 and beyond. With a focused and driven approach and by embracing the technology of the future, today’s challenges can be met head-on.

Cyber Security

It’s Time to Debunk XDR Misconceptions Floating Around

Published

on

Written by Yossi Naar, Chief Visionary Officer, and Cofounder, Cybereason

Extended Detection and Response (XDR) is everywhere today, and it seems that every company is rolling out a strategy and products to meet the growing demand. According to the industry analyst firm Gartner, XDR is “a SaaS-based, vendor-specific, security threat detection and incident response tool that natively integrates multiple security products into a cohesive security operations system that unifies all licensed components.”

Notwithstanding XDR’s tremendous growth in adoption, more than a few misconceptions about XDR remain, so let’s debunk three of those myths here:

Myth 1: XDR is all about Endpoint Security
No, that’s what Endpoint Detection and Response (EDR) does, which is just one aspect of what XDR delivers. EDR solutions focus solely on the endpoint, and they don’t correlate intelligence from the cloud and other parts of an organization’s infrastructure.

In fact, most EDR platforms are not even capable of ingesting all of the relevant endpoint telemetry and are forced to “filter out” intelligence without even knowing if that information is critical to making a detection because the solutions cannot handle the volumes of data generated.

Indeed, there are vendors that simply cannot ingest all available telemetry for EDR, yet they profess to be able to deliver an XDR solution that ingests endpoint data plus an array of telemetry from numerous other sources on the network and in the cloud.

Data filtering negatively impacts the ability to proactively thwart attacks because it omits telemetry that could allow for earlier detection of malicious activity. When broadened to include non-endpoint sources, data filtering can further distort an organization’s visibility into the threats confronting them.

XDR does not suffer from these limitations. It extends continuous threat detection and monitoring as well as an automated response to endpoints, applications, cloud workloads, and the network…all without data filtering. This helps to ensure the high fidelity of a threat detection yielded by XDR.

Myth 2: XDR Should be Augmented by a SIEM
It’s true that XDR delivers some of the same functionality as SIEM (Security Information and Event Management) tools. Chief among their similarities is the ability to aggregate and correlate data from a variety of sources spread across an organization’s infrastructure, thereby providing the required visibility for threat detection, investigation and response.

But there are several key factors that hold SIEMs back: SIEMs are nothing without the data lake structure and cloud analytics they need to centralize security events. Those resources vary in the types and quality of data to which they have access, a reality that affects the value and effectiveness of a SIEM.

There are also the costs, time, and other resources involved with building, tuning, and maintaining a SIEM. Tuning is an especially common pain point with SIEMs. Indeed, these tools frequently generate false positives and an overwhelming volume of alerts.

Such noise contributes to “alert fatigue” in the organization, motivating infosec personnel to overlook the deluge of alerts coming in and miss opportunities to launch investigations at the earliest signs of an incursion. Simultaneously, SIEMs don’t do much to help security teams with executing a response beyond generating a lot of alerts that need to be manually triaged.

XDR, by contrast, doesn’t require any data lake structure. It correlates alerts across disparate network assets to deliver actionable intelligence that works to reduce alert fatigue. What’s more, XDR enables security teams to build automated playbooks using the platform itself, thereby streamlining response.

Myth 3: All XDR Platforms Are Created Equal
No. Consider the fact that there’s hybrid/open vs. native XDR. The latter only offers integrations to other security tools developed by the same vendor. This can lock customers into an agreement with a vendor that might not offer the security capabilities they need to protect their systems and data. It also means existing investments in solutions from other vendors cannot be fully realized.

In contrast, Open (or hybrid) XDR takes a collective approach that leverages multiple security tools, vendors, and telemetry types to meet organizations’ needs from within a single detection and response platform. There’s no vendor lock-in here. Security teams are free to choose the vendors and tools they want, allowing them to get the most out of their XDR platform, and the DevOps and API integrations enable personnel to bring these tools and telemetry sources together.

There’s also an argument to be made about what defines a truly mature XDR offering versus pseudo-XDR solutions that are basically nothing more than an EDR tool with cloud integration. All XDR platforms integrate with threat intelligence to spot known Indicators of Compromise (IOCs), but only an advanced XDR solution can detect them based on Indicators of Behavior (IOBs).

IOBs are the more subtle signs of an attack in progress which include otherwise benign activity one would expect to see occurring on a network. When these “legitimate” behaviors are chained in certain sequences, they produce conditions that are either exceedingly rare or represent a distinct advantage for an attacker.

This is where the context-rich correlations across endpoints, the cloud, application suites, and user identities that a mature XDR solution delivers are critical for detecting malicious activity at the earliest stages of an attack. Take ransomware attacks for example – most security solutions are focused on detecting the exploit and blocking the ransomware payload, or rolling back the encryption after the attack was successful. But the detonation of the ransomware executable is the tail end of what is actually a much longer attack sequence, with weeks or even months of detectable activity from initial ingress, to lateral movement, to credential abuse and privilege escalation, to name a few.

An AI-driven XDR solution can make the necessary correlations to detect that activity long before the ransomware payload is delivered, reducing a potentially devastating attack to the level of an intrusion attempt or similar. Additionally, the ability to leverage AI/ML to correlate telemetry from across an organization’s infrastructure is a key aspect of a mature XDR solution. The application of AI/ML allows Defenders to move from a detect and respond mode to a more proactive “predictive response” posture where the next steps an attack can and would take are instantly anticipated and blocked, eliminating the opportunity to progress the attack to the next stage.

This predictive capability is the key to the future of security, enabling organizations to “defend forward” by understanding attacks from an operation-centric approach, where analysts are freed from chasing alerts that point to individual elements of an attack in favor of a holistic view of the entire attack story from root cause to every affected device, system and user. And only an AI-driven XDR solution can deliver this “predictive response” capability that will shorten detection and remediation periods from days or weeks down to minutes.

The AI-Driven XDR Advantage
An AI-driven XDR solution enables organizations to embrace an operation-centric approach to security that delivers the visibility organizations require to be confident in their security posture across all network assets, and the automated responses to halt attack progressions at the earliest stages. This approach also provides defenders with the ability to predict, detect and respond to cyberattacks across the entire enterprise, including endpoints, networks, identities, cloud, application workspaces, and more.

Continue Reading

Expert Speak

Finding Patterns in the Chaos With User and Entity Behaviour Analytics (UEBA)

Published

on

Written by Sundaram Lakshmanan, CTO of SASE products at Lookout

There’s a great scene in the 1997 film “Contact” where the protagonist Dr. Eleanor Arroway, played by Jodie Foster, is informed that her lab’s funding has just been revoked. Arroway’s lab partner explained that the government lost faith in the project due to concerns about her engaging in questionable activities, such as watching static on TV for hours. To this, she responds angrily: “I was looking for patterns in the chaos, come on!”

This is a great analogy to what User and Entity Behaviour Analytics (UEBA) does automatically for you, so you don’t have to. While Arroway may have been looking for signs of life on different planets, spotting abnormal or malicious patterns in user and entity behaviour can be just as difficult with the bare eye.

On any given day, your employees will log into the cloud or on-premises applications, download, and upload files and respond to authentication requests. Tracking these behaviours can be data-intensive, especially when considering all the different devices and apps your employees use to stay productive, what their location is and what times they typically interact with apps.

This is where UEBA comes in. Instead of relying on static security checks or staring continuously at the static, you can use automated security to look at user behaviours to detect both insider and external threats, and prevent data leakage or ransomware attacks.

How UEBA works
To put it simply, UEBA is a cybersecurity process that monitors normal user behaviour and flags deviations from established patterns. While a perpetrator can easily steal an employee’s username and password, it’s much harder to imitate that person’s normal behaviour on the network connecting to apps and data. UEBA also helps detect unintentional or intentional insider threats, where an authorized user does something that is harmful to your organization.

In many ways, UEBA is like a credit card fraud detection engine. UEBA uses machine learning and data analytics to determine when there is anomalous behaviour that could result in a potential security threat. For example, if I normally only download megabytes of files every day but suddenly download gigabytes of files, a UEBA system would detect this anomaly and alert the enterprise security team to respond.

Geo-anomalies are also tell-tale signs for anomalous or malicious behaviour: if someone signs into a work account from Dubai, but minutes later an account login is observed across the world in the San Francisco, the UEBA system would automatically detect this anomaly and enable an automated response to protect data available to the account.

I remember an incident with one of our customers where UEBA ended up detecting and halting a ransomware attack. This customer gave their partners access to their Box cloud content management system. Having UEBA in place, their security team received an automated detection of a large volume of files that were deleted and replaced by encrypted files, which were quickly uploaded and renamed. Due to early detection, the security team was able to quarantine the account and restore the files.

UEBA vs. Security Information and Event Management (SIEM)
SIEMs enable security teams to aggregate large volumes of disparate data sets, security alerts and events from multiple sources into a single console for processing and analysis. They have workflows and rule engines that make sense from the processed datasets that further enable administrators to prioritize and manage incidents and alerts better.

With powerful searches, queries, dashboards and rule-based engines, most SIEMs give a full 360° view of the enterprise systems and enable admins to manage incidents in a timely manner. In some cases, they also do spot trends and create correlation rules to trigger appropriate mitigation steps.

Although at first glance, UEBA and SIEM may appear to do the same thing, there are a few key differences. Unlike a SIEM, UEBA does not track security events or monitor devices. Instead, UEBA tracks the behaviours of users and entities within your environment — such as devices, applications and data — for anomalies that may indicate a threat. While UEBA also analyzes a lot of data, it uses machine intelligence to automate and scale its analysis of patterns instead of just relying on human intelligence.

UEBA works best when paired with a holistic platform
While I hope this article has given you a good understanding of UEBA and why it’s important, I want to stress that this is just one piece of a modern cybersecurity architecture. There are two other major elements to consider: continuously monitoring the risk posture of endpoint devices and the sensitivity of the apps and data accessed by users and endpoints.

Whether you realize it or not, every one of your employees is using some form of personal devices to work from anywhere. This means you need to track the fluctuating risk posture of both the managed and unmanaged devices to protect your data at all times. By enforcing policies based on user behaviour, endpoint risk posture as well as data sensitivity, you can protect your data without hindering productivity.

Continue Reading

Expert Speak

How Scammers Subscribe Mobile Users to Unwanted Paid Services

Published

on

With an ever growing number of smartphone users, the development of mobile applications has become a booming industry. Today there are millions of apps, helping users with almost every c of their everyday life – from entertainment to banking and billing. With this in mind, cybercriminals are working hard to develop their own apps and benefit from unsuspecting users.

Kaspersky researchers have observed fraudsters actively spreading Trojans, which secretly subscribe users to paid services, disguised as various different mobile apps, including popular games, healthcare apps and photo editors. Most of these Trojans request access to the user’s notifications and messages, so that the fraudsters can then intercept messages containing confirmation codes.

Users aren’t knowingly subscribing to these services but are, rather, falling victim to carelessness. For instance, a user fails to read the fine print and, before they know it, they’re paying for a horoscope app. These victims often don’t realize these subscriptions exist until their mobile phone account runs dry earlier than expected.

According to Kaspersky researchers, the most widely spread Trojans that sign users up to unwanted subscriptions are:

Jocker
Trojans from the Trojan.AndroidOS.Jocker family can intercept codes sent in text messages and bypass anti-fraud solutions. They’re usually spread on Google Play, where scammers download a legitimate app from the store, add malicious code to it and then re-upload it under a different name. In most cases, these trojanized apps fulfill their purpose and the user never suspects that they’re a source of threat.

So far in 2022, Jocker has most frequently attacked users in Saudi Arabia (21.20%), Poland, (8.98%) and Germany (6.01%).

MobOk
MobOk is considered the most active of the subscription Trojans with more than 70% of mobile users encountering these threats. MobOk Trojan is particularly notable for an additional capability that, in addition to reading the codes from messages, enables it to bypass CAPTCHA. MobOK does this by automatically sending the image to a service designed to decipher the code shown .

Since the beginning of the year, MobOk Trojan has most frequently attacked users in Russia (31.01%), India (11.17%) and Indonesia (11.02%).

Vesub
Vesub Trojan is spread through unofficial sources and imitates popular games and apps, such as GameBeyond, Tubemate, Minecraft, GTA5 and Vidmate. This malware opens an invisible window, requests a subscription and then enters the code it intercepts from the victim’s received text messages. After that the user is subscribed to a service without their knowledge or consent.

Most of these apps lack any legitimate functionality. They subscribe users as soon as they are launched while victims just see a loading window. However, there are some examples, such as a fake GameBeyond app, where the detected malware is actually accompanied by a random set of functional games.

Two out of five users who encountered Vesub were in Egypt (40.27%). This Trojan family has also been active in Thailand (25.88%) and Malaysia (15.85%).

GriftHorse.l
Unlike the Trojans mentioned above, this one does not subscribe victims to a third-party service – instead it uses its own. Users end up subscribing to one of these services by simply not reading the user agreement carefully. For example, there are apps that have recently spread intensively on Google Play, offering to tailor personal weight-loss plans for a token fee. Such apps contain small print mentioning a subscription fee with automatic billing. This means money will be deducted from the user’s bank account on a regular basis without needing any further confirmation from the user.

“Apps can help us stay connected, fit, entertained and generally make our lives easier. There are multiple mobile apps appearing every day, for every taste and purpose – unfortunately, cybercriminals are using this to their advantage. Some of the apps are designed to steal money by subscribing users to unwanted services. These threats are preventable, which is why it’s important to be aware of the signs that give away Trojanized apps. Even if you trust an app, you should avoid granting it too many permissions. Only allow access to notifications for apps that need it to perform their intended purposes, for example, to transfer notifications to wearable devices. Apps for something like themed wallpapers or photo editing don’t need access to your notifications,” explains Igor Golovin, security expert at Kaspersky.

Here’s what you need to do, to stay protected:

  • Keeping your guard up when installing apps from Google Play. Read the reviews, research the developer, terms of use and payment details. For messaging, choose a well-known app with positive reviews.
  • Checking the permissions of the apps you’re using and thinking carefully before granting additional permissions.
  • Using a reliable security solution to help detect malicious apps and adware before they achieve their goals.
  • Updating your operating system and any important apps as and when updates become available. Many safety issues can be solved by installing the updated versions of software.
Continue Reading
Advertisement


Follow Us

Trending

Copyright © 2021 Security Review Magazine. Rysha Media LLC. All Rights Reserved.