20 Jan Newsletter: 19 January 2021 HOT AREAS WE ARE SEEING AT SECURITE
Newsletter: 19 January 2021
Hot areas we are seeing:
Application Whitelisting (Allowlisting)
Security awareness training
Micro segmentation for zero trust
Secure Access Service Edge (SASE)
Privileged Account Management
Essential 8 compliance key for government business
A new year and new focus on cyber risk and assurance. We have recently been working with many clients who gain mandates and work with Government departments and government enterprises. Increasingly they are being asked to demonstrate their compliance with the ASD Essential 8 framework.
The following are some solutions we recommend:
Whitelisting and Allowlisting – Airlock Digital
Here at Securite we are big fans of prevention and Application Whitelisting (one of the cornerstones of the ASD Essential 8). Airlock Digital is a solution we like very much. Airlock is the only company able to manage Application Control at scale that plays nicely with your EDR solution.
Application control and Application Whitelisting is the number 1 mitigation strategy as directed by the ACSC and the Australian Signals Directorate’s Essential Eight framework. Airlock Digital Application control and Whitelisting platform continues to mature and serve as a comprehensive solution for organisations to use it across their entire environment.
Airlock Digital is an Australian sovereign, purpose-built, application whitelisting and safelisting platform designed to perform application whitelisting at scale, making application whitelisting and blocklisting simple in complex and changing enterprise environments. The platform allows for creating, deploying and managing application whitelists at a rapid pace, enabling organisations to become secure and compliant, quicker.
Parent Process Whitelisting & Blacklisting: Administrators can define trusted applications that can be used to execute code on a system, particularly useful for developers that may require the ability to compile and execute unsigned code from a particular application without restriction.
Offline Application Captures: Updates now allow for Application Captures to be performed offline without an Airlock server connection and can be initiated without requiring server access, helping improve the speed and flexibility of capturing applications.
Airlock’s great benefit is its stops execution and blocks executable files early on. You can whitelist scripts in the latest version 4.6. Prevention is detection by its nature. Malicious code such as ransomware just won’t execute in the first place. The other aspect we like is Airlock is easy to get up and running at scale. For a demo and trial of Airlock contact Securite today.
Staff Awareness training – Knowbe4
Your employees are frequently exposed to sophisticated social engineering attacks. It is time for a comprehensive approach to effectively manage this problem, managed by people with a technical background. We like Knowbe4 for staff awareness training which provides:
Baseline Testing: Provides baseline testing to assess the Phish-prone percentage of your users through a simulated phishing, vishing or smishing attack.
Train Your Users: The world’s largest library of security awareness training content; including interactive modules, videos, games, posters and newsletters. Automated training campaigns with scheduled reminder emails.
Phish Your Users: Best-in-class, fully automated simulated phishing, vishing and smishing attacks, thousands of templates with unlimited usage, and community phishing templates.
See the Results: Enterprise-strength reporting. Both high-level and granular stats and graphs ready for management reports. We even have a personal timeline for each user. ROI board reporting and risk analysis.
Automatic prioritisation for emails: PhishER™ helps your InfoSec and Security Operations team cut through the inbox noise and respond to the most dangerous threats more quickly.
Because phishing remains the most widely used cyberattack vector, most end users report a lot of email messages they “think” could be potentially malicious to your incident response team.
Whether or not you step employees through security awareness training doesn’t change the fact that your users are likely already reporting potentially dangerous emails in some fashion within your organisation.
With the firehose of spam and malicious email that attack your network, some 7-10% of these make it past your filters. With only approximately 1 in 10 user-reported emails being verified as actually malicious, how do you not only handle the high-risk phishing attacks and threats, but also effectively manage the other 90% of user-reported messages accurately and efficiently?
A new approach to segmentation for Zero Trust – Illumio
Illumio is an adaptive micro-segmentation solution that helps to prevent unauthorised communications across the data centre and cloud enabling zero trust. Through the automatic recommendation of micro-segmentation policies, the platform can create, model, and natively enforce these policies.
Micro-segmentation is the process of creating smaller compartments than the traditional internal/ external or production, test, and development compartments separated by firewalls. Smaller compartments keep threats contained and reduce the degree of damage that can be wrought if something goes wrong within any one compartment.
Illumio uses a central controller (the Policy Compute Engine, PCE) that takes label-based security policy definitions and calculates per-host firewall configurations required to enforce the policy. Enforcement of the policy is performed using the native firewall capability of the host operating system, which Illumio calls a workload. Workloads are connected to the PCE using a lightweight host-based agent (the Virtual Enforcement Node, or VEN). The VEN locally applies the holistic ruleset determined by the PCE but remains out of the data path at all times.
The sophistication of attackers is also increasing. Lateral movement is a common goal and attackers have a range of automated tools at their own disposal, therefore limiting our defence to traditional approaches places us at a disadvantage. Micro-segmentation helps keep the risk of lateral movement to a minimum so at least if an attacker does breach one security barrier, they are less likely to be able to get very far. Illumio can also improve situational awareness of what normal application traffic looks like so that a breach is that much more obvious.
SASE – Forcepoint, Palo Alto, ZScaler
The Secure Access Service Edge (SASE) is an emerging offering combining comprehensive WAN capabilities with comprehensive network security functions (such as SWG, CASB, FWaaS, and ZTNA) to support the dynamic secure access needs of digital enterprises.” – Gartner
SASE Is All About Convergence with organisations more distributed than ever before, putting stacks of hardware at every location or using disparate products for remote workers creates holes for attackers, costs too much, and is a drain on scarce IT resources. SASE solutions provide an all-in-one way for you to deliver advanced web, network, and application security from the cloud to people wherever they work.
Privileged Account Management – Thycotic
We are seeing that many organisations do not know how many privileged accounts that there are on their network and that privileged accounts are often managed manually by keeping a spreadsheet up to date with credentials. This method has the obvious floor that if a hacker can access the spreadsheet then they have free access to everything.
Savvy organisations are deploying PAM tools that integrate with directory services and will manage the passwords for any privileged account or service account, the tool will rotate the passwords based on password policy and will be used by an administrator to log into privileged or service accounts without the admin ever knowing what the password is, this means that when they leave the organisation they can be removed from the directory service and they lose access to all accounts. We like Thycotic for PAM.
Contact Scott Thomas and Jack Drewe at Securite based in North Sydney for a no obligation discussion, demo and trial of these and more solutions on 02 9957 6666 or inquiries@securite.net.au. Refer www.securite.net.au
No Comments