In the new digital age, anyone can fall prey to cybercrime

This year, South African business will continue to embrace digital transformation. From network-connected smart TVs and photocopiers to air-cons in the boardroom for greater convenience and the wider adoption of cloud employees are able to work anytime and anywhere, using smartphones, tablets and even smart watches.

And we can expect cybercriminals to slap their keyboards with joy for the opportunities the growing ‘digital business’ brings. Well-reported cases show that even large and well-resourced organisations fall victim to cyber attacks, and they’ve suffered data theft, interruption of services or reputational damage as a result. In parallel, security budgets have increased faster than any other, and most companies have board-level visibility and backing for security. Despite the increased investment and business backing, chief information security officers (CISOs) are facing a security challenge greater than any seen in the past 10 years.

WHY IS THIS?

For many years, digital security has operated on the principle that you can keep attackers out. Our defence systems attempt to do this by guarding the perimeter of the network, with tools such as firewalls, anti-virus programs and patching. However, it’s clear that this current approach is outdated and ineffective against today’s advanced cyber threats. Sophisticated cyber attackers are capable of ‘bypassing’ the perimeter, and insiders are, by definition, already operating within the firewall. Breaches are a reality within our organisations, whether we know it or not!

We must also accept that cyber security is not just a technical challenge. Human ingenuity and creativity has made it extremely difficult to second-guess how an attack might present itself, or understand in advance which employee or insider poses the greatest risk to your organisation. This new era of cyber threats calls for technologies that can deal with subtlety and uncertainty, and empower individuals to take informed decisions that will tangibly minimise risk, as well as take action in real-time (actionable intelligence).

WHY CHANGE?

Legacy-security defences are also over-reliant on signatures and rules, which by definition can only stop pre-identified threats. As attack methodologies continue to evolve at speed, rules are continually outdated and outmanoeuvred. A would-be attacker may make fractional changes to their binary appearance within a network to evade a signature scan, socially coerce a user into clicking a malware packaged in an attachment to an email, or use other readily available methods to subvert existing security systems.

The insider, an employee, is most likely using authorised access to applications to steal data or execute transactions for personal gain. They may have similar objectives to the criminal, but they will be approaching the objective in a different manner. If we accept the new reality of cybercrime and consider this against current SecOps’s modus operandi and the associated cost, we need to ask if we’re getting a return on investment. Are the operating investments delivering measureable improvements in our security posture? These are definite reasons for a change in strategy, technology and execution.

NEXT-GENERATION CYBER SECURITY

There are several key requirements for effective cyber-threat management – these include comprehensive capture of activity and traffic across users, systems and networks; real-time detection and analysis of anomalous behaviour and malware; advanced visualisation and alerting of threats; and automated remediation and recover of breaches.

The technologies that come together to deliver the functionality have similar characteristics in that they exploit major advances in machine learning, mathematics and big data in their solutions. No sign of a signature, no rule to be written, no trawling of millions of events, and no waiting for a patch!

So what makes the emerging security technologies so different? Take a look at Darktrace, one of the leaders in this field. Darktrace’s unique technology is powered by advanced machine learning, allowing it to self-learn what is normal for a company’s network environment, so that it can then determine if any behaviour is abnormal – the business ‘pattern of life’. This allows it to detect outliers to these learned patterns, as they emerge, which may represent a serious threat – cyber attacks of a nature that may not have been observed before, the unknown unknowns. Darktrace does this through the use of advanced mathematical models to establish an evolving understanding of every device, user and network, and stay ahead of developing advanced persistent threats (APTs), insider attacks and other live-threat scenarios.

Enterprise-wide threat visibility is key, and this is mirrored by the need for capabilities that take ‘action’ on intelligence. We need to protect the enterprise’s assets (servers, applications, client devices etc.) that are of criminal interest. Consider the challenge of end-point security – that neverending cycle of patching and antivirus updates – and that SentinelOne, an innovative start-up, is changing the end-point game using machine learning to deliver protection against targeted attacks, advanced threats, and zero-day attacks. SentinelOne’s dynamic execution inspection detects advanced threats, provides automated mitigation, and generates real-time forensics.

It’s not only that the sophistication of cyber attackers has developed out of all recognition, but the changing IT landscape also compounds this problem. Just consider cloud, a hot topic in South Africa at the moment. Cloud is now a part of our lives, so why not apply innovation in this space, too?

The use of machine learning and big data for cyber threats is almost mainstream, enabling next-generation SecOps. Looking forward, we should see software-defined security, decoy and deception, and microsegmentation techniques adding significantly to our defence capabilities.

With next-generation technologies, a company’s CISO will regain the advantage that comes with visibility, early warnings and automated responses and remediation. So in the event of a compromise, the organisation is confident of the capabilities to act before a real crisis occurs.

To learn more about a suitable approach to managing your cyber threat, contact Blue Secure for a consultation at +27 (0) 11 206 5600 or info@bluesecure.co.za

Data Security through the lens of an IT Security Industry Expert

Data Security a Growing Concern

Data Security a Growing Concern

Security concerns loom in today’s complex, ever-changing environment, with employees seeking mobile convenience and organizations trying to ensure that these demands do not compromise security. Several IT policies and practices are being pushed to the limits with the escalation of security threats and the resulting requirements for greater compliance.

According to the Global State of Information Security Survey 2016 Report, there has been an increase in the theft of sensitive and confidential data. The report uncovers a multitude of significant areas around how companies are trying to protect their data, and the most prominent data security challenges facing business IT in the year 2015 – 2016. These facts alone should encourage every company to tighten its data security policies and capabilities.

Data Security is the main priority for organisations of all sizes. There is no doubt that big data security is one of the key pillars of making big data ready for analytical success. Successful organisations are moving beyond traditional and superficial approaches to security to focus on more intelligent and metadata driven approaches to data security. By leveraging a systematic understanding of big data, enterprises can more holistically improve their big data security positions and ensure big data remains an asset, and not a liability.

One of the major issues with big data is the rate at which it is growing and volumes of data that are being added each day. Although detection technologies and threat intelligence sharing are improving in many cases, many businesses are still not able to prevent a breach, which is something that can have huge legal and financial consequences as well as a significant loss of customer trust and reputation.

Wolfgang Selzer, Director at Blue Secure states that: “When it comes to matters related to security, the African continent as an emerging market is a target and as the use of big data analytics increases, the range of data sources will spread. One of the key messages that I would like to get across is that big data analytics is not just about log analysis; it is about seeing a wider picture. In order to balance the business benefits of big data analytics with the cost of storage, organizations need to regularly review the data that they are collecting, why and for how long they need it, and where and how they store it. Approaching data differently ensures that organizations ultimately protect their sensitive data and will go on to achieve their compliance objectives.”

 

     # # #

 

Resources

The Global State of Information Security Survey 2016: http://www.pwc.com/gx/en/issues/cyber-security/information-security-survey/download.html

The 2015 Internet Security Threat Report: https://know.elq.symantec.com/LP=1542

Data Threat Report: http://www.vormetric.com/campaigns/datasheet/2016/

Blue Secure awarded the Trend Micro Top Complete User Protection Partner Award 2014

Blue Secure, leader of monitoring and detection solutions for IT security and operations, is proud to have won a 2014 Partner Excellence Award for Outstanding Support from Trend Micro, a global leader in security software, in recognition of its complete user protection as Trend Micro’s top partner.

Blue Secure, has been working with Trend Micro since 2007. Based on Blue Secure’s success, they have received this special award for excelling in advancing Trend Micro User Protection sales in the region, despite an expanding and increasingly competitive marketplace. The company was also acknowledged for showing its commitment through the development of its solution expertise.

Blue Secure awarded Top Complete User Protection Partner 2014

Blue Secure awarded Top Complete User Protection Partner 2014

“The team and I are honoured to be recognised for this Partner Excellence Award for our outstanding support” commented Wolfgang Selzer, Executive Manager at Blue Secure. “Our partnership with Trend Micro is helping our customers secure their networks and cloud infrastructure. It is not only an accolade to the Blue Secure team, but it specifically highlights the supportive partnership that exists between Trend Micro and Blue Secure, we Thank Trend Micro for this recognition and look forward to successful future ventures,” said Selzer.

This success is also reflected in the fact that at Blue Secure, we understand that organisations need interconnected security that shares intelligence across security layers so they can consolidate their view of user activity across all threat vectors. Together with Trend Micro we provide a security solution that seamlessly moves from on-premises to cloud without impacting licensing or commercial agreements.

Blue Secure announces office relocation to support growth

In order to evolve and accommodate future growth, Blue Secure, a company focused on the provision of Monitoring and Detection Solutions in the IT Security and Operations domain has announced its office relocation and expansion.

Blue Secure, founded in 2007 and formally known as Exponant Information Security Solutions (EISS) is now a subsidiary of the Blue Turtle Technologies group. Blue Secure has moved its offices from Centurion’s Exponant home to Blue Turtle Technologies home in Midrand. The move stems from Blue Secure’s need for additional space to accommodate growth in demand for the company’s expanded services.

“One of the biggest challenges for Blue Secure will be to initiate an effective marketing communications campaign in order to ensure that our clients and business partners are aware of these changes,” said Wolfgang Selzer, Executive Manager at Blue Secure.  “As members of the Blue Turtle group Blue Secure has not only aligned its brand identity with the group, but has also moved its head office location to close proximity to enhance collaboration on all fronts,” adds Mr Selzer.

Commenting on the move, Mr Selzer said: “We are excited about the move. As we continue to grow, our new location and facilities will enable Blue Secure to accommodate clients more effectively and efficiently. We are so fortunate that over the past several years, our client base has grown, along with an expanded portfolio of solutions.”

Blue Secure’s new address is Midridge Office Estate, International Business Gateway, Cnr 6th Street & New Road, Midrand, 1685. The company’s contact number will change to +27 (0) 11 206 5600.

Additionally, Blue Secure is pleased to announce the launch of its website.  The website was designed to meet the requirements of our increasingly digital customer base, with a fresh design and navigation for information on services and products, it offers visitors a better user experience; see new Blue Secure website www.bluesecure.co.za.

Blue Turtle, Exponant ISS form Blue Secure

Exponant Information Security Solutions (EISS), a company focused on the provision of data-centric security solutions based on world-class technologies and proven methodologies, today announced that Blue Turtle Technologies (Blue Turtle) has invested in it, in a move designed to accelerate the growth of both organisations.

The deal, effective 30 November 2014, will provide both the combined companies’ customers access to a larger portfolio of products, and provide their joint partners greater opportunity to offer new solutions in adjacent markets.

This investment has resulted in the formation of Blue Secure, bringing together the security capabilities of Blue Turtle and EISS, as a security focused business within the Blue Turtle group.
“Blue Turtle provides a complementary set of solutions to our own, in areas such as application, operations and data management, enabling us to open up opportunities for Splunk and Imperva products,” commented Wolfgang Selzer, managing director of EISS. “In addition, the relationship provides an extended footprint for us within the 250 existing Blue Turtle customers.”

“The acquisition of EISS is part of Blue Turtle’s strategy to build a family of security products that address a comprehensive range of needs. In turn, we were looking for a partner to help us in the information security sector and one that would provide proven solutions to our customer base,” added Martyn Healy, marketing director of Blue Turtle. “This is precisely what EISS brings to Blue Secure covering security solutions, implementation and support services. In addition, EISS has been growing fast and provides a strong customer and product platform that serves as a springboard for the new venture.”