Вы находитесь на странице: 1из 103

CONTENTS

From the Editor’s Desk

4

Congratulations to the Cyber Security Leaders of 2017

6

Why Deception Technology Will Change the Game in Our Favor Against Cybercrime and Breaches

17

Raising Your Threat IQ: The Importance of Democratizing Threat Intelligence

24

‘Tis the season to prepare your e-commerce business to effectively fight fraud

27

How to secure your network traffic?

30

Ten Key Enterprise Endpoint Security Best Practices with Andy Malone

34

Bitcoin, BlockChain and Breaches

39

CyberSecurity in 2018 Fighting An Evolving Threat

41

How Will The Changes In The GDPR Work?

43

Nonprofits Cannot Ignore CyberSecurity

51

The Internet Without Net Neutrality

55

2

Cyber Defense eMagazine December 2017 Edition Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.

CONTENTS (CONT')

Penetration Testing Certification How To

58

US Agency Security Doubts Hinder Move to Hybrid Cloud

64

White House Release of Vulnerabilities Equities Process Validates Industry Concerns

67

Cyber Defense Perspectives for 2018

70

Reviewing Last Month’s Ransomware

74

Top Twenty INFOSEC Open Sources

90

Job Opportunities

90

Free Monthly Cyber Defense eMagazine Via Email

99

3

Cyber Defense eMagazine December 2017 Edition Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.

CYBER DEFENSE eMAGAZINE

Published monthly by Cyber Defense Magazine and distributed electronically via opt-in Email, HTML, PDF and Online Flipbook formats.

PRESIDENT Stevin Miliefsky stevinv@cyberdefensemagazine.com

EDITOR Pierluigi Paganini, CEH

ADVERTISING Sarah Brandow sarahb@cyberdefensemagazine.com

Interested in writing for us:

CONTACT US:

Cyber Defense Magazine

Toll Free:

Fax: +1-702-703-5505 SKYPE: cyber.defense http://www.cyberdefensemagazine.com

+1-800-518-5248

Copyright (C) 2017, Cyber Defense Magazine, a division of STEVEN G. SAMUELS LLC 848 N. Rainbow Blvd. #4496, Las Vegas, NV

89107.

EIN: 454-18-8465, DUNS# 078358935.

All rights reserved worldwide.

FOUNDER & PUBLISHER Gary S. Miliefsky, CISSP®

FOUNDER & PUBLISHER Gary S. Miliefsky, CISSP® Learn more about our founder at:

Learn more about our founder at:

Providing free information, best practices, tips and techniques on cybersecurity since 2012, Cyber Defense magazine is your go-to-source for Information Security.

tips and techniques on cybersecurity since 2012, Cyber Defense magazine is your go-to-source for Information Security.

FROM THE EDITOR’S DESK

for Information Security. FROM THE EDITOR’S DE SK Dear Readers, Five years have gone by. In

Dear Readers,

Five years have gone by. In 2018, we’ll be entering our sixth year of publication. We could not have done it without you. Reflecting on 2017, the pace of breaches has not slowed. As more and more businesses move to the ‘cloud’ more and more cybercriminals find new opportunities to commit crime without ever leaving their geolocation. This transformation of crime into cybercrime has now officially outpaced all other forms of crime. It means that in 2018, we’re going to have to start listening and learning from the Innovators. New technologies such as Deception-based Cybersecurity and Artificially Intelligent and inspired Threat detection as well as Time-based Security will be a heavy focus on how we are going to start to get ahead of the latest threat the next breach. We have some amazing writers covering incredibly important topics and It’s always free so tell your friends to subscribe.

See you in

2018!

To our faithful readers,

Pierluigi Paganini

Editor-in-Chief, CDM

4

Cyber Defense eMagazine December 2017 Edition Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.

CONGRATULATIONS TO THE CYBER SECURITY LEADERS OF 2017 A p c o n “Apcon offers
CONGRATULATIONS TO THE CYBER

CONGRATULATIONS TO THE CYBER

SECURITY LEADERS OF 2017

CONGRATULATIONS TO THE CYBER SECURITY LEADERS OF 2017

Apcon

A p c o n “Apcon offers state of the art network tapping and failover technology

“Apcon offers state of the art network tapping and failover technology that should be at the heart of every IT security team’s portfolio”

Aperio

A p e r i o Aperio systems innovative Data Forgery Protection™ (DFP) Technology provides the

Aperio systems innovative Data Forgery Protection™ (DFP) Technology provides the last line of defense for protecting industrial control systems and increasing resilience against cyberattacks”

Attivo Networks

A t t i v o N e t w o r k s “Attivo Networks

“Attivo Networks changes the game on the modern-day human attacker leveraging advanced deception technology and traps designed to deceive attackers into revealing themselves. It’s truly impressive”

Barkly

B a r k l y “The Barkly Endpoint Protection Platform blocks today’s most sophisticated attacks

“The Barkly Endpoint Protection Platform blocks today’s most sophisticated attacks without adding complexity. It’s an incredibly powerful endpoint protecton tool for your arsenal”

6

Cyber Defense eMagazine December 2017 Edition

Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.

Belarc

B e l a r c “The Belarc products take software licensing, network, asset and configuration

“The Belarc products take software licensing, network, asset and configuration management to a new level”

BUFFERZONE “The BUFFERZONE solution is a unique, transparent virtual container that protects any application that you

“The BUFFERZONE solution is a unique, transparent virtual container that protects any application that you define as insecure including web browsers, email, Skype, FTP and even removable storage. It’s an impressive solution to help get one step ahead of the next threat”

Chaitin Tech.

C h a i t i n T e c h . “Chaitin Tech Safeline is

“Chaitin Tech Safeline is an innovative Web Application Firewall worthy of serious consideration”

Coalfire

C o a l f i r e “Coalfire is the cybersecurity advisor that helps private

“Coalfire is the cybersecurity advisor that helps private and public sector organizations avert threats, close gaps, and effectively manage risk”

Cronus Cyber

C r o n u s C y b e r “Cronus CyBot is the world’

“Cronus CyBot is the world’s first patented automated pen testing solution and we applaud them for turning this heavy lifting process into a point and click event”

Cyber Observer

C y b e r O b s e r v e r “Cyber Observer is

“Cyber Observer is a high-level management & awareness software solution designed for CISOs, CIOs, SOC & Senior IT managers to specifically address their pain points, delivering comprehensive and near-real time understanding into the posture and maturity of their entire cybersecurity

7

Cyber Defense eMagazine December 2017 Edition

Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.

ecosystem”

CyberSift

C y b e r S i f t “CyberSift allows you to leverage your existing

“CyberSift allows you to leverage your existing security deployments while applying Artificial Intelligence to reduce detection times and is easily deployed on premise or in the cloud”

CyberVista

C y b e r V i s t a “CyberVista delivers comprehensive, well structured training

“CyberVista delivers comprehensive, well structured training for boards and executives so they can begin to think critically about the significant cyber issues facing their organizations”

Cylance

C y l a n c e “It’s time we go beyond traditional antivirus to fight

“It’s time we go beyond traditional antivirus to fight ransomware, advanced threats, fileless malware and malicious documents enter Cylance with powerful artificial intelligence to help solve endpoint security risks”

DarkOwl

D a r k O w l “DarkOwl’s data platform allows companies to see in real-time

“DarkOwl’s data platform allows companies to see in real-time the theft, breach, or other compromise of their proprietary data on the darknet”

EdgeWave

E d g e W a v e “EdgeWave reduces the risk of fraudsters stealing your

“EdgeWave reduces the risk of fraudsters stealing your customer identities by continuous online id verification using behavioral intelligence”

Edgewise “Edgewise Networks is a leader at trusted application networking by protecting application workloads with

“Edgewise Networks is a leader at trusted application networking by protecting application workloads with machine learning based network security which can even stop the most advanced lateral movement of malicious actors “

8

Cyber Defense eMagazine December 2017 Edition

Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.

Egress

E g r e s s “Egress solves the data security issue for file, workspace and

“Egress solves the data security issue for file, workspace and email to protect shared information throughout the data lifecycle”

Erkios

E r k i o s “Erkios Systems delivers an innovative solution to physically protect hardware

“Erkios Systems delivers an innovative solution to physically protect hardware ports on a critical infrastructure device while providing auditing capabilities through the logging, monitoring and alerting”

Exabeam

E x a b e a m “Exabeam’s machine learning for advanced threat detection is a

“Exabeam’s machine learning for advanced threat detection is a powerful cyber defense weapon for an cyber defense and incident response arsenal”

Fenror7

F e n r o r 7 “Fenror7 uses a brilliant model of time -based security

“Fenror7 uses a brilliant model of time-based security to reduce TTD (Time To Detection) of hackers,malwares and APTs in enterprises and organizations by 90%, which is a breakthrough in our industry”

FFRI

F F R I “FFRI delivers one of the most innovative, light - weight and powerful

“FFRI delivers one of the most innovative, light- weight and powerful multi-layered endpoint security solutions that actually works. It’s brilliant”

HackerArsenal

H a c k e r A r s e n a l “HackerArsenal’s tiny WiMonitor

“HackerArsenal’s tiny WiMonitor device makes Wi- Fi penetration testing and packet sniffing incredibly fast and easy”

9

Cyber Defense eMagazine December 2017 Edition

Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.

Indegy

I n d e g y “The Indegy platform secures Industrial control systems (ICS) networks with

“The Indegy platform secures Industrial control systems (ICS) networks with real-time situational awareness effective security and change management policies to prevent unauthorized activities on critical infrastructure”

Inky

I n k y “Inky’s Phish Fence is one of the most advance d anti-phishing solutions

“Inky’s Phish Fence is one of the most advanced anti-phishing solutions on the marketplace. Most attacks are delivered by spear phishing and Inky is one step ahead of these new threats”

Jumio

J u m i o “Jumio delivers the next -generation in digital ID verification designed to

“Jumio delivers the next-generation in digital ID verification designed to help businesses reduce fraud in an innovative, cost-effective solution”

KnowBe4

K n o w B e 4 “KnowBe4 is a very powerful and popular integrated platform

“KnowBe4 is a very powerful and popular integrated platform for awareness training combined with simulated phishing attacks”

LastLine

L a s t L i n e “Lastline Breach Defender is a breach protection system

“Lastline Breach Defender is a breach protection system that uniquely provides a dynamic blueprint of a breach as it unfolds in your network. This blueprint provides your security teams with complete breach visibility, displaying movement of the attack across your network.”

HelpSystems

H e l p S y s t e m s “We’re extremely impressed with the

“We’re extremely impressed with the GoAnywhere managed file transfer solution which enables organizations to automate, secure and audit all of their file transfers from a single, centralized location”

10

10

Cyber Defense eMagazine December 2017 Edition

Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.

MindedSecurity

M i n d e d S e c u r i t y “Minded Security

“Minded Security helps businesses and organizations to build secure products and services both in the web on the server side as well as on the client”

Mon-K

M o n - K “Secure -K Enterprise is a revolutionary encrypted Secure Operating System tuned

“Secure-K Enterprise is a revolutionary encrypted Secure Operating System tuned for enterprise compliance and fitted in a robust USB body for data protection, privacy and security. Very impressive”

Nehemiah “NehemiahSecurity enables near real -time situational awareness of the entire IT environment and the state

“NehemiahSecurity enables near real-time situational awareness of the entire IT environment and the state of the organization’s risk posture and defenses, including the exploitability of its critical business systems”

NuData

N u D a t a “NuData reduces the risk of fraudsters stealing your customer identities

“NuData reduces the risk of fraudsters stealing your customer identities by continuous online id verification using behavioral intelligence”

Nyotron

N y o t r o n “Nyotron’s threat -agnostic defense finds threats that traditional endpoint

“Nyotron’s threat-agnostic defense finds threats that traditional endpoint protection solutions cannot detect, letting you secure the data on your endpoints and critical systems and closing major security gaps”

PacketSled

P a c k e t S l e d “PacketSled delivers real -time, continuous monintoring

“PacketSled delivers real-time, continuous monintoring for advanced threats and policy violations missed by other defenses, then analyze and remediate in record time”

11

11

Cyber Defense eMagazine December 2017 Edition

Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.

PerimeterX

P e r i m e t e r X “PerimeterX prevents automated attacks by detecting

“PerimeterX prevents automated attacks by detecting and protecting against malicious web behavior. By analyzing the behavior of humans, applications and networks, PerimeterX catches in real-time automated attacks with unparalleled accuracy”

PFPCyber

P F P C y b e r “ Power Fingerprinting (PFP) is a unique approach

Power Fingerprinting (PFP) is a unique approach to cybersecurity that utilizes analog signals (AC, DC, EMI) to detect whenever unauthorized modifications have compromised the integrity of an electronic system. It’s brilliant”

PlainID

P l a i n I D “PlainID offers a simple and intuitive way for fast

“PlainID offers a simple and intuitive way for fast- paced organizations to create and manage their authorization policies with best practices in policy- based access control”

Qualys

Q u a l y s “Qualys delivers one of the most robust and cost -

“Qualys delivers one of the most robust and cost- effective vulnerability management and compliance solutions available on the marketplace today”

Remediant

R e m e d i a n t “Remediant’s SecureONE provides agentless continuous monitoring &

“Remediant’s SecureONE provides agentless continuous monitoring & protection at scale for privileged/service accounts. Reduce the time required to implement and operate a “zero trust” access model. Couple two-factor authentication with “Just In Time Administration” for protection against stolen administrator credentials used to exfiltrate sensitive data.”

ReversingLabs

R e v e r s i n g L a b s “ReversingLabs delivers in

“ReversingLabs delivers in-depth file analysis with distributed YARA rules processing for identifying threats and data spillage, policy violations and

12

12

Cyber Defense eMagazine December 2017 Edition

Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.

regulatory risks in real-time”

RiskVision

R i s k V i s i o n “RiskVision is the world’s first enterprise

“RiskVision is the world’s first enterprise risk intelligence platforms specifically designed to help organizations throughout the entire risk management lifecycle”

(S 4 URC) “MalwarePot uses android container technology to build an environment similar to the real

“MalwarePot uses android container technology to build an environment similar to the real device to deliver in-depth analysis results for the most advance android malware”

Scram Software

S c r a m S o f t w a r e “Scram Software secures

“Scram Software secures the cloud against a constant barrage of hacking, intellectual property theft, sabotage, accidental deletion, copyright infringement and identity theft”

SonicWall

S o n i c W a l l “SonicWall provides cost effective next -generation firewalls

“SonicWall provides cost effective next-generation firewalls and award-winning network security solutions to prevent breaches “

Stormshield

S t o r m s h i e l d “Stormshield is a very impressive

“Stormshield is a very impressive European leader in digital infrastructure security that offers smart, connected solutions in order to anticipate attacks and protect digital infrastructures”

ThinAir

T h i n A i r ThinAir is a very unique and purpose-built insider detection

ThinAir is a very unique and purpose-built insider detection & investigation platform designed to address one of the biggest security problems the hidden risk of the trusted yet malicious insider”

13

13

Cyber Defense eMagazine December 2017 Edition

Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.

ThreatBook

T h r e a t B o o k “ThreatBook is able to take on

“ThreatBook is able to take on the latest zero-day malware and share the latest zero-day threat intelligence”

Titania

T i t a n i a “Titania is the standard for helping you find your

“Titania is the standard for helping you find your network and security gaps before the hackers, malware or malicious insiders with powerful security & compliance configuration auditing tools”

TriagingX

T r i a g i n g X “TriagingX provides complete protection for endpoint systems

“TriagingX provides complete protection for endpoint systems and datacenter servers against zero-day attacks without requiring any patches. It’s game changing”

Ziften “Ziften empowers IT operations and security teams to monitor and act quickly to repair user

“Ziften empowers IT operations and security teams to monitor and act quickly to repair user impacting issues, improve endpoint risk posture, speed threat response, and increase operations productivity”

and increase operations productivity” www.ziften.com 14 Cyber Defense eMagazine – December 2017 Edition

14

14

Cyber Defense eMagazine December 2017 Edition

Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.

At RSA Conference 2018 , Cyber Defense Magazine will be celebrating our 6 t h
At RSA Conference 2018 , Cyber Defense Magazine will be celebrating our 6 t h

At RSA Conference 2018, Cyber Defense Magazine will be celebrating our 6 th year as a media partner.

Thank you to the RSA Conference team.

Thank you to CDM readers!

See you at RSA…”

15

Cyber Defense eMagazine December 2017 Edition Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.

WHY DECEPTION TECHNOLOGY WILL CHANGE THE GAME IN OUR FAVOR AGAINST CYBERCRIME AND BREACHES

As I said in my recent presentation on Time-based Security, which was first discovered and written about by Winn Schwartau in his book of the same title, either we find a way to make breaches go slower or we must be able to detect and respond to them much faster. On one side of the coin, we have the concept of honeypots and encryption and on the other side we have real-time threat intelligence through A.I., machine learning and human intelligence.

I’ve looked into honeypots for many years. I love http://www.honeynet.org because it is the first open source concept on deception technology that made it mainstream. However, many of us want to buy a commercial solution, just like, while it’s fun to deploy IP Tables, none of us really want to build our own firewall from scratch.

Then, I heard about Attivo and as one of the four CDM judges on our Infosec Awards from 2017, with them being one of our winners, receiving an overwhelming positive vote from the judges, I wanted to dig into what they are up to a little further and look at them within the purview of the Time-based Security model could a solution like the Attivo ThreatDefend™ Deception and Response Platform actually deliver a way to slow down the breaches, because, frankly, we’re not yet going fast enough to stop them?

With over 1500 breaches reported throughout the USA in 2017 alone, one has to wonder how attackers are able to bypass and remain undetected by security solutions that are available from over 3000 security technology providers. One could point to sophisticated automated and human attacks that are leveraging an evolving attack surface to penetrate perimeter defenses. However, most security professionals have come to accept that attackers can and will get into the network based on targeted attacks, human error, insiders, contractors or suppliers.

17

Cyber Defense eMagazine December 2017 Edition Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.

If you are willing to accept this, then the center of focus shifts to detection

If you are willing to accept this, then the center of focus shifts to detection or the concept of time-based security. Time-based security is derived from what we will call exposure time (Et), which is compiled based on detection time (Dt) plus response time (Rt). Typically, security teams have been unable to react fast enough to stop the attack. The exposure time is too great meaning hackers are afforded a dwell time to complete their attack.

Early identification and response times need to improve to a tipping point above the exposure time (Et). When executed effectively, the attack is halted before data exfiltration or other damage can occur.

Deception technology plays a critical role in changing the asymmetry of the attack and is designed to provide the threat intelligence, counter intelligence, and adversary intelligence required to decrease exposure time. The Mandiant M-Trends 2017 report states that time to detection averages 99 days. Typical time-to-compromise continues to be measured in minutes, while time-to-discovery remains in weeks or months. Attivo Networks has developed an innovative deception-based solution to tackle the issue of exposure time head on. The Attivo ThreatDefend™ Deception and Response Platform

18

Cyber Defense eMagazine December 2017 Edition Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.

provides a globally scalable security control for early threat detection and accelerated incident response against attackers.

Detection Time (Dt)

Dynamic traps and lures essentially turn the network attack surface into a “hall of mirrors”, altering an attacker’s reality and increasing their costs as they are forced to decipher what is real versus fake. The solution operates differently than IDS or other database lookup or pattern matching solutions. It isn’t reliant on known signatures nor does it require time to learn or “get good” to add value. Endpoint deceptions also serve to close the gap on credential based detection and ransomware attacks by planting deception drives to misdirect the attacker to a deception server and keep them distracted while security teams are afforded the time to respond.

Key to early detection is the authenticity and attractiveness of the deception to the attacker. The Attivo deception decoys are built for the highest authenticity with real operating systems, a wide variety of application and data deceptions, along with the ability to run the same “golden image” software as production assets. The Attivo solution is designed for the evolving attack landscape, as you never know which point of entry an attacker will take.

The ThreatDefend™ platform has been proven at scale in global installations that include deployments in user networks, data centers, cloud, remote office, and in specialized environments such as POS, ICS-SCADA, IOT, SWIFT, telecommunications, and network infrastructure devices. Deception is notably designed to work throughout the phases of the Kill Chain and detect regardless of attack vector. Setting in-network traps and endpoint lures work to attract and detect the attacker during reconnaissance and lateral movement, when harvesting credentials for reuse, when conducting man-in- the-middle attacks, or when attempting to compromise an Active Directory server. The combination of network and endpoint deceptions detects attacks early and efficiently throughout the entire network.

19

Cyber Defense eMagazine December 2017 Edition Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.

Deception files that contain fake sensitive data already provide value by misleading attackers. New technologies like HoneyDocs (real or decoy files) with beaconing technology that provides call back when accessed by attackers are also being adopted for adversary- and counter-intelligence. Knowing what types of files are being targeted, by whom, and having insight into where the data ends up can be crucial in knowing where to focus additional security.

Maintaining attractiveness is critical to luring and detecting attackers. In addition to authenticity, deception must constantly refresh and reset the attack surface, so attackers cannot fingerprint and avoid deception. The Attivo deception campaigns use machine-learning to collect data on user information and network behavior. This information is then used to build new deception campaigns that can be easily and quickly deployed. Going one step further, Adaptive Deception campaigns automate the process and empower organizations to reset the attack surface on-demand as part of

security hygiene or during an attack. The use of deception campaigns is highly effective

to further delay and deter attackers as they become confused and are forced to start

over or else reveal themselves.

Gartner has openly recognized the efficiency of deception for APT detection, recommended it as a 2018 initiative, and acknowledged Attivo Networks for having the most comprehensive deception platform.

Response Time (Rt)

A recent SANS survey indicates that only around 50% of companies can respond to a

discovered compromise in 24 hours or less, while remediation can take months. High- interaction deception technology plays a key role in not only detecting threats quickly, but also in identifying potential exposed attack paths. It can also accelerate incident response by analyzing attacker tactics, techniques, and procedures (TTP), identifying indicators of compromise (IOC), and automating incident response through 3rd party integrations.

20

Cyber Defense eMagazine December 2017 Edition Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.

The Attivo ThreatDefend platforms provides in-depth threat intelligence, which saves time by automating the gathering of TTP, attack analysis, and correlation of IOCs that can then be used to accelerate incident response. Threat intelligence and forensic evidence capture and catalogue attack activity to support understanding the attacker's objectives, which can be used to strengthen overall security defenses. Integrations with firewalls, security and event management systems, network access control products, and endpoint detection solutions empower the sharing of attack information to automate blocking and isolation of infected endpoints, as well as threat hunting. The ThreatOps™ solution can create repeatable playbooks, simplifying incident response and negating the need for additional resources to mitigate an attack.

Protection Time (Pt) and Exposure Time (Et)

As you now know, either we must go fastter in our Detection Tim and Response Time or we must make breaches go slower. So think about this, the amount of protection you have on your network, to keep the prying eyes and cyber criminals from stealing the data, the best chance you won’t be robbed, just like having a strong vault at the bank. However, a strong vault is not enough. If someone steals the keys to the vault (keyloggers, malicious insiders, spear phishing dropping remote access trojans RATs), where does that leave you? Extremely vulnerable from the inside out. So we need to increase our Protection time (how long it takes to breach us) and it must be greater than our Detection time plus Reponse time, or we lose and the cyber criminals win.

Pt must always be greater than Dt plus Rt, or:

Pt > Dt + Rt

and if we can’t find ways to speed up our detection and response to be faster than the cyber criminals, we’re completely exposed. That’s why I’m so excited about Honeypots and the commercialization of Deception technology by Attivo. Expect this to be an

21

Cyber Defense eMagazine December 2017 Edition Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.

explosive market in the coming years, and I’m telling you about the first vendor on the block to get it right.

Exposure Time (Et) = Detection Time (Dt) + Response Time (Rt)

Deploying the Attivo deception platform will play a critical role as both a detection and incident response security control, ultimately tipping the scale on exposure time and putting the balance of power back into the security team’s hands.

Many organizations have deployed it and are realizing the benefits of the platform, such as early detection of advanced threat actors, delaying and disrupting their activities, and accelerating incident response to mitigate their activities. Attacks will continue to happen at ever-increasing rates, and organizations seeking to avoid being the next breach headline would do well to implement deception technologies.

headline would do well to implement deception technologies. 22 Cyber Defense eMagazine – December 2017 Edition

22

Cyber Defense eMagazine December 2017 Edition Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.

In summary, this is a solution to checkout – we’ve made this our opening article in this

December edition of our eMagazine because we want it to be first on mind for 2018

it’s so promising – to slow down the breaches. While our next article is about speeding

up Dt – detection rates, using A.I., you’ll need do both if you wish to manage your

InfoSec risk dilemma by thinking about Time-based Security as a forward thinking

model. On increasing your Pt Protection time or reducing Et, your Exposure time, this

is something you simply must look into if you consider yourself a forward thinking,

proactive, offensive infosec professional who is tired of the breaches and tired of being

victimized. Get Deception technology into your 2018 budget cycle and you’ll be pleased

with the results.

About the Author

and you’ll be pleased with the results. About the Author Gary S. Miliefsky is the Publisher

Gary S. Miliefsky is the Publisher of Cyber Defense Magazine, a globally recognized cybersecurity expert, inventor with issued ecommerce and cyber security patents and founder of numerous cybersecurity companies. He is a frequent invited guest on national and international media commenting on mobile privacy, cyber security, cybercrime and cyber terrorism, also covered in both Forbes and Fortune Magazines. He has been extremely active in the infosec arena, he is an active member of Phi Beta Cyber Society (http://cybersecurityventures.com/phi-beta-cyber/), an organization dedicated to helping high school students become cyber security professionals and ethical

hackers. He is a Founding Member of the US Department of Homeland Security (http://www.DHS.gov), the National Information Security Group (http://www.NAISG.org) and the OVAL advisory board of MITRE responsible for the CVE Program (http://CVE.mitre.org). He also assisted the National Infrastructure Advisory Council (NIAC), which operates within the U.S. Department of Homeland Security, in their development of The National Strategy to Secure Cyberspace as well as the Center for the Study of Counter-Terrorism and Cyber Crime at Norwich University. Gary is a

Reach him at

member of ISC2.org and is a CISSP®. http://www.cyberdefensemagazine.com/about-our-founder/

23

Cyber Defense eMagazine December 2017 Edition Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.

RAISING YOUR THREAT IQ: THE IMPORTANCE OF DEMOCRATIZING THREAT INTELLIGENCE

By Travis Farral, director of security strategy at Anomali

Threat intelligence continues to become a more ubiquitous feature of information security programs as its value in detecting and preventing attacks becomes more clear. Whether organizations have a full threat intelligence team, ingest threat feeds, or simply leverage threat intelligence features found in common security tools, they are benefiting from threat intelligence in one way or another.

From the prior article, by the Publisher of Cyber Defense Magazine, you can see how important speeding up Detection time and Response time is to successfully mitigating breaches. With better, faster, democratized sharing of threat intel, we may have a chance to start winning the battle and stopping the breaches. Until systems in the marketplace are fast enough to defeat the latest threat, we lose as seen in the graphic, below, provided by Gary Miliefsky from his Time-based Security presentation:

by Gary Miliefsky from his Time-based Security presentation: 24 Cyber Defense eMagazine – December 2017 Edition

24

Cyber Defense eMagazine December 2017 Edition Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.

Part of the core value proposition of threat intelligence is its collectiveness––the more it’s shared, the more valuable it becomes. When an attacker targets one business that is leveraging comprehensive threat intelligence, it is battling the combined knowledge of multiple organizations, giving it an advantage.

However, many organizations using intelligence still hesitate to share their own intelligence more broadly. A recent study from the Ponemon Institute found that only 50 percent of organizations currently participate in industry-centric sharing initiatives such as Information Sharing & Analysis Centers (ISACs), which provide industry-relevant intelligence, a place to collaborate with peers and network with other security teams. Of those organizations, the majority (60 percent) only receive threat intelligence through ISACs but do not contribute intelligence.

Many organizations cite a variety of concerns and hesitations that prevent them from actively sharing their own intelligence more broadly, but a lot of these fears are myths that can be easily dispelled. For instance, some organizations cite privacy and liability concerns as a key reason for not contributing to threat sharing initiatives. However, it is possible to keep sensitive information private while still contributing to threat sharing initiatives. In addition to protective provisions from the Cybersecurity Information Sharing Act of 2015 (CISA), one way to avoid these concerns––and a good practice in general––is to scrub threat data for any sensitive corporate information before sharing. Even if this limits the amount you’re able to contribute, a little bit can go a long way in helping other organizations spot attackers.

Many small organizations believe their cybersecurity programs are too little or their budget is too limited for them to share anything that would be of value to other organizations––but this is never the case. Even for big corporations that are frequently targeted by attackers, there are additional details that can be missed. For example, no organization sees every possible variant of phishing emails that comes through their business. Sharing whatever you can, even if it seems insignificant, can add critical context and visibility that complements other shared intelligence.

25

Cyber Defense eMagazine December 2017 Edition Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.

There are also some organizations that fear the possibility of revealing a breach, which

makes them reluctant to contribute to threat sharing initiatives. The reality is that while it

may not be ideal for other organizations to know you’ve been compromised, it’s

important that you spot a breach sooner rather than later, even if that comes through

intelligence sharing. Pushing out breach details quickly can help bring quicker answers

to incident response challenges thanks to the additional resources from other

organizations adding their skills and expertise to the event.

For organizations that are hesitant to share intelligence but are looking for simple ways

to contribute, there are a wide variety of options. A simple first step is identifying tools

and communities you can leverage. ISACs are easy to get involved in and typically have

mechanisms in place to ease threat sharing. You can also establish partnerships

beyond your vertical through localized entities such as Fusion Centers or use standards

like STIX and TAXII to streamline the process of sharing. There are a number of free

tools available that can help you to both contribute to and receive from common threat

feeds.

By democratizing threat intelligence, organizations can pass information more quickly,

make better judgements and deliver more insightful analysis to stakeholders and

intelligence consumers. Changes to malware, infrastructure, new tools, new techniques,

actor behaviors, campaigns, and other intelligence-related details can all become

quickly known across a multitude of organizations. Ultimately, the bad guys may be

trying to compromise single organizations but are battling a collective in the process.

About the Author

are battling a collective in the process. About the Author Travis Farral is the Director of

Travis Farral is the Director of Security Strategy at Anomali. He has a degree in Electrical Engineering Technology from Devry Technology Institute. He holds numerous security certifications including CISSP GPEN GSEC GCFA GCWN GCIA GCIH MCITP - Enterprise Administrator MCITP - Server Administrator and can be reached either at Anomali or on LinkedIn here:

26

Cyber Defense eMagazine December 2017 Edition Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.

‘TIS THE SEASON TO PREPARE YOUR E-COMMERCE BUSINESS TO EFFECTIVELY FIGHT FRAUD

With the holiday shopping season fast approaching, e-commerce companies are once again planning for and preparing to profit from the increasing numbers of shoppers who purchase their gifts online. While etailers anticipate heavenly profits, they’re also wary of the earthly reality of CNP fraud. Does the increased opportunity of the holiday season also contain an equally increased risk of fraudulent orders and costly chargebacks?

While this fear might seem logical, the reality is the Grinch of fraudulent orders is unlikely to steal the yuletide bounty. This is because e-commerce fraud rates actually significantly decrease during the holiday shopping season - not because fraudsters are taking a break, but because of the huge influx of legit shoppers during this time. This is especially true for the three kings of Cyber Monday, Black Friday, and New Year’s Eve.

kings of Cyber Monday, Black Friday, and New Year’s Eve. 27 Cyber Defense eMagazine – December

27

Cyber Defense eMagazine December 2017 Edition Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.

Change your fraud prevention focus

Since the percentage of all orders which are fraudulent drop during this time, online merchants face a higher risk of turning down legit orders unless they adjust their fraud prevention systems. Declined legit orders mean lost revenue, not only for that particular order, but also any future online orders which will now be diverted to your competitors because your crude fraud filter seriously dampened that shopper’s holiday spirits by mis-labeling them as a criminal. This is precisely why many etailers are switching to more advanced e-commerce fraud protection solutions, like the machine learning-based service offered by Riskified.

Not only is there a danger in overreacting to the actual fraud risk, e-commerce companies can also make costly mistakes when it comes to manual review of suspicious orders. The huge surge of shoppers during this time results in a large volume of orders which need to be manually reviewed by analysts who then accept or decline the order. This in turn forces online merchants to add seasonal hires to their fraud review team as well as increase the workload on permanent staff, both of which can result in inaccurate, rushed decisions (especially if the seasonal hires are new to fraud prevention).

Help bring joy to the world: don’t falsely decline international orders

Rushed decisions and fear of chargebacks often result in more false declines and thus lost revenue. What compounds this problem of false declines during the holiday shopping season is not only the already discussed quantity of orders, but also their quality, because perfectly legitimate holiday e-commerce shopping can have one or more indications of a fraudulent order.

One of these is a mismatch between the billing address of the card used and the shipping address of the gift, which can indicate a fraudulent order. It can also indicate, however, a consumer shopping for friends or family and choosing to have the

28

Cyber Defense eMagazine December 2017 Edition Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.

merchandise shipped directly to them. The fact that many online merchants offer gift

wrapping before shipping makes this all the more convenient.

Another example is an international shopper using their non-US card (with an overseas

billing address) for payment, but requesting a US shipping address. This could be a

fraudulent order from a criminal in a foreign country using a reshipping service to

conceal their location.

This could also be a legitimate international shopper using a reshipping address

because the merchant doesn’t ship products globally, but they still want jump on a great

deal. This example combines the billing/shipping address mismatch of the previous

example with international factors - foreign card and use of a reshipperwhich often

raise red flags and thus can get falsely declined.

By responding to the actual size of e-commerce fraud risk, switching to more

sophisticated fraud prevention solutions, and optimizing their manual review policies,

online merchants can both boost their revenue and minimize their losses from

fraudsters this holiday season.

About the Author

losses from fraudsters this holiday season. About the Author Nathan Sykes loves to write about all

Nathan Sykes loves to write about all things technical and especially about electronic commerce. He is a Tech and Business Writer at Finding an Outlet, located here:

http://www.findinganoutlet.com and his LinkedIn profile is

found

here:

Please visit his website or LinkedIn profile for more information or to reach him directly or visit his Twitter feed located here: https://twitter.com/nathansykestech

29

Cyber Defense eMagazine December 2017 Edition Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.

HOW TO SECURE YOUR NETWORK TRAFFIC?

By Milica D. Djekic

The computer network is a group of devices being connected to the internet and forming a big web entity out of them. It’s quite good to mention that the computer or device network in case of the Internet of Things (IoT) would deal with the devices getting assigned different IP addresses and each machine in that group would have so unique IP address. This is quite helpful to know to better understand how such a network works and how its traffic goes. Dealing with the organization’s network means – getting a chance to configure so many computers being supported with the network’s gadgets such as modems, routers, hubs and switches.

gadgets such as modems, routers, hubs and switches. There are several netwo rk’s configurations being applied

There are several network’s configurations being applied in the practice and at this stage – let’s say – that’s the task to network administrators and engineers to decide how they could define their networks. So many organizations would use wireless internet and some of them would rely on a broadband connection requiring a lot of wires and cables. From the network’s administration point of view – there are some advantages and disadvantages in applying some of those solutions. For instance, the wireless

30

Cyber Defense eMagazine December 2017 Edition Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.

internet is more cost-effective as it would not use so many cables and wires as wired web would consume, but on the other hand it would deal with some drawbacks such as the electromagnetic field interference that could slow down the information exchange.

The experience would suggest that many people would use the combination of these two solutions and they would be satisfied with the outcomes getting from such a configuration. Also, we would want to mention that the point of this review would be on the network’s security and for such a reason we would talk about tactics and approaches you could apply to make your network experience being more suitable.

It’s quite well known that devices being connected in the computer’s network would communicate with each other as well as with the external web. In order to avoid the cyber-attacks you should know that if one computer in the network gets infected with the viruses, worms, spyware or ransomware there is the quite huge risk that within the very short period of time the entire network could get infected as well and in such a case you should try to apply the well-known disaster recovery and business continuity procedures. Sometimes it’s not that easy to repair your computers from some sort of hacker’s attacks and in the practice – it would require lots of skills and experience. In other words, you should always get aware that the cyber diversion may occur and for such a purpose you should create the role within your enterprise that would be responsible for IT security.

As your business is getting bigger and bigger you would need more IT security professionals that would maintain the risk within your organization’s network at the lowest possible level. In the practice, many big organizations would deal with the security operation centers (SOCs) and at such a place you would find so many IT security professionals, analysts and cyber geeks that would watch after your critical asset. The current situation would indicate that we need more experts in the area of cyber defense especially in the private sector which would pull the entire economy of any country. Many developed societies in coordination with their governments would create so useful documents suggesting how the good practice should appear in a reality. Intentionally, we would not say the best practice as many people would call

31

Cyber Defense eMagazine December 2017 Edition Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.

those procedures and policies because they should always be improved and that’s way we would believe they got the quite good and not the best ones.

would believe they got the quite good and not the best ones. Some researchers would suggest

Some researchers would suggest that we should try to avoid the hacker’s tools getting remotely connected to our devices. The recommended way to do so is to set up your Firewall either being software or hardware by its configuration. Through our research, we would find some sources that would claim we should follow the quite good practice of disabling the inbound connections within our Firewall protection. In other words, those researches would indicate that most of publicly available hacking tools would use our inbound ports in order to obtain the access to our devices. If we block those connections we could reduce the risk from being hacked. In addition, we would get the information that the entire web traffic could get transferred from inbound to outbound ports and if we do so we should count on less threatening network’s communications. On the other hand, if you use some messenger tool for – let’s say – chatting purposes you should define its inbound port being opened because in opposite – your messenger would not work at all. Well, let’s say that we have defined some inbound port for the messenger communications and we have assured that we could take advantage over that tool. In such a case, the hackers could try to exploit that vulnerability attempting to access your computer and the entire network through that port. Finally, you would agree that configuring the network’s traffic is the quite trickery job and it seeks a lot of knowledge to get obtained.

One more suggestion we could make regarding the secure network’s traffic is that we should try to get the difference between public and private IP address. The private IP address is the IP address that would belong to your physical device, while the public IP

32

Cyber Defense eMagazine December 2017 Edition Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.

address is the one that would get recognized from the web. Many cybersecurity experts would agree that if you make your public IP address being different from your private IP address – you could make your network’s communications being more reliable and secure. For such a purpose, people would use many different tools and the most applied in such a case is a Virtual Private Network (VPN) gadget. That application would hide your private IP and possibly the entire location and make your internet experience being more convenient. Maybe this could be the good tip to many network’s administrators and engineers doing the configuration of your network.

In conclusion, putting the group of devices in the network is the task that would look for so many skills. On the other hand, making such a network being secure is the real challenge. In other words, you need to manage the feasible risk every single day and even if you are fully concentrated on that task you could get the victim of cyber breach. The purpose of this review is to suggest some of the examples of the good practice and not to provide the silver bullet to all existing concerns. In this case, the silver bullet would not exist and the only thing we can rely on is the hard work.

About the Author

only thing we can rely on is the hard work. About the Author frequent contributor to

frequent

contributor to Cyber Defense Magazine. Since Milica Djekic graduated at the Department of Control Engineering at University of Belgrade, Serbia, she’s been an engineer with a passion for cryptography, cyber security, and wireless systems. Milica is a researcher from Subotica, Serbia. She also serves as a Reviewer at the Journal of Computer Sciences and Applications and. She writes for American and Asia-Pacific security magazines. She is a volunteer with the American corner of Subotica as well as a lecturer with the local engineering society.

is

a

well-read

and

33

Cyber Defense eMagazine December 2017 Edition Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.

TEN KEY ENTERPRISE ENDPOINT SECURITY BEST PRACTICES WITH ANDY MALONE

By Bill Bernat, Director and Technology Evangelist, Adaptiva

I recently invited security expert Andy Malone to join me and co-host Ami Casto for an episode of the Enterprise Endpoint Experts (E 3 ) podcast. Andy is a Microsoft MCT and MVP, popular security author, consultant, and speaker. He’s also a sci-fi author, which you can learn more about by listening to the podcast at www.adaptiva.com/blog/2017/enterprise-endpoint-security-windows-10-andy-malone. In this blog, I pick out 10 of the important security configuration management best practices he shared with us.

configuration management best practices he shared with us. 1. Keep Windows Up to Date The most

1. Keep Windows Up to Date

The most important thing for any company to do to stay secure is to apply OS updates to all systems as quickly as possible. Andy puts it this way, “Patch, patch, patch. And when you finish patching, patch some more.”

While some companies force users to update, some give them more leeway. Microsoft used to make this a lot easier, with less frequent updates on Patch Tuesdays. Now, it’s more of a drip, drip, drip. Part of the issue is that updates can require a reboot, which

34

Cyber Defense eMagazine December 2017 Edition Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.

users tend to disable. Microsoft is helping by allowing users to schedule their updates and delivering other enhancements to the process.

Delivering updates to all users quickly also challenges businesses. In a recent survey of IT pros by Adaptiva, over half of respondents indicated it can take a month or more for IT teams to execute Windows OS updates. That ultimately leaves systems vulnerable, and companies should work to patch much more quickly.

2. Switch Off Any Services You’re Not Using

This seems like a no-brainer, but a number of companies don’t fully lock this down. Do you know which services your company is allowing and disallowing? Are you monitoring endpoints for rogue services and cracking down on it? If not, you should be.

3. Disable Any Ports That You Don’t Need

Open ports are a red carpet welcome for a variety of cyberattacks. Every company knows this. Yet many companies still don’t lock ports carefully. Or they do it once and then don’t verify compliance on an ongoing basis. Every Windows endpoint should be port-restricted to use only what’s needed—at all times.

4. Don’t Forget Your VMs!

Andy says it’s amazing how many people do their physical systems and overlook the VMs when it comes to applying updates and other security configuration management policies. Your virtual machines are just as vulnerable a target as physical computers. Cyberattackers don’t discriminate.

35

Cyber Defense eMagazine December 2017 Edition Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.

5.

Stay on Top of Third-Party Patching

In the cybersecurity industry, the focus has moved away from attacking operating systems. It’s shifted to applications and mobile as well. So, application updates are no longer about functionality, they’re also about security. Antivirus is critical, but it’s just one of many third-party applications.

With tools like Configuration Manager or Intune, you can actually download the updates from the vendors and then push them out to your users. However, both products are limited to specific software vendors in different ways. That means administrators have to do a lot of heavy lifting or find some other solution to keep third-party patching current. You can learn more about the challenges in the E 3 third-party patching podcast with Duncan McAlynn at soundcloud.com/adaptiva/e3-podcast-duncan-mcalynn.

6. Office 365 Shops Should Check Their Secure Score

In a corporate environment, companies really are paying more attention to how they lock down Office 365. They need to make sure data isn’t leaked and that business units aren’t sharing data to other business units. Microsoft data loss prevention can help, but it’s just another tool to configure. The question is: are your systems configured correctly?

To this end, Microsoft has a piece of software called Secure Score. It analyzes the security of Office 365 across your entire organization. The solution analyzes things like users’ regular activities and security settings. Then it gives you a sort of “credit score for security.”

You as an administrator can run Secure Score on your Office 365 portal. The higher the score, the more secure you are. Microsoft gives you all of the security tools but doesn’t necessarily configure them for you. You might go in and find that you have a horrible score. At least you’ll know what to do to fix it!

36

Cyber Defense eMagazine December 2017 Edition Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.

7.

Make Sure You Have a Documented Desktop Configuration Policy

Make sure you’ve got a good security policy for dealing with access to your common desktop. Is the user allowed to do anything they like? Or is it cut down? Do you have a VPN access policy, and what is it? What is your policy for identity and authentication?

There’s a whole world of things that you could do—far too many to mention here. However, if you don’t document the policy as a starting point, you will almost certainly have vulnerabilities.

8. Use Multi-Factor Authentication

Definitely consider multi-factor authentication (MFA). MFA is very practical now, with fingerprints, facial scans, etc. Biometrics really has changed the game, though other forms of secondary authentication are fine. The main thing is don’t rely exclusively on usernames and passwords anymore.

9. Have an Incident Response Plan in Place

Your company should have a set of procedures in place for the “what if” scenario. This way, you are prepared if you get hit with malware, if there’s a disaster, or if there’s some kind of data breach. If you have a plan already, “you don’t run around like a headless chicken,” as Andy puts it. You need to flip over to “Okay, right, there’s a procedure for that; let’s deal with it.”

Remember that you might need to restore data. When talking about security, we often talk about computer security. For a company, however, the topic of information security looms large. A company needs to be prepared to bring back data if and when an incident occurs.

37

Cyber Defense eMagazine December 2017 Edition Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.

10. Have Them Sign a Security Awareness Agreement

Social engineering is the biggest hammer cyberattackers have. Over 80 percent of breaches come from within a company. It’s not that employees are evil, they don’t usually mean harm. Andy jokes, “Stupidity. There’s never a patch for stupidity.” But, really, he knows all the people at your company are smartjust lacking training.

Training an entire company on cybersecurity is a massive undertaking but will make a huge difference. Your company should conduct security awareness training and take users through it. Once they have passed, have them sign an awareness agreement. The agreement says, more or less, “Okay, we have a web access policy, and I know what it is. Same for our email access policy, VPN policy, etc.” Then, there really is no excuse.

Learn more!

The podcast goes into more detail about MDM, the cloud, and other security topics. Plus, Andy answers the question, “Would you rather be able to see 10 minutes into your own future or 10 minutes into the future of everybody else?” You can also follow Andy at andymalone.org and on Twitter @andymalone.

If you’d like to learn more about automating verification of security policy and all the items we’ve mentioned here, visit www.adaptiva.com/client-health.

About the Author

visit www.adaptiva.com/client-health . About the Author Bill Bernat , director and technology evangelist at

Bill Bernat, director and technology evangelist at Adaptiva, has worked in the technology industry for over 25 years. Before joining the team at Adaptiva, Bill was the web publisher at OpenText and a technical editor for Penton’s Streaming Media Magazine. He spent many years as a programmer and engineering manager for a variety of organizations including NASA, Union Bank of California, and Banc of America Securities. For more information, please visit www.adaptiva.com and follow the company on LinkedIn, Facebook, and Twitter.

38

Cyber Defense eMagazine December 2017 Edition Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.

BITCOIN, BLOCKCHAIN AND BREACHES

From Bitcoin to Blockchain from Ethereum to Wallet software and from Online Trading sites to Litecoins, we’re covering it all here. Right now at CDM, we are VERY CONCERNED with many people jumping into the Crypto-currency world and getting ripped off, like in the early days of the Forex, which sparked the Office of Comptroller of Currency (OCC.gov) and others to get involved and regulate the Forex trading exchanges due to so much rampant fraud.

the Forex trading exchanges due to so much rampant fraud. Some of the top reasons we

Some of the top reasons we have concerns are:

Computers and mobile devices are infected with zero-day key-loggers from cyber criminals and nation states;

39

Cyber Defense eMagazine December 2017 Edition Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.

Electronic Wallets for storing bitcoin related information will be run by novices who don’t understand strong crypto, strong password management, multi-factor authentication and good computer hygiene including patch management, vulnerability remediation, next generation antivirus cleanup, advanced firewalls, host-based intrusion prevention and even daily backups. Wallets will be easily compromised and crypto-currencies stolen;

Few online trading sites and platforms will be 100% trustworthy and none will be 100% secure. Expect online trading fraud, theft of online cryptocurrency accounts and online hacking to run rampant in this space.

Stay tuned for our upcoming articles that will shine a light on this dark area of commerce. When regulators jump in due to fraud it can be a good thing but for a crypto-currency it will most likely cause the bubble to burst and we’ll see the Internal Revenue Service (IRS.gov) push for it to be treated as a form of currency when, for now, they and the US Treasury (treasury.gov) call it an ‘asset’ like a book or your house. It won’t take much for the growth of crypto-currency tied to the attraction of a soft-underbelly hacking target to make this a reality. Bookmark this page and keep an eye on it: http://www.cyberdefensemagazine.com/bitcoin-blockchain-and-breaches/

40 Cyber Defense eMagazine – December 2017 Edition

40

Cyber Defense eMagazine December 2017 Edition Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.

CYBERSECURITY IN 2018 FIGHTING AN EVOLVING THREAT

INSIGHTS

Cybersecurity: Fighting a Threat That Causes $450B of Damage Each Year

With recent high profile hacks of companies such as Uber, Equifax, and HBO, it’s safe to say that cybersecurity is already top of mind for many of the world’s biggest companies.

However, as billions of more devices get connected to the internet every year including many that are not properly secured this cybercrime threat is evolving quickly, and the stakes are rising as well. Experts estimate that cybercrime caused $450 billion of damage to the economy in 2016, and that number is expected to increase to $6 trillion by 2021.

Today’s infographic, which comes to us from Evolve ETFs, covers the growing threat of cybercrime along with the associated boom in global cybersecurity spending.

SITUATION: CODE RED

The potential impact of a large-scale cyber attack is bigger than ever, and today cybersecurity is a number one concern for businesses, governments, and individuals.

Since 2013, over nine billion records have been lost or stolen globally, and nearly two billion of those were breached in the first half of 2017 alone.

With 80% of the value of Fortune 500 firms stemming from intellectual property (IP) and other intangibles, this means that the digitization of assets comes with massive risks. According to a joint report by Lloyd’s and Cyence, a single large-scale attack could

41

Cyber Defense eMagazine December 2017 Edition Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.

cause up to $53 billion in damages, which is comparable to the size of a natural disaster.

The potential firepower behind today’s cyber threats are enough even to catch the

attention of top defense officials. In a survey of 352 national security leaders, the

greatest threat facing the United States is not terrorism (26.3%) cyberwarfare (45.1%).

– it’s actually

FIGHTING CYBERCRIME

Businesses are more focused than ever on protecting themselves and their data from increasingly advanced and complex threats.

In a recent survey by Marsh LLC and Microsoft, of the many global companies that are subject to new privacy rules in Europe, 78% of senior executives are planning to increase spending on cyber risk management in the next 12 months.

Reducing the cost of security breaches by only 10% can save global enterprises $17 billion annually.

MORGAN STANLEY

As a result, the cybersecurity sector continues to be one that is on the rise. Spending is increasing particularly in four key areas: security analytics (SIEM), threat intelligence, mobile security, and cloud security and global cybersecurity spending is expected to grow at a 9.5% CAGR to hit $182 billion in 2021.

Interested in finding out more? Have INSIGHTS that you wish to share? We’re building up an entirely fresh and new content area at CDM to help the infosec industry gain new INSIGHTS. Please email chrish@cyberdefensemediagroup.com for more information.

42

Cyber Defense eMagazine December 2017 Edition Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.

HOW WILL THE CHANGES IN THE GDPR WORK?

First, let’s get the basics on GDPR and then we’ll go through a really well done infographic to cover the changes in the GDPR.

DEFINITION of 'General Data Protection Regulation (GDPR)'

The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information of individuals within the European Union (EU). The GDPR sets out the principles for data management and the rights of the individual, while also imposing fines that can be revenue based.

The General Data Protection Regulation covers all companies that deal with the data of EU citizens, so it is a critical regulation for corporate compliance officers at banks, insurers, and other financial companies. GDPR will come into effect across the EU on May 25, 2018.

BREAKING DOWN 'General Data Protection Regulation (GDPR)'

The GDPR adds to the EU’s general policy of protecting citizen’s data. In addition to the notifications of collection and legal ramifications for misuse, there is also a requirement to obtain explicit consent, notify in cases of a hack or breach, appoint dedicated data protection officers and much more. For financial institutions, the new rules will require significant investments in compliance to ensure continuing access to the EU market.

The new rules are also pushing firms to pseudonymize personally identifiable information (PII) prior to processing it, meaning that the data can’t be attributed back to a particular person. The pseudonymization of data allows firms to do some larger data analysis - such as assessing average debt ratios of its customers in a particular region -

43

Cyber Defense eMagazine December 2017 Edition Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.

that would otherwise be beyond the original purposes of data collected for assessing creditworthiness for a loan.

GDPR Versus Big Data

The GDPR has effects beyond lending, insurance and other firms where sensitive personal data is collected and processed as a matter of course. The rules apply to the human resources record of employees and even the IP addresses of people using online services. The GDPR builds upon data rights that the EU has been pushing for, such as the right of an individual to be forgotten and the right to data portability.

As such, it is expected that the GDPR will lead to data minimization where companies willingly prune down the amount of information they collect to the functional essentials needed to complete a transaction. This could be a reversal of one of the big data trends where companies seek to collect and analyze as much data on their customers as possible in order to gain new insights.

This analysis can still take place after appropriate pseudonymization, but other data rights prevent those insights from being used to profile customers in a way that could be discriminatory or put them at a financial disadvantage. As the GDPR is a new regulation, there will no doubt be a period of adjustment where gaps and thorny issues like profiling are addressed.

Thanks to our friends at ExigentNetworks for the great infographic that follows….

44

Cyber Defense eMagazine December 2017 Edition Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.

45 Cyber Defense eMagazine – December 2017 Edition Copyright © 2017, Cyber Defense Magazine, All

45

Cyber Defense eMagazine December 2017 Edition Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.

46 Cyber Defense eMagazine – December 2017 Edition Copyright © 2017, Cyber Defense Magazine, All

46

Cyber Defense eMagazine December 2017 Edition Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.

47 Cyber Defense eMagazine – December 2017 Edition Copyright © 2017, Cyber Defense Magazine, All

47

Cyber Defense eMagazine December 2017 Edition Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.

48 Cyber Defense eMagazine – December 2017 Edition Copyright © 2017, Cyber Defense Magazine, All

48

Cyber Defense eMagazine December 2017 Edition Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.

49 Cyber Defense eMagazine – December 2017 Edition Copyright © 2017, Cyber Defense Magazine, All

49

Cyber Defense eMagazine December 2017 Edition Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.

50 Cyber Defense eMagazine – December 2017 Edition Copyright © 2017, Cyber Defense Magazine, All

50

Cyber Defense eMagazine December 2017 Edition Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.

NONPROFITS CANNOT IGNORE CYBERSECURITY

By Chloé Messdaghi, Digital Marketing Manager, Kenna Security

Prior to joining Kenna Security, I worked with many nonprofits around the world. Each focused on providing shelter, education, health services, and food to children in need. The mission was clear and critical.

Executing that mission wasn’t so easy. Nonprofits run on donated money. Though our goal was to save children, the strategy to drive the mission forward was to focus on donations, extending our reach, and improving services at the lowest possible cost. We hardly considered IT security as an issue because, well, we were focused on helping kids, not fighting hackers. We not only ignored the danger, we were oblivious to it.

I recently joined the Kenna Security Team. Since joining, I quickly realized that the nonprofits (and kids that benefited from it) were actually placed in very real danger. One successful data breach could have brought down the organizations and ended their missions, which in return risks the lives of millions of children and their families around the world.

In a revealing study The Global Cybersecurity Index (GCI) 2017 Report published alarming statistics that unveiled that severe vulnerabilities are prevalent in the nonprofit technology infrastructure. While virtually every large nonprofit “has” security, a recent survey by CohenReznick, showed that more than 70% of nonprofits have not run even one vulnerability assessment to evaluate their potential risk exposure. Even more, 69% do not even have a cybersecurity response plan in place. These stats are particularly frightening when you consider that nonprofits are more than likely to use free open source solutions with well known vulnerabilities and weaponized exploits hackers will use to efficiently effect a breach.

There are “good” reasons for this rather dangerous situation. Limited budgets, staff and expertise are several. Single minded focus on the mission may be another. Whatever

51

Cyber Defense eMagazine December 2017 Edition Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.

the reason, the result is that nonprofits have become an easier mark for hackers than their corporate brethren.

This is alarming given that most nonprofits run on donations transacted using particularly sensitive and valuable information. Accepting money and providing receipts alone requires (legally) sensitive credit card numbers and tax IDs. Even more, anonymous donors to, for example, nonprofit political organizations, will consider their names and other typically “non sensitive” information extremely sensitive, adding even more value to the data. Hackers like high value information.

Worse still, few consider that the personally identifiable information of the affected population is valuable to hackers as well. Sometimes, the same information is used in micro-grants or to fund SIM cards that provide access to basic needs, which can easily be diverted. Other times, hackers are interested in selling the locations of aid workers for distributing malicious reasons.

This makes data privacy existentially important to a nonprofit. Nonprofits depend on a population of hopeful and willing donors to trust them. These donors assume that not only will money they donate be utilized efficiently, but that their act of goodwill won’t be punished because of a data breach. Once that trust is lost, funds will certainly flow to more trusted organizations, ending the nonprofit’s mission, which may, in fact, be the hacker’s aim.

So with the lack of resources and funds, what should nonprofits do? Corporate forprofits typically focus on detecting and responding quickly to attacks. These measures often need to be in place for compliance reasons. For all of the reasons outlined above, nonprofits can’t afford to react to a breach. Of course defenses should be in place, but first they need to predict and prevent successful attacks before they happen.

How? These three steps are a good start:

1. Assess your risk

52

Cyber Defense eMagazine December 2017 Edition Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.

Risk assessment can be conducted within the organization or use an outside specialist. From the assessment, one can then determine how vulnerable their IT security is and identify the sensitive data that may be targeted. Due to the constant attack on vulnerabilities, cyber assessments should be updated and reassessed as often as possible to make sure one remains protected from the latest threats. Better still if the assessment can be at-a-glance understood by non-technical users, so well-intentioned staff can take action to reduce the risk.

2. Build awareness & educate yourself and team

Make cybersecurity a top priority and security awareness part of the organization’s culture, for example all employees should attend cyber security trainings. There are six ways that the majority of cyber criminals enter a nonprofit’s database.

Absence of Password Policy Always make sure that every team member has two-factor authentication on. As well as, enforce a comprehensive password policy, which includes how long passwords need to be and how often passwords need to be changed.

Unsecured software Never skimp on software. Still to today there are nonprofits using out of date software and sometimes so old that it’s no longer supported by Microsoft. Make sure your computers and network operating system is always updated. The older the system is the more susceptible to data breaches.

Open-source software Saving money by using open source software is asking to be attacked since they tend to be extremely vulnerable.

Online payment processors Invest in a reputable online payment processor.

Not using cloud-based platforms Cloud-based products are usually free or low cost to nonprofits. By using the cloud, it allows nonprofits to outsource a big part of their security needs to leaders in the market, which then leverages technologies from those who have the budgets and resources to combat evolving threats.

Your employees (or former employees) Make sure that when an employee leaves, there are measures to make sure that all devices are wiped clean and access is denied, along with changing passwords and placing a two-factor authentication as well. For current employees, they should be educated on not clicking on unfamiliar emails or attachments since 70-80% of cyberattacks are carried out through email.

53

Cyber Defense eMagazine December 2017 Edition Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.

3.

Institute a cybersecurity breach response plan

Should a cyber attack occur, having a plan ready to go will ensure that all appropriate members are noted and react instantly to be able to work together faster and more strategic. When dealing with an attack, it is important to note that timing is critical to whether hackers can cover their tracks or steal more data from your systems.

By utilizing the above three preventive measures, it should assist with creating policies. Cyber threats are increasing and evolving, such as Wannacry, BadRabbit, and NotPetya. By being proactive, nonprofits will be better equipped for the upcoming security threats should it face a cyber attack. In return, nonprofits can continue doing the incredible work that they do and increase their services by fulfilling their impactful mission.

About the Author

by fulfilling their impactful mission. About the Author Chloé Messdaghi is the Digital Marketing Manager at

Chloé Messdaghi is the Digital Marketing Manager at Kenna Security. She also provides advising as a UN Volunteer, and serves as a board member for RUDEC

in Cameroon and Simuka Africa in Zimbabwe. Both

nonprofits' mission is for children's rights and equality.

In her free time, she travels the world, mentors change makers, and volunteers locally or abroad. Chloé holds

a Master of Science in Politics and International Relations Research degree from University of Edinburgh. Chloé can be reached online at chloe.messdaghi@kennasecurity.com and at our company website https://www.kennasecurity.com/

54

Cyber Defense eMagazine December 2017 Edition Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.

THE INTERNET WITHOUT NET NEUTRALITY

‘Absence of Net Neutrality Would Bring Multiple Challenges For Americans.’

Internet Regulations got Fired under Trump’s Presidency

A week before, the Federal Communications Commission (FCC) gathered and voted to eliminate net neutrality, though Americans are overwhelmingly against the idea. The most immediate consequence is the increasing prices, let’s see how the flow of accurate information would affect devastatingly.

Can you recall the old days of dial-up, when a video used to load online in hours? Well, you may experience that again, as this is going to be the reality because net neutrality regulations are abolished in US. For the novice, net neutrality is making a web just like a public utility, means internet traffic created equally for all the surfers and surfing is as quickly as possible; no restrictions and no delays while surfing internet. Net neutrality is another word for freedom of expression that enables users to share their ideas, rally together around, and speak truth to power to evade conventional media gatekeepers; ISPs would be more potent than other stakeholders.

Absence of net neutrality would bring multiple challenges for Americans, the most immediate ones are;

The Rise in Online Content Censorship

The war between fake and accurate information started back when internet replaced the traditional media; as per the report, only 17% of Americans consider news media, very accurate. Lack of net neutrality would worsen this fight, ISPs like Comcast and AT&T would utilize their power and limit the dissenting opinions using paywalls and throttling speeds. The paradigms of sharing information would be transformed when 77% of Americans with a smartphone would be unrestricted to access the internet freely.

55

Cyber Defense eMagazine December 2017 Edition Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.

The Price Hikes!

Internet providers are always in need to make money and unfortunately abolishing net neutrality is the long-run lobby created by giant internet providers. With no net neutrality, Internet providers can easily squeeze websites, charge for faster and/or exclusive services. Video on demand services like Netflix and Amazon would also be forced to cut down their exclusive deals with internet providers and charge from customers of competing service providers more.

Which internet service provider hold up for money, is not arguable, it’s all going to fall back on customers, who will have to pay to get the content accessibility. Without net neutrality, ISPs would rule the granting or denying accessibilities, and slow down the speed of sites that can’t afford to pay. Netflix raised voice to take a step against net neutrality abolishment and it looks like it’s becoming imminent that Netizens should start using a Netflix VPN to bypass speed throttling as long as the VPNs itself gets banned.

End of Freedom Of Expression?

The technological evolution has made two-way communication model possible, where not only large organizations can share information, but individuals also practiced their freedom to share their knowledge. Whether it’s a #OscarSowhite or #MeToo campaign, two-way communication model enabled multicultural millennials to play their part in all such online movements.

If you remember, so many pressing issues were ignored by the major media outlets but highlighted by the silence breakers; individuals. Lack of net neutrality would possibly allow ISPs to truncate or obstruct this model by restricting accessibilities.

This restriction compounded by de facto that few of the most significant ISPs have financial ties with their news outlets; this would restrict unconventional news and sources to access quickly. Media literacy encourages multiple sources to be used to check the authenticity; sadly it’s quite tricky in a post-net neutrality era.

56

Cyber Defense eMagazine December 2017 Edition Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.

The flexible internet allows youngsters to pursue their dreams, finding new ways to distribute information, market themselves, build businesses, and forge connections and what not, would all at risk with ending net neutrality. The internet has transformed multiple societies due to widespread availability bod versatilities, life without net neutrality would hamper such progress especially marginalized voices.

So, The Future Is All Gloomy?

Well, the real repercussions would be observed once ISPs start implementing the clauses they come up with and revised packages they’ll offer from now on. The ball is solely in their court now. Massive online and offline movements have already started against this menacing Net Neutrality law and many influencers and personalities have joined the movement, but the current situation doesn’t look very favorable.

About the Author

situation doesn’t look very favorable. About the Author Jane Collen is a new writer to Cyber

Jane Collen is a new writer to Cyber Defense Magazine and she is the Tech Analyst of the ReviewsDir. She is a tech-geek and loves to explore new opportunities.

She is currently dedicated to Reviewsdir.com. While Jane is not writing or ranting about newest tech industry gossip, you can find her practicing her yoga and photography, making documentaries.

57

Cyber Defense eMagazine December 2017 Edition Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.

PENETRATION TESTING CERTIFICATION: HOW TO GET & WHY GO FOR IT

ScienceSoft’s certified ethical hacker Uladzislau Murashka dwells on CEH certification

by Uladzislau Murashka, Certified Ethical Hacker, ScienceSoft

As cyber security threats grow in sophistication, a need for advanced approaches to penetration testing grows as well. At the same time, security professionals capable of implementing these approaches are in short supply. So, thousands of companies hunt for them, ready to pay quite a sum for qualified penetration testing services.

CEH certification has gained a distinguished reputation for being an indicator of a pentester’s proficiency. Let’s find out what stands behind these three letters: CEH.

find out what stand s behind these three letters: CEH. CEH (Certified Ethical Hacker) is an

CEH (Certified Ethical Hacker) is an advanced penetration testing certification issued by International Council of Electronic Commerce Consultants (EC-Council), an internationally recognized professional certification body. InfoSec Institute acknowledged this credential as number one among top security certifications in 2017, as it gives a recognized validation that a pentester complies with the standards of information security in ethical hacking measures.

58

Cyber Defense eMagazine December 2017 Edition Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.

CEH CERTIFICATION PATH

WHAT IS TESTED

Prospective certificate holders are tested in the following knowledge areas:

System Development & Management

System Analysis & Audits

Security Testing/Vulnerabilities

Reporting

Mitigation

Ethics

PREPARATION

A pentester has two options how to prepare for a CEH examination: official training and self-study.

The EC-Council offers instructor-led and online training sessions. The instructor-led training is conducted in accredited training centers, and the online version is based on iClass platform. The five-day course includes 18 modules covering 270 attack scenarios and costs either $850 (for US citizens) or $885 (for international students). After the course, an applicant continues self-education with the access to EC-Council laboratories. The overall preparation for CEH certification lasts for one year since the enrollment.

To take CEH examination without attending a dedicated training session, the candidate should have 2+ years of information security-related experience and a relevant educational background. In addition, such candidates are required to pay a non- refundable application fee of $100.

59

Cyber Defense eMagazine December 2017 Edition Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.

EXAMINATION

The CEH penetration testing certification exam lasts for four hours, during which candidates answer 125 multiple-choice questions. They have to demonstrate a wide range of skills, which include not only different types of web application and network penetration testing, but also social engineering, cryptography, malware threats, cloud computing, mobile platforms hacking, and more.

RESULTS

The pass mark for the exam is 70%. Successful candidates are issued a CEH credential, and receive a CEH welcome kit within 4-8 weeks after the exam completion date. The kit includes a hard copy of an EC-Council certificate and a welcome letter from EC-Council. Digital versions are available on the Aspen portal.

Digital versions are available on the Aspen portal. A sample of CEH certificate 60 Cyber Defense

A sample of CEH certificate

60

Cyber Defense eMagazine December 2017 Edition Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.

A sample of exam transcript VALIDITY The CEH credential is valid for three years. However,

A sample of exam transcript

VALIDITY

The CEH credential is valid for three years. However, in order to keep the certificate updated and have the ability to renew it later, a certificate holder has to achieve 120 credits per certification within the three-year period. Credits can be gained by attending conferences, writing research papers, reading materials on related subjects and attending webinars.

61

Cyber Defense eMagazine December 2017 Edition Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.

FEE POLICY

CEH penetration testing certification requires an $80 annual membership fee. This makes the certificate holders eligible to the following benefits:

Continued support from the EC-Council community.

One free certification voucher.

Exclusive discounts on EC-Council events, certification programs and materials.

WHY BECOME AN ETHICAL HACKER?

The terms penetration testing and ethical hacking are often interchangeable; however, there is a difference. The former is a more narrow term for the process of finding vulnerabilities in a target IT system. Penetration testers should be skilled in a specific area (for example, network penetration testing) and are not required to possess any formal proficiency credentials. Ethical hacking, in its turn, can be called advanced penetration testing. It encompasses application and network penetration testing, together with DDoS testing and social engineering. Ethical hackers should possess CEH certification, while penetration testers are not required to have any certificates.

It pays to be a certified ethical hacker for several reasons:

To get better salary. According to the InfoSec Institute, the average payout to a Certified Ethical Hacker in US is $71,331 per year (non-certified pentesters are paid $50,000 a year on average) and reaches $132,322.

To be highly valued on the professional market. Customers consider CEH certification among the key factors in their hiring decisions.

To discover more career opportunities. A certified ethical hacker is not limited to penetration testing and may take on the roles of a security engineer, application security manager, IT security administrator, information security consultant, security compliance engineer and network security analyst.

62

Cyber Defense eMagazine December 2017 Edition Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.

WHAT’S NEXT?

The CEH penetration testing certification alone is sufficient to validate a pentester’s skills, no matter whether it is application and network penetration testing, vulnerability assessment, DDoS testing or social engineering. Besides, it may serve as a foundation for advanced EC-Council certification programs. So, if you are looking for further opportunities in the information security domain, it’s worth considering the following certification programs:

Advanced penetration testing

Licensed penetration tester

Advanced securing windows infrastructure

Advanced mobile forensics & security

Advanced hacking & hardening of corporate web apps

Advanced network defense.

For more information, visit the official website of EC-Council.

About the Author

the official website of EC-Council . About the Author Uladzislau Murashka is thrilled to be a

Uladzislau Murashka is thrilled to be a guest writer to CDM, is a Certified Ethical Hacker at ScienceSoft with 5+ years of experience in penetration testing. Uladzislau’s spheres of competence include reverse engineering, black box, white box and gray box penetration testing of web and mobile applications, bug hunting and research work in the area of Information Security. Uladzislau can be reached online on LinkedIn and at our company website https://www.scnsoft.com/

63

Cyber Defense eMagazine December 2017 Edition Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.

US AGENCY SECURITY DOUBTS HINDER MOVE TO HYBRID CLOUD

For the past seven years, the U.S. Office of Management and Budget has been pushing Federal agencies to move much of their computing workloads to the cloud. And yet, progress has been slow, with only about $2 billion of the Federal government’s $80 billion in annual IT spending going to cloud services as of 2016.

Years after OMB began its cloud push, Federal agencies still face significant challenges to adoption, with security identified as one of the main issues holding back cloud adoption. In fact, the number one concern of Federal IT managers is how to expand their security measures and policies to cover the cloud, according to a recent survey by MeriTalk.

In the meantime, pressure on agencies to move to the cloud isn’t going away. The U.S. Department of Homeland Security’s new Continuous Diagnostics and Mitigation cybersecurity program is pushing small agencies to use cloud-based security tools. Cloud security doesn’t get the highest marks from the Federal IT managers who responded to the MeriTalk survey, sponsored by Fortinet. A minority of them rate their security as excellent in cloud environments; only 35 percent for the private cloud; 21 percent for the public cloud; and 27 percent when moving between physical and virtual environments in a hybrid cloud arrangement.

Even so, many of the survey respondents see a mix of physical infrastructure and cloud computing in their future. The ideal mix, they said, includes 39 percent physical servers and 61 percent cloud.

But even as Federal IT managers seek to deploy the hybrid cloud, they feel unprepared, with security. Control and compliance are again coming to the forefront. A big part of the cloud adoption woes is the complexity of Federal IT environments. Eighty-five percent of the surveyed Federal IT managers described their current infrastructure as

64

Cyber Defense eMagazine December 2017 Edition Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.

“complex,” and only 34 percent said they have a high level of visibility into their IT environment.

This complexity and lack of visibility puts agencies at a significant risk of a security breach, the survey respondents said. More than half agreed that the complexity adds to the risk, and nearly the same percentage said the same thing about the lack of visibility.

Still, many Federal IT managers see value in a move to the cloud, including a significant security benefit. Seven out of ten said they believe a successful hybrid cloud adoption will reduce their agencies’ security spending, and 69 percent said they believe it will improve their overall security posture.

Even with the challenges of complexity and a lack of visibility, there is a path forward to the cloud.

Take it slow: While there’s mounting pressure for agencies to move IT workloads to the cloud, that doesn’t mean it needs to be an all-or-nothing transition. Agencies can and probably should make a slow transition to the cloud by running a few select workloads in a cloud service. By moving slow, agencies can test the applications on a cloud service, while ensuring the proper security is in place.

Plan the journey to the cloud, don’t just jump in.

Some security products are now designed to enable a strategic migration to the cloud.

Careful planning and use of security tools that enforce security rules across hybrid cloud environments allow agencies to avoid taking an all-at-once or an all-or-nothing approach to migrations.

Increase the visibility first: Before moving to the cloud, agencies should get their IT houses in order. With major concerns about visibility voiced by survey respondents, one of the first steps should be to increase the visibility into their applications, using a security information and event management (SIEM) or similar product.

65

Cyber Defense eMagazine December 2017 Edition Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.

There’s an old saying, “If it can’t be measured, it can’t be managed,” and software security isn’t exempt from the rule. Agencies worried about visibility should look for ways to measure their critical assets.

If agencies have the visibility they need, they can keep a close eye on their workloads as they move to the cloud. And if the cloud transition is done right, agencies can increase visibility into their IT infrastructure through new tools available in the cloud. Federal agencies can move into hybrid cloud environments with broad visibility and granular controls that weren’t available with traditionally isolated security resources.

Use a trusted partner: As more companies move workloads to the cloud, third-party consultants and technology vendors can assist with the transition. Cloud providers have certified partners, including security vendors, that specialize in assisting with the transition.

It’s important for agencies to contract the right folks to get the job done.

Security is an important element of this transition, and a trusted security partner can help agencies establish effective security integration between their physical and virtual environments.

About the Author

their physical and virtual environments. About the Author Felipe Fernandez , is a new guest writer

Felipe Fernandez, is a new guest writer to CDM and is a Systems Engineering Manager at Fortinet. In addition to his role as a team manager, Felipe also oversees the US Federal product strategy and certification process at Fortinet, such as the UC APL. Felipe has over 16 years’ experience deploying, operating, and auditing security solutions, the majority of which were spent at the DoD in various roles both CONUS and abroad. Visit him online at http://www.fortinet.com

66

Cyber Defense eMagazine December 2017 Edition Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.

WHITE HOUSE RELEASE OF VULNERABILITIES EQUITIES PROCESS VALIDATES INDUSTRY CONCERNS

by Willis McDonald, Threat Research Manager and Senior Threat Research, Core Security

When the U.S. Government discovers an unpatched vulnerability, it has a choice:

disclose the vulnerability to the vendor so that it can be patched, or exploit the vulnerability for its own purposes. It’s not an easy call. Disclosure may eliminate an opportunity to gather valuable intelligence, while keeping an exploit secret can put both the public and private sectors at risk, as demonstrated by the WannaCry ransomware outbreak.

To assist the government in its efforts, the Obama Administration established the Vulnerabilities Equities Process (VEP), a set of rules used for determining whether the U.S. Government should disclose a zero-day security vulnerability. The VEP has long been criticized for its lack of transparency and oversight. Last month, the Trump administration released the charter to the public.

the Trump administration released the charter to the public. 67 Cyber Defense eMagazine – December 2017

67

Cyber Defense eMagazine December 2017 Edition Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.

cybersecurity capabilities and secure America from cyber threats. The release of this Charter and adherence to the rigor it demands follows through on that commitment to the American people.”

America’s

to

The

“[Trump]

promised

to

strengthen

to The White House , “[Trump] promised to strengthen It’s worth repeating that the VEP isn’t

It’s worth repeating that the VEP isn’t new. The policies of the Trump administration with regards to vulnerability disclosure are no different from the previous administration. VEP is just a rehash of previous policies and councils that were in place to appease public perception on government-curated vulnerabilitiesit does nothing to strengthen cybersecurity.

The fact of the matter is, the White House’s move to release the VEP validates what the industry has been concerned about all along. There are a number of loop holes and a lack of industry oversight, both of which are troublesome. Let’s start with the lack of industry oversight. In its press release, the White House claims that the VEP represents the interests of “commercial equities; and international partnership equities.” However,

68

Cyber Defense eMagazine December 2017 Edition Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.

the VEP council does not include any representation from either commercial or international entities.

Under the VEP, vulnerabilities are reviewed by the Equities Review Board. The Board is comprised of folks from the Departments of Homeland Security, Energy, State, Treasury, Justice, Defense, and Commerce. The CIA and FBI are also on the Board, and the National Security Agency serves as the Board’s executive secretariat. Commercial and international entities are noticeably missing from this list.

This is an obvious exclusion for national security purposes. However, it also closes the door on external oversight of decisions deemed in the interest of national security. Commercial and international entities should have a place on the council if vulnerability disclosure decisions are being made on their behalf.

The loopholes are also cause for concern. The VEP charter limits the scope of vulnerabilities addressed by the council to certain classes, thus allowing reporting entities to report as they see fit any vulnerabilities that fall outside the scope of the VEP.

In addition, the VEP does not address vulnerabilities that are discovered and shared by international partners. Granted, this so-called non-disclosure agreement (NDA) loophole is necessary for the U.S. government to continue operations with its allies. Without it, our allies would fear that sharing vulnerability information with us could compromise their own national security operations. However, like the previous loophole, this could allow participating entities to bypass the controls of the VEP and report a vulnerability as they see fit.

While the push for transparency is great, we shouldn’t hold our breath waiting for change. Legislation like the Protecting Our Ability to Counter Hacking Act of 2017 (PATCH Act) and, now, the VEP charter are intended to appease the public rather than cause change. And, to some extent, it has done just that.

It is worth noting that vulnerabilities such as those used in WannaCry never would’ve been released through VEP due to their usefulness in providing access to remote systems for collection purposes. And we all know how that turned out.

About the Author

Willis McDonald, is Threat Research Manager and Senior Threat Researcher at Core Security, a leader in Vulnerability, Access Risk Management and Network Detection and Response.

69

Cyber Defense eMagazine December 2017 Edition Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.

CYBER DEFENSE PERSPECTIVES FOR 2018

By Milica D. Djekic

The 2017 is at its end and we are easily approaching the 2018. Many people would happily wait for a New Year, but is that the case with a cybersecurity? What would be new in that area with the coming period of time and are there any concerns we should get scared of?

of time and are there any concerns we should get scared of? In our opinion, the

In our opinion, the cyber defense marketplace would keep growing and there would appear so many new solutions, advancements and improvements. We also believe there would be many novel stuffs that would promise the better security as the previous year gave to us an opportunity to learn from the existing threats. Also, we believe as the positive things would continue developing there would be the space for the rise of malware, spyware and ransomware. So, what’s important to mention here is that we need to make a good balance between our consumer’s needs and security

70

Cyber Defense eMagazine December 2017 Edition Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.

requirements. In other words, if we are developing the new solution we should always think how to protect our users from the malicious consequences. For instance, it’s well known that the Internet of Things (IoT) marketplace is so fast growing one and so soon it would worth trillions of dollars. The quite good field for investments, you would agree with? The main question here would be how secure those solutions are. From a today’s perspective, it would seem that the security would become the ultimate imperative for the coming year. It’s quite undifficult to connect so many devices on the internet and make the quite robust IoT network out of them, but could anyone promise to you that you would remain physically and cyber safe? The security got the supreme demand being one of the biggest challenges for tomorrow and we are not quite sure that 2018 would bring anything revolutionary regarding so. By so many sources, the 2018 would stay about the same as the previous period of time. Well, let’s discuss all the questions that could get open for the next year.

The huge concern with a today’s world is that it’s not equally developed everywhere. As the consequences to that we have somehow present terrorism, organized crime and human trafficking in some parts of the world. As it’s known – the crime would not recognize the borders and so many malicious actors would circulate around the globe looking for a new target of their harmful action. Doing so those folks would rely on cyber technologies and so frequently they would succeed in their missions for a reason the good practice would still deal with the quite weak security countermeasures. As we said – it’s all about the balance. In the ancient China, the people would say it’s all about the harmony between the Yin and Yang the force of defense and the force of attack.

and Yang – the force of defense and the force of attack. 71 Cyber Defense eMagazine

71

Cyber Defense eMagazine December 2017 Edition Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.

Once we make a balance between those two opposite forces, we would get the peace. As we would mention that the IoT landscape is getting bigger and bigger and such a technology is becoming available even in the developing societies – it’s getting clear that the force of attack is increasing its capacities and making a disbalance at the global scale. So, could we do anything to reduce that amount of threat being present worldwide? The answer to this question would seek a deep thinking from us and as the impact we would get advices that would mainly look for the better practice and more reliable security solutions.

the better practice and more reliable security solutions. Unluckily to all of us, there are still

Unluckily to all of us, there are still a lot of open questions that would require the accurate answers from us. For example, many experts would get concerned about the security of IoT technologies, cloud’s systems or production of new malware and creation of the more serious phishing attacks. We are quite feared that the coming 2018 would not offer such a sufficient amount of time to resolve all those worries. The encouraging thing here would be if we could find some sort of the right approach that would support us in tackling such an issue.

We do not want to sound somehow pessimistic, but if we review the current situation realistically we would notice that today’s cybersecurity is dealing with lots of challenges that would need time and effort to get handled appropriately. In our opinion, the one year is not enough to get all these concerns being tackled, but let’s say it could be a good starting point for making better decisions and defining the new tracks for research and development. Every single mistake in this world could cost us a lot and our opponents would know how to take advantage over our weaknesses, so we should get ready to respond to such a situation.

Finally, the 2018 could be a good year to re-think everything and try to make new strategies that would lead us to new directions. We are aware of that the world is so fast changing marketplace and every single day being lost in such a competition could cost

72

Cyber Defense eMagazine December 2017 Edition Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.

your business greatly and significantly. Our point would be that the defense including the cybersecurity would need more deep thinkers who would see things comprehensively and applying some sort of strategical approach tries to indicate which course we should take. The main rationale to this suggestion would be that many cyber industry professionals would repeat same and same routine on a daily basis and those guys would not notice that they are not changing anything essentially. On the other hand, the change could be from a great significance to the progress and if we do not empower our capacities we cannot expect that we would make any step forward. In other words, if we are not progressing with anything we would not come to such a wanted balance that would harmonize our world and bring so desired peace to all.

The point of this review is to indicate to some ideas that we could get thinking about more balanced and secured environment. No one got immune to today’s threats and we are quite concerned that those security challenges could take full advantage over modern cyber technologies. The tendency would suggest that every single day those advancements would get cheaper and cheaper and more accessible to everyone. At the end, if we do not make a deep think about the current situation, we could face on the quite unpleasant impacts.

About the Author

could face on the quite unpleasant impacts. About the Author frequent contributor to Cyber Defense Magazine.

frequent

contributor to Cyber Defense Magazine. Since Milica Djekic graduated at the Department of Control Engineering at University of Belgrade, Serbia, she’s been an engineer with a passion for cryptography, cyber security, and wireless systems. Milica is a researcher from Subotica, Serbia. She also serves as a Reviewer at the Journal of Computer Sciences and Applications and. She writes for American and Asia-Pacific security magazines. She is a volunteer with the American corner of Subotica as well as a lecturer with the local engineering society.

is

a

well-read

and

73

Cyber Defense eMagazine December 2017 Edition Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.

REVIEWING LAST MONTH’S RANSOMWARE

REVIEWING LAST MONTH’S RANSOMWARE There was a lot more ransomware activity in November compared to the

There was a lot more ransomware activity in November compared to the previous month. The infamous ACCDFISA Trojan literally rose from the ashes after years of hiatus. A destructive specimen called Ordinypt was wreaking havoc in Germany with attacks leading to irreversible loss of data. Another city suffered the consequences of a defiant crypto onslaught. The highlights below will give you a better idea of how things went on the ransomware battlefield last month.

Nov. 30, 2017. A ransomware strain called ACCDFISA v2.0 is spreading on a large scale in Brazil. Its legendary prototype emerged at the dawn of the cyber extortion plague back in 2012. It was a screen locker and file encoder pretending to emanate from Anti Cyber Crime Department of Federal Internet Security Agency that doesn’t even exist. Present-day crooks have reanimated the culprit in this new campaign.

74

Cyber Defense eMagazine December 2017 Edition Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.

Nov. 27, 2017. Malware analysts come across a sample that stands out from the rest. Dubbed StorageCrypter, it targets online-accessible Western Digital My Cloud NAS (network-attached storage) devices that usually hold a plethora of data. This infection blemishes encoded files with the .locked extension and drops READ_ME_FOR_DECRYPT.txt rescue note. The size of the ransom is 0.4 Bitcoin.

Nov. 23, 2017. A blackmail virus called Scarab is being heavily distributed via a malspam wave originating from Necurs, one of the world’s most powerful botnets. For the record, this particular botnet gained notoriety for pushing the notorious Locky ransomware. The perpetrating program stains encrypted files with the .[suupport@protonmail.com].scarab extension.

Nov. 22, 2017. The new qkG ransomware, or qkG Filecoder, exhibits a few quite interesting characteristics. Its activity inside an infected host resembles that of a computer worm as it utilizes a self-replication mechanism. Furthermore, it contaminates Normat.dot (Microsoft Word global template) so that every Word document opened by the victim gets encrypted.

Nov. 20, 2017. The CrySiS ransomware lineage spawns one more variant as part of its authors’ dynamic update strategy. The newcomer concatenates the .java extension to ransomed data entries and drops a combo of ransom notes named info.hta and ‘Files encrypted!!.txt’. Unlike some of the older versions, there is no free decryption tool supporting this particular edition.

Nov. 17, 2017. A widespread species of ransomware called CryptoMix undergoes another update. The latest variant adds the .0000 extension to hostage files and replaces filenames with strings consisting of 32 hexadecimal characters. This way, a victim is unable to work out which encoded entry corresponds to a specific file. The ransom notification file is named _HELP_INSTRUCTION.txt.

75

Cyber Defense eMagazine December 2017 Edition Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.

Nov. 15, 2017. Students of J. Sterling Morton school district, Illinois, become targets in an unordinary ransomware campaign. An uncatalogued blackmail virus has been trying to attack them via a counterfeit student survey propped by professionally tailored phishing emails. Although this piece of malicious code doesn’t go with a working crypto module thus far, it demonstrates how successful this type of infection vector can get.

Nov. 14, 2017. Security services provider Dr.Web comes up with a cure for a relatively new ransom Trojan that uses the .kill or .blind extension to speckle hostage files. The vendor’s tool called Dr.Web Rescue Pack is reportedly capable of decrypting these files so that victims don’t have to cough up the ransom. In order to use this software’s recovery feature, though, it’s necessary to pay a subscription fee.

Nov. 13, 2017. The authors of CryptoMix, one of the most prolific ransomware samples around, continue their prosaic filename tweaking routine. The most recent version of this baddie smears encrypted data items with the .XZZX extension token. This iteration invariably sticks with the same ransom note named _HELP_INSTRUCTION.txt.

Nov. 10, 2017. The evolution of the LockCrypt ransomware illustrates how dynamic this cybercriminal ecosystem is. It was originally spotted in June as part of a RaaS (Ransomware-as-a-Service) network called Satan. This type of distribution implies revenue sharing with the proprietor of the malign affiliate platform.

The crooks behind LockCrypt apparently chose to depart from this scheme. They appear to have written their own code from the ground up and no longer use the Satan RaaS for proliferation. The culprit is infecting computers via brute-forced RDP services.

Nov. 9, 2017. A new ransomware specimen dubbed Ordinypt raises a red flag as it is more dangerous than the average crypto infection. This one zeroes in on German users and organizations. The bad news for all the victims is that Ordinypt completely cripples

76

Cyber Defense eMagazine December 2017 Edition Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.

files instead of making them inaccessible through encryption. This means that there is absolutely no way to get the hostage data back.

Nov. 7, 2017. Another ransom Trojan is discovered that exploits Microsoft Word macros to contaminate computers. It’s called Sigma. The payload arrives with a booby-trapped email attachment. Sigma appends every encrypted file with a random extension composed of four alphanumeric characters and drops a rescue note named ReadMe.txt. The ransom amounts to a Bitcoin equivalent of $1,000.

Nov.

ransomware species called GIBON. It turns out to have been circulating in the cybercriminal underground since May this year. It’s not until early November, though, that the pest started making the rounds via massive spam campaigns. It provides data recovery steps in a file named Read_Me_Now.txt. Shortly after the breakout, MalwareHunterTeam’s leader Michael Gillespie was able to create a free decryption

high-profile

4,

2017.

Security

experts

unearth

some

details

about

a

new

toolfor the infection.

Nov. 3, 2017. It’s amazing how a single email attachment can get a whole city’s payment infrastructure paralyzed. That’s what happened to Spring Hill, Tennessee. One of the employees opened a toxic file received via spam, thus unknowingly allowing a ransomware contagion to take root. The perpetrating code badly affected Spring Hill’s computer servers, effectively knocking down the online payment processing systems. The adversaries demand $250,000 worth of Bitcoin for data decryption.

Nov. 2, 2017. Magniber, a ransomware sample spreading via the Magnitude exploit kit, hit the headlines in mid-October as it resembled the abominable Cerber infection in many ways. Based on clues in its code, security analysts concluded it was a new variant of this year’s most widespread ransomware program mentioned above. Several weeks

77

Cyber Defense eMagazine December 2017 Edition Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.

afterward, Magniber underwent the first major update. The biggest change is the new .skvtb suffix being concatenated to encrypted files.

In summary, the ransomware epidemic is still around and it’s getting nastier. Unfortunately, there is no vaccine for this cyber menace, so data backups continue to be the best thing since sliced bread when it comes to preventing the worst-case scenario. So back it all up and stay safe. Keep up with a year in review of Ransomware, here:

About the Author

About the Author David Balaban is a frequent writer for CDM, a computer

David Balaban is a frequent writer for CDM, a computer security researcher with over 15 years of experience in malware analysis and antivirus software evaluation. David runs the Privacy- PC.com project which presents expert opinions on the contemporary information security matters, including social engineering, penetration testing, threat intelligence, online privacy and white hat hacking. As part of his work at Privacy- PC, Mr. Balaban has interviewed such security celebrities as Dave Kennedy, Jay Jacobs and Robert David Steele to get firsthand perspectives on hot InfoSec issues. David has a strong malware troubleshooting background, with the recent focus on ransomware countermeasures.

78

Cyber Defense eMagazine December 2017 Edition Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.

83

Cyber Defense eMagazine December 2017 Edition Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.

84

Cyber Defense eMagazine December 2017 Edition Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.

TOP TWENTY INFOSEC OPEN SOURCES

OUR EDITOR PICKS HIS FAVORITE OPEN SOURCES YOU CAN PUT TO WORK TODAY

There are so many projects at sourceforge it’s hard to keep up with them. However, that’s not where we are going to find our growing list of the top twenty infosec open sources. Some of them have been around for a long time and continue to evolve, others are fairly new. These are the Editor favorites that you can use at work and some at home to increase your security posture, reduce your risk and harden your systems. While there are many great free tools out there, these are open sources which means they comply with a GPL license of some sort that you should read and feel comfortable with before deploying. For example, typically, if you improve the code in any of these open sources, you are required to share your tweaks with the entire community nothing proprietary here.

Here they are:

1. TrueCrypt.org The Best Open Encryption Suite Available (Version 6 & earlier)

2. OpenSSL.org The Industry Standard for Web Encryption

3. OpenVAS.org The Most Advance Open Source Vulnerability Scanner

4. NMAP.org – The World’s Most Powerful Network Fingerprint Engine

– The World’s Most Powerful Network Fingerprint Engine 5. WireShark.org – The World’s Foremost Network

5. WireShark.org – The World’s Foremost Network Protocol Analyser

6. Metasploit.org The Best Suite for Penetration Testing and Exploitation

7. OpenCA.org The Leading Open Source Certificate and PKI Management -

8. Stunnel.org The First Open Source SSL VPN Tunneling Project

9. NetFilter.org The First Open Source Firewall Based Upon IPTables

10. ClamAV The Industry Standard Open Source Antivirus Scanner

11. PFSense.org The Very Powerful Open Source Firewall and Router

12. OSSIM Open Source Security Information Event Management (SIEM)

13. OpenSwan.org The Open Source IPSEC VPN for Linux

14. DansGuardian.org The Award Winning Open Source Content Filter

15. OSSTMM.org Open Source Security Test Methodology

16. CVE.MITRE.org – The World’s Most Open Vulnerability Definitions

17. OVAL.MITRE.org – The World’s Standard for Host-based Vulnerabilities

18. WiKiD Community Edition The Best Open Two Factor Authentication

19. Suricata Next Generation Open Source IDS/IPS Technology

20. CryptoCat The Open Source Encrypted Instant Messaging Platform

Please do enjoy and share your comments with us if you know of others you think should make our list of the Top Twenty Open Sources for Information Security, do let us know at marketing@cyberdefensemagazine.com.

JOB OPPORTUNITIES

Send us your list and we’ll post it in the magazine for free, subject to editorial approval and layout. Email us at marketing@cyberdefensemagazine.com

90

90

Cyber Defense eMagazine December 2017 Edition

Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.

91

Cyber Defense eMagazine December 2017 Edition Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.

92

Cyber Defense eMagazine December 2017 Edition Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.

93

Cyber Defense eMagazine December 2017 Edition Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.

94

Cyber Defense eMagazine December 2017 Edition Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.

95

Cyber Defense eMagazine December 2017 Edition Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.

96

Cyber Defense eMagazine December 2017 Edition Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.

97

Cyber Defense eMagazine December 2017 Edition Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.

FREE MONTHLY CYBER DEFENSE EMAGAZINE VIA EMAIL

ENJOY OUR MONTHLY ELECTRONIC EDITIONS OF OUR MAGAZINES FOR FREE.

This magazine is by and for ethical information security professionals with a twist on innovative consumer products and privacy issues on top of best practices for IT security and Regulatory Compliance. Our mission is to share cutting edge knowledge, real world stories and independent lab reviews on the best ideas, products and services in the information technology industry. Our monthly Cyber Defense e-Magazines will also keep you up to speed on what’s happening in the cyber crime and cyber warfare arena plus we’ll inform you as next generation and innovative technology vendors have news worthy of sharing with you so enjoy. You get all of this for FREE, always, for our electronic editions. Click here to signup today and within moments, you’ll receive your first email from us with an archive of our newsletters along with this month’s newsletter.

. By signing up, you’ll always be in the loop with CDM. 99 Cyber Defense eMagazine

99

Cyber Defense eMagazine December 2017 Edition Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.

WE OFFER SOME OF THE BEST HIGH TRAFFIC OPPORTUNITIES FOR INFOSEC INNOVATORS: LEARN MORE BY EMAILING US

at marketing@cyberdefensemagazine.com for more information.

marketing@cyberdefensemagazine.com for more information. Copyright (C) 2017, Cyber Defense Magazine, a division of

Copyright (C) 2017, Cyber Defense Magazine, a division of STEVEN G. SAMUELS LLC. PO Box 8224, Nashua, NH 03060-8224. EIN: 454-18-8465, DUNS# 078358935. All rights reserved worldwide. marketing@cyberdefensemagazine.com Cyber Defense Published by Cyber Defense Magazine, a division of STEVEN G. SAMUELS LLC.Cyber Defense Magazine, CDM, Cyber Defense eMagazine, Cyber Defense Test Labs and CDTL are Registered Trademarks of STEVEN G. SAMUELS LLC. All rights reserved worldwide. Copyright © 2017, Cyber Defense Magazine. All rights reserved. No part of this newsletter may be used or reproduced by any means, graphic, electronic, or mechanical, including photocopying, recording, taping or by any information storage retrieval system without the written permission of the publisher except in the case of brief quotations embodied in critical articles and reviews. Because of the dynamic nature of the Internet, any Web addresses or links contained in this newsletter may have changed since publication and may no longer be valid. The views expressed in this work are solely those of the author and do not necessarily reflect the views of the publisher, and the publisher hereby disclaims any responsibility for them.

Cyber Defense Magazine PO Box 8224, Nashua, NH 03060-8224. EIN: 454-18-8465, DUNS# 078358935. All rights reserved worldwide. marketing@cyberdefensemagazine.com www.cyberdefensemagazine.com

Our New Office Addresses coming soon: NEW YORK (US HQ), LONDON, HONG KONG

Cyber Defense Magazine - Cyber Defense eMagazine rev. date: 12/27/2017

100

Cyber Defense eMagazine December 2017 Edition Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.