Home Posts tagged ciso’s

Tag: ciso’s

Posted on Posted in Digital transformation, General topics Tagged with , , , , , , ,

Findings from two eye-opening surveys conducted by VMware show that ransomware remains a top concern for enterprises worldwide. As IT and security leaders and chief information security officers (CISOs) look for answers, many are turning to deeper deployment and investment in lateral security tools.

What is lateral security?  It leverages both access control and advanced threat prevention strategies and consists of a set of systematic, omnipresent tools deployed between the perimeter and endpoints. Key lateral security tools include:

Network segmentationMicro-segmentationAdvanced threat prevention capabilities such as intrusion detection/prevention systems (IDS/IPS)Network sandboxes

Network traffic analysis/network detection and response (NTA/NDR

Ransomware By the Numbers

To understand the value of lateral security tools, it’s important to first assess the current state of ransomware. The number of attacks continues to grow unabated, with a 13% increase from 2020 to 2021—a larger increase than the previous five years combined.

This trend was echoed in a 2022 VMware survey of 200 IT and security leaders in North America, Europe, the Middle East, and Africa. Approximately one-third of the survey respondents work for a company with 1,001 to 5,000 employees, one-third represent companies with 5,001 to 10,000 employees, and one-third represent companies with more than 10,000 employees.

Cloud Security, VMware

Posted on Posted in Digital transformation, General topics Tagged with , , , , , , ,

Findings from two eye-opening surveys conducted by VMware show that ransomware remains a top concern for enterprises worldwide. As IT and security leaders and chief information security officers (CISOs) look for answers, many are turning to deeper deployment and investment in lateral security tools.

What is lateral security?  It leverages both access control and advanced threat prevention strategies and consists of a set of systematic, omnipresent tools deployed between the perimeter and endpoints. Key lateral security tools include:

Network segmentationMicro-segmentationAdvanced threat prevention capabilities such as intrusion detection/prevention systems (IDS/IPS)Network sandboxesNetwork traffic analysis/network detection and response (NTA/NDR)

Ransomware By the Numbers

To understand the value of lateral security tools, it’s important to first assess the current state of ransomware. The number of attacks continues to grow unabated, with a 13% increase from 2020 to 2021—a larger increase than the previous five years combined.

This trend was echoed in a 2022 VMware survey of 200 IT and security leaders in North America, Europe, the Middle East, and Africa. Approximately one-third of the survey respondents work for a company with 1,001 to 5,000 employees, one-third represent companies with 5,001 to 10,000 employees, and one-third represent companies with more than 10,000 employees.

VMware

More than two-thirds (68%) of the respondents reported that their organization experienced at least one ransomware incident (whether successful or not) in the previous 24 months.

Of those reporting attacks, 42% said they suffered at least three incidents (whether successful or not). In addition to attacks on their own organizations, 55% of respondents are aware of three to six peer organizations that suffered at least one ransomware attack in the last 24 months.

Second Survey Focuses on Lessons Learned Following a Ransomware Attack

In a follow-up survey, VMware explored how security professionals whose organization experienced a ransomware incident in the last three years responded to the attack and what they changed in the aftermath. Isolating in on three core areas—people, process, and technology — the findings shed light on where security leaders believe they were underprepared and the steps they planned to take to address their gaps.

While most respondents reported their organizations had identity and access management and server endpoint protection/detection and response technologies in place before the ransomware incident, fewer had segmentation and advanced threat prevention tools deployed.

VMWare

Key Finding: The Flat Network

We interpret the findings on segmentation technologies to mean that a significant portion of the networks within respondents’ organizations was flat—including the area of the network that was hit by the ransomware. Flat networks provide no barrier against attackers that first compromise a lightly defended low-value system and then move laterally to infiltrate higher-value systems.

The bottom line is that network segmentation, micro-segmentation, and other essential lateral security tools were not deployed pervasively, leaving gaps in protection that attackers could exploit. It’s no surprise then that those organizations report an increase in interest in these types of tools after the ransomware incident.

Eliminating the Blind Spots with Lateral Security

As we all know, a successful ransomware attack can be devasting for companies, with an economic, operational, and reputational impact that requires extensive containment and recovery actions to restore systems and data.

Those IT and security leaders who are looking to improve their defenses are placing a sharper focus on the set of tools that make up lateral security. These technologies, when used in concert with each other, can eliminate the blind spots that prevent organizations from detecting threats as they move laterally through the infrastructure.

VMWare

Read our new white paper for a deeper dive into why and how CISOs and other IT and security leaders are deploying lateral security tools to effectively protect their organizations.

Download Now

Click here to Learn more.

VMware

Posted on Posted in Digital transformation, General topics Tagged with , , , , , , , ,

By Dr. May Wang, CTO of IoT Security at Palo Alto Networks and the Co-founder, Chief Technology Officer (CTO), and board member of Zingbox

At the foundation of cybersecurity is the need to understand your risks and how to minimize them. Individuals and organizations often think about risk in terms of what they’re trying to protect. When talking about risk in the IT world, we mainly talk about data, with terms like data privacy, data leakage and data loss. But there is more to cybersecurity risk than just protecting data. So, what should our security risk management strategies consider? Protecting data and blocking known vulnerabilities are good tactics for cybersecurity, but those activities are not the only components of what CISOs should be considering and doing. What’s often missing is a comprehensive approach to risk management and a strategy that considers more than just data.

The modern IT enterprise certainly consumes and generates data, but it also has myriad devices, including IoT devices, which are often not under the direct supervision or control of central IT operations. While data loss is a risk, so too are service interruptions, especially as IoT and OT devices continue to play critical roles across society. For a healthcare operation for example, a failure of a medical device could lead to life or death consequences.

Challenges of Security Risk Management

Attacks are changing all the time, and device configurations can often be in flux. Just like IT itself is always in motion, it’s important to emphasize that risk management is not static.

In fact, risk management is a very dynamic thing, so thinking about risk as a point-in-time exercise is missing the mark. There is a need to consider multiple dimensions of the IT and IoT landscape when evaluating risk. There are different users, applications, deployment locations and usage patterns that organizations need to manage risk for, and those things can and will change often and regularly.

There are a number of challenges with security risk management, not the least of which is sheer size and complexity of the IT and IoT estate. CISOs today can easily be overwhelmed by information and by data, coming from an increasing volume of devices. Alongside the volume is a large variety of different types of devices, each with its own particular attack surface. Awareness of all IT and IoT assets and the particular risk each one can represent is not an easy thing for a human to accurately document. The complexity of managing a diverse array of policies, devices and access controls across a distributed enterprise, in an approach that minimizes risk, is not a trivial task.

A Better Strategy to Manage Security Risks

Security risk management is not a single task, or a single tool. It’s a strategy that involves several key components that can help CISOs to eliminate gaps and better set the groundwork for positive outcomes.

Establishing visibility. To eliminate gaps, organizations need to first know what they have. IT and IoT asset management isn’t just about knowing what managed devices are present, but also knowing unmanaged IoT devices and understanding what operating systems and application versions are present at all times.

Ensuring continuous monitoring. Risk is not static, and monitoring shouldn’t be either. Continuous monitoring of all the changes, including who is accessing the network, where devices are connecting and what applications are doing, is critical to managing risk.

Focusing on network segmentation. Reducing risk in the event of a potential security incident can often be achieved by reducing the “blast radius” of a threat. With network segmentation, where different services and devices only run on specific segments of a network, the attack surface can be minimized and we can avoid unseen and unmanaged IoT devices as springboards for attacks for other areas of the network. So, instead of an exploit in one system impacting an entire organization, the impact can be limited to just the network segment that was attacked.

Prioritizing threat prevention. Threat prevention technologies such as endpoint and network protection are also foundational components of an effective security risk management strategy. Equally important for threat prevention is having the right policy configuration and least-privileged access in place on endpoints including IoT devices and network protection technologies to prevent potential attacks from happening.

Executing the strategic components above at scale can be optimally achieved with machine learning and automation. With the growing volume of data, network traffic and devices, it’s just not possible for any one human, or even group of humans to keep up. By making use of machine learning-based automation, it’s possible to rapidly identify all IT, IoT, OT and BYOD devices to improve visibility, correlate activity in continuous monitoring, recommend the right policies for least-privileged access, suggest optimized configuration for network segmentation and add an additional layer of security with proactive threat prevention.

About Dr. May Wang:

Dr. May Wang is the CTO of IoT Security at Palo Alto Networks and the Co-founder, Chief Technology Officer (CTO), and board member of Zingbox, which was acquired by Palo Alto Networks in 2019 for its security solutions to Internet of Things (IoT).

IT Leadership, Security