Attackers are increasingly leveraging LinkedIn to socially engineer victims into clicking on phishing links
Daily Archives: February 16, 2022
RSA Advisory Board Discuss Pressing Issues in Cybersecurity
Three members of the RSA Advisory board offered insights into ransomware, Log4j and supply chain security
Vendors are Fixing Security Flaws Faster
Google’s Project Zero is reporting that software vendors are patching their code faster.
tl;dr
In 2021, vendors took an average of 52 days to fix security vulnerabilities reported from Project Zero. This is a significant acceleration from an average of about 80 days 3 years ago.
In addition to the average now being well below the 90-day deadline, we have also seen a dropoff in vendors missing the deadline (or the additional 14-day grace period). In 2021, only one bug exceeded its fix deadline, though 14% of bugs required the grace period.
Differences in the amount of time it takes a vendor/product to ship a fix to users reflects their product design, development practices, update cadence, and general processes towards security reports. We hope that this comparison can showcase best practices, and encourage vendors to experiment with new policies.
This data aggregation and analysis is relatively new for Project Zero, but we hope to do it more in the future. We encourage all vendors to consider publishing aggregate data on their time-to-fix and time-to-patch for externally reported vulnerabilities, as well as more data sharing and transparency in general.
Three things you should know about SASE and SD-WAN
As organizations have accelerated their plans to better enable dispersed workforces in a post-pandemic reality, many technology decision-makers are broadly rethinking their network architectures. Inevitably their discussions lead to comparisons and debates over both software-defined wide area network (SD-WAN) and secure access service edge (SASE) technologies.
The similarities of SD-WAN and SASE can sometimes lead people to conflate the two technology categories. After all, both SD-WAN and SASE are network architectural approaches designed to help administrators better manage distributed computing environments. They both enable branch and remote workers to securely connect to enterprise assets with improved performance over legacy MPLS and VPN connections. And both use software-based virtualization to deliver bandwidth optimization and traffic prioritization, as opposed to leaning on traditional on-premises hardware like network routers.
However, SASE offers native security and performance features that extend the value proposition of SD-WAN management. The two technologies handle cloud connections differently and they also tend to support different network topologies. This point is why it is crucial for organizations to understand the differences and the relationship between SASE and SD-WAN.
The following are three big factors that should inform how leaders chart a path for future-proofed connectivity.
SASE encompasses (and extends) SD-WAN principles
Comparing SASE with SD-WAN is no apples-to-apples affair, because in truth SD-WAN functionality is a subset of the broader SASE feature set.
Since SD-WAN first started to gain steam in the early 2010s, the draw has been its ability to optimize traffic across widely dispersed geographic locations, securely terminate traffic, and do it all with the required remediation to different destinations. It does this using a virtualized network control plane that has the flexibility to use a range of transport services, whether broadband internet, MPLS, or LTE, to connect sites and services. That control plane centralizes management and makes it much easier and more affordable for large organizations to unify the connection of branch offices to corporate networks.
The connections are secure, but the sticking point is that SD-WAN is not designed to inspect traffic or apply robust security policies. Security teams still need to layer in a mix of secure web gateways, application firewalls, and cloud controls to achieve their risk management goals. This means that SD-WAN traffic must traverse across a central inspection point for appropriate security controls to preside over it. This greatly limits the secure flexibility of SD-WAN in cloud environments or when connecting remote users or IoT devices to anything other than the main corporate network. This is because all traffic must be backhauled to the corporate network in order for it to be managed from a security perspective, incurring latency and performance problems in the process.
The big difference with SASE is it takes that centralized management principle of SD-WAN and bolsters it with a full slate of security controls that are administered through a cloud-based service that pushes traffic inspection out to the edge.
SASE is designed with key security controls baked in
When Gartner first defined the SASE category back in 2019, it laid out the bare minimum five ingredients that create the category. SASE technology combines SD-WAN network controls with four other security control functions directly baked into the architectural framework:
Secure Web Gateway (SWG),
Cloud access security brokers (CASB),
Zero trust network architecture (ZTNA), and
Firewall as a service (FWaaS)
As SASE technology evolves, other functionality like next generation anti-malware (NGAV) and managed detection and response (MDR) has been added to that mix to create a more complete package of security management capabilities.
SASE topology looks more like a mesh than secured SD-WAN’s hub and spoke
That built-in security functionality is bundled up into a single SASE cloud service that applies the security controls and inspection from a distributed set of SASE points of presence (POPs) located close to the connecting device. In this way, SASE topology looks much more like a mesh than the hub-and-spoke model necessary for secure management of SD-WAN traffic.
This cloud-native model concurrently enables a higher level of security assurance while maximizing performance and operational efficiency in an era of cloud-first, IoT-heavy environments.
SASE unifies management of hybrid environments while dispersing network inspection, and when that’s paired with Artificial Intelligence for IT operations (AIOps) technology, IT teams are able to scale up visibility and management of edge devices. SASE and AIOps together can help organizations automate more management functionality and keep tabs on a diverse portfolio of network devices that keeps getting bigger as IoT devices rapidly proliferate.
Many organizations have delayed their SD-WAN implementation for fear of transitional bumps or shocks. Adding SASE options can sometimes compound that fear and elicit analysis paralysis.
Technology and business leaders should rest easy with the understanding that while SASE does extend SD-WAN principles, there’s no SD-WAN prerequisite for embarking on a SASE journey.
Companies with no SD-WAN infrastructure can reap the benefits of greenfield SASE deployments in as little as six months. In that same vein, it’s important to understand that getting started with SASE is not a big-bang proposition. SASE is not all or nothing and it can most definitely be rolled out incrementally. There is a simple step-by step process that can get an organization where it needs to be to achieve gains in network and application performance, as well as visibility and policy control along the way.
There are options, AT&T can help you systematically move in that direction based on your existing implementations and your goals for security, network performance, and business enablement.
Learn more about how AT&T SASE can help your organization continue your transformative journey toward superior user experience and better protection.
Finance Officer Jailed After Stealing £200,000 from Charity
4 security concerns for low-code and no-code development
There’s an increased push for what is being dubbed the citizen developer, coupled with the desire to empower application development and creation by non-developers. This is typically facilitated using low-code or no-code frameworks. These frameworks and tools allow non-developers to use a GUI to grab and move components to make business logic friendly applications.
Empowering the broader IT and business community to create applications to drive business value has an obvious appeal. That said the use of low code and no code platforms aren’t without their own security concerns. Much like any other software product, the rigor that goes into developing the platform and its associated code is a concern that shouldn’t be overlooked.
CISA Puts Chrome and Magento Zero-Days on Must-Patch List
Ukraine Defense and Bank Networks DDoS-ed
ZDI-22-377: Apple macOS libFontParser TTF Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the libFontParser library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.
Why Staying Calm May Be One Of The Best Ways Of Keeping Your Kids Safe Online
There are very few guarantees in this world – but experiencing drama when you are a parent is a sure thing! And as a mum of 4, I’ve had my fair share. Whether it’s friendship issues, homework problems or just picking up the pieces after some bad choices – I feel like my job as a mother is most tested when I’m helping my boys navigate the tough stuff.
But after clocking up 25 years of parenting, I’ve learned one thing – when you’re in the thick of issues with your kids, being calm (even on the outside) is the best way of getting to the bottom of an issue, and helping them solve it.
Kids Don’t Differentiate Between Their Online and Offline Life
Even though we may compartmentalize our lives into offline and online, our kids don’t. For them, it’s the same thing! They use their online life to set up their online activities. In fact, their online life is a critical element of their day-to-day lives. So, if a problem arises online – an embarrassing photo is shared or they make a wrong move – it can feel like their whole world is affected.
‘That is – I’m Taking The Devices Away’
I don’t know how many times I’ve wanted to scream this from my lungs when my boys have found themselves in tricky online situations over the years. And I am sure I am not alone. When our kids come to us with an online issue, all we want to do is throw the router in the bin or cancel their phone plan. But, that, my friends, is the worst think you can do. If your kids think there is even a small chance you’ll remove their technology, then I promise you that they will never come to you with an online issue. They would much rather try and work it out themselves than threaten disconnection because their online world is their entire world.
My Top Tips On Navigating Online Issues With Your Kids
1. Remain Calm
Without a doubt, THE most important thing you can do for your kids is to guarantee that you will NOT scream, shout or disconnect them from their devices if they come to you with a problem. Even though you know it will be tough, promising them that you will remain calm will mean they are far more likely to seek your advice when things are tough. Of course, I am not suggesting that you don’t deal out punishments or introduce new rules as a result of the issue but remaining approachable is key.
2. Be Empathetic
Being a teenager in this digital era is completely different from the 70’s, 80’s and 90’s. So, while some of the issues your kids may experience may mirror yours, many will not. Thankfully, we didn’t have the constant pressure that social media can be when we were growing up. Some kids can rationalize the way social media works and not lose any sleep over it whereas others will find it much trickier to navigate.
So, take a minute to really understand their social media-dominated world. Many kids, understandably, struggle when comparing themselves to someone’s perfectly curated Instagram feed; feel lonely or ‘less than’ when discovering that their friends are all out (thanks to a shared pic online) but they weren’t invited; or, consumed by the number of likes their posts achieve. As the great Atticus Finch in ‘To Kill A Mockingbird’ said ‘You never really understand a person until you consider things from his point of view … until you climb into his skin and walk around in it.” So, try as hard as you can to understand how these pressures can affect their mindset.
3. Make A Plan
When things are tricky and overwhelming, making a plan can help direct the angst and reduce the worry. Depending on the issue your child is having online, you may want to introduce some new rules around the time and place they can use their device. For example, if devices were not yet banned from the bedroom – this could be a good place to start. You could also insist devices are placed in a ‘charging zone’ on the kitchen bench overnight so their bedroom becomes a tech-free zone.
Additionally, if you are worried your child is experiencing concerning levels of anxiety or low mood as a result of the situation, you might want to include making an appointment with the counselor at school or an independent psychologist. Also, notifying the school may also be a helpful action point for the plan too – depending again on the nature of the issue.
If I’m being honest, being calm and chilled is probably not my natural state. I could blame it on genetics or maybe the amount of caffeine I consume but when it comes to my helping my boy with the tricky stuff, I dig deep. I channel my inner yogi and muster up all the patience and chilled vibes I can because it’s so worth it. Knowing my boys understand they can come to me about any problem – online or offline – means they know someone always has their back. And isn’t that our job as parents?
Till next time
Alex xx
The post Why Staying Calm May Be One Of The Best Ways Of Keeping Your Kids Safe Online appeared first on McAfee Blog.